1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 21:26:37 +02:00
Commit Graph

3267 Commits

Author SHA1 Message Date
Bram Matthys 97a87bdca8 Fix reputation score not expiring after 30 days of inactivity.
We now expire after 30d if score is <12 (so 1 hour of being online)
and we expire after 90d regardless of score.

Note that for this to work, all servers would need to be running
UnrealIRCd 6.2.0+ because when a score for an IP is still present
on any of the servers on a network, and a user with that IP connects,
then the score will be broadcasted from the server that still has
the score and it will be re-added by all servers with that score.

But eventually it should be like this... :D

Reported by armyn in https://bugs.unrealircd.org/view.php?id=6536
2025-07-13 10:22:40 +02:00
Bram Matthys cd2deeb1e7 Add spamreport::on-server-ban. If set to yes, then the spamreport
block runs when a user is *LINEd.

TODO: avoid double sending on spamfilter with action { report; gline; }
2025-07-12 18:14:40 +02:00
Bram Matthys 96a2ea5c02 Add HOOKTYPE_BANNED_CLIENT 2025-07-12 18:06:52 +02:00
Bram Matthys 301fb911e8 When submitting to Central Spamreport, include TextAnalysis and
bump sending of last commands from "last 10" to "last 20".
2025-07-12 17:21:56 +02:00
Bram Matthys cb17d58db0 Some small changes to previous commit:
* Calling from source is now in a separate function: int can_use_nick(Client *client, const char *nick)
* For hooks: don't free the reject reason, must use static storage like all other hooks
  (TODO: clarify in all hooks?)
* Move it up a bit, right before find_qline

TODO (not necessarily me :D):
* Make it an efunc
* Also call it from some other places that do find_qline, like rpc/user.c
* You may want to prod 3rd party modules like SANICK
2025-07-06 09:19:04 +02:00
Valerie Liu 6a6dd66c84 Add HOOKTYPE_CAN_USE_NICK to allow modules to reject certain nicks (#313)
* Add `HOOKTYPE_CAN_USE_NICK` for modules to disallow certain "internal-use" nicks
* Run the hook on local NICK commands
2025-07-06 07:10:58 +00:00
Bram Matthys c836f394e5 Central Blocklist: make "error contacting CBL" error message more verbose
Show the actual error, like connection timed out, HTTP 500, etc.
2025-04-22 08:00:46 +02:00
Bram Matthys 30ff1bf09e Add a TODO item 2025-03-27 17:51:32 +01:00
Bram Matthys 641413cfa9 Update Unicode block lists with Unicode 16.0.0 from 2024-02-02.
And provide instructions on how to generate this thing.
2025-03-24 09:32:50 +01:00
Bram Matthys cc75840189 Add unicode_count() crule, e.g. unicode_count('Emoticons')
This will return the number of characters that are in the unicode block
with that name.

spamfilter {
	rule "unicode_count('Emoticons')>2";
	target { private; channel; private-notice; channel-notice; }
	action block;
	reason "Too much emotion";
}

