1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 21:53:13 +02:00
Commit Graph

109 Commits

Author SHA1 Message Date
Bram Matthys 1a4cbb7023 sendnumeric() - phase 2 2019-05-22 11:41:46 +02:00
Bram Matthys c27bb26abc sendnumeric() - stage 1 2019-05-22 10:43:07 +02:00
Bram Matthys a320bec089 More message tags support in the API. sendto_server() now has mtags
and sendto_match_butone as well.
Still about 15 FIXME's that need to be resolved, but committing early.
2019-05-21 19:00:35 +02:00
Bram Matthys 5ebd096f16 Initial implementation of message-tags from May 5, 2019.
This also includes buffer modifications to have a larger read buffer
and IRCv3 implementations (partial or not) for:
labeled-response, msgid, server-time, batch and account-tag.

As said, it is the initial and partial implementation.
There are still various FIXME's and TODO's, the API of various
functions may still change (actually that is true for the next
months, even) and some stuff is currently in the core that will
be moved to modules.
2019-05-12 13:46:44 +02:00
Bram Matthys 5b63d28e2a Improve error messages in case of failed server linking due to mixed
password types (eg: plaintext on one side, spkifp on the other side).
Refer to https://www.unrealircd.org/docs/FAQ#auth-fail-mixed

Also, unrelated to the above, don't say "Bad password?" if the
password type is not of type plaintext, since it would be confusing.
2019-05-02 08:55:22 +02:00
Bram Matthys ab50bf2afc Communicate server featureset (and changes) across server links.
Previously various information was only available for directly attached
servers, since it is communicated via PROTOCTL.
Now, we will also communicate information about leafs behind us.
IRCOps can use the /SINFO command to see these server features.
Services codes don't need to do anything, or at least are not expected
to do anything. They can still receive the information and do something
with it, of course...
Read the following technical documentation for full information,
as it will outline very specific rules for using the command S2S:
https://www.unrealircd.org/docs/Server_protocol:SINFO_command
2019-03-23 17:56:59 +01:00
Bram Matthys 988f64e3b3 Fix crash when linking (caused by commit from 4 days ago). 2019-02-06 12:54:37 +01:00
Bram Matthys 7153468081 UnrealIRCd will now warn if your ulines { } are matching UnrealIRCd servers.
See https://www.unrealircd.org/docs/FAQ#WARNING:_Bad_ulines
2019-02-02 08:44:14 +01:00
Bram Matthys 874d99e0eb For +beI lists the 'set by' and 'set at' information is now synchronized
when servers link. Thus, you can see the real setter and time also after
a netsplit (/mode #channel b). This, unlike before, when setby was
name.of.server and time was the time of the synch.
This requires the entire network to run UnrealIRCd 4.2.2 or later.
Suggested by k4be in https://bugs.unrealircd.org/view.php?id=5183
Technical details: the PROTOCTL token to enable this is "SJSBY" and see
https://www.unrealircd.org/docs/Server_protocol:SJOIN_command for more
information, in particular the last section there.
2019-01-28 14:36:41 +01:00
Bram Matthys 67d691fce9 * New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
  The default settings are to warn in all cases: users connecting,
  opers /OPER'ing up and servers linking in. The user will see a message
  telling them to upgrade their IRC client.
  This should help with migrating such users since in the future, say one
  or two years from now, we would want to change the default to only allow
  TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
  clients without any error message, this provides a way to warn them and
  give them some time to upgrade their outdated IRC client.
  https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-12 11:08:18 +01:00
Bram Matthys 5fd673d059 Rename PLAINTEXT_POLICY_* to POLICY_ (and similarly, the struct, etc) 2019-01-11 13:27:29 +01:00
Bram Matthys 2509482e02 Update UnrealIRCd version 2018-09-28 09:31:35 +02:00
Bram Matthys bd19e9c87a Log linking attempts and errors. Also report them to IRCOps in an uniform way.
Reported by Mr_Smoke in https://bugs.unrealircd.org/view.php?id=3973
2018-09-07 11:59:12 +02:00
Bram Matthys aa3e66bb5b We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.

