1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 16:53:15 +02:00
Commit Graph

6630 Commits

Author SHA1 Message Date
Bram Matthys a743c5956d Buy a brain..
[skip ci]
2023-03-22 15:32:16 +01:00
Bram Matthys ed14d044e9 Fix crash in SVSO due to change from earlier today
[skip ci]
2023-03-22 15:31:21 +01:00
Bram Matthys e83c610b39 Add valid_vhost() and validate oper::vhost too just like vhost::vhost.
Actually make them both use this same function, even thought he original
vhost::vhost check was a bit more informational.

This also checks the vhost in other paths that lead to oper vhost setting.

Reported by ji in https://bugs.unrealircd.org/view.php?id=5910
2023-03-22 10:26:05 +01:00
Bram Matthys 3d8905dd1c Fix "unknown connection(s)" in LUSERS being rather high.
This was a counting bug in src/socket.c. The socket itself was actually
freed though, so it's purely counting that was wrong.

There could still be counting bugs elsewhere, it's always hard to get
this right, for 20 years already :D
2023-03-22 09:31:26 +01:00
Bram Matthys 4b4562516c Another attempt at UTF8-aware spamfilter.
This was previously tried at 19-apr-2020 in bc70882bd3
in UnrealIRCd 5.0.5. Sadly it had to be reverted immediately with a quick 5.0.5.1
release, all because of a PCRE2 100% CPU usage. Since then that bug has been fixed,
plus another bug. I'm now readding it "as an option" that is marked experimental.
Hopefully people test it out and can report back if it works well and then we can
make it the default someday.

This makes it a runtime setting so makes it much easier to switch back/forth if
there are any issues without recompiling anything. Had to use a bit more code now
though to handle the recompiling of spamfilters if the setting is changed.

Original issue was https://bugs.unrealircd.org/view.php?id=5187

* [Spamfilter](https://www.unrealircd.org/docs/Spamfilter) can be made UTF8-aware.
  * This is experimental, to enable: `set { spamfilter { utf8 yes; } }``
  * Case insensitive matches will then work better. For example, with extended
    Latin, a spamfilter on `ę` then also matches `Ę`.
  * Other PCRE2 features such as [\p](https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC5)
    can then be used. For example you can then set a spamfilter with the regex
    `\p{Arabic}` to block all Arabic script.
    Please do use these new tools with care. Blocking an entire language
    or script is quite a drastic measure.
  * As a consequence of this we require PCRE2 10.36 or newer. If your system
    PCRE2 is older than this will mean the UnrealIRCd-shipped-library version
    will be compiled and `./Config` may take a little longer than usual.
2023-03-22 09:00:31 +01:00
Bram Matthys 768a08f83b Fixes for remote REHASH of a server: fix both missing and duplicate lines.
Duplicate line reported by Lord255 in https://bugs.unrealircd.org/view.php?id=6082
Missing line(s) may have been mentioned by someone but never reported
on the bug tracker.
2023-03-20 11:45:41 +01:00
Bram Matthys 8a48cfb664 Fix not sending CAP DEL on module unload.
Reported by westor in https://bugs.unrealircd.org/view.php?id=6104
The code was there but the order of which the checks were done was
wrong, so first it was checking which CAP's were unloaded and after
that it was unloading the CAP, instead of the other way around.

Also renamed the function to clicap_check_for_changes()
to be consistent with other runtime change detection functions
like extcmodes_check_for_changes(), umodes_check_for_changes()
and charsys_check_for_changes().
2023-03-20 10:55:22 +01:00
Bram Matthys a7c9ecb4e7 Add deny link::reason (optional) and display it in oper warnings
and to the other side of the link.
2023-03-20 09:18:05 +01:00
Bram Matthys a1e7e9f882 Move deny link { } handling to server module. 2023-03-20 09:09:03 +01:00
Bram Matthys 56478f04aa When an IRCOp uses user mode +H (hide oper) then only hide swhois
entries that have the tag "oper", IOTW: the ones that are added
through the oper { } block, and not the ones added through
different means like a vhost { } block.
Really minor thingy but suggested by JanisB in
https://bugs.unrealircd.org/view.php?id=4233 and actually
possible nowadays when swhois items are tagged.

