1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 10:26:37 +02:00
Commit Graph

115 Commits

Author SHA1 Message Date
Bram Matthys 517298007d If no log { } block is present, we used to only log errors to ircd.log.
From now on we simply enable ALL logging to ircd.log, so also connects,
kills, and so on.
2021-05-30 19:35:52 +02:00
Bram Matthys 3eb0bc24ea Add log::flags "flood" to log flood messages 2021-05-30 19:30:36 +02:00
Bram Matthys 6f92233919 The set:anti-flood block has been redone so you can have different limits
for "unknown-users" and "known-users".
As a reminder, by default, "known-users" are users who are identified
to services OR are on an IP that has been connected for over 2 hours
in the past X days.
See https://www.unrealircd.org/docs/FAQ#new-anti-flood-block
for more information on the layout of the new block.

NOTE: This actual feature, the relase notes and the documentation
      are all work in progress.
2021-05-30 18:45:27 +02:00
Bram Matthys 3076ed5a98 Make pretty_time_val() output like "2m30s" instead of "2 minutes 30 seconds".
I think people will understand both and it is currently rather long.
And a bit confusing too with all the spaces, easy to overlook something eg
in /STATS S where it is being used.
2021-05-30 14:50:27 +02:00
Bram Matthys 79ded54df1 Make join-flood use the new framework too, well... partially anyway. 2021-05-28 18:08:07 +02:00
Bram Matthys 36b9faa7cd Code cleanup: move flood control to generic system 2021-05-28 17:59:39 +02:00
Bram Matthys da519ae04a Get rid of duplicate checks for anti-flood.
Sorry this is too much effort and i think admins should be smart
enough to figure this out themselves.
2021-05-28 14:52:09 +02:00
Bram Matthys 3ad6878865 Set new maximums for channel mode +H. If the channel is +r then the maximum
is now 5000 lines / 31 days. For unregistered it is 200 lines / 31 days.
Previous setting was 200 lines / 7 days for both.

Admins can tweak these settings, see:
https://www.unrealircd.org/docs/Set_block#set::history

More code to deal with corner issues will follow later.

UnrealIRCd module coders [!]:
This also changes the channel mode API conv_param. You can use
the UNREAL_VERSION_TIME >= 202120 condition to detect this.
Eg:
 #if UNREAL_VERSION_TIME < 202120
 int my_conv_param(char *para, Client *client);
 #else
 int my_conv_param(char *para, Client *client, Channel *channel);
 #endif
2021-05-22 18:15:26 +02:00
Bram Matthys c916d1d9ef Allow secret::password-file to only exist on-boot, so after booting
the file is allowed to no longer exist. This so you can do things
like only connecting an USB stick during UnrealIRCd boot and then
pull it out once booted.
2021-05-17 15:18:28 +02:00
Bram Matthys 5c8752dfc6 Get rid of various warnings/errors due to recent work. 2021-05-16 16:57:01 +02:00
Bram Matthys 05dd788dab Add support for secret::password-prompt (entering on console)
This is one of the 3 currently supported methods.
Documentation will follow later.
2021-05-15 18:52:01 +02:00
Bram Matthys dde3e0ccb2 Add unrealdb and secrets API. Documentation and more information will
follow in later commits.
2021-05-03 15:07:10 +02:00
LeCoyote 00711f905c Actually read security-group::tls from the conf file (fixes #0005836) (#133) 2021-03-21 07:39:49 +01:00
Bram Matthys 1f47cc7824 Support for dated log files such as log "ircd.%Y-%m-%d.log" { }
Suggested by Amiga600 in https://bugs.unrealircd.org/view.php?id=5784

This also fixes a bug with log::maxsize on Windows (cannot overwrite
existing file with .old).

It simplifies the logging code a little and makes it a tad more readable.

And it adds an unreal_strftime() function to make things easy.
2021-03-08 10:37:28 +01:00
Bram Matthys 636b068062 New option allow::global-maxperip, defaults to allow::maxperip+1.
Suggested by Jobe and PeGaSuS in https://bugs.unrealircd.org/view.php?id=5802
2021-03-07 11:30:02 +01:00
Bram Matthys dc40d27cd8 Move set::anti-flood::unknown-flood-* to set::anti-flood::handshake-data-flood
which is a new block, documented at:
https://www.unrealircd.org/docs/Set_block#set::anti-flood::handshake-data-flood
The reason for this is better naming and allowing to tweak ban-action.
2021-02-28 07:52:33 +01:00
Bram Matthys 9204939a7f Windows: improve logging on-boot, especially when running as a service.
When booting no log files are open yet as we have not parsed any log { }
entries yet. On *NIX we log to stderr during that stage.
On Windows it varies: when running in GUI mode we save the log to a
buffer and display it after booting in a dialog.
When running as a service on Windows we previously wrote SOME entries
to service.log, but other entries were not logged or shown anywhere.

This makes both GUI and Service-mode on windows log all ircd_log()
calls with LOG_ERROR, instead of only config_status(), config_warn()
and config_error() messages.

This also removes config_progress() which isn't used by anything.

