1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-30 03:16:38 +02:00
Commit Graph

531 Commits

Author SHA1 Message Date
Bram Matthys b2d0ec1af3 Move/add local_port & server_port to ModData, so remote clients can be tracked.
This is sent over the wire as early moddata, just like "operlogin" and "operclass"
2025-09-14 17:03:34 +02:00
Bram Matthys 76934cb815 Fix incorrect message about non-trusted SSL/TLS certificate when you use
the default certificate/key (conf/tls/server.cert.pem) even when that
cert is valid and issued by a trusted CA (like Let's Encrypt).
You would get such an incorrect "best practices advice" on-boot, but
(fortunately) not on each subsequent REHASH.

This was because the TLS system was not yet initialized completely at
the time of the best practices checks, ctx_server was NULL. This is
now solved by re-ordering some function calls.
This does change some win_error() and config_load_failed() stuff for
Windows so I hope that's okay.

Reported by Bun-Bun.
2025-09-10 07:35:50 +02:00
Bram Matthys 9b89166280 Add deconfused to TextAnalysis. Add ClientContext * to match_spamfilter().
Make match_spamfilter use the clictx->textanalysis->deconfused rather than
calculating its own. The latter will probably disappear altogether.

Unrelated but also fixed: properly set e->unicode_blocks.
2025-03-23 12:13:38 +01:00
Bram Matthys 710afe7cc7 Move throttling code from src/hash.c to src/modules/connect-flood.c
Better to have this all in one place. Though, must admit, the
config checking is still in src/conf.c and a bit of a hassle to move.

Some testing may be wise to see if everything still works ;)
2024-09-14 19:55:43 +02:00
Bram Matthys 7157e1a578 Mention donation URL in boot screen. This used to be at 'make install'
but was removed several years ago. I think this is a better place.

This also removes doc/Donation which was out of date and probably
not many people knew about it at all.

[skip ci]
2024-07-06 16:14:20 +02:00
Bram Matthys e9da1a867b Using @if with a variable like @if $VAR == "something" was always false.
Reported by BlackBishop.

This rename free_config_defines() to init_config_defines and calls it from
config_read_start() so caller doesn't have to think about it.
2024-05-06 09:22:53 +02:00
Bram Matthys 64ea1d09d6 Move 'reserved clients' stuff to runtime, since 'ulimit -n' could be lower.
This fixes a bug where if you run ./Config with 'auto' file descriptors,
and then have an unusually low 'ulimit -n' of like 150, you would end up
with a negative amount of file descriptors available for use.

This fix moves it from compile-time setting of reserved fd's to runtime
setting.

All this is wrong, by the way, but that is for another major overhaul,
at least this bug is fixed now :D
2023-12-28 09:00:09 +01:00
Bram Matthys 36323f4294 Replace modulemanager HTTPS code with the generic URL code.
We now have a synchronous_http_request() which can be used for that
(NOTE: that function is NOT for use in unrealircd modules)
2023-11-24 13:22:55 +01:00
Bram Matthys 87295deb67 Remove client->local->next_nick_allowed which is unused nowadays.
It was moved to the generic anti-flood framework which is
FloodCounter flood[MAXFLOODOPTIONS];
2023-10-02 14:26:01 +02:00
Bram Matthys 78c3766038 Showing this "Configuration test passed OK" makes no sense after
"Configuration loaded", i think it was meant for ./unrealircd configtest
only.

[skip ci]
2023-07-15 18:45:57 +02:00
Bram Matthys d1877ae100 Add conditional config defines:
UNREALIRCD_VERSION
UNREALIRCD_VERSION_GENERATION
UNREALIRCD_VERSION_MAJOR
UNREALIRCD_VERSION_MINOR
UNREALIRCD_VERSION_SUFFIX

https://www.unrealircd.org/docs/Defines_and_conditional_config
2023-07-07 21:05:38 +02:00
Bram Matthys 1006292681 Initial work on central spamfilter with auto refreshing URL / rules 2023-07-07 18:43:29 +02:00
Bram Matthys acbedd5938 Also trigger hi connection warning when near maxconnection limit 2023-06-04 10:06:12 +02:00
Bram Matthys f804c5ed65 Add detection and set the high connect rate to 1000 per seconds.
https://www.unrealircd.org/docs/FAQ#hi-conn-rate
This finishes https://bugs.unrealircd.org/view.php?id=5532
2023-05-18 13:15:17 +02:00
Bram Matthys 89075e532a Send throttling and some other error messages to SSL/TLS users (encrypted).
This is the start of "be more friendly to TLS users with disconnect
error messages" from https://bugs.unrealircd.org/view.php?id=5532

