1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 01:23:13 +02:00
Commit Graph

1435 Commits

Author SHA1 Message Date
Bram Matthys 992bed3c7a Similar to previous commit, change: alter HOOKTYPE_MODE_DEOP function:
-int hooktype_mode_deop(aClient *sptr, aClient *victim, aChannel *chptr, u_int what, char modechar, long my_access, char **badmode);
+int hooktype_mode_deop(aClient *sptr, aClient *victim, aChannel *chptr, u_int what, int modechar, long my_access, char **badmode);
.. this to get rid of a compiler warning and potential problem.
2018-04-22 16:09:10 +02:00
Bram Matthys 4f0f8478cc Update HOOKTYPE_CHANNEL_SYNCED to get rid of compiler warning.
Can't safely use shorts with variable argument functions I think,
or maybe only with reduced type checking which is not what we want.
-void hooktype_channel_synced(aChannel *chptr, unsigned short merge, unsigned short removetheirs, unsigned short nomode);
+void hooktype_channel_synced(aChannel *chptr, int merge, int removetheirs, int nomode);
2018-04-22 16:02:13 +02:00
Bram Matthys bb4758f321 Add strldup() and safestrldup(), reducing ridiculous amount of code in
m_pass and m_topic.c when duplicating strings with a length limit.
+/* strldup(str,max) copies a string and ensures the new buffer
+ * is at most 'max' size, including nul byte. The syntax is pretty
+ * much identical to strlcpy() except that the buffer is newly
+ * allocated.
+ * If you wonder why not use strndup() instead?
+ * I feel that mixing code with strlcpy() and strndup() would be
+ * rather confusing since strlcpy() assumes buffer size including
+ * the nul byte and strndup() assumes without the nul byte and
+ * will write one character extra. Hence this strldup(). -- Syzop
+ */
2018-04-22 15:40:21 +02:00
Bram Matthys 6990b7d9a6 Mass-replace MyMalloc with MyMallocEx, even if it's unnecessary.
Replace century-old custom functions with C standard funcs,
such as AllocCpy -> strdup.
2018-04-22 14:55:07 +02:00
Bram Matthys 61f40a59a7 Remove unused events.h 2018-04-22 14:36:21 +02:00
Bram Matthys 9a1a4f13a4 Remove sjoin.h (was included but contents were unused) 2018-04-22 14:32:28 +02:00
Bram Matthys d5d446c38d More code cleanups to get rid of useless casts and other useless
structures such as:
-       lp->value.cp = (char *)MyMalloc(strlen(mask) + 1);
-       (void)strcpy(lp->value.cp, mask);
+       lp->value.cp = strdup(mask);
2018-04-22 14:28:22 +02:00
Bram Matthys 680715b1b5 Partially rewrite send_channel_modes() (+helper functions).
Although this is only used by servers lacking SJOIN/SJOIN3 so
is of limited use. Still.. got rid of the most ridiculous casts.
2018-04-22 13:51:37 +02:00
Bram Matthys 147ae3012b Get rid of about a million (now) useless casts and some re-indenting. 2018-04-22 10:29:36 +02:00
Bram Matthys 8d7d6d7c4c Get rid of compiler warning 2018-04-22 09:50:13 +02:00
Bram Matthys 5044013dd5 Make m_ircops use RPL_TEXT rather than conflicting numeric.
The output of /IRCOPS isn't meant to be client parsable anyway (which
can be seen by the use of bold text and such), so using a generic
numeric rather than wasting two others seems sensible.
Reported by The_Myth in #5066.
2018-04-22 09:42:14 +02:00
Bram Matthys 04ca88cc1e Fix bug in blacklist module with multiple replies for the same IP.
We only parsed the first A record reply, so if the blacklist returned
multiple results /and/ you would not have all those types in your
blacklist { } block then you could miss a hit (false negative).
2018-04-22 09:04:14 +02:00
Bram Matthys ad9ca5e449 Add support for checking IPv6 addresses in blacklists.
Suggested by k4be (#5040).
2018-04-22 08:30:02 +02:00
Bram Matthys 41b7e1b735 'set::cloak-method ip' not working properly with DNS resolving.
Reported by The_Myth (#5064).
2018-03-07 10:22:24 +01:00
Bram Matthys 5609b36850 Fix crash with OperOverride 2017-12-22 09:48:42 +01:00
Bram Matthys 0a9306ca5b CIDR support in set::antirandom::except-hosts
Or, to be more precise: converted code to use match_user() framework.
2017-12-17 10:06:39 +01:00
Bram Matthys 33ec662205 Remove a junk notice regarding SJOIN 2017-12-17 09:26:19 +01:00
Bram Matthys dc7cb17eff Fix linking problem if only using link::outgoing (and not link::incoming)
which is perfectly legal but caused a confusing error message about
a 'server name mismatch'.
2017-12-13 09:02:32 +01:00
Bram Matthys 079963cdc6 Set prio for HOOKTYPE_CHANNEL_DESTROY to -1mln so other hooks are
called later.
