1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 22:26:38 +02:00
Commit Graph

7885 Commits

Author SHA1 Message Date
Robert Scheck 831737f13e Exit with a successful return code upon receipt of SIGTERM (#125) 2020-10-20 07:26:57 +02:00
Robert Scheck ebe0a43828 Add $(DESTDIR) support for 'make install' (#124)
When packaging UnrealIRCd as RPM, 'make install' needs to install
the files into $RPM_BUILD_ROOT rather into '/'. Just changing the
paths via ./Config or ./configure does not fit, because otherwise
UnrealIRCd is finally looking for $RPM_BUILD_ROOT/etc/unrealircd/
rather /etc/unrealircd/. It's fully backwards-compatible, because
normally $DESTDIR is not being passed.
2020-10-19 17:12:46 +02:00
Bram Matthys 75efe02040 And add config check for X509_get0_notAfter().
For our Ubuntu 16 friends.
2020-10-11 15:56:06 +02:00
Bram Matthys b3510c5da8 Fix for previous commit with OpenSSL <1.1.0 (Debian 8, Ubuntu 16, ..)
Thank you BuildBot.

This means on older OpenSSL's we are not going to have certificate
expiry checks. Those OpenSSL versions were deprecated by the OpenSSL
team itself, so yeah then you will miss out a few things.
2020-10-11 15:39:27 +02:00
Bram Matthys 6778b3e26d Warn when SSL/TLS certificate is expired or expires soon (<7d).
Since an expired certificate usually means that users cannot connect
we will actively warn all IRCOps about this situation twice a day.
2020-10-11 15:00:09 +02:00
Bram Matthys 8619d1e763 Add optional allow::options::reject-on-auth-failure, as requested
by armyn in https://bugs.unrealircd.org/view.php?id=5769.

The default behavior in 5.x is to continue matching:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*; password "iwantmore"; class clients; maxperip 10; }
This so users who provide a password get additional rights,
such as a higher maxperip or a different class, etc.
If the user connects without a password then we simply continue
to the next block and use the general block with only 2 maxperip.

However, some people want to use passwords to keep other users out.
That is entirely understandable as it is an 'allow block' after all.
For example:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*.nl; password "tehdutch"; class clients; maxperip 2; options { reject-on-auth-failure; } }
In this case anyone without the correct password will be rejected access.
2020-10-11 09:24:11 +02:00
Bram Matthys 00fa88daee Remove special code for '/who nick' and replace it with generic code
if someone searches explicitly on a nick name and that user exists.

This fixes a bug where doing '/who name a' would return only 1 result
if 'name' exists as a nick, even though multiple people with the
same account 'name' are online and visible to the user, as
reported in https://bugs.unrealircd.org/view.php?id=5761 by Koragg.
2020-10-11 08:37:22 +02:00
Bram Matthys 9c85cd5bc6 *** UnrealIRCd 5.0.7 release *** 2020-10-10 15:04:18 +02:00
Stanley 893dd84aaf Added help.nl.conf (Dutch), contribution from Stanley (#121)
Co-authored-by: DjSxX <46792280+DjSxX@users.noreply.github.com>
2020-09-30 17:49:01 +02:00
Bram Matthys f2d49eed04 Reputation used the score of the WEBIRC IP rather than the end-user IP.
This resulted in high reputation scores for all WEBIRC users.
Reported by DeviL.
2020-09-28 17:41:37 +02:00
Bram Matthys 5286edc0ef Make ./Config import settings from 5.0.6. 2020-09-28 10:23:56 +02:00
Bram Matthys 2d90245626 ** UnrealIRCd 5.0.7-rc1 ** 2020-09-28 10:04:06 +02:00
Bram Matthys 35ee1eb28a Some more small release note changes
[skip ci]
2020-09-28 09:13:48 +02:00
Bram Matthys f424a0560a Update release notes 2020-09-28 09:08:17 +02:00
Bram Matthys e62bad9924 Make it "End of /OPERMOTD command" at end of OPERMOTD.
Reported by bitmaster in https://bugs.unrealircd.org/view.php?id=3895
2020-09-27 20:21:55 +02:00
Bram Matthys b4b7908612 Fix '/STATS b' and '/STATS badword' not working.
Reported by CoreDuo in https://bugs.unrealircd.org/view.php?id=4722
2020-09-27 18:20:34 +02:00
Bram Matthys b01cbff3e1 Add message tags (such as server-time) to PONG.
Requested by GaMbiTo- and KiwiIRC authors in
https://bugs.unrealircd.org/view.php?id=5758
2020-09-27 16:57:28 +02:00
Bram Matthys 42da15bb6e Minor release note updates
[skip ci]
2020-09-27 12:27:47 +02:00
Bram Matthys 61e8c8d851 Fix labeled-response causing two lines in one websocket frame.
This goes against our guarantee of 1 IRC line = 1 websocket frame.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=5708
2020-09-27 12:17:02 +02:00
Bram Matthys 9002c92062 Set version to 5.0.7-git and start on some early release notes. 2020-09-26 14:28:41 +02:00
Bram Matthys 57d0efbc58 Recode textbans so voiced users cannot bypass them.
Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698

Although voiced users normally bypass bans, it is not really logical
for them to bypass filtering of banned words, since that is normally
a policy decission by channel management. So +v will not bypass it.

