1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 01:46:38 +02:00
Commit Graph

2907 Commits

Author SHA1 Message Date
Bram Matthys a743c5956d Buy a brain..
[skip ci]
2023-03-22 15:32:16 +01:00
Bram Matthys ed14d044e9 Fix crash in SVSO due to change from earlier today
[skip ci]
2023-03-22 15:31:21 +01:00
Bram Matthys e83c610b39 Add valid_vhost() and validate oper::vhost too just like vhost::vhost.
Actually make them both use this same function, even thought he original
vhost::vhost check was a bit more informational.

This also checks the vhost in other paths that lead to oper vhost setting.

Reported by ji in https://bugs.unrealircd.org/view.php?id=5910
2023-03-22 10:26:05 +01:00
Bram Matthys 4b4562516c Another attempt at UTF8-aware spamfilter.
This was previously tried at 19-apr-2020 in bc70882bd3
in UnrealIRCd 5.0.5. Sadly it had to be reverted immediately with a quick 5.0.5.1
release, all because of a PCRE2 100% CPU usage. Since then that bug has been fixed,
plus another bug. I'm now readding it "as an option" that is marked experimental.
Hopefully people test it out and can report back if it works well and then we can
make it the default someday.

This makes it a runtime setting so makes it much easier to switch back/forth if
there are any issues without recompiling anything. Had to use a bit more code now
though to handle the recompiling of spamfilters if the setting is changed.

Original issue was https://bugs.unrealircd.org/view.php?id=5187

* [Spamfilter](https://www.unrealircd.org/docs/Spamfilter) can be made UTF8-aware.
  * This is experimental, to enable: `set { spamfilter { utf8 yes; } }``
  * Case insensitive matches will then work better. For example, with extended
    Latin, a spamfilter on `ę` then also matches `Ę`.
  * Other PCRE2 features such as [\p](https://www.pcre.org/current/doc/html/pcre2syntax.html#SEC5)
    can then be used. For example you can then set a spamfilter with the regex
    `\p{Arabic}` to block all Arabic script.
    Please do use these new tools with care. Blocking an entire language
    or script is quite a drastic measure.
  * As a consequence of this we require PCRE2 10.36 or newer. If your system
    PCRE2 is older than this will mean the UnrealIRCd-shipped-library version
    will be compiled and `./Config` may take a little longer than usual.
2023-03-22 09:00:31 +01:00
Bram Matthys a7c9ecb4e7 Add deny link::reason (optional) and display it in oper warnings
and to the other side of the link.
2023-03-20 09:18:05 +01:00
Bram Matthys a1e7e9f882 Move deny link { } handling to server module. 2023-03-20 09:09:03 +01:00
Bram Matthys 56478f04aa When an IRCOp uses user mode +H (hide oper) then only hide swhois
entries that have the tag "oper", IOTW: the ones that are added
through the oper { } block, and not the ones added through
different means like a vhost { } block.
Really minor thingy but suggested by JanisB in
https://bugs.unrealircd.org/view.php?id=4233 and actually
possible nowadays when swhois items are tagged.

Hint: if you use SVSO to make someone oper, and then add swhois
entries, be sure to tag them with a setby of "oper" too, that
way they are hidden in +H and also automatically removed from
the user when the user does "MODE nick -o" to de-oper.
2023-03-19 12:29:30 +01:00
Bram Matthys 15c8da2be8 Send ERR_INPUTTOOLONG (417) on oversized message-tags, as per
https://ircv3.net/specs/extensions/message-tags
Reported by progval in https://bugs.unrealircd.org/view.php?id=5949
2023-03-19 10:13:58 +01:00
Bram Matthys 3bccc63125 Fix +S stripping too much on incorrect color codes.
Reported by semioriginal in https://bugs.unrealircd.org/view.php?id=5908
with the patch also by semioriginal.
2023-03-18 13:58:59 +01:00
Bram Matthys 5cdcb95cdf Fix log message nick.BAD_NICK_REMOTE showing wrong server.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=6060
2023-03-18 13:41:38 +01:00
Bram Matthys 80d9b00de2 Possible fix for changes yesterday in moddata websocket_mdata_unserialize,
freeing of old websocket data (probably never called, but hey..)
2023-03-18 07:39:41 +01:00
Bram Matthys 3c64392a86 Sync websocket status over the network (needed for next commits) 2023-03-17 18:53:17 +01:00
Bram Matthys cdb36e7e30 WHOWAS: Show IP address and account to IRCOps.
Thanks to Noisytoot for https://github.com/unrealircd/unrealircd/pull/227
who suggested displaying account and provided a partial patch, and
armyn in https://bugs.unrealircd.org/view.php?id=6153 suggesting IP.

