1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 06:23:12 +02:00
Commit Graph

9173 Commits

Author SHA1 Message Date
Bram Matthys 3fbdb7fd4b Move StripControlCodes() from message.c to misc.c.
Because I need in the core (again) due to early calls / calls during
rehashes / etc...
2022-05-23 10:10:47 +02:00
Bram Matthys 8c1a858d2e Fix crash on empty set::default-ipv6-clone-mask in config file.
set { default-ipv6-clone-mask; }
2022-05-23 08:36:25 +02:00
westor 111ab9fada Show [shunned] in connect oper notice (#206)
When someone is trying to connect and he/she is shunned , it will be displayed on connection server notice, yeah sometimes it might be helpful, why not..

Suggested by armyn https://bugs.unrealircd.org/view.php?id=6106
2022-05-23 08:18:49 +02:00
Bram Matthys 9075e2fa70 Move all the security group and mask code to src/securitygroup.c 2022-05-16 13:54:52 +02:00
Bram Matthys 5d9a201df8 Don't show security-groups of ulines like NickServ (since it is irrelevant anyway).
Reported by Lord255.
2022-05-16 11:22:57 +02:00
Bram Matthys 5443dff327 Clarify in release notes that the country value is a country code
Reported by westor
[skip ci]
2022-05-16 10:46:54 +02:00
Bram Matthys c09d2e40a3 Update release notes a bit: better markdown, improve TLD example,
mention the 5 modules that now have an ::except which is also a mask item.
[skip ci]
2022-05-16 10:37:22 +02:00
Bram Matthys 2108bb48fa Run labeled-response through the quick path. 2022-05-16 09:53:23 +02:00
Bram Matthys 519d027a62 Fix geoip_base_unserialize() check being the wrong way around.
Could have caused a memory leak but likely did not happen at all
in practice.
2022-05-15 19:34:46 +02:00
Bram Matthys c037486263 Add blacklist::except for exempting users from individual blacklists,
this is a https://www.unrealircd.org/docs/Mask_item so very flexible.

Note that most people would want to use except ban { } instead to
simply exempt from ALL blacklists. (that one does not yet have the
flexible mask capability though.. but it wil have it soon..)
2022-05-15 15:13:19 +02:00
Bram Matthys fc79cbb3f0 Fix memory leak in new security group code from past 48hrs 2022-05-15 07:50:40 +02:00
Bram Matthys 0b45e34e62 Simplifly RPL_HOSTHIDDEN notification.
Pretty much everywhere we had:
0001 userhost_changed(client);
0002 if (MyUser(client))
0003         sendnumeric(client, RPL_HOSTHIDDEN, client->user->virthost);

Lines 2-3 are now integrated in userhost_changed().

Also fix two issues with CHGHOST in make_oper():
* if user was -x, modes had +x and a vhost, it would send the cloaked
  host in the original vhost, while it should have been the real host
* if user was -x and went +x without vhost (so only uncloaked to cloaked)
  then no CHGHOST message was sent at all
2022-05-15 07:45:00 +02:00
Bram Matthys b52c6406de ExtbanAdd(): remove remaining NULL checks for 'module'. It is never NULL. 2022-05-15 06:52:44 +02:00
Bram Matthys a1c8292a1d Fix incorrect sizeof() in commit from yesterday. 2022-05-15 06:49:58 +02:00
Bram Matthys c25582bff2 Mention that this is work in progress
[skip ci]
2022-05-14 19:11:53 +02:00
Bram Matthys 9e0340d4c1 Change restrict-commands to use ::except which is a
https://www.unrealircd.org/docs/Mask_item so has more functionality.

The old style config still works and UnrealIRCd won't complain
about it for now.
2022-05-14 18:50:24 +02:00
Bram Matthys 517d93bea8 Fix crash / support NULL secgroup in user_allowed_by_security_group() 2022-05-14 16:29:38 +02:00
Bram Matthys 5f3931b08d Update modules.optional.conf so it actually loads.
Also fix ::mask style II.
2022-05-14 15:40:09 +02:00
Bram Matthys 3241338cf3 Add set::connthrottle::except, which is a mask item.
Automatically convert the old options ::sasl-bypass, ::webirc-bypass
and ::minimum-reputation-score, so nobody needs to update their config.