As that bug explains:
Consider doing the SSL/TLS handshake even for throttling errors and such
when the (reject) connection rate is below a certain amount per second.  If
it is higher than a certain rate, then fall back to the original behavior to
reject the user instantly without handshake or looking at any data.
Rationale: the current/original behavior is there so the ircd can handle
floods, both in terms of traffic and in terms of CPU usage (the SSL/TLS
handshake is quite costly after all).  The downside of the current behavior
is that TLS users don't see the error message, usually.  This feature
request tries to find a middle ground.

Still a TODO item:
* We don't detect high rates yet, so we only do this new behavior atm
  and not yet the old behavior during high connection rates.
* Verify that error messages/behavior hasn't changed (too) much,
  like the throttling and the banning disconnect messages.
2023-05-18 11:17:37 +02:00
Bram Matthys d48ccb1ec8 When rpc.modules.default.conf is loaded, remember last 1000 lines of log
entries for a maximum of 7 days, in memory.
[skip ci]
2023-05-05 12:16:54 +02:00
Bram Matthys 8a48cfb664 Fix not sending CAP DEL on module unload.
Reported by westor in https://bugs.unrealircd.org/view.php?id=6104
The code was there but the order of which the checks were done was
wrong, so first it was checking which CAP's were unloaded and after
that it was unloading the CAP, instead of the other way around.

Also renamed the function to clicap_check_for_changes()
to be consistent with other runtime change detection functions
like extcmodes_check_for_changes(), umodes_check_for_changes()
and charsys_check_for_changes().
2023-03-20 10:55:22 +01:00
Bram Matthys 895bbd3a35 When authprompt kicks in and the session timeouts, show the original ban reason
from the *LINE (or other ban type).
Eg /GLINE %*@192.168.* 0 :Please authenticate using SASL
would now, if the user has authprompt enabled and the connection times
out, exit the client after ~30 secs with "Please authenticate using SASL",
instead of "Registration timeout" (pre 6.0.5-rc2) or
the generic "Account required to login" (6.0.5-rc2).
This to help clients and users who do not type or display anything.

This is an enhancement to https://bugs.unrealircd.org/view.php?id=6202

This also fixes a bug in 6.0.5-rc2 where "Registration timeout" was
always showing up as "Account required to connect", even if there
was no softban or authprompt intervention at all.
2022-12-26 10:21:59 +01:00
Bram Matthys 9b1c24c2fa When timing out on authprompt, error with "Account required to connect".
More ideally it would show the full *LINE reason but that is something
for a later release. Inspired by https://bugs.unrealircd.org/view.php?id=6202

This also fixes a silly typo that prevents compiling btw :D
2022-12-21 09:31:47 +01:00
Bram Matthys 2d61cded0d Show jansson library version in boot screen and elsewhere IF library version
is 2.13 or newer, as this requires jansson_version_str().

And no, we don't use macro's (eg JANSSON_MAJOR_VERSION). We never do that for
any of the displayed library versions (OpenSSL, libsodium, c-ares, curl, etc)
as macro's only reflect the compile-time library version and not runtime,
and thus are misleading... which can be especially problematic in case of a
security issue. So good that jansson added this function.
2022-11-04 14:16:50 +01:00
Bram Matthys b38b0f5086 Set loop.config_state to one of CONFIG_STATE_* so modules (and core)
can track at what step we are during configuration file and module
processing.
2022-06-20 12:54:22 +02:00
Bram Matthys 6b30482c04 Don't apply registration timeout to *NIX domain socket connections.
May want to reconsider this but.. for now..
2022-06-19 13:13:33 +00:00
alicetries 2018502e74 Fix various log messages which had missing $expansions (#198) 2022-05-01 13:52:45 +02:00
Bram Matthys e0cfbe5821 When using remote includes with certain setups, one could get weird
rehash errors such as error: set::geoip-classic::ipv6-database:
cannot open file "/home/xxxx/unrealircd/data/https://www.unrealircd...
and possibly even a crash.
The initial boot of UnrealIRCd, however, was always fine, this only
happened when rehashing.
It also seemed to occur more with ftp:// includes or at least with
multiple parallel includes, that may or may not have different or
more latency. In any case it seemed to affect some remote includes
setups semi-consistently, and others not at all.