I chose to use the existing RPL_WHOIS* numerics that we also use for
returning WHOIS data. We already use RPL_WHOISSERVER in WHOWAS for
ages and the use of it is mentioned in RFC1459, so seems like that
was the idea right from the beginning of times. The only change I did
was from "is" to "was" in like "was logged in" and "was connecting from"
in the text of the numerics.
2023-03-17 18:10:46 +01:00
Bram Matthys fcdb059883 Fix whitespace and add some comments, before I go edit this file 2023-03-17 17:36:57 +01:00
Bram Matthys 96a6cf03a1 Probably helps if i add the .c file 2023-03-17 14:20:58 +01:00
Bram Matthys 45757da12e Add CAP standard-replies, and send ACCOUNT_REQUIRED_TO_CONNECT when
a user is soft-banned, from authprompt anyway.
2023-03-17 14:20:02 +01:00
Bram Matthys db23e7ba74 Update a module description (copy-paste error)
[skip ci]
2023-03-17 14:06:42 +01:00
Bram Matthys 4a9dcc6511 Fix mode +d (post delayed +D) not showing invisible users partially.
Or, "invisible_user_in_channel() function doesn't return 1 when channel has +d"
Reported by westor in https://bugs.unrealircd.org/view.php?id=6118
2023-03-17 12:12:20 +01:00
Bram Matthys 5e57228dfb In the FLOOD_BLOCKED log message, add the target of the flood.
Suggested by ComputerTech in https://bugs.unrealircd.org/view.php?id=6148
2023-03-17 09:56:56 +01:00
Bram Matthys 16d6c0efd6 Fix crash if unrealircd.org/json-log is used and a module calls config_warn()
during MOD_INIT, while an IRCOp is listening. Or any log call, really.
This causes the code path: config_warn() -> do_unreal_log_opers() -[..]->
sendto_one() -[..]-> client_accepts_tag() for a client tag handler that is
no longer loaded.

The fix is to unload very late and load very early, a trick
we did earlier with websockets as well (c3824ad47d).
2023-03-15 13:45:49 +01:00
Bram Matthys 977c4b433a Make it so services can CHGHOST/CHGIDENT in the SASL / registration phase.
This so users can come online directly with the correct vhost set,
and not first with a standard (usually cloaked) host while auto-(re-)joining
followed by a CHGHOST later.

This is a long outstanding wish from users, I think.

Services can simply send a CHGHOST/CHGIDENT to the UID, for example
right before they send the SASL ... D S message (SASL succeeded)
they can send like: CHGHOST 002ABCDEF some.nice.host

Then UnrealIRCd 6.0.7-git and later will handle the CHGHOST even if
the user is not known yet. Technically, the server where the UID is
on will handle the message. And remote servers that don't know the
user with this UID yet will forward to the server with the SID-portion
of the UID. The CHGHOST will not be a broadcast but the vhost will
show up in the UID protocol message that introduces the user.
For CHGIDENT it is a similar story.

Light testing has been done but more extensive testing is welcomed.
2023-02-08 10:49:15 +01:00
Bram Matthys 47c8a9c1b8 Use find_server_by_uid() in SREPLY so it can deliver during pre-auth/unregistered stage 2023-02-08 10:11:54 +01:00
Bram Matthys 61970d12b2 Load 'sreply' module by default, fix a compile issue casused by myself
and some minor subjective style changes.
2023-02-08 09:57:20 +01:00
Valerie Pond 2cf6e9ef19 Add S2S command SREPLY for handling IRCv3 standard replies (#236)
This command allows servers to send Standard Replies (https://ircv3.net/specs/extensions/standard-replies) to clients.
2023-02-08 08:43:41 +00:00
Valerie Pond 14035d4dc0 Make qlines for channels work (#247)
This fixes a check which was backwards. A qline on a channel would only stop someone from joining if the person was an oper that had immunity.
2023-02-08 08:21:19 +00:00
Bram Matthys dd830261db Reject a link for anope or atheme if there is no ulines { } for it.
This is checked for both local and remote services linking in.

Naturally, the list can be expanded to include more services that
really need ulines { }, and not statistical services or some other
purpose non-unrealircd servers, which is the reason why cannot
blindly assume all non-unrealircd servers require ulines.

