1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 13:06:37 +02:00
Commit Graph

6520 Commits

Author SHA1 Message Date
Bram Matthys b33628b765 JSON-RPC over Websockets: Fix bug with >64Kb responses.
Eg if there are 10.000 users online and you do user.list.
The old websocket framing assumed no response was >64Kb.

This also creates a new function websocket_create_packet_ex()
2023-01-04 13:10:09 +01:00
Bram Matthys d6a3db4ad2 Add listener::mode so for file sockets you can specify the mode permissions.
Valid choices are 0700, 0770 and 0777, see the documentation at
https://www.unrealircd.org/docs/Listen_block

Unrelated: this also documents the ConfigItem_listen struct in struct.h.
2023-01-04 10:06:39 +01:00
Bram Matthys 8ca6341f38 When someone includes "rpc.modules.default.conf" create a *NIX
socket listening in data/rpc.socket, because why not... only the
ircd user has access to it by default (well, and root).

Don't add the external listener HTTP(S) port by default though,
because not everyone may want that exposed to the outside world.

The default creation of data/rpc.socket can be prevented by a
@define $NO_DEFAULT_RPC_SOCKET "1"
2023-01-03 19:34:04 +01:00
Bram Matthys b5c86981fa JSON-RPC server_ban.add: fix "duration_string" being interpreted totally wrong.
Something like "1h" was intepreted as unixtime 3600 (=expired long ago).
For absolute times there is already "expire_at" (JSON timestamp).

Now, "1h" is properly interpreted as meaning 1 hour from now, as intended.

This bumps the version of rpc/server_ban to 1.0.1.

Reported by armyn.
2023-01-03 10:03:15 +01:00
Bram Matthys 64e5de4c8c ExtBanAdd: Actually enforce conv_param as a required event.
This was documented as optional in include/modules.h but on
https://www.unrealircd.org/docs/Dev:Extended_Bans_API it
was always mentioned as required.
In practice, I know of no module that does not have this,
in UnrealIRCd or third party (doing zero filtering is
quite a bad idea).

Anyway, long story short: this also means we can remove some
(flawed) logic in src/api-extban.c in case conv_param was
NULL, which raised a compiler warning:

api-extban.c: In function ‘extban_conv_param_nuh_or_extban’:
cc1: error: function may return address of local variable [-Werror=return-local-addr]
api-extban.c:382:14: note: declared here
  382 |         char tmpbuf[USERLEN + NICKLEN + HOSTLEN + 32];
      |              ^~~~~~
2023-01-01 09:51:07 +01:00
Bram Matthys 75368e462a ** UnrealIRCd 6.0.5 ** 2022-12-29 10:07:19 +01:00
Bram Matthys 895bbd3a35 When authprompt kicks in and the session timeouts, show the original ban reason
from the *LINE (or other ban type).
Eg /GLINE %*@192.168.* 0 :Please authenticate using SASL
would now, if the user has authprompt enabled and the connection times
out, exit the client after ~30 secs with "Please authenticate using SASL",
instead of "Registration timeout" (pre 6.0.5-rc2) or
the generic "Account required to login" (6.0.5-rc2).
This to help clients and users who do not type or display anything.

This is an enhancement to https://bugs.unrealircd.org/view.php?id=6202

This also fixes a bug in 6.0.5-rc2 where "Registration timeout" was
always showing up as "Account required to connect", even if there
was no softban or authprompt intervention at all.
2022-12-26 10:21:59 +01:00
Bram Matthys 7897782747 *** UnrealIRCd 6.0.5-rc2 *** 2022-12-23 08:52:41 +01:00
Valerie Pond 58e83bbe58 Another fix for set::authentication-prompt::enabled 'no' being ignored (#245) 2022-12-21 16:21:30 +00:00
Bram Matthys eca0035e8d Actually fix previous-previous-commit cdd0e4116d 2022-12-21 10:09:23 +01:00
Bram Matthys eab827688d Fix RPC spamfilter.* (and tkl.*?) not going through fully net-wide
due to bogus sender.
[skip ci]
2022-12-21 10:06:23 +01:00
Bram Matthys cdd0e4116d RPC spamfilter.add: convert reason to underscores internally when adding 2022-12-21 09:57:53 +01:00
Bram Matthys 9b1c24c2fa When timing out on authprompt, error with "Account required to connect".
More ideally it would show the full *LINE reason but that is something
for a later release. Inspired by https://bugs.unrealircd.org/view.php?id=6202

