1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-10 08:43:12 +02:00
Commit Graph

335 Commits

Author SHA1 Message Date
Bram Matthys d2ccba80c5 Moddata fixes: LoadPersistent*()/SavePersistent*() and removing mdata.
The LoadPersistent*()/SavePersistent*() functions caused moddata to be
tagged with ->unloaded=1. Though it seems it caused no real issues this
is not good... we now properly tag them as 0 and the like. Also did a
code cleanup / overhaul on that system as well.

For other ModData we now handle the case where a module is loaded with
with a newer version and that newer version is no longer having certain
moddata, eg the name changed or it no longer needs it.
KNOWN ISSUE:
Unfortunately we cannot call the free function for the old moddata that
is no longer being handled by the newer version of the module, since the
module is already unloaded. So this will result in a memory leak, but
not in a crash.

KNOWN ISSUE:
Similarly, for SavePersistentPointer() there is a free function, again
this is called just fine if the module is permanently unloaded but NOT
if the module is reloaded with the same name and no longer is interested
in the persistent pointer object. Again, here too, that would result
in a memory leak but not in a crash.

Fortunately the "known issues" are rare. Fixing these is impossible
with the current module API because modules are unloaded after MOD_TEST
and before MOD_INIT, and only after MOD_INIT we know which moddata
is handled by the new version of the module. To change that we would
need to keep the old module around until after MOD_INIT of the new
module (so we can call free functions in the old module), but that
means delaying the MOD_UNLOAD for the old modules until after MOD_INIT
of the new modules, which changes the sequence too much that i don't
dare to do that. For example, it would mean a database save routine
in the old module would only be called after MOD_INIT finished in the
new module, which may be unexpected since right now MOD_UNLOAD is
called before MOD_INIT and maybe the db loading is done in MOD_INIT,
which would need to be moved to MOD_LOAD. That's just one example,
there may be others. I think such a change can only be done on a major
UnrealIRCd version change, so we will have to live this for now.
As said, fortunately it is a corner case.
2023-11-10 10:08:50 +01:00
Bram Matthys 75a55de785 Make deny channel { } support escaped sequences like channel "#xyz\*";
This so you can match a literal * or ? via \* and \?

And do the same for allow channel { }.

This can break current configs if you have a deny channel for a channel
with a slash in it, since a \ which already sortof needed to be \\ in
the config file, now needs to be \\\\ (doesn't that look great?).
Fortunately slashes are not really common in channel names, let alone
deny channel { } configuration.
2023-10-25 19:49:34 +02:00
Bram Matthys 5b7e375213 Limit operclass name to a-zA-Z0-9_- and use the same validation in ~operclass extban.
This fixes the issue where +e/+I ~operclass:name gets cut off if the
name contains any digits.

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6353

Also, we previously allowed any characters in the operclass, which is not
a great idea.
2023-10-23 09:51:01 +02:00
Bram Matthys a04295c588 Add set::dns and increase DNS timeout for DNSBL (3000ms first, then on retry 6000ms).
This is quite a bit higher than client DNS lookups (1500ms first, on retry 3000ms)
and is because some DNSBL are reported to be quite a bit slower than ordinary DNS.
(Maybe just some, but.. the higher timeout does not hurt anyone anyway)

Note that all this has no effect on client handshake times, as DNSBL checks are
done in the background. Only side-effect is that if we do get a "late hit" then
you may now see a kill a few seconds after the client is online (which was actually
already possible before too for quick clients, but.. yeah...)

These settings can be overriden via set::dns, these are the defaults:

set {
        dns {
                client {
                        timeout 1500;
                        retry 2;
                }
                dnsbl {
                        timeout 3000;
                        retry 2;
                }
        }
}

When you REHASH we will check if the values are different than the current
c-ares settings and if so, reinitialize the resolver. Reinitializing the
resolver will destroy outstanding DNS requests, eg DNS lookups for clients
currently connecting, but so be it. Not a super-huge issue since changing
this is rare.

Requested by BlackBishop in https://bugs.unrealircd.org/view.php?id=6306
2023-10-11 19:04:06 +02:00
Bram Matthys b2030b1a6f Fix UTF8 not working in spamfilter { } blocks, only after the first REHASH.
With error messages about it possibly but also possibly not (silently failing).

This is actually quite bad because when the ircd is running, you could
happily add spamfilters with UTF8 like stuff, REHASH fine, but if you
then restart the IRCd would fail to boot due to a config error.

