1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 11:13:13 +02:00
Commit Graph

144 Commits

Author SHA1 Message Date
Bram Matthys 9691a6d819 Create TextAnalysis framework (hook), this counts the unicode block
switches like antimixedutf8 did, and counts the number of characters
used per unicode block. Potentially more can be added later, this is
flexible and modules can add stuff (..well not yet.. the struct is
missing some members..).

Use it from antimixedutf8 so that it now uses the new code, which is
similar to what I made and then reverted in July 2023:
https://github.com/unrealircd/unrealircd/commit/3e2f668f10fccedfd035526d7b20d7ca6819a8ae
..except that it now calculated in src/modules/utf8functions.c.
But yeah, this needs more testing and possibly (default) score
adjustments to deal with false positives !! And a warning in release notes :D

Put the text analysis in ClientContext member textanalysis,
so typically accessed through clictx->textanalysis.
Note that this struct can (and often is) NULL, for example if it is
a remote client, if it is not a PRIVMSG/NOTICE (will improve later)
or if the utf8functions module is not loaded (to keep things optional).

BREAKING CHANGE is that ClientContext is now passed in the
HOOKTYPE_CAN_SEND_TO_CHANNEL and HOOKTYPE_CAN_SEND_TO_USER hooks.

So HOOKTYPE_CAN_SEND_TO_USER prototype changed from:
int hooktype_can_send_to_user(Client *client, Client *target, const char **text, const char **errmsg, SendType sendtype);
To:
int hooktype_can_send_to_user(Client *client, Client *target, const char **text, const char **errmsg, SendType sendtype, ClientContext *clictx);

And HOOKTYPE_CAN_SEND_TO_CHANNEL prototype changes from:
int hooktype_can_send_to_channel(Client *client, Channel *channel, Membership *member, const char **text, const char **errmsg, SendType sendtype);
To:
int hooktype_can_send_to_channel(Client *client, Channel *channel, Membership *member, const char **text, const char **errmsg, SendType sendtype, ClientContext *clictx);

A side-affect of this change for antimixedutf8 purposes is that,
while the analysis is only done once per line, the 'actions' are
performed for each target, so the action will run 4 times for
"PRIVMSG a,b,c,d :text" although that may not be important in
practice. Just mentioning.
2025-03-23 11:44:24 +01:00
Bram Matthys eae680c773 Update release notes a bit
... and make set::max-inherit-extended-bans::ban-exception default to 0
because that functionality is not implemented
The +e's are already checked when using +b ~inherit though..
2024-09-25 10:14:46 +02:00
Bram Matthys 7d37795353 Don't list security groups by default, add 'public <yes|no>'
* [Security group blocks](https://www.unrealircd.org/docs/Security-group_block)
  are now hidden in lists by default. If you want the security group to be shown
  in things like `MODE #channel +b ~security-group:x` (which shows a list)
  then you need to use `public yes;`. The default security groups
  like known-users, webirc-users, etc. are public by default.
2024-09-23 13:11:24 +02:00
Bram Matthys ca7e4ab966 Prevent +b ~inherit:#chan in #chan. This didn't cause any problem but
doesn't make any sense either, so just reject it. Reported by alice.
2024-09-14 19:07:15 +02:00
Bram Matthys b6cdca5525 Fix b->ban_type not being set properly at all places (BanContext).
This probably didn't cause any issues earlier, or maybe it did
with some 3rd party mods, but is relevant now that we have ~inherit.
2024-09-09 16:44:57 +02:00
Bram Matthys 10ec67d163 Fix +I ~inherit:#chan (invite exceptions) 2024-09-09 16:28:22 +02:00
Valerie Liu 879e365ed5 extbans/partmsg.c: Actually check if there's a matching ban before removing the part message (#295) 2024-09-08 16:52:01 +00:00
Bram Matthys 3c1ef65a00 Add set::max-inherit-extended-bans to configure limits for ~inherit extban:
Looks like this, with the current defaults:
set {
        max-inherit-extended-bans {
                ban 1;
                ban-exception 1;
                invite-exception 1;
        }
}
2024-09-08 17:15:26 +02:00
Bram Matthys ee1d6818b4 Add +b/+e/+I ~inherit:#channel to inherit channel bans from another channel
Several notes:
* This only checks on-JOIN (not on nick change, message, etc)
  for performance reasons
* If the #channel in ~inherit:#channel also contains ~inherit
  entries then those are not processed (no recursion and no looping)
* Only a limited number of ~inherit entries is permitted.
  This will be moved to set:: items in a future commit so you
  can set different amounts for +b/+e/+I ~inherit.
* This is work in progress, UnrealIRCd or the entire world could explode
* Documentation will follow later

