Services coders: you can now set "SVSMODE Nick +d" to set the 'deaf' user mode. Note that "SVSMODE Nick +d svsidhere" also still works.
This should be a harmless change, unless some services packages are accidentally trying to set emtpy svsids like "SVSMODE Nick +d "... if you do, then the target nick will be deaf now..
this means that if you hook this in a module and then send something from
the hooked function to other servers it may cause a KILL from another server
since the nick may already be changed (Ghost kill). For example if you
send a MODE or something else. Subsequent kill chasing would cause the
victim to be killed.
use a different nick: when you're logged in you are now considered
registered as far as channel mode +M (only registered users may speak and
+R (only registered users may join) are concerned. Same for user mode +R
(only allow private messages from registered users).
Tech: whenever services set SVID and it's not * and does not start with a
number, then we consider this user to be 'logged in'.
Whenever a user is set +r (s)he is also considered 'logged in'.
This way it's compatible with both older and new services and doesn't
introduce security issues with older services using servicetimestamp
for nick tracking or other means.
This issue was reported by ShawnSmith (#4318).
By default this is set to 'yes' which means that once a spamfilter matches
UnrealIRCd will take action immediately and any additional (other)
spamfilters will not be processed.
When this is set to 'no' then after the first spamfilter match other
spamfilters will still be checked. All of these matches will be logged and a
message will go to IRCOps (snomask +S) for each one. The affected user,
however, will only see one spamfilter action (eg: block or kill) which will
be the spamfilter with the 'gravest action' (gzline is highest, block and
warn are lowest).
Unfortunately we can no longer auto-download so we send the user
to a microsoft.com page when the package seems not installed.
Hopefully most users will have it installed though...
bind to (for example) the loopback interface before connecting to the
remote server.
In addition to that, we now don't bind() at all when bind-ip is not
present or is set to "*".
This allows us to successfully build on systems where pulling in poll.h
pollutes the code with a broken form of ctypes.h due to a few reasons, not
limited to, but including, usage of non-namespaced macros which clash with
our own.
- Rename Changes to Changes.old
- In the Mercurial repository the Changes file no longer exists (except
for a dummy file). You now need to run ./createchangelog to generate it.
Of course in official releases the Changes file will be present and
contain all details.
- From now on, the Changes file is based on the history of the Mercurial
repository. This means we no longer have to write text manually to the
Changes file. This simple change helps a lot in future development
because patches will no longer break when they are being ported from
one branch to another.
unreal32docs.gr.html (outdated since 2006-12-02), and
unreal32docs.nl.html (outdated since 2009-01-18, possibly 2007-07-12).
These translations are out of date for many years and are causing
problems for the people who are reading this out of date information.
If you want to update these translations, or (maybe better) redo
the translation of unreal32docs in these languages, then send an
e-mail to syzop@unrealircd.com.
Note that for all these languages we have had people in the past
offering to help out, but in the end we never heard back from them,
so please ONLY contact us if you: 1) are serious, and 2) have
sufficient time available to work on this project.
That said, users in your language will greatly appreciate your work!
Of course, if you want to translate documents in any other language
then you are welcome to contact us as well.
method to authenticate users with SSL client certificates based
on SHA256 fingerprints. This can be used instead of the already
existing 'sslclientcert' so you don't have to use an external file.
One way to get the SHA256 fingerprint would be:
openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
to it from each section (oper::password, vhost::password,
link::password-receive, etc).
- Disable USE_POLL on Windows, since it doesn't work with XP and has
no advantage anyway. Reported by nenolod (#4129).
- Various updates to makefile.win32 and .iss file, found during
building new versions of zlib, openssl, and curl.
Any attempt to /OPER by someone who doesn't have one of the listed
usermodes is rejected. This can be used to restrict oper blocks to
registered nicks (+r) or secure clients (SSL, +z).
server.cert.pem exists, and check it if the file doesn't exist.
You can still change the setting, just the default is correct now.
The code for this was already there but was not working correctly
causing users to go through the generation process upon each install.
If this is not set, then SASL is off and not advertised.
If the specified server is not connected, then SASL is off as well.
This prevents unnecessary delay (and the inability for some clients to
get online) when SASL is not in use or when the SASL server is down.
This allows the IRCd to enforce MLOCKs that are set by services, which
eliminates clashes between users setting modes and services enforcing
it's mlock on channels. (#3055)
queued data on the receive queue (eg: due to fake lag) was not processed
unless we got new data from the client.
Now, better document this. Also, avoid calling dbuf_put with 0 length.
goes to the boot screen. When we are already booted it's sent to all
IRCOps with a limit of max. 1 message per 5 minutes.
- Refuse to boot when we can't write to any log file.
vmakebuf_local_withprefix. Then use this new function - which creates the
buffer-to-be-sent - at the top of functions like sendto_channel_butserv
and sendto_common_channels and send the prepared buffer in the loop that
comes after it. This means we only prepare the buffer once and then send
it many times, rather than both building and sending it XYZ times.
Benchmarking connect-join-quit of 10k clients:
100 users per channel: no noticeable speed improvement
1000 users per channel: 18% faster
10000 users in one channel: 50% faster
As you can see, unfortunately, for a typical irc network there isn't much
speed improvement. However, if you have a couple of 500+ user channels or
get attacked by clones then you may see some improvement in speed and/or lower
CPU usage.
- UnrealIRCd now supports poll() instead of select().
There are some minor speed benefits if you have more than 1K or 2K
clients, however the main noticeable difference is that on Linux you can
now easily enter a higher maximum connection count than 1024 in ./Config,
without having to edit system header files.
Of course, you still need to be allowed to use the # of sockets (type
'ulimit -n' on the shell).
Support for this is experimental at this stage, but enabled by default
so it can receive all the testing it deserves. If all goes well, it will
be the default for 3.2.10.
Stress testing is very much welcomed!
* use get_client_by_pollfd() function instead of pollfd_to_client[]
directly, so we can easily find and debug any mistakes.
* add some commenting
* add extra debugging and core dumping if fd or slot values are out of bounds
* fix race condition in read_authports() where send_authports() 2 lines up
could have closed the socket, resulting in a read from fd -1.
NOTE: I've updated the select (non-poll) code as well, should be harmless.
* move all (re-)initalization to reset_pollfd(), i'm
much more comfortable with that as it aids debugging a lot.
* add parenthesis.
update my own fd check code for poll support
on OpenFiles to be correct. This fixes a crash when f.e. 3rd party modules
have files open but don't increase OpenFiles. Might also fix a curl crash,
though nobody ever reported one.
and ensures that the user does not have any ircop-only user modes after
de-opering. This (only) fixes the just added +I umode case, but could
also prevent future bugs.
Now the UNREAL_VERSION_GENERATION, UNREAL_VERSION_MAJOR,
UNREAL_VERSION_MINOR, and UNREAL_VERSION_SUFFIX macros are
autogenerated from PACKAGE_VERSION.
now store a string (of max NICKLEN size) as service stamp. See
protoctl.txt and serverprotocol.html in doc/technical for more
information.
Patch from nenotopia (#3966).
connection was never actually sent (due to buffering). Hence, things like
the /SQUIT reason was never seen on the other side (just 'server closed
the connection'). This has now been fixed.
- Win32: Attempt to move to 100% winsock2 (the include, to be precise),
this means includes have to be in a very particular order (!)
- Win32: #define _WIN32_WINNT 0x0501 and force our own inet_ntop/pton,
otherwise you get an ntop runtime error on XP and earlier.
- Win32: Get rid of c-ares includes and library in our tree, and use the
DLL instead of static LIB, just like we do for ssl and zlib.
- Win32: Get rid of TRE lib and includes
- Win32: reorder includes to fix winsock errors with curl
mysterious error 'The specified module could not be found' even though the
file exists. This usually means that it depends on another DLL, but
apparently Microsoft decided not to mention that in the error message.
We now append some small text when such an error happens, saying that it
could be because of a missing dependency. Reported by Phil.
and ZLINE) and 'except tkl' (which can exempt from GLINE, GZLINE, SHUN,
QLINE, GQLINE and SHUN). Reported by Digerati (#0002535).
- Added except tkl::type 'all', which exempts from all TKL types (except
KLINE).
network. You can also specify options like '/REHASH -global -motd' to
rehash only the MOTD/RULES/etc. Just like /REHASH <servername> this is a
NetAdmin-only command. This command is fully backwards compatible with
older UnrealIRCd version in the sense that it will also REHASH old
Unreal's. Suggested by 'P' in #0001522.
'install as service' and 'encrypt SSL certificate', as they are
incompatible (a service cannot ask a user to enter a password).
- Win32 installer: Fixed long outstanding problem with some Vista / Windows 7
installations, which has to do with file permissions of the Unreal3.2
folder. Symptoms were error messages such as:
Unable to create file 'tmp/10D9D743.commands.dll': Permission denied
But also failing to create SSL certificates, nothing being logged, etc.
This is now fixed by setting write access on the Unreal3.2 folder to the
user running the install, unless the user chooses not to use this new
option (it can be unchecked), in which case the user is warned that he
should take care of this himself.
Reported by various persons, special thanks to Bock and goldenwolf for
helping us to track down this issue (#0003943).
- Some small updates to the extended channel mode system: it now has minimal
support for 'local channel modes'. This is really only meant for channel
mode +Z (upcase z), see next.
- Added Channel Mode Z which indicates if a channel is 'secure' or not.
This mode works in conjunction with +z (lower case z).
If +z is set ('only secure users may join'), then the IRCd scans to see
if everyone in the channel is connected through SSL. If so, then the
channel is set +Z as well ('channel is secure').
Whenever an insecure user manages to join, the channel is -Z. And whenever
all insecure users leave, the channel is set +Z.
The 'insecure user being present in a +z channel' can be because:
- An IRCOp joined the channel, and he's not secure
- When servers link together and a user on the other side is not secure
This only happens on net merge (equal time stamp).
On different time stamp, we still kick insecure users on the new side.
- At the time when +z is set, there are insecure users present.
This feature was implemented after a heavy discussion in bug #3720 by fez
and others, and was suggested by Stealth.
Tech note: +Z/-Z is handled locally by each server. Any attempt to
remotely set +Z/-Z (eg: by services) will be ignored.
- As mentioned above, +z can now be set even if any insecure users are
present. Previously, this was not permitted. Now, as soon as the last
non-SSL user leaves, the channel will be set +Z.
- An oper not connected through SSL previously had to /INVITE himself
to a channel and then /JOIN the channel with the key 'override'.
This 'override' key is no longer required, a simple JOIN will suffice.
- Sorted channel modes in /HELPOP ?CHMODES
- Re-enabled 'fishy timestamp' errors in MODE. For some reason this was
commented out, even though the (more annoying and less useful) code in
JOIN was enabled so that did not make a lot of sense. It also now logs to
ircd.log (or whatever you configure). This enables people to easier find
the cause of any timestamp issues (which usually is badly coded services).
commands.so. This module was written to help IRCd maintainers deal
with some sort of ``XPS'' attack in which javascript-initiated HTTP
POST form submissions were able to act as dummy IRC bots. These
simple bots were the cause of much spam. (#3893)
- Add a modules section to the documentation. This was created to put
all documentation specific to the m_post module in one, easy to find
place. The documentation on m_post is likely incomplete, however.
- Added support for "stacked" extbans. Put simply this allows extban combinations
such as ~q:~c:#test to only silence users on #test, for example. This feature
is enabled by default, but can be disabled during ./Config -advanced.
This feature was suggested by Shining Phoenix (#0003193), was then coded
by aquanight for U3.3, and later on backported and partially redone by Syzop.
Module coders:
In an extban ~x:~y:something where we call ~x the 1st, and ~y the 2nd extban:
Since stacked extbans only makes sense where the 1st one is an action
extended ban like ~q/~n/~j, most modules won't have to be changed, as
their extban never gets extended (just like ~c:~q: makes no sense).
However, you may still want to indicate in some cases that the extban your
module introduces also shouldn't be used as 2nd extban.
For example with a textban extban ~T it makes no sense to have ~n:~T.
The module can indicate this by setting EXTBOPT_NOSTACKCHILD in
the ExtbanInfo struct used by ExtbanAdd().
For completeness I note that action modifier extbans are indicated by
EXTBOPT_ACTMODIFIER. However, note that we currently assume all such
extbans use the extban_is_ok_nuh_extban and extban_conv_param_nuh_or_extban
functions. If you don't use these and use EXTBOPT_ACTMODIFIER, then things
will go wrong with regards to stack-counting.
Module coders should also note that stacked extbans are not available if
DISABLE_STACKED_EXTBANS is defined.
- Added extended ban ~R:<nick>, which only matches if <nick> is a registered
user (has identified to services). This is really only useful in ban
exemptions, like: +e ~R:Nick would allow Nick to go through all bans if he
has identified to NickServ. This is often safer than using +e n!u@h.
- Added Extended Invex. This is very much like extended bans, in fact it
supports some of the same flags. Syntax: +I ~character:mask
Currently supported are: ~c (channel), ~r (realname) and ~R (registered).
This can be useful when setting a channel invite only (+i) and then
setting invite exceptions such as +I ~c:#chan (or even ~c:+#chan), while
still being able to ban users.
Because action modifiers (~q/~n/~j) make no sense here, extended invex
stacking (+I ~a:~b:c) makes no sense either, and is not supported.
Suggested by DanPMK (#0002817), parts based on patch from ohnobinki.
Module coders: set EXTBOPT_INVEX in the ExtbanInfo struct used by
ExtbanAdd() to indicate that your extban may also be used in +I.
- Invex (+I) now always checks cloaked hosts as well. Just like with bans,
it checks them also when the user is not currently cloaked (eg: did -x, or
is currently using some VHOST).
- Fixed client desynch caused by (un)banning, reported by Sephiroth (#2837).
two groups: one that specifies ban actions (~q/~n/~j) and one that
introduces new criteria (~c/~r). Also added documentation for ~R which
does not exist yet, but will soon...
- Added information about ``oper::password::auth-type sslclientcert'' and the same for link::password-receive::auth-type. (#3133)
- A little bit more of interlinking and using id="" instead of <a name="" />
curl version is new enough and is not using a c-ares which is binary
incompatible. If the self-compiled curl version is (too) outdated, then we
now suggest to rename it and have the installer re-download and compile
it automatically. This avoids some potential crashes.
was not compiled with c-ares, which is clearly a bad idea as then the
entire IRCd can hang for several seconds or more...
We now check if they support asynch DNS, and skip them if they don't.
- Separate m4 macros into *.m4 files (it is much easier to run aclocal now).
- Remove unused DOMAINNAME macro and --with-hostname= options as the DOMAINNAME macro isn't used anywheres and its use shouldn't be encouraged.
- autogen.sh to bootstrap the buildsystem. We now maintain setup.h with autoheader.
- --disable-blah now does the opposite of --enable-blah. The same for --with-blah and --without-blah. (This makes Gentoo users happier).
- Remote MOTD support. Not adequately tested. Required restructuring of the asynchronous download callback and handler.
- Added some consts throughout url.c, etc.
- Fix segfault where the an include directive specifies a URL and cURL follows redirects, resulting in a different resultant URL. The remote includes code would look for the an include block using the resultant URL and assume that it would be found. The new code searches differently, has new checks, and ignores the resultant URL.
- Removed duplicated m_motd() and friends that were both in modules and s_serv.c. The copies in s_serv.c (core) were overriding the in-module functions.
- IPv6: it seems some recent Linux dists decided to make IPv6 sockets
IPv6-only, instead of accepting both IPv4&IPv6 on them like until now.
FreeBSD (and other *BSD's) already did that move a few years back,
requiring server admins to sysctl.
We now make use of a new option to explicitly disable "IPv6-only".
This should work fine on Linux.
Whether it provides a complete solution for FreeBSD, I don't know, testing
is welcome! In theory setting net.inet6.ip6.v6only to 0 should no longer
be needed, but you might still need to enable ipv6_ipv4mapping.
- Fix stupid issue where current CVS would no longer link TO an earlier
Unreal server (eg: outgoing connect to a 3.2.8 hub). Reported by ohnobinki
(#0003901).
against HTTP POST proxies, now added some extra text to say it also
protects against the Firefox XPS IRC Attack. Also made NOSPOOF enabled by
default on *NIX (this was already the case on Windows).
- Updated ./Config description for DPATH. Seems quite some people answer
this question wrong, and when that happens, you only get some obscure
error when running './unreal start'.
- Fixed 'unreal' script to give a better error if it cannot find the IRCd
binary.
Previously this caused some really odd behavior. Backslashes are now
treated as-is, so no special escaping is necessary. Reported by DelGurth
(#0003002).
- Removed old dgets() function
redundant and confusing. Also removed an old statement saying k-lines would
be erased on rehash which is not true. Documented '/rehash -dns'.
Reported by ohnobinki (#0003881).
curl detection, added checks to see if curl actually works (print out a
clear curl error during configure, instead of getting an error during
'make'), and we now error when using --enable-libcurl without
--with-system-cares if the system curl depends on c-ares. This is because
this can cause ABI incompatability between curl's c-ares and our c-ares,
which leads to odd issues such as:
Could not resolve host: www.example.net (Successful completion)
And possibly other weird issues, perhaps even crashes.
it to 'no', the default is 'yes' (on). Requested by Robin (#0003885) as
UHNAMES may increase the time of the nick list being loaded from 1 to 4
seconds when joining several channels with more than 1000 users. As this
problem is only present on some networks, we keep UHNAMES enabled by
default.
descriptors. Because of this, Unreal did not restart properly as you would
get an "Address already in use" error. This only seemed to happen when
logging to syslog, or when there was something wrong with syslogd.