Reported by BlackBishop.
2023-10-08 18:33:27 +02:00
Bram Matthys c135b71fa3 Fix possible REHASH crash in some circumstances (also in 6.1.*)
If you make a parser mistake in the config file, like a missing semicolon,
then under some circumstances the server may crash. Not always, it seems,
which explains why this bug is not reported that much.
2023-10-07 18:39:49 +02:00
Bram Matthys 59c11d8b23 Add support for "REHASH -centralspamfilter" (alias "REHASH -cs") to force
an immediate fetch+load of central spamfilter rules, so you don't have
to wait an hour (or whatever is configured).
2023-10-06 08:49:43 +02:00
Bram Matthys 942b8a604d Config file: when not using quotes, don't silently drop slashes in names/values.
In the config file, when not using quotes, a slash at the beginning of a
variable name or value was silently discarded (eg `file /tmp/xyz;` resulted
in a file `tmp/xyz`).

Reported by BlackBishop in https://bugs.unrealircd.org/view.php?id=6325
2023-09-09 09:41:47 +02:00
Bram Matthys 89e5309326 Add set::central-spamfilter::feed and update the page at
https://www.unrealircd.org/docs/Central_Spamfilter
2023-07-21 12:03:43 +02:00
Bram Matthys 11bd657e8a Fix set unknown-users { } not working
Repoerted by BlackBishop in https://bugs.unrealircd.org/view.php?id=6292
2023-07-16 12:22:16 +02:00
Bram Matthys 08cb0fc05d Move crule to a module, so we can hot-patch if needed in the future.
This is a mandatory module to load, and included in modules.default.conf.

This also meant that the crule_test() etc efunctions are available
before running config test routines, so we now have a flag for
early efuncs. I guess we could consider doing that for all efuncs
though, so not sure if this flag is really needed.
2023-07-16 10:33:25 +02:00
Bram Matthys cdc14569a9 Warn on plaintext oper::password in conf and even go as far as
generating the password hashes and suggesting using those.

This also starts the initial work on set::best-practices
https://www.unrealircd.org/docs/Set_block#set::best-practices
with hashed-passwords as the first setting there.
2023-07-15 19:02:31 +02:00
Bram Matthys b3995f48ff Mention password hashing in the example.conf itself.
Suggested by rafaelgrether in https://bugs.unrealircd.org/view.php?id=6303
2023-07-15 09:04:07 +02:00
Bram Matthys a153a2cce3 Change definition of parse_ban_action_config(), was too easy to leak memory.
Often you have default values for the config, and then a subsequent config
parsing run would overwrite the return value (= memory leak), merging/appending
would make no sense either, so it would force a free in all code before
calling us, well... let's just deal with it ourselves instead then ;)
2023-07-14 08:08:47 +02:00
Bram Matthys 22f8eb8729 Central spamfilter: fix memory leak (freeing ce/cfptr)
[skip ci]
2023-07-11 15:14:58 +02:00
Bram Matthys 32701e6f99 Central spamfilter: don't stop processing on 1 bad spamfilter block. 2023-07-11 13:34:28 +02:00
Bram Matthys f333aa0c09 New option set::spamfilter::show-message-content-on-hit:
you can now configure to hide the message content in spamfilter hit
messages. Generally it is very useful to see if a spamfilter hit is
correct or not, so the default is 'always', but it also has privacy
implications so there is now this option to disable it.

Suggested by alice, quite a while ago.

https://www.unrealircd.org/docs/Set_block#set::spamfilter::show-message-content-on-hit

Also as mentioned there:
UnrealIRCd has the following spying countermeasure (for many years) to help
that spamfilters are not abused for spying. When a spamfilter hit happens
that has an action like gline or blocking, it is visible to the user that an
action was taken. There is also the action 'warn', which means: take no
action and only warn IRCOps, that one would be easy to use as a spy tool, so
when this happens and message content was revealed, numeric 659
(RPL_SPAMCMDFWD) is sent to the client to indicate that the message is
allowed through but IRCOps were informed.
With this new set::spamfilter::show-message-content-on-hit feature, when
the message content was hidden due to this setting (eg due to 'never' or
'channel-only'), the warn message will not be sent as there is no need to
inform the user in such a case.
2023-07-11 12:11:26 +02:00
Bram Matthys f277880fb3 Add set::central-spamfilter::limit-ban-action and ::limit-ban-time
to limit actions to limit-ban-action as the highest, and limit
ban times to limit-ban-time the highest, see
https://www.unrealircd.org/docs/Central_Spamfilter

