1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 16:13:13 +02:00
Commit Graph

107 Commits

Author SHA1 Message Date
Bram Matthys b234e13358 Don't bump reputation scores anymore for users who are in no channels or
when they are only in channel(s) with very low member counts.

This because some typical bot/drone behavior is not to join any channels.
This kinda forces them to expose themselves a bit more (and if they don't,
they don't get more reputation).

The downside is for the unusual case where a legit chatter would be on
the network but not joining any channels, but that is rare. In any case,
this setting can be adjusted if that is typical or more normal behavior
on your network :D.

* The [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  of connected users (actually IP's) is increased every 5 minutes. We still
  do this, but only for users who are at least in one channel that has 3
  or more members. This setting is tweakable via
  [set::reputation::score-bump-timer-minimum-channel-members](https://www.unrealircd.org/docs/Set_block#set::reputation).
  Setting this to 0 means to bump scores also for people who are in no
  channels at all, which was the behavior in previous UnrealIRCd versions.
2023-09-17 11:47:34 +02:00
Bram Matthys 13bb09aa4b crule: add inchannel('#xyz'), and inchannel('@#needopshere') works too 2023-07-16 11:22:02 +02:00
Bram Matthys d998846c64 Support setting tags via spamfilter { } blocks 2023-07-06 18:25:43 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys 3652940c2c Add set::anti-flood::<secgroup>::max-channels-per-user setting to override
the default set::max-channels-per-user (also called set::maxchannelsperuser).

This way you can give known-users a higher max-channels-per-user,
or even a special security group for trusted users (that you may
already have given a more lax flood setting and lower lag-penalty
etc. etc. so that fits in nicely)

And yeah this also:
* Makes it both in set and the anti-flood block accept both
  maxchannelsperuser and max-channels-per-user.
* Removes old MAXCHANNELS= in 005, as we already have CHANLIMIT=
This does not:
* Re-announce the 005 CHANLIMIT= if someone transitions from a security
  group with a different max-channels-per-user. We don't do that for
  IRCOps either, and I think no IRCd does that actually...
  To be honest i wonder if sending the limit in 005 is useful at all,
  do client really track this and limit their GUI based on it?? Doubt it!
2023-05-19 21:47:23 +02:00
Bram Matthys 40bdef6cd9 Make exceeds_maxperip() use a hash table (performance improvement) 2023-05-17 19:44:10 +02:00
Bram Matthys 2184f38e7e Expose more WHOWAS fields in JSON-RPC and change add_history() to take a reason
for the add, like: nick-change, quit, server terminating. Add logon time.

I also think i will move from user.get_whowas to a whowas.XXX since the
returned object is not a user object and getting more different each commit :D.
2023-04-15 09:00:06 +02:00
Bram Matthys 5e57228dfb In the FLOOD_BLOCKED log message, add the target of the flood.
Suggested by ComputerTech in https://bugs.unrealircd.org/view.php?id=6148
2023-03-17 09:56:56 +01:00
Bram Matthys d5989695e8 Remove last global 'buf' variables. This was already done a lot in time
but it seems there were still a couple left. These are now gone as well.
There seem to be no issues with the ones that were left, but it is just
too easy to get it wrong. Declaring buf in function now. This should be
faster anyway, since it is located on nearby memory (stack).

Inspired by previous find from westor (c708a99955c034e842f913479cc597d87b311394).
2022-06-01 08:34:48 +02:00
Bram Matthys d3f655cb63 Fix space stripping at end of connect and disconnect message, in the
"extended_client_info". Was a typo, 'buf' vs 'retbuf'.
Reported by westor in https://github.com/unrealircd/unrealircd/pull/217
2022-06-01 08:21:03 +02:00
westor 111ab9fada Show [shunned] in connect oper notice (#206)
When someone is trying to connect and he/she is shunned , it will be displayed on connection server notice, yeah sometimes it might be helpful, why not..

Suggested by armyn https://bugs.unrealircd.org/view.php?id=6106
2022-05-23 08:18:49 +02:00
Bram Matthys 9075e2fa70 Move all the security group and mask code to src/securitygroup.c 2022-05-16 13:54:52 +02:00
Bram Matthys fc79cbb3f0 Fix memory leak in new security group code from past 48hrs 2022-05-15 07:50:40 +02:00
Bram Matthys 0b45e34e62 Simplifly RPL_HOSTHIDDEN notification.
Pretty much everywhere we had:
0001 userhost_changed(client);
0002 if (MyUser(client))
0003         sendnumeric(client, RPL_HOSTHIDDEN, client->user->virthost);

Lines 2-3 are now integrated in userhost_changed().

