as requested in https://bugs.unrealircd.org/view.php?id=6206
And also for channel.get, in "members", include the UID in "id".
This breaks the current format but we don't have many users yet anyway.
Something tells me that will happen more ;)
This also bumps the user and channel RPC modules from 1.0.0 to 1.0.1
In user.get (and currently user.list too) this shows as:
"channels": [
{
"name": "#test",
"level": "o"
}
]
And in channel.get (not .list) this shows as:
"members": [
{
"name": "abc",
"id": "00129BP02",
"level": "o"
},
{
"name": "def",
"id": "001LFMB05"
}
]
This because for JSON-RPC you expect all accurate data, while in contrast
with JSON logging the channels are just there for convenience and only
show the first X channels, since otherwise the data gets too long
and gets truncated (JSON logging uses channel detail level 0).
keep them open, but do a websocket ping/pong to check if the
connection is alive.
This is usually handled by browsers themselves, but if you are using
websockets from a non-browser then you may have to PONG back on
a PING, see https://www.rfc-editor.org/rfc/rfc6455#section-5.5.2
(note that PING-PONG is a requirement there)
Eg if there are 10.000 users online and you do user.list.
The old websocket framing assumed no response was >64Kb.
This also creates a new function websocket_create_packet_ex()
Valid choices are 0700, 0770 and 0777, see the documentation at
https://www.unrealircd.org/docs/Listen_block
Unrelated: this also documents the ConfigItem_listen struct in struct.h.
socket listening in data/rpc.socket, because why not... only the
ircd user has access to it by default (well, and root).
Don't add the external listener HTTP(S) port by default though,
because not everyone may want that exposed to the outside world.
The default creation of data/rpc.socket can be prevented by a
@define $NO_DEFAULT_RPC_SOCKET "1"
Something like "1h" was intepreted as unixtime 3600 (=expired long ago).
For absolute times there is already "expire_at" (JSON timestamp).
Now, "1h" is properly interpreted as meaning 1 hour from now, as intended.
This bumps the version of rpc/server_ban to 1.0.1.
Reported by armyn.
This was documented as optional in include/modules.h but on
https://www.unrealircd.org/docs/Dev:Extended_Bans_API it
was always mentioned as required.
In practice, I know of no module that does not have this,
in UnrealIRCd or third party (doing zero filtering is
quite a bad idea).
Anyway, long story short: this also means we can remove some
(flawed) logic in src/api-extban.c in case conv_param was
NULL, which raised a compiler warning:
api-extban.c: In function ‘extban_conv_param_nuh_or_extban’:
cc1: error: function may return address of local variable [-Werror=return-local-addr]
api-extban.c:382:14: note: declared here
382 | char tmpbuf[USERLEN + NICKLEN + HOSTLEN + 32];
| ^~~~~~
from the *LINE (or other ban type).
Eg /GLINE %*@192.168.* 0 :Please authenticate using SASL
would now, if the user has authprompt enabled and the connection times
out, exit the client after ~30 secs with "Please authenticate using SASL",
instead of "Registration timeout" (pre 6.0.5-rc2) or
the generic "Account required to login" (6.0.5-rc2).
This to help clients and users who do not type or display anything.
This is an enhancement to https://bugs.unrealircd.org/view.php?id=6202
This also fixes a bug in 6.0.5-rc2 where "Registration timeout" was
always showing up as "Account required to connect", even if there
was no softban or authprompt intervention at all.
More ideally it would show the full *LINE reason but that is something
for a later release. Inspired by https://bugs.unrealircd.org/view.php?id=6202
This also fixes a silly typo that prevents compiling btw :D
leading to duplicates. The effect was that in the 005 EXTBAN= string some
letters showed up twice like EXTBAN=~,aacfjmnpqrrtCCGGOSST.
Reported by jesse in https://bugs.unrealircd.org/view.php?id=6199
This also fixes a bug with OpenSSL 3.x where, when the ircd was
configured to still allow old TLSv1.0 / TLSv1.1, it would still
only allow TLSv1.2+.
But, as said, allowing TLSv1.0/TLSv1.1 is now no longer the default.
See release notes for more information or the documentation at
https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols
This changes the work of commit 2cf60f66a3.
$ip: IP address of the banned user
$server: name of the IRC server
$blacklist: name of the blacklist block (eg. xyz for blacklist xyz { })
$dnsname: the blacklist::dns::name
$dnsreply: DNS reply code
Previously there was a $name which was ambigious in the sense that
it could mean blacklist name or dns name, now we simply avoid using
$name altogether and use $dnsname and (new) $blacklist.
Added the ability to specify `$name` and `$reply` variables on ban reason,
`$name` would be filled with blacklist dns name data
`$reply` would be filled with blacklist dns reply data.
is 2.13 or newer, as this requires jansson_version_str().
And no, we don't use macro's (eg JANSSON_MAJOR_VERSION). We never do that for
any of the displayed library versions (OpenSSL, libsodium, c-ares, curl, etc)
as macro's only reflect the compile-time library version and not runtime,
and thus are misleading... which can be especially problematic in case of a
security issue. So good that jansson added this function.
This makes websocket_common unload last (and near-last: rpc & websocket)
and makes us call Mod_Init for these three modules first.
This way, the period where the websocket handler is unavailable is kept
to a minimum.
This also renames the ModuleSetOptions option MOD_OPT_UNLOAD_PRIORITY
to MOD_OPT_PRIORITY since it dynamically changes the module priority
in the list. For 6.x compatibility, MOD_OPT_UNLOAD_PRIORITY can still
be used.
when there is already another established link with a server with the same name.
For example, when there is a network issue and the "old server" is still
waiting to be timed out and the "new server" is already linking in.