This should hopefully help users a lot with "mysterious" issues
with services that we see too often in the support channel.
Suggested in https://bugs.unrealircd.org/view.php?id=5742

Note that this does require services to communicate their software
version via EAUTH. Anope does this for years already, but atheme only
does so since 10 days ago (git only, presumably not released yet)
after Valware filed a PR.
2023-02-08 09:02:44 +01:00
Bram Matthys 3666d1d728 JSON-RPC: Add some more sanity checking on the 'id'
(Mainly because the id might be used in RRPC)
2023-01-16 11:10:47 +01:00
Bram Matthys b1139769e1 Do some basic filtering on the request by default.
This ensures that strings are of maximum 510 characters in length
and do not contain \n or \r.
Solves a lot of theoretical problems in many modules that .add
things or do other non-list/non-get actions.

This behavior can be turned off per-method (per handler) by setting
handler->flags = RPC_HANDLER_FLAGS_UNFILTERED;
This is currently not done in any of the modules.
2023-01-16 10:59:41 +01:00
Bram Matthys bdb5541def minor code cleanup (do things the libjansson way..) 2023-01-16 10:38:54 +01:00
Bram Matthys 1d1766a895 Send buildid in server version in EAUTH/SINFO and in server.* JSON-RPC.
This reveals the full git version.
2023-01-15 10:13:16 +01:00
Bram Matthys 462ce7fcfa JSON-RPC: add stats.get call which can be used in "Network Overview" in
UnrealIRCd Admin panel and for other statistical purposes.
This can be expanded when needed.
2023-01-14 18:48:18 +01:00
Bram Matthys 2fcddd1655 JSON-RPC: Send 401 error response on invalid auth (instead of lingering the connection). 2023-01-14 17:18:00 +01:00
Bram Matthys 194a0b42f7 JSON-RPC: don't log the RPC calls if they are just for listing/getting,
since these are rather noisy and generally not very interesting to log.
Of course, DO log them if they are like add/delete/etc.

The way this works is a new property in the RPCHandler, eg:

        memset(&r, 0, sizeof(r));
        r.method = "server.list";
+       r.loglevel = ULOG_DEBUG;
        r.call = rpc_server_list;
        if (!RPCHandlerAdd(modinfo->handle, &r))

All of the .list and .get (and things like .module_list) now use
the debug facility, which is not logged by default.

You can still log ALL the JSON-RPC calls if you wish, for example
to a separate file, through something like:

log {
	source { rpc; }
	destination {
		file "rpc.log" { maxsize 100M; }
	}
}
2023-01-14 16:40:48 +01:00
Bram Matthys 58db5b0845 Fix crash in JSON-RPC. Reported by multiple people past few days,
including Lord255, armyn and others.
The issue was not there when running with ASan, which is why it
was non-reproducible for so long. Valgrind picked it up correctly.

The bug was that in rpc_response() and rpc_error() I do:
id = json_object_get(request, "id");
[..]
json_object_set_new(j, "id", id);

which is wrong, since json_object_get() "borrows the reference"
and json_object_set_new "steals the reference".
In this particular case it should be:
json_object_set(j, "id", id);

Fixed in both functions. Would have to audit the code if the mistake
is made elsewhere too though. On first sight, it seems not.
2023-01-14 10:36:54 +01:00
Bram Matthys 53150c0e68 Fix double-wrapping of JSON reply for remote RPC (RRPC) calls such as
server.module_list and server.rehash for remote servers.
Reported by Valware.
2023-01-14 09:10:32 +01:00
Bram Matthys 405b59eb07 JSON-RPC: server.list/server.add: new property server->features->rpc_modules
This is an array with name/version elements, eg server.list or.get look like:
      {
        "name": "testlink.test.net",
        "server": {
          "features": {
            "rpc_modules": [
              {
                "name": "rpc",
                "version": "1.0.2"
              },
              {
                "name": "user",
                "version": "1.0.5"
              },
etc. etc.
2023-01-13 19:42:20 +01:00
Bram Matthys a1800f01e9 JSON-RPC / RRPC: Announce all RPC modules and their versions over the wire via moddata.
Needed for rrpc_supported() at a later point, so one can require certain versions etc :p
2023-01-13 18:20:40 +01:00
Bram Matthys b9fcdcdb19 Make server.rehash for remote servers use two possible code paths:
* If the remote server (and all servers in-between) support RRPC
  then forward the RPC request as RRPC and let remote handle the
  response. The response will be the verbose rehash response.
* If not supported, then simply return boolean true as a response,
  and use oldskool :source_server REHASH dest_server over the wire
2023-01-13 18:09:12 +01:00
Bram Matthys c7f9dadb68 Add JSON_RPC_ERROR_REMOTE_SERVER_NO_RPC error which indicates that the
remote server does not have the JSON-RPC module(s) loaded.

