1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-06 05:13:13 +02:00
Commit Graph

90 Commits

Author SHA1 Message Date
Bram Matthys 55e4c8ea03 Tell admins to verify the SSL/TLS certificates of their server links.
https://www.unrealircd.org/docs/Link_verification
This is only outputted if both sides are 4.0.16+ so we can use spkifp
and use the same instruction on both sides of the link.
(If we would do it for previous versions then we would only give
 half of the instructions to the users, which makes no sense)
2017-10-09 14:17:35 +02:00
Bram Matthys 78695f3eea Permit attaching client moddata to servers (and synch properly, if .synch=1) 2017-09-02 15:47:58 +02:00
Bram Matthys 0da1fdb2d2 Fix possible crash in /STATS due to change from yesterday.
Other than that, some minor style and real things.
2017-09-02 08:27:55 +02:00
Bram Matthys 199a7e162d Make new functions more generic and use it from crash reporter so
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys aa829bce12 New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00
Bram Matthys 5cf28d0d46 It was possible to have a block named 'link irc1.test.net' and then get
connected to a server introducing himself as irc2.test.net. This
was rather confusing, of course. Wasn't much of a security issue since
this only happened in outgoing connects and naturally all authentication
need to pass as well.
2017-08-25 20:34:27 +02:00
Bram Matthys efb344b9b2 duh. 2017-08-19 12:07:54 +02:00
Bram Matthys bfa00e95b7 Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys 4cad9cb0c5 SERVER parser error causing uplinks to show bad server description, reported by and patch from OUTsider (#4576).
Patch used only with minor changes: one %i should have been %s, some annoying (char *) casts removed which existed in the original code as well, moved 'tmp' variable, collapsed NULL initalization, ..
2016-03-04 13:27:42 +01:00
Bram Matthys bf1e1502ba Use #include "unrealircd.h" in all modules (#4516). 2016-03-04 13:02:06 +01:00
Bram Matthys f7dd3cedd8 Fix minor linking bug which permitted a server to link in which used me::name, IF you had a link block for it. Reported by vNode1 (#4559). 2016-01-31 20:46:52 +01:00
Bram Matthys 4280d57f60 Modes of permanent channels (+P) with 0 members and 0 bans/excepts/.. were not synched correctly. Reported by 'i' (#4459). 2015-11-25 15:37:38 +01:00
Bram Matthys 4dd6be721c Fix crash on linking (#4451). 2015-11-25 15:00:28 +01:00
Bram Matthys 8b45169f82 Get rid of $Id$ in /MODULE (version) output. Just report as "4.0" 2015-10-11 18:18:31 +02:00
Bram Matthys 15469cae2e Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408).
2015-09-05 12:06:55 +02:00
Bram Matthys 8e87a963a1 Not important, but.. when server linking, send password just once and not twice. 2015-09-04 12:30:07 +02:00
Bram Matthys 5bfa5c701e Never understood why it's called get_sockhost() if it actually sets it. Renamed to set_sockhost() 2015-07-27 18:30:25 +02:00
Bram Matthys 2a53499610 Get rid of useless DLLFUNC prefixes (at places where they were not needed) 2015-07-25 20:23:37 +02:00
Bram Matthys fd375ee284 Use CMD_FUNC() everywhere 2015-07-25 20:22:44 +02:00
Bram Matthys c478d7d9ef Move some stuff to introduce_user() so we can use it. 2015-07-20 16:42:36 +02:00
Bram Matthys 8b039335d6 set cptr->sockhost for incoming server connections too so you can use hostnames in link::options::incoming, if you wish.. 2015-07-19 19:08:54 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys f22cef97d4 Why do we have those unnecessary (SSL *) casts everywhere? Poof. Gone. 2015-07-15 15:54:36 +02:00
Bram Matthys 6c0ebb5bd3 Protection against linking race conditions is back again (IOTW: allow very rapid re-linking), but only if your network is fully 3.4.x (actually: current git unreal34 or later)
Re-implemented PROTOCTL SERVERS= which nenolod ripped out (#4355).
Add 2nd argument to PROTOCTL EAUTH=servername,unrealprotocol
Change UnrealProtocol from 2350 to 2351
2015-07-10 21:57:13 +02:00
Bram Matthys e8dfb284a1 Replace parv[0] with sptr->name. Don't use parv[0] anymore.
