* restrict-commands: add option 'channel-create' for managing who may create new channels.
This has been a commonly requested feature with different requested options, I think it makes sense to do it properly from here
Reported by Valware. E.g. if HOOKTYPE_CAN_JOIN rejects the join
when it is a new channel.
( And yeah... +P channels are not destroyed... handled in
sub1_from_channel() -> HOOKTYPE_CHANNEL_DESTROY already. )
There was an incorrect OperOverride message if you were had +h, +a or +q
and was kicking someone that you should normally be able to (without override).
This requires quite a bit of further testing, though, it's so easy to get
this wrong. The FIXME still stands to fix this for good some day.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=6423
Reported by hnj in https://bugs.unrealircd.org/view.php?id=6418
Appears to have been introduced as part of the 6.x refactor of secret/private channel modes in 8066c13876
Also adjust message for ERR_OPERSPVERIFY to include channel name.
This is to correspond closer to other similar numerics around this area, as well as agreeing with the definition within modern.
crule is used outside security groups / spamfilter, like in
deny link { }.
Also update the match_realname() since via the extban code it would
use match_esc() which is rather confusing if you have double (or
perhaps even triple) escaping when using this in the conf.
match_user_extended_server_ban except that it works by name/value.
This can then be used by crules or in other mods, like:
user_matches_extended_server_ban(client, "country", "NL");
If the performance impact isn't too bad (of the extra work) then
this prevents duplicate code in the handler for things like
that: account, country, certfp, and whatever we add in the future..
Otherwise in pre-connect-stage is_identified(), is_webirc()
and is_websocket() will always return false due to the
IsUser() check.
One should always be careful with accessing things in pre-
connect-stage, but in this case the IsLoggedIn() and
moddata_client_get() are safe to use. The former checks
client->user and the latter does not access anything within
client->user at all.
Note that this is still a dumb interface and not a real proper
authentication framework.
This adds HOOKTYPE_SASL_AUTHENTICATE and HOOKTYPE_SASL_MECHS and
also provides 3 functions: sasl_succeeded(), sasl_failed() and
a helper function decode_authenticate_plain() for AUTHENTICATE PLAIN.
* Add more [Crule](https://www.unrealircd.org/docs/Crule) functions:
* `is_tls()` returns true if the client is using SSL/TLS
* `in_security_group('known-users')` returns true if the user is in the
specified [security group](https://www.unrealircd.org/docs/Security-group_block).
* `match_mask('*@*.example.org')` or `match_mask('*.example.org')`
returns true if client matches mask.
* `match_ip('192.168.*')` or with CIDR like `match_ip('192.168.0.0/16')`
returns true if IP address of client matches.
Reported by BlackBishop.
This rename free_config_defines() to init_config_defines and calls it from
config_read_start() so caller doesn't have to think about it.
And this is easily mistaken with "REHASH -global" which rehashes all
the IRC servers on the network.
In fact, who knows some year(s) from now we may map "REHASH -all"
to "REHASH -global", but... not yet...
* When booting for the first time (without any cached files) the IRCd
downloads GeoIP.dat. If that fails, e.g. due to lack of internet connectivity,
we now show a warning and continue booting instead of it being a hard error.
Note that we already dealt with this properly after the file has been cached
(so after first download), see "What if your web server is down" in
[Remote includes](https://www.unrealircd.org/docs/Remote_includes#What_if_your_web_server_is_down).