1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 19:23:12 +02:00
Commit Graph

818 Commits

Author SHA1 Message Date
Bram Matthys 957af0909b RPC: channel.get and channel.list now have optional object_detail_level.
This is an integer which decides the amount of details in the response object.

For the channel.* calls the object_detail_level is one of:
0: only return the channel name, nothing else
1: basic channel information only
2: this adds bans, ban_exemptions, invite_exceptions
3: also show members, but only level/name/id
4: also show members, level/name/id/hostname/ip/details/geoip
5: also show members, level and full user details like user.get

When no object_detail_level is specified, the following defaults are used:
For channel.list the default is 1 (matches current 6.0.6 behavior)
For channel.get the default is 3 (matches current 6.0.6 behavior)

Using channel.list with object_detail_level=5 is forbidden because
it would cause way too much output (and processing time).
2023-03-27 09:56:03 +02:00
Bram Matthys 04ce8f8ed7 Add helper functions 2023-03-25 12:19:44 +01:00
Bram Matthys 78ce692357 Move ban_exists() to the core (was a helper function in channeldb) 2023-03-25 10:38:05 +01:00
Bram Matthys e83c610b39 Add valid_vhost() and validate oper::vhost too just like vhost::vhost.
Actually make them both use this same function, even thought he original
vhost::vhost check was a bit more informational.

This also checks the vhost in other paths that lead to oper vhost setting.

Reported by ji in https://bugs.unrealircd.org/view.php?id=5910
2023-03-22 10:26:05 +01:00
Bram Matthys 8a48cfb664 Fix not sending CAP DEL on module unload.
Reported by westor in https://bugs.unrealircd.org/view.php?id=6104
The code was there but the order of which the checks were done was
wrong, so first it was checking which CAP's were unloaded and after
that it was unloading the CAP, instead of the other way around.

Also renamed the function to clicap_check_for_changes()
to be consistent with other runtime change detection functions
like extcmodes_check_for_changes(), umodes_check_for_changes()
and charsys_check_for_changes().
2023-03-20 10:55:22 +01:00
Bram Matthys a1e7e9f882 Move deny link { } handling to server module. 2023-03-20 09:09:03 +01:00
Bram Matthys 5c108e0ec3 Don't fetch GeoIP.dat upon blacklist-module geoip_classic;
Reported in https://bugs.unrealircd.org/view.php?id=6100

Actually this only works if you have a:
blacklist-module geoip_classic;
in your conf and that conf is read before modules.default.conf
This is true if you have that blacklist-module line in your
unrealircd.conf, so should cover most cases.
2023-03-19 11:28:23 +01:00
Bram Matthys 951b913800 Update crule.c, re-porting it from ircu, to hopefully fix some bug(s).
Reported by 9pfs in https://bugs.unrealircd.org/view.php?id=6248

This is completely untested (other than ./unrealircd start), so
feedback from people who actually use crule like in deny link { }
is very much welcomed.
2023-03-19 08:38:54 +01:00
Bram Matthys c6c8bba311 Add find_server_by_uid() which hunts a server for the SID-portion of A UID.
Not sure if this is the best name, maybe I come up with a better one later.

The purpose of this function is so we can deliver certain messages to
pre-auth users, that is: users that are not fully registered yet.
This would mostly be used (perhaps exclusively) in SASL stage.
2023-02-08 10:10:27 +01:00
Bram Matthys dd830261db Reject a link for anope or atheme if there is no ulines { } for it.
This is checked for both local and remote services linking in.

Naturally, the list can be expanded to include more services that
really need ulines { }, and not statistical services or some other
purpose non-unrealircd servers, which is the reason why cannot
blindly assume all non-unrealircd servers require ulines.

This should hopefully help users a lot with "mysterious" issues
with services that we see too often in the support channel.
Suggested in https://bugs.unrealircd.org/view.php?id=5742

Note that this does require services to communicate their software
version via EAUTH. Anope does this for years already, but atheme only
does so since 10 days ago (git only, presumably not released yet)
after Valware filed a PR.
2023-02-08 09:02:44 +01:00
Bram Matthys 194a0b42f7 JSON-RPC: don't log the RPC calls if they are just for listing/getting,
since these are rather noisy and generally not very interesting to log.
Of course, DO log them if they are like add/delete/etc.

