1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 11:46:38 +02:00
Commit Graph

120 Commits

Author SHA1 Message Date
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys b154591a58 Some source files indicated the license was "GPLv2", which was meant to
be (and is now clarified to be) "GPLv2 or later".
Reported by libsys in https://bugs.unrealircd.org/view.php?id=6099
2022-05-11 06:41:11 +02:00
Bram Matthys 834736070e Make "SVS(2)MODE -b user" work properly for extended bans.
It was missing for a lot of extbans (removing too little) and
for ~t it was removing too much (eg quiet bans).
Bug reported and changes suggested by k4be.

Coders:
Setting extban.options to EXTBOPT_CHSVSMODE has no effect anymore,
just didn't want to remove it so modules would still compile.
We now purely match based on .is_banned_events including BANCHK_JOIN.
2022-01-02 13:12:33 +01:00
Bram Matthys 0242b509b8 Fix compatibility between U5 and U6 for named extended bans in SJOIN
when SJSBY is enabled. This caused named bans not to show up properly
(or not at all) on the U5 side when syncing servers.
2021-12-29 19:21:02 +01:00
Bram Matthys c586c14b9f Fix ~T / ~text ban not working (was not censoring or blocking) 2021-12-22 09:25:59 +01:00
Bram Matthys 0b6a70368c Fix timed bans (~t/~time) not expiring if all servers on the net are U6.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6032
2021-12-22 09:10:05 +01:00
Bram Matthys 73b908e413 Changes to BanContext struct (extended ban API):
* Now ban_check_types (previously checktype):
  this is one or more of BANCHK_* OR'd together, eg BANCHK_JOIN, BANCHK_MSG..
* Now ban_type (previously what2):
  this is the type of the ban, eg EXBTYPE_BAN, EXBTYPE_EXCEPT, etc.
* Now is_ok_check (previously is_ok_checktype)
  this is one of EXBCHK_* for is_ok, eg EXBCHK_PARAM to check parameter.
2021-09-25 16:28:10 +02:00
Bram Matthys 47279108e4 Use get_operclass() in extbans/operclass as well. 2021-09-25 11:02:39 +02:00
Bram Matthys fabe16a95c Get rid of has_voice(), is_half_op(), is_skochanop(), is_chan_op(), is_chanadmin(),
is_chanowner(). Using check_channel_access() instead now.
2021-09-25 08:00:57 +02:00
Bram Matthys 4cea88645c Modularize member modes (vhoaq).
Still need to clean up a bit after this, but it passes all tests :)
2021-09-13 18:44:18 +02:00
Bram Matthys 39edbd643d Get rid of proto.h and integrate the 20 lines into h.h. 2021-09-11 10:26:18 +02:00
Bram Matthys ac84d4f207 Const const const... modules.c and elsewhere. 2021-09-11 07:53:30 +02:00
Bram Matthys 08a32429ff Update extban API to use more consts 2021-09-10 13:39:26 +02:00
Bram Matthys 66a51fb659 Massive conversions from 'char *' to 'const char *' and 'char **' to 'const char **' 2021-09-10 12:46:31 +02:00
Bram Matthys 894b7e5461 Makefiles: switch from suffix rules to pattern rules. As suffix rules
can't have dependencies, so if you change a .h file, it fails to
recompile the other dependencies. Grmpf!
This does mean that we require GNU Make (gmake) from now on.
2021-09-04 08:25:18 +02:00
Bram Matthys 1b096b5146 Use good ol suffix rules in Makefile so we can get rid of writing out
every .o and .so rule. Writing each of them out manually is useless
for all except 3 of the ~250 objects.
2021-08-27 19:36:07 +02:00
Bram Matthys c9e98137a4 Get rid of url.h and stuff the 6 functions there (which were not even
declared as extern) in include/h.h like the rest.
2021-08-21 09:32:17 +02:00
Bram Matthys 6058090435 Use GeoIPResult * everywhere. Any modules who want to fetch it for
a client can use geoip_client(client).
2021-08-17 17:16:14 +02:00
Bram Matthys fe3c86b128 Support ~country:* for unknown country (fix) 2021-08-17 16:14:59 +02:00
Bram Matthys fc6c52db93 Add extbans/country: +b ~country:UK 2021-08-17 16:12:06 +02:00
Bram Matthys a43637d55d Add extban->is_banned_events which you need to set to indicate to
which BANCHK_* events you want to listen, eg BANCHK_JOIN, BANCHK_MSG.
You can use BANCHK_ALL to watch on all events.
Only BANCHK_TKL is not included there and needs an explicit
BANCHK_ALL|BANCHK_TKL.

