1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 19:43:12 +02:00
Commit Graph

5565 Commits

Author SHA1 Message Date
Bram Matthys c51a3d96be Add support for arabic-utf8 in set::allowed-nickchars. Supplied by Sensiva
in https://bugs.unrealircd.org/view.php?id=3734
2021-09-22 09:20:19 +02:00
Bram Matthys 41d8a13b19 Fix crash in set::server-linking::autoconnect-strategy sequential-fallback
when a remote server links to another server.
2021-08-08 15:56:29 +02:00
Bram Matthys 0593dc4b73 Allow SVSLOGIN also if set::sasl-server is not set.
Because yeah... why not.
2021-07-15 10:30:23 +02:00
k4bek4be c5a6f3c549 Make CHATHISTORY subcommands case-insensitive. (#157) 2021-07-11 09:24:56 +02:00
Ramiro Bou 0985728662 Adding sequential-fallback autoconnect strategy (#151)
After successful server connection it will restart from the beginning of the link blocks again.
2021-07-11 09:24:14 +02:00
Val Lorentz 67bfd41e44 chathistory: Use more explicit messages on INVALID_TARGET failure message (#150) 2021-07-11 09:09:18 +02:00
Bram Matthys d726c3aadd Bump version to 5.2.2-git as this is git / work in progress. 2021-07-10 10:03:46 +02:00
Bram Matthys d3c98c73c2 Fix issue where saslmechlist could not be set by services server.
This broke SASL services autodetection and also sasl=x,y,z in CAP.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5960

Of course the easiest solution would be just to set .remote_write=1
for this, which is what I've just done for the 5.2.1.1 release.
But there seems to be a pattern here. When a server wants to write
its own object (irc1.example.net writing to the MD object of
irc1.example.net) we have the problem that that object is both
"our client" and from the other server POV it is "themselves".
On one hand you may want to allow that (eg for 'saslmechlist'), on
the other hand a server writing its own 'certfp' sounds like a bad
idea in principle.
So we now add a new option for the 'self' case and make some MD
objects use it. In fact, in the core we now have zero MD objects
using remote_write. We keep the option available though, for example
for k4be's geoip modules and possibly future features.

Module API change:
* .self_write added which allows a server to write to its own object
  (irc1.example.net writing to the MD object of irc1.example.net)
* .remote_write still exists too if you want to allow remote servers
  to write to your own objects
* Note that in all cases, servers can always write to their own
  (child) client objects.

Changes:
* The link-security MD changed from .remote_write=1 to .self_write=1
* The salmechslist MD now has .self_write=1, this fixes the actual bug
2021-07-10 09:14:18 +02:00
Bram Matthys 8322a48026 ** UnrealIRCd 5.2.1 ** 2021-07-08 17:42:52 +02:00
Bram Matthys b398c3d101 Change default exempt from 127.* to 127.0.0.0/8 so it does not match
arbitrary hosts that have a host starting with "127.". A rather stupid
oversight on my part, really.

In the meantime, if this happens, then you can still resort to using
ZLINE/GZLINE as a workaround to ban such a user. (The exemption won't
match against the host because DNS lookups are not done for zlines)

Reported by armyn in https://bugs.unrealircd.org/view.php?id=5957
2021-07-07 09:21:17 +02:00
Bram Matthys 94993a03ca ** UnrealIRCd 5.2.1-rc1 ** 2021-07-03 14:42:34 +02:00
Bram Matthys 1d62ca1153 Send account tag to recipient on INVITE.
Reported by ProgVal in https://bugs.unrealircd.org/view.php?id=5951
2021-07-03 14:18:15 +02:00
Bram Matthys 527726be41 Take message tags into account when calculating fake lag.
This was more of a oversight because the cmdbytes calculation happens
in a different function after message tags have already been processed.
Also, wasn't really important up to now since we only allow quite short
tags at the moment.