Reported by Mouse (#0003882).
descriptors. Because of this, Unreal did not restart properly as you would
get an "Address already in use" error. This only seemed to happen when
logging to syslog.
- Fixed a similar issue with syslog (and debugmode) and closing fd's as well:
the first port we listened on would not open up, ircd did not log any error.
- Made ./Config description about remote includes a bit more clear.
- When you now answer Yes to Remote includes in ./Config and $HOME/curl does
not exist, it now asks you if you want to automatically download and
install curl (which is done by ./curlinstall).
This has been tested on Linux, further testing on f.e. FreeBSD is
required.
- Server protocol: added PROTOCTL EATH=servername, which allows us to
authenticate the server very early in the handshake process. That way,
certain commands and PROTOCTL tokens can 'trust' the server.
See doc/technical/protoctl.txt for details.
- Server protocol: between new Unreal servers we now do the handshake a
little bit different, so it waits with sending the SERVER command until
the first PROTOCTL is received. Needed for next.
- Server protocol: added PROTOCTL SERVERS=1,2,3,4,etc by which a server can
inform the other server which servers (server numeric, actually) it has
linked. See doc/technical/protoctl.txt and next for details.
- When our server was trying to link to some server, and at the same time
another server was also trying to link with us, this would lead to a
server collision: the server would link (twice) ok at first, but then a
second later or so both would quit with 'Server Exists' with quite some
mess as a result. This isn't unique to Unreal, btw.
This happened more often when you had a low connfreq in your link blocks
(aka: quick reconnects), or had multiple hubs on autoconnect (with same
connfreq), or when you (re)started all servers at the same time.
This should now be solved by a new server handshake design, which detects
this race condition and solves it by closing one of the two (or more)
connections to avoid the issue.
This also means that it should now be safe to have multiple hubs with low
connfreq's (eg: 10s) without risking that your network falls apart.
This new server handshake (protocol updates, etc) was actually quite some
work, especially for something that only happened sporadically. I felt it
was needed though, because (re)linking stability is extremely important.
This new feature/design/fix requires extensive testing.
This feature can be disabled by: set { new-linking-protocol 0; };
having to use a special SSL-only port, they can simply switch to SSL on
any port. This is currently only supported by few clients (such as KVIrc 4).
This functionality can be disabled by setting set::ssl::options::no-starttls,
for example if you don't want to offer SSL to your users and only want it
to be used for server to server links.
Naturally, the IRCd must be compiled with SSL support for STARTTLS to work.
- Fixed SSL_ERROR_WANT_READ in IRCd_ssl_write()
such as ~q:~c:#test to only silence users on #test, for example. This feature
is enabled by default, but can be disabled during ./Config -advanced. Module
support for this feature must note the following:
- For is_ok function, the extban can either assign extban_is_ok_nuh_extban, which
will deal checking a chained extban (including checking for restricted extbans),
or it can call that function from its own is_ok routine. For the latter case,
remember to pass only the mask part of your ban format (ie, don't just pass para as
otherwise it'll just call your is_ok again).
- For conv_param function, the extban can either assign extban_conv_param_nuh_or_extban,
which will automatically call conv_param for a chained extban, or pretty up a n!u@h mask.
- For is_banned, the extban should call ban_check_mask with the mask part of the parameter.
This will automatically call is_banned for a stacked extban, or match against a n!u@h. n!u@h
is checked against the current user (ie, with the info in the globals ban_ip, etc), so things
can get weird if you call this outside a normal ban check.
Modules must keep in mind that chained extban support is not available (and neither are the three
functions above) if DISABLE_STACKED_EXTBANS is #defined (this is controled by Config). Modules will
not compile/load if they try to use them anyway.
This change should not break extban modules, and should need some more extensive testing.
- Misc fix for disabling extban chains, should've done stuff in our autoconf
stuff instead of hacking configure directly :P .
load (for example when the webserver is down), then the most recent
version of that remote include will be used, and the ircd will still boot
and be able to rehash. Even though this is quite a simple feature, it
can make a key difference when deciding to roll out remote includes on
your network. Previously, servers would be unable to boot or rehash when
the webserver was down, which would be a big problem (often unacceptable).
The latest version of fetched urls are cached in the cache/ directory as
cache/<md5 hash of url>.
Obviously, if there's no 'latest version' and an url fails, the ircd will
still not be able to boot. This would be the case if you added or changed
the path of a remote include and it's trying to fetch it for the first time.
To disable this new behavior, check out REMOTEINC_SPECIALCACHE in
include/config.h.
(HOOKTYPE_PACKET). Replacing the 'text to be sent' to a client is
supported, which allows character(set) conversion in a module.
Note that modifying an incoming message by the hook is not supported.
from not binding to that ip when linking, to not being able to link at
all. Also fixed a very small memory leak upon /REHASH. Bug reported by
Mr_Smoke (#0003858).
timesynch) made autoconnect not work for the duration of the offset
(eg: -60 would make autoconnect wait 60 seconds after boot, instead of
autoconnecting almost immediately). Reported by aragon (#0003853).
* And force the use of at least the version shipped with Unreal
* (or at least one without known security issues).
*/
this text is fcked btw.. whatever...
printed out as a warning, when in fact it's an error (and was treated as
such). Same for ZIP on non-zip compile. Reported by Stealth (#0003833).
..& updated credits..
- When pkg-config is present but does not recognize --static, use
default c-ares library options.
- Set default c-ares library options to -lcares on FreeBSD and others.
Set to -lcares -lrt on Linux (previously was -lcares -lrt for all).
Thanks to goldenwolf for the bugreport (#0003803) and providing a test-
shell to trace this issue down.
such as 3 connections per 60 seconds. Previously that could result in 3
per 90 seconds due to timer inaccuracy, now max 65 seconds (max 5s
inaccuracy).
In the IRCd world correct time is very important. This means that time
should be correct when the IRCd is booted, either by running ntpd/ntpdate
on the system or some other synchronization software, or by using the
built-in timesync feature.
Whenever the clock is adjusted for more than a few seconds AFTER the IRCd
has booted, it can lead to dangerous effects ranging from unfair
timestamps
for nicks and channels (and hence the possibility to takeover channels),
to even completely stalling the IRCd (negative timeshift) or making it so
nobody can connect anymore due to throttling (positive timeshift).
We now try to 'fix' the worst effects such as the IRCd freeze and
throttling. This does not fix the whole problem, so I've added some big
warnings when the clock is adjusted, including an annoying one every 5
minutes if the clock was set backwards, until the time is OK again
(catches up with the original time).
This fixes#0003230 reported by Stealth, and #0002521 reported by durrie.
set::spamfilter::slowdetect-fatal, set::ssl::server-cipher-list,
set::ssl::renegotiate-bytes, set::ssl::renegotiate-timeout,
set::watch-away-notification and ./unreal gencloak. Reported by Bock
(#0003764).
- set::ssl::renegotiate-bytes: fix when specifying a value such as 10m.
- './unreal gencloak' now actually works
- Fix typo in user mode q notice, reported by Strawberry_Kittens and others
(#0003761).
- Possible fix for MAC OS X compile problem - UNCONFIRMED.
(NickServ client, NULL if not present). You can return 1 (HOOK_DENY) to
make the IRCd not send IDENTIFY to NickServ. Suggested by tabrisnet
(#0003739).
(sorry, previous half-commit to src/modules/m_nick.c was accidental)
- Win32: Made UnrealIRCd run as a service under non-privileged accounts
(ones that do not belong to the Administrator group). Reported by
skyflash, Bock, zer, etc... Thanks to BuHHunyx for some hints on how to
fix this.
server.
Should never happen except when using faulty services or when something
else
got horrible wrong (like a date which is 40 years ahead). Reported by
Darth Android (#0003738).
don't support this and will fail to compile UnrealIRCd. This fixes#3680,
reported by therock247uk.
- Upgraded c-ares to 1.6.0 (also now using pkg-config).
If you get a "undefined reference to `clock_gettime'" error, then you
might consider installing 'pkg-config' on your system, and then simply
re-run
./Config and make, should fix things.
__TODO__: win32 c-ares upgrade to 1.6.0 (and copy & fix header files).
__TODO__: testing! testing! i'd like to be sure this c-ares is stable!
'uname -a' at compile time. This fixes bug #1438 and #3320 reported by
Mouse and Monk, where because of previous behavior the IRCd sometimes
would not compile in certain environments.
'error setting max fd's to 9223372036854775807' which prevents the ircd
from booting up. Reported by btcentral and Bock. This hack might not be
totally correct though ;).
each time it executes, how LONG it takes to execute. When a certain
threshold
is reached the IRCd will warn or even remove the spamfilter. This will
prevent
a spamfilter (regex) from slowing down the IRCd too much, though it's
still not
a guarantee that it will never go to a halt (eg: in case it takes several
minutes to execute a regex or loops forever).
Warning can be configured via set::spamfilter::slowdetect-warn (default:
250 milliseconds) and automatic deletion of spamfilters if it takes too
long is set through set::spamfilter::slowdetect-fatal (default: 500 ms).
NOTE: slow spamfilter detection is currently not available on Windows.
NOTE 2: to disable slow detection you can set the warn and fatal settings
to 0 (zero). OR to really disable all code, remove SPAMFILTER_DETECTSLOW
from include/config.h and recompile.
This new feature (away notify) is announced in 005 (ISUPPORT) as: WATCHOPTS=A
Format is: WATCH A +UserOne +UserTwo
New numerics to cope with away notification in WATCH are:
RPL_NOWISAWAY: to indicate the user is away _when adding_ it to WATCH list
RPL_GONEAWAY: user was not away, but is now
RPL_NOTAWAY: user was away, but is no longer away
RPL_NOWISAWAY: user was away, and still is, but the reason changed
Example:
WATCH A +Target
Request to add user 'Target' to the watch list with away notification
:maintest.test.net 609 MySelf Target ~blih test.testnet 1204309588 :not here atm
Reply to watch add: user is online and away, reason is provided
:maintest.test.net 599 MySelf Target ~blih test.testnet 1204309588 :is no longer away
User is back (no longer away)
:maintest.test.net 598 MySelf Target ~blih test.testnet 1204309722 :lunch
State change: user is now away, reason is provided
:maintest.test.net 597 MySelf Target ~blih test.testnet 1204309738 :shopping, bbl
User is still away, but reason changed.
The syntax for each numeric is:
<nickname> <username> <hostname> <awaysince> :<away reason>
In case of 599 (RPL_NOTAWAY) it is:
<nickname> <username> <hostname> <awaysince> :is no longer away
For the record, this is all based on a draft from codemastr from 2004, which was
implemented in Unreal3.3 (devel branch) in 2006. Today, in 2008 it was updated
with away reason support and backported to Unreal3.2. Because away notification
hasn't been used until now (due to it only being in Unreal3.3) we felt it was
safe to break some numerics.
now set a ban on *!*@*h.com and then later add one on *!*@*blah.com
without
any trouble. Previously the second one was rejected due to the former
already matching it. To change it back edit the include/config.h setting
SOCALLEDSMARTBANNING.
reported by Monk (#0003453). It should be large enough now. Also changed the
way we deal with this when it happens (if it ever happens again..): we now
close the server connection, instead of trying to continue, because continueing
is too dangerous.
trying to read unrealircd.conf. All due to strange chmod() behavior. We now no
longer try to set permissions on Mac OS X. Patch provided by Tibby (#3489).
properly (..again..), this was previously reported by pv2b.
- CGI:IRC + IPv6: Fixed issue where all cgiirc ipv4 clients were rejected with
the message 'Invalid IP address', reported by stskeeps (#0003311), nate
(#0003533) and others.
'::ffff:1.2.3.4' ips in the conf, they are now auto-converted to that).
Based on patch from tabrisnet.
- Fixed issue where the cgiirc block did not work with IPv6, reported by
djGrrr, fixed by previous change.
defines IRC_USER, IRC_GROUP which is a string specifiying what user name/
group name that should be changed into, instead of a hardcoded gid/uid.
This should make it easier for packaged binary releases to work (even
though this probably means Debian will take us in, ick .. Can't we pull
a new fight with debian-legal again?)
- #0003363 patched by adrianp, changing IRC_UID and IRC_GID into
defines IRC_USER, IRC_GROUP which is a string specifiying what user name/
group name that should be changed into, instead of a hardcoded gid/uid.
This should make it easier for packaged binary releases to work (even
though this probably means Debian will take us in, ick .. Can't we pull
a new fight with debian-legal again?)
- Retranslated the whole CDIR section (3.15)
- According to http://forditas.fsf.hu/html/node3.html the Hungarian expression for 'Internet Service Provider' should be written with a hypen (all occurrences fixed).
will be backwards compatible as well, SJOIN doesn't care (TM) and mode
doesn't either in case of a server sending it. So this will be just a
client protocol modification.
when trying to /connect to a server with wildcards (* and ?) in the link
block. We also raise an error if link::options::autoconnect is used
together with wildcards in hostname.
will now attempt to accept() up to LISTEN_SIZE (possibly saving CPU
through this under load, and speeding up connection).
- IRCd now also sets the &me fd as being non blocking (wasn't before, that
was odd..)
file descriptors being leaked upon every /REHASH.
So if you, for example, had 3 modules loaded and rehashed 30 times, it would cause
the ircd to consume 60 useless file descriptors (which often means 60 less file
descriptors being available to clients).
new commands SVSNOLAG/SVS2NOLAG (syntax: SVSNOLAG [+|-] NickName). Obviously, care
should be taken when giving such access to a user since he/she will be able to flood
at full speed and could possibly take down the entire IRCd (well, everyone on it).
Suggested by avb, coded by djGrrr.
- Made SAPART work for mulitple channels, just like SAJOIN. Reported by Snake and
SeigHart, patch provided by Bock (#0003064). This also fixes SAPART now being
announced to all opers globally, just like SAJOIN.
- Improved description of link::hub/leaf/leafdepth in unreal32docs.html reported by Bugz (#2623),
also fixed typo (leafdepth, not leaf-depth), reported by monas (#3083).
- Fixed bug where omitting class::connfreq would result in a huge connection attempt
flood when autoconnect was enabled. We now set class::connfreq to 60 if it's not
specified. Reported by Milliways (#0003018).
error, reported by Bock (#0003114).
- Added information about extbans to help.conf (/HELPOP ?EXTBANS). Patch from Bock
(#0003113).
- Made SAPART work for mulitple channels, just like SAJOIN. Patch provided by Bock
(#0003064). This also fixes SAPART now being announced to all opers globally, just
like SAJOIN.
- Finally fixed /RESTART issue on windows for good, should now always restart correctly.
Patch provided by BuHHunyx and Bock (#0002734).
- Fixed set::dns::bind-ip directive seen as duplicate, reported by aegis (#0003074).
- set::dns::* block is now no longer mandatory. All info has always been read from
/etc/resolv.conf (*NIX) or the registry (Win32), and the set::dns block is ignored
(except for set::dns::bind-ip, but that's a special case). Suggested by many including
djGrrr to make things slightly more logical (#0003019).
- As a consequence of the above, set::dns blocks were removed from doc/example*conf.
- Added two more characters to Catalan charset, reported by rmh (#0002995).
- Added set::pingpong-warning [yes|no] which decides whether to send the "** If you are
having problems connecting due to ping timeouts, please type /quote pong .." message
to each client when NOSPOOF is enabled (usually on Win32). The default is NO.
Previously this message was always sent if NOSPOOF was on, which often caused
confusion among users. The message was intended for non-confirming clients, but these
should be fixed by now, and those that were not fixed (self-made bots/etc) did often
not understand the message anyway. Anyway, you can still turn it on ;). (#2680).
user target string (nick!user@host:info), insteaf of doing it at like 5 places.
- Spamfilter target 'u' (user): the host field (nick!user@HOST:realname) is now escaped
with brackets if it's an IPv6 address, eg: blah!blah@[1:2:3:4:5:6:7:8]:hello, reported
by aquanight and others (#0003010).
instead of letting it magically reappear whenever +x is set. This means services can
now properly "unvhost" a user by sending a "SVSMODE User -x+x" (then any existing vhost
will be removed and user will have a cloaked host). Reported by avenger and others
(#0002933).
- Made Unreal use the original name in case of a CNAME, instead of the forwarded name,
reported by jerrcsnet (#0003054).
- The "looking up your hostname" message was always sent, regardless of show-connect-info.
though it always acted like it did in the MODE line sent to the channel. This bug caused
desynchs in some cases. Bug reported by Korfio (#0003048).
- Fixes to SVSNICK: case-change no longer causes a collision, don't return the value from
exit_client (which would be FLUSH_BUFFER), fix QUIT not being sent back on collision.
- Fix for above so it doesn't -r the client.
- Renamed unreal32docs.tk.html to unreal32docs.tr.html
- Module coders: Added HOOKTYPE_POST_SERVER_CONNECT (1 param: cptr) which is called when
a server connects, just like HOOTYPE_SERVER_CONNECT but this is actually called *after*
all clients and channels are synched. Obviously needed for some modules which must synch
data that refers to clients/channels that would otherwise not exist yet on the other side.
reported by Bock (as part of #2889).
- Fixed desynch problem with +Q, reported by tabrisnet (#0002992).
- Updated doc/coding-guidelines
- Added bugs.* url to /info, was still showing some email address.
including one reported by frigola on an old Sun Cobalt RAQ3.