It's likely I made some mistakes somewhere => testing required!!
2018-09-05 16:24:08 +02:00
Bram Matthys 680715b1b5 Partially rewrite send_channel_modes() (+helper functions).
Although this is only used by servers lacking SJOIN/SJOIN3 so
is of limited use. Still.. got rid of the most ridiculous casts.
2018-04-22 13:51:37 +02:00
Bram Matthys 147ae3012b Get rid of about a million (now) useless casts and some re-indenting. 2018-04-22 10:29:36 +02:00
Bram Matthys dc7cb17eff Fix linking problem if only using link::outgoing (and not link::incoming)
which is perfectly legal but caused a confusing error message about
a 'server name mismatch'.
2017-12-13 09:02:32 +01:00
Bram Matthys 12df5a96ff Fix crash if using anope with old unreal32 mod w/SSL on non-localhost.
Sounds rare and you should really use a more recent version of anope
with the unreal4 protocol module. But, of course, we shouldn't crash.
2017-11-21 11:40:07 +01:00
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys 55e4c8ea03 Tell admins to verify the SSL/TLS certificates of their server links.
https://www.unrealircd.org/docs/Link_verification
This is only outputted if both sides are 4.0.16+ so we can use spkifp
and use the same instruction on both sides of the link.
(If we would do it for previous versions then we would only give
 half of the instructions to the users, which makes no sense)
2017-10-09 14:17:35 +02:00
Bram Matthys 78695f3eea Permit attaching client moddata to servers (and synch properly, if .synch=1) 2017-09-02 15:47:58 +02:00
Bram Matthys 0da1fdb2d2 Fix possible crash in /STATS due to change from yesterday.
Other than that, some minor style and real things.
2017-09-02 08:27:55 +02:00
Bram Matthys 199a7e162d Make new functions more generic and use it from crash reporter so
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys aa829bce12 New option link::verify-certificate [yes|no]. This will cause UnrealIRCd
to validate the certificate of the link, making sure that:
1) The certificate is issued by a trusted Certificate Authority (CA).
2) The name on the certificate matches the name of the link block.
Some things still need to be done: documentation, more testing, and
using the X509_check_host() function when available.
2017-09-01 17:10:29 +02:00
Bram Matthys 5cf28d0d46 It was possible to have a block named 'link irc1.test.net' and then get
connected to a server introducing himself as irc2.test.net. This
was rather confusing, of course. Wasn't much of a security issue since
this only happened in outgoing connects and naturally all authentication
need to pass as well.
2017-08-25 20:34:27 +02:00
Bram Matthys efb344b9b2 duh. 2017-08-19 12:07:54 +02:00
Bram Matthys bfa00e95b7 Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys 4cad9cb0c5 SERVER parser error causing uplinks to show bad server description, reported by and patch from OUTsider (#4576).
Patch used only with minor changes: one %i should have been %s, some annoying (char *) casts removed which existed in the original code as well, moved 'tmp' variable, collapsed NULL initalization, ..
2016-03-04 13:27:42 +01:00
Bram Matthys bf1e1502ba Use #include "unrealircd.h" in all modules (#4516). 2016-03-04 13:02:06 +01:00
Bram Matthys f7dd3cedd8 Fix minor linking bug which permitted a server to link in which used me::name, IF you had a link block for it. Reported by vNode1 (#4559). 2016-01-31 20:46:52 +01:00
Bram Matthys 4280d57f60 Modes of permanent channels (+P) with 0 members and 0 bans/excepts/.. were not synched correctly. Reported by 'i' (#4459). 2015-11-25 15:37:38 +01:00
Bram Matthys 4dd6be721c Fix crash on linking (#4451). 2015-11-25 15:00:28 +01:00
Bram Matthys 8b45169f82 Get rid of $Id$ in /MODULE (version) output. Just report as "4.0" 2015-10-11 18:18:31 +02:00
Bram Matthys 15469cae2e Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408).
2015-09-05 12:06:55 +02:00
Bram Matthys 8e87a963a1 Not important, but.. when server linking, send password just once and not twice. 2015-09-04 12:30:07 +02:00
Bram Matthys 5bfa5c701e Never understood why it's called get_sockhost() if it actually sets it. Renamed to set_sockhost() 2015-07-27 18:30:25 +02:00
Bram Matthys 2a53499610 Get rid of useless DLLFUNC prefixes (at places where they were not needed) 2015-07-25 20:23:37 +02:00
Bram Matthys fd375ee284 Use CMD_FUNC() everywhere 2015-07-25 20:22:44 +02:00
Bram Matthys c478d7d9ef Move some stuff to introduce_user() so we can use it. 2015-07-20 16:42:36 +02:00
Bram Matthys 8b039335d6 set cptr->sockhost for incoming server connections too so you can use hostnames in link::options::incoming, if you wish.. 2015-07-19 19:08:54 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys f22cef97d4 Why do we have those unnecessary (SSL *) casts everywhere? Poof. Gone. 2015-07-15 15:54:36 +02:00
Bram Matthys 6c0ebb5bd3 Protection against linking race conditions is back again (IOTW: allow very rapid re-linking), but only if your network is fully 3.4.x (actually: current git unreal34 or later)
Re-implemented PROTOCTL SERVERS= which nenolod ripped out (#4355).
Add 2nd argument to PROTOCTL EAUTH=servername,unrealprotocol
Change UnrealProtocol from 2350 to 2351
2015-07-10 21:57:13 +02:00
Bram Matthys e8dfb284a1 Replace parv[0] with sptr->name. Don't use parv[0] anymore.
I went through all 500+ of them by hand as to avoid introducing bugs... we'll see ;)
2015-07-10 12:17:05 +02:00
Bram Matthys 2f8cb55e47 Add extended SWHOIS support. Allows multiple swhoises and tracking of who/what set the swhois.
Added swhois_add / swhois_delete functions which also take care of broadcasting
New remove_oper_privileges() function, will move the rest to use this (svsnoop svsmode etc)
Not finished yet...
2015-07-09 16:26:52 +02:00
Bram Matthys 15977e011d remove umode 'g' (failops), we have snomasks and oper umode for this. 2015-07-09 14:09:02 +02:00
Bram Matthys 00dd10c744 transform more failops call 2015-07-09 14:05:06 +02:00
Bram Matthys fe14e21175 Update all MOD_TEST/MOD_INIT/MOD_LOAD/MOD_UNLOAD calls to new format 2015-07-08 18:02:19 +02:00
Bram Matthys 5286b50c19 We already set the IP in add_connection, no need to do that in check_init again.
Fix bug where "insecure link" message was shown despite localhost.
2015-06-22 20:49:40 +02:00