1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-02 21:13:12 +02:00
Commit Graph

415 Commits

Author SHA1 Message Date
Bram Matthys 9e2f16db9e warn_unused was a good idea once, but doing more harm than good at this point.
Too many useless warnings and no easy way to ignore the result.
2018-04-22 16:11:27 +02:00
Bram Matthys bb4758f321 Add strldup() and safestrldup(), reducing ridiculous amount of code in
m_pass and m_topic.c when duplicating strings with a length limit.
+/* strldup(str,max) copies a string and ensures the new buffer
+ * is at most 'max' size, including nul byte. The syntax is pretty
+ * much identical to strlcpy() except that the buffer is newly
+ * allocated.
+ * If you wonder why not use strndup() instead?
+ * I feel that mixing code with strlcpy() and strndup() would be
+ * rather confusing since strlcpy() assumes buffer size including
+ * the nul byte and strndup() assumes without the nul byte and
+ * will write one character extra. Hence this strldup(). -- Syzop
+ */
2018-04-22 15:40:21 +02:00
Bram Matthys 61f40a59a7 Remove unused events.h 2018-04-22 14:36:21 +02:00
Bram Matthys d5d446c38d More code cleanups to get rid of useless casts and other useless
structures such as:
-       lp->value.cp = (char *)MyMalloc(strlen(mask) + 1);
-       (void)strcpy(lp->value.cp, mask);
+       lp->value.cp = strdup(mask);
2018-04-22 14:28:22 +02:00
Bram Matthys 74009b88ba Cleanup of init_sys(): remove old stuff for ancient OS's.
On *NIX now always redirect stdin, stdout and stderr to /dev/null for
safety and to prevent any ssh hanging as reported by mbw (#5087).
This code needs some testing on non-Linux though it should be all
POSIX, unless I missed something... :)
2018-04-21 20:12:23 +02:00
Bram Matthys 9f18118f76 Fix './unrealircd reloadtls' not reloading certificates/keys if
listen::ssl-options, sni::ssl-options or link::outgoing::ssl-options
are used. In short: it only reloaded the ones from set::ssl until
now. Bug reported by Mr_Smoke (#5072)
2018-03-25 13:22:19 +02:00
Bram Matthys 40293aaaa7 Move charsys definitions from .h to charsys.c & add some fwd decl 2017-11-27 12:32:14 +01:00
Bram Matthys b5b01c5263 Modularize charsys (set::allowed-nickchars). It's still a mandatory
module but at least the code can be updated on the fly (or replaced
with some other secondary alternative module in the future).
src/charsys.c -> src/modules/charsys.c
This also means everyone needs to load the modules/charsys module.
2017-11-27 11:24:25 +01:00
Bram Matthys e3b91f8b94 Added UTF8 support in set::allowed-nickchars
See https://www.unrealircd.org/docs/Nick_Character_Sets
Example: set { allowed-nickchars { latin-utf8; }; };
Important remarks:
* All your servers must be on UnrealIRCd 4.0.17 (or later)
* Most(?) services do not support this, so users using UTF8 nicknames
  won't be able to register at NickServ.
* In set::allowed-nickchars you must either choose an utf8 language
  or a non-utf8 character set. You cannot combine the two.
* You also cannot combine multiple scripts/alphabets, such as:
  latin, greek, cyrillic and hebrew. You must choose one.
* If you are already using set::allowed-nickchars on your network
  (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'):
  * Your clients may still assume non-UTF8
  * If users registered nicks with accents or other special characters
    at NickServ then they may not be able to access their account
    after the migration to UTF8.

[!] Work in progress [!]
2017-11-25 21:12:41 +01:00
Bram Matthys d63bc7e187 Module API: New function is_module_loaded("name"): return 1 / 0 2017-11-20 09:43:43 +01:00
Bram Matthys e1af5ae6c5 Move AllowClient/check_client/check_init to m_nick module
(apparently one of the previous commits was partial)
2017-11-17 10:45:54 +01:00
Bram Matthys 16faccb777 Add support for 'spki' authtype. Example:
password "AHMYBevUxXKU/S3pdBSjXP4zi4VOetYQQVJXoNYiBR0=" { spkifp; };
This value will stay the same even for new SSL/TLS certificates,
as long as the key stays the same. This can be useful in case of
Let's Encrypt (if you use a tool that keeps the same key, that is,
certbot does not at the moment). Suggested by grawity (#5014).

