1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 14:33:14 +02:00
Commit Graph

2039 Commits

Author SHA1 Message Date
Bram Matthys ed16dad40e Add a bunch of crule functions:
* Boolean checks: is_oper, is_local, has_swhois
* Match functions: match_class, match_server, match_vhost,
  match_realhost, match_away, match_asname, match_operlogin,
  match_operclass, match_sni, match_tls_cipher
* Numeric counters: connections_from_ip, channel_count,
  channel_member_count, idle_time
* Traffic stats: messages_sent, messages_received, bytes_sent,
  bytes_received
* Text analysis: text_byte_count, text_character_count, word_count,
  uppercase_percentage, digit_percentage, non_ascii_percentage,
  max_repeat_count, mixed_utf8_score, unicode_block_count

Will do a more thorough audit and look at adding some kind of
tests tomorrow.
2026-03-24 19:33:55 +01:00
Bram Matthys 3dd449139b Conditional Config: add @warning "aaa" and @error "bbb"
As usual, this is mostly for configuration templates that you use for
multiple servers, that sort of things, eg.

@if !environment("ADMIN")
@error "Environment variable ADMIN is not set"
@endif

This also adds a change in conf.c so @define, @error and
@warning are skipped in @if blocks that evaluate to false
(that's obviously what everyone wants :D). So that fixes a
previous bug with @define in @if.
2026-03-23 18:47:16 +01:00
Bram Matthys 3521d96f9d This adds module-version("examplemod") and using functions in $define,
such as $define ADMIN environment("ADMIN")
2026-03-23 17:58:36 +01:00
Bram Matthys cf101ca114 Conditional Config: add @if environment("VARNAME") == "something"
to check environment variables.

This also means functions can now return values, so some changes
under the hood. This also moves the <=, >=, <, > ops code.
2026-03-23 17:33:02 +01:00
Bram Matthys 93a485db21 Conditional Config: add support for @else
Actually surprisingly easy due to simply flipping item->negative :D
2026-03-22 19:36:54 +01:00
Bram Matthys 100abaa82d Conditional Config: add support for <, >, <= and >= in @if $SOMETHING ...
And also don't require double quotes on the right hand side.

So you now use something like: @if $MAXCONNECTIONS >= 1024
2026-03-22 19:16:51 +01:00
Bram Matthys 17a8182efc Condition Config: add minimum-version() and file-exists().
So: `@if minimum-version("6.2.4")` and `@if file-exists("filename")`.
2026-03-22 18:41:30 +01:00
Bram Matthys 9258875d0f Add @if module-exists("third/coolmod") so you can conditionally
loadmodule + set config items

This checks the file on-disk, which is slightly different than
@if module-loaded("third/coolmod") which checks if it is loaded.
2026-03-22 18:20:36 +01:00
Bram Matthys 27864e8d0e Add new variables in Conditional Config (https://www.unrealircd.org/docs/Conditional_config):
$CONFDIR, $DATADIR, $LOGDIR, $TMPDIR, $DOCDIR, $MODULESDIR, $MAXCONNECTIONS.
2026-03-22 18:07:17 +01:00
Bram Matthys 82481cc083 NO_GEOIP_CONFIG => NO_DEFAULT_GEOIP to make it consistent
As we also have NO_DEFAULT_RPC_SOCKET and NO_DEFAULT_LOG_MEMORY_BLOCK
2026-03-22 17:58:36 +01:00
Bram Matthys ba3fa1d7b6 Update GeoIP question in ./Config and use some magic to support both
geoip_classic and geoip_mmdb in modules.default.conf with Conditional
Config, a dynamic loadmodule line, and auto-updates.

Somewhere in a later version, probably 6.2.5, we will default to mmdb
for all cases.
2026-03-22 17:52:57 +01:00
Bram Matthys d467005816 Bleh :) 2026-03-22 16:20:25 +01:00
Bram Matthys 69c9130da1 Bump version to 6.2.4-git 2026-03-22 13:45:28 +01:00
Bram Matthys d150da8ea5 Make "geoip_mmdb" the default GEOIP module. So it receives testing.
I still need to update ./Config. I guess we will remove that question
entirely.
2026-03-22 13:38:20 +01:00
Bram Matthys 2d145b0f2c ** UnrealIRCd 6.2.3 ** 2026-03-06 08:23:30 +01:00
Bram Matthys 98709af7a3 modules.optional.conf: extjwt::service::method is required
(which is fine, i think)
2026-03-06 08:22:53 +01:00
Bram Matthys cc1c1c5a73 Update doc/unrealircd_wiki.zim for 6.2.3
[skip ci]
2026-03-06 08:02:19 +01:00
Bram Matthys a841911882 Mention extjwt { } in the release notes: it had API updates, build tests
and we now have documentation on the wiki.

