1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 03:53:13 +02:00
Commit Graph

6988 Commits

Author SHA1 Message Date
Bram Matthys 5918d70943 Bump version to 6.1.5-git 2023-12-22 15:34:10 +01:00
Bram Matthys 70a59b8b1e central-api: add format check for api-key so people don't use a request-key there.
Reported by DeviL.
2023-12-18 09:37:18 +01:00
Bram Matthys 49e84436b4 Fix +I ~operclass requiring an operclass block name of >3 characters.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6372

Was an old leftover check from old style extban API
2023-12-17 09:53:36 +01:00
Bram Matthys 5b5a5bca03 Wait longer for a REHASH when running with ASan 2023-12-17 09:41:58 +01:00
Bram Matthys 96be13d68d ** UnrealIRCd 6.1.4 ** 2023-12-16 16:33:15 +01:00
Bram Matthys b0e87dcafa Fix crash issue in websocket server (CVE-2023-50784) 2023-12-15 12:34:06 +01:00
Bram Matthys fa84174d22 Fix the fix for frame assembly in webserver. 2023-12-12 18:05:23 +01:00
Bram Matthys be1467d1a1 ** UnrealIRCd 6.1.3 ** 2023-12-09 09:02:12 +01:00
Bram Matthys 7b8c9e8d72 Fix memory leak due to change from yesterday (duh..)
Caused by 4178cb3f81
[skip ci]
2023-12-08 07:44:45 +01:00
Bram Matthys 4178cb3f81 Fix frame reassembly in webserver_handle_request_header()
Previously the same code caused no problem, but then
2fcb5b4669 changed the read buffer
size to 16384.
Since then (6.1.2.x) the webserver_handle_request_header() function
was sometimes cutting 1 byte off the packet due to sizeof(netbuf)-1
which was 16383 bytes. We now no longer use a fixed value and
allocate memory dynamically on the heap.

This fixes the bug that I was seeing but this change still needs
serious extra testing as it may affect websockets and RPC!
2023-12-06 18:19:17 +01:00
Bram Matthys 49614fc891 Thanks to Koragg for reporting previous issue :D
54ad2d1586
[skip ci]
2023-12-05 18:31:56 +01:00
Bram Matthys 54ad2d1586 Fix crash with 'crule', because it was being checked against Services bots 2023-12-05 18:22:25 +01:00
Bram Matthys 3428551e54 ** UnrealIRCd 6.1.3-rc1 ** 2023-12-01 09:03:13 +01:00
Bram Matthys 99fcf9adf6 Add unrealircd_version in CBL request, mostly for the future.
[skip ci]
2023-12-01 08:03:43 +01:00
Bram Matthys 96b18946ca Include oper name on /SPAMREPORT (for central spamreport) 2023-12-01 07:58:01 +01:00
Bram Matthys 9685d1e052 Fix module manager: if 1 upgrade failed, the remaining were not upgraded.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=6352
2023-11-29 09:08:55 +01:00
Bram Matthys 53f0f0cb94 Fix unitialized variable access caused by earlier commit of today
(only if you use a proxy block)
2023-11-27 17:59:37 +01:00
Bram Matthys cd1b79d3f7 Fetch Central Spamfilter rules with the API Key via alternate URL.
* The [Central Spamfilter](https://www.unrealircd.org/docs/Central_Spamfilter),
  which provides spamfilter { } blocks that are centrally managed, is
  now fetched from a different URL if you have an Central API key set.
  This way, we can later provide spamfilter { } blocks that build on
  central blocklist scoring functionality, and also don't have to reveal
  the central spamfilter blocks to 100% of the world.
2023-11-27 14:33:00 +01:00
Bram Matthys 5f767a8fe8 Proxy block: rework and add support for X-Forwarded-For, Cloudflare, etc. 2023-11-27 12:10:17 +01:00
Bram Matthys f8bd45541d Disable some recent debugcode even with DEBUGMODE on ;D
(And yeah this will eventually be removed altogether)
2023-11-27 10:55:56 +01:00
Bram Matthys 026d5522a8 Remove WSU() items forwarded & secure, since these are in webserver nowadays. 2023-11-27 10:07:34 +01:00
Bram Matthys 02ac1fc0b3 Add an option to check websocket Origin header via
listen {
	websocket {
		allow-origin { *.example.net; }
	}
}

This allows you to limit websockets to a particular domain, IF the
user is using a normal browser.