Developers:
* Sadly, clean_ban_mask() needed to be changed to have two more
  parameters, 'ban_type' and 'channel' were added at different positions.
  This because the module needs the ban type (EXBTYPE_BAN, EXBTYPE_EXCEPT,
  EXBTYPE_INVEX) and channel because it rejects based on number of
  existing ~inherit entries in the channel... and while is_ok() is called
  for local clients and has all this information, for services clients
  is_ok() is not called so the only way to reject the +beI is through
  xxx_conv_param() which comes from clean_ban_mask().
2024-09-07 21:02:15 +02:00
Bram Matthys 3efc62fc75 Allow +b ~operclass:xyz checking against remote users too.
Yeah not really important except for like SVSMODE -b nick, which
removes all bans that affect nick. That's the only type of code
that runs bans against external users.
2024-07-12 20:31:56 +02:00
Bram Matthys 65c8a6e667 Some minor tweaks here and there
[skip ci]
2024-07-12 11:16:01 +02:00
Bram Matthys 0844f7243f Add ASN as extended server ban, mask item, secgroup. Eg: GLINE ~asn:64496 0 Bye!
This also automatically adds it as a security group and mask item:

ban user {
        mask { asn 64496; }
        reason "Testing ASN ban";
}

And yeah, it is a normal extban too (in +b and +I). Users usually
don't know the AS Number of other users, though, unless you change
the default configuration (at the cost of privacy).

Updated release notes a bit... more will follow.
2024-07-12 11:12:54 +02:00
Bram Matthys 9f3f9522cf Make operclass available in security-group & mask/match.
security-group netadmin { operclass { netadmin; netadmin-with-override; } }

Untested.
2024-01-10 14:14:14 +01:00
Bram Matthys 49e84436b4 Fix +I ~operclass requiring an operclass block name of >3 characters.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6372

Was an old leftover check from old style extban API
2023-12-17 09:53:36 +01:00
Bram Matthys 5b7e375213 Limit operclass name to a-zA-Z0-9_- and use the same validation in ~operclass extban.
This fixes the issue where +e/+I ~operclass:name gets cut off if the
name contains any digits.

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6353

Also, we previously allowed any characters in the operclass, which is not
a great idea.
2023-10-23 09:51:01 +02:00
Bram Matthys 2665cec73b Fix crash when ~security-group:securitygroup is used in conf (so old style
in eg ban user::mask).
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6319
2023-07-26 12:45:49 +02:00
Bram Matthys 13bb09aa4b crule: add inchannel('#xyz'), and inchannel('@#needopshere') works too 2023-07-16 11:22:02 +02:00
Bram Matthys b1d0a05638 Make 'channel' work in security groups. 2023-07-16 11:06:42 +02:00
Bram Matthys bb419b95d1 Remove set::maxbanlength as it is not useful and only confusing.
https://www.unrealircd.org/docs/Set_block#set::maxbanlength
2023-05-28 20:25:02 +02:00
Bram Matthys b07c739fa7 Add new +e ~flood:<floodtype(s)>:<mask> to exempt from +f/+F checks.
For example: +e ~flood:*:~account:TrustedBot

Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6204

Will refine the checking and perhaps sorting of floodtype(s) later...
2023-04-02 19:23:26 +02:00
Bram Matthys c5d8bc5d9b Fix ~account:* matching both logged in and logged out users (so quite useless).
This bug exists since 5.2.1 already, so i guess the functionality is
not used much ;). Makes sense, since for simple ~account:* you have +R already,
so it is only useful in stacked bans such as +e ~nickchange:~account:*

We now have a test case so that this bug won't "ever" reoccur.

Reported by rafaelgrether in https://bugs.unrealircd.org/view.php?id=6211
2023-01-09 09:00:58 +01:00
Valentin Lorentz 7bacf25845 Add ACCOUNTEXTBAN ISUPPORT token
To support the draft IRCv3 spec: https://github.com/ircv3/ircv3-specifications/pull/464
2022-12-07 07:00:35 +00:00
Bram Matthys 7371498ffd Make auto-expansion work for IPv6 bans as well: +b A:B:C:IP -> *!*@A:B:C:IP.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6147

This also adds a new function convert_regular_ban() which is now
used by both clean_ban_mask() and extban_conv_param_nuh().
2022-07-01 10:13:57 +02:00
Bram Matthys a4902e121c Fix crash when using 'account' in 'except ban'. 2022-05-26 17:31:45 +02:00
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys b154591a58 Some source files indicated the license was "GPLv2", which was meant to
be (and is now clarified to be) "GPLv2 or later".
Reported by libsys in https://bugs.unrealircd.org/view.php?id=6099
2022-05-11 06:41:11 +02:00
Bram Matthys 834736070e Make "SVS(2)MODE -b user" work properly for extended bans.
It was missing for a lot of extbans (removing too little) and
for ~t it was removing too much (eg quiet bans).
Bug reported and changes suggested by k4be.

