1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 17:23:12 +02:00
Commit Graph

145 Commits

Author SHA1 Message Date
Bram Matthys fce0253b5a Remove unused FLAGS_CHKACCESS / SetAccess / ClearAccess.
Also, DoAccess() was already commented out in UnrealIRCd 4 or something.
This results in an empty finish_auth() function but that should be OK,
as ident checking takes place before parsing any other input IIRC.
2019-06-10 18:39:03 +02:00
Bram Matthys 57fd5f4f2b Add HOOKTYPE_IS_HANDSHAKE_FINISHED: if a module returns 0 then register_user()
will not be called. This is used, for example, by m_cap when the CAP LS
handshake is still in progress. Modules can add their own requirements
as they see fit.
Note that, as for (CAP) functionality, this adds nothing new, it just
implements it in a cleaner way, rather than all over the place,
like in UnrealIRCd 4.x.
2019-05-26 12:07:44 +02:00
Bram Matthys 622cb43a48 Manual audit of exit_client() done, for mtags. 2019-05-26 11:36:40 +02:00
Bram Matthys 61b15d9f4d Mass update (automatic) of exit_client().
Next step is manual audit...
2019-05-26 10:45:54 +02:00
Bram Matthys 9f54a19801 New unified function for common: sendto_local_common_channels()
and make this support mtags so it now works for NICK, ACCOUNT, AWAY.
Still to do: exit client for QUIT.
2019-05-26 10:08:02 +02:00
Bram Matthys 6e5df1a4c0 Add mtags argument to sendto_one(). Phase 1 (automated), next is manual
audit of all sendto_one's. Also it doesn't work yet...
2019-05-24 17:38:48 +02:00
Bram Matthys 39029555cb A few more sendnumeric() conversions, putting numerics in main file. 2019-05-22 12:39:01 +02:00
Bram Matthys 1a4cbb7023 sendnumeric() - phase 2 2019-05-22 11:41:46 +02:00
Bram Matthys c27bb26abc sendnumeric() - stage 1 2019-05-22 10:43:07 +02:00
Bram Matthys 5fb9b12d5e Mass-replace sending of notices with sendnotice(), which exists for quite a while now ;) 2019-05-22 09:34:34 +02:00
Bram Matthys a320bec089 More message tags support in the API. sendto_server() now has mtags
and sendto_match_butone as well.
Still about 15 FIXME's that need to be resolved, but committing early.
2019-05-21 19:00:35 +02:00
Bram Matthys 5ebd096f16 Initial implementation of message-tags from May 5, 2019.
This also includes buffer modifications to have a larger read buffer
and IRCv3 implementations (partial or not) for:
labeled-response, msgid, server-time, batch and account-tag.

As said, it is the initial and partial implementation.
There are still various FIXME's and TODO's, the API of various
functions may still change (actually that is true for the next
months, even) and some stuff is currently in the core that will
be moved to modules.
2019-05-12 13:46:44 +02:00
Bram Matthys 872ebca6fa Don't forward PASS to services if the user is already logged in via SASL.
Reported by westor in https://bugs.unrealircd.org/view.php?id=5264
2019-05-10 08:49:40 +02:00
Bram Matthys 9bd4f25af5 Handle FLUSH_BUFFER gracefully (only matters in rare cases, such
as in the case of malformed server traffic).
2019-04-22 14:37:37 +02:00
Bram Matthys cb60bf286d Get rid of this useless DLLFUNC junk. This is only needed for symbols
that need to be visible from the outside of the .DLL (symbol export).
Long story short: you never need to use this yourself in a module.
Where needed it is already handled by UnrealIRCd.
2019-03-23 19:53:12 +01:00
Bram Matthys 7bcf419eda Add references to the technical S2S documentation
@skip-ci
2019-03-23 19:39:56 +01:00
Bram Matthys ab50bf2afc Communicate server featureset (and changes) across server links.
Previously various information was only available for directly attached
servers, since it is communicated via PROTOCTL.
Now, we will also communicate information about leafs behind us.
IRCOps can use the /SINFO command to see these server features.
Services codes don't need to do anything, or at least are not expected
to do anything. They can still receive the information and do something
with it, of course...
Read the following technical documentation for full information,
as it will outline very specific rules for using the command S2S:
https://www.unrealircd.org/docs/Server_protocol:SINFO_command
2019-03-23 17:56:59 +01:00
Bram Matthys fac1e30b91 Major TKL speed improvements. 2019-03-03 20:25:05 +01:00
Bram Matthys dde8f914fb Internal: make UID available early (pre-auth). 2019-02-09 14:35:48 +01:00
Bram Matthys 98fca7979f Code cleanup: internally rename iConf.nicklen to .nick_length to match the
convention that set::some-name is called iConf.some_name
2019-01-30 10:49:44 +01:00
Bram Matthys bcb667c59e New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you
to send a message at very specific places during the initial welcome
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_WELCOME
2019-01-21 10:12:46 +01:00
Bram Matthys 67d691fce9 * New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
  The default settings are to warn in all cases: users connecting,
  opers /OPER'ing up and servers linking in. The user will see a message
  telling them to upgrade their IRC client.
  This should help with migrating such users since in the future, say one
  or two years from now, we would want to change the default to only allow
  TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
  clients without any error message, this provides a way to warn them and
  give them some time to upgrade their outdated IRC client.
  https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-12 11:08:18 +01:00
Bram Matthys 5fd673d059 Rename PLAINTEXT_POLICY_* to POLICY_ (and similarly, the struct, etc) 2019-01-11 13:27:29 +01:00
Bram Matthys 6b089dfcd6 The new module is now called authprompt. Also wrote an article:
https://www.unrealircd.org/docs/Authentication
And "require sasl" is now "require authentication"
(the old name will only raise a warning, not cause an error)

