1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 05:03:12 +02:00
Commit Graph

3149 Commits

Author SHA1 Message Date
Valerie Liu aa9fdd352a Move giving of set::modes-on-connect to after SASL (#270)
This so account-based security groups work correctly with security-group based set xxxxx { modes-on-connect ....; } settings.
[skip ci]
2024-02-11 09:32:20 +00:00
Bram Matthys 037889d7ac Add safety rollback of spamfilter if it doesn't compile. Should not be needed
but we (I) tend to screw up in other areas :D
[skip ci]
2024-01-17 09:48:47 +01:00
Bram Matthys b8a8863c19 Get rid of [BUG] message due to no-implicit-names patch if using DEBUGMODE.
main.BUG_CLIENTCAPABILITYBIT_UNKNOWN_TOKEN [warn] [BUG] ClientCapabilityBit() check for unknown token: no-implicit-names
2024-01-10 18:03:43 +01:00
Bram Matthys ae0206a92a Add oper::auto-join. This setting overrides set::oper-auto-join.
Suggested by Chris_dc in https://bugs.unrealircd.org/view.php?id=6255
2024-01-10 17:06:35 +01:00
Bram Matthys 9f3f9522cf Make operclass available in security-group & mask/match.
security-group netadmin { operclass { netadmin; netadmin-with-override; } }

Untested.
2024-01-10 14:14:14 +01:00
Bram Matthys 079e7babef Fix "Central blocklist too slow to respond" message when using softban
or require authentication { } block.

And the connecting user would get a message every second, which was
a bit floody ;D.

Repoerted by GHF in https://bugs.unrealircd.org/view.php?id=6375
2023-12-28 13:30:49 +01:00
Bram Matthys 64ea1d09d6 Move 'reserved clients' stuff to runtime, since 'ulimit -n' could be lower.
This fixes a bug where if you run ./Config with 'auto' file descriptors,
and then have an unusually low 'ulimit -n' of like 150, you would end up
with a negative amount of file descriptors available for use.

This fix moves it from compile-time setting of reserved fd's to runtime
setting.

All this is wrong, by the way, but that is for another major overhaul,
at least this bug is fixed now :D
2023-12-28 09:00:09 +01:00
Bram Matthys 88c2083df9 Fix no-implicit-names to set official flag. As all buildbots failed. 2023-12-26 15:41:06 +01:00
Bram Matthys 600185deba Add support for CAP draft/no-implicit-names
https://github.com/unrealircd/unrealircd/pull/265 by Valware
"This is an IRCv3 extension which lets clients opt-out of receiving /names on join.
 This is useful for bots on large channels who do not need to know who is in the channel.
 Specification: https://ircv3.net/specs/extensions/no-implicit-names"

+ module rename from 'no-implicit-names-cap' to 'no-implicit-names'
  (simply because no other modules has that -cap suffix)
+ update to Makefile.windows
2023-12-26 14:46:54 +01:00
Bram Matthys 48d3673a02 Only do slow spamfilter detection for regexes, not for 'simple' */?
Since it is pointless and this saves some CPU :)
2023-12-22 15:43:11 +01:00
Bram Matthys c5ed4ef9bb Don't call spamfilter for TAGMSG. If you are filtering that, look at 'T'.
Calling spamfilter for TAGMSG makes no sense as the text is "" (empty) :D

If you want to filter message tags, have a look at spamfilter type 'T',
which filters individual message-tags (not just the ones in TAGMSG but
also for PRIVMSG and NOTICE).

[skip ci]
2023-12-22 15:38:14 +01:00
Bram Matthys 70a59b8b1e central-api: add format check for api-key so people don't use a request-key there.
Reported by DeviL.
2023-12-18 09:37:18 +01:00
Bram Matthys 49e84436b4 Fix +I ~operclass requiring an operclass block name of >3 characters.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6372

Was an old leftover check from old style extban API
2023-12-17 09:53:36 +01:00
Bram Matthys b0e87dcafa Fix crash issue in websocket server (CVE-2023-50784) 2023-12-15 12:34:06 +01:00
Bram Matthys fa84174d22 Fix the fix for frame assembly in webserver. 2023-12-12 18:05:23 +01:00
Bram Matthys 7b8c9e8d72 Fix memory leak due to change from yesterday (duh..)
Caused by 4178cb3f81
[skip ci]
2023-12-08 07:44:45 +01:00
Bram Matthys 4178cb3f81 Fix frame reassembly in webserver_handle_request_header()
Previously the same code caused no problem, but then
2fcb5b4669 changed the read buffer
size to 16384.
Since then (6.1.2.x) the webserver_handle_request_header() function
was sometimes cutting 1 byte off the packet due to sizeof(netbuf)-1
which was 16383 bytes. We now no longer use a fixed value and
allocate memory dynamically on the heap.