Internally this uses the "rrpc" moddata property that each server will
now set on themselves if the rpc/rpc module is loaded.

Actually I am going to make this more verbose and better later...
2023-01-13 17:43:23 +01:00
Bram Matthys b8cbe63915 Support server.rehash for remote servers with full detailed response.
(Required RPC modules to be loaded on the remote server, tho)

This adds support for remote async RPC requests that take a little longer,
in such a case we don't call free_client() upon return of rpc_call().
2023-01-13 16:51:47 +01:00
Bram Matthys e2ef83bd6e Fix crash on REHASH 2023-01-13 15:57:45 +01:00
Bram Matthys cbdde31c1d Move client->local->rpc to client->rpc 2023-01-13 15:49:41 +01:00
Bram Matthys 16e4990f83 Fix memory leaks created in commit from 15 minutes ago 2023-01-13 15:45:12 +01:00
Bram Matthys bed40ccdab JSON-RPC: RPC-over-net: track requests and handle timeouts and SQUITs.
Inform the RPC client that the request timed out / server is gone.
The timeout is fixed at 15 seconds, which is fine, I think.

New rpc error codes:
JSON_RPC_ERROR_SERVER_GONE      = -32001, /**< The request was forwarded to a remote server, but this server went gone while processing the request */
JSON_RPC_ERROR_TIMEOUT          = -32002, /**< The request was forwarded to a remote server, but the request/response timed out (15 seconds) */

Unfortunately we cannot say for sure the action did not succeed at all.
It could be that the request never reached the server, but it could also
be that the request DID reach the server and we timed out during
retrieving the response. Nothing we can do about that.
2023-01-13 15:34:00 +01:00
Bram Matthys 6a4ae9d9ec Support RPC calls to remote servers, where the RPC request/response is
sent over the IRC network. This makes it possible to fetch information
from remote servers that is not known locally, and also it makes it
possible to do more things, or do it easier.

This does require the remote servers to enable RPC as well, though,
eg: include "rpc.modules.default.conf";
(They don't need any listener or rpc-user blocks)

Code-wise it looks nice, like from rpc_server_module_list it is a simple:
/* Forward to remote */
rpc_send_request_to_remote(client, targetserver, request);

This is work in progress. In particular, there is no handling yet of
timeouts (eg if the request to the remote server, or the response
from it takes ages). Nor does it handle the case where the server
quits half-way through the request/response... that is: it does free
the request and such, but does not notify the RPC client about it.
That will need to be added, of course, likely soon.

Over the IRC network this uses the new RRPC command:
:<server> RRPC <REQ|RES> <source> <destination> <requestid> [S|C|F] :<request data>
A request looks like this (assuming it is short):
:001 RRPC REQ 001ABCDEF 002 abc SF :..this is the json request...
And then the response (assuming it is long) is like:
:001 RRPC REQ 001ABCDEF 002 abc S :..this is the json response...
:001 RRPC REQ 001ABCDEF 002 abc C :..more...
:001 RRPC REQ 001ABCDEF 002 abc C :..more...
:001 RRPC REQ 001ABCDEF 002 abc F :..and that was it.
There is currently no request/response limit, it is limited by memory.

Right now the only call using this is server.module_list when called
with a param of "server":"some.remote.server"
2023-01-13 12:45:51 +01:00
Bram Matthys 07d2b6745b JSON-RPC: add server.module_list - only works for locally connected server atm 2023-01-13 09:46:02 +01:00
Bram Matthys a024a17e87 Add strtoken_noskip() and use it from the PROTOCTL EAUTH= code
so we can deal with empty fields that get sent f.e. by anope,
like EAUTH=services.test.net,,,Anope-2.0.11

Apparently this is similar to strsep(), or actually hypothetical
strsep_r(), a function which does not seem to exist.
2023-01-13 08:56:34 +01:00
Bram Matthys aa2d3c026e JSON-RPC: add server.disconnect 2023-01-11 17:08:34 +01:00
Bram Matthys d6833ae298 JSON-RPC: add server.connect API call
(directly connected server only at the moment)
This also cleans up the linking procedure (now) at 3 places,
to use find_link() and check_deny_link() everywhere.
2023-01-11 16:54:22 +01:00
Bram Matthys 0578346b12 Make server.rehash work for remote servers too, just no real status atm. 2023-01-11 16:24:50 +01:00