Also fix two issues with CHGHOST in make_oper():
* if user was -x, modes had +x and a vhost, it would send the cloaked
  host in the original vhost, while it should have been the real host
* if user was -x and went +x without vhost (so only uncloaked to cloaked)
  then no CHGHOST message was sent at all
2022-05-15 07:45:00 +02:00
Bram Matthys 517d93bea8 Fix crash / support NULL secgroup in user_allowed_by_security_group() 2022-05-14 16:29:38 +02:00
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys efa7fea88e Rename security-group::include-mask to ::mask. Both will work though for
a long long time. Change done to make it consistent with the rest.
2022-05-13 14:11:00 +02:00
Bram Matthys a544001eeb Add security-group::security-group, this as a shorthand for
security-group { mask ~security-group:xyz; }

Module coders (again, slightly unrelated):
Added unreal_add_names() function which can be used to transform
a list of names in the config to a linked list (NameList).
2022-05-13 14:07:05 +02:00
Bram Matthys 6751b066ab Prevent infinite loop (crash due to out of stack) when processing a
security group that references another (or itself), eg:
security-group abc {
	include-mask ~security-group:abc;
}
We now give up after a recursion depth of >8 and log a warning.
2022-05-13 13:37:48 +02:00
Bram Matthys de61fc4b50 Add connect-time to security-group, so you can match on how long a client has
been connected to IRC. See https://www.unrealircd.org/docs/Security-group_block

Slightly unrelated, for modules coders: new function get_connected_time(),
to see how long a client has been online. This works for local clients, in
which case it would just return TStime()-client->local->creationtime.
It also works for remote clients, for which it will use the newly added
"creationtime" moddata (commit f1a18ce37e),
so the info is only available for remote clients on newer servers.
If the info cannot be found it will return 0 (zero).
2022-05-13 13:23:02 +02:00
Bram Matthys 788c230bdc Support exclusion criteria in security groups.
Suggested by Jobe in https://bugs.unrealircd.org/view.php?id=6096

Also add support for matching a reputation below a value ("<10").

See https://www.unrealircd.org/docs/Security-group_block for info
on all of these.
2022-05-13 11:33:57 +02:00
Bram Matthys 7f794aa7d7 Fix log message on vhost-flood 2022-01-06 08:44:59 +01:00
Bram Matthys 6b87bd1b34 Only allow setting of snomasks that actually exist in the log { } blocks.
Otherwise probably too confusing. Suggested by westor in
https://bugs.unrealircd.org/view.php?id=5995
2021-11-10 15:59:10 +01:00
Bram Matthys ee8cc0e8e2 Get rid of Usermode_Table[] and use a linked list called usermodes.
Just like already done for Channelmode_Table[] -> channelmodes.
2021-09-26 12:46:34 +02:00
Bram Matthys b95eb0b3b7 Add get_operlogin() and get_operclass() functions to make things easy.
This retrieves the oper login (/OPER thislogin ...) and operclass of
local and remote users.
2021-09-25 10:57:00 +02:00
Bram Matthys edbfaaf95d JSON logging: expand user modes, snomasks, and oper login (if available)
This also adds a function get_usermode_string_r(), which requires
you to specify the buffer (and buffer length) for building the
umode string.
2021-09-25 09:45:30 +02:00
Bram Matthys bf7a72a850 Usermode_Table[].flag -> Usermode_Table[].letter
just like how it is now in U6 in channel modes and extended bans
2021-09-25 09:13:34 +02:00
Bram Matthys 720f597ad6 Get rid of current snomask system and allow ircops to set any snomask
(that is: a-z A-Z) so to use the dynamic system with the new logging.
Largely untested.
2021-09-22 15:49:20 +02:00
Bram Matthys e27749f556 Use long long casts due to time_t difference on Windows vs Linux.
Should now compile without errors on both.
2021-09-12 15:29:26 +02:00
Bram Matthys 8353a9e17b Change char *parv[] to const char *parv[] everywhere. This is a BIG change.
It means you can no longer modify eg parv[1] in-place with strtoken and such.

The main reason for this is that as a command handler you have no idea
where the arguments may come from. It could be from a do_cmd() with
read-only storage (eg a string literal) and so on.

It started with an experiment of how far I could get and how annoying the
side-effects would be, but they seem to be quite managable, so I'm
committing this stuff.