Note that authprompt currently only does the "require authentication"
stuff and not yet the soft-xx actions. That will be something for
later this week, but I've already documented it as such (here and
there anyway).
2018-12-17 17:32:43 +01:00
Bram Matthys 0254894368 Authentication prompt for non-SASL users:
We previously introduced the "require sasl" block which allows you to
force users from certain IP addresses to authenticate with their nickname
and password via SASL. We now offer a new experimental module called
'saslemulation' which will help non-SASL users by showing a notice and
asking them to authenticate to their account via /AUTH <user>:<pass>.
See https://www.unrealircd.org/docs/Set_block#set::sasl-emulation

Note that this is work in progress, although the functionality of
already works. Still need to do some cleaning and expand the scope.
And more testing...
2018-12-16 13:51:22 +01:00
Bram Matthys a0167c35c0 Major reorganization of operclass privileges:
* The operclass privileges have been redone. Since there were 50+ changes
  to the 100+ privileges it makes little sense to list the changes here.
  If, like 99% of the users, you use default operclasses such as "globop"
  and "admin-with-override" then you don't need to do anything.
  However, if you have custom operclass { } blocks then the privileges
  will have to be redone. For more information on the conversion process,
  see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
  For the new list of permissions, with much better naming and grouping:
  https://www.unrealircd.org/docs/Operclass_permissions
The inconsistency in the privileges was initially reported by webczat in
https://bugs.unrealircd.org/view.php?id=4771
The subsequent reorganization took two full days, so.. hopefully the
people who are using - or plan to use - custom operclasses will like the
new layout... except that they need to redo their work of course ;)
2018-12-14 17:05:32 +01:00
Bram Matthys 2509482e02 Update UnrealIRCd version 2018-09-28 09:31:35 +02:00
Bram Matthys 2935385bf2 allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
2018-09-09 09:49:03 +02:00
Bram Matthys aa3e66bb5b We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.

It's likely I made some mistakes somewhere => testing required!!
2018-09-05 16:24:08 +02:00
Bram Matthys 107d8ccf6a * A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
  the specified hostmask are are rejected.
  See https://www.unrealircd.org/docs/Require_sasl_block
Feature suggestion: https://bugs.unrealircd.org/view.php?id=5107
2018-09-05 11:34:48 +02:00
Bram Matthys b1b73e0e56 * Localhost connections are considered secure, so these can be used even
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
  the case for servers, but now also for users and opers)
https://bugs.unrealircd.org/view.php?id=5108
2018-09-02 11:24:19 +02:00
Bram Matthys cd6d7a2bb7 Add allow::options::sasl (or require-sasl) to require SASL authentication
as suggested in https://bugs.unrealircd.org/view.php?id=5098
The allow block documentation has been updated, including an example at
the end of the page - https://www.unrealircd.org/docs/Allow_block
2018-06-11 08:22:29 +02:00
Bram Matthys 147ae3012b Get rid of about a million (now) useless casts and some re-indenting. 2018-04-22 10:29:36 +02:00
Bram Matthys 41b7e1b735 'set::cloak-method ip' not working properly with DNS resolving.
Reported by The_Myth (#5064).
2018-03-07 10:22:24 +01:00
Bram Matthys b046b86a6e Way to customize the reject connection messages. 2017-11-17 11:13:11 +01:00
Bram Matthys d13c7b20d0 Code cleanups in AllowClient and register_user 2017-11-17 10:37:45 +01:00
Bram Matthys 7b7f492b71 Move AllowClient/check_client/check_init to m_nick module 2017-11-17 10:10:28 +01:00
Bram Matthys 3c0db9c72f Move HOOKTYPE_SECURE_CONNECT hook and mode setting up a bit. 2017-11-13 17:02:05 +01:00
Bram Matthys 512c8fb000 Move the place where we set umode +z (secure). Needed for next. 2017-11-13 16:23:49 +01:00
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys 307243ff7a Show (previously hidden) umode -r to user on nickchange.
Reported by Mewsito (#4949).
2017-10-11 18:25:58 +02:00
Bram Matthys 0fd265349a Remove HOSTILENAME config.h option since running without it is
and has never been supported.
2017-10-07 09:33:48 +02:00
Bram Matthys 91e108499e Convert remaining http:// links to https:// 2017-09-15 08:19:08 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys a3cdb49bc9 Another silly nenobug.. 2016-12-03 10:50:02 +01:00
Bram Matthys 51b52f1767 Merge pull request #49 from grawity/ssl
Add an option to hide the notices about TLS parameters and fingerprint (set::options::no-connect-ssl-info)
2016-05-09 10:11:55 +02:00
Mantas Mikulėnas e818ab1a16 Add an option to hide the notices about TLS parameters 2016-03-09 00:25:33 +02:00
Mantas Mikulėnas 5e9a74f0fd Do not require set::services-server
Some places were already treating it as optional.
2016-03-09 00:25:05 +02:00
Bram Matthys bf1e1502ba Use #include "unrealircd.h" in all modules (#4516). 2016-03-04 13:02:06 +01:00
Bram Matthys 2f7543f846 Fix NULL pointer crash if sending malformed server-to-server traffic,
in this case an incorrect IP in USER (#4553). Probably someone trying
to write their own services.
2016-03-02 13:44:56 +01:00