The root cause was a complex code path causing a read-after-free.
We now use a simplified code path which can no longer cause this.
The only downside is that rehashing may be delayed up to an extra
250ms (quarter of a second), but that should hardly be noticeable,
if at all.

Issue reported by Bun-Bun.
2022-01-31 08:30:05 +01:00
Bram Matthys 3dd7c19c77 Move "gencloak" to unrealircdctl, so it is available for Windows users.
For *NIX users no visible change.
2022-01-03 14:28:10 +01:00
Bram Matthys e35c29f3d5 Move mkpasswd operation to unrealircdctl. For *NIX users no change as this
is done behind-the-scenes (the command is still ./unrealircd mkpasswd).
For Windows users it finally means they can generate passwords via the CLI
using: unrealircdctl mkpasswd pwdhere
2022-01-03 14:14:12 +01:00
Bram Matthys c02eb3f16c Windows code cleanup: WSAStartup() -> init_winsock() 2022-01-03 13:19:22 +01:00
Bram Matthys 98c0e786b5 Make UnrealIRCd compile on Windows again.
Updated the makefile to build unrealircdctl.exe etc.
2022-01-03 13:10:53 +01:00
Bram Matthys 39688517b0 Make "./unrealircd rehash" show output on the terminal, same for
"./unrealircd reloadtls" and there is now also a "./unrealircd status"

The output is colorized if the terminal supports it (just like on the
boot screen) and also the exit status is 0 for success and non-0 for
failure. The purpose of all this is that you can easily detect rehash
errors on the command line.

These three commands communicate to UnrealIRCd via the new control
UNIX socket, which is in ~/data/unrealircd.ctl.
This also does a lot of other stuff because we now have an internal
tool called bin/unrealircdctl which is called by ./unrealircd for
some of the commands to communicate to the unrealircd.ctl socket.
Later on more of the existing functionality may be moved to that
tool and we may also provide it on Windows in CLI mode so people
have more of the same functionality as on *NIX.
2022-01-02 20:17:36 +01:00
Bram Matthys 4e209968fe Fix hang on "Loading IRCd configuration" if DNS is not working correctly.
For example if the 1st DNS resolver is refusing or ignoring requests.
We forgot to call unrealdns_timeout() in the waiting loop, so DNS requests
never timed out and c-ares didn't try the 2nd/3rd server either.

Issue reported by Elodie.
2021-12-30 14:49:29 +01:00
Bram Matthys 07c2345af5 Fix throttling only cleaning up old entries every 2 minutes.
That is, until the first REHASH happened, after that all is good.

