Bram Matthys
bfa00e95b7
Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
...
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys
361a354c4b
If set::plaintext-policy::user is 'deny' and a non-SSL/TLS-user is
...
trying to connect then SASL is not advertised.
2017-08-16 19:45:17 +02:00
Bram Matthys
d53d46fce4
Add set::plaintext-policy block by which you can warn or deny user connections,
...
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys
40e3e11b61
UnrealIRCd 4.0.13
2017-08-15 12:12:10 +02:00
Bram Matthys
74d5f380dd
A /REHASH from a WebSocket connection would cause a crash (requires
...
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
Bram Matthys
18202a0f73
Fix "ban too broad" checking. Reported by Gottem in #4961 .
...
* The 'ban too broad' checking was broken. This permitted glines such
as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
To disable this safety measure you can (still) use:
set { options { allow-insane-bans; }; };
2017-08-10 08:30:54 +02:00
Bram Matthys
f5b29ed7de
Add modules/cap directory to Windows installer.
2017-08-10 07:54:01 +02:00
Bram Matthys
8ccf5700f1
Prepare for 4.0.13-rc1
2017-08-10 07:46:17 +02:00
Bram Matthys
d222a18286
Fix "simple" spamfilters being synched as "posix" during server linking.
...
This was due to lack of TKLEXT2 support in the m_tkl_synch() code.
2017-08-10 07:07:37 +02:00
Bram Matthys
69a2e7d994
Whoops. This code cleanup screwed up STS. Should work now.
2017-08-09 19:11:28 +02:00
Bram Matthys
6c539c8566
Bump Websocket module version to 1.0.0
2017-08-09 18:12:03 +02:00
Bram Matthys
06aa2ad79a
Websocket module: don't send CR/LF in outgoing frames and don't require
...
CR/LF in incoming frames (simply ignore them if they are present).
2017-08-09 18:00:44 +02:00
Bram Matthys
455420afc1
SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec)
2017-08-09 15:39:52 +02:00
Bram Matthys
0f612a3b30
SNI: Fix for wildcard certificates
2017-08-09 15:20:38 +02:00
Bram Matthys
84776eeeb2
Add support for draft/sts http://ircv3.net/specs/core/sts-3.3.html
...
Docs: https://www.unrealircd.org/docs/Set_block#set::ssl::sts-policy::port
Example:
set {
ssl {
certificate "ssl/server.cert.pem";
key "ssl/server.key.pem";
sts-policy {
port 6697;
duration 180d;
};
};
};
IMPORTANT: Only use this if you know what STS is and what the
implications are. The most important things being A) set a correct
port and B) you need a 'real' SSL certificate and not a self-signed
certificate.
More documentation may follow at another place.
2017-08-09 14:16:03 +02:00
Bram Matthys
1cc6dd3d5b
Add Makefile and placeholder module.
2017-08-09 13:30:52 +02:00
Bram Matthys
6500af6ba5
* Use free_ssl_options from generic conf.
...
* Actually free ssl_options in free_ssl_options.
2017-08-09 13:27:50 +02:00
Bram Matthys
ea651384f8
Add groundwork for draft/sts (more to follow)
...
Module coders:
* The cap->visible(void) callback function is now cap->visible(aClient *)
* There is a new cap->parameter(aClient *) callback function.
* Various updates to subfunctions to pass 'sptr' (due to the above),
including clicap_find(sptr, ...)
* New CLICAP_FLAGS_UNREQABLE flag
Other:
* There is a new (src/)modules/cap directory containing the sts module,
well.. once I commit it :D
2017-08-09 13:21:36 +02:00
Bram Matthys
b2129205f9
Added support for the "Server Name Indication" (SNI) SSL/TLS extension.
...
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
2017-08-09 12:00:04 +02:00
Bram Matthys
7b092f7aeb
Verify certificate when submitting bug report.
2017-06-19 16:28:50 +02:00
Bram Matthys
0c1f299b0b
UnrealIRCd 4.0.12.1 release
2017-06-02 08:56:24 +02:00
Bram Matthys
d27d3760c7
CAP NAK not sent for unrecognised CAPs in all cases. Reported by
...
jwheare (#4958 ).
2017-06-02 08:22:19 +02:00
Bram Matthys
072d8537b8
Prevent /OPER for oper blocks with non-existant operclass, as doing so
...
would only be confusing. Reported by Gottem (#4950 ).
2017-06-02 07:41:44 +02:00
Bram Matthys
7b8f17ef5e
Rename variable (no other changes)
2017-06-02 07:33:15 +02:00
Bram Matthys
6c3c55b4e5
Fix new user mode +Z (secureonlymsg) not working properly across
...
server links. Reported by HeXiLeD (#4953 ).
2017-05-28 09:41:11 +02:00
Bram Matthys
2838ef6266
Mark all shipped modules as official (non-3rd-party).