2017-12-06 17:53:26 +01:00
Bram Matthys a07411217f Apparently individual PROTOCTL tokens were limited at 128 chars.
This posed a limitation with utf8 PROTOCTL NICKCHARS=... and
potentially PROTOCTL SERVERS=... if having more than 32 servers.
The limitation has now been removed (buffer length = 512)
2017-12-01 10:00:15 +01:00
Bram Matthys c603cc52b3 Reject link if we have any utf8 charset enabled and other side doesn't. 2017-12-01 09:56:08 +01:00
Bram Matthys 82659cfecc '/SPAMFILTER del <id>' was not working across servers.
This was actually a read-after-free bug (IRCOp-only)
2017-11-30 21:59:30 +01:00
Bram Matthys 40293aaaa7 Move charsys definitions from .h to charsys.c & add some fwd decl 2017-11-27 12:32:14 +01:00
Bram Matthys abaacb6643 Permit 0xa0, if it appears inside UTF8 (via set::allowed-nickchars).
This is the "non breaking space" outside UTF8 and thus was previously
blacklisted. Keeping it blacklisted even if it appears in UTF8 is not
really an option as it means some UTF8 characters can never be used,
like the letter "nun" in Hebrew, and likely others.
2017-11-27 11:41:07 +01:00
Bram Matthys b5b01c5263 Modularize charsys (set::allowed-nickchars). It's still a mandatory
module but at least the code can be updated on the fly (or replaced
with some other secondary alternative module in the future).
src/charsys.c -> src/modules/charsys.c
This also means everyone needs to load the modules/charsys module.
2017-11-27 11:24:25 +01:00
Bram Matthys 12df5a96ff Fix crash if using anope with old unreal32 mod w/SSL on non-localhost.
Sounds rare and you should really use a more recent version of anope
with the unreal4 protocol module. But, of course, we shouldn't crash.
2017-11-21 11:40:07 +01:00
Bram Matthys 87a42edd4b extbans/timedban automatic -e/-I fix (duh)
Should add a testcase for it, but the test would take 1 minute. Hmmm.
2017-11-20 18:50:02 +01:00
Bram Matthys 0cc5eddce2 extbans/timedban (~t): fix unset not working for +e/+I and reduce load
by spreading the unset event over multiple events (process roughly a
quarter each time). Not important for small networks but for big ones..
2017-11-20 16:48:48 +01:00
Bram Matthys e67d49112e Re-indent src/modules/m_mode.c (yuck...) 2017-11-20 13:48:18 +01:00
Bram Matthys aa093f3e2b Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
Naturally this is only available if the extbans/timedban module is
loaded and you should do so on all your servers on the same network
if you want to avoid confusion/desynchs.
2017-11-20 09:44:25 +01:00
Bram Matthys 92afdb56b5 Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
=> Note that you need to load the extbans/timedban module!
Some examples:
* A 5 minute ban on a host:
  +b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
  +b ~t:5:~q:*!*@host
* An invite exception for 1440m/24hrs
  +I ~t:1440:*!*@host
* A temporary exempt ban for a services account
  +e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
  +e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
2017-11-20 09:16:03 +01:00
Bram Matthys eb205e04cc Make types future-proof. Fix ~m case for +M.
BypassMessageRestrictionType -> BypassChannelMessageRestrictionType
BYPASS_MSG_* -> BYPASS_CHANMSG_*
2017-11-19 17:12:28 +01:00
Bram Matthys 1b2b28e6c6 New ban exception ~m:type:mask - allows bypassing of message restrictions.
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
'filter' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
2017-11-19 16:40:39 +01:00
Bram Matthys dd6f67a266 Send errors regarding invalid bans (if available).
Fix case where conv_param() returns NULL (ban rejected)
causing is_ok() function not to be called so the user
never sees the error. We now try to call the is_ok after
conv_param returns NULL.
So not really an API change, more like a fix.
2017-11-18 19:15:44 +01:00
Bram Matthys b046b86a6e Way to customize the reject connection messages. 2017-11-17 11:13:11 +01:00
Bram Matthys d13c7b20d0 Code cleanups in AllowClient and register_user 2017-11-17 10:37:45 +01:00
Bram Matthys 7b7f492b71 Move AllowClient/check_client/check_init to m_nick module 2017-11-17 10:10:28 +01:00
Bram Matthys 3c0db9c72f Move HOOKTYPE_SECURE_CONNECT hook and mode setting up a bit. 2017-11-13 17:02:05 +01:00
Bram Matthys 527fa9818c UnrealIRCd will no longer give +z to users on WEBIRC gateways, unless
the WEBIRC gateway gives us some assurance that the
client<->webirc gateway connection is also secure (eg: https).