The example.conf has been updated.
2022-05-14 15:31:30 +02:00
Bram Matthys 915b603a6a Add set::antirandom::except, which is a mask item.
Automatically convert the old style ::except-hosts and ::except-webirc
so nobody needs to update their config.
2022-05-14 15:17:29 +02:00
Bram Matthys f0ddbdaa44 Add set::antimixedutf8::except, which is a mask item too. 2022-05-14 15:07:33 +02:00
Bram Matthys 1626fda1ef Fix extbans on IRC not working due to latest changes. 2022-05-14 09:21:11 +02:00
Bram Matthys caabfe14e1 Document and give examples in release notes for new mask and security-group functionality. 2022-05-14 09:03:34 +02:00
Bram Matthys 4de3d512b8 Integrate security-group functionality in allow channel::mask and
deny channel::mask.
2022-05-14 08:36:19 +02:00
Bram Matthys e09470b0bd Integrate security-group functionality in link::incoming::mask. 2022-05-14 08:28:26 +02:00
Bram Matthys 67fdd63bc3 Integrate security-group functionality in vhost::mask. 2022-05-14 08:19:05 +02:00
Bram Matthys 8dff79ece2 Fix small memory leak on REHASH when tld block is used, ::mask was not freed.
(this leak was already there, it is unrelated to the activity of last 24hrs)
2022-05-14 08:13:53 +02:00
Bram Matthys ec4df2da7d Integrate security-group functionality in tld::mask. 2022-05-14 08:10:20 +02:00
Bram Matthys 759908ba3a Integrate security-group functionality in oper::mask. 2022-05-14 08:03:12 +02:00
Bram Matthys 510b4b5505 Integrate security-group functionality in allow::mask.
(Also call it allow::match in the future, but accept allow::mask still)

This is the first of several commits to convert all ::mask items.
See https://www.unrealircd.org/docs/Mask_item for the consequences.
In short, you can now use all of the security-group items directly
in a mask, eg:
allow {
    mask { account TrustedUser; }
    class clients;
    maxperip 10;
}
2022-05-14 07:51:51 +02:00
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys 378f1f0044 Split up security-group code for later code re-use. 2022-05-13 14:37:56 +02:00
Bram Matthys efa7fea88e Rename security-group::include-mask to ::mask. Both will work though for
a long long time. Change done to make it consistent with the rest.
2022-05-13 14:11:00 +02:00
Bram Matthys a544001eeb Add security-group::security-group, this as a shorthand for
security-group { mask ~security-group:xyz; }

Module coders (again, slightly unrelated):
Added unreal_add_names() function which can be used to transform
a list of names in the config to a linked list (NameList).
2022-05-13 14:07:05 +02:00
Bram Matthys 6751b066ab Prevent infinite loop (crash due to out of stack) when processing a
security group that references another (or itself), eg:
security-group abc {
	include-mask ~security-group:abc;
}
We now give up after a recursion depth of >8 and log a warning.
2022-05-13 13:37:48 +02:00
Bram Matthys de61fc4b50 Add connect-time to security-group, so you can match on how long a client has
been connected to IRC. See https://www.unrealircd.org/docs/Security-group_block

Slightly unrelated, for modules coders: new function get_connected_time(),
to see how long a client has been online. This works for local clients, in
which case it would just return TStime()-client->local->creationtime.
It also works for remote clients, for which it will use the newly added
"creationtime" moddata (commit f1a18ce37e),
so the info is only available for remote clients on newer servers.
If the info cannot be found it will return 0 (zero).
2022-05-13 13:23:02 +02:00
Bram Matthys 085490d780 Show in WHOIS in which security-group a user is in (to IRCOps only)
The set::whois-details name for this is: security-groups.
https://www.unrealircd.org/docs/Set_block#set::whois-details
By default it is shown ONLY to IRCOps, not even to 'self' for normal users.

If you want to hide it for everyone, even to IRCOps, eg because you
feel it is useless information, then you can use:
set {
        whois-details {
		security-groups { everyone none; self none; oper none; }
	}
}
2022-05-13 13:14:46 +02:00
Bram Matthys f1a18ce37e Communicate "creationtime" of users. Right now this info is only known
locally, as the only timestamp regarding users that is communicated across
the network is about the "last nick change" ("has this nick since...").
2022-05-13 12:27:21 +02:00
Bram Matthys 788c230bdc Support exclusion criteria in security groups.
Suggested by Jobe in https://bugs.unrealircd.org/view.php?id=6096

Also add support for matching a reputation below a value ("<10").