The way this works is a new property in the RPCHandler, eg:

        memset(&r, 0, sizeof(r));
        r.method = "server.list";
+       r.loglevel = ULOG_DEBUG;
        r.call = rpc_server_list;
        if (!RPCHandlerAdd(modinfo->handle, &r))

All of the .list and .get (and things like .module_list) now use
the debug facility, which is not logged by default.

You can still log ALL the JSON-RPC calls if you wish, for example
to a separate file, through something like:

log {
	source { rpc; }
	destination {
		file "rpc.log" { maxsize 100M; }
	}
}
2023-01-14 16:40:48 +01:00
Bram Matthys a1800f01e9 JSON-RPC / RRPC: Announce all RPC modules and their versions over the wire via moddata.
Needed for rrpc_supported() at a later point, so one can require certain versions etc :p
2023-01-13 18:20:40 +01:00
Bram Matthys b9fcdcdb19 Make server.rehash for remote servers use two possible code paths:
* If the remote server (and all servers in-between) support RRPC
  then forward the RPC request as RRPC and let remote handle the
  response. The response will be the verbose rehash response.
* If not supported, then simply return boolean true as a response,
  and use oldskool :source_server REHASH dest_server over the wire
2023-01-13 18:09:12 +01:00
Bram Matthys b8cbe63915 Support server.rehash for remote servers with full detailed response.
(Required RPC modules to be loaded on the remote server, tho)

This adds support for remote async RPC requests that take a little longer,
in such a case we don't call free_client() upon return of rpc_call().
2023-01-13 16:51:47 +01:00
Bram Matthys 6a4ae9d9ec Support RPC calls to remote servers, where the RPC request/response is
sent over the IRC network. This makes it possible to fetch information
from remote servers that is not known locally, and also it makes it
possible to do more things, or do it easier.

This does require the remote servers to enable RPC as well, though,
eg: include "rpc.modules.default.conf";
(They don't need any listener or rpc-user blocks)

Code-wise it looks nice, like from rpc_server_module_list it is a simple:
/* Forward to remote */
rpc_send_request_to_remote(client, targetserver, request);

This is work in progress. In particular, there is no handling yet of
timeouts (eg if the request to the remote server, or the response
from it takes ages). Nor does it handle the case where the server
quits half-way through the request/response... that is: it does free
the request and such, but does not notify the RPC client about it.
That will need to be added, of course, likely soon.

Over the IRC network this uses the new RRPC command:
:<server> RRPC <REQ|RES> <source> <destination> <requestid> [S|C|F] :<request data>
A request looks like this (assuming it is short):
:001 RRPC REQ 001ABCDEF 002 abc SF :..this is the json request...
And then the response (assuming it is long) is like:
:001 RRPC REQ 001ABCDEF 002 abc S :..this is the json response...
:001 RRPC REQ 001ABCDEF 002 abc C :..more...
:001 RRPC REQ 001ABCDEF 002 abc C :..more...
:001 RRPC REQ 001ABCDEF 002 abc F :..and that was it.
There is currently no request/response limit, it is limited by memory.

Right now the only call using this is server.module_list when called
with a param of "server":"some.remote.server"
2023-01-13 12:45:51 +01:00
Bram Matthys d6833ae298 JSON-RPC: add server.connect API call
(directly connected server only at the moment)
This also cleans up the linking procedure (now) at 3 places,
to use find_link() and check_deny_link() everywhere.
2023-01-11 16:54:22 +01:00
Bram Matthys a5bdf317fb JSON-RPC: begin with a server.* API, also fill client->local->rpc for
RPC clients with the RPC user and such.

Most of this work is for server.rehash which causes the request to
be saved, then a rehash begins, and a few seconds later (or whenever)
the entire rehash log and success/failure is indicated in the
JSON-RPC response.

TODO: all documentation for this
2023-01-11 15:43:50 +01:00
Bram Matthys 0244c31742 Split of some code from cmd_eline() into server_ban_exception_parse_mask(),
similar to how *LINE commands use server_ban_parse_mask().
Now used by ELINE and for JSON-RPC later...
2023-01-08 14:56:56 +01:00
Bram Matthys 619282397e Add json_object_get_boolean():
int json_object_get_boolean(json_t *j, const char *name, int default_value)
[skip ci]
2023-01-07 15:54:49 +01:00
Bram Matthys 4378979ad5 Add valid_username() so we can use it at multiple places.
This gets rid of duplicate code in SETIDENT, CHGIDENT, and soon
in the RPC call. It does not get rid of make_valid_username()
in src/modules/nick.c which does something slightly different.
2023-01-07 15:11:52 +01:00
Bram Matthys 14107d88be Add set_channel_topic() and use it from cmd_topic (TOPIC) 2023-01-07 10:16:18 +01:00
Bram Matthys 141c4bc64d Use consts in set_channel_mode()
[skip ci]
2023-01-07 09:39:44 +01:00
Bram Matthys b33628b765 JSON-RPC over Websockets: Fix bug with >64Kb responses.
Eg if there are 10.000 users online and you do user.list.
The old websocket framing assumed no response was >64Kb.