Instead of just counting these in cmdbytes, as would be the most logical
and easiest fix, we use a different strategy:
We use a separate counter for message-tags so clients benefit from the
"rounding down rule". In other words: the first xyz bytes give you
no extra penalty compared to before (eg they are "free"). Useful for
clients who use eg @label heavily.
By default this is 90 bytes for unknown-users and 180 bytes for
known-users. See lag-penalty-bytes in set::anti-flood.
2021-07-03 09:33:19 +02:00
Bram Matthys ee9db59d36 Fix two more small memory leaks on REHASH.
Now we are at zero leaks again with ASan, or so it seems.
2021-07-02 11:42:58 +02:00
Bram Matthys 12299b45bf Fix small memory leak on REHASH (<1kb): free set::anti-flood block 2021-07-02 10:56:51 +02:00
Bram Matthys abaed84190 Order CHATHISTORY TARGETS response in descending order (newest first)
https://bugs.unrealircd.org/view.php?id=5904
2021-07-02 10:42:40 +02:00
Bram Matthys 35f8598f3f Fix crash if using persistent channel history: if you had ANY rehash error
(often completely unrelated to channel history) and you then rehashed again
UnrealIRCd would crash. Reported by gh0st.
May be the same issue as reported by adamus1red in
https://bugs.unrealircd.org/view.php?id=5943

This has to do with SavePersistentPointer/LoadPersistentPointer calls
which normally work fine but this particular module uses it in MOD_TEST
causing a certain sequence of events causing a double free or read-
after-free if you do it slightly differently.
2021-07-02 09:16:58 +02:00
Bram Matthys 696d5f05fb Last argument in fd_open() is now used to indicate what should be done on a
later fd_close() call. This also removes fd_map() since fd_open w/FDCLOSE_NONE
now does that.

* If you use fd_socket() or fd_accept(), then no change.
  When fd_close() is called we call close() on *NIX and closesocket() on Win.
* If you use fd_fileopen(), then no change.
  When fd_close() is called we will call close() on both *NIX and Win.
* If you used fd_open() and then fd_unmap() because you didn't want us
  to close the socket, then use fd_open() with FDCLOSE_NONE and
  just call fd_close() instead of fd_unmap().
  We will not actually close the fd in fd_close() (FDCLOSE_NONE).
* If you called fd_open() with other intentions then either specify a
  FDCLOSE_SOCKET / FDCLOSE_FILE as the last argument, or more likely:
  don't use fd_open() at all and use fd_socket() or fd_fileopen() instead.

For reasons on this change, see previous patch. This way is more sane and
makes it harder to make mistakes even beyond Windows-specific issues.
2021-06-30 11:33:46 +02:00
Bram Matthys 329f48334c I/O engine: track if a fd is a file or socket, needed for Windows.
This fixes a file descriptor leak in Windows that happened in the
logging code. The most visible effect of this was if you had a
log::maxsize set then on Windows you would see:
"Max file size reached, starting new log file"
Every other line, forever (and not actually starting a new log).

fd_close() previously did not close the file descriptor of a file
on Windows because on Windows it needs to call close() for a file
and closesocket() for a socket, and it always did the latter.
On *NIX it's more easy and you can just always close() any fd.
2021-06-30 11:06:44 +02:00
Bram Matthys a44b1cb63e Fix ./unralircd genlinkblock printing out a confusing error message if
you have serversonly listen block without tls.
Reported by Valware in https://bugs.unrealircd.org/view.php?id=5945
2021-06-30 10:06:19 +02:00
Bram Matthys 0bd2cfd0fc Update file_exists() function to work with directories on Windows.
And then let's use the similar (and faster) function on Linux too.
2021-06-28 19:33:14 +02:00
Bram Matthys cf5966cce4 Call early_init_ssl() even more early, fixes './unrealircd module list'
from crashing and other symptoms.
Crash was introduced with the OpenSSL 3.0.0 changes from
a541b8f4ad, so 9 days ago.
2021-06-28 08:18:43 +02:00
Ramiro Bou 26295151a9 Add microsecond precision to TSCTL ALLTIME (#147) 2021-06-28 06:27:02 +02:00
Bram Matthys c667662e9b Windows: Allow UnrealIRCd to be terminated gracefully (without prompt)
via taskill /im unrealircd.exe. Needed for BuildBot.
2021-06-27 19:21:56 +02:00
Bram Matthys 30155ddd7c Only call reinit_tls() when rehashing. 2021-06-27 17:22:15 +02:00
Bram Matthys 79740c4a38 Make "REHASH" and ./unrealircd rehash also run the same code as "REHASH -tls",
if on OpenSSL 1.1.1 or later.