Coders:
Setting extban.options to EXTBOPT_CHSVSMODE has no effect anymore,
just didn't want to remove it so modules would still compile.
We now purely match based on .is_banned_events including BANCHK_JOIN.
2022-01-02 13:12:33 +01:00
Bram Matthys 0242b509b8 Fix compatibility between U5 and U6 for named extended bans in SJOIN
when SJSBY is enabled. This caused named bans not to show up properly
(or not at all) on the U5 side when syncing servers.
2021-12-29 19:21:02 +01:00
Bram Matthys c586c14b9f Fix ~T / ~text ban not working (was not censoring or blocking) 2021-12-22 09:25:59 +01:00
Bram Matthys 0b6a70368c Fix timed bans (~t/~time) not expiring if all servers on the net are U6.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6032
2021-12-22 09:10:05 +01:00
Bram Matthys 73b908e413 Changes to BanContext struct (extended ban API):
* Now ban_check_types (previously checktype):
  this is one or more of BANCHK_* OR'd together, eg BANCHK_JOIN, BANCHK_MSG..
* Now ban_type (previously what2):
  this is the type of the ban, eg EXBTYPE_BAN, EXBTYPE_EXCEPT, etc.
* Now is_ok_check (previously is_ok_checktype)
  this is one of EXBCHK_* for is_ok, eg EXBCHK_PARAM to check parameter.
2021-09-25 16:28:10 +02:00
Bram Matthys 47279108e4 Use get_operclass() in extbans/operclass as well. 2021-09-25 11:02:39 +02:00
Bram Matthys fabe16a95c Get rid of has_voice(), is_half_op(), is_skochanop(), is_chan_op(), is_chanadmin(),
is_chanowner(). Using check_channel_access() instead now.
2021-09-25 08:00:57 +02:00
Bram Matthys 4cea88645c Modularize member modes (vhoaq).
Still need to clean up a bit after this, but it passes all tests :)
2021-09-13 18:44:18 +02:00
Bram Matthys 39edbd643d Get rid of proto.h and integrate the 20 lines into h.h. 2021-09-11 10:26:18 +02:00
Bram Matthys ac84d4f207 Const const const... modules.c and elsewhere. 2021-09-11 07:53:30 +02:00
Bram Matthys 08a32429ff Update extban API to use more consts 2021-09-10 13:39:26 +02:00
Bram Matthys 66a51fb659 Massive conversions from 'char *' to 'const char *' and 'char **' to 'const char **' 2021-09-10 12:46:31 +02:00
Bram Matthys 894b7e5461 Makefiles: switch from suffix rules to pattern rules. As suffix rules
can't have dependencies, so if you change a .h file, it fails to
recompile the other dependencies. Grmpf!
This does mean that we require GNU Make (gmake) from now on.
2021-09-04 08:25:18 +02:00
Bram Matthys 1b096b5146 Use good ol suffix rules in Makefile so we can get rid of writing out
every .o and .so rule. Writing each of them out manually is useless
for all except 3 of the ~250 objects.
2021-08-27 19:36:07 +02:00
Bram Matthys c9e98137a4 Get rid of url.h and stuff the 6 functions there (which were not even
declared as extern) in include/h.h like the rest.
2021-08-21 09:32:17 +02:00
Bram Matthys 6058090435 Use GeoIPResult * everywhere. Any modules who want to fetch it for
a client can use geoip_client(client).
2021-08-17 17:16:14 +02:00
Bram Matthys fe3c86b128 Support ~country:* for unknown country (fix) 2021-08-17 16:14:59 +02:00
Bram Matthys fc6c52db93 Add extbans/country: +b ~country:UK 2021-08-17 16:12:06 +02:00
Bram Matthys a43637d55d Add extban->is_banned_events which you need to set to indicate to
which BANCHK_* events you want to listen, eg BANCHK_JOIN, BANCHK_MSG.
You can use BANCHK_ALL to watch on all events.
Only BANCHK_TKL is not included there and needs an explicit
BANCHK_ALL|BANCHK_TKL.

The caller will now take care of BANCHK_* filtering so we won't
waste any CPU on calling an is_banned() function that isn't
interested at all in the event that we have.

Also, no longer require an extban->is_banned function, since some
extbans don't use it. This too saves useless calls.
2021-08-14 18:25:36 +02:00
Bram Matthys 03d78bf95d Fix looking up the wrong extban in some cases.
~T => ~text => starts with ~t => ~time... fun.
2021-08-14 17:57:22 +02:00
Bram Matthys c7345f41b6 Fix hardcoded ~f: and ~m: to also deal with named bans.
(Actually only made it worse by more hardcoding for now...)
2021-08-14 10:35:15 +02:00
Bram Matthys b80a9adef9 Set extended ban names instead of using module name placeholders. 2021-08-14 10:28:26 +02:00
Bram Matthys a6b5587666 Use prefix_with_extban() at the 3 places, needed for next... 2021-08-14 09:49:22 +02:00
Bram Matthys d41e3e0f6e src/modules/extbans/*.c: memset(&req, 0, sizeof(req)); before ExtbanAdd() 2021-08-14 09:27:01 +02:00