1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-06 12:13:13 +02:00
Commit Graph

118 Commits

Author SHA1 Message Date
Bram Matthys b785d69309 Fixes after clang-format, as planned. These are whitespace only.
These were not a surprise, but deliberate: we let the previous
clang-format commit be 100% clang-format job (so reproducable)
and after that we planend and did this commit, because we chose
to leave some stuff alone and do it manually.

This commit will (also) be added to .git-blame-ignore-revs
2026-07-05 12:28:37 +02:00
Bram Matthys 548d66d26c Reformat all source code, using 'make format' (clang-format 21.1.8)
This reformats entire UnrealIRCd source code, according to
.clang-format which was previously commited.

This is reproducable using clang-format version 21.1.8.

These are only visual changes, they have no effect on code.

This commit will be added to .git-blame-ignore-revs so 'git blame'
and the similar blame view on GitHub will ignore this commit.
2026-07-05 12:11:51 +02:00
Bram Matthys 391a94cdd4 clang-format preparations: trailing comma in structs/lists and such:
* Add a trailing comma after the last element. Without it clang-format
  glues the closing brace onto the last element, like "NULL};".
* Write '= {' on the declaration line instead of a lone '{' on the next
  line. clang-format keeps such a lone '{' as-is but gives it and the
  whole body an extra continuation indent, which looks weird.
2026-07-05 10:01:22 +02:00
Bram Matthys 4384f1127b Crule: new server_flood_count() for nick, away, join etc floods.
Suggested by westid in https://bugs.unrealircd.org/view.php?id=6477

* New [crule function](https://www.unrealircd.org/docs/Crule) that return
  the number of times a flood was blocked for that user. For example,
  `server_flood_count('away')` returns the number of time away-flood
  was exceeded. Aslo available: `nick`, `join`, `invite`, `knock`,
  `vhost` and `conversations`. Plus, there is `all` for a total of all.
  * This can be used in a security-group::rule or spamfilter::rule.
    Eg: `spamfilter { rule "server_flood_count('nick')>4"; action gline; }`

This also - internally - adds a mechanism to run spamfilter rule-only-
filters after the command handler, whenever a tag value or other thing
changed. That's part of this commit.
2026-06-12 17:43:51 +02:00
Bram Matthys 8c0590cda2 Add multiline support in history. 2026-03-30 19:09:20 +02:00
Bram Matthys b0dba4bede Add draft/multiline support with a default max-lines of 15 for known-users
and 7 for unknown-users (with max-bytes 5250 and 1500 respectively). This
allows pasting a short snippet of code, config file, text from a site, etc.

With multiline you have the guarantee that:
1) You will see the entire text with no delay between lines
2) You won't see another persons chat half-way through such a paste
3) For multiline supporting clients it is now clear that all the text
   belongs to each other, which can make selecting/copying it easier.
This basically means short snippets/pastes like that can be completely on
IRC again. No need for a pastebin for it. Though, you may still need such
a service if you are pasting more lines.