This also fixes a silly typo that prevents compiling btw :D
2022-12-21 09:31:47 +01:00
Valerie Pond 7dedbf1a69 Fix set::authentication-prompt::enabled 'no' being ignored (#243) 2022-12-21 08:01:47 +00:00
Valerie Pond d4dbf62781 Fix link warning about moddata creationtime (#233)
This lets servers share their own creation time. See https://bugs.unrealircd.org/view.php?id=6193
2022-12-21 07:54:55 +00:00
Bram Matthys 2ff03be8a0 Log who actually initiated a /CONNECT (both local and remote).
Reported by Noisytoot in https://github.com/unrealircd/unrealircd/pull/244
2022-12-21 08:50:17 +01:00
ZarTek @ CREOLE b53f23416d Unrealircd to UnrealIRCd 2022-12-14 15:24:19 +00:00
ZarTek @ CREOLE 67ec21f4e9 unreal to unrealircd 2022-12-14 15:24:19 +00:00
Bram Matthys 037f9d6dcf Add internal timeout to unrealircdctl, just in case UnrealIRCd hangs.
This because we will soon use that script for 'start' too...
[skip ci]
2022-12-12 14:54:07 +01:00
Bram Matthys 165639a007 Fix ExtBanAdd() for bans that are registered in both MOD_TEST and MOD_INIT
leading to duplicates. The effect was that in the 005 EXTBAN= string some
letters showed up twice like EXTBAN=~,aacfjmnpqrrtCCGGOSST.
Reported by jesse in https://bugs.unrealircd.org/view.php?id=6199
2022-12-10 10:39:51 +01:00
Bram Matthys 6ae5c9d77f Fix leak of 1 file descriptor per /REHASH (the control socket).
In "/STATS P" one additional UNIX control socket appeared after
each "/REHASH". Reported by jesse.
2022-12-07 12:33:12 +01:00
Bram Matthys bb0a50d839 ** UnrealIRCd 6.0.5-rc1 ** 2022-12-07 08:53:44 +01:00
Bram Matthys 36a8949d59 Fix "/STATS o" returning (null) items when advanced matching criteria
are being used. This also applies to similar use in some other /STATS
like tld blocks.

Reported by darkex in https://bugs.unrealircd.org/view.php?id=6189
2022-12-07 08:30:52 +01:00
Bram Matthys 7bab7144ed Send empty batch on CHATHISTORY request for a user (non-channel),
which makes it similar behavior to channels that are not +H.
2022-12-07 08:15:41 +01:00
Valentin Lorentz 7bacf25845 Add ACCOUNTEXTBAN ISUPPORT token
To support the draft IRCv3 spec: https://github.com/ircv3/ircv3-specifications/pull/464
2022-12-07 07:00:35 +00:00
Bram Matthys 36d9e8e720 RPC spamfilter.*: fix validations not working due to changes yesterday 2022-12-06 17:20:29 +01:00
Bram Matthys fe8661da3d RPC: implement spamfilter.del and spamfilter.get 2022-12-05 15:41:09 +01:00
Bram Matthys 61e68d65da Update a comment
[skip ci]
2022-12-05 14:51:22 +01:00
Bram Matthys d9ac4cac07 Add RPC 'rpc.info': returns list of RPC methods, RPC module name and version.
This can be useful for checking if a server supports something and what
format it expects or returns things, etc.
2022-12-05 14:48:14 +01:00
Bram Matthys ee1f8d84a0 Require TLSv1.2 or later and require a modern cipher with forward secrecy.
This also fixes a bug with OpenSSL 3.x where, when the ircd was
configured to still allow old TLSv1.0 / TLSv1.1, it would still
only allow TLSv1.2+.

