1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-04 19:43:12 +02:00
Commit Graph

3019 Commits

Author SHA1 Message Date
Val Lorentz f768b34050 chathistory: Advertize MSGREFTYPES ISUPPORT token (#251)
https://ircv3.net/specs/extensions/chathistory#isupport-tokens

The spec says they should be 'in order of decreasing preference'.
As currently the only backend is in-memory, this doesn't matter so I
picked `msgid` first (as it's less ambiguous); but this can be revisited
later if/when adding a backend which is more efficient with timestamps.
2023-05-28 05:57:36 +00:00
Bram Matthys 1a8653de19 Fix require module not working on one side, sending SMOD too early.
Has to do with running HOOKTYPE_SERVER_CONNECT too soon, before
introducing ourselves to the other side. This bug was created in
commit ddf639836b so exists in
all UnrealIRCd 6 versions (-beta1 and up).

The hook call is now moved further down.
2023-05-27 19:14:27 +02:00
Bram Matthys cf5808dc44 Error on listen::options::websocket::forward and tell to use proxy { } block.
[skip ci]
2023-05-26 14:36:20 +02:00
Bram Matthys a7cf24c45d Mention new https://www.unrealircd.org/docs/Proxy_block in release notes
and also for safety when redoing DNS and ident due to IP change,
we now:
ClearIdentLookupSent(client);
ClearIdentLookup(client);
ClearDNSLookup(client);
2023-05-26 14:26:26 +02:00
Bram Matthys fb54d4a2c6 Replace do_parse_forwarded_header() and set WEB(client)->forwarded
depending on what we get from the proxy, so it can be used later
in the websocket module for setting the user secure or not
(the latter similar to what k4be already did in the old code).
2023-05-26 13:31:01 +02:00
Bram Matthys d2f45fcaaf Move webserver proxy handling from the websocket to the webserver module.
This now requires a proxy { } block -- docs follow soon

This uses part of k4be's code still, to do the parsing,
so still only "Forwarded" and quick workaround for bug
when for=XXX is the final item.
2023-05-26 13:05:30 +02:00
Bram Matthys c537a72c10 Make proxy::mask and webirc::mask a generic mask item almost all
others in the config - https://www.unrealircd.org/docs/Mask_item
2023-05-26 12:39:11 +02:00
Bram Matthys 9aafdb7f9c Move handling of webirc { } block into new proxy { } block (allow the old name)
This is untested, as I'm first working on the rest...
2023-05-26 12:23:51 +02:00
Bram Matthys c2d465c5dd Move chunk of code from start_of_normal_client_handshake() to
a function called start_dns_and_ident_lookup(). This can then
be easily called from other places as well, like the code k4be
did in src/modules/websocket.c to handle proxies.

Side-effect is that ident lookups would now be done, if we are
configured to do so, for forwarded webirc stuff (not that I
think many people use that feature at the moment...).
2023-05-26 11:24:01 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys 3652940c2c Add set::anti-flood::<secgroup>::max-channels-per-user setting to override
the default set::max-channels-per-user (also called set::maxchannelsperuser).

This way you can give known-users a higher max-channels-per-user,
or even a special security group for trusted users (that you may
already have given a more lax flood setting and lower lag-penalty
etc. etc. so that fits in nicely)

And yeah this also:
* Makes it both in set and the anti-flood block accept both
  maxchannelsperuser and max-channels-per-user.
* Removes old MAXCHANNELS= in 005, as we already have CHANLIMIT=
This does not:
* Re-announce the 005 CHANLIMIT= if someone transitions from a security
  group with a different max-channels-per-user. We don't do that for
  IRCOps either, and I think no IRCd does that actually...
  To be honest i wonder if sending the limit in 005 is useful at all,
  do client really track this and limit their GUI based on it?? Doubt it!
2023-05-19 21:47:23 +02:00
Bram Matthys f2015ad865 Fix crash when removing a listen { } block with websocket or rpc
(or changing the port number). Reported by Nini.

