1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 20:33:13 +02:00
Commit Graph

103 Commits

Author SHA1 Message Date
Bram Matthys 4a11309344 Transform sendto_one's to sendnumericfmt() - stage 1 2019-05-22 16:39:06 +02:00
Bram Matthys 7e4bfbc7c3 Move more to sendtxtnumeric()... and some sendnumeric() leftovers. 2019-05-22 12:10:57 +02:00
Bram Matthys 1a4cbb7023 sendnumeric() - phase 2 2019-05-22 11:41:46 +02:00
Bram Matthys c27bb26abc sendnumeric() - stage 1 2019-05-22 10:43:07 +02:00
Bram Matthys 5fb9b12d5e Mass-replace sending of notices with sendnotice(), which exists for quite a while now ;) 2019-05-22 09:34:34 +02:00
Bram Matthys 5ebd096f16 Initial implementation of message-tags from May 5, 2019.
This also includes buffer modifications to have a larger read buffer
and IRCv3 implementations (partial or not) for:
labeled-response, msgid, server-time, batch and account-tag.

As said, it is the initial and partial implementation.
There are still various FIXME's and TODO's, the API of various
functions may still change (actually that is true for the next
months, even) and some stuff is currently in the core that will
be moved to modules.
2019-05-12 13:46:44 +02:00
Bram Matthys 5b20716e9b [cleanup] floodprot: move set::modef-* handling from core to module. 2019-03-25 13:10:03 +01:00
Bram Matthys 98fca7979f Code cleanup: internally rename iConf.nicklen to .nick_length to match the
convention that set::some-name is called iConf.some_name
2019-01-30 10:49:44 +01:00
Bram Matthys 67d691fce9 * New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
  The default settings are to warn in all cases: users connecting,
  opers /OPER'ing up and servers linking in. The user will see a message
  telling them to upgrade their IRC client.
  This should help with migrating such users since in the future, say one
  or two years from now, we would want to change the default to only allow
  TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
  clients without any error message, this provides a way to warn them and
  give them some time to upgrade their outdated IRC client.
  https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-12 11:08:18 +01:00
Bram Matthys 5fd673d059 Rename PLAINTEXT_POLICY_* to POLICY_ (and similarly, the struct, etc) 2019-01-11 13:27:29 +01:00
Bram Matthys a0167c35c0 Major reorganization of operclass privileges:
* The operclass privileges have been redone. Since there were 50+ changes
  to the 100+ privileges it makes little sense to list the changes here.
  If, like 99% of the users, you use default operclasses such as "globop"
  and "admin-with-override" then you don't need to do anything.
  However, if you have custom operclass { } blocks then the privileges
  will have to be redone. For more information on the conversion process,
  see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
  For the new list of permissions, with much better naming and grouping:
  https://www.unrealircd.org/docs/Operclass_permissions
The inconsistency in the privileges was initially reported by webczat in
https://bugs.unrealircd.org/view.php?id=4771
The subsequent reorganization took two full days, so.. hopefully the
people who are using - or plan to use - custom operclasses will like the
new layout... except that they need to redo their work of course ;)
2018-12-14 17:05:32 +01:00
Bram Matthys 2509482e02 Update UnrealIRCd version 2018-09-28 09:31:35 +02:00
Bram Matthys 147ae3012b Get rid of about a million (now) useless casts and some re-indenting. 2018-04-22 10:29:36 +02:00
Bram Matthys 66143927e0 In /STATS S display throttling as anti-flood::connect-flood, as that
is the new name (since about 2 years).
2017-10-08 09:12:46 +02:00
Bram Matthys 3d38adff4f Rename config.h setting CLIENT_FLOOD to DEFAULT_RECVQ since that is what
it is. You should simply set a class::recvq instead of changing this
in config.h.
2017-10-07 09:29:47 +02:00
Bram Matthys 885e474211 Removed option in config.h to disable NO_FLOOD_AWAY. You can already
tweak or disable this via set::anti-flood::away-flood.
2017-10-07 09:25:45 +02:00
Bram Matthys b757d2eff0 Show set::sasl-server in '/STATS set'. Suggested by Gottem (#0004997). 2017-09-06 08:44:12 +02:00
Bram Matthys 0da1fdb2d2 Fix possible crash in /STATS due to change from yesterday.
Other than that, some minor style and real things.
2017-09-02 08:27:55 +02:00
Bram Matthys aa829bce12 New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00
Bram Matthys 6d7be72f2b Remove ssl option 'no-self-signed'. Use 'verify-certificate' instead.
Nobody used this option and it only caused the following confusing
(and potentially insecure) behavior:
Previously if you had 'verify-certificate' enabled then the certificate
would be checked, BUT if it was a self-signed certificate (and thus
not passing verify-cert) it was STILL allowed unless you also
