1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 05:43:12 +02:00
Commit Graph

29 Commits

Author SHA1 Message Date
Bram Matthys 4f3e524602 Add function set_client_ip() and call HOOKTYPE_IP_CHANGE there if needed.
This to replace the scattered IP setting. It is very important to always
use set_client_ip() from this point. Everywhere!

Also, in addition to client->ip, this adds client->rawip that contains
the IP in network byte order. In older UnrealIRCd versions we always had
the raw IP but not the IP as a string, so we moved to IP as a string,
but it can be useful to have both in terms of optimizations.
Of course, then the client->ip and client->rawip always need to 100% match,
hence the set_client_ip().

This also changes IsIPV6() to do A BUGFIX, it changes it from:
* if local user is the user connected over IPv6? Otherwise, does it have ':' in the IP?
To:
* check if the IPv6 flag is set (which is set if IP contains ':')
This may seem insignificant but it means that for spoofed IP addresses,
such as WEBIRC or transparant proxy, we use the correct transport.
Previously, if the proxy was IPv6 then even if the spoofed user was using
IPv4, the ident check would still be tried over IPv6. That sort of fun.
From now in, in such a situation client->local->socket_type will be
SOCKET_TYPE_IPV6 but since client->ip (and rawip) will contain IPv4
the IsIPV6() will actually return false, as it should be.

Also, in the HOOKTYPE_IP_CHANGE, enforce that if HOOK_DENY is returned,
the the user is killed by dead_link(). The user must be killed because
that is what we expect, and you cannot use exit_client() because from
some code paths that would be too much freed structures / hassle,
as a comment in src/modules/connect-flood.c correctly states:
/* There are two reasons why we can't use exit_client() here:
 * 1) Because the HOOKTYPE_IP_CHANGE call may be too deep.
 *    Eg: read_packet -> webserver_packet_in ->
 *    webserver_handle_request_header -> webserver_handle_request ->
 *    RunHook().... and then returning without touching anything
 *    after an exit_client() would not be feasible.
 * 2) Because in HOOKTYPE_ACCEPT we always need to use dead_socket
 *    if we want to print a friendly message to TLS users.
 */
2024-07-20 12:22:26 +02:00
Bram Matthys fa84174d22 Fix the fix for frame assembly in webserver. 2023-12-12 18:05:23 +01:00
Bram Matthys 7b8c9e8d72 Fix memory leak due to change from yesterday (duh..)
Caused by 4178cb3f81
[skip ci]
2023-12-08 07:44:45 +01:00
Bram Matthys 4178cb3f81 Fix frame reassembly in webserver_handle_request_header()
Previously the same code caused no problem, but then
2fcb5b4669 changed the read buffer
size to 16384.
Since then (6.1.2.x) the webserver_handle_request_header() function
was sometimes cutting 1 byte off the packet due to sizeof(netbuf)-1
which was 16383 bytes. We now no longer use a fixed value and
allocate memory dynamically on the heap.

This fixes the bug that I was seeing but this change still needs
serious extra testing as it may affect websockets and RPC!
2023-12-06 18:19:17 +01:00
Bram Matthys 53f0f0cb94 Fix unitialized variable access caused by earlier commit of today
(only if you use a proxy block)
2023-11-27 17:59:37 +01:00
Bram Matthys 5f767a8fe8 Proxy block: rework and add support for X-Forwarded-For, Cloudflare, etc. 2023-11-27 12:10:17 +01:00
Bram Matthys 55d1398fca Move dns.h include to unrealircd.h and remove it elsewhere.
Because I need c-ares prototypes in modules.h, for next commit.
[skip ci]
2023-11-25 09:05:55 +01:00
Bram Matthys 4b23596b4c Code cleanup: some strncmp -> str_starts_with* replaces (less chance of mistakes) 2023-06-17 17:50:37 +02:00
Bram Matthys a7cf24c45d Mention new https://www.unrealircd.org/docs/Proxy_block in release notes
and also for safety when redoing DNS and ident due to IP change,
we now:
ClearIdentLookupSent(client);
ClearIdentLookup(client);
ClearDNSLookup(client);
2023-05-26 14:26:26 +02:00
Bram Matthys fb54d4a2c6 Replace do_parse_forwarded_header() and set WEB(client)->forwarded
depending on what we get from the proxy, so it can be used later
in the websocket module for setting the user secure or not
(the latter similar to what k4be already did in the old code).
2023-05-26 13:31:01 +02:00
Bram Matthys d2f45fcaaf Move webserver proxy handling from the websocket to the webserver module.
This now requires a proxy { } block -- docs follow soon