Rather complex case: when the listen block is removed, obviously
the config hooks are not called for the (now non-existing) listen
block, and thus the websocket->request_handler and such are not
set to the new address of the websocket handler.
We now use a slightly silly workaround / new hook to fix this
corner case. Ideally there would be an extra layer in-between
like a handler lookup by name, or something like that.
(Or make the websocket module PERM but we don't want that!)
2023-05-19 19:29:46 +02:00
Bram Matthys 9b9434e442 Delay throttling check until IP is resolved or failed to resolve.
This so you can use throttling exceptions (eg in ELINE) on hostnames.

That is, the above is during normal circumstances. Similar to previous
commit we will turn this feature of during high connection rates.
That is a TODO item.
2023-05-18 11:51:22 +02:00
Bram Matthys 89075e532a Send throttling and some other error messages to SSL/TLS users (encrypted).
This is the start of "be more friendly to TLS users with disconnect
error messages" from https://bugs.unrealircd.org/view.php?id=5532

As that bug explains:
Consider doing the SSL/TLS handshake even for throttling errors and such
when the (reject) connection rate is below a certain amount per second.  If
it is higher than a certain rate, then fall back to the original behavior to
reject the user instantly without handshake or looking at any data.
Rationale: the current/original behavior is there so the ircd can handle
floods, both in terms of traffic and in terms of CPU usage (the SSL/TLS
handshake is quite costly after all).  The downside of the current behavior
is that TLS users don't see the error message, usually.  This feature
request tries to find a middle ground.

Still a TODO item:
* We don't detect high rates yet, so we only do this new behavior atm
  and not yet the old behavior during high connection rates.
* Verify that error messages/behavior hasn't changed (too) much,
  like the throttling and the banning disconnect messages.
2023-05-18 11:17:37 +02:00
Bram Matthys 40bdef6cd9 Make exceeds_maxperip() use a hash table (performance improvement) 2023-05-17 19:44:10 +02:00
Bram Matthys b19b70e876 Speed up invisibility checks for delayjoin mode (and when not used too).
This adds user_can_see_member_fast() which is used in at least 3 places
now, more places may follow later. It has extra paramters for membership
and membership modes that is very likely already looked up by the caller
(or if not, it is worth doing so by the caller).

This is work in progress so if everything crashes or people mysteriously
seem not present in channels (or the other way around) i would not be
surprised :D.
2023-05-15 16:58:51 +02:00
Bram Matthys 0874e376bc Add LineCache which is used when sending a message to a channel.
When sending to channel members this will cache full IRC protocol
lines, including message tags and \r\n, for similar clients.
This avoid the need for many mtags_to_string() calls and also
entire parts of sendbuf_to_one() can be skipped as well.
The "Similar clients" cache entries are defined as clients that:
1) Are of the same type: normal local client, ircop local client
   or remote client.
2) Have the same CAPs set, that is: we only look at CAPs that actually
   have anything to do with message tags ('clicaps_affecting_mtag')
3) Optionally there can be an explicit line_opts. It is not used yet
   but could be used when there are different type of lines sent
   depending on other criteria, such as chanop status or something
   else that doesn't fit in #1 and #2.
2023-05-15 15:27:52 +02:00
Bram Matthys 5b071d7bfd Change return value of add_listmode() / add_listmode_ex(). This fixes
a bug when two servers merge, you could see +beI items being set that
already exist, if the timestamp or setter differed between servers.
Now they are updated but no +beI is shown.
https://bugs.unrealircd.org/view.php?id=5681
2023-05-08 18:52:22 +02:00
Bram Matthys 8f3db7ba1b Fix crash on FreeBSD/NetBSD when using JSON-RPC interface. 2023-05-07 09:28:48 +02:00
Bram Matthys 8cabbcb59b DNS: add negative caching of unresolved hosts (60 seconds)
Mostly to avoid repeated lookups for like clients that reconnect rapidly.
2023-05-06 10:34:26 +02:00
Bram Matthys 63c7fd604d Fourth attempt at fixing 3+ JSON-RPC connections causing the error
"Too many unknown connections from your IP".

