1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 22:33:12 +02:00
Commit Graph

7902 Commits

Author SHA1 Message Date
Bram Matthys f808e56ffb Fix counting clients twice. Reported by Le_Coyote. 2020-11-22 16:03:42 +01:00
Bram Matthys bde91bcc5c Finish Hook API doxygen docs, ~100% done now. 2020-11-22 12:26:30 +01:00
Bram Matthys 6dcecd7866 Update doxygen index
[skip ci]
2020-11-21 19:13:31 +01:00
Bram Matthys fcb1767500 Update module API doxygen docs: the hook docs are now 80% done. 2020-11-21 19:08:17 +01:00
Bram Matthys 8372224c01 Add vertical spacing to function prototypes
[skip ci]
2020-11-21 18:10:29 +01:00
Bram Matthys f8343c2e2a Move s_die definition to h.h. 2020-11-18 07:47:26 +01:00
Bram Matthys 8d7e25e50e Make get_file_time() and get_file_size() available via h.h.
And move those 2 functions plus file_exists() to misc.c.
2020-11-16 18:21:27 +01:00
Bram Matthys 20b2975a2c Hmm.. genlinkblock is not very useful without this. 2020-11-16 18:14:52 +01:00
Bram Matthys ecabef1654 Fix whitespace in ./Config
Indent properly and use tabs, not spaces.
Hopefully not breaking anything in the process....
2020-11-13 19:29:16 +01:00
Bram Matthys e48cf87d52 Some more explanation on certificate generation if you are first installing.
Users who already have an SSL certificate won't be bothered by this,
just like before.
2020-11-13 19:17:54 +01:00
Bram Matthys 8720c846a1 And some more hook documentation... 2020-11-08 18:48:11 +01:00
Bram Matthys 8f7e40a6dc Compile fix for gcc with previous commits. 2020-11-08 16:42:39 +01:00
Bram Matthys c369551721 Commit first 40% of Hook API Documentation in doxygen.
The remaining 60% consists of placeholders at the moment.

Note: if you are running git then don't try to live-reload these
changes, ircd must restart.
2020-11-08 16:16:59 +01:00
Bram Matthys 0ae05dcd60 Remove unused code in secureonly. This isn't used since the +z/+Z split. 2020-11-08 10:02:27 +01:00
Bram Matthys 132b44219d Create SECURITY.md 2020-11-01 14:57:21 +01:00
k4bek4be da6ccb639d Fix a warning typo (#126)
Deprecated warning mentions set::oficial-channels, which should be set::official-channels
2020-10-22 19:37:41 +02:00
James Park-Watt 45fd0625e5 Fixed a typo in Config script (#127)
Config script referenced conf/tls/server.crt.pem in an informational message.
It should be conf/tls/server.cert.pem
2020-10-22 19:36:53 +02:00
Robert Scheck 831737f13e Exit with a successful return code upon receipt of SIGTERM (#125) 2020-10-20 07:26:57 +02:00
Robert Scheck ebe0a43828 Add $(DESTDIR) support for 'make install' (#124)
When packaging UnrealIRCd as RPM, 'make install' needs to install
the files into $RPM_BUILD_ROOT rather into '/'. Just changing the
paths via ./Config or ./configure does not fit, because otherwise
UnrealIRCd is finally looking for $RPM_BUILD_ROOT/etc/unrealircd/
rather /etc/unrealircd/. It's fully backwards-compatible, because
normally $DESTDIR is not being passed.
2020-10-19 17:12:46 +02:00
Bram Matthys 75efe02040 And add config check for X509_get0_notAfter().
For our Ubuntu 16 friends.
2020-10-11 15:56:06 +02:00
Bram Matthys b3510c5da8 Fix for previous commit with OpenSSL <1.1.0 (Debian 8, Ubuntu 16, ..)
Thank you BuildBot.

This means on older OpenSSL's we are not going to have certificate
expiry checks. Those OpenSSL versions were deprecated by the OpenSSL
team itself, so yeah then you will miss out a few things.
2020-10-11 15:39:27 +02:00
Bram Matthys 6778b3e26d Warn when SSL/TLS certificate is expired or expires soon (<7d).
Since an expired certificate usually means that users cannot connect
we will actively warn all IRCOps about this situation twice a day.
2020-10-11 15:00:09 +02:00
Bram Matthys 8619d1e763 Add optional allow::options::reject-on-auth-failure, as requested
by armyn in https://bugs.unrealircd.org/view.php?id=5769.

