1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 02:43:14 +02:00
Commit Graph

6346 Commits

Author SHA1 Message Date
Bram Matthys e67d49112e Re-indent src/modules/m_mode.c (yuck...) 2017-11-20 13:48:18 +01:00
Bram Matthys e16dfdc6a6 Add release notes entry for timed bans support in +f. 2017-11-20 09:48:25 +01:00
Bram Matthys aa093f3e2b Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
Naturally this is only available if the extbans/timedban module is
loaded and you should do so on all your servers on the same network
if you want to avoid confusion/desynchs.
2017-11-20 09:44:25 +01:00
Bram Matthys d63bc7e187 Module API: New function is_module_loaded("name"): return 1 / 0 2017-11-20 09:43:43 +01:00
Bram Matthys 92afdb56b5 Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
=> Note that you need to load the extbans/timedban module!
Some examples:
* A 5 minute ban on a host:
  +b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
  +b ~t:5:~q:*!*@host
* An invite exception for 1440m/24hrs
  +I ~t:1440:*!*@host
* A temporary exempt ban for a services account
  +e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
  +e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
2017-11-20 09:16:03 +01:00
Bram Matthys 8b0fd74c37 Bug: set::restrict-extendedbans did not have effect in stacked bans.
For example if you had:
set { restrict-extendedbans "a"; };
Then this would be rejected:
MODE #chan +b ~a:Account
However, you could still set:
MODE #chan +b ~q:~a:Account
Now this is properly rejected as well.
2017-11-19 20:43:15 +01:00
Bram Matthys 2e1e9a0b91 Load extbans/msgbypass from modules.optional.conf 2017-11-19 17:19:35 +01:00
Bram Matthys eb205e04cc Make types future-proof. Fix ~m case for +M.
BypassMessageRestrictionType -> BypassChannelMessageRestrictionType
BYPASS_MSG_* -> BYPASS_CHANMSG_*
2017-11-19 17:12:28 +01:00
Bram Matthys 1b2b28e6c6 New ban exception ~m:type:mask - allows bypassing of message restrictions.
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
'filter' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
2017-11-19 16:40:39 +01:00
Bram Matthys dd6f67a266 Send errors regarding invalid bans (if available).
Fix case where conv_param() returns NULL (ban rejected)
causing is_ok() function not to be called so the user
never sees the error. We now try to call the is_ok after
conv_param returns NULL.
So not really an API change, more like a fix.
2017-11-18 19:15:44 +01:00
Bram Matthys b046b86a6e Way to customize the reject connection messages. 2017-11-17 11:13:11 +01:00
Bram Matthys e1af5ae6c5 Move AllowClient/check_client/check_init to m_nick module
(apparently one of the previous commits was partial)
2017-11-17 10:45:54 +01:00
Bram Matthys d13c7b20d0 Code cleanups in AllowClient and register_user 2017-11-17 10:37:45 +01:00
Bram Matthys 7b7f492b71 Move AllowClient/check_client/check_init to m_nick module 2017-11-17 10:10:28 +01:00
Bram Matthys cb6a118c4d antirandom sample conf: remove confusing phrase that doesn't apply 2017-11-15 11:49:46 +01:00
Bram Matthys 3c0db9c72f Move HOOKTYPE_SECURE_CONNECT hook and mode setting up a bit. 2017-11-13 17:02:05 +01:00
Bram Matthys cd7d3f0cc6 Rephrase. Still too long, though. 2017-11-13 17:00:36 +01:00
Bram Matthys 527fa9818c UnrealIRCd will no longer give +z to users on WEBIRC gateways, unless
the WEBIRC gateway gives us some assurance that the
client<->webirc gateway connection is also secure (eg: https).

This is the regular WEBIRC format:
WEBIRC password gateway hostname ip

This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure

Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.

