1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 17:26:38 +02:00
Commit Graph

6250 Commits

Author SHA1 Message Date
Bram Matthys 5124e60b7c Add "CAP chghost" support. Internal recode of userhost changes.
Fix force-rejoin not working if doing SVSMODE -x/+x (Koragg, #5015).

Note to module coders:
Please use the following procedure in case of an user/host change:
* userhost_save_current(acptr);
* << change username or hostname here (or both) >>
* userhost_changed(acptr);
This function will take care of notifying other clients about
the userhost change, such as doing PART+JOIN+MODE if force-rejoin
is enabled, and sending :xx CHGHOST user host messages to
"CAP chghost" capable clients.

Also, small note to everyone:
If force-rejoin is enabled we will not send the PART+JOIN+MODE to
"CAP chghost" capable clients. Doing so is just a hack to notify
people of a userhost change. "CAP chghost" users can thus benefit
from the reduced noise in this respect.
2017-10-07 13:31:30 +02:00
Bram Matthys 0fd265349a Remove HOSTILENAME config.h option since running without it is
and has never been supported.
2017-10-07 09:33:48 +02:00
Bram Matthys 23ce2eaabe It helps if you also update the *.h files to reflect those changes. Duh. 2017-10-07 09:32:09 +02:00
Bram Matthys 3d38adff4f Rename config.h setting CLIENT_FLOOD to DEFAULT_RECVQ since that is what
it is. You should simply set a class::recvq instead of changing this
in config.h.
2017-10-07 09:29:47 +02:00
Bram Matthys 885e474211 Removed option in config.h to disable NO_FLOOD_AWAY. You can already
tweak or disable this via set::anti-flood::away-flood.
2017-10-07 09:25:45 +02:00
Bram Matthys 1a80309314 Remove strange include/config.h option called CMDLINE_CONFIG which
would allow you to use -f even if the IRCd is suid or sgid.
This is not anything we or you ever want to permit since this is
a major security problem. This setting is now gone. I doubt
anyone used it.
2017-10-07 09:22:32 +02:00
Bram Matthys 08496ec47b Remove various #define's from config.h that don't actually do anything
(or are incorrectly documented).
2017-10-07 09:19:14 +02:00
Bram Matthys 7a33a2c019 Move CONNECTTIMEOUT to set::handshake-timeout and clarify the setting
at https://www.unrealircd.org/docs/Set_block#set::handshake-timeout
Requested by marco500 in #5011.
2017-10-07 08:45:48 +02:00
Bram Matthys d6acbf63b0 Move MAXUNKNOWNCONNECTIONSPERIP to set::max-unknown-connections-per-ip.
Rarely tweaked setting, but for those who need it it's easier in the conf.
Requested by marco500 (#5011). For documentation of this setting see:
https://www.unrealircd.org/docs/Set_block#set::max-unknown-connections-per-ip
2017-10-07 08:15:52 +02:00
Bram Matthys 37dbdfeee3 Bump version to 4.0.16-devel. This version is under development.
You should always use https://www.unrealircd.org/ for stable releases.
In case you wondered what happened with 4.0.15: that version consists
of cherry-picked / backports of the two crash fixes from this 'unreal40'
development branch. The current code simply wasn't ready yet for a
rushed security release.
2017-10-01 19:37:29 +02:00
Bram Matthys 6dd147b941 Fix 2nd crash bug. Found when searching for related crash issues. 2017-10-01 13:19:12 +02:00
Bram Matthys 47eebad53d Fix crash bug, reported by Joseph Bisch. 2017-10-01 13:18:45 +02:00
Bram Matthys 5399e060fa Send CAP DEL sasl if set::sasl-server squits and CAP NEW when it returns.
(Only to cap-notify and v3.2 clients, of course)
Also fix a "bug" where sts parameters were not shown in CAP NEW tls.
2017-09-30 15:19:29 +02:00
Bram Matthys ac65e32a26 Add CAP v3.2 support. Add 'cap-notify' support.
Delete CAP CLEAR as it's use is discouraged (too much trouble).
Delete CAP ACK (from client2server) as this is only for CAP's with
ack modifiers. This is something we don't use, and which has been
deprecated in v3.2 of the spec.
2017-09-30 14:34:06 +02:00
Bram Matthys 461fa9a48a Store CAP version in use in sptr->local->cap_protocol. 2017-09-30 12:50:36 +02:00
Bram Matthys 7d381086ad Remove CLICAP_FLAGS_CLIACK. Never understood this idea. Unused and deprecated it seems. 2017-09-30 12:35:56 +02:00
Bram Matthys 44052b86c0 Remove CLICAP_FLAGS_STICKY. We don't use this anyway. 2017-09-30 12:33:57 +02:00
Bram Matthys fbd4e74663 You can now have multiple webirc { } blocks with the same mask.
This permits multiple blocks like..
webirc {
