1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-06 19:03:13 +02:00
Commit Graph

9910 Commits

Author SHA1 Message Date
Bram Matthys d2ccba80c5 Moddata fixes: LoadPersistent*()/SavePersistent*() and removing mdata.
The LoadPersistent*()/SavePersistent*() functions caused moddata to be
tagged with ->unloaded=1. Though it seems it caused no real issues this
is not good... we now properly tag them as 0 and the like. Also did a
code cleanup / overhaul on that system as well.

For other ModData we now handle the case where a module is loaded with
with a newer version and that newer version is no longer having certain
moddata, eg the name changed or it no longer needs it.
KNOWN ISSUE:
Unfortunately we cannot call the free function for the old moddata that
is no longer being handled by the newer version of the module, since the
module is already unloaded. So this will result in a memory leak, but
not in a crash.

KNOWN ISSUE:
Similarly, for SavePersistentPointer() there is a free function, again
this is called just fine if the module is permanently unloaded but NOT
if the module is reloaded with the same name and no longer is interested
in the persistent pointer object. Again, here too, that would result
in a memory leak but not in a crash.

Fortunately the "known issues" are rare. Fixing these is impossible
with the current module API because modules are unloaded after MOD_TEST
and before MOD_INIT, and only after MOD_INIT we know which moddata
is handled by the new version of the module. To change that we would
need to keep the old module around until after MOD_INIT of the new
module (so we can call free functions in the old module), but that
means delaying the MOD_UNLOAD for the old modules until after MOD_INIT
of the new modules, which changes the sequence too much that i don't
dare to do that. For example, it would mean a database save routine
in the old module would only be called after MOD_INIT finished in the
new module, which may be unexpected since right now MOD_UNLOAD is
called before MOD_INIT and maybe the db loading is done in MOD_INIT,
which would need to be moved to MOD_LOAD. That's just one example,
there may be others. I think such a change can only be done on a major
UnrealIRCd version change, so we will have to live this for now.
As said, fortunately it is a corner case.
2023-11-10 10:08:50 +01:00
Bram Matthys ffbf34fb15 Fix ModData bug when unloading a module for good: iterate unknown_list.
When a module was unloaded (for good) that used MODDATATYPE_CLIENT
or MODDATATYPE_LOCAL_CLIENT we walked the client_list/lclient_list
and freed the moddata entry for all these clients, but we did not
walk the unknown_list, so connections in process.
That's bad, because sometimes such moddata is allocated in
HOOKTYPE_HANDSHAKE or in other routines pre-connect and since
we skipped freeing them while the module was still loaded, it
means we leak memory since it is also not freed on user exit.

Since unloading modules permanently is not a common procedure,
combined with the timing of it happening during a handshake, it
took a while before this issue was found (and then easily fixed).

There's also another moddata issue, but that is for next commit.

[skip ci]
2023-11-10 08:09:36 +01:00
Bram Matthys ec4e1d95d8 Don't ask to generate TLS certificate if one already exists.
This is how it always was, but recent commit
f756b7bea6 caused prompting.
2023-11-04 09:38:00 +01:00
Bram Matthys 0e7ef37a5e Detect getsockopt TCP_INFO on FreeBSD and get rid of unnecessary other check
On FreeBSD one of the fields is slightly different, that's all it seems.

This improves 099e99504f
2023-11-01 17:00:46 +01:00
Bram Matthys 7468018a7d Make $client.details follow the ident rules in the handshake too.
Post-handshake this was working fine, but before register_user() it was
always using nick!user@host, never using the ident and never ~ prefixing.

Now it just uses the usual rules that we have, which are: prefixing
with a ~ if ident lookups are enabled and failed, and without a ~
prefix if ident lookup succeeded or set::options::identd-check is off.

Reported by k4be.
2023-10-29 07:05:12 +01:00
Bram Matthys 75a55de785 Make deny channel { } support escaped sequences like channel "#xyz\*";
This so you can match a literal * or ? via \* and \?

And do the same for allow channel { }.

