1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-06 04:13:13 +02:00
Commit Graph

4255 Commits

Author SHA1 Message Date
Bram Matthys f0092fef4e Properly report failure of fork(). Reported by mbw (#5087). 2018-04-21 20:27:53 +02:00
Bram Matthys 74009b88ba Cleanup of init_sys(): remove old stuff for ancient OS's.
On *NIX now always redirect stdin, stdout and stderr to /dev/null for
safety and to prevent any ssh hanging as reported by mbw (#5087).
This code needs some testing on non-Linux though it should be all
POSIX, unless I missed something... :)
2018-04-21 20:12:23 +02:00
Bram Matthys 894491fa32 Change numeric 008 format which reports snomask.
This is for easier parsing of the "MODE yournick" response.
From:
:maintest.test.net 008 testuser :Server notice mask (+kcfjvGqSso)
To:
:maintest.test.net 008 testuser +kcfjvGqSso :Server notice mask
Reported by emerson in #5079.
2018-03-25 13:45:59 +02:00
Bram Matthys 15bf82d3c1 Fix segfault on set { hide-ban-reason; }; reported by Skizzerz (#5052) 2018-03-25 13:41:57 +02:00
Bram Matthys 9f18118f76 Fix './unrealircd reloadtls' not reloading certificates/keys if
listen::ssl-options, sni::ssl-options or link::outgoing::ssl-options
are used. In short: it only reloaded the ones from set::ssl until
now. Bug reported by Mr_Smoke (#5072)
2018-03-25 13:22:19 +02:00
Bram Matthys 41b7e1b735 'set::cloak-method ip' not working properly with DNS resolving.
Reported by The_Myth (#5064).
2018-03-07 10:22:24 +01:00
Bram Matthys 386d2aaf8b Disable timesynch by default.
Built-in time synchronization was added in 2006 when many computers did not
do time synchronization by default. Nowadays nearly all operating systems,
including many Linux distro's, Windows and OS X have time synchronization
enabled out-of-the box.
You can still re-enable the built-in timesynch feature via:
set { timesynch { enable yes; }; };
..but you should really use NTP instead.
2018-03-07 09:40:13 +01:00
Bram Matthys afad280a1d Make NTP packet (used by timesynch) more in-line with existing implementations. 2018-03-07 09:39:20 +01:00
Bram Matthys f4b864c7b8 Update list of time servers 2018-03-07 09:38:19 +01:00
Bram Matthys 2bbdf22d76 Set git version to 4.0.18-devel 2017-12-29 09:34:31 +01:00
Bram Matthys 12848b7dae dead_link() was not sending the error message to the user.
This affected the following errors:
* Max SendQ exceeded
* Excess Flood
* Flood from unknown connection
* SSL Handshake flood detected
* Rejected link without SSL/TLS
* Various errors from the websocket module
* Other errors generated by 3rd party modules
2017-12-29 09:15:11 +01:00
Bram Matthys 3aa13d2bc3 UnrealIRCd 4.0.17 2017-12-22 09:52:24 +01:00
Bram Matthys 5609b36850 Fix crash with OperOverride 2017-12-22 09:48:42 +01:00
Bram Matthys 0a9306ca5b CIDR support in set::antirandom::except-hosts
Or, to be more precise: converted code to use match_user() framework.
2017-12-17 10:06:39 +01:00
Bram Matthys 888b4f549c Be a bit more liberal, used for antirandom backward-compatible. 2017-12-17 10:06:09 +01:00
Bram Matthys 33ec662205 Remove a junk notice regarding SJOIN 2017-12-17 09:26:19 +01:00
