1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 08:16:38 +02:00
Commit Graph

1351 Commits

Author SHA1 Message Date
Bram Matthys bfa00e95b7 Set default plaintext-policy to be 'warn' for /OPER and 'deny' for
server linking. Write some draft release notes for later use.
2017-08-19 11:19:33 +02:00
Bram Matthys 361a354c4b If set::plaintext-policy::user is 'deny' and a non-SSL/TLS-user is
trying to connect then SASL is not advertised.
2017-08-16 19:45:17 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys 18202a0f73 Fix "ban too broad" checking. Reported by Gottem in #4961.
* The 'ban too broad' checking was broken. This permitted glines such
  as 192.168.0.0/1 being set. Now it rejects CIDR of /15 and lower.
  To disable this safety measure you can (still) use:
  set { options { allow-insane-bans; }; };
2017-08-10 08:30:54 +02:00
Bram Matthys d222a18286 Fix "simple" spamfilters being synched as "posix" during server linking.
This was due to lack of TKLEXT2 support in the m_tkl_synch() code.
2017-08-10 07:07:37 +02:00
Bram Matthys 69a2e7d994 Whoops. This code cleanup screwed up STS. Should work now. 2017-08-09 19:11:28 +02:00
Bram Matthys 6c539c8566 Bump Websocket module version to 1.0.0 2017-08-09 18:12:03 +02:00
Bram Matthys 06aa2ad79a Websocket module: don't send CR/LF in outgoing frames and don't require
CR/LF in incoming frames (simply ignore them if they are present).
2017-08-09 18:00:44 +02:00
Bram Matthys 455420afc1 SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec) 2017-08-09 15:39:52 +02:00
Bram Matthys 84776eeeb2 Add support for draft/sts http://ircv3.net/specs/core/sts-3.3.html
Docs: https://www.unrealircd.org/docs/Set_block#set::ssl::sts-policy::port
Example:
set {
    ssl {
        certificate "ssl/server.cert.pem";
        key "ssl/server.key.pem";
        sts-policy {
            port 6697;
            duration 180d;
        };
    };
};
IMPORTANT: Only use this if you know what STS is and what the
implications are. The most important things being A) set a correct
port and B) you need a 'real' SSL certificate and not a self-signed
certificate.