We trust OpenSSL 1.1.1 and later to be good enough to handle all
the reference counting and freeing nowadays, which is something that
was not done correctly in (much) older OpenSSL versions, leading
to crashes on one hand and on memory leaks on the other hand.

In OpenSSL 1.1.0 and earlier we do not rehash tls on simple "REHASH",
since that code has not been vetted. However, nobody should be
running those old OpenSSL versions anyway, since they are out of
official OpenSSL support.
2021-06-27 15:38:40 +02:00
Bram Matthys a8e52fdead Bump sjoin module version to 5.1
[skip ci]
2021-06-27 07:41:21 +02:00
Bram Matthys c37c965506 Fix SJOIN not properly propagated due to a copy-paste error in the SJSBY
vs non-SJSBY code. Reported by puckipedia in
https://bugs.unrealircd.org/view.php?id=5934
2021-06-27 07:39:02 +02:00
Bram Matthys 2afc57aa38 Use IsLoggedIn() macro everywhere where possible.
Based on previous reports and patches from k4be in
https://github.com/unrealircd/unrealircd/pull/129

Looks much cleaner now.

This also filters out the edge case where user_account_login()
could have been called when a user transitioned from "not logged in"
to "unconfirmed account". It did not cause any issues AFAICT but
it is not really expected either.
2021-06-26 11:47:08 +02:00
Bram Matthys 68d172854d Remove IsARegNick() as we already have IsRegNick() 2021-06-26 11:19:47 +02:00
Bram Matthys 9f10fa2193 Improve error message when trying to use SASL with an unconfirmed
services account.

This adds set::authentication-prompt::unconfirmed-message with
a default of:
unconfirmed-message "You are trying to use an unconfirmed services account.";
unconfirmed-message "This services account can only be used after it has been activated/confirmed.";
See https://www.unrealircd.org/docs/Set_block#set::authentication-prompt

Note that this is only shown for services which allow SASL from
unconfirmed services account in the first place, like atheme.
Anope does not allow it, which is something that could very well
be considered 'correct' as well. In that case you would simply
get the "Authentication failed" message instead
(set::authentication-prompt::fail-message).
2021-06-26 11:03:53 +02:00
Guillaume Hérail 317b3df01e modules/tkl: Fix wrong tkl names in table (#139) 2021-06-26 09:27:55 +02:00
Ramiro Bou 4dbc1f8771 Allow remote servers to write to the link-security MD object (#145) 2021-06-25 14:50:53 +02:00
Bram Matthys 26a3444f4e Validate the UID in cmd_uid(). Reported by Valware in
https://bugs.unrealircd.org/view.php?id=5925

This does two things in cmd_uid() now:
* It checks if parameter 6 in UID is a valid UID, using valid_uid()
* It checks if the first 3 characters of the UID match the SID
2021-06-25 11:47:23 +02:00
Bram Matthys e9e2504bf4 Don't allow remote servers to write to our MD client objects by default.
Modules can still opt-in via mreq.remote_write=1 to allow it for
certain moddata.
For example, k4be may want to do this for his geoip-base module which
allows a single server to set moddata "geoip" for all connecting clients,
including remote clients.
If you are a moddata provider then you can enable it like this:
 ModDataInfo mreq;
 [..]
 #if UNREAL_VERSION_TIME >= 202125
 mreq.remote_write = 1;
 #endif
 [..]

See discussion on https://github.com/unrealircd/unrealircd/pull/142
2021-06-25 11:28:32 +02:00
Bram Matthys e80c7b5b65 Add set::anti-flood options lag-penalty and lag-penalty-sec.
This also allows known-users to execute slightly more commands per second.