It will probably also fix an issue with the just released curl 7.15.4, if compiling
with remote includes.
TODO: Update win32 (not urgent)
you do 'cd ..' and then 'cd -' again, make works just fine. This is going to be the most
stupid workaround in history... Reported by vonitsanet and others (#0002926).
- Fixed crash problem on win32 if TKL times were <0. Obviously it's hard to protect from such
invalid server traffic, but figured in this case it might be a good idea since *NIX does
not crash.
- Made a note about possessive quantifiers, they are scary :P.
+- Moved another 2K lines from core to modules, this means 31K lines are now in modules
+ and can be upgraded on the fly.
+- Real Command Aliases: This makes it possible to, for example, alias '/GLINEBOT' to
+ 'GLINE <param> 2d Bots are not permitted on this network, etcetc'. For more information,
+ see the docs on the alias block and/or search for "glinebot" in doc/example.conf.
added glinebot example @ real command aliases / updated description...
- Added 'real' aliases, this are aliases that map to real commands, so you can for example
map the command '/GLINEBOT <x>' to 'GLINE <x> 2d Bots are not allowed on this server, blabla'.
See the documentation on the alias block for more information. doc/example.conf contains an
example as well (search for "glinebot").
map the command '/BLAH 5' to 'NICK idiot5'. More info in docs on alias block.
- Modulized: badwords system (src/badwords.c is now gone) and StripColors/StripControlCodes
to m_message, multiple netsynch routines to m_server, send_list to m_list, a certain mode
routine to m_svsmode, all /MSG IRC.. webtv stuff to src/modules/webtv.c which is compiled
with m_message.
This means another ~1500 lines of code are now in modules (and thus can be upgraded on
the fly), which brings the total of modulized lines at 32K.
synchronize the IRCd clock (TSOffset) with a few good time servers. It currently only does
this on-boot, but it will hopefully help a lot of people with most of their time differences.
I still keep recommending anyone who can to run proper time-synchronization software such as
ntpd/ntpdate on their servers.
To disable time synchronization (eg: because you are already running ntp), you can simply
set set::timesynch::enabled to no.
The boot timeout for the timeserver response (=causes boot delay) can be configured via
set::timesynch::timeout and is set to 3 seconds by default (range is 1s-5s), there should
be no reason to change this.
The time server can be configured by setting set::timesynch::server, the default is to
use 3 time servers on 3 continents (US, EU, AU) which should be sufficient for anyone but
if you got a good one near you you can use that one instead.
The time protocol we use is (S)NTP v4.
this case ;p). Reported by KnAseN and many others (#0002581).
There might still be other operator count bugs, but these are triggered by a different bug
and may or may not be caused by services.
which basically means if it allows .*. If you want to require a parameter, use .+ (or
anything other in regex that requires at least one character). Suggested and patch provided
by Nazzy (#0002722).
far as we want to go with regards to relaxing "too broad" checking... Just continue to use
services AKILL for (other) "too broad cases", as many people (correctly) do. Change
suggested by salama (#0002911).
CALLBACKTYPE_CLOAK). This passes 'aClient *sptr, char *host' instead of only 'char *host'
to the cloaking module, which can be useful if you need to cloak on something other than
IP/host. Suggested by fez (#0002275).
Module may still provide only CALLBACKTYPE_CLOAK though, in fact this is what the official
cloaking module does. So no updating of cloaking modules needed.
A side-effect of this "extra cloaking" callback is that we needed to change make_virthost()
which now has an extra parameter in front, and another side-effect is that calling the
CALLBACKTYPE_CLOAK may not work since only *_EX might be available. To my knowledge there
are very few modules (only 1 I know) that will have a problem due to this, so sounds like
an affordable tradeoff.
some more odd problems from people (eg: people switching from GCC 3.x to 4.x and wondering
why they are crashing or getting other errors).
** actually, this was already comitted, but forgot to commit Changes :p **
a lot of crashes. Both are now fixed. Reported by Zell, Yamake, and others (#2875, #2704).
Fix provided by Xuefer. This also gets rid of some annoying and useless compile warnings
as well.
- When checking if a user is banned, we always check the cloakhost too. Previously we could
not do this if the user had a /VHOST (=a minority of the cases, but still...). In short,
this is some extra protection to combat ban evasion.
- Performance of is_banned() *slightly* improved (just 1-2 usec, but 7 usec if no bans).
- [Module coders] For extban routines, we now offer a routine extban_is_banned_helper(buf)
which can be used instead of the ban_realhost/etc static chars stuff, see
extban_modeq_is_banned for a (real-life) example of how this is used.
- [Services coders!] Added PROTOCTL CLK (requires NICKv2) which adds an extra field in the
NICK command (when a user connects) right before the infofield (gecos).
The added field contains the cloaked host, that is: the masked host if +x would have been
set. This field is ALWAYS sent, regardless of whether the user is actually +x or not.
Services can then store this field in memory, to know the host of the user if the user
is set +x (+x-t). This is a (better) alternative to PROTOCTL VHP, with no race conditions,
and avoids some other VHP problems.
VHP will stay supported though... so it's not mandatory to switch over.
- c-ares (currently, a forked off version) enhancements:
- '/quote dns i' now shows the nameserver settings (which is taken from /etc/resolv.conf
on *NIX, and from the registry on Windows)
- We no longer depend on a C++ compiler (was useless c-ares dependency caused by libtool)
- '/REHASH -dns' now rereads the resolver data from resolv.conf/registry, no IRCd restart
needed anymore. It's currently kinda experimental however, but I *think* it will work ok.
Unfortunately the above features required some ugly hacks if curl was enabled, so if you
use curl (Remote includes), feel free to test on your OS (Linux, but especially FreeBSD
and the other *NIXes) to see if things still compile (make clean; ./Config && make).
- '/quote dns i' now shows the nameserver settings (which is taken from /etc/resolv.conf
on *NIX, and from the registry on Windows)
- We no longer depend on a C++ compiler (was useless c-ares dependency caused by libtool)
- '/REHASH -dns' now rereads the resolver data from resolv.conf/registry, no IRCd restart
needed anymore. It's currently kinda experimental however, but I *think* it will work ok.
Unfortunately the above features required some ugly hacks if curl was enabled, so if you
use curl (Remote includes), feel free to test on your OS (Linux, but especially FreeBSD
and the other *NIXes) to see if things still compile (make clean; ./Config && make).
clients support it now (mIRC, xchat, epic, eggdrop, Klient, PJIRC, irssi, CGI:IRC, etc).
It has always been weird that win32 had it ON by default and *NIX OFF, anyway.
Naturally this change will be mentioned clearly in next release notes.
clients connecting trough a CGI:IRC gateway that is in cgiirc { }. This might also fix a bug
where (g)zlines were not applied to CGI:IRC clients, reported by devil (#0002850).
- Rephrased/editted part of example.conf and unreal32docs to make it a littttttle bit easier
for beginners / try to mention the FAQ a bit more explicitly.
- Modulized NAMES command (can now be upgraded on the fly, if ever needed).
- Added NAMESX support, seeing both mIRC (5.17) and XChat support this. What this does is
send all rights of all users on the channel in the NAMES reply (eg: @+Syzop if the user is +ov)
instead of only the highest one (@Syzop in previous example). We only do so if the client
explicitly requested this via a NAMESX in a PROTOCTL message (eg: 'PROTOCTL NAMESX').
Note that there is a glitch: since most clients only send the PROTOCTL NAMESX after they
see NAMESX listed in the 005 announce message this has the effect that if there are
set::auto-join channels present (where users are automatically joined to by the server) the
extended NAMES reply will not be sent for those channels, because from the IRC server' point
of view the join happened before the PROTOCTL and hence it does not know the client wanted
NAMESX at that point (the result is not catastrophic: the old-style NAMES is sent for those
channels). Anyway, for all non-autojoin channels this works great. So still worth adding IMO.
Originally suggested in #0000606.
Side note: this does not mean we dropped the idea of (also) having a challenge-response
system for good ;).
We now support the webirc ('webirc_password' in CGI:IRC) method, which is kinda superior
to the older method ('realhost_as_password').
See the Unreal documentation (section '4.36 - Cgiirc Block') for details on how to configure.
- Changed quoting color in unreal32docs.. looks better now IMO (only English docs updated).
"trusted" and the IRCd will show the users' _real_ host/ip everywhere on IRC, instead of the
_CGI:IRC-gateway_ host/ip.
To do so you must set 'realhost_as_password' to 1 in your cgiirc.conf. And add the
CGI:IRC gateway(s) you fully trust to set::cgiirc::hosts.
means no longer weird issues with +b *\* etc not banning nicks with \ in it.
ExtBan ~c/~r get special treatment and will use our match_esc [match with escaping]
routine, that way you can ban channels such as "#f*ck" via "+b ~c:#f\*ck".
Fix triggered by bugreport of vonitsanet (#0002782).
the switchover we were accidently using different ones which caused funny kill messages
like "You were killed by a.b.c (a!a.b.c (SOMENICK[N\A](?) <- d.e.f))." This also broke
some bans in pre2/rc1. Bug reported by HERZ (#0002772).
contains the (root) certificates of most major Certificate Authorities. It is basically
the default curl ca-bundle.crt plus cacert's certificates.
The 'curl-ca-bundle.crt' will be copied to the installation dir if needed.
It will from now on be used by Unreal for all remote includes (curl) related certificates.
If you want to use https but don't want to buy a certificate, we suggest you to apply for
a free certificate at CACert (www.CACert.org). Or, alternatively, add your own certificate
(PEM encoded) to curl-ca-bundle.crt, see 'SSLCERTS' in the curl package for more info.
but is actually understandable and has less bugs. This fixes +b ~c:#c\*t not properly
matching #c*t, reported by Jason (#0002752). Initial results look good, but this needs
some good testing ;).
- Updated unrealinst.iss: made it easier for me to have 2 curl versions, this is so we can
ship the SSL version of unreal with a curl that supports SSL (https, etc).
- Preperations for pre-1 (version change, etc)
- Changed the default maxbanlength from 1K to 2K, which means people can set more bans because
in pracitce the 60 (maxbans) limit was never met because the maxbanlimit was set so low.
set::maxbans in the configfile, note that you probably also want to enlarge set::maxbanlength
as well (see docs) or else you will hit that limit first.
- Changed the default maxbanlength from 1K to 2K, which in practice will mean people can set
a lot more bans since in practice the 60 (maxbans) limit was never met because the
maxbanlimit was set so low.
an error, since specifying usermask should not be done and is useless, since a (G)ZLINE
takes place BEFORE ident lookups.
- Did the same for /(G)ZLINE *@hostmask (should be *@ipmask), this already was a warning
in 3.2.3, and is an error now in 3.2.4.
- Redid some net synching code to make it more efficient (#2716).
- Fixed spamfilter crash problem: the action 'viruschan' is now no longer incompatible
with target 'user'. Reported by Monk (#0002570).
oper privileges on quarantined servers will be instantly killed. Bit ugly perhaps, but
then it actually does what it should (prevent opers on quarantine from getting GLOBAL
oper privileges). This "fixes" #2510, #2163 and #1968.
[forgot docs commit]
oper privileges on quarantined servers will be instantly killed. Bit ugly perhaps, but
then it actually does what it should (prevent opers on quarantine from getting GLOBAL
oper privileges). This "fixes" #2510, #2163 and #1968.
- Made ./Config better react to errors (no longer print a "everything is a big success"
kind of message when in fact everything went wrong).
- Made ./Config (configure) exit on openssl or zlib not found errors, instead of
silently continueing and then causing trouble later on. Also now printing _a bit_
more helpful error message.
you have to put 'spamfilter yes;' in every alias block you want to get filtered.
This is so you can have for example /MS filtered (due to heavy spam), while keeping
/NS and /CS unfiltered. Reported by Homer (#0002496).
- The memoserv aliases (/MS and /MEMOSERV) now have spamfiltering enabled by default.
in the function, reported by Robby22 (#0002696).
- Fixed set::static-part set to 'no' not working properly. Reported by Robby22 (#0002698).
- Fixed crash in new resolver, reported by firstof9.
unreal version that the user is using. I presume this can be helpful (although nobody ever
suggested it ;p). The macros (#define's) are:
UNREAL_VERSION_GENERATION The generation version number eg: 3 for 3.2.4
UNREAL_VERSION_MAJOR The major version number eg: 2 for 3.2.4
UNREAL_VERSION_MINOR The minor version number eg: 4 for 3.2.4
This can be negative for unstable,
alpha and beta versions.
UNREAL_VERSION_TIME Year + week of the day (starting eg: 200541
on Monday), this is updated on
the CVS server every week.
The first 3 are for nicely identifiying the version, the 4th can be useful in case
you want to support CVS and/or want some more control.
Reported by Trocotronic (#0002659).
- Fixed a problem with entries in the hosts file (such as, usually, localhost), this would
cause an unresolved host and a 30s delay for the user, even though resolving succeeded.
This should get rid of some annoying untracable (and usually rare) crashbugs in the
old resolver. Besides that, it makes things look more clean and understandable.
This should be the fix for the following bugids (all the same issue): #2499, #2551, #2558,
#2559, #2603, #2642, #2502, #2501, #2618, #2616.
Feedback and testing is very much welcomed (syzop@unrealircd.com).
generated (for linkage by commands.so), are now used to generate the .so files of the
individual modules as well (eg: m_setname.o -link-> m_setname.so). This reduces compile
time ('make') on my machine by 33%, so it's quite noticable ;).
It also sends a numeric to the user saying the command has been processed, but a copy
has been sent to ircops. I feel this is a good idea for privacy reasons (anti-spy),
though I don't know how users will react to this. If you are using this on your network
and get users bothering you about it (or before that ;p), it's probably a good idea
to explain it somewhere on your site or FAQ :).
Example usage:
/spamfilter add p warn - Testing_mirc_decode_filter \$decode\(.*\)
[WARNING] The numeric text is likely to change in the next few weeks (early-cvs-commit).
- If a class block was removed and any other blocks would be referencing the class block
(such as: allow::class, oper::class, link::class), then this would cause a crash.
Reported by Mike_ (#0002646).
- CMDLINE_CONFIG behavior change: command line configuration is now still permitted
if #undef'ed (which is the default) if uid==euid && gid==egid, since it doesn't make
any sense to disable it then and is in fact just plain annoying.
- Added FAKELAG_CONFIGURABLE option in include/config.h, this enables an option called
class::options::nofakelag, which disables "fake lag" for a certain class (that is:
the artificial delay introduced by the ircd to prevent flooding is turned off,
allowing the user to flood at full speed).
IT'S USE IS DISCOURAGED UNLESS YOU REALLY KNOW WHAT YOU ARE DOING.
Sorry, option is not in ./Config -advanced since I don't get autoconf working, but it's
such a scary option that this might as well be a good idea to keep in config.h anyway.
This feature has been suggested for several years (and refused), but the final
suggestion (with implementation specific hints) came from Gilou in bug #0002207.
- changed a comment slightly in m_tkl.c to get rid of harmless warning ;)
a spamfilter, but cannot remove it" problems. In practice this means - depending on the
length of your spamfilter reason - regexes will be max ~300 characters.
Spamfilters set in the .conf can be slightly longer (which still causes them to be
truncated in '/stats f', but they don't have to be removed anyway so it's kinda
acceptable if it's really needed). This should fix bug #2083, reported by White_Magic.
'u' (user) target can cause severe problems (crashes, etc). For now, we have disabled
'viruschan' in combination with 'u'. A real fix will require quite some work, sorry.
escape them like in all bans (eg: to ban #* you need to +b ~c:#\*). As an additional
bonus, real wildcards are now accepted and processed (eg: +b ~c:#*sex*, just don't
forget to specify the #). Reported by PhantasyX (#2605).
- Sidenote on above: ~c:*chan* is not supported (use ~c:#*chan* instead) because it would
cause "hidden bans", therefore it now prints a message (which is useful anyway), but
does accept such remote bans. In 3.2.5 or so we could enable support for it, it's
not that important though... ;)
- Added ifdefs for mass closing of file descriptors on start, can now be disabled by
adding -DNOCLOSEFD as a compile option. Useful for valgrind w/--db-attach=yes, mpatrol,
and some other debugging tools (not useful for anyone normally running a server).
- Fixed a read-after-free: sptr->serv->aconf was freed but not NULL'ed in exit_client,
causing close_connection to read from it (when deciding on doing a quick reconnect).
Could have caused a crash, although nobody ever reported one...
- Removed useless strncpyzt with dest==src.
- Added -fno-strict-aliasing.. this might well be temporary, but we get tons of strict-
aliasing warnings, so it sounds good to disable this type of optimization for now.
and 2000 lines total that can be hotfixed if needed ;). The effort involved in moving all
this sucks a lot though :/. This might need some more testing to make sure it doesn't break
anything.
- Updated support OS list in documentation.
whenever a server is added to a network it has a lot of power that cannot simply be controlled
by things like unsetting operflags remotely or anything else. I don't want to encourage
anyone to use it.
- Redid include dependencies in Makefile, this makes things safer because on any .h change it
would force a recompile of all files, but it could mean things will be a bit slower for us
coders unless we tweak it later on.
- Changed whois a bit to print less useless results.
- Added several indicators to the "detect binary incompatible modules"-system such as detecting
of a ziplinks module on non-ziplinks (on windows this is ok however), nospoof module on a
a server without nospoof server, etc. Hopefully this will help some people preventing odd
crashes because they did not recompile or (re)install modules properly.