But, as said, allowing TLSv1.0/TLSv1.1 is now no longer the default.

See release notes for more information or the documentation at
https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols
2022-11-27 17:04:22 +01:00
Bram Matthys c756c87be2 Update blacklist::reason changing the $variables there.
This changes the work of commit 2cf60f66a3.
    $ip: IP address of the banned user
    $server: name of the IRC server
    $blacklist: name of the blacklist block (eg. xyz for blacklist xyz { })
    $dnsname: the blacklist::dns::name
    $dnsreply: DNS reply code

Previously there was a $name which was ambigious in the sense that
it could mean blacklist name or dns name, now we simply avoid using
$name altogether and use $dnsname and (new) $blacklist.
2022-11-18 12:25:30 +01:00
Ron Nazarov 4999ae408c Add TLINE command
Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6174
2022-11-18 08:53:36 +00:00
Valerie Pond 1a4b701776 SVSLOGIN: Move to its own file
Moved SVSLOGIN command to its own file.
2022-11-14 07:43:43 +00:00
alice b3f0165773 Adjust tkl too broad ban detection to avoid banning too-wide IPv6 masks.
This adjusts the test to disallow a ban on *@*:*:*:*:*, to bring it into line with similar behaviour for IPv4.
2022-11-14 07:23:55 +00:00
westor 2cf60f66a3 Add on blacklist module two extra variables
Added the ability to specify `$name` and `$reply` variables on ban reason,

`$name` would be filled with blacklist dns name data
`$reply` would be filled with blacklist dns reply data.
2022-11-14 07:21:45 +00:00
Valentin Lorentz b01caa945f Use stable 'extended-monitor' capability name
https://ircv3.net/specs/extensions/extended-monitor was ratified
yesterday: https://github.com/ircv3/ircv3-specifications/pull/508
2022-11-14 07:19:43 +00:00
Valentin Lorentz a7716f8981 Add support for the stable 'bot' mtag
https://ircv3.net/specs/extensions/bot-mode was ratified a few months ago
(https://github.com/ircv3/ircv3-specifications/pull/495)

This commit keeps the draft mtag in addition to the stable one, for now.
2022-11-14 07:19:21 +00:00
Bram Matthys 2d61cded0d Show jansson library version in boot screen and elsewhere IF library version
is 2.13 or newer, as this requires jansson_version_str().

And no, we don't use macro's (eg JANSSON_MAJOR_VERSION). We never do that for
any of the displayed library versions (OpenSSL, libsodium, c-ares, curl, etc)
as macro's only reflect the compile-time library version and not runtime,
and thus are misleading... which can be especially problematic in case of a
security issue. So good that jansson added this function.
2022-11-04 14:16:50 +01:00
Bram Matthys 7a5f83e0b6 Make REHASH always asynchronous (done in the main loop).
This means it is safe to REHASH from modules now, which means
issuing a REHASH from a websocket connection is now possible.
2022-11-04 12:43:02 +01:00
Bram Matthys c3824ad47d Fix potentially sending invalid data over websockets on REHASH.
This makes websocket_common unload last (and near-last: rpc & websocket)
and makes us call Mod_Init for these three modules first.
This way, the period where the websocket handler is unavailable is kept
to a minimum.