Regarding the implementation in UnrealIRCd:
* Clients without multiline get individual fallback lines (concat lines
  merged, blank lines skipped, as per spec). And we know that clients like
  weechat - which does support multiline - also shows all lines and not
  only a few plus snippet style "[.."]. That is another reason for only
  allowing 15 lines by default and not something much more. Otherwise all
  those clients would get a big wall of text, which just sucks.
* Spamfilter (also) runs on the full text of all lines together, so
  splitting a phrase across lines does not evade spamfilter.
* Fakelag: a client can send the BATCH start+PRIVMSG (or NOTICE)+BATCH end
  at full speed. We impose no fake lag there. Also, the multiline default
  max-lines and max-bytes are lower than the example class::recvq of 8000,
  so should be perfectly safe. If the entire BATCH is accepted then we
  will impose fake-lag afterwards, with a cap of 15 seconds maximum.
  If the BATCH is rejected, we impose half the fakelag plus 2sec.
* If the time between BATCH start and BATCH end is more than 15 seconds
  then the BATCH is rejected (set::multiline::batch-timeout).
* The BATCH is atomic (either you see it all, or you see none of it):
  * When the client sends it to server, it is buffered first.
  * Only after the batch close the server indicates if it is accepted
    or rejected. This has various reasons, two of them are: 1) The client
    is going to send everything in one go anyway and not wait for a
    response between each PRIVMSG, and 2) we can't do many checks in the
    buffering stage and skip those after, that would cause a TOCTOU
    problem (eg. a banned user still being able to speak).
  * If any line gets rejected due to spamfilter or other case
    (eg +c, +b ~text with block, etc etc), the entire batch is rejected
  * Locally we deliver all or nothing (as said)
  * S2S we buffer the batch as well, so if a server splits after having
    received 10 lines out of 15, then clients will not see anything.
* We send max-lines and max-bytes, this is the hard upper limit.
* A multiline can still be limited more tight if:
  * +f with 't' or 'm' restricts to fewer lines,
    eg +f [5t]:15, which means max 5 lines per 15 seconds,
    means the max accepted multiline is 5 for that channel.
  * +F works the same, except that default +F normal does not
    have a 't' at the moment and 'm' is very high (50) so
    practically not limited by default.
  * There will be a future +f flood subtype for some more control

TODO: we will send CAP NEW on unknown-users <-> known-users to
      indicate the new max-lines value if you transition security groups

TODO: chat history does not yet include multiline batches.
2026-03-30 13:16:48 +02:00
Bram Matthys 7d45e69fd2 Use C99 flexible array members, like name[], instead of name[1]
in NameList, Tag, Watch and HistoryLogLine.
This does mean the allocation routines need a +1 everywhere, but
I think I got all of them. I also don't see them being used directly
in such a way in 3rd party modules (which is logical, as they
should use the API and not allocate such structs directly).

Also, SpamExcept has been removed as it was not used anywhere.
2026-02-22 16:11:41 +01:00
Bram Matthys 7374fcc83f Add client->known_user_cached as a quick way to determine if the
user is in known-users or in unknown-users. Not used anywhere yet.

Every 2 minutes we rescore all users. Or more specifically: every
5 seconds we rescore 1/24th of all users. That's the slow update path.

On certain events that cause a likely/possible transition, we update
the cache immediately. At the moment that is on IP change and account
login/logout. More will be added later.
2026-01-10 09:57:18 +01:00
Bram Matthys 6940272290 Prevent early UID cut-off. This doesn't happen with current unrealircd traffic
because we send 9 character uids. However, IDLEN is defined as 12 so it is
natural for other people (services and other pseudo server writers) to assume
you could send 12, which failed until now, as it only accepted 11 characters.

Just to be clear:
* We generate and send 9 character uids in UnrealIRCd ourselves, this
  works perfectly fine
* In 114d54ac61 in 2021 (UnrealIRCd 5.2.1) i
  enlarged the buffers to allow INCOMING ids of up to 12 characters.
  The reason for that is that I want the option to allow slightly larger
  uids and could start doing that several years later without causing
  desynchs and other problems.
* That didn't work properly, it only allowed up to 11 chars at this point.
* From now on it allows 12 chars. I do NOT recommend sending that though, if
  you want to send bigger ids from your services/pseudo server then use
  11, or... actually just use 9 like in normal unrealircd traffic at the
  moment.

Reported on IRC by craftxbox
2024-11-24 09:56:06 +01:00
Bram Matthys fdfe5ba482 Remove raw_client_ip() since we now have client->rawip. 2024-09-14 19:19:21 +02:00
Bram Matthys 0844f7243f Add ASN as extended server ban, mask item, secgroup. Eg: GLINE ~asn:64496 0 Bye!
This also automatically adds it as a security group and mask item:

ban user {
        mask { asn 64496; }
        reason "Testing ASN ban";
}

And yeah, it is a normal extban too (in +b and +I). Users usually
don't know the AS Number of other users, though, unless you change
the default configuration (at the cost of privacy).

Updated release notes a bit... more will follow.
2024-07-12 11:12:54 +02:00
Bram Matthys b234e13358 Don't bump reputation scores anymore for users who are in no channels or
when they are only in channel(s) with very low member counts.

