1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 18:26:38 +02:00
Commit Graph

5362 Commits

Author SHA1 Message Date
Bram Matthys 99defea611 ** UnrealIRCd 5.0.8-rc1 ** 2020-12-30 14:14:33 +01:00
Bram Matthys 53d23038e5 Support for security groups and new +b ~G:unknown-users:
* There are two security groups by default: known-users and unknown-users.
  See https://www.unrealircd.org/docs/Security-group_block
* New extended ban ~G:securitygroupname, with the typical usage being
  MODE #chan +b ~G:unknown-users, which will ban all users from the
  channel that are not identified to services and have a reputation
  score below 25.
2020-12-30 12:42:56 +01:00
Bram Matthys f45a3a912f Make the binary print out a helpful message pointing to the script,
in case someone does like 'bin/unrealircd mkpasswd' or something.
2020-12-29 15:07:28 +01:00
Bram Matthys 04a45e8b83 Fix targetfloodprot module not exempting U-Lines (only matters if not +o).
It is highly recommended that services pseudo users all have +o since
there are likely many places where ULines don't bypass a restriction while
opers do. But still, this particular issue has been fixed, it caused
unexplained loss of messages which looked rather mysterious.
Reported by severinmueller in https://bugs.unrealircd.org/view.php?id=5799
2020-12-29 12:44:54 +01:00
Bram Matthys fff989c46e Make windows compile again by dropping const stuff added 2 commits ago
in reputation commit. Not important anyway.
2020-12-16 15:59:30 +01:00
Bram Matthys b2ceb9c825 Fix warning about certificate expiry appearing every 43 seconds
rather than twice a day. Reported by PeGaSuS in
https://bugs.unrealircd.org/view.php?id=5797
2020-12-16 15:40:02 +01:00
Bram Matthys 9d88bb6fe9 Add /REPUTATION #channel and /REPUTATION <NN
The reputation command (IRCOp-only) has been extended to make it
easier to look for potential troublemakers:
* ```REPUTATION Nick``` shows reputation about the nick name
* ```REPUTATION IP``` shows reputation about the IP address
* ```REPUTATION #channel``` lists users in channel with their reputation score
* ```REPUTATION <NN``` lists users with reputation scores below value NN
2020-12-06 16:37:31 +01:00
Bram Matthys 4b53b02299 Add set::max-stats-matches which limits output such as '/STATS gline'
to the specified number of lines. This defaults to 1000.
This will prevent IRCOps from being flooded off ("Max SendQ exceeded")
if they list all *LINES and there are thousands.
In the newly introduced error message, after too many matches,
we also kindly point out to use filters like '/STATS gline +m *.nl'
2020-12-06 15:50:28 +01:00
Bram Matthys 8c04036fd8 Send ERR_ALREADYREGISTRED for USER and PASS rather than ERR_NOTFORUSERS.
Reported by Koragg in https://bugs.unrealircd.org/view.php?id=5766
2020-12-06 09:46:12 +01:00
Bram Matthys adc2a9774f Mention Q-line reason in server notices. Suggested by ivanp in
https://bugs.unrealircd.org/view.php?id=5774
2020-12-06 09:19:11 +01:00
Bram Matthys ece2dc9c12 Remove redundant output on './unrealircd version'. 2020-12-05 16:23:45 +01:00
Bram Matthys d573f77b10 API doc tweak
[skip ci]
2020-12-04 10:10:50 +01:00
Bram Matthys 7002139fad Add self-test to module manager for those who rm -rf their source directory. 2020-11-28 11:31:31 +01:00
Bram Matthys 7a3876e7b2 Doxygen U5 API docs: add examples to sendto_one(), sendto_channel()
and sendnumeric().
2020-11-24 19:27:22 +01:00
Bram Matthys f494707a47 Doxygen: document list_for_each_entry with examples and
add 'channels' to the page as well.
2020-11-23 10:25:49 +01:00
Bram Matthys 10e01aee0a Doxygen U5 API docs: document find functions and send API
See https://www.unrealircd.org/api/5/
And more specific: https://www.unrealircd.org/api/5/modules.html
2020-11-23 08:55:45 +01:00
Bram Matthys 180653dce5 Set version to 5.0.8-git 2020-11-22 18:37:37 +01:00
Bram Matthys 836a3000bd Update some comments in ircd.c, nothing fancy. 2020-11-22 18:34:20 +01:00
Bram Matthys f808e56ffb Fix counting clients twice. Reported by Le_Coyote. 2020-11-22 16:03:42 +01:00
Bram Matthys f8343c2e2a Move s_die definition to h.h. 2020-11-18 07:47:26 +01:00
Bram Matthys 8d7e25e50e Make get_file_time() and get_file_size() available via h.h.
And move those 2 functions plus file_exists() to misc.c.
2020-11-16 18:21:27 +01:00
Bram Matthys 20b2975a2c Hmm.. genlinkblock is not very useful without this. 2020-11-16 18:14:52 +01:00
Bram Matthys c369551721 Commit first 40% of Hook API Documentation in doxygen.
The remaining 60% consists of placeholders at the moment.