1) The problem is that this is enforced at the ban layer API.  The extban
routines, textban in this case, are not called when the user is voiced,
because voiced users bypass bans.  If we would change that in the ban API
then voiced users can also no longer talk through (=bypass) regular +b or
other extended +b such as ~a (account) etc.

2) I figured we would then make +T not use the ban API but the
can_send_to_channel hook instead.  However, then you have to do manual
looping through bans and such, it's rather ugly from a coding point of view,
and you risk "missing" things like ~T stacked with ~t.

3) Then I went back to look if the ban API could be changed by having the
textban module set a flag and then the ban api would call that specific
module still for voiced users.  While starting on that, unfortunately things
(variables, arguments) cascaded quickly into having to change all kinds of
underlying functions that would break the module API.

4) I then went back to option 2 and implemented it, trying to deal
   with all its caveats.
2020-09-26 13:43:46 +02:00
Bram Matthys 5320d54e8e Disallow ~T with any action extban, eg ~n:~T:censor:xyz.
We still allow timed bans though, eg ~t:1:~T:block:*whatever*
2020-09-26 12:49:58 +02:00
Bram Matthys 3701ce9a43 Document existing extended ban options. 2020-09-26 12:49:44 +02:00
Bram Matthys 02f0d059c5 hideserver::disable-links did did not disable /LINKS.
Reported by Apocalypse32 in https://bugs.unrealircd.org/view.php?id=5753
Probably since 5.0.0, due to my mass command api changes.
2020-09-26 12:16:17 +02:00
Bram Matthys a02f94f867 Clean up WHOX a bit and fix WHO hiding yourself if not in any channels,
reported by Koragg in https://bugs.unrealircd.org/view.php?id=5757.

This changes the following in the code of who_global():
1) We initialize all the 'marked' users to zero at the beginning,
   and remove the previously unmarking in the bottom loop that
   shouldn't have anything to do with it. Now there's "no way"
   to screw up initialization of marked users.
2) Check for marked users in the bottom loop.
3) Thanks to #1 and #2 we can now easily add simple logic like
   not skipping when client==acptr.
4) Similarly, we can remove checks for +i/-i in who_common_channel(),
   and as a bonus we will list common channel results altogether
   in the WHO result, rather than first +i on common and then at the
   very end the remaining -i (which may also be in common channels).

All in all, the code is now more like how I would write it, rather
than the original. It's now harder to screw things up if you change
some visibility or searching logic here or there.
2020-09-26 08:43:51 +02:00
Bram Matthys 578f8f248c Warn user when undocumented set::ssl::dh / set::tls::dh is present.
That option specified a Diffie Hellman parameter file. Since
UnrealIRCd 5.0.0 we no longer process this option.
This option has never been documented in the wiki docs.
We prefer and use ECDHE/EECDH with SSL_OP_SINGLE_ECDH_USE since 2015
to provide Forward Secrecy in SSL/TLS. And indeed, by now in 2020,
any properly maintained software uses it and old DH(E) usage has
fallen to less than 1%.

What this patch does is remove the unused code (since Dec 2019) and
show a warning if you have a ::dh config directive, so that at least
you are informed that it is unused/ignored. Since it was undocumented
it probably hardly affects anyone, but still, it is proper to inform.
2020-09-12 09:38:17 +02:00
Bram Matthys fea2522067 Fix memory leak on './unrealircd reloadtls' / '/REHASH -tls'
Reported by NoXPhasma in https://bugs.unrealircd.org/view.php?id=5745
2020-08-29 15:05:41 +02:00
Bram Matthys 8bed1cb42e Channel mode +l is now limited between 1 and 1 billion, so positive
numbers only. This makes things more logical for end-users.
This fixes https://bugs.unrealircd.org/view.php?id=5746,
bug reported by KindOne.
The same issue was also fixed by previous commit, but still:
it is better to limit things to a narrower range, this so you
don't get different behavior depending on the CPU a server uses.
2020-08-29 14:40:09 +02:00
Bram Matthys 10ecbffcaa Fix irc*printf handling of certain negative numbers 2020-08-29 14:13:58 +02:00
Moses f5132176b7 Baltics nickchars support (#119)
This adds support for latvian-utf8, estonian-utf8 and lithuanian-utf8
in set::allowed-nickchars. Patch from moseslecce.