This because some typical bot/drone behavior is not to join any channels.
This kinda forces them to expose themselves a bit more (and if they don't,
they don't get more reputation).

The downside is for the unusual case where a legit chatter would be on
the network but not joining any channels, but that is rare. In any case,
this setting can be adjusted if that is typical or more normal behavior
on your network :D.

* The [reputation score](https://www.unrealircd.org/docs/Reputation_score)
  of connected users (actually IP's) is increased every 5 minutes. We still
  do this, but only for users who are at least in one channel that has 3
  or more members. This setting is tweakable via
  [set::reputation::score-bump-timer-minimum-channel-members](https://www.unrealircd.org/docs/Set_block#set::reputation).
  Setting this to 0 means to bump scores also for people who are in no
  channels at all, which was the behavior in previous UnrealIRCd versions.
2023-09-17 11:47:34 +02:00
Bram Matthys 13bb09aa4b crule: add inchannel('#xyz'), and inchannel('@#needopshere') works too 2023-07-16 11:22:02 +02:00
Bram Matthys d998846c64 Support setting tags via spamfilter { } blocks 2023-07-06 18:25:43 +02:00
Bram Matthys 52472a9a88 Add support for set unknown-users { } and the like:
It is now possible to override some set settings per-security group by
having a set block with a name, like `set unknown-users { }`
* You could use this to set more limitations for unknown-users:
  ```
  set unknown-users {
          max-channels-per-user 5;
          static-quit "Quit";
          static-part yes;
  }
  ```
* Or to set higher values (higher than the normal set block)
  for trusted users:
  ```
  security-group trusted-bots {
          account { BotOne; BotTwo; }
  }
  set trusted-bots {
          max-channels-per-user 25;
  }
  ```
* Currently the following settings can be used in a set xxx { } block:
  set::auto-join, set::modes-on-connect, set::restrict-usermodes,
  set::max-channels-per-user, set::static-quit, set::static-part.
2023-05-22 12:07:43 +02:00
Bram Matthys 3652940c2c Add set::anti-flood::<secgroup>::max-channels-per-user setting to override
the default set::max-channels-per-user (also called set::maxchannelsperuser).

This way you can give known-users a higher max-channels-per-user,
or even a special security group for trusted users (that you may
already have given a more lax flood setting and lower lag-penalty
etc. etc. so that fits in nicely)

And yeah this also:
* Makes it both in set and the anti-flood block accept both
  maxchannelsperuser and max-channels-per-user.
* Removes old MAXCHANNELS= in 005, as we already have CHANLIMIT=
This does not:
* Re-announce the 005 CHANLIMIT= if someone transitions from a security
  group with a different max-channels-per-user. We don't do that for
  IRCOps either, and I think no IRCd does that actually...
  To be honest i wonder if sending the limit in 005 is useful at all,
  do client really track this and limit their GUI based on it?? Doubt it!
2023-05-19 21:47:23 +02:00
Bram Matthys 40bdef6cd9 Make exceeds_maxperip() use a hash table (performance improvement) 2023-05-17 19:44:10 +02:00
Bram Matthys 2184f38e7e Expose more WHOWAS fields in JSON-RPC and change add_history() to take a reason
for the add, like: nick-change, quit, server terminating. Add logon time.

I also think i will move from user.get_whowas to a whowas.XXX since the
returned object is not a user object and getting more different each commit :D.
2023-04-15 09:00:06 +02:00
Bram Matthys 5e57228dfb In the FLOOD_BLOCKED log message, add the target of the flood.
Suggested by ComputerTech in https://bugs.unrealircd.org/view.php?id=6148
2023-03-17 09:56:56 +01:00
Bram Matthys d5989695e8 Remove last global 'buf' variables. This was already done a lot in time
but it seems there were still a couple left. These are now gone as well.
There seem to be no issues with the ones that were left, but it is just
too easy to get it wrong. Declaring buf in function now. This should be
faster anyway, since it is located on nearby memory (stack).