- Added './unreal backtrace', so far this has only been tested on Linux and FreeBSD.
- Fixed a bug making ./Config not load the previously stored settings on Solaris 10 and
probably other Unixes, reported by lion-o (#0002474).
system accept more characters. Basically what this means is that the (fast) badwords
system can now be used to properly block words with accents and things like that, just
the way you block English words. Bug reported by MJ12Helios (#0002311).
- Opers with can_override can now +qa/-qa even if they are not netadmins,
and they can also (un)set L/u.
- Fixed several SAMODE bugs, such as not completely working for non-netadmins and
not working if you were halfop'ed, etc.
Bugs reported by pak, aquanight, niphler, Bugz, and more.
If there are still any bugs left, please report them on http://bugs.unrealircd.org/
NOTE: some of these enhancements will produce desynchs if your net is not 100%
on current CVS / Unreal3.2.3 and an oper tries to use these 'new features'.
So use with care on mixed-version nets.
- Added 'czech-w1250' and 'slovak-w1250' (both might miss a few characters).
- Added 'windows-1250' group which contains czech-w1250, slovak-w1250, polish-w1250
and hungarian.
- Hungarian characters show both fine in w1250 and latin2, hence hungarian is included
both in 'windows-1250' and 'latin2'.
- Fixed bug: polish was not included in latin2
- If a locop now has can_override/can_gkline/can_gzline we will print out a warning and
convert it to globops. This is also what we always did for can_globalroute/can_gkill
(well, except the warning). Giving such NETWORK (GLOBAL) privileges to a LOCAL operator
does not make any sense and is therefore no longer allowed.
by Ron2K (#Ron2K).
- Module coders: using extcmode_default_requirechop is now depricated, check src/extcmodes.c
ctrl+f extcmode_default_requirechop for more details (solution: copy+paste & fill in modechar).
reported by seneces (#0002333).
- Fixed doc bug reported by Dukat (#0002374). Also fixed 2 error msgs related to
the nickchars system printing out incorrect set:: directives.
- spamfilter.conf and dccallow.conf are now also copied upon make install, reported by
TommyTheKid (#0002313).
- Build in some additional checks (especially for Chinese).
- Fixed a bug in chinese character range (affecting 3.2*)
- Relaxed nick character checking from remote servers (rely on NICKCHARS= PROTOCTL
to deal with problems). This is useful to prevent any kills in case we slightly
change the characters that are allowed in a language.
- Got rid of 'latin7', tiny mistake ;)
- Removed e' accent from German (used in borrow-words only), reported by Dukat.
- Added 'swiss-german', which is just German without es-zett, reported by Dukat.
- Added 'turkish', supplied by Ayberk Yancatoral.
If 2 servers try to link and the allowed nick characters do not fully match, then
the link will be rejected. Note that this will not prevent you from 3.2.2<->3.2.3/CVS
charsets mistakes, but only with linking CVS/3.2.3+ servers. Suggested by Troco (#0002360)
This might need some additional testing, but initial results are positive :).
- Renamed 'euro-west' to 'latin1' since that's more descriptive/fair ;)
- Added 'hungarian' [supplied by AngryWolf]
- Added category 'latin2': just Hungarian for now
- Added 'catalan' [supplied by Trocotronic]
- Added 'greek' [supplied by GSF]
- Added category 'latin7': alias for 'greek'
- Added category 'gbk': alias for 'chinese'
still cutoff if the nick is too long. Basically this is the same way as Hybrid does it
so it should work ok :).
- Added nick character system. This allows you to choose which (additional) characters
to allow in nicks via set::allowed-nickchars. See unreal32docs.html -> section 3.16
for a list of available languages and more info on how to use it.
Current list: dutch, french, german, italian, spanish, euro-west, chinese-trad,
chinese-simp, chinese-ja, chinese.
If you wonder why your language is not yet included or why a certain mistake is present,
then please understand that we are most likely not experienced (at all) in your language.
If you are a native of your language (or know the language well), and your language
is not included yet or you have some corrections, then contact syzop@vulnscan.org or
report it as a bug on http://bugs.unrealircd.org/
- If no log { } block is present a warning will be printed out and we will fallback
to a default of logging errors to ircd.log. Suggested by w00t (#0002327).
check if the user is voiced/halfoped/etc.. Especially useful for +e ~c. Idea from
Bugz (#0002198). Obviously all servers need to be upgraded to make this work.
throttle the number of joins per-user to X in Y seconds. Idea from Angrywolf (who
wrote a module that did this before). This might need some more testing :).
It's enabled by default but can be #undef'ed in include/config.h (line 449).
(perhaps this should be a different function?). Anyway, this means less diskspace
is needed (~1.5mb or more), and it also makes it a bit easier for RBAC (#2300).
- Made a new function DoMD5() which is ssl/non-ssl independent. Also made the cloaking
module and the auth functions use it. Hopefully I didn't break anything ;). Suggested
by Bugz (#2298).
- Modulized a lot of commands and related subfunctions: NICK (750 lines), USER (200),
MODE (2300), WATCH (250), JOIN (600), PART (250), MOTD (100), OPERMOTD (100),
BOTMOTD (100), LUSERS (100). More will follow soon (probably including more subfunctions
related to existing commands).
- [Module coders] Added new function: do_cmd(cptr, sptr, cmd, parc, parv) which is an
uniform method to call any other commands. For more info, see description in src/parcket.c.
This will be used for any further modulization of commands that need to call other
commands, like NICK (will be done soon).
translations.txt.
DEL: Unreal31_to_32.html & example.settings DUE TO outdated
MOD: Authors (added myself, updated griever end date), translations.txt (updated
to mention that it takes a lot of time, and added a note on using word/frontpage).
to send to normal users w/the snomask set.
- Fixed dcc filtering a bit more.
- Made usermode 'g' operonly since it didn't do much, reported by DukePyrolator (#0002024).
- Numeric audit: 15 small changes (int/long mismatches etc). This might have fixed some
bugs on architectures where 'long' and 'int' have different sizes (eg: opteron).
hardly ever seen (unless you have +s +j set). For example a bad link::bind-ip only caused
"Couldn't connect to xxxxxx" without any meaningful error message. Additionally, errors
sent to report_baderror() are now logged.
^^ way too long description for a small tweak :p
Gilou and Trankill for making me able to trace this issue down (#0002032).
- Fixed qline notices again: now gives msg #1 for local qlined-nick attempts, and
another msg in case of a remote client (eg: oper) using a qlined nick.
work just the same as the HOOKTYPE_LOCAL_* variants).
- Module coders: HOOKTYPE_REMOTE_CONNECT is now also called during net-merge. You can use
IsSynched(sptr->srvptr) to find out if it's called due to a net merge (0) or a connect (1).
- Added spamfiler 'user' (u) target. This regex is checked against nick!user@host:realname
when a user connects. This makes it easy to ban drones with simple patterns.
For example: '/spamfilter add u gzline 86400 Drone[0-9]+!.+@.+:Drone[0-9]'
would kill any drones that have both a nick and realname with 'Drone' followed by digits.
attacks (eg: rainbow) and prevents cracking of several passwords at once.
This change means /MKPASSWD will now just generate a different string than before.
Do note however, that the old syntax/encrypted passwords will still work and _will continue
to work_ in the future, for at least the whole 3.2* series.
If you are concerned with security and have some time, then converting your passwords
is probably a good idea... Just in case your configuration file gets stolen one day ;).
- MD5 password encryption is now always available on *NIX, even if SSL is disabled.
that you should pass the ZIP_LINKS etc options to 'nmake -f makefile.win32 custommodule'
many people didn't do this which caused odd problems when reading certain clientstructs.
Module coders: in the meantime, for 3.2.1 mods, use something like:
nmake -f makefile.win32 USE_ZIPLINKS=1 ZLIB_INC_DIR="c:\dev\zlib"
ZLIB_LIB_DIR="c:\dev\zlib\dll32" custommodule MODULEFILE=m_mymodule
For 3.2.2+ these additional parameters will no longer be needed (but wouldn't harm either).
weirdness, this also affected spamfilter (so any spamfilters added only at notice
and not at msg on windows would not work). Now using the real 'notice' parameter.
Also linked to a page with an unreal dev package which contains zlib+ssl+curl
precompiled. This basically means many people no longer need to compile zlib/ssl/curl
anymore themselves (which is a pain to do and takes a lot of time).
compiling modules and their (binary) compatability, zip links (zlib), ssl (OpenSSL)...
Remote includes (curl and c-ares) instructions still need to be added.
- Made 'Install as a service' unchecked by default, this should help beginners a lot.
/connect or autoconnect) and was not present in the cache. Reported and traced by sh0
(#0001976).
- Fixed compile bug at *NIX caused by ModuleGetErrorStr fix.
multiple reference count bugs, one related to sptr->serv->conf, and another one related
to sptr->serv->class. Both caused problems when someone did a /rehash when a server
was in the process of connecting (so it might also happen when connfreq was hit and you
did a /rehash). Original bug was reported by sh0 (#0001872).
- Updated example.conf: added all new flags we added in the example block, removed
old confusing comment on SEGV logging, config.h: ripped out lPATH since that define
isn't anywhere used and is only confusing.
because it's slightly faster (already replaced all of them in src/s_kline.c).
GetIP(acptr) will return the ip for local users and remote users that support NICKIP,
it returns NULL for remote users that are on non-NICKIP servers (or have non-NICKIP
servers along their path).
- internal: tkl_add_line now returns aTKline *
- Added some more hooks:
- HOOKTYPE_TKL_ADD [aClient *cptr, aClient *sptr, aTKline *tk]
- HOOKTYPE_TKL_DEL [aClient *cptr, aClient *sptr, aTKline *tk]
NOTE: 'NULL, NULL, tk' is used for *lines that are removed due to expiring
- HOOKTYPE_LOCAL_KILL [aClient *sptr, aClient *target, char *comment]
it will just accept it if it's from a remote server, and also ops/etc will be allowed
to REMOVE any unknown extbans (but not add new unknown ones).
- Added extended ban type ~n (nickchange ban), if a user matches this (s)he can not
change nicks (eg: +b ~n:*!*@*.aol.com) unless (s)he has voice or higher.
This can be useful as an overall measure for some +m chans (+b ~n:!*@*) or against
specific 'good' people that are just nickflooding due to a wrongly configured script.
- Added set::restrict-extendedbans by which you can disallow normal users to use
any extendedbans ("*") or disallow only certain ones (eg: "qc").
- Made the negative TS message a bit more annoying if time is off more than 10 seconds.
- Module coders: if CmdoverrideAdd() is called for an override that is already in place, it
now sets MODERR_EXISTS as errorcode and returns NULL (previously it added duplicates).
In the past module coders had many issues with PERM mods... you had to use weird tricks,
but now you can (and should!) just override on INIT and on HOOKTYPE_REHASH_COMPLETE.
- Moved register_user declaration to h.h, updated call in m_pingpong.c (due new 'ip' field).
- Usermode +v ('receive dcc send rejection notices') is oper-only now for privacy reasons.
- Added dcc allow { }, which allows one to make exceptions over deny dcc { }.
- Added deny dcc::soft and allow dcc::soft item, if set to 'yes' it allows someone
to explicitly override it per-person via /DCCALLOW (see next).
- Added DCCALLOW system, taken directly from bahamut.
With this system you can block certain (or all) DCC SENDs and then allow the user to
'override' this limit for every user he/she trusts via '/DCCALLOW +User'.
This is an attempt to stop (or at least limit) the spreading of viruses/etc.
See '/DCCALLOW HELP' for more info.
- Added example dccallow.conf which filters everything except some known
'safe types' (jpg, jpeg, png, gif, etc). Note that the purpose of this file
is NOT to get a complete list, rather to limit it to a few 'known safe' entries.
- Added set::maxdccallow: max number of entries of the DCCALLOW list (default: 10).
- Added release notes (no, we won't release 3.2.1 anytime soon.. just updating ;p).
- Added various extra messages to make it a bit more easier for people who are
upgrading (win32 commands.dll, cloaking mod).
- Made win32 ssl<->non-ssl modules binary compatible.
- Added ssl/non-ssl check in Mod_Version on *NIX.
- Added set::options::flat-map: This makes all servers look like they are linked
directly to the server you are on (/map, /links), thus you cannot see which server
is linked to which ("hopcount"). This can make it a bit harder for kiddies to find
any 'weak spots' (which server to attack/[D]DoS). Obviously opers will always
see the real map.
normal joins to the virus-help-channel. This way you could prevent users into
accidental (or tricked) joining of the virus-help-channel and becomming infected.
This feature is disabled by default. Requested by bleepy (#0001811).
- It now goes to <prefix> and higher, so '/notice +#chan hi!' goes to +vhoaq
- You need at least voice in order to be able to msg/notice +#chan, %#chan or @#chan
- You need at least ops in order to be able to msg/notice &#chan or ~#chan
- Any multi-prefix targets will be converted automatically (eg: ~&@#chan to @#chan).
- internal: use of the CHANOPPFX macro is now deprecated.
All of this was done to make it a bit more 'safe' and userfriendly (#0001812).
in a netjoin when there was no need to (nothing to synch).
- Added spamfilter::except which allows you to specify targets
(eg: channels) where spamfilter should not take action. Requested by Fury
(#0001586). Ex: set { spamfilter { except "#spamreport,#help"; }; };
- Improved 'viruschan' spamfilter target:
- better msg after the forced join
- +oaq's in set::spamfilter::virus-help-channel receive a notice about
which filter the user matched.
- it disables all commands except PONG, ADMIN, and msg/notices to
set::spamfilter::virus-help-channel.
- Made snomask +S also show the spamfilter reason field.
- Added class::pingfreq checking, should be 30-600 now.. else you might
get mysterious (mass) disconnect issues.
- Lol, I made /connect dissapear during modulizing ;).
- Fixed a few wrong macro's (ircstrdup/ircfree) in s_conf.c causing
very weird behavior... This also fixes a bug where set::spamfilter::ban-reason
would have the value of ban-time.
- Improved spamfilter again.
- The new syntax is:
/spamfilter [what] [type] [action] [tkltime] [reason] [regex]
[tkltime] specifies the duration of any *lines placed by this rule.
[reason] specifies the *line, kill and/or block reason.. no spaces
allowed, but '_' will be escaped to a space.
In both cases you can simply use '-' to skip and use the default.
Ex: /spamfilter add p block - - Come watch me on my webcam
/spamfilter add p gline 3h Please_go_to_www.viruscan.xx/
nicepage/virus=blah Come watch me on my webcam
- A message is now shown if the msg/notice/dcc is blocked.
- There are 2 new spamfilter action types:
'dccblock' will mark the user so (s)he's unable to send any files by DCC.
'viruschan' will part the user from all channels and join
set::spamfilter::virus-help-channel (default: #help).
this action might be improved to do more later.
- Internal: added EXTTKL PROTOCTL, this determinates if 10 parameters
instead of 8 are supported for m_tkl (used by spamfilter add).
This new system needs some testing... :)
value should now be one of EX_*:
EX_DENY : disallowed, except for oper override
EX_ALLOW : allowed
EX_ALWAYS_DENY : disallowed, even in case of operoverride (eg for
operlevel modes like +A).
Note that it's backward compatible since TRUE/EX_ALLOW=1 and FALSE/EX_DENY=0.
- Fixed a few bugs with oper override & extended chanmodes, for example
chanmode +T could not be set by a globop w/can_override and non-+hoaq.
by non-netadmin ircops in some (many) cases, reported by Zell (#0001541).
note: this fix is still "wrong", because the whole override/whatever
system is flawed ;p.
I worked on a few months ago... It tries to explain how to get a server/network
secured, what the potential risks are, etc... Of course security is a complex topic
so I cannot talk about everything in it, but I tried to mention the main risks and
what you can do about it in a (hopefully) simple and understandable language ;).
- Added snomasks 'S' (Spamfilter) which notifies you of any spamfilter matches.
- [internal] always return after spamfilter match, don't continue looping trough
targets list (eg in case of: /msg #a,#b,#c spamspam), otherwise you would get
duplicate notification msgs.
- Added SENDSNO server command, similar to SENDUMODE but for snomasks, this is
used by the spamfilter snomask (+S) so you get network-wide notifications.
- Added "compiled for.." versioning system, this way a beta17 module can't be loaded
on beta18, etc... People often forgot to recompile their modules or had old ones
somewhere by mistake, therefore crashing after upgrades... this should fix this
(in the future). Module coders don't have to do anything for making this work,
it's done automatically (via modules.h).
spamfilter::word to spamfilter::regex to make it even more clear (since we match
on the whole line and have nothing to do with words.. 'word' doesn't make sense).
- Updated docs with some better regex examples, reported by AngryWolf (#0001520).
called which might look a bit ugly, but is better than before (scattered on 3 places).
- Added snomasks 'N' which allows you to see nick changes of clients on other servers,
requested by several people (#0001323).
introduce throttling of other msgs (or making this configurable)... this is just
an exception because this msg is sent to _all opers_ and you cannot disable it by
unsetting certain snomasks. Anything lower than 15s would be bad anyway since this
is a very serious error condition. Requested by LoVeR (#0001412).
- Fixed 'no server notice on /restart or /die', reported by Lx (#0001062). This was caused
by a bug in flush_connections(&me), hopefully there won't be any side effects.
- Fixed file owner problems when IRC_UID/IRC_GID is used (eg: when running chrooted).