Plus some other textual changes.

[skip ci]
2026-03-06 07:44:13 +01:00
Bram Matthys 7865675917 Fix OOB write if a trusted linked server sends malicious data.
NOTE: Linked servers are considered trusted in UnrealIRCd.

This is not exploitable beyond a crash, due to -fstack-protector-all,
a hardening compiler flag we added many years ago. Even without
that flag it would be rather difficult, and i didn't manage to,
but this should never happen anyway since this flag is only
missing in gcc/clang versions that are more than 15 years old.

This issue was introduced by the move to CMD_BIGLINES in
6c5de62c18 in 6.2.2 release.
2026-03-06 07:14:10 +01:00
Bram Matthys cd317e678c Update release notes on latest two changes.
[skip ci]
2026-02-25 15:21:57 +01:00
Bram Matthys bd1ccde9c3 ** UnrealIRCd 6.2.3-rc2 ** 2026-02-25 08:28:20 +01:00
Bram Matthys 2f839c85f7 Reorder some release notes items 2026-02-23 10:54:12 +01:00
Bram Matthys 93c26c2d42 Update release notes. 2026-02-23 10:04:08 +01:00
Bram Matthys 3a96bdf6ec Add set::allow-setident (default: 'no'), set::allow-setname ('yes')
Two new settings that control the use of `SETIDENT` and `SETNAME`:
* [set::allow-setident](https://www.unrealircd.org/docs/Set_block#set::allow-setident)
  now defaults to 'no'. Previously all users were allowed to change their
  ident (taking into account
  [set::allow-userhost-change](https://www.unrealircd.org/docs/Set_block#set::allow-userhost-change)
  restrictions).
* [set::allow-setname])(https://www.unrealircd.org/docs/Set_block#set::allow-setname)
  has a default of 'yes' which matches older UnrealIRCd versions (no change).
  Perhaps some admins who use controlled (web)chats may want to set this
  to 'no' if users are not supposed to change their realname/gecos.
  This is probably rare, but they have the option now.
2026-02-23 08:58:39 +01:00
Bram Matthys fb0649f14a Use full RELRO for modules (use HARDEN_LDFLAGS in MODULEFLAGS)
Previously, due to HARDEN_LDFLAGS missing in MODULEFLAGS we were
only partial RELRO instead of full RELRO. This is a defense-in-
depth measure but is good to have and the ommission was unintended.
2026-02-22 15:37:45 +01:00
Bram Matthys 8be6337e71 Update release notes
[skip ci]
2026-02-22 13:28:56 +01:00
Bram Matthys d8e631bacb ** UnrealIRCd 6.2.3-rc1 **
(not 6.2.2-rc1 :D)
[skip ci]
2026-01-31 10:14:21 +01:00
Bram Matthys bb4d1b528f ** UnrealIRCd 6.2.2-rc1 **
(Actually the Windows build is still building :D)
2026-01-31 09:44:57 +01:00
Bram Matthys 287184649c Update doc/unrealircd_wiki.zim to version of 2026-01-31. 2026-01-31 09:43:35 +01:00
Bram Matthys 4218010000 Update curl-ca-bundle to latest version (Dec 2 04:12:02 2025 GMT)
[skip ci]
2026-01-30 13:00:33 +01:00
Bram Matthys 6083c039cd Update shipped libs: PCRE2 (10.47), Jansson (2.15.0), Sodium (1.0.21) 2026-01-30 12:58:12 +01:00
Bram Matthys bd1e25d017 Slightly raise default set::handshake-timeout from 30 to 40 seconds. 2026-01-28 09:44:49 +01:00
Bram Matthys ad1b59b4bd Update release notes a bit (what we have so far)
[skip ci]
2026-01-28 09:37:45 +01:00
Bram Matthys 3925cea089 Update release notes a bit
[skip ci]
2026-01-23 08:11:01 +01:00
Bram Matthys de05bb9654 Bump version to 6.2.3-git and write some early release notes 2026-01-04 10:20:46 +01:00
Bram Matthys 21d58a7ebd Do the same as previous commit for the help.*.conf translations
This transplants commits 2868c3fedb
to doc/conf/help/help.*.conf
2026-01-04 09:47:37 +01:00
Bram Matthys 2868c3fedb help.conf: try to be consistent by documenting only end-user commands,
thus removing commands that are only supposed to be used by IRC clients.
We don't intend to document things like CAP, PONG, etc here.