2017-05-13 12:29:05 +02:00
Bram Matthys
bbf33b62dc
UnrealIRCd will now refuse to run as root, as promised a couple of versions ago.
...
https://www.unrealircd.org/docs/Do_not_run_as_root
2017-05-12 11:42:01 +02:00
Bram Matthys
3dc27370a1
Prepare for UnrealIRCd 4.0.12 release.
2017-05-12 11:24:36 +02:00
Bram Matthys
5e378fb02b
Since 95% of the crash reports are due to bugs in 3rd party modules we now
...
have to discourage people with 3rd party modules loaded from blindly
submitting crash reports.
2017-05-12 10:25:45 +02:00
Bram Matthys
0412c86d17
Update OpenFiles on listener close (not very common, but..)
2017-05-10 17:18:47 +02:00
Bram Matthys
a6f5460ad8
Update OpenFiles upon failed SSL connect to remote server. Reported by Eman ( #4948 ).
2017-05-10 17:03:45 +02:00
Bram Matthys
ee9f8441bc
Bump lag for remote MOTD requests.
2017-04-07 20:06:36 +02:00
Bram Matthys
0035cafdba
Fix server setting +b even if the ban list is full when using +f.
...
Reported by NoMiaus (#4906 ).
2017-03-26 15:48:05 +02:00
Bram Matthys
e62ea1dedd
Module coders: added two functions to search for user modes:
...
has_user_mode(acptr, 'i'): returns 1 / 0
find_user_mode('i'): returns the user mode (as 'long')
extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
2017-03-26 15:40:36 +02:00
Bram Matthys
b6f8ddd456
Fix Jumpserver not working for SSL users due to old #ifdef USE_SSL.
...
Reported by NoMiaus (#4907 ).
2017-03-26 15:38:04 +02:00
Bram Matthys
0c6fb46704
Minor code cleanup
2017-03-22 16:32:59 +01:00
Bram Matthys
fcaa69157b
Fix crash when unloading (not reloading) module that uses ModData ( #4903 ).
2017-03-22 10:51:29 +01:00
Bram Matthys
e6a02003f5
Delayjoin (chanmode +D): When people are de-oped we now part 'hidden' users.
...
Prevents client desynch.
2017-03-22 08:25:03 +01:00
Bram Matthys
4c39648b03
Improve source code (setflags -> oldumodes)
2017-03-20 16:18:43 +01:00
Bram Matthys
cd0836572f
Fix /mode nick -t and force-rejoin. Reported by NoMiaus ( #4901 ).
2017-03-20 16:17:23 +01:00
Bram Matthys
ec9db8fd5f
Move match_user() to module (efunc in m_tkl)
2017-03-18 15:00:34 +01:00
Bram Matthys
000f9e10fc
'nocodes' module: also strip/block italic. Suggested by The_Myth ( #4898 ).
2017-03-18 14:50:49 +01:00
Bram Matthys
af694e0cbd
Fix crash in Windows GUI
2017-03-13 08:30:45 +01:00
Bram Matthys
0963cddd28
Vhosts were not synched correctly during linking. Reported by unic0rn ( #4890 ).
...
This was not really noticeable on 2 server networks, but in A-B-C linking setups
a vhost of user A would not show on server C.
2017-03-11 10:50:00 +01:00
Bram Matthys
abd4296d8e
Add support for negative ip/hostmask matching in deny channel / allow channel
...
and at some other places (any place which uses the 'mask' system).
This allows things like:
deny channel { channel "#help*"; };
allow channel { channel "#help-nolan"; mask !192.168.*; };
allow channel { channel "#help-lan"; mask 192.168.*; };
Similarly in vhost blocks etc etc..
2017-03-10 09:20:15 +01:00
Bram Matthys
f65d5fce8b
Add new option: set { hide-list { deny-channel }; };
...
This will hide channels in /LIST that are denied by deny channel blocks
(and not exempt via allow channel blocks).
2017-03-10 08:48:08 +01:00
Bram Matthys
5c417b4235
Fix minor memleak on /REHASH (set::sasl-server)
2017-03-08 17:30:28 +01:00
Bram Matthys
176566962a
Add support for 'mask' in allow channel { } and deny channel { }.
...
This so you can easily add allow/deny channel blocks for IP ranges.
Possibly not so useful for services-networks (ban/akick is very similar)
but has some use on serviceless networks.
2017-03-08 17:28:15 +01:00
Bram Matthys
9dc4e7d31b
Windows: shut up warning on certificate generation during installation.
...
WARNING: can't open config file: c:/libressl/ssl/openssl.cnf
2017-03-08 09:03:03 +01:00
Bram Matthys
cb59538309
Fix chanmode +f issue where unsetting parts were not effective.
...
For example: '+f [5j#i1,5m#m1,3n]:3' and then '+f [5j#i1,5m]:3'
In that case the '3n' was not removed and still effective, as
could be seen by a '/MODE #chan'. Reported by The_Myth (#4883 ).
2017-03-06 10:05:30 +01:00