Co-authored-by: David Lecce <3292014+davidlecce@users.noreply.github.com>
2020-08-26 07:17:07 +02:00
Bram Matthys db79823578 If no set::modes-on-connect is present we now default to +ixw.
This should be rare, since modes-on-connect is in the example
configuration file with +ixw since 2003, but still... just in
case someone completely misses the modes-on-connect configuration
item, then make sure that we have a safe and good default.
2020-07-25 19:22:50 +02:00
Bram Matthys 13fff82a56 Update version in Windows manifest 2020-07-15 19:55:19 +02:00
Bram Matthys 145ffb6d37 Fix "HISTORY" before 5.0.6 release. 2020-07-15 14:05:27 +02:00
Bram Matthys 422244a2e5 ** UnrealIRCd 5.0.6 ** 2020-07-15 13:47:49 +02:00
Bram Matthys f9e8df1972 Update release notes, add header.
[skip ci]
2020-07-15 13:44:47 +02:00
Bram Matthys dd57e08b18 UnrealIRCd 5.0.6 release notes
[skip ci]
2020-07-15 13:42:21 +02:00
Bram Matthys 1a349d041d Start writing release notes
[skip ci]
2020-07-15 08:52:41 +02:00
Bram Matthys 24e90c8955 History playback on join was not limited.
set::history::channel::playback-on-join::lines and
set::history::channel::playback-on-join::time were ignored,
the limit in the +H channel mode was used instead.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=5707
2020-07-15 08:24:45 +02:00
k4bek4be c81b4b9d9e Call HOOKTYPE_ACCOUNT_LOGIN on UID message too (#112)
Module coders: this will also fire on server-syncs. If you want to skip
such events then check for IsSynched(client->srvptr)
2020-07-14 19:51:46 +02:00
Bram Matthys 5c566053d4 Merge branch 'unreal50' of github.com:unrealircd/unrealircd into unreal50 2020-07-14 19:33:52 +02:00
Bram Matthys 3894aeba97 Fix double batch on HISTORY #channel.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=5709
2020-07-14 19:25:07 +02:00
k4bek4be 812d5bcc73 Fix sending RPL_LOGGEDIN on logout. (#111)
Move all client login notifications into a single place (the SASL module).
Reported by westor in https://bugs.unrealircd.org/view.php?id=5688
2020-07-14 18:39:10 +02:00
Bram Matthys 70496acfbe Fix spamfilter with tempshun action: was not blocking the message.
The tempshun was applied, but the 'trigger' message was let through.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=5723
2020-07-14 08:30:29 +02:00
Bram Matthys ca6630a2fb Fix "called a function you should not call" server linking error that
happens if all of the following are true:
1) You use link::outgoing::tls-options (or ssl-options)
2) You do a REHASH -tls (or REHASH -ssl)
3) You do NOT do a regular REHASH
4) You try to link to the server in such a link block (outgoing!)

In other words: the problem may happen if you try to link after
a Let's Encrypt cert renewal, unless there has been a regular
REHASH between that and the outgoing linking attempt.

Reported by k4be and Le_Coyoto in https://bugs.unrealircd.org/view.php?id=5607
2020-06-26 15:11:01 +02:00
Bram Matthys faeb644b82 Require set::who-limit to be 1 or higher.
Confusion reported by armyn in https://bugs.unrealircd.org/view.php?id=5717
2020-06-26 07:23:47 +02:00
Bram Matthys b23e64cb2e Fix crash if configuration file contains empty set::cloak-method. 2020-06-25 07:29:05 +02:00
Bram Matthys 7901d61e92 Add Spanish help.conf (conf/help/help.es.conf). 2020-06-12 12:10:52 +02:00
Bram Matthys dcb89f933e Fix problem with simultaneous use of websocket and labeled-response,
depending on the module load order. Reported by k4be.
Changes:
* Websocket hooks:
  * Input should be run first
  * Output should be run last
* Labeled-response also had various hook priorities wrong
  * Pre command should be run near-first
  * Post command should be run near-last
  * Close connection (does the flush) should be run near-last
  * Packet should be run near-last
2020-06-10 08:21:20 +02:00
Bram Matthys 53bc8fdf5b Add BOT=B to 005 to indicate the bot user mode.
Suggested in https://github.com/ircv3/ircv3-ideas/issues/43
2020-06-08 08:49:17 +02:00
westor 0e3cfc68bb Fix to display the TLSversion correct on connect (#113)
Previously it didn't display correctly on server notice the TLSv* version on local connection.
Before: TLS_CHACHA20_POLY1305_SHA256
After: TLSv1.3-TLS_CHACHA20_POLY1305_SHA256
2020-06-07 16:13:26 +02:00