In this commit we also make it so we pass the ClientContext (including
clictx->textanalysis) in crule_context.
2025-03-23 18:14:32 +01:00
Bram Matthys fafe16a673 AntiMixedUTF8: change emoticon transition score from 1 to 0
You will still get a score of +1 if afterwards changing back to Latin
or anything else, but at least the Latin/anything -> Emoticon
transition is free now (score 0). And if ending with an emoji it
also means a score 0 (as far as this is concerned).
2025-03-23 13:21:01 +01:00
Bram Matthys 74e17b7a26 Make SPAMINFO show the UTF8 block names a text uses.
Example output:
*** SPAMINFO ***
This will show the original text and the deconfused text which can be used in a spamfilter block with input-conversion deconfused;
Original spam text: ẔŽŽẐ𝞕ȤℤΖℨℨ𝒁𝓩ẒŹƵᏃŻẒŽℨŹ𝒵𝛧Ż𝝛𝛧ℨℤ𝜡Ƶ𝞕𝘡ŹẐ𝑍ẔẐẐΖ𝜡Ẕ𝜡Ẕ𝞕ꓜ𝚭ᏃẐẔ𝙕
Deconfused spam text: ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
AntiMixedUTF8 points: 64
Number of Unicode characters in total: 50
Number of different Unicode blocks used: 8
Unicode Block breakdown (name: bytes [capped at 255]):
- Latin Extended-A: 8
- Latin Extended-B: 3
- Greek and Coptic: 2
- Cherokee: 2
- Latin Extended Additional: 12
- Letterlike Symbols: 6
- Lisu: 1
- Mathematical Alphanumeric Symbols: 16
2025-03-23 13:03:58 +01:00
Bram Matthys 6bd6e974d4 Add num_bytes and num_unicode_characters to TextAnalysis struct.
Also so you can easily put the unicode_blockmap[] in perspective
e.g. if you want to do percentages.
2025-03-23 12:43:01 +01:00
Bram Matthys 3142b57f77 Move text analysis to main command handler (parse2()).
In CommandAdd() the flag CMD_TEXTANALYSIS now means that the last
parameter of the command will run through the text analysis system.

This flag is set in PRIVMSG NOTICE PART QUIT AWAY SETNAME TOPIC
2025-03-23 12:28:43 +01:00
Bram Matthys 9b89166280 Add deconfused to TextAnalysis. Add ClientContext * to match_spamfilter().
Make match_spamfilter use the clictx->textanalysis->deconfused rather than
calculating its own. The latter will probably disappear altogether.

Unrelated but also fixed: properly set e->unicode_blocks.
2025-03-23 12:13:38 +01:00
Bram Matthys 9691a6d819 Create TextAnalysis framework (hook), this counts the unicode block
switches like antimixedutf8 did, and counts the number of characters
used per unicode block. Potentially more can be added later, this is
flexible and modules can add stuff (..well not yet.. the struct is
missing some members..).

Use it from antimixedutf8 so that it now uses the new code, which is
similar to what I made and then reverted in July 2023:
https://github.com/unrealircd/unrealircd/commit/3e2f668f10fccedfd035526d7b20d7ca6819a8ae
..except that it now calculated in src/modules/utf8functions.c.
But yeah, this needs more testing and possibly (default) score
adjustments to deal with false positives !! And a warning in release notes :D

Put the text analysis in ClientContext member textanalysis,
so typically accessed through clictx->textanalysis.
Note that this struct can (and often is) NULL, for example if it is
a remote client, if it is not a PRIVMSG/NOTICE (will improve later)
or if the utf8functions module is not loaded (to keep things optional).

BREAKING CHANGE is that ClientContext is now passed in the
HOOKTYPE_CAN_SEND_TO_CHANNEL and HOOKTYPE_CAN_SEND_TO_USER hooks.

So HOOKTYPE_CAN_SEND_TO_USER prototype changed from:
int hooktype_can_send_to_user(Client *client, Client *target, const char **text, const char **errmsg, SendType sendtype);
To:
int hooktype_can_send_to_user(Client *client, Client *target, const char **text, const char **errmsg, SendType sendtype, ClientContext *clictx);

And HOOKTYPE_CAN_SEND_TO_CHANNEL prototype changes from:
int hooktype_can_send_to_channel(Client *client, Channel *channel, Membership *member, const char **text, const char **errmsg, SendType sendtype);
To:
int hooktype_can_send_to_channel(Client *client, Channel *channel, Membership *member, const char **text, const char **errmsg, SendType sendtype, ClientContext *clictx);

A side-affect of this change for antimixedutf8 purposes is that,
while the analysis is only done once per line, the 'actions' are
performed for each target, so the action will run 4 times for
"PRIVMSG a,b,c,d :text" although that may not be important in
practice. Just mentioning.
2025-03-23 11:44:24 +01:00
Bram Matthys 2c33103d28 Fix OOB read, write and NULL dereference code from yesterday. 2025-03-23 07:21:00 +01:00
Bram Matthys d137a95606 Update confusables. Generated with a python script from 2 different
generators/sources plus some manual tweaking.
This is not complete and not always correct. Sometimes there are
simple mistakes like ф -> f because that is a cyrillic f but it
should be seen as an o or something like that. Those still need to
be polished out. And some other things are just plain weird but
probably similar cases. In any case, with this commit things are
getting better. It will never be perfect or anything close to perfect
anyway!
2025-03-22 15:40:32 +01:00
Bram Matthys e1fac402d5 Add spamfilter { input-conversion confusables; ..... } for UTF8 conversion
of lookalike characters to simple latin characters.