This also creates a new function websocket_create_packet_ex()
2023-01-04 13:10:09 +01:00
Bram Matthys eca0035e8d Actually fix previous-previous-commit cdd0e4116d 2022-12-21 10:09:23 +01:00
Bram Matthys d9ac4cac07 Add RPC 'rpc.info': returns list of RPC methods, RPC module name and version.
This can be useful for checking if a server supports something and what
format it expects or returns things, etc.
2022-12-05 14:48:14 +01:00
Bram Matthys 3de3087c95 Fix read-after-free when linking in a server (that is fully authenticated)
when there is already another established link with a server with the same name.
For example, when there is a network issue and the "old server" is still
waiting to be timed out and the "new server" is already linking in.
2022-10-01 08:48:44 +02:00
Bram Matthys 401ab6f5a1 Make strlncpy() and strlncat() use strlncat() instead of strlen().
This fixes a possible crash when using RPC with unix domain sockets,
reported by Valware.

This also adds a configure check so we use our own strlncat if the
C library does not have one, e.g. some non-Linux.
2022-08-20 13:50:19 +02:00
Bram Matthys 55c52c3693 Log file (log::destination::file) now creates directory structure if needed.
You could already have something like:
log { source { !debug; all; } destination { file "ircd.%Y-%m-%d.log"; } }
But now you can also have:
log { source { !debug; all; } destination { file "%Y-%m-%d/ircd.log"; } }

This is especially useful if you output to multiple log files and then
want them grouped by date in a directory.
2022-08-05 13:02:19 +02:00
Bram Matthys 0e6fc07bd9 Update verify_link() to return rather than set the link block in a variable.
Hopefully this fixes a crash when linking (succesfully authenticated) servers,
something which only happens with GCC and only for some people in some cases.
2022-08-03 14:55:37 +02:00
Bram Matthys 7371498ffd Make auto-expansion work for IPv6 bans as well: +b A:B:C:IP -> *!*@A:B:C:IP.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6147

This also adds a new function convert_regular_ban() which is now
used by both clean_ban_mask() and extban_conv_param_nuh().
2022-07-01 10:13:57 +02:00
Bram Matthys c60fdad7eb RPC: add server_ban.add
This also moves some of the adding code (sending notice, broadcasting to
other servers, etc) to a function tkl_added().

We should probably do the same for deletion and not use the tkllayer
anymore for that?
2022-06-24 19:49:32 +02:00
Bram Matthys 3d9b7e4b70 RPC: remove tkl, split this up.. starting with server_ban.
Currently available:
* server_ban.list
* server_ban.get with params: name="*@1.2.3.4", type="kline"

This also adds server_ban_parse_mask() which is now used by both GLINE/etc
and the RPC API to parse the same way and convey the same error messages.
2022-06-24 18:53:10 +02:00
Bram Matthys 36946c6c51 Move JSON stuff from log.c to json.c now that it is more universal. 2022-06-24 13:21:27 +02:00
Bram Matthys 7c8918e22d Update rpc_error() to use JsonRpcError (enum) and add more error values. 2022-06-20 19:02:52 +02:00
Bram Matthys 853f0685ed Split off big chunk of websocket module into websocket_common module.
And load the websocket_common module by default (which is just an API).
2022-06-19 13:13:33 +00:00
Bram Matthys 4a68008b81 Rename some more:
* WEB() now has handle_request() and handle_body(), makes more sense.
* webserver_handle_body_data() -> webserver_handle_body()
* and similar cases
2022-06-19 13:13:33 +00:00
Bram Matthys 12f2cd8555 Rename webserver_handle_body_data() -> webserver_handle_request_body() 2022-06-19 13:13:33 +00:00
Bram Matthys 9afdcb7ff0 Add request body handler in webserver -- only a beginning, the
chunked encoding stuff is copied from the modulemanager and #if'd out.
The non-chunked is not OK yet either, as it must check the Content-Length,
while we currently assume a single packet == the complete request.
2022-06-19 13:13:33 +00:00
Bram Matthys b710fb188b Add get_nvplist() function.
Requested by westor in https://bugs.unrealircd.org/view.php?id=6125
2022-06-19 13:13:33 +00:00
Bram Matthys 60c83b4ba1 Move connect-flood and max-unknown-connections-per-ip into their own module.
These deal with set::anti-flood::everyone::connect-flood and
set::max-unknown-connections-per-ip respectively.

