1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-09 06:23:12 +02:00
Commit Graph

10073 Commits

Author SHA1 Message Date
Bram Matthys e03a5dfd5f Support ::destination and ::exclude-destination in security groups / mask items
at selected places (there needs to be explicit code in place to handle this).
At the moment it is supported at two places only:
* For spamfilters (was already possible via crules via ::rule with
  a destination('xyz') but now non-crule destination "#xyz"; works as well, eg:
  spamfilter {
          ...
          except {
                  destination "#main";
          }
  }
  Note that if you want to exempt a destination in all spamfilters,
  we already have set::spamfilter::except for that!
* In restrict commands for like channel-message and such:
  set {
          restrict-commands {
                  channel-message {
                          except {
                                  connect-time 600;
                                  destination "#test";
                          }
                  }
           }
  }

Allow passing a crule_context via user_allowed_by_security_group_context()
and make user_allowed_by_security_group() call that.

Actually document spamfilter::except online in the docs (yeah you
won't see it in this commit, just mentioning...)

And yeah, by now i wonder if we should really call it crule_context
since it is more like a security group matching context, but.. whatever.
2024-07-06 09:16:53 +02:00
Bram Matthys a804b24150 Add set::hide-killed-by which shortens the quit to "Killed (Reason)".
* New option [set::hide-killed-by](https://www.unrealircd.org/docs/Set_block#set::hide-killed-by):
  We normally show the nickname of the oper who did the /KILL in the quit message.
  When set to `yes` the quit message becomes shortened to "Killed (Reason)".
  This can prevent oper harassment.

Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6425
2024-07-06 08:12:11 +02:00
Bram Matthys 667eae41dd Add warning when rpc-user::rpc-class is missing. Add default 'full' and 'read-only'.
The reason for the warning is that in some future UnrealIRCd version I want the
rpc-user::rpc-class to become a required item.

This commit also adds rpc-class.default.conf which is by default
included from rpc.modules.default.conf.

This also completes the TODO list from b9de933378
(the rpc.add_timer was never a loophole and i kept rpc.info as-is)
2024-07-05 11:45:49 +02:00
Bram Matthys 0b7162f3cf Free old operclass blocks on REHASH (memory leak)
This wasn't caught by Address Sanitizer because we simply never removed
it from the linked list, and thus it was a reachable pointer.

Found this bug when adding the rpc-class { } stuff.
2024-07-05 11:11:13 +02:00
Bram Matthys b9de933378 Similar to oper and operclass, this adds an rpc-class block.
This so you can restrict the JSON Methods that can be called, eg:

rpc-class limited {
    privileges {
        server { list; get; }
        channel { list; get; }
        user { list; get; }
    }
}

rpc-user xyz {
    match { ip 127.0.0.1; }
    password "test";
    rpc-class limited;
}

NOTE: This is work in progress
1) Things are NOT yet fully contained, as i need to lock down
   rpc.add_timer still :)
2) Some more work, eg rpc.info would be nice to show some
   information about the restriction (??)
3) Need to fix a memory leak
4) Possibly more
2024-07-05 10:21:45 +02:00
Val Lorentz 2a3f5dc500 MODE: Reply with ERR_NOSUCHCHANNEL when the target is a channel (#287) 2024-07-05 07:28:12 +00:00
Bram Matthys 36b6e00701 Windows libs have been updated and libressl stopped using version numbers
so update buildbot vs2019.bat with the SSLLIB names.
[skip ci]
2024-07-03 09:15:22 +02:00
Bram Matthys 3bc1e0c932 Fix tkldb issue caused by making ban user::mask a mask item.
The build tests were failing for tkldb save & restore. Cause was this:

if (tkl->ptr.serverban->match)
^ this is wrong.. because it doesn't check if tkl is a server ban

So it could be tkl->ptr.spamfilter->whatever_is_at_that_memory_offset
which is non-NULL.

Could have updated the code to an if (IsServerBan... && tkl->..etc..)
but decided to ditch this needless code altogether.

As this wasn't needed at all since it already skips config-based.
And all mask items bans are config-based.