Hint: if you use SVSO to make someone oper, and then add swhois
entries, be sure to tag them with a setby of "oper" too, that
way they are hidden in +H and also automatically removed from
the user when the user does "MODE nick -o" to de-oper.
2023-03-19 12:29:30 +01:00
Bram Matthys fae628cbdf Fix "Missing snomask logging configuration" REHASH issue
if you do actually have 1 snomask configured (a single one).
Although this is rather rare and unusual, it should be possible.
Previously we required at least 2 snomasks and the counter
did not properly reset during rehashes. Not sure why we required
2 and not 1, and the counter reset was a bug.
Reported by westor in https://bugs.unrealircd.org/view.php?id=5994
2023-03-19 11:51:28 +01:00
Bram Matthys 5c108e0ec3 Don't fetch GeoIP.dat upon blacklist-module geoip_classic;
Reported in https://bugs.unrealircd.org/view.php?id=6100

Actually this only works if you have a:
blacklist-module geoip_classic;
in your conf and that conf is read before modules.default.conf
This is true if you have that blacklist-module line in your
unrealircd.conf, so should cover most cases.
2023-03-19 11:28:23 +01:00
Bram Matthys 15c8da2be8 Send ERR_INPUTTOOLONG (417) on oversized message-tags, as per
https://ircv3.net/specs/extensions/message-tags
Reported by progval in https://bugs.unrealircd.org/view.php?id=5949
2023-03-19 10:13:58 +01:00
Bram Matthys 951b913800 Update crule.c, re-porting it from ircu, to hopefully fix some bug(s).
Reported by 9pfs in https://bugs.unrealircd.org/view.php?id=6248

This is completely untested (other than ./unrealircd start), so
feedback from people who actually use crule like in deny link { }
is very much welcomed.
2023-03-19 08:38:54 +01:00
Bram Matthys 99c3f8688e When we blocked remote requests for CREDITS/INFO/LICENSE 10 years ago
due to flood attacks, back then we changed the argument silently to
point to our own server, eg 'INFO some.remote.server' ended up being
'INFO' (local server) when requested by non-IRCOps.
Now, we simply return "Permission denied" in such cases, which is
more clear and explicit.
Reported by progval in https://bugs.unrealircd.org/view.php?id=6004
2023-03-18 14:14:18 +01:00
Bram Matthys eccf108866 Forgot second part of the patch in previous commit. 2023-03-18 14:01:58 +01:00
Bram Matthys 3bccc63125 Fix +S stripping too much on incorrect color codes.
Reported by semioriginal in https://bugs.unrealircd.org/view.php?id=5908
with the patch also by semioriginal.
2023-03-18 13:58:59 +01:00
Bram Matthys 5cdcb95cdf Fix log message nick.BAD_NICK_REMOTE showing wrong server.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=6060
2023-03-18 13:41:38 +01:00
Bram Matthys 3329cbcf18 Fix @if module-loaded() for modules that are about to be unloaded during REHASH.
Reported by westor in https://bugs.unrealircd.org/view.php?id=6122

This because is_module_loaded() returned the 'current state' rather than
the 'future state', as mentioned in is_module_loaded() in a comment there.
Fix was swappping two lines.
2023-03-18 13:36:15 +01:00
Bram Matthys 80d9b00de2 Possible fix for changes yesterday in moddata websocket_mdata_unserialize,
freeing of old websocket data (probably never called, but hey..)
2023-03-18 07:39:41 +01:00
Bram Matthys 0428819c03 Add security group "websocket-users" and add security-group options
security-group::websocket and security-group::exclude-websocket,
all similar to how security-group::webirc works but for websocket.
Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=5598
and Nini in https://bugs.unrealircd.org/view.php?id=6222
2023-03-17 18:57:59 +01:00
Bram Matthys 3c64392a86 Sync websocket status over the network (needed for next commits) 2023-03-17 18:53:17 +01:00
Bram Matthys cdb36e7e30 WHOWAS: Show IP address and account to IRCOps.
Thanks to Noisytoot for https://github.com/unrealircd/unrealircd/pull/227
who suggested displaying account and provided a partial patch, and
armyn in https://bugs.unrealircd.org/view.php?id=6153 suggesting IP.