Also make auth type 'sslclientcert' available as 'cert' and
make 'sslclientcertfp' available as 'certfp'.
2017-10-09 12:28:08 +02:00
Bram Matthys 5c7d89a642 Add support for "CAP extended-join". 2017-10-07 18:33:25 +02:00
Bram Matthys 5124e60b7c Add "CAP chghost" support. Internal recode of userhost changes.
Fix force-rejoin not working if doing SVSMODE -x/+x (Koragg, #5015).

Note to module coders:
Please use the following procedure in case of an user/host change:
* userhost_save_current(acptr);
* << change username or hostname here (or both) >>
* userhost_changed(acptr);
This function will take care of notifying other clients about
the userhost change, such as doing PART+JOIN+MODE if force-rejoin
is enabled, and sending :xx CHGHOST user host messages to
"CAP chghost" capable clients.

Also, small note to everyone:
If force-rejoin is enabled we will not send the PART+JOIN+MODE to
"CAP chghost" capable clients. Doing so is just a hack to notify
people of a userhost change. "CAP chghost" users can thus benefit
from the reduced noise in this respect.
2017-10-07 13:31:30 +02:00
Bram Matthys 3d38adff4f Rename config.h setting CLIENT_FLOOD to DEFAULT_RECVQ since that is what
it is. You should simply set a class::recvq instead of changing this
in config.h.
2017-10-07 09:29:47 +02:00
Bram Matthys 5399e060fa Send CAP DEL sasl if set::sasl-server squits and CAP NEW when it returns.
(Only to cap-notify and v3.2 clients, of course)
Also fix a "bug" where sts parameters were not shown in CAP NEW tls.
2017-09-30 15:19:29 +02:00
Bram Matthys ac65e32a26 Add CAP v3.2 support. Add 'cap-notify' support.
Delete CAP CLEAR as it's use is discouraged (too much trouble).
Delete CAP ACK (from client2server) as this is only for CAP's with
ack modifiers. This is something we don't use, and which has been
deprecated in v3.2 of the spec.
2017-09-30 14:34:06 +02:00
Bram Matthys 08bc61ec00 We now refuse to enable SSL/TLS with weak ciphers: DES, 3DES, RC4. 2017-09-06 08:21:14 +02:00
Bram Matthys 1faa91ed0e Add helper function plaintextpolicy_valtochar(). 2017-09-02 15:49:02 +02:00
Bram Matthys 199a7e162d Make new functions more generic and use it from crash reporter so
people with older OpenSSL libraries (and LibreSSL) benefit from
the hostname validation code there as well.
2017-09-01 17:28:49 +02:00
Bram Matthys ac66a0fe12 Add hostname verification code from ssl conservatory & curl
(will be used in next commit)
2017-09-01 17:02:36 +02:00
Bram Matthys d53d46fce4 Add set::plaintext-policy block by which you can warn or deny user connections,
ircop /OPER attempts and incoming server linking attempts from connections
that are not encrypted with SSL/TLS.
Documentation: https://www.unrealircd.org/docs/Set_block#set::plaintext-policy
2017-08-16 19:39:28 +02:00
Bram Matthys 0b5e46cd23 Fix extban_conv_param_nuh not marked as extern. Reported by Gottem (#4975) 2017-08-15 12:08:11 +02:00
Bram Matthys 74d5f380dd A /REHASH from a WebSocket connection would cause a crash (requires
IRCOp privileges). This is a rather technical issue, we now simply
reject the rehash. See comments in code for more information.
2017-08-10 09:02:05 +02:00
Bram Matthys 455420afc1 SNI-specific sts-policy is now possible. (As recommended by IRCv3 draft spec) 2017-08-09 15:39:52 +02:00
Bram Matthys b2129205f9 Added support for the "Server Name Indication" (SNI) SSL/TLS extension.
See https://www.unrealircd.org/docs/Sni_block
Requested in #4380 by Eman.
2017-08-09 12:00:04 +02:00
Bram Matthys e62ea1dedd Module coders: added two functions to search for user modes:
has_user_mode(acptr, 'i'): returns 1 / 0
find_user_mode('i'): returns the user mode (as 'long')

extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
2017-03-26 15:40:36 +02:00
Bram Matthys ec9db8fd5f Move match_user() to module (efunc in m_tkl) 2017-03-18 15:00:34 +01:00
Bram Matthys e0130ab0b6 Fix silly crash issue. 2017-02-10 14:28:32 +01:00
Bram Matthys 1f1ac6c4ee Less duplicate code: add internal function invisible_user_in_channel()
and remove many calls to HOOKTYPE_VISIBLE_IN_CHANNEL + flag checking.
2016-12-27 20:22:12 +01:00
Bram Matthys 99e087d50c Remove temporary workaround and actually fix stuff in QUIT for delayjoin. Add new function user_can_see_member()... 2016-12-27 20:02:35 +01:00
Bram Matthys 79ed5694b2 split part of read_packet() off to new function process_packet().
This will later be used by a new feature.
2016-11-30 08:18:56 +01:00
Bram Matthys f2d21943fe Bump version to 4.0.7-rc1 2016-09-30 15:53:36 +02:00
Bram Matthys e586b5457c * Prevent flood from unknown connection 2016-07-28 15:09:47 +02:00
Bram Matthys f98a5e69dc When: 1) IPv6 functionality is enabled, and
2) link::outgoing::bind-ip is an IPv4 address, and
3) link::outgoing::hostname is a hostname, and
4) this hostname has both A and AAAA records,
then connect by IPv4 only, which is what the user expects (#4615).
2016-04-03 09:55:51 +02:00
Bram Matthys 3389a99ae1 Get rid of some warnings on Windows (use more CMD_FUNCs & externs for it). 2016-03-11 14:22:07 +01:00
Bram Matthys b3c371ddf4 Add './unrealircd reloadtls' to reload SSL/TLS certificates and keys.
Suggested by Bob_Sheep (#4537) to aid the usage of Let's Encrypt.
Note that this is the same as doing '/REHASH -ssl' on IRC.
2016-01-13 11:37:17 +01:00
Bram Matthys dd31542e2c Use UID's in MD commands. Add functions / remove duplicate code. Modularize various functions
in src/moddata.c (move them to src/modules/m_md.c as per TODO). Looks good but more testing warranted.
2016-01-03 12:18:55 +01:00
Bram Matthys 208f4a504b SSL Fingerprint wasn't broadcasted correctly to other servers. For Unreal this only affected WHOIS since
extban +e/+I ~S:xxx worked fine (only checked locally). But this also prevented services from being
informed, IOTW: services could not make use of this new certfp feature yet.
2016-01-03 10:28:15 +01:00
Bram Matthys 34b9797ffc Add buildvarstring() function and make blacklist module support %ip and %server variables in reason field. Suggested by blank (#4507). 2015-12-28 19:03:05 +01:00
Bram Matthys f04e95376b /LIST never finished if more than 50-100 channels (#4473). Oh neno... does it ever stop? 2015-12-09 19:42:50 +01:00
Bram Matthys f6a58b60af Added workaround for "Cannot accept connections: Operation not supported" problem (#4469). 2015-12-09 17:44:54 +01:00
Bram Matthys f6837d0202 Add has_channel_mode(chptr, 'X') for modules.
Since many channel modes are modular now you can't simply check chptr->mode.mode & SOME_MODE, instead use this function ;)
2015-10-17 19:51:59 +02:00
Bram Matthys b428f9b3a3 Windows: wircd.exe -> UnrealIRCd.exe. unreal.exe -> unrealsvc.exe. And some more name changes. 2015-10-11 17:44:49 +02:00
Bram Matthys 69a121278f De-duplicate code. Make sendto_serv_butone_nickcmd() use sendto_one_nickcmd(). Fixes bug reported by Adam. 2015-09-12 11:16:02 +02:00
Bram Matthys 15469cae2e Send version information in SERVER command like before (VL). Expand PROTOCTL EAUTH.
PROTOCTL EAUTH=servername,protocolversion,flags,unrealversiontext
This makes deny link { } work again and gives a bit more information too.
Bug reported by GLolol (#4408).
2015-09-05 12:06:55 +02:00
Bram Matthys f211a5424a Accept relative path if you boot the binary with -f cfgfile 2015-08-30 09:50:47 +02:00
Bram Matthys ad23afc81f Improve (error) messages shown on console while booting. Fatal boot errors are now shown on the console, no need to check ircd.log. 2015-08-10 21:50:23 +02:00
Bram Matthys fb157899dc Implemented #1613: When doing a remote /REHASH show the rehash result (such as warnings and errors encountered). 2015-08-09 16:18:27 +02:00
Bram Matthys e627d3682c pass by ref instead of pass by value for chmode_str() 2015-07-29 16:03:25 +02:00