Bram Matthys dc7cb17eff Fix linking problem if only using link::outgoing (and not link::incoming)
which is perfectly legal but caused a confusing error message about
a 'server name mismatch'.
2017-12-13 09:02:32 +01:00
Bram Matthys 079963cdc6 Set prio for HOOKTYPE_CHANNEL_DESTROY to -1mln so other hooks are
called later.
2017-12-06 17:53:26 +01:00
Bram Matthys 847d7d9f7d UnrealIRCd 4.0.17-rc1 2017-12-01 10:06:43 +01:00
Bram Matthys a07411217f Apparently individual PROTOCTL tokens were limited at 128 chars.
This posed a limitation with utf8 PROTOCTL NICKCHARS=... and
potentially PROTOCTL SERVERS=... if having more than 32 servers.
The limitation has now been removed (buffer length = 512)
2017-12-01 10:00:15 +01:00
Bram Matthys c603cc52b3 Reject link if we have any utf8 charset enabled and other side doesn't. 2017-12-01 09:56:08 +01:00
Bram Matthys 82659cfecc '/SPAMFILTER del <id>' was not working across servers.
This was actually a read-after-free bug (IRCOp-only)
2017-11-30 21:59:30 +01:00
Bram Matthys cc6d7757fa Fix hang when linking servers. Reported by k4be and acidvegas. 2017-11-27 19:36:30 +01:00
Bram Matthys 40293aaaa7 Move charsys definitions from .h to charsys.c & add some fwd decl 2017-11-27 12:32:14 +01:00
Bram Matthys abaacb6643 Permit 0xa0, if it appears inside UTF8 (via set::allowed-nickchars).
This is the "non breaking space" outside UTF8 and thus was previously
blacklisted. Keeping it blacklisted even if it appears in UTF8 is not
really an option as it means some UTF8 characters can never be used,
like the letter "nun" in Hebrew, and likely others.
2017-11-27 11:41:07 +01:00
Bram Matthys b5b01c5263 Modularize charsys (set::allowed-nickchars). It's still a mandatory
module but at least the code can be updated on the fly (or replaced
with some other secondary alternative module in the future).
src/charsys.c -> src/modules/charsys.c
This also means everyone needs to load the modules/charsys module.
2017-11-27 11:24:25 +01:00
Bram Matthys fb12e1beeb set::allowed-nickchars: added "hebrew-utf8". Supplied by Lion-O. 2017-11-27 10:30:32 +01:00
Bram Matthys e3b91f8b94 Added UTF8 support in set::allowed-nickchars
See https://www.unrealircd.org/docs/Nick_Character_Sets
Example: set { allowed-nickchars { latin-utf8; }; };
Important remarks:
* All your servers must be on UnrealIRCd 4.0.17 (or later)
* Most(?) services do not support this, so users using UTF8 nicknames
  won't be able to register at NickServ.
* In set::allowed-nickchars you must either choose an utf8 language
  or a non-utf8 character set. You cannot combine the two.
* You also cannot combine multiple scripts/alphabets, such as:
  latin, greek, cyrillic and hebrew. You must choose one.
* If you are already using set::allowed-nickchars on your network
  (eg: 'latin1') then be careful when migrating (to eg: 'latin-utf8'):
  * Your clients may still assume non-UTF8
  * If users registered nicks with accents or other special characters
    at NickServ then they may not be able to access their account
    after the migration to UTF8.