This fixes the bug that I was seeing but this change still needs
serious extra testing as it may affect websockets and RPC!
2023-12-06 18:19:17 +01:00
Bram Matthys 49614fc891 Thanks to Koragg for reporting previous issue :D
54ad2d1586
[skip ci]
2023-12-05 18:31:56 +01:00
Bram Matthys 54ad2d1586 Fix crash with 'crule', because it was being checked against Services bots 2023-12-05 18:22:25 +01:00
Bram Matthys 99fcf9adf6 Add unrealircd_version in CBL request, mostly for the future.
[skip ci]
2023-12-01 08:03:43 +01:00
Bram Matthys 96b18946ca Include oper name on /SPAMREPORT (for central spamreport) 2023-12-01 07:58:01 +01:00
Bram Matthys 53f0f0cb94 Fix unitialized variable access caused by earlier commit of today
(only if you use a proxy block)
2023-11-27 17:59:37 +01:00
Bram Matthys 5f767a8fe8 Proxy block: rework and add support for X-Forwarded-For, Cloudflare, etc. 2023-11-27 12:10:17 +01:00
Bram Matthys 026d5522a8 Remove WSU() items forwarded & secure, since these are in webserver nowadays. 2023-11-27 10:07:34 +01:00
Bram Matthys 02ac1fc0b3 Add an option to check websocket Origin header via
listen {
	websocket {
		allow-origin { *.example.net; }
	}
}

This allows you to limit websockets to a particular domain, IF the
user is using a normal browser.

Note that any non-browser (eg a websocket command line program) could
just spoof the Origin header, so for that case it doesn't really add
any security or real restriction.
2023-11-26 20:08:17 +01:00
Bram Matthys 98c264aabf Fix some more warnings, rather minor.
[skip ci]
2023-11-26 18:48:09 +01:00
Bram Matthys 0a7f1adc8b Add value check for blacklist config, well, fix it i mean.
And fix some compiler warning (remove a useless check).
[skip ci]
2023-11-26 16:36:11 +01:00
Bram Matthys 07cc8eaeaf central-*.c: remove old module manager stuff and bump version.
[skip ci]
2023-11-25 17:29:06 +01:00
Bram Matthys 4da58dde41 Update central spamreport, https://www.unrealircd.org/docs/Central_spamreport
set::central-blocklist::spamreport and ::spamreport-enabled are now GONE.
We now require a normal spamreport block, just like for other spamreport
functionality. So, if you want to enable this feature, use:
spamreport unrealircd { type central-spamreport; }

See https://www.unrealircd.org/docs/Central_spamreport for all info.

You can use CBL with central spamreport or central spamreport without CBL.
All explained at that URL.
2023-11-25 11:50:25 +01:00
Bram Matthys d08160baca Add option set::central-blocklist::blocklist-enabled yes/no (default yes).
This is mainly for the (less usual) case when someone wants to
use SPAMREPORT but does NOT want to use CBL:

set {
	central-blocklist {
		blocklist-enabled no;
		spamreport-enabled yes;
	}
}

Also documented at https://www.unrealircd.org/docs/Central_spamreport
under 'Configuration'
2023-11-25 10:26:56 +01:00
Bram Matthys bdfc3c97dd Add RegisterApiCallbackResolverHost() and make blacklist module non-PERM.
Hopefully this works OK... still need to test w/REHASH to see.
2023-11-25 09:39:50 +01:00
Bram Matthys 55d1398fca Move dns.h include to unrealircd.h and remove it elsewhere.
Because I need c-ares prototypes in modules.h, for next commit.
[skip ci]
2023-11-25 09:05:55 +01:00
Bram Matthys 6ce1958e1c Add URL API and use it at one place from central-blocklist. Docs at:
https://www.unrealircd.org/docs/Dev:URL_API
2023-11-25 08:31:12 +01:00
Bram Matthys 1282d2f2be URL API: Response callback is now two structs so we can easily extend.
callback(OutgoingWebRequest *request, OutgoingWebResponse *response)
2023-11-24 12:31:49 +01:00
Bram Matthys 3548b7e2af New URL API (not really a unrealircd module api tho) - work in progress.
No longer url_start_async(a,b,c,d,e,f,g,...) but usings structs so
simply url_start_async(tehstruct);
makes it easy to add fields later without forcing all modules to
change the prototype.

