This is partially for the sake of Stskeeps, even though he left the
project long ago, but mainly so we can work towards dynamic ticks in
the event loop while guaranteeing latencies for connected clients,
even with fakelag.
- Some small updates to the extended channel mode system: it now has minimal
support for 'local channel modes'. This is really only meant for channel
mode +Z (upcase z), see next.
- Added Channel Mode Z which indicates if a channel is 'secure' or not.
This mode works in conjunction with +z (lower case z).
If +z is set ('only secure users may join'), then the IRCd scans to see
if everyone in the channel is connected through SSL. If so, then the
channel is set +Z as well ('channel is secure').
Whenever an insecure user manages to join, the channel is -Z. And whenever
all insecure users leave, the channel is set +Z.
The 'insecure user being present in a +z channel' can be because:
- An IRCOp joined the channel, and he's not secure
- When servers link together and a user on the other side is not secure
This only happens on net merge (equal time stamp).
On different time stamp, we still kick insecure users on the new side.
- At the time when +z is set, there are insecure users present.
This feature was implemented after a heavy discussion in bug #3720 by fez
and others, and was suggested by Stealth.
Tech note: +Z/-Z is handled locally by each server. Any attempt to
remotely set +Z/-Z (eg: by services) will be ignored.
- As mentioned above, +z can now be set even if any insecure users are
present. Previously, this was not permitted. Now, as soon as the last
non-SSL user leaves, the channel will be set +Z.
- An oper not connected through SSL previously had to /INVITE himself
to a channel and then /JOIN the channel with the key 'override'.
This 'override' key is no longer required, a simple JOIN will suffice.
- Sorted channel modes in /HELPOP ?CHMODES
- Re-enabled 'fishy timestamp' errors in MODE. For some reason this was
commented out, even though the (more annoying and less useful) code in
JOIN was enabled so that did not make a lot of sense. It also now logs to
ircd.log (or whatever you configure). This enables people to easier find
the cause of any timestamp issues (which usually is badly coded services).
commands.so. This module was written to help IRCd maintainers deal
with some sort of ``XPS'' attack in which javascript-initiated HTTP
POST form submissions were able to act as dummy IRC bots. These
simple bots were the cause of much spam. (#3893)
- Add a modules section to the documentation. This was created to put
all documentation specific to the m_post module in one, easy to find
place. The documentation on m_post is likely incomplete, however.
having to use a special SSL-only port, they can simply switch to SSL on
any port. This is currently only supported by few clients (such as KVIrc 4).
This functionality can be disabled by setting set::ssl::options::no-starttls,
for example if you don't want to offer SSL to your users and only want it
to be used for server to server links.
Naturally, the IRCd must be compiled with SSL support for STARTTLS to work.
- Fixed SSL_ERROR_WANT_READ in IRCd_ssl_write()
new commands SVSNOLAG/SVS2NOLAG (syntax: SVSNOLAG [+|-] NickName). Obviously, care
should be taken when giving such access to a user since he/she will be able to flood
at full speed and could possibly take down the entire IRCd (well, everyone on it).
Suggested by avb, coded by djGrrr.
map the command '/BLAH 5' to 'NICK idiot5'. More info in docs on alias block.
- Modulized: badwords system (src/badwords.c is now gone) and StripColors/StripControlCodes
to m_message, multiple netsynch routines to m_server, send_list to m_list, a certain mode
routine to m_svsmode, all /MSG IRC.. webtv stuff to src/modules/webtv.c which is compiled
with m_message.
This means another ~1500 lines of code are now in modules (and thus can be upgraded on
the fly), which brings the total of modulized lines at 32K.
- Modulized NAMES command (can now be upgraded on the fly, if ever needed).
- Added NAMESX support, seeing both mIRC (5.17) and XChat support this. What this does is
send all rights of all users on the channel in the NAMES reply (eg: @+Syzop if the user is +ov)
instead of only the highest one (@Syzop in previous example). We only do so if the client
explicitly requested this via a NAMESX in a PROTOCTL message (eg: 'PROTOCTL NAMESX').
Note that there is a glitch: since most clients only send the PROTOCTL NAMESX after they
see NAMESX listed in the 005 announce message this has the effect that if there are
set::auto-join channels present (where users are automatically joined to by the server) the
extended NAMES reply will not be sent for those channels, because from the IRC server' point
of view the join happened before the PROTOCTL and hence it does not know the client wanted
NAMESX at that point (the result is not catastrophic: the old-style NAMES is sent for those
channels). Anyway, for all non-autojoin channels this works great. So still worth adding IMO.