- Fixed crashbug if we were unable to write a remote include file to disk.
expire times, reason field, etc... Entries are now fully synced between servers.
Reported by Cnils (#0001448).
- Added umode +T to help.conf
- Fixed an issue with add/del/remove in /spamfilter being case sensitive.
"blind proxies" (like HTTP POST proxies).
- WebTV updates: made it so (user generated) channel notices are now displayed as
privmsgs in the channel. Also made the /knock channelnotice a privmsg for webtv.
random numbers. We will also no longer be using rand()/random() anywhere.
Thanks to dek\ for pointing out this is potentionally dangerous, especially on
win32 with NOSPOOF enabled.
integration now, no.. it doesn't work at all yet but most of the internal stuff
has now been done (but I temporarely need to work on other things now).
moved/added a lot of regex stuff, banaction/spamfilter helper functions, etc
into s_misc.c. [note: current code has some bugs but since the stuff isn't
used that's no problem... it's also a bit ugly, do NOT mail me about these things ;p]
- Enabled talk-trough-+M for opers (just like +m)
- Disabled talk-trough-+m/+M for opers if NO_OPEROVERRIDE is defined
- Display zlib/SSL version in /version (oper only)... will prolly be improved later.
- updated doc/compiling_win32.txt
Instead of 1 big list of *lines, it's now an array to easily distinct between types.
Also made tk->usermask static (USERLEN+2) instead of dynamic.
These changes should give enough speed improvement to make the new anti-spam/anti-ads
feature fast enough.
These bans look like ~<type>:<stuff>. Currently the following bans are available:
~q: quiet bans (ex: ~q:*!*@blah.blah.com). People matching these bans can join
but are unable to speak, unless they have +v or higher.
~c: channel bans (ex: ~c:#idiots). People in #idiots are unable to join the channel.
~r: gecos (realname) bans (ex: ~r:*Stupid_bot_script*). If the realname of a user
matches this then (s)he is unable to join.
NOTE: an underscore ('_') matches both a space (' ') and an underscore ('_'),
so this ban would match 'Stupid bot script v1.4'.
These bantypes can also be used in the channel exception list (+e).
+e ~r:*w00t* makes anyone with 'w00t' in their realname able to join,
and +e ~c:#admin makes anyone in #admin able to join, etc..
This system allows modules to add extended bantypes too.
This feature requires some additional testing, also the module interface will
probably be changed in the next few weeks, and perhaps more extended bans will
be added before next release.. we'll see...
If set to 'yes' or '1' it will strip all part comments,
if set to something else it will use that as a part comment.
- Partial cleanup of m_part (hopefully I didn't destroy anything).
- Minor stats compile warning fixed
with the same oper block. Suggested by kain.
- Made /dns oper-only (the ircd command, not your client /dns command :p).
- Various help.conf fixes. Reported by nukie (#0001373).
- Normal users can now get a list, versioninfo will be hidden however.
- Opers get some additional details like hooks and commandoverride's.
- Opers can use /module <servername> to get a remote list of loaded modules.
- Added flag [3RD] to show it's a 3rd party module
This was requested by by quite some people because serveradmins started to load
"spy modules" without clearly mentioning it in the MOTD (which is highly unethical
and in some countries even illegal due to privacy law). Also the remote module
list was requested by quite a few opers.
Sure, this isn't a 100% guarantee but at least if someone goes hiding stuff
then it's clear what their intentions are (and thus will be refused support, ..).
- Changed emailaddr in help window at windows to unreal-users mailinglist.
- Made the cloak mismatch msg during linking a bit more scary.
- Added comment to 'Install as a service' option in installer to help n00bs a bit.
this will currently produce a lot of warnings with -Wall.
- Fixed 159 of 184 warnings detected by the above, the other warnings are false.
Most warnings had to do with long vs int, and thus the format strings (%d->%ld)
or the vars (int->long) have been changed (many of these were time_t/TS vs int).
Only a few rare crashbugs were discovered.
- Module coders: for HOOKTYPE_LOCAL_CHANMODE the 'sendts' parameter was changed
from type 'int' to 'time_t', while in most circumstances (like on ia32)
you won't notice, I suggest you to update your callback functions anyway.
- Possibly fixed an issue with set::modes-on-join and mode +f, it could have
set random remove-chanmode times in the default chanmode line.
- Fixed two OperOverride kick bugs:
- If ircop is +h and victim is +h it would deny it, reported by Special (#0001308)
- Ircops (all except netadmin) had trouble kicking +q people, if the ircop isn't
op'ed he can kick them, but if he has +o he can't. Reported by Michi (#0001012).
If you use mixed unreal versions you can get desynch problems if you use those
fixed things (like kick a +h if you are +h) because older servers will still block
the kick. You will receive a 'You cannot kick channel' message from every older
server so you'll at least be notified ;p.
- Added 'action' field to ban version { } which can be: kill: kills the user (default),
tempshun: shun the specific connection only, kline/zline/gline/gzline/shun: place
a ban on *@IP. Time of those bans can be specified in set::ban-version-tkl-time.
It's up to the admin to take a good decision, sometimes zlines are best (=won't use
much sockets but will reconnect quite quickly), sometimes tempshun (=will use 1 socket
but generates nearly no network traffic), sometimes klines/glines, etc..
- Changed some useless stuff.
- Enabled EXTCMODE by default, I presume it's stable but can't promise anything.
- Module coders: changed 'allowed' callback function for umodes&snomasks,
from 'aClient *sptr' to 'aClient *sptr, int what'.
'what' will be MODE_ADD if trying to add and MODE_DEL if trying to remove.
- Added checks for /sethost&/chghost to same host.
- Added remove-chanmode-after-X-minutes in +f.
The format is +f [30j#R5]:15, where 5 is the "do -R after 5 minutes". For a default
action like +i you would have to do the same: +f [30j#i5]:15 (remove 'i' after 5 minutes).
Additionally, 2 config items are added:
- set::modef-default-unsettime, if this is set to for example '5' then things like
+f [30j]:15 will be transormed into +f [30j#i5]:15. It's just a default, the user can still
override it. By default this feature is not used.
- set::modef-max-unsettime, specifies the maximum amount of time for the <time> parameter,
by default this is set to 60 (=1 hour), the value should be between 0 and 255.
I didn't do the extended tests I usually do but it seems stable, also the docs are updated
but are probably updated again later to make it a bit more readable.
Feel free to report any bugs as soon as you discover them.
The only thing I could think of is: _usually_ only 1 server will have the -i/-R/.. timer
running, so if that server splits (or even worse dies) it will only be -i/-R/.. at that server
and when they sync back they merge chanmodes so +i/+R is set again.
I don't consider this a huge problem but maybe it can be inconveniently, if people have
a lot of trouble with this I'll have to consider a 50% recode of the +f system :/.
- (Just for the record, this audit has nothing to do with the ircnet buffer overflow,
unrealircd is not vulnerable)
- Various fixes
- Visual bug regarding +f & server synching, it was sometimes setting mode +f multiple
times depending on the ban-/userlist.
- Fixed a possible desynch regarding chmode +L.
- Fixed possible client confusion regarding bans.
==
- Allow o/a/q'd users to nickchange if banned (#0001150).
- Added badword all { }, this will add the badword to the badword channel, badword message
and badword quit lists... could be useful :p.
- Little config.h cleanup (removed obsolete non-working defines).
===
- Internal code cleanups: EOS var rename, got rid of old UnknownUser structs, moved
anti away flood to new flood struct.
- Changed away flood configuration to set::anti-flood::away-flood <count>:<period>.
- Added nickflood protection, can be set in set::anti-flood::away-flood <count>:<period>
to allow max 'count' nickchanges per 'period' seconds. The default is 3 per 60s.
As usual, the nickchange limiting does not apply to ircops.
- Updated example.conf with a more strict default oper-only-stats.
- Made '/stats S' and '/stats Z' oper only again (always).
- Hopefully fixed incoming/outgoing rate in /stats T. Only the stats of the first
listener was counted instead of the total. This also explains why on some (many?)
ircd configurations it always showed 0.00 kb/s and why HTM (high traffic mode)
was never kicking in.
- 005 CHANMODES= set back to original value before extcmode merge
- made some functions in channel.c non-static so module coders
can use them (they are not defined in the header files [yet] however).
- fixed 2 minor oob write issues
- Module coders: new hooks: part, kick, chanmode, topic. changed: quit (added 'comment' param).
- Enlarged REPORT_* vars a bit.
- IPv6: UnrealIRCd can now lookup ip6.arpa addresses too (original IRCnet patch modified for
UnrealIRCd by Onliner).
* Removed thread questions from Config, and autoconf code from
configure.in, leaving in the old macros though, but inactive
--enable-standardthreads is dead as of now
* Undefined HOOKTYPE_SCAN_INFO
* Removed CONF_EXCEPT_SCAN
* Removed locking in events, Lock/UnlockEventSystem still active for other
possible uses.
* Removed scanners, web server module
* Removed except scan {}
* Removed SCAN_API stuff from l_commands.c, win32 makefiles, etc
* Removed basically any mentions of threads in source tree, excepting
threads.h which Resolver uses on win32
* Documentation changes not done yet
If BUFFERPOOL dbuf_put would return -1, but at some places !dbuf_put was used,
I've changed it so it will return 0 (so use !dbuf_put now, don't use dbuf_put(...) < 0 :P).
I also added some nice warning thing. I couldn't send from the send routine because that's risky ;).
And...... I also doubled the default BUFFERPOOL, so if you leave everything the default then
BUFFERPOOL is now 52Mb instead of 26Mb, which should be ok for now.
This is more usefull than the no nameserver + useip solution since with this no resolving
is done for incomming clients, but connecting to other servers (with hostnames) still works fine ;P.
multihomed issue:
Instead of binding cptr->listener->ip it now uses getsockname(), otherwise it
won't work if you have a listen *:6667 thing + multihomed (it will connect for
example from 33.33.33.1 while the client connected to 33.33.33.5.
connect issue:
there was some kind of file descriptor race condition because of the way our
whole read_message() thing is coded... an ident socket might have been closed
+ a new might have been accepted... blablabla ;)
I wonder if anyone reads these CVS logs lol :).
Also colour -> color ;P.
And... removed doc/Unreal31_to_32.html because it's no longer needed now
since I have integrated it in the features section / unreal32docs.html.
- Module changes: added two hooks: HOOKTYPE_USERMSG and HOOKTYPE_CHANMSG, changed umode_get.
The HOOKTYPE_USERMSG has been tested with a +D (deaf for private msgs except for opers)
module, the channel thing not yet...
added global/local mode flag to umode_get, or use umode_lget (local) / umode_gget (global) :P.
Blah.
The bug was it did free the yeslist/nolist elements but not the data in it (lp->value) :PP.
Changed to use free_str_list() instead, just like in exit_client.
* same for scan message
* don't say "you have not registered" on NOTICE in unregistered state.
* made a send_prot(aClient, ConfigItem_link) for sending PROTOCTL message,
takes care of sending ZIP in token in case of a ziplink (indeed, I don't
send "ZIP" if it's not marked as a ziplink).
* added automatic fallback tot uncompressed link in case one of the sides
has zip turned off or not compiled in.
* added configcheck for link::options::zip turned on when not compiled
in (just like we do with ssl).
- Currently it's not possible to compile with ZIP_LINKS _and_ SSL without changing zlib.h :(.
It really sucks... it's because zlib.h has a typedef for 'free_func' and this is also used
in openssl header files as a (useless) name... :((. I did some updates to allow future zlib
changes, dunnow if they will because it can break other zlib programs. It compiled fine at
windows, but not at Linux... you need to replace free_func to zlib_free_func in zlib.h in
order to get ZIP_LINKS + SSL to work... but like I said, that may break programs (ARGH!).
IsHidden(sptr) ? sptr->user->virthost : sptr->user->realhost
stuff to a simple GetHost(sptr) macro (defined in struct.h).
Smaller and less error phrone :). Also fixed the if IsHidden -> if (IsHidden
found by codemastr .
- Made async resolve-and-connect work
- Added link::options::nodnscache which means Unreal will not cache the host forever for
outgoing server connections, you could for example enable this if you are linking two servers
with an often changing host (like dyndns.org).
* Changed layout
* Removed text, split up 3.1.x->3.2.x upgrade info to Unreal31_to_32.html
(actually that's just .RELEASE.NOTES, need a bit more explanation and
stuff about converting configs etc).
* Improved Me, Class, Allow, Listen and Set block text/layout/etc.
* Removed typo's
at windows and not at *NIX? Also it's incompatible with running as a service.
AFAIK it doesn't increase security very much: if you own the box you can easily
snif the keyboard, read the certificate from memory, etc..
- Fixed bug in +q/+a list (/mode #chan q) <= lol this was some historic
bug by DrBin or something ;). In case you wanna know.. the whole loop logic
was wrong... initalisation vs null pointer check... ;).
which is set if dead_link is called. You will now see "Write error",
"Max SendQ exceeded" etc error messages in the quit reason instead of just
the "Dead socket" message. Changed "notice" parameter of dead_link, now just
the reason and not a format string, maybe rename that var.
instead of using a 2nd flag here for the special case of "the first zip msg"
like in hybrid/etc I use cptr->zip->first to flag that. Except for the many
#ifdef ZIP_LINKS blocks added I also had to do some stuff outside it, like
crc32->our_crc32 because zlib defines it, made a READBUF define (8192),
added a msg var to parsing/send functions.. blah.. etc ;P.
I've also put the patch online at www.vulnscan.org/tmp/zip_links.diff so you
can easily look what I've changed.
TODO: ask in ./Config if ziplinks should be enabled and let ./configure check
for zlib + add the library to IRCDLIBS in Makefile if enabled.
TODO: some little code cleanups
then does a -x virthost gets freed and the user can join again/circumvent the ban.
virhost should probably be moved in to the User struct like char virthost[HOSTLEN+1]
but in the meantime I've just removed the free() when someone does -x.
I noticed we already do make_userhost at connect even if mode +x isn't set, and also
is_banned checks if virthost exists.. if so -> check if that's banned... so this
patch won't decrease performance much.
We were doing: T_AAAA, if that fails then T_A. But in that case when a host
has both T_A and T_AAAA entries, the reverse lookup will fail for ipv4.
Now using T_ANY to fetch both T_A and T_AAAA addresses at once.
We were doing "deny known bad characters" instead of "only allow known good characters", this was REALLY bad...
This patch limits hostnames to alphanumeric, '-', '_' and '.'.
for (i = 0; &HE(cp)->h_addr_list[i]; i++) was used in ipv4 mode, but should be
without the &... this caused some stalls (like 11 seconds) at my machine because the
loop was executing >1 million times (I don't understand why it didnt crash however).
time function, however my fix was wrong / usually the out of bounds memory
reading went well so the function worked... now it didn't... patched ;P.
Some examples: 4s = 8, 1m = 61, 1h = 3601, 1h2m = 3722.
'getsockopt(IP_OPTIONS)' reported in bug #0000616. There's still one around
somewhere, but it's a start. Also modified report_error so it reports both
the socket error AND the system error if they are different.
- Documentation - Updated sec1.1 - Instructed to use bugs.unrealircd.org to report problems with docs
- Documentation - Updated misc hyperlinks - doc/unreal32docs.html
- Documentation - Updated sec3.31 - Added better description to the format we present set:: settings
- Documentation - Updated sec3.31 - Added more details to set directives
- Documentation - Updated sec3.25 - Added option vhost::swhois to section 3.25 Vhost block
- Documentation - Replaced text vair {} with <> to prevent confusion.
- Documentation - Documented that lusers now supports remote servers
- Documentation - Corrected vhost::from example as reported by joolz #329
- Documentation - Corrected set::scan:messages, currently listed as set::messages - as reported by joolz (#329)
- Documentation - Added channel mode t & description as reported by stfcs (#315)
+ fail-if-no-clientcert - If SSL client connects and doesn't provide a client certificate, abort connection immediately
+ verify-certificate - Check the certificate's validity using X509 methods, check if we trust CA's, etc.
+ It however does slip self signed certificates through UNLESS
+ no-self-signed - Don't allow self-signed certificates through (requires verify-certificate)
+- Made conf parser mention if we make a link->options with CONNECT_SSL if we don't support SSL (and remove the CONNECT_SSL flag)
+- Made conf parser mention if we make a SSL listener and we don't support SSL
+- Added set::ssl::trusted-ca-file, if enabled, it will point the SSL stuff to use that file as trusted CA's (for verify-certificate)
+- Made conf _not_ bitch that it doesn't know set::ssl
+- Removed some leftover client certificate stuff
this allows the admin to decide a standard custom quit for users. so they
won't be able to make their own quits. This affects set::prefix-quit and
ANTI_SPAM_QUIT_TIME - it simply replaces it with the message if enabled
- Updated .CHANGES.NEW with new version # and link to docs
- Updated .RELEASE.NOTES with new version # and link to docs
- Added NEW doc/unreal32docs.html Docs
- Removed .NEW_CONFIG - No longer needed
- Removed INSTALL - Refer to NEW docs Unreal32docs.html
- Removed doc/commands.txt - Refer to NEW docs Unreal32docs.html
- Removed doc/faq - Refer to NEW docs Unreal32docs.html
- Removed doc/conf.doc - Refer to NEW Docs Unreal32docs.html
- Removed doc/unrealircd.doc - Refer to NEW docs Unreal32docs.html
- Removed doc/Elite.Changes - Out Dated
- Removed doc/services-install-guide - Refer to NEW docs Unreal32docs.html
- Modfied Unreal.nfo to include ref. to new docs
+ ircd_SSL_read must emulate the same. codemastr: could you check what the
+ win32 equiviant of EIO is? I don't think my WSAEIO or whatever I called it
+ in sys.h is correct.
on non WIN32 systems
- Depricated AKILL/RAKILL and made them alias to TKL G +/- - for normal users they
just reply that the commands are depricated. Server compatiblity is maintained.
