1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 01:03:12 +02:00
Commit Graph

4684 Commits

Author SHA1 Message Date
i 8c11ebd0e7 Make allow {} block always continue when there were no password or wrong password was specified. 2019-07-18 18:47:05 +03:00
i c9908a55c9 Added HOOKTYPE_CONFIGPOSTTEST for webredir module, to check if there is no set::webredir. 2019-07-16 01:18:41 +03:00
i e30de7b7a6 Removed default url for webredir module and refuse to load without url. 2019-07-15 21:59:41 +03:00
GottemHams 19aad17d4e cfgstruct is not necessary for cmdrestrict :D 2019-07-14 23:08:42 +02:00
GottemHams 655027f5db Merge branch 'unreal50' of github.com:syzop/unrealircd-next into unreal50 2019-07-14 23:05:08 +02:00
GottemHams e5cfc5d798 cmdrestrict v1.0: Restrict specific commands until certain conditions have been met =] 2019-07-14 23:04:15 +02:00
i 53146f252c New module webredir (do 301 redirect for HEAD/GET/POST/PUT commands to the specified URL). 2019-07-14 22:37:55 +03:00
Bram Matthys 2894c16638 Lower set::ident::read-timeout to 7 seconds, which should be plenty
on the Internet of today.
2019-07-14 19:22:36 +02:00
Bram Matthys 1c5c501dc1 Remove m_nopost module as it is no longer useful.
UnrealIRCd already protects (for maaaany years) with ping cookies against
this attack. Making the m_nopost redundant.
Also, another module may be more useful (more on this soon...).
2019-07-14 19:07:32 +02:00
i d22a2a20f0 Make usermode +T block channel CTCP's as well. 2019-07-14 19:01:31 +03:00
Bram Matthys d9bd18c483 Remove TODO comment, now that it has been done [skip ci] 2019-07-13 16:00:49 +02:00
Bram Matthys c2445fa9c6 Add history_backend_null, which can be useful on servers where you
explicitly do not want to remember any channel history, such as on
a hub server to save memory.
Also, on Windows, ensure to compile all history_backend_*.c
2019-07-13 15:53:23 +02:00
Bram Matthys 3b67e83275 Add some FIXME's to labeled-response. Not going to work on that right now,
since there is more important things to do...
[skip ci]
2019-07-13 15:40:58 +02:00
Bram Matthys 806256e9c2 Move generate_batch_id() to core. Use chathistory BATCH type, if supported. 2019-07-13 15:25:56 +02:00
Bram Matthys ccfeac6eae Don't re-order mtags on history playback
Strictly, this is not a problem, but.. for our test framework it is better
and it looks cleaner too.
2019-07-13 08:20:12 +02:00
Bram Matthys 65b5e21464 Fix double 'time' mtag on history playback 2019-07-13 08:18:53 +02:00
Bram Matthys 0cda60301d Add set::broadcast-channel-messages [auto|always|never]:
This determines when UnrealIRCd will use broadcast instead of multicast
for delivering channel messages to servers.
The default is 'auto' which uses multicast but switches to broadcast
when channel mode +H is set. This is what people should normally use.
If you set it to 'never' then +H will not work properly if there are
servers with 0 users on them.
2019-07-13 07:59:12 +02:00
i 006b7e5a7c Hide serveropts from normal users. 2019-07-12 01:09:33 +03:00
i ca094f0a75 New set::ping-warning option (how fast the server should reply to PING before sending a warning to opers). 2019-07-11 16:47:02 +03:00
i 60ebc1375e Support channel status prefixes for SAJOIN. 2019-07-10 17:42:46 +03:00
Bram Matthys 769955eab5 Require at least one SSL/TLS port to be open. In other words, change
https://www.unrealircd.org/docs/FAQ#Your_server_is_not_listening_on_any_SSL_ports
from a warning to an error.
2019-07-10 06:53:01 +02:00
Bram Matthys 3cff80ad8d Use SSL_CTX_set_min_proto_version() in a more inteligent way.
It shouldn't matter now, but if OpenSSL some day deprecates the old
way then at least it won't have silent disastrous effects.
2019-07-09 20:24:00 +02:00
Bram Matthys dc2c2c3f89 Re-indent ssl.c 2019-07-09 20:13:02 +02:00
Bram Matthys d09b9d53a4 Make SSL/TLS mandatory for UnrealIRCd to run. Previously you could get
around this by simply having no certs etc. I doubt anyone used it and
that was not a recommended configuration.
(More to come)
2019-07-09 20:06:11 +02:00
Bram Matthys 79bd78c0f3 Make it so UnrealIRCd has full control over the SSL/TLS versions in use
and not just the operating system.
This makes us use SSL_CTX_set_min_proto_version(), which unfortunately is
a less fine-grained control for disabling specific SSL/TLS versions.
However, after that we use SSL_CTX_set_options with SSL_OP_NO_xxx.
The latter is deprecated though. Will revisit this change before U5 release..
2019-07-07 10:22:29 +02:00
Bram Matthys 3b3f63b990 Add HAVE_EXPLICIT_BZERO. Fix compile problems on Debian and other older
systems without explicit_bzero. Current usage is only in the PRNG which
is not very important anyway. We can re-visit later by attempting to
provide a fallback portable version, but from what I've seen this is
pretty ugly.
2019-07-07 09:18:34 +02:00
Bram Matthys 7ac11973d0 Fix crash in TOPIC with certain remote server traffic.
And make sure we don't change topic text if it comes from a remote link.
2019-07-06 17:48:44 +02:00
Bram Matthys 74cf811759 Failed to initialize a variable in changes last week.
Not caught by tests due to lack of -O2, we should add a buildbot for that..
2019-07-01 07:40:49 +02:00
Bram Matthys fea09b6659 Switch from RSA 4096 to ECC secp384r1 2019-06-30 10:53:58 +02:00
Bram Matthys d3d9b499a7 Move src/ssl.cnf -> extras/ssl.cnf
[skip ci]
2019-06-30 10:25:19 +02:00
Bram Matthys e90f6e0446 Remove 'make encpem'. Nobody uses this as it would mean you always need
to enter the private key password when UnrealIRCd is (re)started.
Similarly, remove all references to it on Windows as well, where people
thought clicking "Encrypt private key" was a good idea. Can't blame them,
it sounds good on first sight :D
[skip ci]
2019-06-30 10:23:15 +02:00
Bram Matthys f0f69bfe48 Change set::ident::read-timeout from 30 to 15 seconds since otherwise
it exceeds set::handshake-timeout which would be very unfortunate for
those (few) poor users that are affected by this.
2019-06-29 18:51:02 +02:00
Bram Matthys 60a89b8c3f Change set::outdated-tls-policy::server and ::oper to deny.
Both servers and IRCOps must not use outdated SSL/TLS protocols or ciphers.
2019-06-29 18:34:27 +02:00
Bram Matthys 94faf02c70 Change set::plaintext-policy::oper to deny. IRCOps really must use SSL/TLS. 2019-06-29 18:31:37 +02:00
Bram Matthys 375b03c132 Fix (just created) bug in extcmode unloading (with param).
Update slot/param mapping. Now unloading should work well...
otherwise it crashed after destroying the channel.
2019-06-29 09:51:23 +02:00
Bram Matthys bbbdba1083 Make chanmodes/link module un-PERM. Thanks due to previous change. 2019-06-29 09:11:20 +02:00
Bram Matthys b605b7fd86 Use delayed module unloading not only for modules with moddata but also
for modules which have extended channelmodes with parameters,
since they have the same problem.
2019-06-29 09:10:18 +02:00
Bram Matthys 96ad3e8f71 Nothing special. Add a comment to blacklist module, in case someone
things it would be wise to make it unPERM ;)
[skip ci]
2019-06-29 08:55:36 +02:00
Bram Matthys 5d6f0a79ad Make jumpserver module non-PERM, thanks to LoadPersistentPointer etc. 2019-06-29 08:52:52 +02:00
Bram Matthys fbf4946777 Update tkldb to use new LoadPersistentInt/SavePersistentInt functions.
And before that, I fixed these functions so they actually work :D
2019-06-29 08:44:12 +02:00
i 780d9e95a2 extbans/partmsg: remove unused leftovers 2019-06-29 00:41:23 +03:00
i cf3d01da06 extban ~p for hiding part/quit message 2019-06-29 00:30:10 +03:00
Bram Matthys 5182c664d1 Easier API for just-commited persistent variables. Example:
LoadPersistentPointer(modinfo, removefld_list, floodprot_free_removefld_list);
SavePersistentPointer(modinfo, removefld_list);