Originally suggested in #0000606.
Side note: this does not mean we dropped the idea of (also) having a challenge-response
system for good ;).
This should get rid of some annoying untracable (and usually rare) crashbugs in the
old resolver. Besides that, it makes things look more clean and understandable.
This should be the fix for the following bugids (all the same issue): #2499, #2551, #2558,
#2559, #2603, #2642, #2502, #2501, #2618, #2616.
Feedback and testing is very much welcomed (syzop@unrealircd.com).
generated (for linkage by commands.so), are now used to generate the .so files of the
individual modules as well (eg: m_setname.o -link-> m_setname.so). This reduces compile
time ('make') on my machine by 33%, so it's quite noticable ;).
- Redid include dependencies in Makefile, this makes things safer because on any .h change it
would force a recompile of all files, but it could mean things will be a bit slower for us
coders unless we tweak it later on.
- Changed whois a bit to print less useless results.
- Added several indicators to the "detect binary incompatible modules"-system such as detecting
of a ziplinks module on non-ziplinks (on windows this is ok however), nospoof module on a
a server without nospoof server, etc. Hopefully this will help some people preventing odd
crashes because they did not recompile or (re)install modules properly.
- Added './unreal backtrace', so far this has only been tested on Linux and FreeBSD.
- Fixed a bug making ./Config not load the previously stored settings on Solaris 10 and
probably other Unixes, reported by lion-o (#0002474).
- Modulized a lot of commands and related subfunctions: NICK (750 lines), USER (200),
MODE (2300), WATCH (250), JOIN (600), PART (250), MOTD (100), OPERMOTD (100),
BOTMOTD (100), LUSERS (100). More will follow soon (probably including more subfunctions
related to existing commands).
- Module coders: if CmdoverrideAdd() is called for an override that is already in place, it
now sets MODERR_EXISTS as errorcode and returns NULL (previously it added duplicates).
In the past module coders had many issues with PERM mods... you had to use weird tricks,
but now you can (and should!) just override on INIT and on HOOKTYPE_REHASH_COMPLETE.
- Moved register_user declaration to h.h, updated call in m_pingpong.c (due new 'ip' field).
- Usermode +v ('receive dcc send rejection notices') is oper-only now for privacy reasons.
- Added dcc allow { }, which allows one to make exceptions over deny dcc { }.
- Added deny dcc::soft and allow dcc::soft item, if set to 'yes' it allows someone
to explicitly override it per-person via /DCCALLOW (see next).
- Added DCCALLOW system, taken directly from bahamut.
With this system you can block certain (or all) DCC SENDs and then allow the user to
'override' this limit for every user he/she trusts via '/DCCALLOW +User'.
This is an attempt to stop (or at least limit) the spreading of viruses/etc.
See '/DCCALLOW HELP' for more info.
- Added example dccallow.conf which filters everything except some known
'safe types' (jpg, jpeg, png, gif, etc). Note that the purpose of this file
is NOT to get a complete list, rather to limit it to a few 'known safe' entries.
- Added set::maxdccallow: max number of entries of the DCCALLOW list (default: 10).
- Added snomasks 'S' (Spamfilter) which notifies you of any spamfilter matches.
- [internal] always return after spamfilter match, don't continue looping trough
targets list (eg in case of: /msg #a,#b,#c spamspam), otherwise you would get
duplicate notification msgs.
- Added SENDSNO server command, similar to SENDUMODE but for snomasks, this is
used by the spamfilter snomask (+S) so you get network-wide notifications.
- Added "compiled for.." versioning system, this way a beta17 module can't be loaded
on beta18, etc... People often forgot to recompile their modules or had old ones
somewhere by mistake, therefore crashing after upgrades... this should fix this
(in the future). Module coders don't have to do anything for making this work,
it's done automatically (via modules.h).
* Removed thread questions from Config, and autoconf code from
configure.in, leaving in the old macros though, but inactive
--enable-standardthreads is dead as of now
* Undefined HOOKTYPE_SCAN_INFO
* Removed CONF_EXCEPT_SCAN
* Removed locking in events, Lock/UnlockEventSystem still active for other
possible uses.
* Removed scanners, web server module
* Removed except scan {}
* Removed SCAN_API stuff from l_commands.c, win32 makefiles, etc
* Removed basically any mentions of threads in source tree, excepting
threads.h which Resolver uses on win32
* Documentation changes not done yet