specified the 'no-self-signed' option. This might be correct as per
documentation but is way too confusing for the user.
Now you simply have to choose whether you verify the certificate or
not. No special handling for self-signed certificates.
2017-09-01 08:55:01 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys aae0971cf4 Add the ability to set specific ssl options in listen blocks and link blocks.
This allows you to for example specify a specific certificate/key on an
serversonly port and in link block (a self-signed 10 year valid certificate)
and use a short-lived (XX day) Let's Encrypt certificate on the other ports.
And several other uses, of course.
2016-12-29 08:37:15 +01:00
Bram Matthys 51b52f1767 Merge pull request #49 from grawity/ssl
Add an option to hide the notices about TLS parameters and fingerprint (set::options::no-connect-ssl-info)
2016-05-09 10:11:55 +02:00
Bram Matthys 8d562ededb Remove support for EGD (Entropy Gathering Daemon). Nobody uses this and it only causes issues with LibreSSL. 2016-04-03 15:15:12 +02:00
Mantas MikulÄ—nas e818ab1a16 Add an option to hide the notices about TLS parameters 2016-03-09 00:25:33 +02:00
Mantas MikulÄ—nas 5e9a74f0fd Do not require set::services-server
Some places were already treating it as optional.
2016-03-09 00:25:05 +02:00
Bram Matthys bf1e1502ba Use #include "unrealircd.h" in all modules (#4516). 2016-03-04 13:02:06 +01:00
Bram Matthys 1e25578c42 Add ability to hide quit messages of *LINEd users. Suggested by Aubrey, patch mostly from Zoddo (#3993). 2016-02-29 14:22:49 +01:00
Bram Matthys 7610fbcea2 /STATS P (port): Show whether the listener is IPv4 or IPv6. Improve rest of the output as well. 2015-12-29 20:18:14 +01:00
Bram Matthys 8b45169f82 Get rid of $Id$ in /MODULE (version) output. Just report as "4.0" 2015-10-11 18:18:31 +02:00
Bram Matthys a843cec6bc like I said 2015-07-29 17:41:14 +02:00
Bram Matthys 09895c67f1 set::stats-server is optional, however if it was missing then if an oper did '/STATS S' the ircd would crash. 2015-07-29 16:03:45 +02:00
Bram Matthys e627d3682c pass by ref instead of pass by value for chmode_str() 2015-07-29 16:03:25 +02:00
Bram Matthys 0bcc8494b7 Fix some FIXME's. Remove unused set::dns::nameserver (actually it was a fallback if /etc/resolv.conf etc failed but.. well.. not anymore!) 2015-07-29 13:09:26 +02:00
Bram Matthys 2a53499610 Get rid of useless DLLFUNC prefixes (at places where they were not needed) 2015-07-25 20:23:37 +02:00
Bram Matthys fd375ee284 Use CMD_FUNC() everywhere 2015-07-25 20:22:44 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys bbb121383b Add who-may-execute-this in many CommandAdd()'s. Trying to remove all "unspecified" (0) ones... hopefully I made no mistake in this ;)
Update remote-permission check in ValidatePermissionsForPath to check at least IsOper.. may save us from some serious mistakes ;)
2015-07-12 15:32:11 +02:00
Bram Matthys e8dfb284a1 Replace parv[0] with sptr->name. Don't use parv[0] anymore.
I went through all 500+ of them by hand as to avoid introducing bugs... we'll see ;)
2015-07-10 12:17:05 +02:00
Travis McArthur fc38b1336a Update security in m_stats 2015-07-09 13:39:08 -07:00
Travis McArthur 2450909c26 Change name of OperEval... 2015-07-09 12:31:45 -07:00
Bram Matthys fe14e21175 Update all MOD_TEST/MOD_INIT/MOD_LOAD/MOD_UNLOAD calls to new format 2015-07-08 18:02:19 +02:00
Travis McArthur 752a34011d Remove IsAnOper 2015-07-06 18:09:37 -07:00
Travis McArthur b4e353d6e2 Refactor m_stats permission 2015-07-05 12:04:39 -07:00
Bram Matthys bf56672249 remove set::hosts. use oper::vhost instead. 2015-06-26 09:22:33 +02:00
Bram Matthys 0f2af3f506 current 3.4.x git is really bleeding edge now, come back in a day or so:
* remove netadmin, services-admin, admin, co-admin.
* remove all oper flags (there are some placeholders for the next... <24hrs..)
* ADMINCHAT and NACHAT are gone, since admin & netadmin no longer exist
* SVSO used oper flags, but this no longer exists, SVSO removed. maybe later we can add some sort of replacement.. maybe..
* re-style the m_oper code a bit
2015-06-25 22:26:53 +02:00
Bram Matthys e49563fc7c Ugly oper::from::userhost is now oper::mask, vhost::from::userhost is now vhost::mask.
Coders: added generic mask functions: unreal_mask_match(), unreal_add_masks() and unreal_delete_masks().
These deal with one or multiple masks and do all the work for you ;)
2015-06-03 09:57:24 +02:00
Bram Matthys 8049136379 Restructure the entire link { } block (#4032). Initial commit (missing autoconnect, ssl, etc). 2015-05-25 10:19:15 +02:00
Travis McArthur aea09603a4 Remove USE_SSL macro and associated code
We no longer support non-SSL builds, remove related code
2015-05-20 02:48:34 -04:00
Bram Matthys ee00bb2801 oh come on... 2014-07-20 21:26:36 +02:00