For people who want their trusted users/bots to allow even more commands
per second (eg 20cmds/sec) we now have a nice FAQ item that uses this:
https://www.unrealircd.org/docs/FAQ#high-command-rate
2021-06-23 16:21:06 +02:00
Bram Matthys 28f98da5f8 Remove debug message "Checking flood_limit_exceeded()" that was logged.
This was a leftover from debugging and should not have been present
in 5.2.0. Reported by westor.
2021-06-23 16:16:47 +02:00
Bram Matthys 3fabc1ef5f New security-group::include-mask item so you can put clients into
security-groups based on masks too.
2021-06-23 13:22:17 +02:00
Bram Matthys 7779a4e353 Show git version hash id in /INFO if you are using git
Suggested in https://bugs.unrealircd.org/view.php?id=5920 by KindOne
2021-06-21 15:08:24 +02:00
Bram Matthys 9fde768201 New block set::server-linking and change autoconnect strategy to 'sequential'
* New block [set::server-linking](https://www.unrealircd.org/docs/Set_block#set::server-linking)
  * For link blocks with autoconnect we now default to the strategy
    'sequential', meaning we will try the 1st link block first,
    then the 2nd, then the 3rd, then the 1st again, etc.
  * We now have different and lower timeouts for the connect and
    the handshake. So we give up a bit more early on servers that
    are currently down or extremely lagged.
2021-06-21 14:53:35 +02:00
Bram Matthys 883a1e02ad Initial work on new set::server-linking block:
set {
        server-linking {
                autoconnect-strategy parallel;
                connect-timeout 10s;
                handshake-timeout 20s;
        }
}

Right now the only autoconnect-strategy is 'parallel', which is simply
the existing behavior since 4.x. A future commit will add other
strategies and may or may not change the default as well.

The bit that is working already is that you can now specify different
timeouts for the connect()/TLS_connect() call and for the rest of
the handshake (when the "SERVER" message is seen), this so the connect
timeout can be relatively short.

All this will be documented later in the wiki and release notes.
2021-06-21 13:23:15 +02:00
Bram Matthys 52297e24b6 Don't send "local" channel modes to remote servers.
They were already ignored in MODE by remote UnrealIRCd servers,
but this makes it so local modes (+Z and +d at the moment)
are not sent across the wire.

This also changes the channel_modes() function to have an additional
'hide_local_modes' argument. Set this to 1 if you are building a
buffer that will be sent to remote servers, otherwise use 0,
which is far more common.

Also, this will skip saving of local channel modes to channeldb
since all of these are temporary, or at the moment anyway.

Thanks to alice for reporting this bug and providing a good test
case to help fix this issue and the previous ones.
2021-06-19 17:25:26 +02:00
Bram Matthys fcc7a2cf06 Channel mode +d is local, so should be tagged as such. 2021-06-19 17:03:26 +02:00
Bram Matthys dd1f572acb The code for -d (so after -D+d) never took QUITs into account. Fun. 2021-06-19 16:59:54 +02:00
Bram Matthys 06633047a2 Remove "HCN" from 005. Nobody uses this anyway. 2021-06-19 14:14:33 +02:00
Bram Matthys a541b8f4ad Add support for OpenSSL 3.0.0 (based on -beta1)
Now compiles fine without any warnings.

Note that certificate_quality_check() is an outstanding TODO item.
2021-06-19 13:10:52 +02:00
Bram Matthys e28895c8a9 Show 'security-groups: known-users' etc in connect notice to opers. 2021-06-19 12:49:09 +02:00
Bram Matthys 6cc50d16d0 Fix security group code seeing remote users as always on TLS.
Likely not that important until now, but fix needed for next...
2021-06-19 12:47:52 +02:00
Bram Matthys 991f9f347e Allow wildcards in ~a extban, also special code for ~a:0 and ~a:*
~a:0: match all unauthenticated users
~a:*: match all authenticated users
~a:SomeUser: match only SomeUser, also allow wildcards here, even
though that is usually a very bad idea :D
2021-06-19 11:13:30 +02:00
Bram Matthys 905850a825 Bump version to 5.2.1-git and indicate this is bleeding edge 2021-06-19 10:21:46 +02:00