Oh, and it also fixes a memory leak in the Windows boot code, a leak
that nobody would have noticed anyway, but still.
2021-01-23 12:22:48 +01:00
Bram Matthys 53d23038e5 Support for security groups and new +b ~G:unknown-users:
* There are two security groups by default: known-users and unknown-users.
  See https://www.unrealircd.org/docs/Security-group_block
* New extended ban ~G:securitygroupname, with the typical usage being
  MODE #chan +b ~G:unknown-users, which will ban all users from the
  channel that are not identified to services and have a reputation
  score below 25.
2020-12-30 12:42:56 +01:00
Bram Matthys 20b2975a2c Hmm.. genlinkblock is not very useful without this. 2020-11-16 18:14:52 +01:00
k4bek4be da6ccb639d Fix a warning typo (#126)
Deprecated warning mentions set::oficial-channels, which should be set::official-channels
2020-10-22 19:37:41 +02:00
Bram Matthys 6778b3e26d Warn when SSL/TLS certificate is expired or expires soon (<7d).
Since an expired certificate usually means that users cannot connect
we will actively warn all IRCOps about this situation twice a day.
2020-10-11 15:00:09 +02:00
Bram Matthys 8619d1e763 Add optional allow::options::reject-on-auth-failure, as requested
by armyn in https://bugs.unrealircd.org/view.php?id=5769.

The default behavior in 5.x is to continue matching:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*; password "iwantmore"; class clients; maxperip 10; }
This so users who provide a password get additional rights,
such as a higher maxperip or a different class, etc.
If the user connects without a password then we simply continue
to the next block and use the general block with only 2 maxperip.

However, some people want to use passwords to keep other users out.
That is entirely understandable as it is an 'allow block' after all.
For example:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*.nl; password "tehdutch"; class clients; maxperip 2; options { reject-on-auth-failure; } }
In this case anyone without the correct password will be rejected access.
2020-10-11 09:24:11 +02:00
Bram Matthys 578f8f248c Warn user when undocumented set::ssl::dh / set::tls::dh is present.
That option specified a Diffie Hellman parameter file. Since
UnrealIRCd 5.0.0 we no longer process this option.
This option has never been documented in the wiki docs.
We prefer and use ECDHE/EECDH with SSL_OP_SINGLE_ECDH_USE since 2015
to provide Forward Secrecy in SSL/TLS. And indeed, by now in 2020,
any properly maintained software uses it and old DH(E) usage has
fallen to less than 1%.

What this patch does is remove the unused code (since Dec 2019) and
show a warning if you have a ::dh config directive, so that at least
you are informed that it is unused/ignored. Since it was undocumented
it probably hardly affects anyone, but still, it is proper to inform.
2020-09-12 09:38:17 +02:00
Bram Matthys db79823578 If no set::modes-on-connect is present we now default to +ixw.
This should be rare, since modes-on-connect is in the example
configuration file with +ixw since 2003, but still... just in
case someone completely misses the modes-on-connect configuration
item, then make sure that we have a safe and good default.
2020-07-25 19:22:50 +02:00
Bram Matthys faeb644b82 Require set::who-limit to be 1 or higher.
Confusion reported by armyn in https://bugs.unrealircd.org/view.php?id=5717
2020-06-26 07:23:47 +02:00
k4bek4be ec39d3c15b Remove unused message tag handlers on rehash (#106) 2020-05-13 19:19:06 +02:00
Bram Matthys 2a093bb150 Moved CheckNull() to individual set::anti-flood::xx tests and
HOOK_CONFIGTEST with CONFIG_SET_ANTI_FLOOD, rather than a generic
one before processing these. Needed for set::anti-flood::target-limit.
2020-05-06 10:28:37 +02:00
Bram Matthys aba3c8e53f Fix set::who-limit documentation and make IRCOps exempt from this limit.
reported by patphobos in https://bugs.unrealircd.org/view.php?id=5657
2020-04-29 16:30:24 +02:00
Bram Matthys a6e6e44103 Set default permission for hide-idle-time back to IRCOps only for now.
We will extend the option later in UnrealIRCd 5.0.5.
This purely has to do with keeping the changes for 5.0.4 small and
contained since that will be mostly a bug fix release.
Since 5.0.5 will have more configurable options for hide-idle-time, I
have already renamed the single option that is exposed in 5.0.4
to set::hide-idle-time::policy since set::hide-idle-time is a
configuration block now, see docs at:
https://www.unrealircd.org/docs/Set_block#set%3A%3Ahide-idle-time
2020-04-15 08:17:53 +02:00
Bram Matthys 177d017b06 Tiny code cleanup in conf to use allowed_channelchars_strtoval() 2020-04-13 10:06:11 +02:00
Bram Matthys d25f6f6759 Make set::hide-idle-time 'usermode' the default (regular users can set +I).
I think nowadays, with more attention to privacy, we should make this
option settable by users.

See previous commit for more information, or just visit the doc page at
https://www.unrealircd.org/docs/Set_block#set%3A%3Ahide-idle-time
if you want to use a different setting.
2020-04-13 10:02:05 +02:00
Bram Matthys 5dc1502119 New option set::hide-idle-time which configures when/if idle time should
be hidden. The options are: never, always, usermode, oper-usermode.
See https://www.unrealircd.org/docs/Set_block#set::hide-idle-time for
full documentation.