Eventually it will just be removed. Thank god for modules.
the +I functionality. Code is still in IRCd, but isn't used until module
is loaded. Loading of this will cause an R to be added to /version
flags. Hopefully this will satisify some people's thoughts about a so
called spy tool being enabled by default. Also added flag_add(char *)
and flag_del(char) for modules to add to flags string. -Sts
- Removed -win32 postfix for wircds, look in /version for W instead
- Removed ircnetwork part of /version
new command format:
SMO modes :message
OR
SMO modes snomasks :message
if you want to use JUST snomasks, put "+" as the mode
the modes parameter accepts a snomask as long as there
isn't a mode with same name
@if test -z "${MODULEFILE}";thenecho"Please set MODULEFILE when calling \`\`make custommodule''. For example, \`\`make custommodule MODULEFILE=callerid''." >&2;exit 1;fi
Ok, in order to save time, and my nerves i am writing this short readme, and eventually an FAQ (after people ask questions) =)
This is information on how to run the win32 version, it does not say, and WILL not say how to use an ircd, as that is sufficiently docuimented in the docs !!!!
you will NEED to modify/create an ircd.conf, follow the documentation for that.
Right, thats almost it( that i can think of), but what happens if the server Crashes ???
AC_WARN(SSL support could not be enabled because openssl/ssl.h could not be found)
fi
])
dnl module checking based on Hyb7's module checking code
AC_DEFUN(AC_ENABLE_DYN,
[
AC_CHECK_FUNC(dlopen,, AC_CHECK_LIB(dl, dlopen,IRCDLIBS="$IRCDLIBS-ldl",AC_MSG_WARN(Dynamic linking is not enabled because dlopen was not found) AC_DEFINE(STATIC_LINKING)))
hold_cflags=$CFLAGS
CFLAGS="$CFLAGS -export-dynamic"
AC_CACHE_CHECK(if we need the -export-dynamic flag, ac_cv_export_dynamic, [
AC_ARG_WITH(hostname, [ --with-hostname=host Specify the local hostname of the server], AC_DEFINE_UNQUOTED(DOMAINNAME,"$withval"),AC_DEFINE_UNQUOTED(DOMAINNAME,"`hostname`"))
AC_DEFINE_UNQUOTED(MYOSNAME,"`uname -a`")
AC_ARG_WITH(permissions, [ --with-permissions=permissions Specify the default permissions for
AC_ARG_ENABLE(hub, [ --enable-hub Compile as a hub server], AC_DEFINE(HUB))
AC_ARG_ENABLE(ssl, [ --enable-ssl Enable client and server SSL connections ], AC_ENABLE_SSL)
AC_ARG_ENABLE(dynamic-linking, [ --enable-dynamic-linking Make the IRCd dynamically link shared objects rather than statically ], AC_ENABLE_DYN, AC_DEFINE(STATIC_LINKING))
AC_ARG_ENABLE(inet6, [ --enable-inet6 Make the IRCd support IPv6 ], AC_ENABLE_INET6)
AC_ARG_ENABLE(standardthreads, [ --enable-standardthreads Use standard threads ], USESTDTHREAD="1")
AC_SUBST(IRCDDIR)
AC_SUBST(BINDIR)
ACX_PTHREAD
CC="$PTHREAD_CC"
CFLAGS="$CFLAGS $PTHREAD_CFLAGS"
IRCDLIBS="$IRCDLIBS $PTHREAD_LIBS"
AC_MSG_CHECKING(if FD_SETSIZE is large enough to allow $ac_fd file descriptors)
for dir in $enable_ssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr; do
ssldir="$dir"
if test -f "$dir/include/openssl/ssl.h"; then
AC_MSG_RESULT([found in $ssldir/include/openssl])
found_ssl="yes";
if test ! "$ssldir" = "/usr" ; then
CFLAGS="$CFLAGS -I$ssldir/include";
fi
break
fi
if test -f "$dir/include/ssl.h"; then
AC_MSG_RESULT([found in $ssldir/include])
found_ssl="yes";
if test ! "$ssldir" = "/usr" ; then
CFLAGS="$CFLAGS -I$ssldir/include";
fi
break
fi
done
if test x_$found_ssl != x_yes; then
AC_MSG_RESULT(not found)
echo ""
echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
echo "You have two options:"
echo "a) Install the needed binaries and libraries"
echo " and run ./Config"
echo "OR"
echo "b) If you don't need SSL..."
echo " Run ./Config and say 'no' when asked about SSL"
echo " (or pass --disable-ssl to ./configure)"
echo ""
exit 1
else
CRYPTOLIB="-lssl -lcrypto";
if test ! "$ssldir" = "/usr" ; then
LDFLAGS="$LDFLAGS -L$ssldir/lib";
fi
AC_DEFINE([USE_SSL], [], [Define if you want to allow SSL connections])
fi
])
])
AC_DEFUN([CHECK_ZLIB],
[
AC_ARG_ENABLE([ziplinks],
[AC_HELP_STRING([--enable-ziplinks=DIR],[enable ziplinks. will check /usr/local /usr /usr/pkg. Note that SSL does its own compression, so you won't need this for SSL links.])],
[],
[enable_ziplinks=no])
AS_IF([test $enable_ziplinks != "no"],
[
AC_MSG_CHECKING([for zlib])
for dir in $enable_ziplinks /usr/local /usr /usr/pkg; do
zlibdir="$dir"
if test -f "$dir/include/zlib.h"; then
AC_MSG_RESULT(found in $zlibdir)
found_zlib="yes";
if test "$zlibdir" != "/usr" ; then
CFLAGS="$CFLAGS -I$zlibdir/include";
fi
AC_DEFINE([ZIP_LINKS], [], [Define if you have zlib and want zip links support.])
break
fi
done
if test x_$found_zlib != x_yes; then
AC_MSG_RESULT([not found])
echo ""
echo "Apparently you do not have the zlib development library installed."
echo "You have two options:"
echo "a) Install the zlib development library"
echo " and run ./Config"
echo "OR"
echo "b) If you don't need compressed links..."
echo " Run ./Config and say 'no' when asked about ziplinks support"
AC_DEFINE_UNQUOTED([UNREAL_VERSION_SUFFIX], ["$UNREAL_VERSION_SUFFIX"], [Version suffix such as a beta marker or release candidate marker. (e.g.: -rc2 for unrealircd-3.2.9-rc2)])
AC_PROG_CC
if test "$ac_cv_prog_gcc" = "yes"; then
CFLAGS="$CFLAGS -funsigned-char"
AC_CACHE_CHECK(if gcc has a working -pipe, ac_cv_pipe, [
AC_DEFINE([POSIX_SIGNALS], [], [Define if you have POSIX signals])
elif test "$ac_cv_sigtype" = "BSD"; then
AC_DEFINE([BSD_RELIABLE_SIGNALS], [], [Define if you have BSD signals])
else
AC_DEFINE([SYSV_UNRELIABLE_SIGNALS], [], [Define if you have SYSV signals])
fi
AC_CHECK_FUNCS(strtoken,,AC_DEFINE([NEED_STRTOKEN], [], [Define if you need the strtoken function.]))
AC_CHECK_FUNCS(strtok,,AC_DEFINE([NEED_STRTOK], [], [Define if you need the strtok function.]))
AC_CHECK_FUNCS(strerror,,AC_DEFINE([NEED_STRERROR], [], [Define if you need the strerror function.]))
AC_CHECK_FUNCS(index,,AC_DEFINE([NOINDEX], [], [Define if you do not have the index function.]))
AC_CHECK_FUNCS(strtoul,,STRTOUL="strtoul.o")
AC_CHECK_FUNCS(bcopy,,AC_DEFINE([NEED_BCOPY], [], [Define if you don't have bcopy]))
AC_CHECK_FUNCS(bcmp,,AC_DEFINE([NEED_BCMP], [], [Define if you don't have bcmp]))
AC_CHECK_FUNCS(bzero,,AC_DEFINE([NEED_BZERO], [], [Define if you need bzero]))
AC_CHECK_FUNCS(strcasecmp,AC_DEFINE([GOT_STRCASECMP], [], [Define if you have strcasecmp]))
save_libs="$LIBS"
LIBS="$LIBS $SOCKLIB $INETLIB"
AC_CHECK_FUNCS(inet_addr,,AC_DEFINE([NEED_INET_ADDR], [], [Define if you need inet_addr]))
AC_CHECK_FUNCS(inet_ntoa,,AC_DEFINE([NEED_INET_NTOA], [], [Define if you need inet_ntoa]))
AC_CHECK_FUNCS(inet_netof,,AC_DEFINE([NEED_INET_NETOF], [], [Define if you need inet_netof]))
LIBS="$save_libs"
AC_CHECK_FUNCS(syslog,AC_DEFINE([HAVE_SYSLOG], [], [Define if you have syslog]))
AC_SUBST(STRTOUL)
AC_SUBST(CRYPTOLIB)
AC_SUBST(MODULEFLAGS)
AC_ARG_WITH(listen, [AS_HELP_STRING([--with-listen=backlog],[Specify the listen backlog value])],
[AC_DEFINE_UNQUOTED([LISTEN_SIZE], [$withval], [Set to the listen backlog size you want])],
[AC_DEFINE([LISTEN_SIZE], [5], [Set to the listen backlog size you want])])
AC_ARG_WITH(nick-history, [AS_HELP_STRING([--with-nick-history=length],[Specify the length of the nickname history])],
[AC_DEFINE_UNQUOTED([NICKNAMEHISTORYLENGTH], [$withval], [Set to the nickname history length you want])],
[AC_DEFINE([NICKNAMEHISTORYLENGTH], [2000], [Set to the nickname history length you want])])
AC_ARG_WITH([sendq], [AS_HELP_STRING([--with-sendq=maxsendq],[Specify the max sendq for the server])],
[AC_DEFINE_UNQUOTED([MAXSENDQLENGTH], [$withval], [Set to the max sendq you want])],
[AC_DEFINE([MAXSENDQLENGTH], [3000000], [Set to the max sendq you want])])
AC_ARG_WITH(bufferpool, [AS_HELP_STRING([--with-bufferpool=size],[Specify the size of the buffer pool])],
[AC_DEFINE_UNQUOTED([BUFFERPOOL],[($withval * MAXSENDQLENGTH)], [Set to the bufferpool size you want])],
[AC_DEFINE([BUFFERPOOL],[(18 * MAXSENDQLENGTH)], [Set to the bufferpool size you want])])
AC_ARG_WITH(permissions, [AS_HELP_STRING([--with-permissions=permissions], [Specify the default permissions for
configuration files])],
dnl We have an apparently out-of-place 0 here because of a MacOSX bug and because
dnl we assume that a user thinks that `chmod 0600 blah' is the same as `chmod 600 blah'
dnl (#3189)
[AC_DEFINE_UNQUOTED([DEFAULT_PERMISSIONS], [0$withval], [The default permissions for configuration files. Set to 0 to prevent unrealircd from calling chmod() on the files.])],
[AC_DEFINE([DEFAULT_PERMISSIONS], [0600], [The default permissions for configuration files. Set to 0 to prevent unrealircd from calling chmod() on the files.])])
AC_ARG_WITH(dpath, [AS_HELP_STRING([--with-dpath=path],[Specify the path where configuration files are stored])],
[AC_DEFINE_UNQUOTED([DPATH], ["$withval"], [Define the location of the configuration files])
IRCDDIR="$withval"],
[AC_DEFINE_UNQUOTED([DPATH], ["`pwd`"], [Define the location of the configuration files])
IRCDDIR="`pwd`"])
AC_ARG_WITH(fd-setsize, [AS_HELP_STRING([--with-fd-setsize=size], [Specify the max file descriptors to use])],
[ac_fd=$withval],
[ac_fd=1024])
AC_DEFINE_UNQUOTED([MAXCONNECTIONS], [$ac_fd], [Set to the max connections you want])
dnl It would be nice if this could just respect --bindir like every other
dnl program does someday... -- ohnobinki
AC_ARG_WITH(spath, [AS_HELP_STRING([--with-spath],[Specify the location of the executable])],
[AC_DEFINE_UNQUOTED([SPATH], ["$withval"], [Define the location of the executable])
BINDIR="$withval"],
[AC_DEFINE_UNQUOTED([SPATH], ["`pwd`/src/ircd"], [Define the location of the executable])
BINDIR="`pwd`/src/ircd"])
AC_ARG_ENABLE([prefixaq],
[AS_HELP_STRING([--disable-prefixaq],[Enable chanadmin (+a) and chanowner (+q) prefixes])],
[],
[enable_prefixaq=yes])
AS_IF([test $enable_prefixaq = "yes"],
[AC_DEFINE([PREFIX_AQ], [], [Define if you want +a/+q prefixes])])
AC_ARG_WITH(showlistmodes,
[AS_HELP_STRING([--with-showlistmodes], [Specify whether modes are shown in /list])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([LIST_SHOW_MODES], [], [Define if you want modes shown in /list])])])
AC_ARG_WITH(topicisnuhost, [AS_HELP_STRING([--with-topicisnuhost], [Display nick!user@host as the topic setter])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([TOPIC_NICK_IS_NUHOST], [], [Define if you want nick!user@host shown for the topic setter])])])
AC_ARG_WITH(shunnotices, [AS_HELP_STRING([--with-shunnotices], [Notify a user when he/she is no longer shunned])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([SHUN_NOTICES], [], [Define if you want users to be notified when their shun is removed])])])
[AC_DEFINE([NO_OPEROVERRIDE], [], [Define if you want OperOverride disabled])])])
AC_ARG_WITH(disableusermod, [AS_HELP_STRING([--with-disableusermod], [Disable /set* and /chg*])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([DISABLE_USERMOD], [], [Define if you want to disable /set* and /chg*])])])
AC_ARG_WITH(operoverride-verify, [AS_HELP_STRING([--with-operoverride-verify], [Require opers to invite themselves to +s/+p channels])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([OPEROVERRIDE_VERIFY], [], [Define if you want opers to have to use /invite to join +s/+p channels])])])
AC_ARG_WITH(disable-extendedban-stacking, [AS_HELP_STRING([--with-disable-extendedban-stacking], [Disable extended ban stacking])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([DISABLE_STACKED_EXTBANS], [], [Define to disable extended ban stacking (~q:~c:\#chan, etc)])])])
AC_ARG_WITH(system-tre, [AS_HELP_STRING([--with-system-tre], [Use the system tre package instead of bundled, discovered using pkg-config])], [], [with_system_tre=no])
AC_ARG_WITH(system-cares, [AS_HELP_STRING([--with-system-cares], [Use the system c-ares (at least version 1.6.0) package instead of bundled c-ares, discovered using pkg-config])], [], [with_system_cares=no])
CHECK_SSL
CHECK_ZLIB
AC_ARG_ENABLE(dynamic-linking, [AS_HELP_STRING([--disable-dynamic-linking], [Make the IRCd statically link with shared objects rather than dynamically (noone knows if disabling dynamic linking actually does anything or not)])],
Example: NOTICE codemastr,Stskeeps :Hi codemastr and Stskeeps.
MODE
- Used to change the mode of a channel or a user. You can only change modes for channel you are an Operator or Half-Op on. Also, you can only changes user modes for yourself.
- Changes your "online identity" on a server. All those in the channel you are in will be alerted of your nickname change.
Syntax: NICK <new nickname>
Example: NICK |codemastr|
JOIN
- Used to enter one or more channels on an IRC server. All occupants of the channel will be notified of your arrival.
Syntax: JOIN <chan>,<chan2>,<chan3>
Example: JOIN #UnrealIRCD
Example: JOIN #UnrealIRCD,#OperHelp
PING
- Determines the amount of lag (time it takes for a response to reach a person and come back) between yourself and someone else.
Syntax: PING <user>
Example: PING Stskeeps
WHOIS
- Shows information about the user in question, such as their "name", channels they are currently in, their hostmask, etc.
Syntax: WHOIS <user>
Example: WHOIS DrBin
ISON
- Used to determine of a certain user or users are currently on the IRC server based upon their nickname.
Syntax: ISON <user> <user2> <user3> <user4>
Example: ISON Stskeeps DrBin codemastr NickServ ChanServ OperServ MemoServ
USER
- Used during registration to server (i.e. during inital connection sequence.)
PART
- Used to part (or leave) a channel you currently occupy. All those in the channel will be notified of your departure.
Syntax: PART <chan>,<chan2>,<chan3>,<chan4>
Example: PART #UnrealIRCD
Example: PART #UnrealIRCD,#OperHelp
QUIT
- Disconnects you from the IRC server. Those in the channels you occupy will be notified of your departure. If you do not specify a reason, your nickname becomes the reason.
Syntax: QUIT <reason>
Example: QUIT Leaving!
USERHOST
- Returns the userhost of the user in question. Usually used by scripts or bots to retrieve userhost information.
Syntax: USERHOST <nickname>
Example: USERHOST codemastr
SVSNICK
- Can only be used by a U:Lined server (i.e. services). Changes the nickname of the user in question.
- Can only be used by a U:Lined server (i.e. services). Changes the mode of the channel or user in question.