This also changes highest_spamfilter_action() to highest_ban_action().
2023-07-11 10:17:51 +02:00
Bram Matthys 95902979dc Central spamfilter: now every 1hr and a default set::central-spamfilter::except
policy is added. This may be tweaked later.
2023-07-10 20:18:07 +02:00
Bram Matthys c18c79e88b Add spamfilter hits and hits for exempted users.
* This means we always run spamfilters, even if users are exempts
* This way we can gather hits for exempted users on individual
  spamfilter entries, and possibly detect false positives
  (which relies on the assumption that those users are innocent)
* The hit counters are shown in in RPL_STATSSPAMF and also
  exposed via the JSON-RCP API.
* This commit also adds set::central-spamfilter::except but more
  on that later since i still want to set a default for that in
  a future commit.
* This also changes take_action() to take flags and adds the
  option TAKE_ACTION_SIMULATE_USER_ACTION which i intended to
  use but didn't in the end... not sure if i should keep it :D
2023-07-10 11:30:51 +02:00
Bram Matthys 0c622c0a73 Minor code cleanup and remove weird check for cep->name after a CheckNull()
[skip ci]
2023-07-10 09:59:49 +02:00
Bram Matthys 01893dbc55 Be nice to people using hybrid-like config syntax...... for now..... ;D 2023-07-09 21:18:41 +02:00
Bram Matthys a68fa03ab5 Fix some small memory leaks on REHASH and fix compile warning w/gcc. 2023-07-09 13:39:00 +02:00
Bram Matthys def77c4d52 Initial work on spamreport { } block. Not really useful yet.
Early commit before i make it actually work and implement the rest
and hunting for memory leaks etc...
2023-07-08 15:35:08 +02:00
Bram Matthys 1006292681 Initial work on central spamfilter with auto refreshing URL / rules 2023-07-07 18:43:29 +02:00
Bram Matthys cafb180955 Change default of set::spamfilter::stop-on-first-match to 'no'
(Apparently an undocumented feature, by the way)
2023-07-06 18:24:32 +02:00
Bram Matthys c04c185c0b Hmm, why is '=' special in the conf? It isn't! 2023-07-06 18:24:00 +02:00
Bram Matthys 656ea105da First go at multi actions... 2023-07-06 11:51:55 +02:00
Bram Matthys 0af88581d3 Add support for restricting config file blocks. 2023-07-06 08:47:02 +02:00
Bram Matthys 41fcdb3264 Set set::spamfilter::utf8 to 'yes' by default. 2023-07-06 07:57:49 +02:00
Bram Matthys 7bce73a697 Some changes to HOOKTYPE_RECONFIGURE_WEB_LISTENER hack from earlier,
that was added late in 6.1.1 development to fix a crash with removing
websocket listeners. Now replaced with a generic HOOKTYPE_CONFIG_LISTENER
that is not only called for removed listeners, but for all listeners.
2023-06-17 18:04:12 +02:00
Bram Matthys bb419b95d1 Remove set::maxbanlength as it is not useful and only confusing.
https://www.unrealircd.org/docs/Set_block#set::maxbanlength
2023-05-28 20:25:02 +02:00
Bram Matthys e3262c6bd8 Change default for set::topic-setter and set::ban-setter to 'nick-user-host',
previously it was set to 'nick'

Also allow the full topic length for the nick-user-host case, now that
we have BIGLINES support. For non-BIGLINES-servers this could mean a
potential cutoff of the last 20 characters of the topic, which is why we
restricted it to 340 instead of 360 for nick-user-host previously, but
that is really only in the corner case / worst case, like with max NICKLEN,
max USERLEN, max HOSTLEN, max CHANNELLEN, etc... i think we can live
with that small "problem" until all servers upgrade.
2023-05-28 17:54:44 +02:00
Bram Matthys e0bce86445 Fix config check for old webirc { } block (if missing password) 2023-05-27 08:44:17 +02:00
Bram Matthys 55670c5865 Fix memory leak created today on REHASH (free the proxy blocks) 2023-05-26 16:41:02 +02:00
Bram Matthys 257ec35931 Require proxy blocks to have a name, like proxy nginx { }
Not sure yet where/when this will be used or displayed (WHOIS?
connect line?), but better require it straight from the start.
2023-05-26 16:32:23 +02:00
Bram Matthys 995d28cacb Add duplicate_security_group() function, and also:
unreal_duplicate_masks()
duplicate_nvplist()
duplicate_name_list()

