1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-01 05:56:38 +02:00
Commit Graph

9335 Commits

Author SHA1 Message Date
Bram Matthys ee1f8d84a0 Require TLSv1.2 or later and require a modern cipher with forward secrecy.
This also fixes a bug with OpenSSL 3.x where, when the ircd was
configured to still allow old TLSv1.0 / TLSv1.1, it would still
only allow TLSv1.2+.

But, as said, allowing TLSv1.0/TLSv1.1 is now no longer the default.

See release notes for more information or the documentation at
https://www.unrealircd.org/docs/TLS_Ciphers_and_protocols
2022-11-27 17:04:22 +01:00
Bram Matthys cfea8b32f0 BuildBot: install modules after and not before 'make install',
and check exit status
2022-11-27 16:16:06 +01:00
Bram Matthys 5ee4c503a7 Update release notes 2022-11-18 18:39:51 +01:00
Bram Matthys 419fff13ec Mention that websocket users must now load the webserver module too.
Reported by PeGaSuS in https://github.com/unrealircd/unrealircd/pull/234
2022-11-18 18:37:37 +01:00
Bram Matthys c756c87be2 Update blacklist::reason changing the $variables there.
This changes the work of commit 2cf60f66a3.
    $ip: IP address of the banned user
    $server: name of the IRC server
    $blacklist: name of the blacklist block (eg. xyz for blacklist xyz { })
    $dnsname: the blacklist::dns::name
    $dnsreply: DNS reply code

Previously there was a $name which was ambigious in the sense that
it could mean blacklist name or dns name, now we simply avoid using
$name altogether and use $dnsname and (new) $blacklist.
2022-11-18 12:25:30 +01:00
Bram Matthys 475fe46d95 Add 6.0.4.2 release notes. 2022-11-18 10:34:52 +01:00
Ron Nazarov 4999ae408c Add TLINE command
Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=6174
2022-11-18 08:53:36 +00:00
Bram Matthys ea5c3922ad Update Makefile.windows for src/modules/svslogin.c
Related to previous commit 1a4b701776
2022-11-14 08:45:33 +01:00
Valerie Pond 1a4b701776 SVSLOGIN: Move to its own file
Moved SVSLOGIN command to its own file.
2022-11-14 07:43:43 +00:00
alice b3f0165773 Adjust tkl too broad ban detection to avoid banning too-wide IPv6 masks.
This adjusts the test to disallow a ban on *@*:*:*:*:*, to bring it into line with similar behaviour for IPv4.
2022-11-14 07:23:55 +00:00
westor 2cf60f66a3 Add on blacklist module two extra variables
Added the ability to specify `$name` and `$reply` variables on ban reason,

`$name` would be filled with blacklist dns name data
`$reply` would be filled with blacklist dns reply data.
2022-11-14 07:21:45 +00:00
Valentin Lorentz b01caa945f Use stable 'extended-monitor' capability name
https://ircv3.net/specs/extensions/extended-monitor was ratified
yesterday: https://github.com/ircv3/ircv3-specifications/pull/508
2022-11-14 07:19:43 +00:00
Valentin Lorentz a7716f8981 Add support for the stable 'bot' mtag
https://ircv3.net/specs/extensions/bot-mode was ratified a few months ago
(https://github.com/ircv3/ircv3-specifications/pull/495)

This commit keeps the draft mtag in addition to the stable one, for now.
2022-11-14 07:19:21 +00:00
Bram Matthys 2d61cded0d Show jansson library version in boot screen and elsewhere IF library version
is 2.13 or newer, as this requires jansson_version_str().

And no, we don't use macro's (eg JANSSON_MAJOR_VERSION). We never do that for
any of the displayed library versions (OpenSSL, libsodium, c-ares, curl, etc)
as macro's only reflect the compile-time library version and not runtime,
and thus are misleading... which can be especially problematic in case of a
security issue. So good that jansson added this function.
2022-11-04 14:16:50 +01:00
Bram Matthys 7a5f83e0b6 Make REHASH always asynchronous (done in the main loop).
This means it is safe to REHASH from modules now, which means
issuing a REHASH from a websocket connection is now possible.
2022-11-04 12:43:02 +01:00
Bram Matthys c3824ad47d Fix potentially sending invalid data over websockets on REHASH.
This makes websocket_common unload last (and near-last: rpc & websocket)
and makes us call Mod_Init for these three modules first.
This way, the period where the websocket handler is unavailable is kept
to a minimum.