I chose to use the existing RPL_WHOIS* numerics that we also use for
returning WHOIS data. We already use RPL_WHOISSERVER in WHOWAS for
ages and the use of it is mentioned in RFC1459, so seems like that
was the idea right from the beginning of times. The only change I did
was from "is" to "was" in like "was logged in" and "was connecting from"
in the text of the numerics.
2023-03-17 18:10:46 +01:00
Bram Matthys fcdb059883 Fix whitespace and add some comments, before I go edit this file 2023-03-17 17:36:57 +01:00
Bram Matthys 96a6cf03a1 Probably helps if i add the .c file 2023-03-17 14:20:58 +01:00
Bram Matthys 45757da12e Add CAP standard-replies, and send ACCOUNT_REQUIRED_TO_CONNECT when
a user is soft-banned, from authprompt anyway.
2023-03-17 14:20:02 +01:00
Bram Matthys db23e7ba74 Update a module description (copy-paste error)
[skip ci]
2023-03-17 14:06:42 +01:00
Bram Matthys 4a9dcc6511 Fix mode +d (post delayed +D) not showing invisible users partially.
Or, "invisible_user_in_channel() function doesn't return 1 when channel has +d"
Reported by westor in https://bugs.unrealircd.org/view.php?id=6118
2023-03-17 12:12:20 +01:00
Bram Matthys 2a98802d09 Fix compile warning due to latest additions. 2023-03-17 11:06:12 +01:00
Bram Matthys 9a08e39bca Fix modulemanager not working on FreeBSD (./unrealircd module install ...)
and other systems where 'make' was not GNU Make.
It now uses the same detection mechanism as in ./Config, which
should be known to work.

Reported by Valware and rj1 in https://bugs.unrealircd.org/view.php?id=6195
2023-03-17 10:44:10 +01:00
Bram Matthys 5e57228dfb In the FLOOD_BLOCKED log message, add the target of the flood.
Suggested by ComputerTech in https://bugs.unrealircd.org/view.php?id=6148
2023-03-17 09:56:56 +01:00
Bram Matthys 16d6c0efd6 Fix crash if unrealircd.org/json-log is used and a module calls config_warn()
during MOD_INIT, while an IRCOp is listening. Or any log call, really.
This causes the code path: config_warn() -> do_unreal_log_opers() -[..]->
sendto_one() -[..]-> client_accepts_tag() for a client tag handler that is
no longer loaded.

The fix is to unload very late and load very early, a trick
we did earlier with websockets as well (c3824ad47d).
2023-03-15 13:45:49 +01:00
Bram Matthys c43753cd4b Support NO_COLOR environment variable, as per https://no-color.org 2023-03-11 17:58:21 +01:00
Bram Matthys 977c4b433a Make it so services can CHGHOST/CHGIDENT in the SASL / registration phase.
This so users can come online directly with the correct vhost set,
and not first with a standard (usually cloaked) host while auto-(re-)joining
followed by a CHGHOST later.

This is a long outstanding wish from users, I think.

Services can simply send a CHGHOST/CHGIDENT to the UID, for example
right before they send the SASL ... D S message (SASL succeeded)
they can send like: CHGHOST 002ABCDEF some.nice.host

Then UnrealIRCd 6.0.7-git and later will handle the CHGHOST even if
the user is not known yet. Technically, the server where the UID is
on will handle the message. And remote servers that don't know the
user with this UID yet will forward to the server with the SID-portion
of the UID. The CHGHOST will not be a broadcast but the vhost will
show up in the UID protocol message that introduces the user.
For CHGIDENT it is a similar story.