Syntax: SVSMODE <channel/user> :<mode>
Example: SVSMODE #UnrealIRCD :+o Stskeeps
Example: SVSMODE codemastr :+i
LUSERS
- Provides local and global user information (such as current and maximum user count).
Syntax: LUSERS <server>
CHANSERV
- Will send a secure message to ChanServ. Similar to /msg ChanServ, but more secure. May not work if server is configured improperly.
TOPIC
- Sets/Changes the topic of the channel in question, or just display the current topic.
Syntax: TOPIC <channel>
Syntax: TOPIC <channel> <topic>
Example: TOPIC #operhelp
Example: TOPIC #UnrealIRCD Welcome to the Unreal IRCD Home Channel.
INVITE
- Sends a user an invitation to join a perticular channel. You must be an operator on the channel in order to invite a user into it.
Syntax: INVITE <user> <channel>
Example: INVITE codemastr #OperHelp
KICK
- Removes a user from a channel. Can only be used by Operators or Half-Ops. If no reason is specified, your nickname becomes the reason.
Syntax: KICK <channel> <user> <reason>
WALLOPS
- Sends a "message" to all those with the umode +w. Only IRCops can send wallops, while anyone can view them.
Syntax: WALLOPS <message>
KILL
- Forcefully disconnects a user from an IRC Sever. Can only be used by IRCops.
Syntax: KILL <user> <reason>
Example: KILL Clone5 Cloning is not allowed
AWAY
- Sets your online status to "away".
Syntax: AWAY <reason> (AWAY without a reason will unset you away)
Example: AWAY Walking the dog...
SQUIT
- Disconnects an IRC Server from the network
Syntax: SQUIT <server>
Example: SQUIT leaf.*
WHO
- Searches user information (-i users only) for supplied information. IRCops are a ble to search +i users.
Syntax: WHO <search>
Example: WHO *.aol.com
WHOWAS
- Retrieves previous 'WHOIS' information for users no longer connected to the server.
Syntax: WHOWAS <nickname>
Example: WHOWAS Stskeeps
LIST
- Provides a complete listing of all channels on the network. If a search string is specified, it will only show those matching the search string.
Syntax: LIST <search string>
Example: LIST
Example: LIST *ircd*
NAMES
- Provides a list of users on the specified channel.
Syntax: NAMES <channel>
Example: NAMES #help
OPER
- Attempts to give a user IRCop status.
Syntax: OPER <uid> <pass>
Example: OPER codemastr codeit
CONNECT
- Links another IRC server to the one you are currently on. Remote connections are also possible.
Syntax: CONNECT <server>
Syntax: <CONNECT> <hub> <port> <leaf>
Example: CONNECT leaf.*
Example: CONNECT hub.* 6667 leaf.*
VERSION
- Provides version information of the IRCD software in usage.
Syntax: VERSION
STATS
- Provides certain statistical information about the server (for example, u will provide uptime information).
Syntax: STATS <letter>
Example: STATS u
LINKS
- Lists all of the servers currently linked to the network.
Syntax: LINKS
ADMIN
- Provides administrative information regarding the server.
Syntax: ADMIN <server>
SAMODE
- Allowed a services administrator to change the mode on a channel, without having operator status.
Syntax: SAMODE <channel> <mode>
Example: SAMODE #UnrealIRCD +m
SVSKILL
- Can only be used by a U:Lined server. Forcefully disconnects a user from the network.
Syntax: SVSKILL <user> <reason>
Example: SVSKILL codemastr Goodbye
SVSNOOP
- Can only be used by a U:Lined server. Enabled or disables whether Global IRCop functions exist on the server in question or not.
Syntax: SVSNOOP <server> <+/->
Example: SVSNOOP leaf.* -
MOTD
- Displays the Message of the Day.
Syntax: MOTD
Syntax: MOTD <server>
KLINE
- "Bans" a hostmask from connection to the IRC server.
Syntax: KLINE <hostmask> <reason>
Example: KLINE *@*.aol.com Abuse
UNKLINE
- Removes a k:line from the server.
Syntax: UNKLINE <hostmask>
Example: UNKLINE *@*.aol.com
ZLINE
- Disables all access to the IRC server from a specified IP.
Syntax: ZLINE <ip>
Example: ZLINE 127.0.0.1
UNZLINE
- Removes a currently active z:Line.
Syntax: UNZLINE <ip>
Example: ZLINE 127.0.0.1
GLOBOPS
- Sends a global "message" to all IRCops. Only viewable by IRCops (unlike WallOps, which can be viewed by normal users).
Syntax: GLOBOPS <message>
Example: GLOBOPS Going to be akilling those clones...
CHATOPS
- GLOBOPS is usually reserved for important network information. Therefore, for Oper Chat, CHATOPS was invented. IRCops with the +c flag enabled will be able to send/receive CHATOPS messages.
Syntax: CHATOPS <message>
Example: CHATOPS How's everyone doing today?
LOCOPS
- Similar to GLOBOPS, except only received by those IRCops local to your server.
Syntax: LOCOPS <message>
Example: LOCOPS Going to be adding a temp k:line for that user...
REHASH
- Prompts the server to reread its configuration file (ircd.conf). Will also remove any temporarly lines (i.e. k:line).
Syntax: REHASH
RESTART
- Kills and restarts the irc daemon, disconnecting all users currently on that server.
Syntax: RESTART
Syntax: RESTART <password>
DIE
- Kills the irc daemon, disconnecting all users currently on that server.
Syntax: DIE
Syntax: DIE <password>
RULES
- Reads the rules.conf file and sends the contents to the user.
Syntax: RULES
MAP
- Provides a "network map" of the IRC network. Mainly used for routing purposes.
Syntax: MAP
DALINFO
- Original DALnet ircd credits.
Syntax: DALINFO
MKPASSWD
- Used for generating an encrypted password. Mainly used for encrypted O:Line passwords.
Syntax: MKPASSWD <password>
Example: MKPASSWD codeit
ADDLINE
- Adds a line to the server's ircd.conf file. After added, you must REHASH the server for it to take affect.
<blockquote><p><ahref="#S9_1">9.1 Table for SJB64 (NICK and SJOIN).</a></p></blockquote>
<blockquote><p><ahref="#S9_2">9.2 Table for NICKIP.</a></p></blockquote>
<hr/>
<h1><aname="S1"></a>1 Introduction</h1>
<p>This document describes the UnrealIRCd server-to-server protocol.</p>
<h2>A word about clocks.</h2>
<p>Unreal is very time-dependant. Users and channels, for example, are timestamped, and if server clocks are not synchronized properly, things can go very wrong very fast. See <ahref="http://vulnscan.org/UnrealIrcd/faq/#67">http://vulnscan.org/UnrealIrcd/faq/#67</a> for more information on this. Note that there is a slight difference between server time and what is actually reported by the UNIX date command or by the C time() function. Unreal can apply an offset to the real time to create the server time, allowing servers to be virtually synchronized when synchronizing the real clocks is not possible (such as on shell servers).
I should make it quite clear that GMT time is used for everything. To be specific, timestamps in unreal are 32-bit integer values (actually, however many bits the time_t type is, which is 32 on 32-bit systems such as x86). This integer value is the number of seconds that have elapsed since Midnight January 1, 1970 GMT (can be referred to as Epoch time in the UNIX world). This means that timezones are no problem, nor is daylight savings time (or whatever your country of choice calls it).</p>
<hr/>
<h1><aname="S2"></a>2 Server Negotiation</h1>
<p>The first step to establish a server-to-server communication is to negotiate the connection as a server. Negotiation is done using standard IRC commands - no PROTOCTL options are in force until the link is established. The first step is to open a TCP/IP connection to the target server. The target port must be one described by a listen {} block in the remote server's configuration, and that listen block must not have the clientsonly option. After the connection is open, you will be treated as any other connection and be greeted with the "Looking up your hostname..." and "Checking identd..." notices as you would for a client. As these are NOTICE messages and your session as a server isn't established, they should simply be ignored. Use the commands below to introduce a server connection.</p>
<p>The PASS command is used to transmit the password required for a server link. It must match the password specified in the remote server's link::password-receive (which can be crypted), otherwise the link will be rejected. This should be the first message sent.</p>
<h2><aname="S2_2"></a>2.2 PROTOCTL - Server Protocol Negotiation</h2>
<p>The PROTOCTL command sets several protocol options. The tokens supported are listed below.</p>
<ul>
<li>NOQUIT : When a netsplit occurs, only send a SQUIT message for each server lost. This server will assume that clients on these servers were also lost and will send the appropriate QUIT messages to local clients and to any non-NOQUIT servers.</li>
<li>TOKEN : Use tokenized commands. Tokens are case-sensitive, shortened versions of command names. Tokens will be usually one or two characters.</li>
<li>NICKv2 : Use extended NICK message for introducing users. See the NICK command for information about this.</li>
<li>VHP : When introducing a user, send his cloaked host as if it were a vhost. Usually used for services to avoid having duplicate code.</li>
<li>SJOIN : Supports SJOIN version 1 which is no longer in use. Use with SJ3.</li>
<li>SJOIN2 : Supports SJOIN version 2 which is no longer in use. Use with SJ3.</li>
<li>UMODE2 : Supports the UMODE2 command, which is a shortened version of MODE for usermode changes.</li>
<li>VL : Supports V:Line information. Extends the SERVER message to include version information used in deny version{} blocks. Note that this is assumed - unreal will always send its own version information.</li>
<li>SJ3 : Supports SJOIN version 3.</li>
<li>NS : Supports server numerics which provides a shorthand for server names. In any circumstance where a :server.name is permitted (the server is the message's real source), @servernumeric may be used instead. In addition, the server.name parameter in the NICK message may be simply the server's numeric. Requires VL support.</li>
<li>SJB64 : Timestamps in NICK and SJOIN are expressed in base64 rather than base10.</li>
<li>TKLEXT : Supports exntended TKL messages for spamfilter support.</li>
<li>NICKIP : Adds an IP parameter to the NICK message, which is the base64 encoding of the user's ip address (in network byte order). Requires NICKv2.</li>
<li>NICKCHARS : Indicates the set of enabled nickchar options (see the regular documention for info about this).</li>
<li>CHANMODES : (Not required to be sent) This is the same as the CHANMODES value in the 005 for client connections. Useful for autodetecting things like what modes are valid for ChanServ MLOCK, for example.</li>
<li>CLK : Supports an extra field in NICK for sending the cloaked host (not vhost).</li>
<li>ESVID : Supports arbitrary values instead of just numeric timestamps for the services identifier field.</li>
</ul>
<p>The syntax examples here follow the conventions for TOKEN and also NS in cases of server-only messages.</p>
<h2><aname="S2_3"></a>2.3 SERVER - Server Negotiation</h2>
<p><b>Note:</b> This message is also used for introducing additional servers, the format of this message in those cases is described later.</p>
<p><b>Syntax (with VL and NS):</b><tt>SERVER <i>server.name</i> 1 :U<i>protocolversion</i>-<i>protocolflags</i>-<i>servernumeric</i><i>server description</i></tt></p>
<p>The literal 1 in the parameter list is the hopcount parameter. Since you are a direct link, your own hopcount will be 1.</p>
<p>The server.name is the same as that in the remote server's link:: block. When received from unreal servers, this will be the value of that server's me::name. The protocol version is the numeric protocol version (2306 for example), and the protocol flags are the server's compilation flags (described below). These two fields are checked against the deny version {} blocks in the remote server's configuration. A value of 0 for either field prevents deny version{} checking for that field. The server description can be anything. When received from unreal servers, it'll be the value of me::description.</p>
<p>The following version numbers have been used previously:</p>
<ul>
<li>2311 - Unreal 3.2.10</li>
<li>2310 - Unreal 3.2.9</li>
<li>2309 - Unreal 3.2.6, 3.2.7, 3.2.8</li>
<li>2308 - Unreal 3.2.5</li>
<li>2307 - Unreal 3.2.4</li>
<li>2306 - Unreal 3.2.3</li>
<li>2305 - Unreal 3.2.2</li>
<li>2304 - Unreal 3.2.1</li>
<li>2303 - Unreal 3.2beta* through 3.2 Release</li>
<li>2302 - Unreal 3.1.1 through 3.1.4</li>
<li>2301 - Unreal 3.1 Release</li>
<li>2300 - Unreal 3.0 Release</li>
</ul>
<p>The compile flags as specified in protocol flags are:</p>
<ul>
<li>c : Server is chrooted (#define CHROOTDIR).</li>
<li>C : Server has command line config (-f option) enabled (#define CMDLINE_CONFIG).</li>
<li>D : Server is in debugmode (#define DEBUGMODE).</li>
<li>F : Using filedescriptor lists.</li>
<li>h : Server is compiled with hub support (#define HUB or answer "Hub" to relevant ./Config prompt).</li>
<li>i : Server shows invisible users in /TRACE.</li>
<li>n : NOSPOOF (pingcookies) is enabled (#define NOSPOOF or answer "Yes" to relevant ./Config prompt).</li>
<li>V : Server is using valloc().</li>
<li>W : Windows IRCd.</li>
<li>Y : Syslog logging enabled.</li>
<li>6 : Server has IPv6 support (#define INET6 or answer "yes" to relevant ./Config prompt).</li>
<li>X : Server has badword stripping (user and channel modes +G) (#define STRIPBADWORDS).</li>
<li>P : Server is using poll().</li>
<li>e : Server has SSL Support (#define USE_SSL or answer "yes" (and have ssl libraries installed) to relevant ./Config prompt).</li>
<li>O : Server has OperOverride enabled (#undef NO_OPEROVERRIDE or answer "no" to relevant ./Config prompt).</li>
<li>o : Server has disabled Oper verify (#undef OPEROVERRIDE_VERIFY or answer "no" to relevant ./Config prompt).</li>
<li>Z : Server has ziplink support (#define ZIP_LINKS or answer "yes" to relevant ./Config prompt AND have the zlib dev libraries).</li>
<li>E : Server has extended channel mode support.</li>
<li>3 : 3rd party modules are loaded or some system libraries are wonky.</li>
<li>m : Private message handling is 'tainted' (one or modules registered a USERMSG hook).</li>
<li>M : Channel message handling is 'tainted' (one or modules registered a CHANMSG hook).</li>
<li>Additional Version flags can be added by 3rd-party modules.</li>
</ul>
<h2><aname="S2_4"></a>2.4 EOS - End Of Synch (TOKEN: ES)</h2>
<p><b>Syntax:</b> ES</p>
<p>Marks the end of the synching process. This is really optional, but it might be a good idea to send it anyway when you really are done synching. Once you send this, unreal will announce "Client connecting" or "Client exiting" notices (to those with snomask +F) for users (unless your server is U:Lined), and joins will be counted toward channel flood controls (chanmode +f).</p>
<p>Sending EOS only marks your server as synched, but does not do so for servers behind you. EOS would need to be sent on those servers' behalf as well.</p>
<h2><aname="S2_5"></a>2.5 NETINFO - Network Information (TOKEN: AO)</h2>
<p><b>Syntax:</b> AO <i>maxglobal</i><i>currenttime</i><i>protocolversion</i><i>cloakhash</i> 0 0 0 :<i>networkname</i></p>
<p>This tells the other server your current network configuration. The max global is the highest number of concurrent users network-wide that this server has seen. The current time is a timestamp value. Protocolversion is the same as that in the SERVER command. Cloakhash is a hash representing the configured cloak keys. It may be a * if you are implementing services. The network name is that specified in set::network-name. The cloak-prefix is currently not sent here (and thus unreal won't generate warning for mismatching cloak prefixes, but they should be the same anyway).</p>
<p>It is NETINFO, not EOS, that triggers the "Link bla bla bla is now synched" notices, but NETINFO does not imply synching is actually complete (see EOS).</p>
<hr/>
<h1><aname="S3"></a>3 User Operations</h1>
<p>One important function of servers is it must notify all other servers about all of the users behind it. These commands represent the operations that can result in the change of a user's global state.</p>
<h2><aname="S3_1"></a>3.1 NICK - User Introduction and Nick Change (TOKEN: &)</h2>
<p>This format of the NICK message indicates an existing user is changing his or her nickname. If a collision occurs, see the section on Nick Collisions below. The timestamp is the new nickname's timestamp.</p>
<p><b>Note:</b> Because each server normally does its own cloak generation, Unreal does not expect to receive NICK messages with the CLK info, so do not send it. It will send this info to a server it has received a PROTOCTL CLK from however.</p>
<p>This format of the NICK message introduces a new user to the network. If PROTOCTL VHP is enabled, the user's cloaked host is put in the virtualhost field, otherwise it'll be * unless the user is +t. With the addition of CLK, VHP is no longer necessary for determining the cloak host.</p>
<h3><aname="S3_1_1"></a>3.1.1 Nick Collisions</h3>
<p>A nick collision occurs when a server receives a NICK message (or & token) introducing a user that the server already sees on the network. When a collision occurs, one or both of the colliding clients must be disconnected. The timestamp is examined to determine which client loses. The client with the earlier timestamp remains. If both clients have equal timestamps, both are removed. Currently, Unreal handles NICK collisions both passively and agressively:</p>
<ul>
<li><b>Aggressive Handling:</b> The server actively sends a KILL message back across the link to terminate that end's client.</li>
<li><b>Passive Handling:</b> Upon receipt of a NICK message that should "win", the server simply silently exits it's own client.</li>
</ul>
<h2><aname="S3_2"></a>3.2 MODE, UMODE2 - User Mode Change (TOKEN: G or |)</h2>
<p><b>Syntax (MODE):</b><tt>:<i>user</i> G <i>user</i><i>modechange</i></tt></p>
<p>This indicates a usermode change. The modechange can consist of zero or more strings of characters, each prefixed with either a + or -; the only delimiter between them being said + or -. If no + or - is at the beginning of the mode string, a + should be implied.</p>
<p>Some user modes are never sent between servers. Specifically, usermode +s and +O are not sent between servers. Modules can define additional usermodes that also might not be sent between servers. The UMODE2 saves bandwidth by not including the redundant target field for usermode changes, so use it when possible.</p>
<h2><aname="S3_3"></a>3.3 QUIT - User Disconnect (TOKEN: ,)</h2>