This can break current configs if you have a deny channel for a channel
with a slash in it, since a \ which already sortof needed to be \\ in
the config file, now needs to be \\\\ (doesn't that look great?).
Fortunately slashes are not really common in channel names, let alone
deny channel { } configuration.
2023-10-25 19:49:34 +02:00
Bram Matthys f2f11a4637 Reserve more file descriptors. Eg when 10.000 are available, reserve 250.
Since 10k+ fd's available is the common situation, this means we then have
250 fd's reserved for non-clients, such as HTTPS callbacks and other things.

Previously:
<1024: reserve 4 fd's
1024+: reserve 8 fd's

Now:
<1024: reserve 8 fd's
1024-2047: reserve 16 fd's
2048-10000: reserve 32 fd's
10000+: reserve 250 fd's
2023-10-25 12:08:52 +02:00
Bram Matthys 7649520f63 Fix HOOKTYPE_IS_HANDSHAKE_FINISHED not called at two places where
register_user() is called.
2023-10-23 19:02:03 +02:00
Bram Matthys 099e99504f Make autoconf check for getsockopt TCP_INFO and define HAVE_TCP_INFO
At the moment only for third/centralblocklist

Also bump #define UNREAL_VERSION_TIME    202343
2023-10-23 10:35:15 +02:00
Bram Matthys 5b7e375213 Limit operclass name to a-zA-Z0-9_- and use the same validation in ~operclass extban.
This fixes the issue where +e/+I ~operclass:name gets cut off if the
name contains any digits.

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6353

Also, we previously allowed any characters in the operclass, which is not
a great idea.
2023-10-23 09:51:01 +02:00
Bram Matthys 2e9811ba47 Send central-blocklist hits globally 2023-10-21 16:02:06 +02:00
Bram Matthys a01e77c664 Fix a compile problem on 32-bit archs.
(well not really fix, but move it behind a DEBUGMODE ifdef)
2023-10-13 08:15:36 +02:00
Bram Matthys ac5ba1cfba Fix some markup in release notes
[skip ci]
2023-10-13 07:48:33 +02:00
Bram Matthys 1347ffad1d ** UnrealIRCd 6.1.2.3 ** 2023-10-13 07:45:13 +02:00
Bram Matthys b085da458a Fix ::exclude-security-group not working.
Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6350
2023-10-12 18:46:18 +02:00
Val Lorentz a906131689 url_unreal: Fix build (#262)
Broken by 9a6a06b63f
2023-10-12 05:12:56 +00:00
Bram Matthys a04295c588 Add set::dns and increase DNS timeout for DNSBL (3000ms first, then on retry 6000ms).
This is quite a bit higher than client DNS lookups (1500ms first, on retry 3000ms)
and is because some DNSBL are reported to be quite a bit slower than ordinary DNS.
(Maybe just some, but.. the higher timeout does not hurt anyone anyway)

Note that all this has no effect on client handshake times, as DNSBL checks are
done in the background. Only side-effect is that if we do get a "late hit" then
you may now see a kill a few seconds after the client is online (which was actually
already possible before too for quick clients, but.. yeah...)

These settings can be overriden via set::dns, these are the defaults:

set {
        dns {
                client {
                        timeout 1500;
                        retry 2;
                }
                dnsbl {
                        timeout 3000;
                        retry 2;
                }
        }
}

When you REHASH we will check if the values are different than the current
c-ares settings and if so, reinitialize the resolver. Reinitializing the
resolver will destroy outstanding DNS requests, eg DNS lookups for clients
currently connecting, but so be it. Not a super-huge issue since changing
this is rare.

Requested by BlackBishop in https://bugs.unrealircd.org/view.php?id=6306
2023-10-11 19:04:06 +02:00
Bram Matthys 9a6a06b63f Split resolver channel into two: client & dnsbl 2023-10-11 18:08:26 +02:00
Bram Matthys b2030b1a6f Fix UTF8 not working in spamfilter { } blocks, only after the first REHASH.
With error messages about it possibly but also possibly not (silently failing).

This is actually quite bad because when the ircd is running, you could
happily add spamfilters with UTF8 like stuff, REHASH fine, but if you
then restart the IRCd would fail to boot due to a config error.