    mask *;
	password "....." { sslclientcertfp; };
};
..should you need it.
In other words: we don't stop matching upon an authentication failure.
2017-09-30 09:53:04 +02:00
Bram Matthys 638b189804 Users connecting to the IRC server from the same machine could be seen as
"localhost", even though they were using an IP other than 127.0.0.1.
So, they were local but not using loopback. Reported by The_Myth (#5013).
2017-09-20 15:51:41 +02:00
Bram Matthys 838354f155 UnrealIRCd 4.0.14 2017-09-15 10:23:49 +02:00
Bram Matthys de9216a339 * Please do not use UmodeDel, CmdoverrideDel and any other *Del()
functions from MOD_UNLOAD. [..]
2017-09-15 10:19:55 +02:00
Bram Matthys 217ea69fe8 Use ircs:// link instead of irc:// 2017-09-15 08:24:30 +02:00
Bram Matthys 3de335ea0c Update curlinstall link to use https. Previously this wasn't done
because so many people had a broken system/wget/curl, that is: without
the appropriate trusted CA certificates installed.  If this is still
the case, then: too bad.  People who DO have a proper setup shouldn't
be held back with regards to security by such users.
2017-09-15 08:19:39 +02:00
Bram Matthys 91e108499e Convert remaining http:// links to https:// 2017-09-15 08:19:08 +02:00
Bram Matthys a20dc5f8c1 Use static buffer in cipher_check() like in verify_certificate() - duh. 2017-09-10 16:41:34 +02:00
Bram Matthys e7c7b1daff Don't show draft/sts and other unREQ'able CAP's in "CAP LIST" (only in "CAP LS"). 2017-09-09 12:37:50 +02:00
Bram Matthys 3cbf2536b2 Clarify 2017-09-08 08:26:53 +02:00
Bram Matthys 1f856745e5 4.0.14-rc1 2017-09-08 08:16:21 +02:00
Bram Matthys 366a494c00 Last update of release notes before -rc1? 2017-09-08 08:15:54 +02:00
Bram Matthys 2914695681 We can't prevent all user mistakes, but we can at least prevent some.. 2017-09-08 07:53:20 +02:00
Bram Matthys 461ce8016a Some modes in set::modes-on-connect gave an error. These were
old user modes such as +N and +A that were previously forbidden but
may nowadays be (re-)used by 3rd party modules.
Reported by marco500 (#4980).
2017-09-08 07:39:56 +02:00
Bram Matthys ea974ed018 Update Windows makefile (+SRC/OPENSSL_HOSTNAME_VALIDATION.OBJ) 2017-09-06 16:51:18 +02:00
Bram Matthys 296decf648 This code can be removed now that we have a working verify_certificate().
Also broke LibreSSL (SSL_CTX_get0_param undefined).
2017-09-06 16:49:25 +02:00
Bram Matthys a21222a672 Bump MODDATA_MAX_CLIENT from 8 to 12 and move MODDATA_MAX_* to include/config.h 2017-09-06 16:29:48 +02:00
Bram Matthys 05c6dfbb35 Update release notes 2017-09-06 16:22:13 +02:00
Bram Matthys edb144d570 Update cipher suite to include TLSv1.3 ciphers.
This so upcoming UnrealIRCd version will work with TLSv1.3 whenever it
becomes an official standard and is included in OpenSSL/LibreSSL.
(Verified to work with openssl git master branch)
2017-09-06 16:09:22 +02:00
Bram Matthys a5dbd3aa7c SSL/TLS: Use SNI in outgoing server link. 2017-09-06 14:32:21 +02:00
Bram Matthys b757d2eff0 Show set::sasl-server in '/STATS set'. Suggested by Gottem (#0004997). 2017-09-06 08:44:12 +02:00
Bram Matthys 08bc61ec00 We now refuse to enable SSL/TLS with weak ciphers: DES, 3DES, RC4. 2017-09-06 08:21:14 +02:00
Bram Matthys 959195e7d7 Update Windows makefile to match *NIX objects 2017-09-03 16:27:55 +02:00
Bram Matthys 58ebc9c6be Move previous release notes (4.0.13) to doc/RELEASE-NOTES.old 2017-09-03 16:23:05 +02:00
Bram Matthys 788f628403 Update release notes 2017-09-03 16:22:44 +02:00
Bram Matthys 3510a98e50 Shorten the set::plaintext-policy text. Content was good but it was too long. 2017-09-03 16:10:37 +02:00
Bram Matthys 8fad7c563d Add cap/link-security and cap/plaintext-policy modules. 2017-09-03 16:06:39 +02:00
Bram Matthys 1faa91ed0e Add helper function plaintextpolicy_valtochar(). 2017-09-02 15:49:02 +02:00
Bram Matthys 78695f3eea Permit attaching client moddata to servers (and synch properly, if .synch=1) 2017-09-02 15:47:58 +02:00
Bram Matthys 0da1fdb2d2 Fix possible crash in /STATS due to change from yesterday.
Other than that, some minor style and real things.
2017-09-02 08:27:55 +02:00
Bram Matthys 3ade6c7ecb :D 2017-09-01 18:15:47 +02:00
Bram Matthys 199a7e162d Make new functions more generic and use it from crash reporter so
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys aa829bce12 New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00