1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 05:03:12 +02:00
Commit Graph

3143 Commits

Author SHA1 Message Date
Bram Matthys 64ea1d09d6 Move 'reserved clients' stuff to runtime, since 'ulimit -n' could be lower.
This fixes a bug where if you run ./Config with 'auto' file descriptors,
and then have an unusually low 'ulimit -n' of like 150, you would end up
with a negative amount of file descriptors available for use.

This fix moves it from compile-time setting of reserved fd's to runtime
setting.

All this is wrong, by the way, but that is for another major overhaul,
at least this bug is fixed now :D
2023-12-28 09:00:09 +01:00
Bram Matthys 88c2083df9 Fix no-implicit-names to set official flag. As all buildbots failed. 2023-12-26 15:41:06 +01:00
Bram Matthys 600185deba Add support for CAP draft/no-implicit-names
https://github.com/unrealircd/unrealircd/pull/265 by Valware
"This is an IRCv3 extension which lets clients opt-out of receiving /names on join.
 This is useful for bots on large channels who do not need to know who is in the channel.
 Specification: https://ircv3.net/specs/extensions/no-implicit-names"

+ module rename from 'no-implicit-names-cap' to 'no-implicit-names'
  (simply because no other modules has that -cap suffix)
+ update to Makefile.windows
2023-12-26 14:46:54 +01:00
Bram Matthys 48d3673a02 Only do slow spamfilter detection for regexes, not for 'simple' */?
Since it is pointless and this saves some CPU :)
2023-12-22 15:43:11 +01:00
Bram Matthys c5ed4ef9bb Don't call spamfilter for TAGMSG. If you are filtering that, look at 'T'.
Calling spamfilter for TAGMSG makes no sense as the text is "" (empty) :D

If you want to filter message tags, have a look at spamfilter type 'T',
which filters individual message-tags (not just the ones in TAGMSG but
also for PRIVMSG and NOTICE).

[skip ci]
2023-12-22 15:38:14 +01:00
Bram Matthys 70a59b8b1e central-api: add format check for api-key so people don't use a request-key there.
Reported by DeviL.
2023-12-18 09:37:18 +01:00
Bram Matthys 49e84436b4 Fix +I ~operclass requiring an operclass block name of >3 characters.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6372

Was an old leftover check from old style extban API
2023-12-17 09:53:36 +01:00
Bram Matthys b0e87dcafa Fix crash issue in websocket server (CVE-2023-50784) 2023-12-15 12:34:06 +01:00
Bram Matthys fa84174d22 Fix the fix for frame assembly in webserver. 2023-12-12 18:05:23 +01:00
Bram Matthys 7b8c9e8d72 Fix memory leak due to change from yesterday (duh..)
Caused by 4178cb3f81
[skip ci]
2023-12-08 07:44:45 +01:00
Bram Matthys 4178cb3f81 Fix frame reassembly in webserver_handle_request_header()
Previously the same code caused no problem, but then
2fcb5b4669 changed the read buffer
size to 16384.
Since then (6.1.2.x) the webserver_handle_request_header() function
was sometimes cutting 1 byte off the packet due to sizeof(netbuf)-1
which was 16383 bytes. We now no longer use a fixed value and
allocate memory dynamically on the heap.

This fixes the bug that I was seeing but this change still needs
serious extra testing as it may affect websockets and RPC!
2023-12-06 18:19:17 +01:00
Bram Matthys 49614fc891 Thanks to Koragg for reporting previous issue :D
54ad2d1586
[skip ci]
2023-12-05 18:31:56 +01:00
Bram Matthys 54ad2d1586 Fix crash with 'crule', because it was being checked against Services bots 2023-12-05 18:22:25 +01:00
Bram Matthys 99fcf9adf6 Add unrealircd_version in CBL request, mostly for the future.
[skip ci]
2023-12-01 08:03:43 +01:00
Bram Matthys 96b18946ca Include oper name on /SPAMREPORT (for central spamreport) 2023-12-01 07:58:01 +01:00
Bram Matthys 53f0f0cb94 Fix unitialized variable access caused by earlier commit of today
(only if you use a proxy block)
2023-11-27 17:59:37 +01:00
Bram Matthys 5f767a8fe8 Proxy block: rework and add support for X-Forwarded-For, Cloudflare, etc. 2023-11-27 12:10:17 +01:00
Bram Matthys 026d5522a8 Remove WSU() items forwarded & secure, since these are in webserver nowadays. 2023-11-27 10:07:34 +01:00
Bram Matthys 02ac1fc0b3 Add an option to check websocket Origin header via
listen {
	websocket {
		allow-origin { *.example.net; }
	}
}

This allows you to limit websockets to a particular domain, IF the
user is using a normal browser.