Reported by BlackBishop.
2023-10-08 18:33:27 +02:00
Bram Matthys c135b71fa3 Fix possible REHASH crash in some circumstances (also in 6.1.*)
If you make a parser mistake in the config file, like a missing semicolon,
then under some circumstances the server may crash. Not always, it seems,
which explains why this bug is not reported that much.
2023-10-07 18:39:49 +02:00
Bram Matthys 552d72cbaa ** UnrealIRCd 6.1.2.2 ** 2023-10-06 09:37:51 +02:00
Bram Matthys 59c11d8b23 Add support for "REHASH -centralspamfilter" (alias "REHASH -cs") to force
an immediate fetch+load of central spamfilter rules, so you don't have
to wait an hour (or whatever is configured).
2023-10-06 08:49:43 +02:00
Bram Matthys 25d1bdfbf5 Make central spamfilters show in STATS spamfilter as "-centralspamfilter-"
rather than "-config-". Suggested by Lord255.
[skip ci]
2023-10-06 08:29:19 +02:00
Bram Matthys 1741da6d2a Fix another instance of "STATS spamfilter" accidentally containing spaces
When using multi-targets like spamfilter { action { report; block; } }
it would output in stats like "report, block". Now changed to "report,block"
2023-10-06 07:44:24 +02:00
Bram Matthys 45002eeb6f Fix STATS output for config-based spamfilters with reasons with spaces.
For config-based spamfilters, the reason was not escaped, meaning that
spaces and underscores did not work as expected.
For example, in "STATS spamfilter" the spaces were displayed as-is
which means that the numeric output was not really parsable.

Apparently this bug exists since UnrealIRCd 5 already...
2023-10-06 07:36:26 +02:00
Bram Matthys 25d5a2ac64 Fix possible crash on SETNAME with spamfilter 'u'.
[skip ci]
2023-10-06 07:19:04 +02:00
Bram Matthys 3d9233baab Fix tkldb storing (and restoring) central spamfilters.
These should not be in tkldb, just like config-based spamfilters are not.
2023-10-06 07:08:22 +02:00
Bram Matthys 43240e4557 Don't allow central spamfilter without 'reason' 2023-10-06 07:00:44 +02:00
Bram Matthys 8398c8cd8d Don't crash when reading spamfilters from tkldb that don't compile (anymore).
For example, because of a different version of PCRE2, or because of the switch
from non-UTF8 to UTF8 (or vice versa) which disallows certain byte sequences.
2023-10-05 17:37:06 +02:00
alice 1d34753f18 Fix minor compiler warning on conflicting types for Auth_Hash (PR #261)
auth.c:569:13: error: conflicting types for 'Auth_Hash' due to enum/integer mismatch; have 'const char *(AuthenticationType,  const char *)' [-Werror=enum-int-mismatch]
  569 | const char *Auth_Hash(AuthenticationType type, const char *text)
In file included from include/unrealircd.h:32, from auth.c:21:
include/h.h:547:26: note: previous declaration of 'Auth_Hash' with type 'const char *(int,  const char *)'
  547 | extern const char       *Auth_Hash(int type, const char *para);
2023-10-05 05:43:17 +00:00
Bram Matthys 931eea475c ** UnrealIRCd 6.1.2.1 ** 2023-10-04 10:22:43 +02:00
Bram Matthys 088d2595d5 Fix crash on REHASH with crule (such as spamfilter::rule).
This happens when !, || or && are used, though the exact requirements
for the crash may also require a function with arguments.

