Bram Matthys
55e4c8ea03
Tell admins to verify the SSL/TLS certificates of their server links.
...
https://www.unrealircd.org/docs/Link_verification
This is only outputted if both sides are 4.0.16+ so we can use spkifp
and use the same instruction on both sides of the link.
(If we would do it for previous versions then we would only give
half of the instructions to the users, which makes no sense)
2017-10-09 14:17:35 +02:00
Bram Matthys
78695f3eea
Permit attaching client moddata to servers (and synch properly, if .synch=1)
2017-09-02 15:47:58 +02:00
Bram Matthys
0da1fdb2d2
Fix possible crash in /STATS due to change from yesterday.
...
Other than that, some minor style and real things.
2017-09-02 08:27:55 +02:00
Bram Matthys
199a7e162d
Make new functions more generic and use it from crash reporter so
...
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys
aa829bce12
New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
...
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00
Bram Matthys
5cf28d0d46
It was possible to have a block named 'link irc1.test.net' and then get
...
connected to a server introducing himself as irc2.test.net. This
was rather confusing, of course. Wasn't much of a security issue since
this only happened in outgoing connects and naturally all authentication
need to pass as well.
2017-08-25 20:34:27 +02:00
Bram Matthys
efb344b9b2
duh.
2017-08-19 12:07:54 +02:00
Bram Matthys
bfa00e95b7
Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
...
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys
d53d46fce4
Add set::plaintext-policy block by which you can warn or deny user connections,
...
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys
4cad9cb0c5
SERVER parser error causing uplinks to show bad server description, reported by and patch from OUTsider ( #4576 ).
...
Patch used only with minor changes: one %i should have been %s, some annoying (char *) casts removed which existed in the original code as well, moved 'tmp' variable, collapsed NULL initalization, ..
2016-03-04 13:27:42 +01:00
Bram Matthys
bf1e1502ba
Use #include "unrealircd.h" in all modules ( #4516 ).
2016-03-04 13:02:06 +01:00
Bram Matthys
f7dd3cedd8
Fix minor linking bug which permitted a server to link in which used me::name, IF you had a link block for it. Reported by vNode1 ( #4559 ).
2016-01-31 20:46:52 +01:00
Bram Matthys
4280d57f60
Modes of permanent channels (+P) with 0 members and 0 bans/excepts/.. were not synched correctly. Reported by 'i' ( #4459 ).
2015-11-25 15:37:38 +01:00
Bram Matthys
4dd6be721c
Fix crash on linking ( #4451 ).
2015-11-25 15:00:28 +01:00
Bram Matthys
8b45169f82
Get rid of $Id$ in /MODULE (version) output. Just report as "4.0"
2015-10-11 18:18:31 +02:00
Bram Matthys
15469cae2e
Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
...
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408 ).
2015-09-05 12:06:55 +02:00
Bram Matthys
8e87a963a1
Not important, but.. when server linking, send password just once and not twice.
2015-09-04 12:30:07 +02:00
Bram Matthys
5bfa5c701e
Never understood why it's called get_sockhost() if it actually sets it. Renamed to set_sockhost()
2015-07-27 18:30:25 +02:00
Bram Matthys
2a53499610
Get rid of useless DLLFUNC prefixes (at places where they were not needed)
2015-07-25 20:23:37 +02:00
Bram Matthys
fd375ee284
Use CMD_FUNC() everywhere
2015-07-25 20:22:44 +02:00
Bram Matthys
c478d7d9ef
Move some stuff to introduce_user() so we can use it.
2015-07-20 16:42:36 +02:00
Bram Matthys
8b039335d6
set cptr->sockhost for incoming server connections too so you can use hostnames in link::options::incoming, if you wish..
2015-07-19 19:08:54 +02:00
Bram Matthys
13fffa4e1a
split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
...
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys
f22cef97d4
Why do we have those unnecessary (SSL *) casts everywhere? Poof. Gone.
2015-07-15 15:54:36 +02:00
Bram Matthys
6c0ebb5bd3
Protection against linking race conditions is back again (IOTW: allow very rapid re-linking), but only if your network is fully 3.4.x (actually: current git unreal34 or later)
...
Re-implemented PROTOCTL SERVERS= which nenolod ripped out (#4355 ).