One of those rare cases where trying to be extra careful actually
causes a fuckup.
2024-07-01 18:56:29 +02:00
Bram Matthys ad485d1d1f Oh url_unreal.c needs this too, to get rid of the warning. 2024-07-01 16:46:11 +02:00
Bram Matthys 7415101bc3 Update shipped libsodium to 1.0.20. 2024-07-01 15:37:49 +02:00
Bram Matthys d307fef2d5 Update shipped PCRE2 to 10.44 2024-07-01 15:36:07 +02:00
Bram Matthys 25bed9ac1f Update the shipped c-ares to 1.31.0 and silence deprecation warnings for c-ares API.
Ignore these for entire src/dns.c.
Quoting https://github.com/c-ares/c-ares/pull/732#issuecomment-2028454381:
"Those deprecated functions will remain available until there is an ABI
 break, which honestly will likely never happen. It's more to encourage
 integrators to move to the more modern functions."
Also, keep in mind that several of these 'deprecations' happened in early 2024
while the new function was introduced in March 2020, like for ares_getaddrinfo().
That isn't all that long ago, only 4 years. So we would need compatibility code
for both the old and new function for a while.
So: we can look into that in some major new UnrealIRCd version, nothing urgent,
and perhaps by then it is long enough that we don't need the fallback to older
functions.
2024-07-01 15:05:01 +02:00
Bram Matthys c12864f81b Fix crash in server_ban.list JSON-RPC call as well.
Hmm... we should probably use json_expand_tkl() differently for match items
instead of returning "<match-item>" literally. Consider this a TODO item :D
This only happens for config-based bans that can't be removed anyway, so..
2024-06-30 19:59:41 +02:00
Bram Matthys 58d7a274f6 Fix crash in new ban user { } code, as predicted two commits ago. 2024-06-30 19:47:04 +02:00
Bram Matthys 53d97e020f Fix for last commit: except ban { } was not checked for ban user { } blocks 2024-06-30 19:26:02 +02:00
Bram Matthys bc7c69dd20 Make ban user::mask and require authentication::mask a Mask item. Finally.
As requested in
https://bugs.unrealircd.org/view.php?id=6159 by PeGaSuS
https://bugs.unrealircd.org/view.php?id=6319 by BlackBishop
https://bugs.unrealircd.org/view.php?id=6397 by Valware

The mask item https://www.unrealircd.org/docs/Mask_item
means you can use all the power of mask items and security groups and
multiple matching criteria.

This requires a bit more testing as username/hostname are NULL now
so some code paths may have to be adjusted. The function call to add
server bans has changed too. And, really need to check that soft bans
are not broken... because they might be ;D
2024-06-30 19:06:37 +02:00
Bram Matthys f6643f283c Support spamreport::url for type central-spamreport too.
This so you can get the same spamreport data to your own custom system.
It works similar to set::central-blocklist::url but then on a
spamreport { } basis which is better, since then you can still
submit to UnrealIRCd central spamreport too.

So you can have two blocks:
spamreport unrealircd { type central-spamreport; }
spamreport custom { type central-spamreport; url 'https://www.example.org/xyz'; }

And then a /SPAMREPORT or 'report;' action will report it to BOTH.

Requested by Chris
2024-06-26 14:01:13 +02:00
Valerie Liu 54a8fc140b restrict-commands: add option 'channel-create' (channel creation) (#285)
* restrict-commands: add option 'channel-create' for managing who may create new channels.
This has been a commonly requested feature with different requested options, I think it makes sense to do it properly from here
2024-06-14 13:05:34 +00:00
Bram Matthys 58646bafbb Reorder some if's and comment them to make sense.
[skip ci]
2024-06-14 14:36:34 +02:00
Bram Matthys 33c6eb0bcf Destroy channel if 0 users and can_join() rejects the user.
Reported by Valware. E.g. if HOOKTYPE_CAN_JOIN rejects the join
when it is a new channel.

( And yeah... +P channels are not destroyed... handled in
  sub1_from_channel() -> HOOKTYPE_CHANNEL_DESTROY already. )
2024-06-14 14:28:11 +02:00
Bram Matthys 57f93a1ffa Write some initial release notes
[skip ci]
2024-06-14 11:21:27 +02:00
Bram Matthys 9e1fa65a46 Make locop only able to REHASH local server and not remote ones.
As reported in https://bugs.unrealircd.org/view.php?id=6414
2024-06-14 11:15:23 +02:00
Bram Matthys 5897bc2282 Add ./Config -h / -help
Suggested by hnj in https://bugs.unrealircd.org/view.php?id=6417
[skip ci]
2024-06-14 10:50:00 +02:00
Bram Matthys c37dc9334b Attempt to fix KICK OperOverride message if you are not +o but have +h/+a/+q.
There was an incorrect OperOverride message if you were had +h, +a or +q
and was kicking someone that you should normally be able to (without override).

This requires quite a bit of further testing, though, it's so easy to get
this wrong. The FIXME still stands to fix this for good some day.

Reported by Valware in https://bugs.unrealircd.org/view.php?id=6423
2024-06-14 10:45:41 +02:00
Bram Matthys 5e46692bb2 Bump version to 6.1.7-git 2024-06-14 10:00:37 +02:00
Adrian Sandu 2c49668db8 Add option set::tls::certificate-expiry-notification (#286)
This way you can disable the check and notification about TLS certificate expiring. The check is (still) on by default.
2024-06-14 07:57:33 +00:00
henk84 214423564e comment optional, fictional example blocks (#282)
Co-authored-by: Hendrik Jäger <gitcommit@henk.geekmail.org>
2024-06-14 07:27:56 +00:00
henk84 575bbeefd8 remove nonexistant email address in badwords conf (#283)
Co-authored-by: Hendrik Jäger <gitcommit@henk.geekmail.org>
2024-06-14 07:25:32 +00:00
henk84 d98dc2fcc3 Fix comment in example.conf (#281)
fix plural
Co-authored-by: Hendrik Jäger <gitcommit@henk.geekmail.org>
2024-06-14 07:25:04 +00:00
henk84 4ad2a601ac fix comment in modules.optional.conf (#280)
fix repeated preposition
Co-authored-by: Hendrik Jäger <gitcommit@henk.geekmail.org>
2024-06-14 07:24:31 +00:00
alice a77ff1f2c8 Fix OPEROVERRIDE_VERIFY option. (#278)
Reported by hnj in https://bugs.unrealircd.org/view.php?id=6418