The default behavior in 5.x is to continue matching:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*; password "iwantmore"; class clients; maxperip 10; }
This so users who provide a password get additional rights,
such as a higher maxperip or a different class, etc.
If the user connects without a password then we simply continue
to the next block and use the general block with only 2 maxperip.

However, some people want to use passwords to keep other users out.
That is entirely understandable as it is an 'allow block' after all.
For example:
allow { ip *@*; class clients; maxperip 2; }
allow { ip *@*.nl; password "tehdutch"; class clients; maxperip 2; options { reject-on-auth-failure; } }
In this case anyone without the correct password will be rejected access.
2020-10-11 09:24:11 +02:00
Bram Matthys 00fa88daee Remove special code for '/who nick' and replace it with generic code
if someone searches explicitly on a nick name and that user exists.

This fixes a bug where doing '/who name a' would return only 1 result
if 'name' exists as a nick, even though multiple people with the
same account 'name' are online and visible to the user, as
reported in https://bugs.unrealircd.org/view.php?id=5761 by Koragg.
2020-10-11 08:37:22 +02:00
Bram Matthys 9c85cd5bc6 *** UnrealIRCd 5.0.7 release *** 2020-10-10 15:04:18 +02:00
Stanley 893dd84aaf Added help.nl.conf (Dutch), contribution from Stanley (#121)
Co-authored-by: DjSxX <46792280+DjSxX@users.noreply.github.com>
2020-09-30 17:49:01 +02:00
Bram Matthys f2d49eed04 Reputation used the score of the WEBIRC IP rather than the end-user IP.
This resulted in high reputation scores for all WEBIRC users.
Reported by DeviL.
2020-09-28 17:41:37 +02:00
Bram Matthys 5286edc0ef Make ./Config import settings from 5.0.6. 2020-09-28 10:23:56 +02:00
Bram Matthys 2d90245626 ** UnrealIRCd 5.0.7-rc1 ** 2020-09-28 10:04:06 +02:00
Bram Matthys 35ee1eb28a Some more small release note changes
[skip ci]
2020-09-28 09:13:48 +02:00
Bram Matthys f424a0560a Update release notes 2020-09-28 09:08:17 +02:00
Bram Matthys e62bad9924 Make it "End of /OPERMOTD command" at end of OPERMOTD.
Reported by bitmaster in https://bugs.unrealircd.org/view.php?id=3895
2020-09-27 20:21:55 +02:00
Bram Matthys b4b7908612 Fix '/STATS b' and '/STATS badword' not working.
Reported by CoreDuo in https://bugs.unrealircd.org/view.php?id=4722
2020-09-27 18:20:34 +02:00
Bram Matthys b01cbff3e1 Add message tags (such as server-time) to PONG.
Requested by GaMbiTo- and KiwiIRC authors in
https://bugs.unrealircd.org/view.php?id=5758
2020-09-27 16:57:28 +02:00
Bram Matthys 42da15bb6e Minor release note updates
[skip ci]
2020-09-27 12:27:47 +02:00
Bram Matthys 61e8c8d851 Fix labeled-response causing two lines in one websocket frame.
This goes against our guarantee of 1 IRC line = 1 websocket frame.
Reported by k4be in https://bugs.unrealircd.org/view.php?id=5708
2020-09-27 12:17:02 +02:00
Bram Matthys 9002c92062 Set version to 5.0.7-git and start on some early release notes. 2020-09-26 14:28:41 +02:00
Bram Matthys 57d0efbc58 Recode textbans so voiced users cannot bypass them.
Reported by Adanaran in https://bugs.unrealircd.org/view.php?id=5698

Although voiced users normally bypass bans, it is not really logical
for them to bypass filtering of banned words, since that is normally
a policy decission by channel management. So +v will not bypass it.

1) The problem is that this is enforced at the ban layer API.  The extban
routines, textban in this case, are not called when the user is voiced,
because voiced users bypass bans.  If we would change that in the ban API
then voiced users can also no longer talk through (=bypass) regular +b or
other extended +b such as ~a (account) etc.

2) I figured we would then make +T not use the ban API but the
can_send_to_channel hook instead.  However, then you have to do manual
looping through bans and such, it's rather ugly from a coding point of view,
and you risk "missing" things like ~T stacked with ~t.