Note that any non-browser (eg a websocket command line program) could
just spoof the Origin header, so for that case it doesn't really add
any security or real restriction.
2023-11-26 20:08:17 +01:00
Bram Matthys 98c264aabf Fix some more warnings, rather minor.
[skip ci]
2023-11-26 18:48:09 +01:00
Bram Matthys 0a7f1adc8b Add value check for blacklist config, well, fix it i mean.
And fix some compiler warning (remove a useless check).
[skip ci]
2023-11-26 16:36:11 +01:00
Bram Matthys 94bf58add9 Fix crash reporter to use SNI.
As for why BIO_set_conn_hostname() does not set and use it... good Q.
2023-11-26 15:52:47 +01:00
Bram Matthys 07cc8eaeaf central-*.c: remove old module manager stuff and bump version.
[skip ci]
2023-11-25 17:29:06 +01:00
Bram Matthys f1a5f5ab97 Remove accidental 'else' that caused modulemgr to freeze / make install to hang.
... when using url_unreal instead of url_curl.
2023-11-25 12:30:44 +01:00
Bram Matthys 4da58dde41 Update central spamreport, https://www.unrealircd.org/docs/Central_spamreport
set::central-blocklist::spamreport and ::spamreport-enabled are now GONE.
We now require a normal spamreport block, just like for other spamreport
functionality. So, if you want to enable this feature, use:
spamreport unrealircd { type central-spamreport; }

See https://www.unrealircd.org/docs/Central_spamreport for all info.

You can use CBL with central spamreport or central spamreport without CBL.
All explained at that URL.
2023-11-25 11:50:25 +01:00
Bram Matthys d08160baca Add option set::central-blocklist::blocklist-enabled yes/no (default yes).
This is mainly for the (less usual) case when someone wants to
use SPAMREPORT but does NOT want to use CBL:

set {
	central-blocklist {
		blocklist-enabled no;
		spamreport-enabled yes;
	}
}

Also documented at https://www.unrealircd.org/docs/Central_spamreport
under 'Configuration'
2023-11-25 10:26:56 +01:00
Bram Matthys bdfc3c97dd Add RegisterApiCallbackResolverHost() and make blacklist module non-PERM.
Hopefully this works OK... still need to test w/REHASH to see.
2023-11-25 09:39:50 +01:00
Bram Matthys 55d1398fca Move dns.h include to unrealircd.h and remove it elsewhere.
Because I need c-ares prototypes in modules.h, for next commit.
[skip ci]
2023-11-25 09:05:55 +01:00
Bram Matthys 6ce1958e1c Add URL API and use it at one place from central-blocklist. Docs at:
https://www.unrealircd.org/docs/Dev:URL_API
2023-11-25 08:31:12 +01:00
Bram Matthys 7d024f8086 URL API: add request->connect_timeout & request->transfer_timeout
... in case you want to do fine-tuning.

Defaults to DOWNLOAD_CONNECT_TIMEOUT (15 seconds) and
DOWNLOAD_TRANSFER_TIMEOUT (20 seconds).