Note: if you are running git then don't try to live-reload these
changes, ircd must restart.
2020-11-08 16:16:59 +01:00
Bram Matthys 0ae05dcd60 Remove unused code in secureonly. This isn't used since the +z/+Z split. 2020-11-08 10:02:27 +01:00
k4bek4be da6ccb639d Fix a warning typo (#126)
Deprecated warning mentions set::oficial-channels, which should be set::official-channels
2020-10-22 19:37:41 +02:00
Robert Scheck 831737f13e Exit with a successful return code upon receipt of SIGTERM (#125) 2020-10-20 07:26:57 +02:00
Bram Matthys 75efe02040 And add config check for X509_get0_notAfter().
For our Ubuntu 16 friends.
2020-10-11 15:56:06 +02:00
Bram Matthys b3510c5da8 Fix for previous commit with OpenSSL <1.1.0 (Debian 8, Ubuntu 16, ..)
Thank you BuildBot.

This means on older OpenSSL's we are not going to have certificate
expiry checks. Those OpenSSL versions were deprecated by the OpenSSL
team itself, so yeah then you will miss out a few things.
2020-10-11 15:39:27 +02:00
Bram Matthys 6778b3e26d Warn when SSL/TLS certificate is expired or expires soon (<7d).
Since an expired certificate usually means that users cannot connect
we will actively warn all IRCOps about this situation twice a day.
2020-10-11 15:00:09 +02:00
Bram Matthys 8619d1e763 Add optional allow::options::reject-on-auth-failure, as requested
by armyn in https://bugs.unrealircd.org/view.php?id=5769.

The default behavior in 5.x is to continue matching:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*; password "iwantmore"; class clients; maxperip 10; }
This so users who provide a password get additional rights,
such as a higher maxperip or a different class, etc.
If the user connects without a password then we simply continue
to the next block and use the general block with only 2 maxperip.

However, some people want to use passwords to keep other users out.
That is entirely understandable as it is an 'allow block' after all.
For example:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*.nl; password "tehdutch"; class clients; maxperip 2; options { reject-on-auth-failure; } }
In this case anyone without the correct password will be rejected access.
2020-10-11 09:24:11 +02:00
Bram Matthys 00fa88daee Remove special code for '/who nick' and replace it with generic code
if someone searches explicitly on a nick name and that user exists.

This fixes a bug where doing '/who name a' would return only 1 result
if 'name' exists as a nick, even though multiple people with the
same account 'name' are online and visible to the user, as
reported in https://bugs.unrealircd.org/view.php?id=5761 by Koragg.
2020-10-11 08:37:22 +02:00
Bram Matthys 9c85cd5bc6 *** UnrealIRCd 5.0.7 release *** 2020-10-10 15:04:18 +02:00
Bram Matthys f2d49eed04 Reputation used the score of the WEBIRC IP rather than the end-user IP.
This resulted in high reputation scores for all WEBIRC users.
Reported by DeviL.
2020-09-28 17:41:37 +02:00
Bram Matthys f424a0560a Update release notes 2020-09-28 09:08:17 +02:00
Bram Matthys e62bad9924 Make it "End of /OPERMOTD command" at end of OPERMOTD.
Reported by bitmaster in https://bugs.unrealircd.org/view.php?id=3895
2020-09-27 20:21:55 +02:00
Bram Matthys b4b7908612 Fix '/STATS b' and '/STATS badword' not working.
Reported by CoreDuo in https://bugs.unrealircd.org/view.php?id=4722
2020-09-27 18:20:34 +02:00
Bram Matthys b01cbff3e1 Add message tags (such as server-time) to PONG.
Requested by GaMbiTo- and KiwiIRC authors in
https://bugs.unrealircd.org/view.php?id=5758
2020-09-27 16:57:28 +02:00
Bram Matthys 61e8c8d851 Fix labeled-response causing two lines in one websocket frame.
This goes against our guarantee of 1 IRC line = 1 websocket frame.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=5708
2020-09-27 12:17:02 +02:00
Bram Matthys 9002c92062 Set version to 5.0.7-git and start on some early release notes. 2020-09-26 14:28:41 +02:00
Bram Matthys 57d0efbc58 Recode textbans so voiced users cannot bypass them.
Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698

Although voiced users normally bypass bans, it is not really logical
for them to bypass filtering of banned words, since that is normally
a policy decission by channel management. So +v will not bypass it.