Note that any non-browser (eg a websocket command line program) could
just spoof the Origin header, so for that case it doesn't really add
any security or real restriction.
2023-11-26 20:08:17 +01:00
Bram Matthys 98c264aabf Fix some more warnings, rather minor.
[skip ci]
2023-11-26 18:48:09 +01:00
Bram Matthys 0a7f1adc8b Add value check for blacklist config, well, fix it i mean.
And fix some compiler warning (remove a useless check).
[skip ci]
2023-11-26 16:36:11 +01:00
Bram Matthys 07cc8eaeaf central-*.c: remove old module manager stuff and bump version.
[skip ci]
2023-11-25 17:29:06 +01:00
Bram Matthys 4da58dde41 Update central spamreport, https://www.unrealircd.org/docs/Central_spamreport
set::central-blocklist::spamreport and ::spamreport-enabled are now GONE.
We now require a normal spamreport block, just like for other spamreport
functionality. So, if you want to enable this feature, use:
spamreport unrealircd { type central-spamreport; }

See https://www.unrealircd.org/docs/Central_spamreport for all info.

You can use CBL with central spamreport or central spamreport without CBL.
All explained at that URL.
2023-11-25 11:50:25 +01:00
Bram Matthys d08160baca Add option set::central-blocklist::blocklist-enabled yes/no (default yes).
This is mainly for the (less usual) case when someone wants to
use SPAMREPORT but does NOT want to use CBL:

set {
	central-blocklist {
		blocklist-enabled no;
		spamreport-enabled yes;
	}
}

Also documented at https://www.unrealircd.org/docs/Central_spamreport
under 'Configuration'
2023-11-25 10:26:56 +01:00
Bram Matthys bdfc3c97dd Add RegisterApiCallbackResolverHost() and make blacklist module non-PERM.
Hopefully this works OK... still need to test w/REHASH to see.
2023-11-25 09:39:50 +01:00
Bram Matthys 55d1398fca Move dns.h include to unrealircd.h and remove it elsewhere.
Because I need c-ares prototypes in modules.h, for next commit.
[skip ci]
2023-11-25 09:05:55 +01:00
Bram Matthys 6ce1958e1c Add URL API and use it at one place from central-blocklist. Docs at:
https://www.unrealircd.org/docs/Dev:URL_API
2023-11-25 08:31:12 +01:00
Bram Matthys 1282d2f2be URL API: Response callback is now two structs so we can easily extend.
callback(OutgoingWebRequest *request, OutgoingWebResponse *response)
2023-11-24 12:31:49 +01:00
Bram Matthys 3548b7e2af New URL API (not really a unrealircd module api tho) - work in progress.
No longer url_start_async(a,b,c,d,e,f,g,...) but usings structs so
simply url_start_async(tehstruct);
makes it easy to add fields later without forcing all modules to
change the prototype.

Work in progress....
2023-11-24 11:27:39 +01:00
Bram Matthys be586531bc Make get_central_api_key() an efunction rather than doing things by hooks.
An efunction with a default that returns NULL, so you don't need to
load the module if you don't want the functionality.
2023-11-24 09:24:10 +01:00
Bram Matthys d73c8b30d2 Fix compile problem with central-blocklist on FreeBSD. 2023-11-24 09:13:13 +01:00
Bram Matthys 6aae3e7a5d Update modules and Makefiles so central-api & central-blocklist compile. 2023-11-24 07:31:22 +01:00
Bram Matthys ebd39f4144 First import these as-is from third/ to track history properly (not compilable)
[skip ci]
2023-11-24 07:26:54 +01:00
Bram Matthys fe8e8e1274 Via JSON-RPC one could place a gzline on ident@host, which is invalid.
The effect it had was actually *@host, so ident@* became *@* -grin-.

Was caused by add=0 at the server_ban_parse_mask() causing a check
not to happen. Fixed now.