Also add SPAMINFO command so you can see the result of the conversion.
2025-03-22 08:31:22 +01:00
Bram Matthys 9b3d219743 Add utf8functions with utf8_convert_confusables() from July 16 2023.
I started work on this back then but didn't finalize it. Now I
have to figure out what was left to be done :D. Other than the
obvious case of seeing some debugging code that prints out for
every converted character. Not yet visible / usable by end-users!
2025-03-22 07:56:11 +01:00
Bram Matthys 8c21472d03 Move allow::maxperip to its own module (maxperip), add HOOKTYPE_ALLOW_CLIENT.
Also fix documentation for ~10 hooks to mention the hook name.

Obviously, the maxperip module is loaded by default (in modules.default.conf)
but it is nice to have the 400+ lines contained in a separate module
rather than being in the nick module that does NICK/UID handling.
Will look at moving more later..
2025-03-22 07:42:00 +01:00
Bram Matthys d15c82346e Pass ClientContext in CMD_FUNC() and friends. So extra arg. Breaking change.
It now passes 'clictx' which at the moment only has clictx->cmd which
points to the command handler. So only useful in very few cases where
you have like a generic command handler and thus have no idea for which
command you are being called. In the future, with this new ClientContext
struct, we can simply add new fields to the struct without breaking
things in the core and in (third party) modules.

If you use the magic functions in your modules CMD_FUNC(cmd_mycmd),
OVERRIDE_FUNC(myoverride), CALL_NEXT_COMMAND_OVERRIDE() and such then
you shouldn't have any compile errors as these will use the correct
prototypes and variable names automatically. In a few cases you can't
use these, in which case you will need to update your modules.
2025-03-21 15:40:42 +01:00
Bram Matthys e9e63e4041 Allow calling mtags_to_string() with a NULL client, eg to store/serialize. 2025-03-14 10:29:24 +01:00
Bram Matthys e7ec191bf1 Fix crash by IRCOp upon SPAMREPORT <ip> when centralblocklist is loaded.
Reported by Balthazar in https://bugs.unrealircd.org/view.php?id=6497
2025-02-16 08:52:32 +01:00
Bram Matthys 094efeee25 Add spamfilter::show-message-content-on-hit to override on a spamfilter basis.
This works the same as set::spamfilter::show-message-content-on-hit
https://www.unrealircd.org/docs/Set_block#set::spamfilter::show-message-content-on-hit
but per spamfilter { } in the conf.

Indirectly suggested in https://bugs.unrealircd.org/view.php?id=6437
2025-02-15 12:14:44 +01:00
Bram Matthys ae166bd99e Add spamfilter::input-conversion none; to not use StripControlChars()
for matching. Docs and release notes text will follow later.
2025-02-15 11:05:37 +01:00
Bram Matthys 3cc06cecb9 Show the message type in target flood log messages (PRIVMSG/NOTICE/TAGMSG).
Changed the log/snomask message from, for example:
Flood blocked (target-flood-user) from evil!xyz@localhost [127.0.0.1] to victim
To:
Flood blocked (target-flood-user) from evil!xyz@localhost [127.0.0.1] to victim (TAGMSG)
2025-02-08 08:33:37 +01:00
Bram Matthys ce47440abd Make config_detect_duplicate() externally accessible. Fix some coverity warnings,
mostly with regards to memory leaks if duplicate config directives are used.
Eg using allow::password twice in the same allow block, or using
link::outgoing::tls-options twice in the same link block. Unusual stuff.
2025-01-26 13:23:32 +01:00
Bram Matthys 80ac9eb888 Central Blocklist: include web/websocket handshake data 2025-01-12 12:31:35 +01:00
Bram Matthys 1f57a606a4 Make binarytohex() from src/misc.c available and use it in certfp code. 2024-11-27 12:37:27 +01:00
Bram Matthys 6c98f7224a Always try to maintain chronological order in chat history, and optimize stuff.
Previously if a new history item was added (because someone sent a message)
we would always append at the end of chat history buffer of the channel.
Now we put the message at the position decided by the "time" message tag,
which could be at the end but also slightly before that.
* Upside: should result in a consistent chat history on all servers
* Downside: if your server time is off for several seconds then it
  could look a little weird. Then again, it would already have looked weird
  in real live chat with timestamps and when replaying chat history probably.