3) Then I went back to look if the ban API could be changed by having the
textban module set a flag and then the ban api would call that specific
module still for voiced users.  While starting on that, unfortunately things
(variables, arguments) cascaded quickly into having to change all kinds of
underlying functions that would break the module API.

4) I then went back to option 2 and implemented it, trying to deal
   with all its caveats.
2020-09-26 13:43:46 +02:00
Bram Matthys 5320d54e8e Disallow ~T with any action extban, eg ~n:~T:censor:xyz.
We still allow timed bans though, eg ~t:1:~T:block:*whatever*
2020-09-26 12:49:58 +02:00
Bram Matthys 3701ce9a43 Document existing extended ban options. 2020-09-26 12:49:44 +02:00
Bram Matthys 02f0d059c5 hideserver::disable-links did did not disable /LINKS.
Reported by Apocalypse32 in https://bugs.unrealircd.org/view.php?id=5753
Probably since 5.0.0, due to my mass command api changes.
2020-09-26 12:16:17 +02:00
Bram Matthys a02f94f867 Clean up WHOX a bit and fix WHO hiding yourself if not in any channels,
reported by Koragg in https://bugs.unrealircd.org/view.php?id=5757.

This changes the following in the code of who_global():
1) We initialize all the 'marked' users to zero at the beginning,
   and remove the previously unmarking in the bottom loop that
   shouldn't have anything to do with it. Now there's "no way"
   to screw up initialization of marked users.
2) Check for marked users in the bottom loop.
3) Thanks to #1 and #2 we can now easily add simple logic like
   not skipping when client==acptr.
4) Similarly, we can remove checks for +i/-i in who_common_channel(),
   and as a bonus we will list common channel results altogether
   in the WHO result, rather than first +i on common and then at the
   very end the remaining -i (which may also be in common channels).

All in all, the code is now more like how I would write it, rather
than the original. It's now harder to screw things up if you change
some visibility or searching logic here or there.
2020-09-26 08:43:51 +02:00
Bram Matthys 578f8f248c Warn user when undocumented set::ssl::dh / set::tls::dh is present.
That option specified a Diffie Hellman parameter file. Since
UnrealIRCd 5.0.0 we no longer process this option.
This option has never been documented in the wiki docs.
We prefer and use ECDHE/EECDH with SSL_OP_SINGLE_ECDH_USE since 2015
to provide Forward Secrecy in SSL/TLS. And indeed, by now in 2020,
any properly maintained software uses it and old DH(E) usage has
fallen to less than 1%.

What this patch does is remove the unused code (since Dec 2019) and
show a warning if you have a ::dh config directive, so that at least
you are informed that it is unused/ignored. Since it was undocumented
it probably hardly affects anyone, but still, it is proper to inform.
2020-09-12 09:38:17 +02:00
Bram Matthys fea2522067 Fix memory leak on './unrealircd reloadtls' / '/REHASH -tls'
Reported by NoXPhasma in https://bugs.unrealircd.org/view.php?id=5745
2020-08-29 15:05:41 +02:00
Bram Matthys 8bed1cb42e Channel mode +l is now limited between 1 and 1 billion, so positive
numbers only. This makes things more logical for end-users.
This fixes https://bugs.unrealircd.org/view.php?id=5746,
bug reported by KindOne.
The same issue was also fixed by previous commit, but still:
it is better to limit things to a narrower range, this so you
don't get different behavior depending on the CPU a server uses.
2020-08-29 14:40:09 +02:00
Bram Matthys 10ecbffcaa Fix irc*printf handling of certain negative numbers 2020-08-29 14:13:58 +02:00
Moses f5132176b7 Baltics nickchars support (#119)
This adds support for latvian-utf8, estonian-utf8 and lithuanian-utf8
in set::allowed-nickchars. Patch from moseslecce.

Co-authored-by: David Lecce <3292014+davidlecce@users.noreply.github.com>
2020-08-26 07:17:07 +02:00
Bram Matthys db79823578 If no set::modes-on-connect is present we now default to +ixw.
This should be rare, since modes-on-connect is in the example
configuration file with +ixw since 2003, but still... just in
case someone completely misses the modes-on-connect configuration
item, then make sure that we have a safe and good default.
2020-07-25 19:22:50 +02:00
Bram Matthys 13fff82a56 Update version in Windows manifest 2020-07-15 19:55:19 +02:00
Bram Matthys 145ffb6d37 Fix "HISTORY" before 5.0.6 release. 2020-07-15 14:05:27 +02:00