This also renames the ModuleSetOptions option MOD_OPT_UNLOAD_PRIORITY
to MOD_OPT_PRIORITY since it dynamically changes the module priority
in the list. For 6.x compatibility, MOD_OPT_UNLOAD_PRIORITY can still
be used.
2022-11-04 10:54:53 +01:00
Bram Matthys 3de3087c95 Fix read-after-free when linking in a server (that is fully authenticated)
when there is already another established link with a server with the same name.
For example, when there is a network issue and the "old server" is still
waiting to be timed out and the "new server" is already linking in.
2022-10-01 08:48:44 +02:00
Bram Matthys 8b0b3d70ff Fix crash on REHASH with server linked (6.0.5-git only, due to websocket split) 2022-09-26 15:17:27 +02:00
Bram Matthys dc55c3ec9f Add CALL_CMD_FUNC(cmd_func_name) and use it.
This is only for calls within the same module, as otherwise you
should use do_cmd().

Benefit of this way is that it is short and you don't have to worry
about passing the right command parameters, which may change over time.
Example as used in src/modules/nick.c:
-               cmd_nick_remote(client, recv_mtags, parc, parv);
+               CALL_CMD_FUNC(cmd_nick_remote);
2022-08-28 09:04:12 +02:00
Bram Matthys 4e5598b6cf Create and use new CALL_NEXT_COMMAND_OVERRIDE() instead of CallCommandOverride().
This is an easier way to call the next command override handler from command
override functions. It passes the standard parameters so you don't have to
worry about which parameters a CMD_OVERRIDE_FUNC() contains.
This so it is easier to change command parameters in future UnrealIRCd versions,
should it be needed, then it may be possible without any source code changes
on the module developer side.

-       CallCommandOverride(ovr, client, recv_mtags, parc, parv);
+       CALL_NEXT_COMMAND_OVERRIDE();
2022-08-28 08:52:51 +02:00
Bram Matthys 401ab6f5a1 Make strlncpy() and strlncat() use strlncat() instead of strlen().
This fixes a possible crash when using RPC with unix domain sockets,
reported by Valware.

This also adds a configure check so we use our own strlncat if the
C library does not have one, e.g. some non-Linux.
2022-08-20 13:50:19 +02:00
Bram Matthys 3ca99ddd52 Fix JSON-RPC response, should be in "result" and not in "response".
This breaks all the current script(s) that depend on it, of course,
but makes us correctly conform to the JSON-RPC specification.
Reported by Valware.
2022-08-17 16:56:33 +02:00
Bram Matthys 0d139c6e7c Make /INVITE bypass (nearly) all channel mode restrictions, as it used to be
and as it should be IMO. Both for invites by channel ops and for OperOverride.

This also fixes a bug where an IRCOp with OperOverride could not bypass +l
and other restrictions. Only +b and +i could be bypassed.

Module coders: HOOKTYPE_OPER_INVITE_BAN is now gone and HOOKTYPE_INVITE_BYPASS
is now new. The HOOKTYPE_INVITE_BYPASS is called when the user is joining
a channel to which they were invited to. If you return HOOK_DENY there then
the join is still blocked, otherwise it is allowed.
Using this hook would be sortof unusual since usually you would want users
to be able to bypass restrictions when they were invited by another user
or when they invited themselves using OperOverride.
The only example where we use it in UnrealIRCd is for +O channels so an
IRCOp cannot use OperOverride to join +O channels when they would otherwise
not be allowed to do so. Actually even that is a corner case that you could
debate about, but.. whatever.
2022-08-06 15:52:16 +02:00
Bram Matthys 55c52c3693 Log file (log::destination::file) now creates directory structure if needed.
You could already have something like:
log { source { !debug; all; } destination { file "ircd.%Y-%m-%d.log"; } }
But now you can also have:
log { source { !debug; all; } destination { file "%Y-%m-%d/ircd.log"; } }

This is especially useful if you output to multiple log files and then
want them grouped by date in a directory.
2022-08-05 13:02:19 +02:00
Bram Matthys 0e6fc07bd9 Update verify_link() to return rather than set the link block in a variable.
Hopefully this fixes a crash when linking (succesfully authenticated) servers,
something which only happens with GCC and only for some people in some cases.
2022-08-03 14:55:37 +02:00
Bram Matthys 7267d81278 RPC: add spamfilter.list and spamfilter.add calls. 2022-08-02 09:28:09 +02:00