https://github.com/ircv3/ircv3-ideas/issues/12
2017-11-13 16:47:22 +01:00
Bram Matthys 512c8fb000 Move the place where we set umode +z (secure). Needed for next. 2017-11-13 16:23:49 +01:00
Bram Matthys 31688fbae8 Update version to 4.0.17-devel to reflect development status. 2017-11-13 08:25:00 +01:00
Bram Matthys 07f056c1a4 Add reference to https://www.unrealircd.org/docs/IRCOp_guide 2017-11-13 08:17:28 +01:00
Bram Matthys d8470bb902 AppVeyor: needs both unrar and unzip 2017-11-12 08:08:41 +01:00
Bram Matthys f86cf68548 UnrealIRCd 4.0.16 2017-11-12 07:59:11 +01:00
Bram Matthys 1425583bed Zip file now. Does this work? 2017-11-11 11:06:48 +01:00
Bram Matthys 1070e43141 Windows: update dependencies (libs). 2017-11-11 11:04:51 +01:00
Bram Matthys 7d6d33a5bc Update c-ares to 1.13.0 (20-jun-2017) 2017-11-11 09:57:35 +01:00
Bram Matthys 67396c808d Update release notes 2017-11-10 19:48:32 +01:00
Bram Matthys 69264175e7 Update conf/ssl/curl-ca-bundle.crt (Wed Sep 20 03:12:05 2017 GMT) 2017-11-10 19:12:39 +01:00
Bram Matthys 1e059ca0e4 Update to PCRE2 10.30 (14-August-2017) 2017-11-10 19:05:36 +01:00
Bram Matthys 6b35aa35a8 Delete UnrealIRCd 3.2.x changelogs (they are in git anyway) 2017-11-10 18:58:21 +01:00
Bram Matthys c5e38b9272 UnrealIRCd 4.0.16-rc1 2017-10-29 12:16:43 +01:00
Bram Matthys 704487e124 Fix numerous crash bugs in server to server code.
In 3.2.x we didn't fix these bugs since servers are trusted and
should send correct commands. In 4.0.x we changed this so we would
fix them when we come across such issues at normal priority (not
consider them security issues). I now took it a step further and
actively checked/looked for these issues and a bunch of them were
found. Almost all are NULL pointer dereferences, with some exceptions.
* S2S: MODE: check conv_param return value (NULL ptr crash)
* S2S: MODE: floodprot: More checks (NULL ptr crash)
* S2S: MODE: OOB write of NULL (write NULL past last element in an array)
* S2S: NICK: old compat fixes (NULL ptr crash)
* S2S: PROTOCTL: Check for double SID=
* S2S: SERVER: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: require at least 3 parameters (NULL ptr crash)
* S2S: SJOIN: Fix OOB read (read 1 byte past buffer)
* S2S: TKL: validate set_at and expire_at (NULL ptr crash)
* S2S: TKL: require at least 9 parameters for spamf, not 8 (NULL ptr crash)
* S2S: TKL: ignore invalid spamfilter matching type (remove abort() call)
* S2S: TOPIC: querying for topic is not permitted (NULL ptr crash)
* S2S: UID: require 12 parameters (NULL ptr crash)
* S2S: WATCH: this is not a server command (NULL ptr crash)
* Fix OOB read (1 byte beyond string) for timevals. This was reachable
  from config code, TKL (S2S) and /*LINE (Oper). In practice no crash.
* MODE: make code less confusing (effectively no change)
* TRACE: remove strange output in case of 0 lines of output
* Fix unimportant memory leak on boot (#4713, reported by dg)
* Fix small memory leak upon 'DNS i' (oper only command)
* Always work on a copy in clean_ban_mask(). This fixes a bug that could
  result in a strlcpy(buf, buf, sizeof(buf)). So, overlapping strings,
  which is undefined behavior.
2017-10-29 11:20:52 +01:00
Bram Matthys d574183825 Travis-CI: Use CPPFLAGS instead of CFLAGS 2017-10-23 16:52:28 +02:00
Bram Matthys 0dadba5482 Travis-CI: Use -DFAKELAG_CONFIGURABLE for tests. From 300 to 30s. 2017-10-23 16:37:22 +02:00
Bram Matthys 52a7478bd0 Comment it out like this so we can use -D 2017-10-23 16:37:00 +02:00
Bram Matthys 1dfcac9794 Travis-CI: Blah. 2017-10-23 14:14:58 +02:00
Bram Matthys 0318edbad0 Reinstall git during run-tests (may have been removed earlier in 'local-curl' test) 2017-10-23 13:42:16 +02:00
Bram Matthys cec74b0208 Use MAKE="make -j3" to make ./Config run faster as well. 2017-10-23 12:38:57 +02:00
Bram Matthys 13740a7d13 Travis-CI: Generate TLS certificate during test build (needed for testing further on) 2017-10-23 12:34:41 +02:00
Bram Matthys 821ad6ec06 Add some clear marker between compile tests and other tests 2017-10-23 12:05:33 +02:00
Bram Matthys 5f3f6aa827 Travis-CI: run-tests: install 'rake' 2017-10-23 12:02:52 +02:00
Bram Matthys e1590fc8bc Run make with -j3. Add +x to extras/build-tests/nix/run-tests (:D) 2017-10-23 11:53:50 +02:00
Bram Matthys 866a060533 Use 'set -e' and try to run test framework 2017-10-23 11:49:06 +02:00
Bram Matthys b23a3ff7b9 Travis-CI: path changes 2017-10-23 11:16:05 +02:00
Bram Matthys 4dc5324e57 Travis-CI: cleanup / new dir structure 2017-10-23 11:13:05 +02:00
Bram Matthys 77234b2b8d API change for HOOKTYPE_PRE_INVITE and fix #5023:
* API change for HOOKTYPE_PRE_INVITE:
  (aClient *sptr, aClient *target, aChannel *chptr, int *override)
  Modules must now send the error message instead of only returning
  HOOK_DENY. Also check for operoverride and set *override=1.

This so modules can send their own error messages instead of the
default message being sent ("channel is +V" - which is not true).

Reported by Gottem (#5023).
2017-10-23 10:07:33 +02:00
Bram Matthys d11484c2cf Add build status badge for Windows (AppVeyor) 2017-10-23 09:00:14 +02:00
Bram Matthys 8981b87c72 Update libressl paths for VS2017
(or actually current unreal w/o rollback for vs2012)
2017-10-22 18:11:24 +02:00
Bram Matthys 8a17f5aad2 I've stopped trying to understand this.
Apparently there's a difference between sed 3.x and sed 4.x
2017-10-22 17:11:45 +02:00
Bram Matthys a55aa2a39a 1) From double escaping to single escaping, such joy.
2) Use 'iscc' rather than 'compil32' since the latter pops up a
   dialog box which blocks the entire build process.
3) Apparently the VS2017 image has a broken VS2012 since it bails
   on winsock.h. So try to use different images for both builds.
2017-10-22 16:41:23 +02:00