1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 13:06:37 +02:00
Commit Graph

9146 Commits

Author SHA1 Message Date
Bram Matthys ec4df2da7d Integrate security-group functionality in tld::mask. 2022-05-14 08:10:20 +02:00
Bram Matthys 759908ba3a Integrate security-group functionality in oper::mask. 2022-05-14 08:03:12 +02:00
Bram Matthys 510b4b5505 Integrate security-group functionality in allow::mask.
(Also call it allow::match in the future, but accept allow::mask still)

This is the first of several commits to convert all ::mask items.
See https://www.unrealircd.org/docs/Mask_item for the consequences.
In short, you can now use all of the security-group items directly
in a mask, eg:
allow {
    mask { account TrustedUser; }
    class clients;
    maxperip 10;
}
2022-05-14 07:51:51 +02:00
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys 378f1f0044 Split up security-group code for later code re-use. 2022-05-13 14:37:56 +02:00
Bram Matthys efa7fea88e Rename security-group::include-mask to ::mask. Both will work though for
a long long time. Change done to make it consistent with the rest.
2022-05-13 14:11:00 +02:00
Bram Matthys a544001eeb Add security-group::security-group, this as a shorthand for
security-group { mask ~security-group:xyz; }

Module coders (again, slightly unrelated):
Added unreal_add_names() function which can be used to transform
a list of names in the config to a linked list (NameList).
2022-05-13 14:07:05 +02:00
Bram Matthys 6751b066ab Prevent infinite loop (crash due to out of stack) when processing a
security group that references another (or itself), eg:
security-group abc {
	include-mask ~security-group:abc;
}
We now give up after a recursion depth of >8 and log a warning.
2022-05-13 13:37:48 +02:00
Bram Matthys de61fc4b50 Add connect-time to security-group, so you can match on how long a client has
been connected to IRC. See https://www.unrealircd.org/docs/Security-group_block

Slightly unrelated, for modules coders: new function get_connected_time(),
to see how long a client has been online. This works for local clients, in
which case it would just return TStime()-client->local->creationtime.
It also works for remote clients, for which it will use the newly added
"creationtime" moddata (commit f1a18ce37e),
so the info is only available for remote clients on newer servers.
If the info cannot be found it will return 0 (zero).
2022-05-13 13:23:02 +02:00
Bram Matthys 085490d780 Show in WHOIS in which security-group a user is in (to IRCOps only)
The set::whois-details name for this is: security-groups.
https://www.unrealircd.org/docs/Set_block#set::whois-details
By default it is shown ONLY to IRCOps, not even to 'self' for normal users.

If you want to hide it for everyone, even to IRCOps, eg because you
feel it is useless information, then you can use:
set {
        whois-details {
		security-groups { everyone none; self none; oper none; }
	}
}
2022-05-13 13:14:46 +02:00
Bram Matthys f1a18ce37e Communicate "creationtime" of users. Right now this info is only known
locally, as the only timestamp regarding users that is communicated across
the network is about the "last nick change" ("has this nick since...").
2022-05-13 12:27:21 +02:00
Bram Matthys 788c230bdc Support exclusion criteria in security groups.
Suggested by Jobe in https://bugs.unrealircd.org/view.php?id=6096

Also add support for matching a reputation below a value ("<10").

See https://www.unrealircd.org/docs/Security-group_block for info
on all of these.
2022-05-13 11:33:57 +02:00
Bram Matthys 4a03943996 Fix antirandom log message when user is denied (only showed nick).
Reported by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6093
2022-05-13 08:09:46 +02:00
Bram Matthys 06c6eb164e Only validate for local users sending the tag 2022-05-13 07:56:30 +02:00
Valerie Pond 61f7dd746e Add IRCv3 +draft/channel-context (#205)
https://github.com/delthas/ircv3-specifications/blob/feature-channel/client-tags/channel-context.md
2022-05-13 07:39:41 +02:00
Bram Matthys cd48fec826 The /LICENSE command confusingly said that the UnrealIRCd license is GPLv1
or later. This updates the include/license.h file, which is used for the
/LICENSE command, to say "GPLv2 or later".

The 'LICENSE' file shipped with UnrealIRCd since at least the year 2000
has always been the GPLv2.