Need to check 'c' in the loop, not 'client', duh!

If you have multiple tabs of the webpanel open and the panel is
not hosted on the same machine as the ircd (does not connect over
127.0.0.1) then you will experience this bug. Pages or content
will fail to load or will load very slowly.
2023-05-06 09:17:46 +02:00
Bram Matthys e66824b8a6 Fix some typo or massreplace error in Failed OPER attempt message.
[skip ci]
2023-05-06 09:02:38 +02:00
Bram Matthys 0444a192bb Don't show REMOTE_CLIENT_JOIN for users on a server that is syncing.
Was an overshight. We don't show REMOTE_CLIENT_CONNECT either in such a case.
2023-05-05 17:00:02 +02:00
Bram Matthys 4ec2815d0c JSON-RPC: log.list now has a sources argument which allows filtering.
Uses the same filter as log.subscribe.
2023-05-05 15:08:02 +02:00
Bram Matthys 4f632125fb JSON-RPC: add log.list call to fetch old(er) log entries from memory. 2023-05-05 12:18:13 +02:00
Bram Matthys af6d93f584 Fix small memory leak when using JSON-RPC timers. 2023-04-27 09:14:58 +02:00
Bram Matthys 215869b421 Fix memory leak in whowasdb
Caused by fix a01862bf05
which no longer assigns but duplicates string values.
2023-04-26 18:12:53 +02:00
Bram Matthys 9e80487270 JSON-RPC: server_ban.del: more fixes for previous two commits (done) 2023-04-25 15:41:40 +02:00
Bram Matthys 30ed59617e Additional fix for previous: deletion didn't work either, let's move this
fiddling up one layer. Though i should really check if .get works.
2023-04-25 15:28:38 +02:00
Bram Matthys 5ec2701e9d JSON-RPC: server_ban.add: fix softbans not working.
Actually two issues:
* passed the wrong 'type' so it rejected all softbans.
* and fix bans being added with %% instead of %.
2023-04-25 15:23:06 +02:00
Bram Matthys 8ddc9bd69c More chgs to last commits: use listener->options & LISTENER_NO_CHECK_CONNECT_FLOOD
as that is the same method we use in connect-flood.

I don't think the client->local && client->local->listener checks
are needed, but since we are post last RC (I hope): better safe
than sorry...
2023-04-17 09:46:58 +02:00
Bram Matthys a01862bf05 whowasdb: fix double free issues 2023-04-17 08:34:30 +02:00
Bram Matthys 172554abd4 Make previous commit actually work 2023-04-17 08:19:22 +02:00
Bram Matthys 76b87ed880 Don't count RPC for set::max-unknown-connections-per-ip.
This fixes you no longer being able to get on to the IRC network if you
also run the webpanel from your same source IP (and other similarly
weird errors, of course)
2023-04-17 08:11:10 +02:00
Bram Matthys 50e5cb7cbe Bleh, fix a warning... 2023-04-15 14:52:06 +02:00
Bram Matthys f1e70fa06c whowasdb: work around -Waddress warning for W_SAFE_PROPERTY()
[skip ci]
2023-04-15 09:44:38 +02:00
Bram Matthys 0d2ca78ed8 JSON-RPC: whowas.get: name -> nick rename
[skip ci]
2023-04-15 09:28:09 +02:00
Bram Matthys 7ad160f57a JSON-RPC: WHOWAS fetching is now whowas.get, also expose not only
logon_time/logoff_time but also connected_since.

This also fixes the Makefile for the Windows build (i hope)
2023-04-15 09:24:57 +02:00
Bram Matthys 2184f38e7e Expose more WHOWAS fields in JSON-RPC and change add_history() to take a reason
for the add, like: nick-change, quit, server terminating. Add logon time.