Inspired by previous find from westor (c708a99955c034e842f913479cc597d87b311394).
2022-06-01 08:34:48 +02:00
Bram Matthys d3f655cb63 Fix space stripping at end of connect and disconnect message, in the
"extended_client_info". Was a typo, 'buf' vs 'retbuf'.
Reported by westor in https://github.com/unrealircd/unrealircd/pull/217
2022-06-01 08:21:03 +02:00
westor 111ab9fada Show [shunned] in connect oper notice (#206)
When someone is trying to connect and he/she is shunned , it will be displayed on connection server notice, yeah sometimes it might be helpful, why not..

Suggested by armyn https://bugs.unrealircd.org/view.php?id=6106
2022-05-23 08:18:49 +02:00
Bram Matthys 9075e2fa70 Move all the security group and mask code to src/securitygroup.c 2022-05-16 13:54:52 +02:00
Bram Matthys fc79cbb3f0 Fix memory leak in new security group code from past 48hrs 2022-05-15 07:50:40 +02:00
Bram Matthys 0b45e34e62 Simplifly RPL_HOSTHIDDEN notification.
Pretty much everywhere we had:
0001 userhost_changed(client);
0002 if (MyUser(client))
0003         sendnumeric(client, RPL_HOSTHIDDEN, client->user->virthost);

Lines 2-3 are now integrated in userhost_changed().

Also fix two issues with CHGHOST in make_oper():
* if user was -x, modes had +x and a vhost, it would send the cloaked
  host in the original vhost, while it should have been the real host
* if user was -x and went +x without vhost (so only uncloaked to cloaked)
  then no CHGHOST message was sent at all
2022-05-15 07:45:00 +02:00
Bram Matthys 517d93bea8 Fix crash / support NULL secgroup in user_allowed_by_security_group() 2022-05-14 16:29:38 +02:00
Bram Matthys 10bddc1232 Extended server bans are now more clearly exposed in security-group { }.
The extban module API is used behind the scenes. To the server admin
the functionality appears in a more natural way:
        account { <list>; };
        country { <list>; };
        realname { <list>; };
        certfp { <list>; };
In the same way, they appear as exclude-xxx options too:
        exclude-account { <list>; };
        exclude-country { <list>; };
        exclude-realname { <list>; };
        exclude-certfp { <list>; };

Modules can add additional fields (3rd party modules too!).

Module coders:
See src/modules/extbans/realname.c for a simple example. In short:
1) You need to register your extban in both MOD_TEST and MOD_INIT
2) Other than that, the existing rules for extended server bans apply:
   a) Your req.is_banned_events needs to include BANCHK_TKL
   b) Your req.options needs to include EXTBOPT_TKL
Be advised that for modules that are called in extended server bans
the client may be missing several fields, for example client->user could
be NULL, so be careful with accessing everything in your module.
2022-05-13 20:13:34 +02:00
Bram Matthys efa7fea88e Rename security-group::include-mask to ::mask. Both will work though for
a long long time. Change done to make it consistent with the rest.
2022-05-13 14:11:00 +02:00
Bram Matthys a544001eeb Add security-group::security-group, this as a shorthand for
security-group { mask ~security-group:xyz; }

Module coders (again, slightly unrelated):
Added unreal_add_names() function which can be used to transform
a list of names in the config to a linked list (NameList).
2022-05-13 14:07:05 +02:00
Bram Matthys 6751b066ab Prevent infinite loop (crash due to out of stack) when processing a
security group that references another (or itself), eg:
security-group abc {
	include-mask ~security-group:abc;
}
We now give up after a recursion depth of >8 and log a warning.
2022-05-13 13:37:48 +02:00
Bram Matthys de61fc4b50 Add connect-time to security-group, so you can match on how long a client has
been connected to IRC. See https://www.unrealircd.org/docs/Security-group_block

Slightly unrelated, for modules coders: new function get_connected_time(),
to see how long a client has been online. This works for local clients, in
which case it would just return TStime()-client->local->creationtime.
It also works for remote clients, for which it will use the newly added
"creationtime" moddata (commit f1a18ce37e),
so the info is only available for remote clients on newer servers.
If the info cannot be found it will return 0 (zero).
2022-05-13 13:23:02 +02:00
Bram Matthys 788c230bdc Support exclusion criteria in security groups.
Suggested by Jobe in https://bugs.unrealircd.org/view.php?id=6096

Also add support for matching a reputation below a value ("<10").