This adds a new hook HOOKTYPE_ACCEPT, that is mostly meant for internal
usage by UnrealIRCd. Most module coders will want to use the existing
hook HOOKTYPE_HANDSHAKE instead.

This also gets of check_banned() which is now spread over the individual
modules (eg: checking banned is done in tkl on HOOKTYPE_ACCEPT and
HOOKTYPE_IP_CHANGE).
2022-06-19 13:13:33 +00:00
Bram Matthys 1830f3e53f Add RPC channel.list call to show list of channels (with all details) 2022-06-19 13:13:33 +00:00
Bram Matthys 61ba3727df JSON-RPC: Use proper error response with error codes according to
the official specification (one of JSON_RPC_ERROR_*).

Add proper rpc_error() and rpc_error_fmt()

Don't steal reference in rpc_response().
2022-06-19 13:13:33 +00:00
Bram Matthys 4cd520d327 Make user.list() RPC API return a list of all users with details.
This is the 1st RPC API call that actually works :D
2022-06-19 13:13:33 +00:00
Bram Matthys 2397fb8a49 Split 'websocket' module up in 'webserver' and 'websocket' 2022-06-19 13:13:33 +00:00
Bram Matthys b4f6c83821 Fix multiline log messages not working, they showed up as single lines
with their content added together.
2022-05-30 08:59:44 +02:00
Bram Matthys 96897289e0 Allow oper block without password, now that you can use security-group
and other selectors in 'mask'. This allows for things like:

security-group Syzop { certfp "xyz"; }

oper Syzop {
	mask { security-group Syzop; }
	operclass netadmin-with-override;
	class opers;
}

except ban {
	mask { security-group Syzop; }
	type all;
}

allow {
	mask { security-group Syzop; }
	class special;
	maxperip 32;
}

etc...

We do error on the obvious case of mask * and mask *@* when no password
is set, but otherwise try not to stop all cases of user stupidity
(there are just too many...).
2022-05-26 20:31:28 +02:00
Bram Matthys b28d8aecd7 Add "ip" to mask item and security-group for easy matching on IP.
So you can just use mask { ip { 127.*; 192.168.*; } } without
having to worry about hostnames like 127.example.net.
(Of course you could also have used CIDR notation)

Another benefit is that, since we are dealing with IP's only,
the matching is faster than going through the more universal
match_user() routine.
2022-05-25 08:34:22 +02:00
Bram Matthys 7ff4a3e897 Add the promised support of security group functionality in except ban { }
So now the example in the release notes actually works:
except ban {
    mask { security-group irccloud; }
    type { blacklist; connect-flood; handshake-data-flood; }
}
2022-05-25 08:01:05 +02:00
Bram Matthys 7740d64042 Limit individual JSON strings to 512 bytes and call StripControlCodes()
on each string. Note that the entire JSON dump may still be much larger,
this is just about each individual string item within an object.

This commit also adds a more flexible StripControlCodesEx() function
to the core (which is used by the logging system), the existing
StripControlCodes() function is unchanged and can still be used.

+/** Strip color, bold, underline, and reverse codes from a string.
+ * @param text                 The input text
+ * @param output               The buffer for the output text
+ * @param outputlen            The length of the output buffer
+ * @param strip_all_low_ascii  If set to 1 then all ASCII < 32 is stripped
+ *                             (the ASCII control codes), otherwise we only
+ *                             strip the IRC control- and color codes.
+ * @returns The new string, which will be 'output', or in unusual cases (outputlen==0) will be NULL.
+ */
+const char *StripControlCodesEx(const char *text, char *output, size_t outputlen, int strip_all_low_ascii)
 {
2022-05-23 10:35:52 +02:00
Bram Matthys 3fbdb7fd4b Move StripControlCodes() from message.c to misc.c.
Because I need in the core (again) due to early calls / calls during
rehashes / etc...
2022-05-23 10:10:47 +02:00