1) The problem is that this is enforced at the ban layer API.  The extban
routines, textban in this case, are not called when the user is voiced,
because voiced users bypass bans.  If we would change that in the ban API
then voiced users can also no longer talk through (=bypass) regular +b or
other extended +b such as ~a (account) etc.

2) I figured we would then make +T not use the ban API but the
can_send_to_channel hook instead.  However, then you have to do manual
looping through bans and such, it's rather ugly from a coding point of view,
and you risk "missing" things like ~T stacked with ~t.

3) Then I went back to look if the ban API could be changed by having the
textban module set a flag and then the ban api would call that specific
module still for voiced users.  While starting on that, unfortunately things
(variables, arguments) cascaded quickly into having to change all kinds of
underlying functions that would break the module API.

4) I then went back to option 2 and implemented it, trying to deal
   with all its caveats.
2020-09-26 13:43:46 +02:00
Bram Matthys 5320d54e8e Disallow ~T with any action extban, eg ~n:~T:censor:xyz.
We still allow timed bans though, eg ~t:1:~T:block:*whatever*
2020-09-26 12:49:58 +02:00
Bram Matthys 02f0d059c5 hideserver::disable-links did did not disable /LINKS.
Reported by Apocalypse32 in https://bugs.unrealircd.org/view.php?id=5753
Probably since 5.0.0, due to my mass command api changes.
2020-09-26 12:16:17 +02:00
Bram Matthys a02f94f867 Clean up WHOX a bit and fix WHO hiding yourself if not in any channels,
reported by Koragg in https://bugs.unrealircd.org/view.php?id=5757.

This changes the following in the code of who_global():
1) We initialize all the 'marked' users to zero at the beginning,
   and remove the previously unmarking in the bottom loop that
   shouldn't have anything to do with it. Now there's "no way"
   to screw up initialization of marked users.
2) Check for marked users in the bottom loop.
3) Thanks to #1 and #2 we can now easily add simple logic like
   not skipping when client==acptr.
4) Similarly, we can remove checks for +i/-i in who_common_channel(),
   and as a bonus we will list common channel results altogether
   in the WHO result, rather than first +i on common and then at the
   very end the remaining -i (which may also be in common channels).

All in all, the code is now more like how I would write it, rather
than the original. It's now harder to screw things up if you change
some visibility or searching logic here or there.
2020-09-26 08:43:51 +02:00
Bram Matthys 578f8f248c Warn user when undocumented set::ssl::dh / set::tls::dh is present.
That option specified a Diffie Hellman parameter file. Since
UnrealIRCd 5.0.0 we no longer process this option.
This option has never been documented in the wiki docs.
We prefer and use ECDHE/EECDH with SSL_OP_SINGLE_ECDH_USE since 2015
to provide Forward Secrecy in SSL/TLS. And indeed, by now in 2020,
any properly maintained software uses it and old DH(E) usage has
fallen to less than 1%.

What this patch does is remove the unused code (since Dec 2019) and
show a warning if you have a ::dh config directive, so that at least
you are informed that it is unused/ignored. Since it was undocumented
it probably hardly affects anyone, but still, it is proper to inform.
2020-09-12 09:38:17 +02:00
Bram Matthys fea2522067 Fix memory leak on './unrealircd reloadtls' / '/REHASH -tls'
Reported by NoXPhasma in https://bugs.unrealircd.org/view.php?id=5745
2020-08-29 15:05:41 +02:00
Bram Matthys 8bed1cb42e Channel mode +l is now limited between 1 and 1 billion, so positive
numbers only. This makes things more logical for end-users.
This fixes https://bugs.unrealircd.org/view.php?id=5746,
bug reported by KindOne.
The same issue was also fixed by previous commit, but still:
it is better to limit things to a narrower range, this so you
don't get different behavior depending on the CPU a server uses.
2020-08-29 14:40:09 +02:00
Bram Matthys 10ecbffcaa Fix irc*printf handling of certain negative numbers 2020-08-29 14:13:58 +02:00
Moses f5132176b7 Baltics nickchars support (#119)
This adds support for latvian-utf8, estonian-utf8 and lithuanian-utf8
in set::allowed-nickchars. Patch from moseslecce.

Co-authored-by: David Lecce <3292014+davidlecce@users.noreply.github.com>
2020-08-26 07:17:07 +02:00
Bram Matthys db79823578 If no set::modes-on-connect is present we now default to +ixw.
This should be rare, since modes-on-connect is in the example
configuration file with +ixw since 2003, but still... just in
case someone completely misses the modes-on-connect configuration
item, then make sure that we have a safe and good default.
2020-07-25 19:22:50 +02:00
Bram Matthys 13fff82a56 Update version in Windows manifest 2020-07-15 19:55:19 +02:00