This uses part of k4be's code still, to do the parsing,
so still only "Forwarded" and quick workaround for bug
when for=XXX is the final item.
2023-05-26 13:05:30 +02:00
Bram Matthys f2015ad865 Fix crash when removing a listen { } block with websocket or rpc
(or changing the port number). Reported by Nini.

Rather complex case: when the listen block is removed, obviously
the config hooks are not called for the (now non-existing) listen
block, and thus the websocket->request_handler and such are not
set to the new address of the websocket handler.
We now use a slightly silly workaround / new hook to fix this
corner case. Ideally there would be an extra layer in-between
like a handler lookup by name, or something like that.
(Or make the websocket module PERM but we don't want that!)
2023-05-19 19:29:46 +02:00
Bram Matthys 25d5ae93e6 Do some sanity checking in webserver (fixes crash) 2022-06-22 13:45:54 +02:00
Bram Matthys faffe7c9a8 Fix crash in webserver 2022-06-21 17:56:25 +02:00
Bram Matthys a14609f493 Fix small memory leak in webserver. 2022-06-20 08:25:46 +02:00
Bram Matthys 26ab79132b Fix memory leak in webserver for HTTPS POST. 2022-06-19 20:47:48 +02:00
Bram Matthys c611f18d56 RPC: Add rpc-user { } block and do authentication 2022-06-19 13:13:33 +00:00
Bram Matthys 7679ec7920 Get rid of cast, do things properly. 2022-06-19 13:13:33 +00:00
Bram Matthys 0eb42155dd Limit request body to 4k by default. 2022-06-19 13:13:33 +00:00
Bram Matthys 3e35b8e96a Small code cleanup 2022-06-19 13:13:33 +00:00
Bram Matthys 467e3d847a Handle chunked encoding in webserver (mostly meant for RPC). 2022-06-19 13:13:33 +00:00
Bram Matthys 4a68008b81 Rename some more:
* WEB() now has handle_request() and handle_body(), makes more sense.
* webserver_handle_body_data() -> webserver_handle_body()
* and similar cases
2022-06-19 13:13:33 +00:00
Bram Matthys 12f2cd8555 Rename webserver_handle_body_data() -> webserver_handle_request_body() 2022-06-19 13:13:33 +00:00
Bram Matthys 9afdcb7ff0 Add request body handler in webserver -- only a beginning, the
chunked encoding stuff is copied from the modulemanager and #if'd out.
The non-chunked is not OK yet either, as it must check the Content-Length,
while we currently assume a single packet == the complete request.
2022-06-19 13:13:33 +00:00
Bram Matthys cf60b22b31 Close RPC web connection immediately when all has been sent. 2022-06-19 13:13:33 +00:00
Bram Matthys f9794c7ed5 Make RPC API work over HTTP(S). Well, first steps, anyway.
* No ACL checking yet
* No chunked encoding support
* No multi-frame support
etc...
2022-06-19 13:13:33 +00:00
Bram Matthys 4cd520d327 Make user.list() RPC API return a list of all users with details.
This is the 1st RPC API call that actually works :D
2022-06-19 13:13:33 +00:00
Bram Matthys cbfcfa1428 Create src/modules/rpc directory 2022-06-19 13:13:33 +00:00
Bram Matthys 2397fb8a49 Split 'websocket' module up in 'webserver' and 'websocket' 2022-06-19 13:13:33 +00:00