This is the regular WEBIRC format:
WEBIRC password gateway hostname ip

This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure

Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.

https://github.com/ircv3/ircv3-ideas/issues/12
2017-11-13 16:47:22 +01:00
Bram Matthys 512c8fb000 Move the place where we set umode +z (secure). Needed for next. 2017-11-13 16:23:49 +01:00
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys 77234b2b8d API change for HOOKTYPE_PRE_INVITE and fix #5023:
* API change for HOOKTYPE_PRE_INVITE:
  (aClient *sptr, aClient *target, aChannel *chptr, int *override)
  Modules must now send the error message instead of only returning
  HOOK_DENY. Also check for operoverride and set *override=1.

This so modules can send their own error messages instead of the
default message being sent ("channel is +V" - which is not true).

Reported by Gottem (#5023).
2017-10-23 10:07:33 +02:00
Bram Matthys 6ab81ab7b4 Fix bug caused by 5124e60b7c a few days ago:
channel MODE without parameters being sent when force-rejoin is in use.
2017-10-18 17:39:54 +02:00
Bram Matthys d67de82786 Add extra 6 second fake lag penalty on /INVITE. 2017-10-18 15:56:06 +02:00
Bram Matthys 5bedeaa9bf Set cptr->name after EAUTH. Fixes bug #4915 reported by Eman:
missing server name in link rejection message (clock mismatch).
2017-10-18 15:43:13 +02:00
Bram Matthys 70b64c2ad8 If you have any blacklist { } block then UnrealIRCd will set an
set::handshake-delay of 2 seconds by default. This will allow (most)
DNSBL checking to be finished before the user comes online, while
still allowing a smooth user experience.
If your DNS(BL) is slow then you could raise this setting slightly.
2017-10-18 15:03:12 +02:00
Bram Matthys 3aa6adcbfc Rename 'draft/sts' to 'sts'. 2017-10-17 18:12:13 +02:00
Bram Matthys 307243ff7a Show (previously hidden) umode -r to user on nickchange.
Reported by Mewsito (#4949).
2017-10-11 18:25:58 +02:00
Bram Matthys 1d659296c2 Fix Windows compile problem 2017-10-11 17:33:39 +02:00
Bram Matthys b7b8e41ac4 CAP chghost: also send CHGHOST message to "self" (impacted user)
https://github.com/ircv3/ircv3-specifications/issues/324
2017-10-11 10:29:00 +02:00