Work in progress....
2023-11-24 11:27:39 +01:00
Bram Matthys be586531bc Make get_central_api_key() an efunction rather than doing things by hooks.
An efunction with a default that returns NULL, so you don't need to
load the module if you don't want the functionality.
2023-11-24 09:24:10 +01:00
Bram Matthys d73c8b30d2 Fix compile problem with central-blocklist on FreeBSD. 2023-11-24 09:13:13 +01:00
Bram Matthys 6aae3e7a5d Update modules and Makefiles so central-api & central-blocklist compile. 2023-11-24 07:31:22 +01:00
Bram Matthys ebd39f4144 First import these as-is from third/ to track history properly (not compilable)
[skip ci]
2023-11-24 07:26:54 +01:00
Bram Matthys fe8e8e1274 Via JSON-RPC one could place a gzline on ident@host, which is invalid.
The effect it had was actually *@host, so ident@* became *@* -grin-.

Was caused by add=0 at the server_ban_parse_mask() causing a check
not to happen. Fixed now.

Reported by Jellis in https://bugs.unrealircd.org/view.php?id=6358
2023-11-24 07:14:23 +01:00
Valerie Liu 7b9aacd609 Fix accidental truncation in SREPLY (#257) 2023-11-20 15:30:08 +00:00
Valerie Liu 8c0243182c Fix server notice about setting -Z, it was sent from the SID instead of server name (#263) 2023-11-20 15:28:23 +00:00
k4be fb6711c671 Improve MONITOR/WATCH extensibility.
The `watch-check` function now has a new argument which can be used to pass data to watch_notify callbacks.
New `watch_add` and `watch_del` hooks are called whenever new entries are created or removed.
New `monitor_notification` hook is called whenever a RPL_MONONLINE or RPL_MONOFFLINE is being sent, so a module can add its own notification besides it.
2023-11-19 14:01:16 +01:00
Bram Matthys e84e2b30d2 Forward SPAMREPORT command to the server that the target user is on.
That is, if a nick is specified. For an IP address obviously we won't.

This is needed later for when unrealircd api SPAMREPORT becomes
available, since remote servers don't have all the info.

Side-effect is that, if you only configured one server to do
spamreporting, that won't work anymore. But that is an unusual
case anyway, and now unsupported :D.
2023-11-12 17:29:35 +01:00
Bram Matthys 7649520f63 Fix HOOKTYPE_IS_HANDSHAKE_FINISHED not called at two places where
register_user() is called.
2023-10-23 19:02:03 +02:00
Bram Matthys 5b7e375213 Limit operclass name to a-zA-Z0-9_- and use the same validation in ~operclass extban.
This fixes the issue where +e/+I ~operclass:name gets cut off if the
name contains any digits.

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6353

Also, we previously allowed any characters in the operclass, which is not
a great idea.
2023-10-23 09:51:01 +02:00
Bram Matthys 9a6a06b63f Split resolver channel into two: client & dnsbl 2023-10-11 18:08:26 +02:00
Bram Matthys 25d1bdfbf5 Make central spamfilters show in STATS spamfilter as "-centralspamfilter-"
rather than "-config-". Suggested by Lord255.
[skip ci]
2023-10-06 08:29:19 +02:00
Bram Matthys 45002eeb6f Fix STATS output for config-based spamfilters with reasons with spaces.
For config-based spamfilters, the reason was not escaped, meaning that
spaces and underscores did not work as expected.
For example, in "STATS spamfilter" the spaces were displayed as-is
which means that the numeric output was not really parsable.

Apparently this bug exists since UnrealIRCd 5 already...
2023-10-06 07:36:26 +02:00
Bram Matthys 25d5a2ac64 Fix possible crash on SETNAME with spamfilter 'u'.
[skip ci]
2023-10-06 07:19:04 +02:00