Light testing has been done but more extensive testing is welcomed.
2023-02-08 10:49:15 +01:00
Bram Matthys 47c8a9c1b8 Use find_server_by_uid() in SREPLY so it can deliver during pre-auth/unregistered stage 2023-02-08 10:11:54 +01:00
Bram Matthys c6c8bba311 Add find_server_by_uid() which hunts a server for the SID-portion of A UID.
Not sure if this is the best name, maybe I come up with a better one later.

The purpose of this function is so we can deliver certain messages to
pre-auth users, that is: users that are not fully registered yet.
This would mostly be used (perhaps exclusively) in SASL stage.
2023-02-08 10:10:27 +01:00
Bram Matthys 61970d12b2 Load 'sreply' module by default, fix a compile issue casused by myself
and some minor subjective style changes.
2023-02-08 09:57:20 +01:00
Valerie Pond 2cf6e9ef19 Add S2S command SREPLY for handling IRCv3 standard replies (#236)
This command allows servers to send Standard Replies (https://ircv3.net/specs/extensions/standard-replies) to clients.
2023-02-08 08:43:41 +00:00
Valerie Pond 14035d4dc0 Make qlines for channels work (#247)
This fixes a check which was backwards. A qline on a channel would only stop someone from joining if the person was an oper that had immunity.
2023-02-08 08:21:19 +00:00
Bram Matthys dd830261db Reject a link for anope or atheme if there is no ulines { } for it.
This is checked for both local and remote services linking in.

Naturally, the list can be expanded to include more services that
really need ulines { }, and not statistical services or some other
purpose non-unrealircd servers, which is the reason why cannot
blindly assume all non-unrealircd servers require ulines.

This should hopefully help users a lot with "mysterious" issues
with services that we see too often in the support channel.
Suggested in https://bugs.unrealircd.org/view.php?id=5742

Note that this does require services to communicate their software
version via EAUTH. Anope does this for years already, but atheme only
does so since 10 days ago (git only, presumably not released yet)
after Valware filed a PR.
2023-02-08 09:02:44 +01:00
Bram Matthys b370b89545 Bump version to 6.0.7-git 2023-02-08 08:08:11 +01:00
Bram Matthys 01fd2da627 ** UnrealIRCd 6.0.6 ** 2023-02-03 06:56:16 +01:00
Bram Matthys 3666d1d728 JSON-RPC: Add some more sanity checking on the 'id'
(Mainly because the id might be used in RRPC)
2023-01-16 11:10:47 +01:00
Bram Matthys b1139769e1 Do some basic filtering on the request by default.
This ensures that strings are of maximum 510 characters in length
and do not contain \n or \r.
Solves a lot of theoretical problems in many modules that .add
things or do other non-list/non-get actions.

This behavior can be turned off per-method (per handler) by setting
handler->flags = RPC_HANDLER_FLAGS_UNFILTERED;
This is currently not done in any of the modules.
2023-01-16 10:59:41 +01:00
Bram Matthys bdb5541def minor code cleanup (do things the libjansson way..) 2023-01-16 10:38:54 +01:00
Bram Matthys 9e887ea728 Add LoadPersistentLongLong() / SavePersistentLongLong() 2023-01-15 14:40:04 +01:00
Bram Matthys 1d1766a895 Send buildid in server version in EAUTH/SINFO and in server.* JSON-RPC.
This reveals the full git version.
2023-01-15 10:13:16 +01:00
Bram Matthys 497a19e7e2 Accept more connections in each listener run. 2023-01-14 20:49:12 +01:00
Bram Matthys 462ce7fcfa JSON-RPC: add stats.get call which can be used in "Network Overview" in
UnrealIRCd Admin panel and for other statistical purposes.
This can be expanded when needed.
2023-01-14 18:48:18 +01:00
Bram Matthys 2fcddd1655 JSON-RPC: Send 401 error response on invalid auth (instead of lingering the connection). 2023-01-14 17:18:00 +01:00