More documentation may follow at another place.
2017-08-09 14:16:03 +02:00
Bram Matthys 1cc6dd3d5b Add Makefile and placeholder module. 2017-08-09 13:30:52 +02:00
Bram Matthys ea651384f8 Add groundwork for draft/sts (more to follow)
Module coders:
* The cap->visible(void) callback function is now cap->visible(aClient *)
* There is a new cap->parameter(aClient *) callback function.
* Various updates to subfunctions to pass 'sptr' (due to the above),
  including clicap_find(sptr, ...)
* New CLICAP_FLAGS_UNREQABLE flag
Other:
* There is a new (src/)modules/cap directory containing the sts module,
  well.. once I commit it :D
2017-08-09 13:21:36 +02:00
Bram Matthys d27d3760c7 CAP NAK not sent for unrecognised CAPs in all cases. Reported by
jwheare (#4958).
2017-06-02 08:22:19 +02:00
Bram Matthys 072d8537b8 Prevent /OPER for oper blocks with non-existant operclass, as doing so
would only be confusing. Reported by Gottem (#4950).
2017-06-02 07:41:44 +02:00
Bram Matthys 7b8f17ef5e Rename variable (no other changes) 2017-06-02 07:33:15 +02:00
Bram Matthys 6c3c55b4e5 Fix new user mode +Z (secureonlymsg) not working properly across
server links. Reported by HeXiLeD (#4953).
2017-05-28 09:41:11 +02:00
Bram Matthys 2838ef6266 Mark all shipped modules as official (non-3rd-party). 2017-05-13 12:29:05 +02:00
Bram Matthys ee9f8441bc Bump lag for remote MOTD requests. 2017-04-07 20:06:36 +02:00
Bram Matthys b6f8ddd456 Fix Jumpserver not working for SSL users due to old #ifdef USE_SSL.
Reported by NoMiaus (#4907).
2017-03-26 15:38:04 +02:00
Bram Matthys e6a02003f5 Delayjoin (chanmode +D): When people are de-oped we now part 'hidden' users.
Prevents client desynch.
2017-03-22 08:25:03 +01:00
Bram Matthys 4c39648b03 Improve source code (setflags -> oldumodes) 2017-03-20 16:18:43 +01:00
Bram Matthys cd0836572f Fix /mode nick -t and force-rejoin. Reported by NoMiaus (#4901). 2017-03-20 16:17:23 +01:00
Bram Matthys ec9db8fd5f Move match_user() to module (efunc in m_tkl) 2017-03-18 15:00:34 +01:00
Bram Matthys 000f9e10fc 'nocodes' module: also strip/block italic. Suggested by The_Myth (#4898). 2017-03-18 14:50:49 +01:00
Bram Matthys f65d5fce8b Add new option: set { hide-list { deny-channel }; };
This will hide channels in /LIST that are denied by deny channel blocks
(and not exempt via allow channel blocks).
2017-03-10 08:48:08 +01:00
Bram Matthys cb59538309 Fix chanmode +f issue where unsetting parts were not effective.
For example: '+f [5j#i1,5m#m1,3n]:3' and then '+f [5j#i1,5m]:3'
In that case the '3n' was not removed and still effective, as
could be seen by a '/MODE #chan'. Reported by The_Myth (#4883).
2017-03-06 10:05:30 +01:00
Bram Matthys 7de81c7aa6 Credit 2017-02-18 14:42:14 +01:00
Bram Matthys c97a3e1903 Add user mode +Z: Only allows SSL/TLS users to private message you.
Based on +R, idea seen on the forums (from Stealth ?)
2017-02-18 14:39:32 +01:00
Bram Matthys 2a83066f67 Channel modes were not working. 2017-02-10 22:14:41 +01:00
Bram Matthys e0130ab0b6 Fix silly crash issue. 2017-02-10 14:28:32 +01:00
Bram Matthys 5fcff0dd90 Make +z in set::modes-on-join work (and auto +Z setting). Reported by FwdInTime (#4841). 2017-02-10 14:24:10 +01:00
Bram Matthys a687ab022b Fix 'MODE yournick +r' being interpreted as 'MODE yournick +s' (#4846). 2017-02-10 13:11:12 +01:00
Bram Matthys 35c9c08008 Fix crash if TOPIC_NICK_IS_NUHOST is enabled (crash upon TOPIC set by server) 2017-02-03 08:42:16 +01:00
Bram Matthys b9d84054fd Remote WHO requests have never been supported. Apparently some old or custom
services software send this which cause a crash. Now simply rejecting at
the start of the function.
To services coders: you must maintain client lists/state, not do silly things
2017-02-03 08:29:18 +01:00
Bram Matthys 8d0ac37604 Fix some compatibility handling of GLOBOPS. Reported by Jobe (#4836).
Note that you should actually use SENDUMODE instead.
2017-01-12 09:19:07 +01:00
Bram Matthys 7ade64385d Websocket: reject oversized pings. Version is now 0.9.3 2017-01-11 13:34:18 +01:00
Bram Matthys b0af3b71f0 More websocket module fixes. Version is now 0.9.2 2017-01-11 13:19:53 +01:00
Bram Matthys 341378008b Bump version number of websocket module to 0.9.1 2017-01-11 11:46:52 +01:00
Bram Matthys 229ceeb87d Fix a memory leak in websocket module and do some final cleanups. 2017-01-11 11:45:40 +01:00
Bram Matthys 8af0172300 Another delayjoin fix (chanmode +D). Duplicate JOIN for remote user (SJOIN). 2017-01-09 20:11:37 +01:00
Bram Matthys 6067202cdf Rewrite SJOIN to fix a bug where modes were sometimes cut-off resulting
in incorrect bans being added.
2017-01-06 11:11:19 +01:00
Bram Matthys e6aa557169 Drop useless 'inline' for textban_replace() 2016-12-31 12:28:02 +01:00
Bram Matthys 780f3d7637 All my 3rd party modules (from vulnscan.org) are in UnrealIRCd now.
Note that they are NOT loaded by default at this time.
The modules are:
* extbans/textban - +b ~T:censor:*badword*
* usermodes/privdeaf - user mode +D: cannot receive PM's
* antirandom - "randomness" detector against drone attacks
* hideserver - hide servers (not real security, but requested)
* jumpserver - redirect users to another server during maintenance
* m_ircops - show which ircops are online (/IRCOPS command)
* m_staff - show custom file (/STAFF command)
* nocodes - don't just strip/block colors, do the same for reverse/bold/..
The existing README and sample configuration files for these modules
will later be added to the official UnrealIRCd documentation on
https://www.unrealircd.org/docs/Main_Page (just search on the module name).
2016-12-30 19:36:59 +01:00
Bram Matthys bff5e39d67 Fix crash on PART if chanmodes/nocolor module is not loaded or loadmodule
line reordered so nocolor is above m_part. Reported by FwdInTime (#4783).
2016-12-30 16:27:35 +01:00
Bram Matthys 9da4c7e5d0 Added DNSBL check exemption: except blacklist { mask 1.2.3.4; }; 2016-12-29 11:38:49 +01:00
Bram Matthys aae0971cf4 Add the ability to set specific ssl options in listen blocks and link blocks.
This allows you to for example specify a specific certificate/key on an
serversonly port and in link block (a self-signed 10 year valid certificate)
and use a short-lived (XX day) Let's Encrypt certificate on the other ports.
And several other uses, of course.
2016-12-29 08:37:15 +01:00
Bram Matthys 1f1ac6c4ee Less duplicate code: add internal function invisible_user_in_channel()
and remove many calls to HOOKTYPE_VISIBLE_IN_CHANNEL + flag checking.
2016-12-27 20:22:12 +01:00
Bram Matthys 5ac4125c6f Use new user_can_see_member() function at two other remaining places 2016-12-27 20:10:22 +01:00
Bram Matthys 99e087d50c Remove temporary workaround and actually fix stuff in QUIT for delayjoin. Add new function user_can_see_member()... 2016-12-27 20:02:35 +01:00
Bram Matthys 70a6d8be94 Merge pull request #65 from Adam-/unreal40+delayjoin
Some delayjoin fixes
2016-12-27 19:40:21 +01:00