I went through all 500+ of them by hand as to avoid introducing bugs... we'll see ;)
2015-07-10 12:17:05 +02:00
Bram Matthys 2f8cb55e47 Add extended SWHOIS support. Allows multiple swhoises and tracking of who/what set the swhois.
Added swhois_add / swhois_delete functions which also take care of broadcasting
New remove_oper_privileges() function, will move the rest to use this (svsnoop svsmode etc)
Not finished yet...
2015-07-09 16:26:52 +02:00
Bram Matthys 15977e011d remove umode 'g' (failops), we have snomasks and oper umode for this. 2015-07-09 14:09:02 +02:00
Bram Matthys 00dd10c744 transform more failops call 2015-07-09 14:05:06 +02:00
Bram Matthys fe14e21175 Update all MOD_TEST/MOD_INIT/MOD_LOAD/MOD_UNLOAD calls to new format 2015-07-08 18:02:19 +02:00
Bram Matthys 5286b50c19 We already set the IP in add_connection, no need to do that in check_init again.
Fix bug where "insecure link" message was shown despite localhost.
2015-06-22 20:49:40 +02:00
Bram Matthys 678268f2a3 Allow multiple masks in link::incoming::mask
Make linking code use unreal_mask functions as well. Some fixes.
2015-06-03 10:39:33 +02:00
Bram Matthys efdefc4eb8 mute non-SSL warning for localhost (won't bother about other cases) 2015-05-25 13:14:44 +02:00
Bram Matthys 04727556c7 Show warning if non-SSL. Improve link error (on authentication failure). Auto-convert link::incoming::mask from like '1.2.3.4' to '*@1.2.3.4'. 2015-05-25 13:06:18 +02:00
Bram Matthys db97b23bcb move to a single password entry in link block:
"password in link block should be plaintext OR should be the SSL fingerprint of the remote link (=better)"
2015-05-25 10:54:05 +02:00
Bram Matthys 8049136379 Restructure the entire link { } block (#4032). Initial commit (missing autoconnect, ssl, etc). 2015-05-25 10:19:15 +02:00
Bram Matthys d12b6962a5 convert to more understandable code 2015-05-23 09:50:45 +02:00
Travis McArthur aea09603a4 Remove USE_SSL macro and associated code
We no longer support non-SSL builds, remove related code
2015-05-20 02:48:34 -04:00
Bram Matthys de3f9b9cc2 - Add server synching and broadcast functions for new ModData system.
- Also added an example module for coders (m_mdex), not compiled by default.
2014-06-01 20:06:28 +02:00
Bram Matthys 101d2dd6a3 Big 3.4.x commit containing bug fixes and enhancements. Modularizing
user & channel modes. Fixing Windows build. Etc..
2014-05-11 20:56:02 +02:00
William Pitcock 95137d435a - use SIDs and UIDs in server burst entirely if possible 2013-05-25 11:17:17 +00:00
William Pitcock ae46850e2b - send UIDs on burst and new user to PROTO_SID servers. 2013-05-23 10:10:53 +00:00
William Pitcock 2ccaea07b5 - SID command: ensure we use non-SID name as origin on SERVER message (since it's for backwards compat) 2013-05-21 07:46:27 +00:00
William Pitcock 1853eaeeae - Quick attempt at cleaning up the mess for SIDs. 2013-05-21 07:17:39 +00:00
William Pitcock 7f156ad566 - add remote SIDs to ID hashtable 2013-05-21 06:52:45 +00:00
William Pitcock afdf5d780a - Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. (#4208) 2013-05-21 06:26:52 +00:00
William Pitcock 42a0071b2b - implement SID handler 2013-05-21 03:42:22 +00:00
William Pitcock 61fe014771 - Remove sendto_server_butone() and friends, now everything uses sendto_server(). (#4202)
Patch from FalconKirtaran.
2013-05-20 01:21:45 +00:00
William Pitcock b413848524 - TOK_FOO removal pass 2 2013-05-19 21:40:45 +00:00
William Pitcock ca86485927 - Remove token parameter from CommandAdd(). 2013-05-19 21:27:26 +00:00