And use this for when proxy::type is web, to duplicate the
exact criteria to the ban exception as mentioned in previous
commit.
2023-05-26 16:15:09 +02:00
Bram Matthys f241fef575 For proxy::type web, automatically add proxy::mask to exceptions
for blacklist, connect-flood, handshake-data-flood
(Well, unless mask::ip is used with a wildcard, due to current
 technical limitations, that will be resolved later)
2023-05-26 15:56:17 +02:00
Bram Matthys fa4b39d4aa Fix "function returns an aggregate" to make GCC happy.
Actually I don't think this was really wrong as this is an
enum, which is probably why clang does not complain...
but still... whatever....
2023-05-26 14:40:24 +02:00
Bram Matthys cf5808dc44 Error on listen::options::websocket::forward and tell to use proxy { } block.
[skip ci]
2023-05-26 14:36:20 +02:00
Bram Matthys c537a72c10 Make proxy::mask and webirc::mask a generic mask item almost all
others in the config - https://www.unrealircd.org/docs/Mask_item
2023-05-26 12:39:11 +02:00
Bram Matthys 9aafdb7f9c Move handling of webirc { } block into new proxy { } block (allow the old name)
This is untested, as I'm first working on the rest...
2023-05-26 12:23:51 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys 58228e28b3 Prevent people from using an old modules.default.conf.
That file has such a clear warning in it but still people
manage to load old ones. That being said, usually it is not
deliberate, like an cp ../unrealircd.old/conf/* conf/
2023-05-22 07:52:06 +02:00
Bram Matthys 3652940c2c Add set::anti-flood::<secgroup>::max-channels-per-user setting to override
the default set::max-channels-per-user (also called set::maxchannelsperuser).

This way you can give known-users a higher max-channels-per-user,
or even a special security group for trusted users (that you may
already have given a more lax flood setting and lower lag-penalty
etc. etc. so that fits in nicely)

And yeah this also:
* Makes it both in set and the anti-flood block accept both
  maxchannelsperuser and max-channels-per-user.
* Removes old MAXCHANNELS= in 005, as we already have CHANLIMIT=
This does not:
* Re-announce the 005 CHANLIMIT= if someone transitions from a security
  group with a different max-channels-per-user. We don't do that for
  IRCOps either, and I think no IRCd does that actually...
  To be honest i wonder if sending the limit in 005 is useful at all,
  do client really track this and limit their GUI based on it?? Doubt it!
2023-05-19 21:47:23 +02:00
Bram Matthys f2015ad865 Fix crash when removing a listen { } block with websocket or rpc
(or changing the port number). Reported by Nini.

Rather complex case: when the listen block is removed, obviously
the config hooks are not called for the (now non-existing) listen
block, and thus the websocket->request_handler and such are not
set to the new address of the websocket handler.
We now use a slightly silly workaround / new hook to fix this
corner case. Ideally there would be an extra layer in-between
like a handler lookup by name, or something like that.
(Or make the websocket module PERM but we don't want that!)
2023-05-19 19:29:46 +02:00
Bram Matthys f804c5ed65 Add detection and set the high connect rate to 1000 per seconds.
https://www.unrealircd.org/docs/FAQ#hi-conn-rate
This finishes https://bugs.unrealircd.org/view.php?id=5532
2023-05-18 13:15:17 +02:00
Bram Matthys 2c73a37ac7 * New setting set::handshake-boot-delay
https://www.unrealircd.org/docs/Set_block#set%3A%3Ahandshake-boot-delay
  which allows server linking autoconnects to kick in (and incoming
  servers on serversonly ports), before allowing clients in. This
  potentially avoids part of the mess when initially linking on-boot.
  This option is not turned on by default, you have to set it explicitly.
  * This is not a useful feature on hubs, as they don't have clients.
  * It can be useful on client servers, if you `autoconnect` to your hub.
  * If you connect services to a server with clients this can be useful
    as well, especially in single-server setups. You would have to set
    a low `retrywait` in your anope conf (or similar services package)
    of like `5s` instead of the default `60s`.
    Then after an IRCd restart, your services link in before your clients
    and your IRC users have SASL available straight from the start.
2023-05-07 11:21:22 +02:00
Bram Matthys 2922a8ae5a Fix crash if there is a parse error in an included file and there are
other remote included files still being downloaded.
This issue exists both with and without cURL, so in both url interfaces.

Was finally able to reproduce this on my own machine. This bug exists
since at least 6.0.0 and perhaps even before that. Just doesn't get
triggered that often due to needing an error and a certain timing
condition (well, and ASan catches it, but on some systems it may
go unnoticed).
2023-04-22 14:08:29 +02:00
Bram Matthys 4b448f2aaa New option listen::spoof-ip, only valid when using UNIX domain sockets
(so listen::file). This way you can override the IP address that users come
online with when they use the socket (default was and still is `127.0.0.1`).

Add a new guide https://www.unrealircd.org/docs/Running_Tor_hidden_service_with_UnrealIRCd
which uses the new listen::spoof-ip and optionally requires a services account.
2023-04-15 10:37:30 +02:00