I also think i will move from user.get_whowas to a whowas.XXX since the
returned object is not a user object and getting more different each commit :D.
2023-04-15 09:00:06 +02:00
Bram Matthys e7e2a5a275 whowasdb: write currently online users as well, as if they already
left. This so, if we die, there is still a history of them.
2023-04-15 08:17:54 +02:00
Bram Matthys f0cd1c59c5 JSON-RPC: initial work on user.get_whowas (work in progress) 2023-04-15 07:59:13 +02:00
Bram Matthys 45201fffe7 New module 'whowasdb': persistent WHOWAS history (preserved between reboots) 2023-04-14 19:29:45 +02:00
Bram Matthys 8aa004271f Ban exempt 127.0.0.1 instead of whole 127.*
* We now only exempt `127.0.0.1` and `::1` by default (hardcoded in the source).
  Previously we exempted whole `127.*` but that gets in the way if you want
  to allow Tor with a
  [require authentication](https://www.unrealircd.org/docs/Require_authentication_block)
  block or soft-ban. Now you can just tell Tor to bind to `127.0.0.2`
  so its not affected by the default exemption.

Reported on IRC and by PeGaSuS in
https://bugs.unrealircd.org/view.php?id=6258
2023-04-14 07:34:53 +02:00
Bram Matthys 66b8259234 JSON-RPC: don't do filtering on low ASCII like we do for JSON logging.
This way things like the TOPIC will keep their color codes if they have it.

Reported by armyn in https://bugs.unrealircd.org/view.php?id=6259

(And yeah i used a global to achieve this, otherwise it has too much
 of a cascading effect in XYZ functions)
2023-04-13 18:53:49 +02:00
Bram Matthys dec834c193 Fix for previous fix (unmasked packets) 2023-04-12 13:17:13 +02:00
Bram Matthys 68171b5582 Websocket: apparently PONG frames are sometimes unmasked, even though
RFC6455 clearly says:
      Defines whether the "Payload data" is masked.  If set to 1, a
      masking key is present in masking-key, and this is used to unmask
      the "Payload data" as per Section 5.3.  All frames sent from
      client to server have this bit set to 1.

But ok, we'll make an exception for PONG.

This caused the websocket connection to be dropped after a while from
the unrealircd-rpc-php library that uses textalk/websocket.
Probably a bug in textalk/websocket or one of its dependencies,
that should be reported...
2023-04-12 12:31:25 +02:00
Bram Matthys 57c90496e8 JSON-RPC: add rpc.add_timer and rpc.del_timer so you can run a command
every <xyz> msec (minimum: 250).
Can be useful to schedule an rpc.stats call every 1000msec for instance.
Of course timers are destroyed if the client exits.

https://www.unrealircd.org/docs/JSON-RPC:Rpc#rpc.add_timer and
https://www.unrealircd.org/docs/JSON-RPC:Rpc#rpc.del_timer
2023-04-12 10:22:33 +02:00
Bram Matthys 9f569078ed Fix bug where a REHASH would cause us to loose track of remote RPC's (RRPC).
Like REHASHing while a module.list is in progress.

This due to missing SavePersistentPointer() in MOD_UNLOAD
2023-04-12 09:08:18 +02:00
Bram Matthys cd3b3ec15d JSON-RPC: Change to previous, don't name it "top_countries" but "countries"
and sort descending so the country with the most users comes first.
(Using silly negative priority tricks, but you won't see that :D)
2023-04-12 08:25:32 +02:00
Bram Matthys 431d2b54c4 JSON-RPC: stats.get now returns "top_countries" (top geo country codes).
It also has an object_detail_level like some other calls.
The "top_countries" are included from object_detail_level 1 and above.
The default object_detail_level is actually 1, so it is included by
default. You can use object_detail_level if you don't want it.

Idea for this was from Valware.

https://www.unrealircd.org/docs/JSON-RPC:Stats#stats.get
will be updated in a minute...
2023-04-12 08:04:20 +02:00