Hopefully this catches/solves some stupid bugs somewhere :)
2021-09-11 16:02:44 +02:00
Bram Matthys 5dc6411419 Const const const. This completes the work in h.h. 2021-09-11 10:21:54 +02:00
Bram Matthys ac84d4f207 Const const const... modules.c and elsewhere. 2021-09-11 07:53:30 +02:00
Bram Matthys 7dac12e31e Get rid of RunHook2/3/4/5/6/etc and just have RunHook with __VA_ARGS__ 2021-09-10 19:27:18 +02:00
Bram Matthys 9438ddfd93 Add consts in user.c 2021-09-10 15:40:50 +02:00
Bram Matthys 09a412782d Const stuff for misc.c 2021-09-10 15:25:21 +02:00
Bram Matthys 08a32429ff Update extban API to use more consts 2021-09-10 13:39:26 +02:00
Bram Matthys a3bfa210e9 HookAddPChar() -> HookAddString()
and .pcharfunc -> .stringfunc
2021-09-10 11:49:06 +02:00
Bram Matthys 6058090435 Use GeoIPResult * everywhere. Any modules who want to fetch it for
a client can use geoip_client(client).
2021-08-17 17:16:14 +02:00
Bram Matthys 796cac7a63 geoip: migrate from simple string to returning a GeoIPResult struct.
(work in progress, 1/2)

This also add supports for callbacks which return pointers (pvoidfunc),
we already had that for efuncs but not in callbacks.
2021-08-17 16:39:39 +02:00
Bram Matthys 2ea75dfbdb Add geoip_base module, which sets "geo_country" if a geo provider
module is able to lookup the IP and return a country.

Also consistently use geoip_ and GEOIP_ prefixes.
2021-08-17 15:26:29 +02:00
Bram Matthys 0bbad85f84 Add geo_lookup() function. Make geoip_classic do something useful.
NOTE: everything hardcoded atm, just temporarily.
Add CALLBACKTYPE_GEO_LOOKUP which is called from geo_lookup().
2021-08-17 15:11:40 +02:00
Bram Matthys 9ff56089ad Show TLS cipher in [secure: xyz] in far connects too (+s +F).
This requires both servers to be using UnrealIRCd 6 and there
should be no UnrealIRCd 5 server in-between (eg an old hub).

This also changes tls_cipher() to expect a Client * argument.
And tls_get_cipher() can now safely be called on any client,
including remote clients, and it will return the cipherstring
if it is known via moddata.
2021-08-16 14:30:21 +02:00
Bram Matthys 420eb2ffb6 Rename client->serv to client->server: this is set if the client is a server,
just like client->user is set if the client is a user.

Rename client->srvptr to client->uplink: this is the uplink that the client
is connected to. If the client is a user then it is set to the server that
the client is connected to, if the client is a server then it is set to the
server that the server is connected to (the.. tadah.. uplink).
For local clients it is always set to &me.
2021-08-10 12:52:46 +02:00
Bram Matthys 4d947c3e51 Convert fake lag changes to use void add_fake_lag(Client *client, long msec) 2021-08-10 12:24:16 +02:00
Bram Matthys 532a9becda Massive renames of SSL/TLS and SSL to TLS. People should know the term by now :D 2021-08-10 09:07:32 +02:00
Bram Matthys 3832081eed Rename client->user->svid to client->user->account.
Just as a reminder: don't blindly assume that if anything is set here
that the user is logged in, there is IsLoggedIn(client) for that.
Reason: if the account name starts with a digit or is "*" then the
user isn't actually logged in ;)
2021-08-10 08:14:35 +02:00
Bram Matthys 839367272a Rename $client.nuh to $client.details as it is generic detailed
client information and not necessarily nick!user@host in all cases.
2021-08-06 20:59:54 +02:00
Bram Matthys 92757f6d9f Newlog: convert local client connects and disconnects.
Also makes the connect message and the standard log message consistent.
2021-08-06 11:05:59 +02:00
Bram Matthys 29e4f8d56f Newlog: FLOOD_BLOCKED (+s +f notices) 2021-08-05 20:42:24 +02:00
Bram Matthys e80c7b5b65 Add set::anti-flood options lag-penalty and lag-penalty-sec.
This also allows known-users to execute slightly more commands per second.

For people who want their trusted users/bots to allow even more commands
per second (eg 20cmds/sec) we now have a nice FAQ item that uses this:
https://www.unrealircd.org/docs/FAQ#high-command-rate
2021-06-23 16:21:06 +02:00