The caller will now take care of BANCHK_* filtering so we won't
waste any CPU on calling an is_banned() function that isn't
interested at all in the event that we have.

Also, no longer require an extban->is_banned function, since some
extbans don't use it. This too saves useless calls.
2021-08-14 18:25:36 +02:00
Bram Matthys 03d78bf95d Fix looking up the wrong extban in some cases.
~T => ~text => starts with ~t => ~time... fun.
2021-08-14 17:57:22 +02:00
Bram Matthys c7345f41b6 Fix hardcoded ~f: and ~m: to also deal with named bans.
(Actually only made it worse by more hardcoding for now...)
2021-08-14 10:35:15 +02:00
Bram Matthys b80a9adef9 Set extended ban names instead of using module name placeholders. 2021-08-14 10:28:26 +02:00
Bram Matthys a6b5587666 Use prefix_with_extban() at the 3 places, needed for next... 2021-08-14 09:49:22 +02:00
Bram Matthys d41e3e0f6e src/modules/extbans/*.c: memset(&req, 0, sizeof(req)); before ExtbanAdd() 2021-08-14 09:27:01 +02:00
Bram Matthys 5a387f9c0b Rename extban.flag to extban.letter.
TODO: Should probably do this for umode/cmode as well ;)
2021-08-14 09:07:22 +02:00
Bram Matthys f23546b27c More conv_param() changes, the +3 rule changed, and matches the rest.
The .conv_param() now receives the ban minus the ~own-extban.
And it should also return the part minus the ~own-extban.

Changes to findmod_by_bantype():
1) Takes a string now, rather than a single char value,
   so it is ready for named extbans.
2) Second parameter added so you can easily jump to the remainder.
   Eg:
   extban = findmod_by_bantype(b->banstr, &nextbanstr);
   [..check if extban is non-NULL and then..]
   b->banstr = nextbanstr;
2021-08-14 08:57:33 +02:00
Bram Matthys 5269b647d5 Round three of extban API overhaul, this changes extban->conv_param().
More changes will follow related to that...
2021-08-13 17:59:45 +02:00
Bram Matthys 163eaa432c ExtBans API: Now we can get rid of the +3 everywhere in is_ok().
When extban->is_ok() is called the banstr now no longer points
to "~x:something" but to "something".
Just like we did for extban->is_banned().
Again, need this for later too...
2021-08-13 16:39:03 +02:00
Bram Matthys b5d948c09c Round two of extban API overhaul, this changes extban->is_ok()
Also cleanup big blob op duplicate code in +beI handling in MODE.
2021-08-13 16:03:15 +02:00
Bram Matthys 98291c9f69 ExtBans API: Now we can get rid of the +3 everywhere in is_banned().
When extban->is_banned() is called the banstr now no longer points
to "~x:something" but to "something". This will be more useful later...
2021-08-13 14:39:34 +02:00
Bram Matthys bff6fdde6f Start of extban API recode. I created the current API in 2003 and..
well.. let's hope I have gained some good insights since then.. :D
2021-08-13 14:17:07 +02:00
Bram Matthys 21a95a13a6 Remove benchmarking from textban, nobody needs this anymore 2021-08-11 09:53:20 +02:00
Bram Matthys 4e5dd044f5 Require module header with version "unrealircd-6" now 2021-08-10 14:37:10 +02:00
Bram Matthys 3832081eed Rename client->user->svid to client->user->account.
Just as a reminder: don't blindly assume that if anything is set here
that the user is logged in, there is IsLoggedIn(client) for that.
Reason: if the account name starts with a digit or is "*" then the
user isn't actually logged in ;)
2021-08-10 08:14:35 +02:00
Bram Matthys 6bad375ad7 Rename channel->chname to channel->name. 2021-08-05 16:34:45 +02:00
Bram Matthys 991f9f347e Allow wildcards in ~a extban, also special code for ~a:0 and ~a:*
~a:0: match all unauthenticated users
~a:*: match all authenticated users
~a:SomeUser: match only SomeUser, also allow wildcards here, even
though that is usually a very bad idea :D
2021-06-19 11:13:30 +02:00
Bram Matthys 53d23038e5 Support for security groups and new +b ~G:unknown-users:
* There are two security groups by default: known-users and unknown-users.
  See https://www.unrealircd.org/docs/Security-group_block
* New extended ban ~G:securitygroupname, with the typical usage being
  MODE #chan +b ~G:unknown-users, which will ban all users from the
  channel that are not identified to services and have a reputation
  score below 25.
2020-12-30 12:42:56 +01:00
Bram Matthys 57d0efbc58 Recode textbans so voiced users cannot bypass them.
Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698

Although voiced users normally bypass bans, it is not really logical
for them to bypass filtering of banned words, since that is normally
a policy decission by channel management. So +v will not bypass it.