Remove ISON, PONG, WATCH. Also remove DALINFO which no longer exists.

Re-index the USERCMDS and OPERCMDS table. This removes no longer existing
commands and may also have added some that were not in the index.

Moved STATS from USERCMDS to OPERCMDS since by default it is Oper-only
(and very likely is so effectively in practice).

Maybe PRIVMSG is a bit inconsistent in all this, since users don't type
that but usually it is like MSG. But yeah.. okay.. i can live with that.

As an aside, I don't like services commands being documented in HELPOP,
but that is another matter. These should be 100% documented in the wiki
first before they are scratched in the HELPOP. Right now some are still
missing.
2026-01-04 09:36:01 +01:00
Bram Matthys 806fa83dd7 ** UnrealIRCd 6.2.2 ** 2025-12-12 12:16:31 +01:00
Bram Matthys 94d4ded864 Update c-ares to 1.34.6 and update release notes. 2025-12-12 10:13:49 +01:00
Bram Matthys fd52b71081 Setting set::tls::certificate and set::tls::key did not override the default
certificate or key. It added the cert/key to the list of certs, like a
"dual cert" approach.

This was caused by commit 877d151da4,
which indeed adds support for "dual cert" (or more).

I have now deferred setting the default to happen only if no
set::tls::certificate is specified, as you would expect.

We (already) used a similar delayed-initialization / deferred setting
approach in the ::tls-options inheritance code (for blocks like
listen, sni, link, etc.)

Just as a slightly related reminder, we do normally suggest keeping the
conf/tls/server.cert.pem and conf/tls/server.key.pem for server linking
and then use a cert from a trusted CA in the listen block for 6697 etc.
See https://www.unrealircd.org/docs/Using_Let's_Encrypt_with_UnrealIRCd
for more information (and the 'why').
2025-12-10 19:00:12 +01:00
Bram Matthys bda03caf81 modules.default.conf: fix warning of comment in comment, due to rpc/*
Change comment style. Counter-intuitive, but fits the rest of the file.
2025-12-06 17:08:58 +01:00
Valerie Liu 7964345c0b Add RPC methods for security_group and connthrottle (#328)
New RPC methods:
- security_group.list: List all security groups
- security_group.get: Get details of a specific security group
- connthrottle.status: Get full connection throttle status, counters, and config
- connthrottle.set: Enable/disable connection throttling
- connthrottle.reset: Reset connection throttling counts

This also adds json_expand_mask_list(), json_expand_name_list(), and
json_expand_nvplist() to src/json.c for reuse by RPC modules.
2025-12-06 14:58:57 +01:00
Bram Matthys d2586a4b9c Add a blob of text (comment) about JSON-RPC in modules.default.conf
A link to https://www.unrealircd.org/docs/JSON-RPC and such is nice.
And also explain that not all JSON-RPC modules will be in rpc/*.
Sometimes it makes more sense to just put everything in the same
module, such as connthrottle RPC stuff in the connthrottle module.
2025-12-06 09:52:34 +01:00
Valerie Liu 65f85a1b28 JSON-RPC: Add message.* (PR #327 from Valware)
* message.send_privmsg
* message.send_notice
* message.send_numeric
* message.send_standard_reply
2025-11-28 12:24:19 +01:00
Bram Matthys 8715e54059 Fix some wording in release notes
[skip ci]
2025-11-19 09:06:56 +01:00
Bram Matthys 1cdf3594ba Make a start with the (very early) release notes
[skip ci]
2025-11-19 08:53:41 +01:00
Bram Matthys d7a6868950 Bump version to 6.2.2-git 2025-11-09 09:01:34 +01:00
Bram Matthys 09032ec868 ** UnrealIRCd 6.2.1 ** 2025-11-02 16:10:26 +01:00
Bram Matthys 663a33e981 Update release notes a bit on webhooks and other recent improvements.
[skip ci]
2025-10-29 14:07:09 +01:00
Bram Matthys 58c37b67f9 ** UnrealIRCd 6.2.1-rc2 ** 2025-10-23 18:02:43 +02:00