This also renames the ModuleSetOptions option MOD_OPT_UNLOAD_PRIORITY
to MOD_OPT_PRIORITY since it dynamically changes the module priority
in the list. For 6.x compatibility, MOD_OPT_UNLOAD_PRIORITY can still
be used.
2022-11-04 10:54:53 +01:00
Bram Matthys 02285f468d Update Turkish example conf & help conf
Provided by Diablo - (Serkan Sepetçi)
2022-10-21 13:42:24 +02:00
Bram Matthys 3de3087c95 Fix read-after-free when linking in a server (that is fully authenticated)
when there is already another established link with a server with the same name.
For example, when there is a network issue and the "old server" is still
waiting to be timed out and the "new server" is already linking in.
2022-10-01 08:48:44 +02:00
Bram Matthys 8b0b3d70ff Fix crash on REHASH with server linked (6.0.5-git only, due to websocket split) 2022-09-26 15:17:27 +02:00
Bram Matthys 8bed87e369 Port 6.0.4.1 release notes which is basically cherry picking
commit 0e6fc07bd9 and
commit 0d139c6e7c from 6.0.5-git
2022-08-29 10:12:06 +02:00
Bram Matthys dc55c3ec9f Add CALL_CMD_FUNC(cmd_func_name) and use it.
This is only for calls within the same module, as otherwise you
should use do_cmd().

Benefit of this way is that it is short and you don't have to worry
about passing the right command parameters, which may change over time.
Example as used in src/modules/nick.c:
-               cmd_nick_remote(client, recv_mtags, parc, parv);
+               CALL_CMD_FUNC(cmd_nick_remote);
2022-08-28 09:04:12 +02:00
Bram Matthys 4e5598b6cf Create and use new CALL_NEXT_COMMAND_OVERRIDE() instead of CallCommandOverride().
This is an easier way to call the next command override handler from command
override functions. It passes the standard parameters so you don't have to
worry about which parameters a CMD_OVERRIDE_FUNC() contains.
This so it is easier to change command parameters in future UnrealIRCd versions,
should it be needed, then it may be possible without any source code changes
on the module developer side.

-       CallCommandOverride(ovr, client, recv_mtags, parc, parv);
+       CALL_NEXT_COMMAND_OVERRIDE();
2022-08-28 08:52:51 +02:00
Bram Matthys 24e3d39aea Update windows setup.h for last change.
[skip ci]
2022-08-20 14:06:54 +02:00
Bram Matthys 401ab6f5a1 Make strlncpy() and strlncat() use strlncat() instead of strlen().
This fixes a possible crash when using RPC with unix domain sockets,
reported by Valware.

This also adds a configure check so we use our own strlncat if the
C library does not have one, e.g. some non-Linux.
2022-08-20 13:50:19 +02:00
Bram Matthys 3ca99ddd52 Fix JSON-RPC response, should be in "result" and not in "response".
This breaks all the current script(s) that depend on it, of course,
but makes us correctly conform to the JSON-RPC specification.
Reported by Valware.
2022-08-17 16:56:33 +02:00
Bram Matthys 0d139c6e7c Make /INVITE bypass (nearly) all channel mode restrictions, as it used to be
and as it should be IMO. Both for invites by channel ops and for OperOverride.

This also fixes a bug where an IRCOp with OperOverride could not bypass +l
and other restrictions. Only +b and +i could be bypassed.

Module coders: HOOKTYPE_OPER_INVITE_BAN is now gone and HOOKTYPE_INVITE_BYPASS
is now new. The HOOKTYPE_INVITE_BYPASS is called when the user is joining
a channel to which they were invited to. If you return HOOK_DENY there then
the join is still blocked, otherwise it is allowed.
Using this hook would be sortof unusual since usually you would want users
to be able to bypass restrictions when they were invited by another user
or when they invited themselves using OperOverride.
The only example where we use it in UnrealIRCd is for +O channels so an
IRCOp cannot use OperOverride to join +O channels when they would otherwise
not be allowed to do so. Actually even that is a corner case that you could
debate about, but.. whatever.
2022-08-06 15:52:16 +02:00
Bram Matthys 55c52c3693 Log file (log::destination::file) now creates directory structure if needed.
You could already have something like:
log { source { !debug; all; } destination { file "ircd.%Y-%m-%d.log"; } }
But now you can also have:
log { source { !debug; all; } destination { file "%Y-%m-%d/ircd.log"; } }