1) The problem is that this is enforced at the ban layer API.  The extban
routines, textban in this case, are not called when the user is voiced,
because voiced users bypass bans.  If we would change that in the ban API
then voiced users can also no longer talk through (=bypass) regular +b or
other extended +b such as ~a (account) etc.

2) I figured we would then make +T not use the ban API but the
can_send_to_channel hook instead.  However, then you have to do manual
looping through bans and such, it's rather ugly from a coding point of view,
and you risk "missing" things like ~T stacked with ~t.

3) Then I went back to look if the ban API could be changed by having the
textban module set a flag and then the ban api would call that specific
module still for voiced users.  While starting on that, unfortunately things
(variables, arguments) cascaded quickly into having to change all kinds of
underlying functions that would break the module API.

4) I then went back to option 2 and implemented it, trying to deal
   with all its caveats.
2020-09-26 13:43:46 +02:00
Bram Matthys 5320d54e8e Disallow ~T with any action extban, eg ~n:~T:censor:xyz.
We still allow timed bans though, eg ~t:1:~T:block:*whatever*
2020-09-26 12:49:58 +02:00
Bram Matthys 596cf8e7de New: extended server bans: exempt by certificate fingerprint and SASL account.
See https://www.unrealircd.org/docs/Extended_server_bans

Examples with ELINE:
/ELINE ~a:TrustedAccount kg 0 This user can bypass kline/gline when using SASL
/ELINE ~S:1234567890abcdef1234567890abcdef1234567890abcdef1234567890abcdef kgf 0 Trusted user with this certificate fingerprint
It also works with bans, although this would be less common:
/GLINE ~a:EvilAccount
A more useful purpose would be to use ~r (realname):
/GLINE ~r:*some*stupid*real*name*
(Although you could already ban realnames via spamfilter 'u')

For third party module coders:
If you have an extban in group 3 (a "matcher"-extban) then you
can opt-in to support this. You do so at extban registration time:
req.options = EXTBOPT_TKL;
or, if you already had another flag set, like for +I, then:
req.options = EXTBOPT_INVEX|EXTBOPT_TKL;
In any case, you set the .options before you call ExtbanAdd().

Note that if you do indicate support then your is_ok function
will be called like:
extban->is_ok(client, NULL, mask, EXBCHK_PARAM, MODE_ADD, EXBTYPE_TKL);
Important here is the NULL channel (since there is none)

Similarly your is_banned function will be called with BANCHK_CONNECT:
extban->is_banned(client, NULL, banstr, BANCHK_JOIN, &msg, &errmsg);
Here too, it is important to note that channel is NULL.
2020-01-10 11:45:25 +01:00
Bram Matthys da5aefaad7 Get rid of class.h 2019-10-26 10:02:00 +02:00
Bram Matthys 9aff820d1a Find_* -> find_*, eg Find_alias -> find_alias. 2019-10-26 09:57:15 +02:00
Bram Matthys 845f9ca8ed Uniform spelling: seetle on sync/synced/desync/desynced, rather than
synch/synched/desynch/desynched.
2019-10-25 14:07:58 +02:00
Bram Matthys c60bd2e441 Try to use more me.id where possible (rather than me.name) 2019-10-14 08:09:57 +02:00
Bram Matthys 394168c288 Style fixes: "char* " -> "char *" etc. 2019-10-11 12:23:45 +02:00
Bram Matthys ccaec871bb And some fixes, to previous commits and older issues. 2019-10-11 12:19:04 +02:00
Bram Matthys aec54db360 Add is_extended_ban() which does a quick check for "~x:". This, rather
than scattered checks - which are sometimes different - everywhere in
the source code.
Also extban handler "is_ok" was being called with EXBTYPE_EXCEPT
rather than EXBTYPE_INVEX for +I. (Not reported by anyone)
2019-10-11 11:17:50 +02:00
Bram Matthys 22dec96f9a No clean_channelname() anymore but a valid_channelname() function. Also,
deal with servers with different set::allowed-channelchars settings:
* We reject the link if set::allowed-channelchars settings differ between
  UnrealIRCd 5 servers.
* For the case where you have a mixed network consisting of UnrealIRCd 4.x
  and UnrealIRCd 5.x servers we try not to desync, BUT will not allow
  anyone to join the invalid channels locally. For IRCOps a message is
  printed with additional information on such a failed JOIN attempt.
See https://www.unrealircd.org/docs/Set_block#set::allowed-channelchars
for the different settings, which are best and U4<->U5 advice.
2019-10-09 18:11:02 +02:00