Suggested by Koragg, via https://bugs.unrealircd.org/view.php?id=5355

Module coders: before disclosing idle time, please call this function:
int hide_idle_time(Client *client, Client *target);
In UnrealIRCd we use it from WHOIS and WHO.
2020-04-13 10:00:27 +02:00
Bram Matthys 32170b81e3 Mention https://www.unrealircd.org/docs/FAQ#oper-requires-tls on OPER attempt
form an insecure connection. There we explain a bit on the why and how to
configure some random IRC clients.
This also silently adds support for multi-line messages in
set::plaintext-policy::user-message (for warn) and
set::plaintext-policy::oper-message (for warn and deny).
2020-03-06 08:58:55 +01:00
Bram Matthys d482760c6f Fix warning about EventAdd with 2msec value.
Reported by ivanp in https://bugs.unrealircd.org/view.php?id=5540

This cleans things up a bit as well (remove duplicate code).
2020-01-26 10:22:28 +01:00
Bram Matthys c65f7101f9 Update ./unrealircd genlinkblock output 2020-01-20 13:46:59 +01:00
Bram Matthys 5b8eba750f Make set::tls::outdated-protocols and set::tls::outdated-ciphers work
again. This ports change 96ee7083c8
from UnrealIRCd 4.x to 5.x. Reported by HeXiLeD.
2020-01-20 13:26:37 +01:00
Bram Matthys 870057d4f3 Add "./unrealircd genlinkblock" which spits out a link { } block. Hmm...
we'll see later if this is a good idea or not.. it has pros and cons.
2020-01-19 19:34:11 +01:00
Bram Matthys 639c96cc84 https://www.unrealircd.org/docs/Set_block#set::automatic-ban-target
Remove old option set::ban-include-username and replace it with a more
generic option which defines what target a ban should apply to.

Also add some parts of set::manual-ban-target which will follow soon.
2020-01-10 15:43:23 +01:00
k4bek4be cdea885b32 For ./unrealircd module parse-c-file use real line counts within the C file instead of within the special block 2020-01-05 09:57:29 +01:00
Bram Matthys 7278c9c8f4 @if causes miscounting of line numbers shown in config errors.
Reported by Gottem in https://bugs.unrealircd.org/view.php?id=5509
2020-01-02 13:05:26 +01:00
Bram Matthys 77e859459a Add )
[skip ci]
2019-12-31 09:44:33 +01:00
Bram Matthys 114ef14a31 Log who (client) or what (signal) requested a config file /REHASH. 2019-12-31 09:41:19 +01:00
Bram Matthys 32ca956e77 There were only 2 breaking changes in 4.x -> 5.x confs. Now there are 0.
Turning these errors into warnings instead should be fine and makes
the upgrade process (and instructions) easier.
* set::oper-only-stats is now a warning
* except tkl is auto-transformed into except ban and is now a warning
Both warnings contain clear instructions on what to do to get rid of
the warning message.
2019-12-08 09:33:38 +01:00
Bram Matthys 7764358eb7 Remove some old URL reference / old deprecation notice for set::scan. 2019-12-06 08:44:51 +01:00
Bram Matthys bf61973a6d Print a warning when changin me::name that this change is not effective
until you restart the server.
Yeah it's really too much hassle atm to make that particular setting
/rehash'able, this will probably never change.
Fortunately changing that is rather rare. At least printing the
warning should help those users doing it.
2019-12-01 19:06:22 +01:00
Bram Matthys 1576f8df23 Warn on some limitations of the @if stuff:
* Cannot use include within an @if
  ..but you can just use an include and then within that file use
  an if, to work around it.
* Cannot use loadmodule within an @if

For both this is because include & loadmodule are processed before
the rest. I think most people will be fine with those restrictions,
though.
2019-11-27 16:45:39 +01:00
Bram Matthys 540e7552f9 Fix crash when using conditional configuration (@if $var == ....)
reported in https://bugs.unrealircd.org/view.php?id=5281
It was not removing parts properly if an if didn't match,
leading to a use-after-free bug on-boot (or on rehash).

In the process I renamed config_entry_free to config_entry_free_all
since that is what it does. And I created a new config_entry_free(ce)
to free only 'ce' stuff... which is what we want from the
preprocessor.
2019-11-27 15:44:48 +01:00
Bram Matthys 1a1b9ddada If you changed listen::ip and rehashed it would not apply those changes
if you were switching from a IP-specific listener to a * (all) listener.
Reported by vectr0n in https://bugs.unrealircd.org/view.php?id=5235
2019-11-27 13:25:30 +01:00
Bram Matthys 7fe3407508 Clean up whitespace 2019-11-27 13:10:06 +01:00
Bram Matthys 05f0968ccd Test the various set::tls (and ::tls-options) files for existence
so we properly error and exit/fail when booting.
Reported in https://bugs.unrealircd.org/view.php?id=5350
2019-11-27 13:06:02 +01:00