Reported by Jellis in https://bugs.unrealircd.org/view.php?id=6358
2023-11-24 07:14:23 +01:00
Valerie Liu 7b9aacd609 Fix accidental truncation in SREPLY (#257) 2023-11-20 15:30:08 +00:00
Valerie Liu 8c0243182c Fix server notice about setting -Z, it was sent from the SID instead of server name (#263) 2023-11-20 15:28:23 +00:00
k4be fb6711c671 Improve MONITOR/WATCH extensibility.
The `watch-check` function now has a new argument which can be used to pass data to watch_notify callbacks.
New `watch_add` and `watch_del` hooks are called whenever new entries are created or removed.
New `monitor_notification` hook is called whenever a RPL_MONONLINE or RPL_MONOFFLINE is being sent, so a module can add its own notification besides it.
2023-11-19 14:01:16 +01:00
Bram Matthys e84e2b30d2 Forward SPAMREPORT command to the server that the target user is on.
That is, if a nick is specified. For an IP address obviously we won't.

This is needed later for when unrealircd api SPAMREPORT becomes
available, since remote servers don't have all the info.

Side-effect is that, if you only configured one server to do
spamreporting, that won't work anymore. But that is an unusual
case anyway, and now unsupported :D.
2023-11-12 17:29:35 +01:00
Bram Matthys 7649520f63 Fix HOOKTYPE_IS_HANDSHAKE_FINISHED not called at two places where
register_user() is called.
2023-10-23 19:02:03 +02:00
Bram Matthys 5b7e375213 Limit operclass name to a-zA-Z0-9_- and use the same validation in ~operclass extban.
This fixes the issue where +e/+I ~operclass:name gets cut off if the
name contains any digits.

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6353

Also, we previously allowed any characters in the operclass, which is not
a great idea.
2023-10-23 09:51:01 +02:00
Bram Matthys 9a6a06b63f Split resolver channel into two: client & dnsbl 2023-10-11 18:08:26 +02:00
Bram Matthys 25d1bdfbf5 Make central spamfilters show in STATS spamfilter as "-centralspamfilter-"
rather than "-config-". Suggested by Lord255.
[skip ci]
2023-10-06 08:29:19 +02:00
Bram Matthys 45002eeb6f Fix STATS output for config-based spamfilters with reasons with spaces.
For config-based spamfilters, the reason was not escaped, meaning that
spaces and underscores did not work as expected.
For example, in "STATS spamfilter" the spaces were displayed as-is
which means that the numeric output was not really parsable.

Apparently this bug exists since UnrealIRCd 5 already...
2023-10-06 07:36:26 +02:00
Bram Matthys 25d5a2ac64 Fix possible crash on SETNAME with spamfilter 'u'.
[skip ci]
2023-10-06 07:19:04 +02:00
Bram Matthys 3d9233baab Fix tkldb storing (and restoring) central spamfilters.
These should not be in tkldb, just like config-based spamfilters are not.
2023-10-06 07:08:22 +02:00
Bram Matthys 43240e4557 Don't allow central spamfilter without 'reason' 2023-10-06 07:00:44 +02:00
Bram Matthys 8398c8cd8d Don't crash when reading spamfilters from tkldb that don't compile (anymore).
For example, because of a different version of PCRE2, or because of the switch
from non-UTF8 to UTF8 (or vice versa) which disallows certain byte sequences.
2023-10-05 17:37:06 +02:00
Bram Matthys 088d2595d5 Fix crash on REHASH with crule (such as spamfilter::rule).
This happens when !, || or && are used, though the exact requirements
for the crash may also require a function with arguments.

Reported by BlackBishop.
2023-10-04 10:14:09 +02:00
Bram Matthys 311f7397f5 Fix NULL pointer crash due to reputation code changes from yesterday 2023-09-18 09:19:53 +02:00
Bram Matthys b234e13358 Don't bump reputation scores anymore for users who are in no channels or
when they are only in channel(s) with very low member counts.

This because some typical bot/drone behavior is not to join any channels.
This kinda forces them to expose themselves a bit more (and if they don't,
they don't get more reputation).

The downside is for the unusual case where a legit chatter would be on
the network but not joining any channels, but that is rare. In any case,
this setting can be adjusted if that is typical or more normal behavior
on your network :D.

* The [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  of connected users (actually IP's) is increased every 5 minutes. We still
  do this, but only for users who are at least in one channel that has 3
  or more members. This setting is tweakable via
  [set::reputation::score-bump-timer-minimum-channel-members](https://www.unrealircd.org/docs/Set_block#set::reputation).
  Setting this to 0 means to bump scores also for people who are in no
  channels at all, which was the behavior in previous UnrealIRCd versions.
2023-09-17 11:47:34 +02:00