This was caused by update_throttling_timer_settings() being
called before init_throttling().
2021-12-06 17:40:11 +01:00
Bram Matthys 97ccf29573 Make "./unrealircd gencloak" print the generated keys in a way
so the user can easily copy-paste them to their config file.
Also bump the key length from 50-60 to 80 characters.
2021-09-25 20:25:03 +02:00
Bram Matthys a2a9eebf98 Get rid of ./unrealircd upgrade-conf (was for 3.2.x to 4.x) 2021-09-24 16:40:42 +02:00
Bram Matthys 43e4c5444f We already got rid of sendto_ops(), now get rid of sendto_realops().
Use the new logging instead.
2021-09-23 19:57:05 +02:00
Bram Matthys 5175afb598 Update ircd coders 2021-09-22 12:02:46 +02:00
Bram Matthys fcf020b99e It's raining consts... 2021-09-11 09:56:22 +02:00
Bram Matthys 5bc244c1f3 Add a lot more consts. This finishes the work for all hooktypes. 2021-09-10 20:36:38 +02:00
Bram Matthys 13dc17f5dc Code cleanup: remove unused structs and variables. 2021-09-03 21:07:38 +02:00
Bram Matthys d35a90c80f Fix various channel modes showing up as duplicate in 004 and 005.
Yeah I forgot we hardcoded these somewhere, now they are gone.. poof!
2021-08-22 14:06:51 +02:00
Bram Matthys 5b90fd0c0d Get rid of old MOTD downloading code and several USE_LIBCURL defines
that are no longer needed.
2021-08-21 14:13:24 +02:00
Bram Matthys 182cc7eab4 HTTPS client: add support for timeouts 2021-08-21 09:19:29 +02:00
Bram Matthys d6a074aa34 Support for remote includes without cURL (https only).
This is work in progress. It current lacks a number of features
that we would like to have, but most of them are relatively easy
now that most of the work has been done:
1) Support for caching based on timestamps, like curl ("not modified")
2) IPv6 support
3) HTTP redirects (with limit)
4) Timeouts for connect and reads (15 / 45 for curl atm)
5) HTTP downgrades
6) Chunked transfer encoding
7) Verify openssl hostname check
8) SNI
9) Ideally some progressbar for large transfers such as the geoip db
   (for cURL too by the way)

And.. finally we should use this stuff from the modulemanager so we
don't have duplicate code.
2021-08-20 19:19:04 +02:00
Bram Matthys b74d15595b Change int rehash() to void request_rehash(), which is a better name
as it REQUESTS to rehash the server, but it may not be done immediately.
And making it void makes sure nobody relies on some sort of return
value which will differ between with vs without remote includes.

Also get rid of sig and loop.rehash_save_sig, as a NULL client
already indicates the same (or at least does so now).
2021-08-18 13:28:56 +02:00
Bram Matthys 675c1cab55 Rename loop struct members:
* loop.ircd_rehashing -> loop.rehashing
* loop.ircd_terminating -> loop.terminating
* loop.ircd_booted -> loop.booted
* loop.ircd_forked -> loop.forked
2021-08-18 13:08:42 +02:00
Bram Matthys f184472781 Get rid of argument to config_test(), as we have loop.ircd_rehashing for that. 2021-08-18 13:03:31 +02:00
Bram Matthys fe2c834080 Rename lots of config functions (internally used ones, most likely
not used by 3rd party authors):
* conf_start() -> config_read_start()
* conf_check_complete() -> is_config_read_finished()
* load_conf() -> config_read_file()
* config_test() -> config_test_blocks()
* config_run() -> config_run_blocks()
* init_conf() -> config_test()
* run_configuration() -> config_run()

This so things look like:

if (config_read_start() < 0)
        exit(-1);
while (!is_config_read_finished())
	; // do something
if (config_test(1) == 0)
        config_run();
2021-08-18 12:57:38 +02:00
Bram Matthys 685e0ee073 In ConfigItem_include include->url now always exists, and src/url.c is now
always compiled in, both regardless of cURL support or not.
Obviously the cURL functions are not available without cURL and there
are now some #ifdef USE_LIBCURL in url.c

This also fixes the current build to work without cURL
2021-08-18 12:27:13 +02:00
Bram Matthys 9e887ea4e9 Start with remote includes makeover. First objective is making them
asynchronous on start, which is achieved by this 1st commit.

For this to work, the init_conf() stuff has been split to an
earlier call to conf_start() and then a loop where you can
check for conf_check_complete().
This means init_conf() no longer calls load_conf, as that
is moved to conf_start() and conf_check_complete().
Thus, init_conf() is now only called when all includes are in the
linked list 'conf_include'.

This is work in progress and breaks:
1) rehashes
2) compiling without curl
3) possibly cached remote includes
2021-08-18 11:31:46 +02:00
Bram Matthys 16527eb6a4 Back out previous change, bad idea :D 2021-08-12 16:03:20 +02:00
Bram Matthys 507f43fc74 Set me.uplink to &me. Not entirely sure if this is what we want.
Without this, I think otherwise we need too many checks everywhere
for the IsMe() case. And this behavior matches me.direction which
also points to &me.
Then again, will doing it this way cause issues? We will see...
2021-08-12 15:57:58 +02:00