Appears to have been introduced as part of the 6.x refactor of secret/private channel modes in 8066c13876

Also adjust message for ERR_OPERSPVERIFY to include channel name.
This is to correspond closer to other similar numerics around this area, as well as agreeing with the definition within modern.
2024-06-14 07:22:19 +00:00
Bram Matthys dd2242b6a8 ** UnrealIRCd 6.1.6 **
The release will be published tomorrow (2024-06-14).
2024-06-13 19:14:28 +02:00
Bram Matthys 89b735f6f2 Update curl-ca-bundle to Mon Mar 11 15:25:27 2024 GMT
https://curl.se/docs/caextract.html
[skip ci]
2024-06-13 18:54:08 +02:00
Bram Matthys e89f3f444c ./Config: import settings from UnrealIRCd 6.1.5
[skip ci]
2024-06-07 18:38:49 +02:00
Bram Matthys f2c92ee4b0 ** UnrealIRCd 6.1.6-rc1 ** 2024-06-07 18:22:48 +02:00
henk84 fdc1cd1902 fix word repetition in operclass.conf (#279) 2024-06-02 14:14:19 +02:00
Bram Matthys 05c946579f Don't put insecure gatewayed/proxied connections in 'tls-users' security group.
For user--proxy--ircserv we don't set +z when user--proxy is not
using SSL/TLS and we should behave the same way with ::tls in
security groups / match items.

See also
https://www.unrealircd.org/docs/FAQ#Why_do_users_on_WEBIRC_gateways_not_get_user_mode_+z?

But also applies to other types in the proxy block.
2024-05-20 11:52:23 +02:00
Bram Matthys a11cfde6cd Fix crash if you first REHASH and have a parse error (failed rehash 1) and
then REHASH again but a remote include fails to load (failed rehash 2).

This was reported by multiple (anonymous) people via the crash reporter.
2024-05-20 10:28:33 +02:00
Bram Matthys 9d91f61206 Crule: forgot a context && context->client check. Just in case the
crule is used outside security groups / spamfilter, like in
deny link { }.

Also update the match_realname() since via the extban code it would
use match_esc() which is rather confusing if you have double (or
perhaps even triple) escaping when using this in the conf.
2024-05-20 09:31:29 +02:00
Bram Matthys 899955b47d Crule: forgot match_realname('*xyz*'). Now we should be at 100% :) 2024-05-20 09:11:25 +02:00
Bram Matthys 0e9280e731 Crule: add match_account(), match_country(), match_certfp(). 2024-05-20 09:06:11 +02:00
Bram Matthys 3c3d8a5605 Add user_matches_extended_server_ban() which works similar to
match_user_extended_server_ban except that it works by name/value.

This can then be used by crules or in other mods, like:
user_matches_extended_server_ban(client, "country", "NL");

If the performance impact isn't too bad (of the extra work) then
this prevents duplicate code in the handler for things like
that: account, country, certfp, and whatever we add in the future..
2024-05-20 08:54:53 +02:00
Bram Matthys dbbcba10e3 Let's get rid of this !strlen(arg)
[skip ci]
2024-05-20 08:29:56 +02:00
Bram Matthys 9d166eed26 Some minor tweaks so these can be used in pre-connect-stage.
Otherwise in pre-connect-stage is_identified(), is_webirc()
and is_websocket() will always return false due to the
IsUser() check.

One should always be careful with accessing things in pre-
connect-stage, but in this case the IsLoggedIn() and
moddata_client_get() are safe to use. The former checks
client->user and the latter does not access anything within
client->user at all.
2024-05-20 07:56:07 +02:00
Valerie Liu 14dd3a9038 Crule: add is_identified(), is_websocket() and is_webirc() (#277)
* Update crule.c: add is_identified(), is_websocket() and is_webirc()
* Update RELEASE-NOTES.md
2024-05-20 05:50:07 +00:00
Valerie Liu ca31150291 Update modules.c - Fix small spelling error (#276)
[skip ci]
2024-05-20 05:47:21 +00:00
Bram Matthys f8b435957f Update release notes a bit
[skip ci]
2024-05-19 18:54:03 +02:00
Bram Matthys b07f02fb11 Fix +b ~forward not taking into account +e (ban exemptions).
Reported by rafaelgrether in https://bugs.unrealircd.org/view.php?id=6410
2024-05-19 18:49:33 +02:00
Bram Matthys 229b3a7f1b Fix ~forward checking IsRegNick() instead of IsLoggedIn() 2024-05-19 18:31:38 +02:00
Bram Matthys f89fd3f8f6 Fix crash on Windows when using crules, central spamfilter or central spamreport.
This is the release notes update, the actual fix is in
c3a7ed2c99

[skip ci]
2024-05-15 17:18:12 +02:00