Also add some simple optimizations: in the log line object we now have direct
pointers to the msgid and time strings, so the code doesn't need to do a
find_mtag() all the time. This should lower CPU usage during log playback
and also makes things more simple in the source code.

I did some testing with various history injection variants but this needs
more extensive testing.
2024-11-27 10:34:07 +01:00
Bram Matthys 6940272290 Prevent early UID cut-off. This doesn't happen with current unrealircd traffic
because we send 9 character uids. However, IDLEN is defined as 12 so it is
natural for other people (services and other pseudo server writers) to assume
you could send 12, which failed until now, as it only accepted 11 characters.

Just to be clear:
* We generate and send 9 character uids in UnrealIRCd ourselves, this
  works perfectly fine
* In 114d54ac61 in 2021 (UnrealIRCd 5.2.1) i
  enlarged the buffers to allow INCOMING ids of up to 12 characters.
  The reason for that is that I want the option to allow slightly larger
  uids and could start doing that several years later without causing
  desynchs and other problems.
* That didn't work properly, it only allowed up to 11 chars at this point.
* From now on it allows 12 chars. I do NOT recommend sending that though, if
  you want to send bigger ids from your services/pseudo server then use
  11, or... actually just use 9 like in normal unrealircd traffic at the
  moment.

Reported on IRC by craftxbox
2024-11-24 09:56:06 +01:00
Bram Matthys 08fb2b46ac Fix crash with "STATS S" if having vhosts with autologin (no login).
This crash is only triggerable by IRCOps.

Also, it shouldn't lists vhosts with "STATS S", it should be "STATS V".
2024-11-17 08:03:32 +01:00
Bram Matthys 6d60899007 Good idea to bump the vhost module version to 6.1.8.1
[skip ci]
2024-10-17 18:22:16 +02:00
Bram Matthys 019c327821 Fix crash with new auto-vhost code. 2024-10-17 17:44:50 +02:00
Bram Matthys 985a591df2 Previous commit broke "GLINE *@1.2.3.4 0 test" and had a memory leak.
The former was fixed by merging the 'if'. The latter by getting rid
of dynamic memory allocation, long live the stack!
2024-10-16 10:21:16 +02:00
Valerie Liu 8e47aff2cf Make *LINE behave smarter if missing reason or time value (#304)
Now this works like:
if the time param exists, even without a reason, it will be checked if it's a time param. if it's not a time param, it'll be considered to be the reason (or the first part of it anyway)

Reported by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6105
2024-10-16 08:01:12 +00:00
Bram Matthys cf6718fdb2 Fix vhosts and blacklist reasons being lowercased
This was unintentional strtolower() in unreal_expand_string()
2024-10-14 18:56:21 +02:00
Bram Matthys c86b474ed8 Fix crash on crule "||"; in config file.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=6438
2024-09-25 13:04:30 +02:00
Bram Matthys eae680c773 Update release notes a bit
... and make set::max-inherit-extended-bans::ban-exception default to 0
because that functionality is not implemented
The +e's are already checked when using +b ~inherit though..
2024-09-25 10:14:46 +02:00
Valerie Liu fff76c4b29 Make authprompt work with recently new "sasl-from-a-module" hooks (#302) 2024-09-25 07:15:31 +00:00
Bram Matthys 7a43448674 Add unrl_utf8_make_valid() special option 2 to fix previous commit.
Without this, the IRC message could be far beyond >510 characters
(excluding message tags).