The above example was for a pointer, there are also functions for int and long,
which are even more simple:
LoadPersistentInt(modinfo, somevar)
SavePersistentInt(modinfo, somevar)
and
LoadPersistentLong(modinfo, somevar)
SavePersistentLong(modinfo, somevar)
both are untested, but will be tested soon...
2019-06-28 22:08:45 +02:00
Bram Matthys 0920967cc4 New module_load_variable / module_save_variable functions
and made floodprot to use these functions.
TODO: 1) Different functions for pointer/int/long, 2) macro?
2019-06-28 21:02:29 +02:00
Bram Matthys c720417487 MOD_UNLOAD() was always called with an invalid modinfo argument. 2019-06-28 21:01:43 +02:00
Bram Matthys 7fe1848340 Make floodprot no longer PERM so it can be reloaded. Useful if we ever
make a mistake in the module so we can upgrade it on-the-fly.
Or if someone wants to get rid of it.
TODO: consider abstracting the saving/restoring of vars.
2019-06-28 20:14:32 +02:00
Bram Matthys 8686bf978e Support for unloading channel modes with parameters (w/o MOD_OPT_PERM) 2019-06-28 20:07:21 +02:00
Bram Matthys 1757abf31a Duh.. 2019-06-28 19:16:21 +02:00
Bram Matthys 1f5acd852b Update tkldb to use (new) MODDATATYPE_LOCALVAR. 2019-06-28 19:11:34 +02:00
Bram Matthys 2a7fc8042d Add new moddata types: MODDATA_LOCALVAR and MODDATA_GLOBALVAR. Untested.
Code using it will soon follow (and then it will be tested :D)
2019-06-28 18:35:37 +02:00