In the copyright headers of individual .c and .h files we have a mix of
"GPLv1 or later" and "GPLv2 or later", so "GPLv2 or later" is the common
denominator.
2022-05-11 09:23:53 +02:00
Bram Matthys b154591a58 Some source files indicated the license was "GPLv2", which was meant to
be (and is now clarified to be) "GPLv2 or later".
Reported by libsys in https://bugs.unrealircd.org/view.php?id=6099
2022-05-11 06:41:11 +02:00
Bram Matthys 537f5d050e Update HELPOP SVSO documentation, due to previous commit. 2022-05-07 19:03:25 +02:00
Bram Matthys 50e5d91c79 Add SVSO command which services can use to make someone IRCOp.
This existed in UnrealIRCd 3.2.x but was later removed when
switching to the new operclass system.
Requested by Valware in https://bugs.unrealircd.org/view.php?id=6041

Syntax: SVSO <uid|nick> <oper account> <operclass> <class> <modes> <snomask> <vhost>
All these parameters need to be set, you cannot leave any of them out,
HOWEVER some can be set to "-" to skip setting them, this is true for:
<class>, <modes>, <snomask>, <vhost>

In UnrealIRCd the <operclass> will be prefixed by "services:" if not already
present. It is up to you to include or omit it.

If you want to set any swhoises you need to use the SWHOIS s2s command,
other than that this command basically does everything for you,
in fact it uses the same code as the OPER command does.
Most of the "user is now ircop" code has been moved out of cmd_oper() to
a new function make_oper() that is called by both cmd_oper() and cmd_svso().

This function also changes the hook HOOKTYPE_LOCAL_OPER:
It no longer passes a ConfigItem_oper struct, since we can't do that for
remote opers. Instead it passes oper name and oper class.
The complete definition is now:
int hooktype_local_oper(Client *client, int add, const char *oper_block, const char *operclass);
2022-05-07 18:53:59 +02:00
Bram Matthys 84f3efc105 Fix issue with modes-on-join and +f: 3t#b1 would be converted to 3t#b,
thus the 'unset time' would be stripped.
This was because the timedban module was seen as 'unavailable' when
checking the +f syntax so early in the booting process.
We now assume timedban is available during config testing, if it later
turns out it is not available the 'unset time' is still stripped
when setting the mode on JOIN.

Reported by ctcp.
2022-05-07 08:18:05 +02:00
Bram Matthys fea7995a02 Fix crash when using ~security-group in except ban { }
This makes us no longer call the .is_ok() function for extbans
that are added through except ban { }. This because normally
the is_ok() function communicates to 'client', which is NULL
when it is called from the config code.
The alternative would have been to update all the extban modules
to check for a NULL client and deal with that but that would
need stupid amounts of code and it would not be of much value
as the error would not end up displaying on the console.
So, we now only on the .conv_param() function, which was already
only used for cases such as remote bans and such, and is already
known to have a NULL 'client' in TKL cases. Note that conv_param()
could still reject the ban, but it does it generally only in
the more extreme cases.

Reported by musk / PeGaSuS.
2022-05-07 08:06:05 +02:00
Bram Matthys 03c0f24be8 Make autoconnect work with last commit (link::outgoing::file). 2022-05-06 17:17:02 +02:00
Ron Nnn 64e411aa34 Add support for linking servers via UNIX domain sockets (#202) 2022-05-06 17:05:54 +02:00
Bram Matthys 7c988e04e0 Make self-test of "./unrealircd module" check if ./Config has been ran.
That is: it checks if the Makefile is there to avoid a mysterious
"No rule to make target 'custommodule'" error message.
2022-05-04 19:19:11 +02:00
Bram Matthys 71da780490 Module manager: stop on compile failure (fix return value) and also fix
some text (coming from a too broad mass replace).
2022-05-04 18:27:54 +02:00
Bram Matthys 96413cb9f2 Update README
1) Give an exact link to https://www.unrealircd.org/docs/UnrealIRCd_releases
which describes the supported versions and EOL stuff in more detail.
2) Make clear that we have better instructions on the wiki with regards to installation
and that users should use that one instead (the ones in the README are really meant as fall-back)
3) Some nicer formatting here and there (minor)
2022-05-03 09:38:34 +02:00
Bram Matthys 889bcd99dc Actually build and load module for unrealircd.org/geoip-tag by default. 2022-05-01 14:11:24 +02:00
westor a346b4a3e9 Add geoip-tag module (#197)
This module will work the same way as `userip-tag` or `userhost-tag` modules work now, the 90% of this code is part from these modules.
It will help especially the irc bots (AdiIRC/mIRC) to detect the geoip country code directly and easy when someone is talking on a channel and take actions, i hope this will help on most people.

Thanks @Valware for testing it out.

Short Example: `@unrealircd.org/geoip=GR;account=tester;msgid=tPTHDgymv9pgdGdYkI3WBd;time=2022-03-30T16:34:26.780Z :tester!Username@3765DB68:3AE9CB6C:B0540131:IP PRIVMSG #Test :test message`
2022-05-01 14:05:34 +02:00
alicetries 2018502e74 Fix various log messages which had missing $expansions (#198) 2022-05-01 13:52:45 +02:00
musk fcc580017f Update help.es.conf (#199)
Add new snomasks for U6.
2022-05-01 13:48:05 +02:00
musk 153a01ec60 Add example.es.conf (#200) 2022-05-01 13:45:40 +02:00
Bram Matthys b1daf5b832 Fix crash when hideserver module is loaded but LINKS is not blocked. 2022-05-01 13:36:37 +02:00
Bram Matthys 3451919b06 Fix issue with duplicate entries in the +b/+e/+I list of +P channels.
This was caused by the transition from letter extbans (eg ~a) to
named extbans (eg ~account) and a combination of the bug fix in 6.0.2
(60a70acd86) and the 'channeldb' module
not checking for duplicates while reading the database.