This is especially useful if you output to multiple log files and then
want them grouped by date in a directory.
2022-08-05 13:02:19 +02:00
Bram Matthys 0e6fc07bd9 Update verify_link() to return rather than set the link block in a variable.
Hopefully this fixes a crash when linking (succesfully authenticated) servers,
something which only happens with GCC and only for some people in some cases.
2022-08-03 14:55:37 +02:00
Bram Matthys 7267d81278 RPC: add spamfilter.list and spamfilter.add calls. 2022-08-02 09:28:09 +02:00
Bram Matthys 574419a607 For JSON spamfilter output: add "ban_duration" and "ban_duration_string" 2022-08-02 09:21:36 +02:00
Bram Matthys eb9aff4c1c RPC: user.get: use JSON_RPC_ERROR_NOT_FOUND if user is not found. 2022-08-02 08:31:46 +02:00
Bram Matthys b079aa3498 RPC: Fix "id" not showing up in error responses.
rpc_error() and rpc_error_fmt() were called with a NULL request.
This also fixes logging of RPC errors to show the name of the RPC call.
2022-08-02 08:30:03 +02:00
Bram Matthys 6749ab4e0c RPC: server_ban: add handling of "expire_at".
Was previously always setting expiry to 5 seconds as a placeholder/TODO.
2022-08-02 08:22:28 +02:00
Bram Matthys 970cd60698 Use timestamp_iso8601() from server-time module (less duplicate code). 2022-08-02 08:13:49 +02:00
Bram Matthys 8fae1d9306 Show mode parameters when an IRCOp does MODE #channel, that is:
for a channel they are not in, if they have the channel:see:mode:remote
permission. This permission is included in all operclasses by default,
just like how this is already the case for channel:see:mode:remotebanlist
and other related permissions.

Reported by alice.
2022-07-03 09:07:45 +02:00
Bram Matthys bfcde12338 Fix internal function convert_regular_ban() to actually use the buffer
that it was provided. Duh!

(bug introduced 2 days ago in 7371498ffd)
2022-07-03 08:58:32 +02:00
Bram Matthys 514a1f6430 Clean up the listener code (code deduplication 3x -> 1x helper) and
also fix a small memory leak on rehash due to listener->webserver not
being freed.

Hopefully this doesn't break anything ;)
2022-07-02 08:27:00 +02:00
Bram Matthys 7371498ffd Make auto-expansion work for IPv6 bans as well: +b A:B:C:IP -> *!*@A:B:C:IP.
Reported by armyn in https://bugs.unrealircd.org/view.php?id=6147

This also adds a new function convert_regular_ban() which is now
used by both clean_ban_mask() and extban_conv_param_nuh().
2022-07-01 10:13:57 +02:00
Bram Matthys 8703d883dd Fix crash with ip change vs 'connect-flood' module. 2022-06-28 17:28:44 +02:00
Bram Matthys a3fb6bc07b Remove leftover of a copypaste in json_expand_tkl() causing a memory leak. 2022-06-27 10:51:15 +02:00
Bram Matthys c85f666fed Fix server_ban_parse_mask() returning with variables set to local storage.
More precise, for extended server bans, usermask/hostmask was set to
a local variable that was not defined as static char[]. This would lead
to corrupt data and/or crashes.

Bug introduced a few days ago with 3d9b7e4b70
2022-06-27 10:49:46 +02:00
Bram Matthys 1d701cb7d4 Remove old "TODO" item in conf file.
[skip ci]
2022-06-25 09:52:15 +02:00
Bram Matthys 29dc2e1e47 Fix REMOTE_CLIENT_JOIN not showing up for remote joins.
There was log code for "JOIN" but not for "SJOIN". Added now.
Reported by ComputerTech in https://bugs.unrealircd.org/view.php?id=6141
2022-06-25 09:17:07 +02:00
Bram Matthys c60fdad7eb RPC: add server_ban.add
This also moves some of the adding code (sending notice, broadcasting to
other servers, etc) to a function tkl_added().

We should probably do the same for deletion and not use the tkllayer
anymore for that?
2022-06-24 19:49:32 +02:00
Bram Matthys 2c1457ae6b RPC: add server_ban.del 2022-06-24 19:18:39 +02:00
Bram Matthys 3d9b7e4b70 RPC: remove tkl, split this up.. starting with server_ban.
Currently available:
* server_ban.list
* server_ban.get with params: name="*@1.2.3.4", type="kline"

This also adds server_ban_parse_mask() which is now used by both GLINE/etc
and the RPC API to parse the same way and convey the same error messages.
2022-06-24 18:53:10 +02:00
Bram Matthys 6596741638 Add rpc.modules.default.conf, loads all required modules for JSON-RPC. 2022-06-24 13:44:41 +02:00
Bram Matthys d3697b8684 RPC: add tkl.list 2022-06-24 13:33:20 +02:00
Bram Matthys 36946c6c51 Move JSON stuff from log.c to json.c now that it is more universal. 2022-06-24 13:21:27 +02:00
Bram Matthys 14215e1837 Fix two memory leaks in RPC:
* on REHASH rpc-user block name was not freed
* temporary construct was not freed (if params was missing)
2022-06-22 14:54:51 +02:00