See https://www.unrealircd.org/docs/Security-group_block for info
on all of these.
2022-05-13 11:33:57 +02:00
Bram Matthys 7f794aa7d7 Fix log message on vhost-flood 2022-01-06 08:44:59 +01:00
Bram Matthys 6b87bd1b34 Only allow setting of snomasks that actually exist in the log { } blocks.
Otherwise probably too confusing. Suggested by westor in
https://bugs.unrealircd.org/view.php?id=5995
2021-11-10 15:59:10 +01:00
Bram Matthys ee8cc0e8e2 Get rid of Usermode_Table[] and use a linked list called usermodes.
Just like already done for Channelmode_Table[] -> channelmodes.
2021-09-26 12:46:34 +02:00
Bram Matthys b95eb0b3b7 Add get_operlogin() and get_operclass() functions to make things easy.
This retrieves the oper login (/OPER thislogin ...) and operclass of
local and remote users.
2021-09-25 10:57:00 +02:00
Bram Matthys edbfaaf95d JSON logging: expand user modes, snomasks, and oper login (if available)
This also adds a function get_usermode_string_r(), which requires
you to specify the buffer (and buffer length) for building the
umode string.
2021-09-25 09:45:30 +02:00
Bram Matthys bf7a72a850 Usermode_Table[].flag -> Usermode_Table[].letter
just like how it is now in U6 in channel modes and extended bans
2021-09-25 09:13:34 +02:00
Bram Matthys 720f597ad6 Get rid of current snomask system and allow ircops to set any snomask
(that is: a-z A-Z) so to use the dynamic system with the new logging.
Largely untested.
2021-09-22 15:49:20 +02:00
Bram Matthys e27749f556 Use long long casts due to time_t difference on Windows vs Linux.
Should now compile without errors on both.
2021-09-12 15:29:26 +02:00
Bram Matthys 8353a9e17b Change char *parv[] to const char *parv[] everywhere. This is a BIG change.
It means you can no longer modify eg parv[1] in-place with strtoken and such.

The main reason for this is that as a command handler you have no idea
where the arguments may come from. It could be from a do_cmd() with
read-only storage (eg a string literal) and so on.

It started with an experiment of how far I could get and how annoying the
side-effects would be, but they seem to be quite managable, so I'm
committing this stuff.

Hopefully this catches/solves some stupid bugs somewhere :)
2021-09-11 16:02:44 +02:00
Bram Matthys 5dc6411419 Const const const. This completes the work in h.h. 2021-09-11 10:21:54 +02:00
Bram Matthys ac84d4f207 Const const const... modules.c and elsewhere. 2021-09-11 07:53:30 +02:00
Bram Matthys 7dac12e31e Get rid of RunHook2/3/4/5/6/etc and just have RunHook with __VA_ARGS__ 2021-09-10 19:27:18 +02:00
Bram Matthys 9438ddfd93 Add consts in user.c 2021-09-10 15:40:50 +02:00
Bram Matthys 09a412782d Const stuff for misc.c 2021-09-10 15:25:21 +02:00
Bram Matthys 08a32429ff Update extban API to use more consts 2021-09-10 13:39:26 +02:00
Bram Matthys a3bfa210e9 HookAddPChar() -> HookAddString()
and .pcharfunc -> .stringfunc
2021-09-10 11:49:06 +02:00
Bram Matthys 6058090435 Use GeoIPResult * everywhere. Any modules who want to fetch it for
a client can use geoip_client(client).
2021-08-17 17:16:14 +02:00
Bram Matthys 796cac7a63 geoip: migrate from simple string to returning a GeoIPResult struct.
(work in progress, 1/2)

This also add supports for callbacks which return pointers (pvoidfunc),
we already had that for efuncs but not in callbacks.
2021-08-17 16:39:39 +02:00