This code is untested!
2024-09-24 18:32:14 +02:00
Valerie Liu 713414e716 Websockets with type 'text': don't truncate lines to 510 chars when there are message tags (#301)
Allow full mtag messages to be sent over websockets
2024-09-24 16:30:02 +00:00
Bram Matthys 5860172780 Free previous GeoIP result upon IP change. Otherwise if the new geoip
lookup fails the old result stays there which is confusing.

Reported on IRC where 10.x.x.x was shown as "Poland" which was a
leftover from the "real IP" before WEBIRC spoofing was used to set
the IP to 10.x.x.x. Reported by Jellis.
2024-09-23 19:10:33 +02:00
Bram Matthys 7d37795353 Don't list security groups by default, add 'public <yes|no>'
* [Security group blocks](https://www.unrealircd.org/docs/Security-group_block)
  are now hidden in lists by default. If you want the security group to be shown
  in things like `MODE #channel +b ~security-group:x` (which shows a list)
  then you need to use `public yes;`. The default security groups
  like known-users, webirc-users, etc. are public by default.
2024-09-23 13:11:24 +02:00
Bram Matthys afbb0c283b Accept multiple masks in ban ip { } and ban nick { } such as:
ban ip {
	mask { 1.1.1.1; 2.2.2.2; 3.3.3.3; }
	reason "Go away";
}

Or the alternate form:

ban ip {
	mask 1.1.1.1;
	mask 2.2.2.2;
	mask 3.3.3.3;
	reason "Go away";
}

Suggested by magic000 in https://bugs.unrealircd.org/view.php?id=4599

Note that this is not a Mask item, these are special, hence the
special code.
2024-09-23 12:29:35 +02:00
Bram Matthys 7dc3c230a7 Now that we support $variables, add set::oper-vhost so you can set a default
vhost for opers, such as: set { oper-vhost $operclass.admin.example.net; }

If the oper has an oper::vhost then that one will override.

https://www.unrealircd.org/docs/Set_block#set::oper-vhost
2024-09-20 17:54:39 +02:00
Bram Matthys 9a2d54cd01 Support $variables in oper::vhost (for variables see previous commit)
Eg: vhost "$operlogin@$operclass.example.net";

Also add potentially_valid_vhost() function which can be used in
config code to ignore invalid $vars. Then at runtime you use the
real valid_vhost() function after variable expansion by
unreal_expand_string().
2024-09-20 17:26:16 +02:00
Bram Matthys 4557036cd6 Move unreal_expand_string() to an efunc so all code can access it
and use it not only from vhost { } block code but also for like
blacklist::reason.

This so the same variables with the same names are available at
those places.

Supported are:
$nick, $username, $realname, $ip, $hostname, $server, $account,
$operlogin, $operclass, $country_code (xx for unknown),
$asn (0 for unknown).
2024-09-20 17:13:23 +02:00
Bram Matthys 60c0ab8da2 Make vhost::vhost support $variables. Currently supported are:
$nick, $username, $realname, $ip, $account, $operlogin, $operclass,
$country_code (xx for unknown), $asn (0 for unknown).

Note that if a $variable fails to expand, eg $operlogin but the
user is not oper, then the vhost will not be applied. A warning
is sent to the vhost snomask (+s +v) in such a case.

Examples:

/* Set authenticated users to $account.example.org */
vhost { auto-login yes; vhost $account.example.org; mask { identified yes; } }

/* Obviously not really a good idea, but.. to illustrate: */
vhost { auto-login yes; vhost $country_code.example.org; mask *; }

Also, when vhost { } blocks are read and need to be matched, they
are read top-down now, which is the most logical way. First match wins.

All this needs testing :)
2024-09-20 16:48:22 +02:00