Reported by BlackBishop.
2023-10-04 10:14:09 +02:00
Bram Matthys a780968dee ** UnrealIRCd 6.1.2 ** 2023-10-04 07:11:36 +02:00
Juest Zungo 1705baeb2f Add Windows .gitignore files (#260) 2023-10-04 05:11:12 +00:00
PeGaSuS b5687eb047 Update help.conf (#259)
Added missing action type "~flood"
2023-10-04 05:10:17 +00:00
Bram Matthys 87295deb67 Remove client->local->next_nick_allowed which is unused nowadays.
It was moved to the generic anti-flood framework which is
FloodCounter flood[MAXFLOODOPTIONS];
2023-10-02 14:26:01 +02:00
Bram Matthys f2216fc6c1 Call fd_unnotify() on SetDeadSocket(), since we don't care anymore. 2023-10-02 14:25:24 +02:00
Bram Matthys 9955e32781 Add small caveat for limited score bumping (running mixed net)
[skip ci]
2023-09-23 12:02:31 +02:00
Bram Matthys 31fa1340c7 Almost forgot version bump in setup.h
[skip ci]
2023-09-23 11:46:53 +02:00
Bram Matthys 64a8608a0f ** UnrealIRCd 6.1.2-rc2 ** 2023-09-23 11:40:31 +02:00
Bram Matthys 52d36943b5 Update release notes
[skip ci]
2023-09-23 10:52:29 +02:00
Bram Matthys 311f7397f5 Fix NULL pointer crash due to reputation code changes from yesterday 2023-09-18 09:19:53 +02:00
PeGaSuS 53c3ae6403 Update account extban in help.conf (#254)
Specify the use of `~account:*` and `~account:0` on the usage of ~account extban on the helpop output.
2023-09-17 10:14:32 +00:00
Bram Matthys b234e13358 Don't bump reputation scores anymore for users who are in no channels or
when they are only in channel(s) with very low member counts.

This because some typical bot/drone behavior is not to join any channels.
This kinda forces them to expose themselves a bit more (and if they don't,
they don't get more reputation).

The downside is for the unusual case where a legit chatter would be on
the network but not joining any channels, but that is rare. In any case,
this setting can be adjusted if that is typical or more normal behavior
on your network :D.

* The [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  of connected users (actually IP's) is increased every 5 minutes. We still
  do this, but only for users who are at least in one channel that has 3
  or more members. This setting is tweakable via
  [set::reputation::score-bump-timer-minimum-channel-members](https://www.unrealircd.org/docs/Set_block#set::reputation).
  Setting this to 0 means to bump scores also for people who are in no
  channels at all, which was the behavior in previous UnrealIRCd versions.
2023-09-17 11:47:34 +02:00
Bram Matthys 4e070b8034 Use client:set:reputation oper privilege for latest change
[skip ci]
2023-09-17 09:58:21 +02:00
Bram Matthys f3538f07d9 Support setting of reputation via /REPUTATION <nick|ip> <value>
Useful for testing and.. well.. perhaps other things.
2023-09-17 09:55:59 +02:00
Bram Matthys 97630b4717 Allow setting reputation in https://www.unrealircd.org/docs/Actions via
action { set REPUTATION--; } and similar.

Also enhancement to reputation S2S traffic, to support decreasing:
  *
+ * Since UnrealIRCd 6.0.2+ there is now also asterisk-score-asterisk:
+ * :server REPUTATION 1.2.3.4 *2*
+ * The leading asterisk means no reply will be sent back, ever, and the
+ * trailing asterisk will mean it is a "FORCED SET", which means that
+ * servers should set the reputation to that value, even if it is lower.
+ * This way reputation can be reduced and the reducation can be synced
+ * across servers, which was not possible before 6.0.2.
+ *

So if you are actually decreasing reputation, you need all servers on
6.0.2 or higher for it to work properly, otherwise the other servers
don't decrease it, and next connect the highest wins again, etc.
2023-09-17 09:39:55 +02:00
Bram Matthys d862196d04 Update example.conf with Windows commands for mkpasswd/gencloak/spkifp
These work since UnrealIRCd 6.0.2.
2023-09-13 19:50:24 +02:00
Bram Matthys 55eaa7bbea Add set::blacklist::recheck-time 'never' to disable rechecking and document
this and blacklist::recheck.
2023-09-09 11:20:32 +02:00
Bram Matthys ddf6dea22d Add blacklist::recheck to skip a dnsbl from rechecks.
Suggested by BlackBishop in https://bugs.unrealircd.org/view.php?id=6307
2023-09-09 11:09:01 +02:00