[!] Work in progress [!]
2017-11-25 21:12:41 +01:00
Bram Matthys 2a040b40a5 Improve "non-SSL client on SSL port" detection. 2017-11-25 16:01:56 +01:00
Bram Matthys 668e1241b0 Show additional information in SSL errors. Such as:
"SSL_accept(): Internal OpenSSL error or protocol error: tls_process_client_hello: unsupported protocol"
rather than just
"SSL_accept(): Internal OpenSSL error or protocol error"
Perhaps it can be shortened in a later version if this is acceptable.

This can help with tracing server linking errors, and/or
if using the junk snomask (MODE nick +s +j).
2017-11-25 15:48:28 +01:00
Bram Matthys 12df5a96ff Fix crash if using anope with old unreal32 mod w/SSL on non-localhost.
Sounds rare and you should really use a more recent version of anope
with the unreal4 protocol module. But, of course, we shouldn't crash.
2017-11-21 11:40:07 +01:00
Bram Matthys 87a42edd4b extbans/timedban automatic -e/-I fix (duh)
Should add a testcase for it, but the test would take 1 minute. Hmmm.
2017-11-20 18:50:02 +01:00
Bram Matthys 0cc5eddce2 extbans/timedban (~t): fix unset not working for +e/+I and reduce load
by spreading the unset event over multiple events (process roughly a
quarter each time). Not important for small networks but for big ones..
2017-11-20 16:48:48 +01:00
Bram Matthys e67d49112e Re-indent src/modules/m_mode.c (yuck...) 2017-11-20 13:48:18 +01:00
Bram Matthys aa093f3e2b Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
Naturally this is only available if the extbans/timedban module is
loaded and you should do so on all your servers on the same network
if you want to avoid confusion/desynchs.
2017-11-20 09:44:25 +01:00
Bram Matthys d63bc7e187 Module API: New function is_module_loaded("name"): return 1 / 0 2017-11-20 09:43:43 +01:00
Bram Matthys 92afdb56b5 Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
=> Note that you need to load the extbans/timedban module!
Some examples:
* A 5 minute ban on a host:
  +b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
  +b ~t:5:~q:*!*@host
* An invite exception for 1440m/24hrs
  +I ~t:1440:*!*@host
* A temporary exempt ban for a services account
  +e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
  +e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
2017-11-20 09:16:03 +01:00
Bram Matthys 8b0fd74c37 Bug: set::restrict-extendedbans did not have effect in stacked bans.
For example if you had:
set { restrict-extendedbans "a"; };
Then this would be rejected:
MODE #chan +b ~a:Account
However, you could still set:
MODE #chan +b ~q:~a:Account
Now this is properly rejected as well.
2017-11-19 20:43:15 +01:00
Bram Matthys eb205e04cc Make types future-proof. Fix ~m case for +M.
BypassMessageRestrictionType -> BypassChannelMessageRestrictionType
BYPASS_MSG_* -> BYPASS_CHANMSG_*
2017-11-19 17:12:28 +01:00
Bram Matthys 1b2b28e6c6 New ban exception ~m:type:mask - allows bypassing of message restrictions.
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
'filter' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
2017-11-19 16:40:39 +01:00
Bram Matthys dd6f67a266 Send errors regarding invalid bans (if available).
Fix case where conv_param() returns NULL (ban rejected)
causing is_ok() function not to be called so the user
never sees the error. We now try to call the is_ok after
conv_param returns NULL.
So not really an API change, more like a fix.
2017-11-18 19:15:44 +01:00
Bram Matthys b046b86a6e Way to customize the reject connection messages. 2017-11-17 11:13:11 +01:00
Bram Matthys e1af5ae6c5 Move AllowClient/check_client/check_init to m_nick module
(apparently one of the previous commits was partial)
2017-11-17 10:45:54 +01:00
Bram Matthys d13c7b20d0 Code cleanups in AllowClient and register_user 2017-11-17 10:37:45 +01:00
Bram Matthys 7b7f492b71 Move AllowClient/check_client/check_init to m_nick module 2017-11-17 10:10:28 +01:00
Bram Matthys 3c0db9c72f Move HOOKTYPE_SECURE_CONNECT hook and mode setting up a bit. 2017-11-13 17:02:05 +01:00
Bram Matthys 527fa9818c UnrealIRCd will no longer give +z to users on WEBIRC gateways, unless
the WEBIRC gateway gives us some assurance that the
client<->webirc gateway connection is also secure (eg: https).

This is the regular WEBIRC format:
WEBIRC password gateway hostname ip

This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure

Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.

https://github.com/ircv3/ircv3-ideas/issues/12
2017-11-13 16:47:22 +01:00
Bram Matthys 512c8fb000 Move the place where we set umode +z (secure). Needed for next. 2017-11-13 16:23:49 +01:00
Bram Matthys 31688fbae8 Update version to 4.0.17-devel to reflect development status. 2017-11-13 08:25:00 +01:00
Bram Matthys f86cf68548 UnrealIRCd 4.0.16 2017-11-12 07:59:11 +01:00