Add 2nd argument to PROTOCTL EAUTH=servername,unrealprotocol
Change UnrealProtocol from 2350 to 2351
2015-07-10 21:57:13 +02:00
Bram Matthys
e8dfb284a1
Replace parv[0] with sptr->name. Don't use parv[0] anymore.
...
I went through all 500+ of them by hand as to avoid introducing bugs... we'll see ;)
2015-07-10 12:17:05 +02:00
Bram Matthys
2f8cb55e47
Add extended SWHOIS support. Allows multiple swhoises and tracking of who/what set the swhois.
...
Added swhois_add / swhois_delete functions which also take care of broadcasting
New remove_oper_privileges() function, will move the rest to use this (svsnoop svsmode etc)
Not finished yet...
2015-07-09 16:26:52 +02:00
Bram Matthys
15977e011d
remove umode 'g' (failops), we have snomasks and oper umode for this.
2015-07-09 14:09:02 +02:00
Bram Matthys
00dd10c744
transform more failops call
2015-07-09 14:05:06 +02:00
Bram Matthys
fe14e21175
Update all MOD_TEST/MOD_INIT/MOD_LOAD/MOD_UNLOAD calls to new format
2015-07-08 18:02:19 +02:00
Bram Matthys
5286b50c19
We already set the IP in add_connection, no need to do that in check_init again.
...
Fix bug where "insecure link" message was shown despite localhost.
2015-06-22 20:49:40 +02:00
Bram Matthys
678268f2a3
Allow multiple masks in link::incoming::mask
...
Make linking code use unreal_mask functions as well. Some fixes.
2015-06-03 10:39:33 +02:00
Bram Matthys
efdefc4eb8
mute non-SSL warning for localhost (won't bother about other cases)
2015-05-25 13:14:44 +02:00
Bram Matthys
04727556c7
Show warning if non-SSL. Improve link error (on authentication failure). Auto-convert link::incoming::mask from like '1.2.3.4' to '*@1.2.3.4'.
2015-05-25 13:06:18 +02:00
Bram Matthys
db97b23bcb
move to a single password entry in link block:
...
"password in link block should be plaintext OR should be the SSL fingerprint of the remote link (=better)"
2015-05-25 10:54:05 +02:00
Bram Matthys
8049136379
Restructure the entire link { } block ( #4032 ). Initial commit (missing autoconnect, ssl, etc).
2015-05-25 10:19:15 +02:00
Bram Matthys
d12b6962a5
convert to more understandable code
2015-05-23 09:50:45 +02:00
Travis McArthur
aea09603a4
Remove USE_SSL macro and associated code
...
We no longer support non-SSL builds, remove related code
2015-05-20 02:48:34 -04:00
Bram Matthys
de3f9b9cc2
- Add server synching and broadcast functions for new ModData system.
...
- Also added an example module for coders (m_mdex), not compiled by default.
2014-06-01 20:06:28 +02:00
Bram Matthys
101d2dd6a3
Big 3.4.x commit containing bug fixes and enhancements. Modularizing
...
user & channel modes. Fixing Windows build. Etc..
2014-05-11 20:56:02 +02:00
William Pitcock
95137d435a
- use SIDs and UIDs in server burst entirely if possible
2013-05-25 11:17:17 +00:00
William Pitcock
ae46850e2b
- send UIDs on burst and new user to PROTO_SID servers.
2013-05-23 10:10:53 +00:00
William Pitcock
2ccaea07b5
- SID command: ensure we use non-SID name as origin on SERVER message (since it's for backwards compat)
2013-05-21 07:46:27 +00:00
William Pitcock
1853eaeeae
- Quick attempt at cleaning up the mess for SIDs.
2013-05-21 07:17:39 +00:00
William Pitcock
7f156ad566
- add remote SIDs to ID hashtable
2013-05-21 06:52:45 +00:00
William Pitcock
afdf5d780a
- Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. ( #4208 )
2013-05-21 06:26:52 +00:00
William Pitcock
42a0071b2b
- implement SID handler
2013-05-21 03:42:22 +00:00
William Pitcock
61fe014771
- Remove sendto_server_butone() and friends, now everything uses sendto_server(). ( #4202 )
...
Patch from FalconKirtaran.
2013-05-20 01:21:45 +00:00
William Pitcock
b413848524
- TOK_FOO removal pass 2
2013-05-19 21:40:45 +00:00
William Pitcock
ca86485927
- Remove token parameter from CommandAdd().
2013-05-19 21:27:26 +00:00