See https://www.unrealircd.org/docs/Security-group_block for info
on all of these.
2022-05-13 11:33:57 +02:00
Bram Matthys 4a03943996 Fix antirandom log message when user is denied (only showed nick).
Reported by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6093
2022-05-13 08:09:46 +02:00
Bram Matthys 06c6eb164e Only validate for local users sending the tag 2022-05-13 07:56:30 +02:00
Valerie Pond 61f7dd746e Add IRCv3 +draft/channel-context (#205)
https://github.com/delthas/ircv3-specifications/blob/feature-channel/client-tags/channel-context.md
2022-05-13 07:39:41 +02:00
Bram Matthys cd48fec826 The /LICENSE command confusingly said that the UnrealIRCd license is GPLv1
or later. This updates the include/license.h file, which is used for the
/LICENSE command, to say "GPLv2 or later".

The 'LICENSE' file shipped with UnrealIRCd since at least the year 2000
has always been the GPLv2.

In the copyright headers of individual .c and .h files we have a mix of
"GPLv1 or later" and "GPLv2 or later", so "GPLv2 or later" is the common
denominator.
2022-05-11 09:23:53 +02:00
Bram Matthys b154591a58 Some source files indicated the license was "GPLv2", which was meant to
be (and is now clarified to be) "GPLv2 or later".
Reported by libsys in https://bugs.unrealircd.org/view.php?id=6099
2022-05-11 06:41:11 +02:00
Bram Matthys 537f5d050e Update HELPOP SVSO documentation, due to previous commit. 2022-05-07 19:03:25 +02:00
Bram Matthys 50e5d91c79 Add SVSO command which services can use to make someone IRCOp.
This existed in UnrealIRCd 3.2.x but was later removed when
switching to the new operclass system.
Requested by Valware in https://bugs.unrealircd.org/view.php?id=6041

Syntax: SVSO <uid|nick> <oper account> <operclass> <class> <modes> <snomask> <vhost>
All these parameters need to be set, you cannot leave any of them out,
HOWEVER some can be set to "-" to skip setting them, this is true for:
<class>, <modes>, <snomask>, <vhost>

In UnrealIRCd the <operclass> will be prefixed by "services:" if not already
present. It is up to you to include or omit it.

If you want to set any swhoises you need to use the SWHOIS s2s command,
other than that this command basically does everything for you,
in fact it uses the same code as the OPER command does.
Most of the "user is now ircop" code has been moved out of cmd_oper() to
a new function make_oper() that is called by both cmd_oper() and cmd_svso().

This function also changes the hook HOOKTYPE_LOCAL_OPER:
It no longer passes a ConfigItem_oper struct, since we can't do that for
remote opers. Instead it passes oper name and oper class.
The complete definition is now:
int hooktype_local_oper(Client *client, int add, const char *oper_block, const char *operclass);
2022-05-07 18:53:59 +02:00
Bram Matthys 84f3efc105 Fix issue with modes-on-join and +f: 3t#b1 would be converted to 3t#b,
thus the 'unset time' would be stripped.
This was because the timedban module was seen as 'unavailable' when
checking the +f syntax so early in the booting process.
We now assume timedban is available during config testing, if it later
turns out it is not available the 'unset time' is still stripped
when setting the mode on JOIN.

Reported by ctcp.
2022-05-07 08:18:05 +02:00
Bram Matthys fea7995a02 Fix crash when using ~security-group in except ban { }
This makes us no longer call the .is_ok() function for extbans
that are added through except ban { }. This because normally
the is_ok() function communicates to 'client', which is NULL
when it is called from the config code.
The alternative would have been to update all the extban modules
to check for a NULL client and deal with that but that would
need stupid amounts of code and it would not be of much value
as the error would not end up displaying on the console.
So, we now only on the .conv_param() function, which was already
only used for cases such as remote bans and such, and is already
known to have a NULL 'client' in TKL cases. Note that conv_param()
could still reject the ban, but it does it generally only in
the more extreme cases.

Reported by musk / PeGaSuS.
2022-05-07 08:06:05 +02:00
Bram Matthys 03c0f24be8 Make autoconnect work with last commit (link::outgoing::file). 2022-05-06 17:17:02 +02:00
Ron Nnn 64e411aa34 Add support for linking servers via UNIX domain sockets (#202) 2022-05-06 17:05:54 +02:00