Reported by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6091
2022-04-18 08:51:23 +02:00
Bram Matthys a9de2696d4 Allocated too much memory for the watchTable in the 6.0.3 change.
Now back to 256K (sizeof Watch *) instead of 1024K (sizeof Watch).
2022-04-08 08:53:23 +02:00
Bram Matthys c8b8177728 Update example conf to put kline-address value in single quotes.
Indirectly suggested in https://bugs.unrealircd.org/view.php?id=6086
reported by Balthazar.
2022-04-08 08:43:24 +02:00
Bram Matthys 1327fe9bfe Bump version to 6.0.4-git 2022-04-08 08:42:22 +02:00
Bram Matthys cedd23ae9c ** UnrealIRCd 6.0.3 ** 2022-04-01 16:27:18 +02:00
Bram Matthys 707510c1ce Fix crash in WATCH backend after doing /REHASH.
It often takes a while for the actual crash to occur but eventually an
attempt would be made to access inaccessible memory of the previously
freed .so module.

Reported by and traced with the help of both Wick and Krstarica.
2022-04-01 09:39:22 +02:00
Bram Matthys 479e9213ae Fix warning about "sending text to self" reading unitialized memory from
the stack and putting it in the log message.

Bug found internally, was not reported by anyone.
2022-04-01 09:18:14 +02:00
Bram Matthys aba8eb7a2b Fix OOB write in packet sending routine.
Bug found internally, was not reported by anyone.
2022-04-01 09:17:11 +02:00
Bram Matthys 28c1b9cef9 Show operclass in "/STATS o".
Suggested by fo (w/patch) in https://bugs.unrealircd.org/view.php?id=6003
2022-03-23 12:54:27 +01:00
Bram Matthys 640abd9df2 Update relnotes
[skip ci]
2022-03-23 09:11:10 +01:00
Bram Matthys 955d5addb5 Update release notes a bit
[skip ci]
2022-03-23 09:03:32 +01:00
Bram Matthys 488b3e3a6f Fix "unrealircdctl spkifp" usage info on Windows.
On Linux we still show the usage info as for "unrealircd" (not unrealircdctl)
since on Linux we have the "unrealircd" script that manages all this and
"unrealircdctl" is not really meant to be called directly by end-users.
2022-03-23 08:53:20 +01:00
Bram Matthys 89fe8e9227 SVSMOTD lines are now shown in the MOTD-on-connect, unless a shortmotd is used.
What is a SVSMOTD? The SVSMOTD are MOTD lines that are shown at the end of
an existing MOTD. These lines are added remotely through services.

Previously the SVSMOTD lines were never shown in the MOTD-on-connect, which
was a bug. We were only supposed to hide it if a short motd is in use.

Reported by Valware in https://bugs.unrealircd.org/view.php?id=6070
2022-03-23 08:06:23 +01:00
Bram Matthys ba1a88124a Re-indent src/modules/list.c 2022-03-23 07:24:29 +01:00
Bram Matthys da84223217 Make LIST option T<xx and T>xx always available, IOTW remove the need for
defining LIST_USE_T which was never done anywhere.

Reported by progval in https://github.com/unrealircd/unrealircd/pull/193
2022-03-23 07:15:40 +01:00
Val Lorentz f6ecbc6e63 Flip semantics of <xx and >xx in ELIST C and ELIST T (#194)
The spec <https://datatracker.ietf.org/doc/html/draft-hardy-irc-isupport-00#section-4.8>
is a little unclear on the semantics, and Unreal interprets 'C<val' as
a request for all chans created before <val> minutes ago, ditto.

This is a legitimate interpretation, but I think the other on makes more
sense (ie. that 'C<val' means all chans created less than <val> minutes
ago).

Additionally, the documentation for T did not match the implementation
before this commit.

Before this commit, Unreal was consistent with Hybrid/Plexus4 on ELIST C.

After this commit, Unreal will be consistent with Charybdis/Solanum,
InspIRCd, and ircu2 (and Hybrid/Plexus4 on ELIST T).
2022-03-23 07:09:37 +01:00
Robert Scheck a38c2ba491 Require PCRE2 >= 10.00 again (because of commit 329fd07f3a) (#196) 2022-03-22 06:44:02 +01:00
Robert Scheck 28a11a9121 Add missing options to unrealircdctl usage (#195) 2022-03-22 06:42:32 +01:00