For example, the module manager uses a shorter timeout of 7 and 20.
(that was already the case, but now it uses the generic api so
 it needed an option to set it to those values)
2023-11-24 14:38:20 +01:00
Bram Matthys 9d3af7f22a Fix Windows compile problem
[skip ci]
2023-11-24 14:26:26 +01:00
Bram Matthys 44203caea3 Fix modulemanager issue due to changes from an hour ago.
"./unrealircd module upgrade" is called by "make install" and now that
we use generic URL framework, the src/url_curl.c did not take into
account that at that stage ~/unrealircd/conf/tls/curl-ca-bundle.crt
may not exist yet, so fallback to <source>/doc/conf/tls/curl-ca-bundle.crt.
The src/url_unreal.c already did that. As did the old modulemanager
code that was removed an hour ago.
2023-11-24 14:12:53 +01:00
Bram Matthys 36323f4294 Replace modulemanager HTTPS code with the generic URL code.
We now have a synchronous_http_request() which can be used for that
(NOTE: that function is NOT for use in unrealircd modules)
2023-11-24 13:22:55 +01:00
Bram Matthys 2ae33225d0 In url_curl.c we properly did remove(tmpfile) but in url_unreal.c we did not.
Also add a flag to say not to remove the tmpfile -- not working yet.
[skip ci]
2023-11-24 13:17:21 +01:00
Bram Matthys 1282d2f2be URL API: Response callback is now two structs so we can easily extend.
callback(OutgoingWebRequest *request, OutgoingWebResponse *response)
2023-11-24 12:31:49 +01:00
Bram Matthys eed9d22e3b URL API: work towards callback w/struct -- actually this is an interim step 2023-11-24 12:04:28 +01:00
Bram Matthys 3548b7e2af New URL API (not really a unrealircd module api tho) - work in progress.
No longer url_start_async(a,b,c,d,e,f,g,...) but usings structs so
simply url_start_async(tehstruct);
makes it easy to add fields later without forcing all modules to
change the prototype.

Work in progress....
2023-11-24 11:27:39 +01:00
Bram Matthys c9abf0709a Provide a good error when trying to load third/centralblocklist and the like.
Since people should use the core modules from now on.

We now have a function to provide such migrations / errors / suggestions.
2023-11-24 09:42:32 +01:00
Bram Matthys be586531bc Make get_central_api_key() an efunction rather than doing things by hooks.
An efunction with a default that returns NULL, so you don't need to
load the module if you don't want the functionality.
2023-11-24 09:24:10 +01:00
Bram Matthys d73c8b30d2 Fix compile problem with central-blocklist on FreeBSD. 2023-11-24 09:13:13 +01:00
Bram Matthys 6aae3e7a5d Update modules and Makefiles so central-api & central-blocklist compile. 2023-11-24 07:31:22 +01:00
Bram Matthys ebd39f4144 First import these as-is from third/ to track history properly (not compilable)
[skip ci]
2023-11-24 07:26:54 +01:00
Bram Matthys fe8e8e1274 Via JSON-RPC one could place a gzline on ident@host, which is invalid.
The effect it had was actually *@host, so ident@* became *@* -grin-.

Was caused by add=0 at the server_ban_parse_mask() causing a check
not to happen. Fixed now.

Reported by Jellis in https://bugs.unrealircd.org/view.php?id=6358
2023-11-24 07:14:23 +01:00
Bram Matthys d85ed7a51f For set::hide-ban-reason add a new option auto and make it the default.
This will hide the *LINE reason to other users if the *LINE contains the
IP of the user. This to protect the privacy of the user for cases such
as a KLINE due to a blacklist with a DroneBL URL.
Other possible settings are `no` (never hide, the previous default) and
`yes` to always hide the *LINE reason. In all cases the user affected by
the server ban can still see the reason and IRCOps too.

https://bugs.unrealircd.org/view.php?id=6362
2023-11-22 14:48:14 +01:00
Bram Matthys 36d12d2d82 Bump version to 6.1.3-git 2023-11-22 08:38:27 +01:00
Valerie Liu 7b9aacd609 Fix accidental truncation in SREPLY (#257) 2023-11-20 15:30:08 +00:00
Valerie Liu 8c0243182c Fix server notice about setting -Z, it was sent from the SID instead of server name (#263) 2023-11-20 15:28:23 +00:00