<p>This command indicates that a user has disconnected. The reason field is filled in with the reason the user disconnected, which will be any of: quit message provided by the user in a /quit command, kill message for local operator kills, "Client exited" if the user does a brutal quit (clean (by TCP's definition) disconnect without sending a QUIT message), or a socket error message if present.</p>
<p>The QUIT message must NOT be prefixed when passing on to other servers. Only local user quit messages are affected by set::prefix-quit.</p>
<h2><aname="S3_4"></a>3.4 KILL - Force Disconnect (TOKEN: .)</h2>
<p>Used to indicate that an operator has used KILL on a user not on the same server. Anything beyond the last ! in the kill path is used as the reason. The source (reason) part is simply a standard used by Unreal. As each server passes on a KILL message, it usually prepends the bottommost part (up to the first .) of it's name followed by a ! character. When unreal receives a KILL from a directly connected irc operator, it will usually add that oper's vhost (or realhost if -x) as the first hop in the kill path, then follow with it's own name as mentioned before if it is passing to another server.</p>
<p>A server can also send KILLs on it's own. This is done in cases involving nickname collisions, fake senders, bad direction, and other cases of protocol errors. Usually, in these cases, the server puts it's own name as the source, and also prefixes with <i>bottompart</i>! like for any other ircop on that server. For example: @3 . someone :irc!irc.example.com (Nick collision)</p>
<h2><aname="S3_5"></a>3.5 SETHOST/CHGHOST - Change virtual host (TOKEN: AA or AL)</h2>
<p><b>Syntax (SETHOST):</b><tt>:<i>source</i> AA <i>newvhost</i></tt></p>
<p><b>Syntax (CHGHOST):</b><tt>:<i>source</i> AL <i>target</i><i>newvhost</i></tt></p>
<p>Indicates the change of a user's virtual host. Currently, servers are expected to assume UMODE2 +xt on the target user in both commands. (In the case of SETHOST, the target is the sender.) Servers using PROTOCTL VHP will receive the cloaked host in a SETHOST message when a user activates his cloaked host. A server can also send CHGHOST (from one of it's opered clients) to change a user's hostname. This is generally used by HostServ implementations. To disable a cloaked host, use CHGHOST to set the user's virtual host equal to his real host, or use SVSMODE -xt, but the latter requires services.</p>
<h2><aname="S3_6"></a>3.6 SETIDENT/CHGIDENT - Change a user's username (TOKEN: AD or AZ)</h2>
<p><b>Syntax (SETIDENT):</b><tt>:<i>source</i> AD <i>newusername</i></tt></p>
<p><b>Syntax (CHGIDENT):</b><tt>:<i>source</i> AZ <i>target</i><i>newusername</i></tt></p>
<p>Indicates the change of a user's username. No usermode change is associated with this. Unreal does not use a distinguished virtual username, so servers should only keep the original username (from the NICK message) if they intend to allow the user to reset the original username. Servers can use CHGIDENT to change a user's username.</p>
<h2><aname="S3_7"></a>3.7 SETNAME/CHGNAME - Change a user's realname (TOKEN: AE or BK)</h2>
<p><b>Syntax (CHGNAME):</b><tt>:<i>source</i> BK <i>target</i> :<i>newrealname</i></tt></p>
<p>Indicates the change of a user's realname. No usermode change is associated with this. Unreal does not use a distinguished virtual realname, so servers should only keep the original realname (from the NICK message) if they intend to allow the user to reset the original realname. Servers can use CHGNAME to change a user's username. Note that servers must NOT check that the sender be an IRCop in SETNAME - normal users are permitted to use SETNAME.</p>
<h2><aname="#S3_8"></a>3.8 WHOIS - User Information (TOKEN: #)</h2>
<p>Requests the information on a user. This works exactly like the user /whois command - in fact, the source parameter must be a user, or the command will do nothing. <i>from-server</i> is the server to request the information from; if a server recives a WHOIS message without this parameter, it should return its own information on the user, otherwise it should pass the message to the given server. Note that <i>from-server</i> may name a user instead of a server (such as when a user uses /whois nick nick), in which case the the nick should be interpreted as naming the server that user is on. <i>nick</i> may be several users seperated by commas, but may not contain wildcards.</p>
<p>The reply to a WHOIS message uses the same numeric replies as the user command.</p>
<hr/>
<h1><aname="S4"></a>4 Server Operations</h1>
<p>This is different from server negotiation. Negotiation is when you are first connecting. Server introduction is used for introducing additional servers behind an existing server (aka hubbing). Hubbing is limited as specified by the hub, leaf, and leafdepth parameters in the link block and attempted violation of a hub restriction results in termination of the link. If no hub or leaf directive is given your server is a leaf by default, so any introduction of any server behind you would be an automatic drop. U:Lines don't matter here; services must be configured as a hub in the link block. The reason is U:Line is a permission rule, but hub privilege is a network structure rule.</p>
<h2><aname="S4_1"></a>4.1 SERVER - Server Introduction (TOKEN: ')</h2>
<p><b>Note: This command is also used for negotiation. Be warned that the token for this command is NOT VALID at that time! See section 2.3 for the syntax for negotiation.</b></p>
<p><b>Syntax (without PROTOCTL NS):</b><tt>:<i>source</i> SERVER <i>new.server</i><i>hopcount</i> :<i>description</i></tt></p>
<p><b>Syntax (with PROTOCTL NS):</b><tt>@<i>sourcenumeric</i> SERVER <i>new.server</i><i>hopcount</i><i>numeric</i> :<i>description</i></tt></p>
<p>The command indicates that the server named new.server is being introduced by the source (the source is the server which new.server is directly linked to). The hopcount will be the number of links the receiving server would have to cross to reach new.server. In other words, new.server introduced itself with a hopcount of 1, and as the SERVER message is passed along, hopcount is incremented.</p>
<p>As an example, a services server faking a SERVER message for JUPE functionality would use a hopcount of 2.</p>
<h2><aname="S4_2"></a>4.2 SQUIT - Server Removal (TOKEN: -)</h2>
<p>From an IRCop or when server.name is not behind the source, this command requests the removal of the specified server.name. The command in this case is treated very much like KILL in the respect that the message is broadcasted to all servers, except server.name and any servers behind it. When the SQUIT reaches server.name's uplink, that server closes the link to server.name (which would then generate it's own SQUIT on behalf of it's uplink for the servers behind it).</p>
<p>A server can also use SQUIT in the same manner as QUIT to note the removal of a server behind it, or that it itself is quitting. In the former case, server.name is behind source, and the message is forward on to all other servers. In the latter case, source and server.name are equal, the receiving server closes the link and forwards the SQUIT message.</p>
<p>Unreal closes a direct link by simply sending an ERROR message and then closing the TCP connection. This typically causes the other end to generate an SQUIT bearing the message "Client exited" or similar, however, the ERROR will usually cause the server to send a message to all IRCops.</p>
<h2><aname="S4_3"></a>4.3 SDESC - Server Description (TOKEN: AG)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> AG :<i>newdesc</i></tt></p>
<p>The server to which source is connected to should have it's description updated to newdesc. This does NOT include the VL inforamtion.</p>
<h2><aname="S4_4">4.4 PING - Live Connection Query (TOKEN: 8)</a></h2>
<p>Used to check if a connection is still live if it has been "quiet" for a certain amount of time. Typically, unreal will send PING requests at intervals determined by the class::pingfreq setting. PINGs originating from the direct uplink will use the token, but it seems PINGs originating from a distant server will not.</p>
<p>The response to a PING is sent with the <ahref="#S4_5">PONG</a> command.</p>
<p>When receiving a two-parameter PING, the second parameter is the target. If the target isn't you, you can either reply on behalf of that target (using its name instead of yours), or if there is a real connection representing the target, forward the PING to the target.</p>
<h2><aname="S4_5">4.5 PONG - Live Connection Reply (TOKEN: 9)</a></h2>
<p>Used to respond to a <ahref="#S4_4">PING</a> query.</p>
<p><b>Responding to a ping:</b> Once a PING is received, you usually have an amount of time to respond equal to your class::pingfreq. The correct response will always have two parameters. If you received one parameter, then the received parameter becomes the second parameter of your response, and the first parameter is your server name. If you received two parameters, the response returns both parameters in reverse order.</p>
<p>For example, the response to <tt>8 uplink.server</tt> is <tt>9 my.name uplink.server</tt>, while the response to <tt>PING distant.server your.server</tt> is <tt>9 your.server distant.server</tt>. Unreal typically includes a : prior to the last parameter. This isn't required if that parameter contains no spaces, but it is especially important to not include the colon when reversing the parameters, or else Unreal mistake it for a single-parameter PONG.
<p>If a two-parameter PONG is received, the second parameter names the target. If the target is not you, and a real connection represents that target, you should forward the PONG message via that connection.</p>
<h2><aname="#S4_6"></a>4.6 STATS - Server Stats (TOKEN: 2)</h2>
<p>Requests statistics or configuration information from a server. This command is used to transport cross-server STATS requests from users (eg: /stats o other.server), and should only be sent from a user (not a server). With no parameters, this will cause unreal to simply dump its help output. <i>type</i> is the type of stats to request, <i>server</i> names a server (or a user on that server) to request stats from, and <i>extended-params</i> is used to filter output from STATS G, etc. When received, it is up to the receiver to determine what stats to support and how to reply, but generally numeric replies are used. For the list of unreal's stats types, type /stats in a client for the helptext dump.</p>
<p><b>Note:</b> Stats set as oper-only (see set::oper-only-stats) will be refused from a server. In this case, it will be necessary to send the stats request from a psuedo-oper (such as a services agent, etc) for services/stats/etc.</p>
<hr/>
<h1><aname="S5"></a>5 Channel Operations</h1>
<p>These commands deal with the state of channels across the network. Unreal only supports Network Channels, where the first character is a # character.</p>
<p>Timestamp is the channel timestamp and can be !b64 as defined by PROTOCTL SJB64. Modes should only include those in the last three mode sets listed in CHANMODES. Modeparams is one parameter for each mode character that requires one. Memberlist is a series of users (all of which must at least be behind the server sending the SJOIN), each user is prefixed with one or more characters indicating their status. Owners (+q) are prefixed with *, admins (+a) ~, ops (+o) @, halfops (+h) %, voices (+v) +. Normal users are not prefixed with anything. Ban, ban exception, and invite exception masks are also included, with bans prefixed with &, ban exceptions prefixed with ", and invite exceptions with '. Note that when a &, " or ' is encountered as the first character, further processing of ~, *, @, %, or + characters must not continue because ban, exempt, and invite masks can contain any of those characters. (Plus it's just not right for a ban mask to be marked as a channel admin...)</p>
<p>If the channel didn't already exist it is created with the information given in the SJOIN. Otherwise the timestamp is used to determine how the SJOIN information is handled. As a given, all members are joined into the channel, regardless. The mode information (modes, modeparams, memberlist prefixes, bans, exempts, and invites) is subject to the timestamp rules:</p>
<ul>
<li>If the channel's current timestamp is equal to the timestamp in SJOIN, then the mode information is merged.</li>
<li>If the channel's current timestamp is less than the SJOIN timestamp, then the mode information is ignored.</li>
<li>If the channel's current timestamp is greater than the SJOIN timestamp, then the channel's existing mode information is cleared (for example, deop, etc all local clients), and the SJOIN mode information is added.</li>
</ul>
<p>When merging modes, conflicting modes (including +p vs +s, differing +l limits or +k keys, etc) are handled as follows:</p>
<ul>
<li><b>Private (+p) vs. Secret (+s):</b> Secret (+s) is preferred. Private (+p) is removed. (Note: there is a <ahref="http://bugs.unrealircd.org/view.php?id=2391">bug</a> in Unreal versions prior to 3.2.3 in which a desynch will occur in which one side is +p and the other is +s. Update to Unreal 3.2.4 if you have problems with this.)</li>
<li><b>Strip Color (+S) vs. Block Color (+c):</b> Block (+c) is preferred. Strip (+S) is removed. (Note: Bug for +p vs. +s in prior unreal versions apply here as well.)</li>
<li><b>Channel Limit:</b> Numericly larger limit is preferred (for example, +l 30 versus +l 15 : +l 30 wins).</li>
<li><b>Channel Key:</b>"Larger" key (as defined by strcmp) is preferred (for example, +k moo versus +k meow : +k moo wins).</li>
<li><b>Channel Link:</b>"Larger" link name (as defined by stricmp - not case sensitive) is preferred (for example, +L #moo versus +L #meow : +L #moo wins, but +L #Meow versus +L #meow : values are equal).</li>
<li><b>Flood String:</b> Not really sure on this. I think larger value in each component wins.</li>
<li><b>Join-Throttle:</b> Highest of time period wins, if equal, highest of join amount wins (so +j 3:40 beats +j 5:20 but +j 5:20 beats +j 3:20).</li>
<li>Parameterized modes in third party modules will define their own conflict resolution formula.</li>
<p><b>Syntax:</b><tt>:<i>source</i> C <i>#channel</i></tt></p>
<p>Indicates a user has joined a channel. Only one channel is sent this way, and the key is not sent even if the user gave one one joining. If the channel parameter is the special "0" case, the server must interpret the message as a PART for all channels the user is on.</p>
<h2><aname="S5_3"></a>5.3 PART - Channel Part (TOKEN: D)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> D <i>#channel</i>[ :<i>reason</i></tt>]</p>
<p>Indicates a user has left a channel. Only one channel is sent this way. The reason parameter may be left out if no reason was given.</p>
<p><b>Syntax:</b><tt>:<i>source</i> H <i>#channel</i><i>user</i> :<i>reason</i></tt></p>
<p>Orders the forced removal of user from #channel with the given reason. When updating state for this command, it should be the same as if :user PART #channel had been received - the user is removed from #channel's memberlist.</p>
<p><b>Note:</b> This is the same command as that used for usermode changes.</p>
<p><b>Syntax:</b><tt>:<i>source</i> G <i>#channel</i><i>modechange</i><i>modeparams</i>[ <i>timestamp</i>]</tt></p>
<p>Changes the specified modes on the given channel. If the source is a server and the last parameter is numeric, it is interpreted as timestamp (although it can also be consumed as a parameter for modes. For example: :server.name MODE #channel +l 4 <-- 4 will be a timestamp and the +l parameter). When a mode change is timestamped in this way, the mode is treated as it is with SJOIN: the MODE message is ignored if the timestamp is greater than the channel timestamp. (If the timestamp is equal, the mode is simply added replacing any conflicting modes already in place.)</p>
<p>A services implementation can easily clear all entries in a list mode such as bans with SVSMODE (see below).</p>
<h2><aname="S5_6"></a>5.6 INVITE - Invite a user to a channel (TOKEN: *)</h2>
<p>Sends to target an invitation to join #channel. If the source is a channel operator on #channel, or a U:Lined server, the invitation grants the user the temporary ability to join the channel regardless of any bans or some restricting channel modes (not +O or +A).</p>
<h2><aname="S5_7"></a>5.7 SAJOIN - Channel Force Join (TOKEN: AX)</h2>
<p>This requests the forced join of targetuser to #channel. This type of forced join overrides bans, and most modes. The server to which targetuser is connected to must actually acknowledge the join for it to occur. Service implementations may ignore this command, as they would only ever receive it if an SAJOIN was targeted at a service client, in which case it should be ignored...</p>
<h2><aname="S5_8"></a>5.8 SAPART - Channel Force Part (TOKEN: AY)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> AY <i>targetuser</i><i>#channel</i>[ :<i>reason</i>]</tt></p>
<p>This requests the forced part of targetuser from #channel. This is slightly different from a KICK in that the user's removal is announced with PART. The server to which targetuser is connected to must actually acknowledge the part for it to occur. Service implementations may ignore this command, as they would only ever receive it if an SAPART was targeted at a service client, in which case it should be ignored...</p>
<p>The reason field is optional. If provided the acknowledging PART message should prefix the message with "SAPart:".</p>
<h2><aname="S5_9"></a>5.9 SAMODE - Channel Force Mode (TOKEN: o)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> o <i>#channel</i><i>modechange</i><i>modeparams</i></tt></p>
<p>This has the same parameters as for MODE. The only difference is that servers probably will never receive this (but is best to document just in case), and that absolutely NO permission checking is done on anything.</p>
<p>Changes the channel topic information. This format is used when synching, as well as when a topic is changed normally. Nick is the user who changed the topic (depending on compile options, it can be just nick or a full nick!user@host), timestamp is when the change occured, and topic is the new topic text. Normally, only a newer timestamp will actually change the topic, but a U:Lined server can use an older timestamp as well (such as for TOPICLOCK).
<hr/>
<h1><aname="S6"></a>6 Services Commands</h1>
<p>These are commands typically employed by a service implementation, in addition to some of the normal commands. All of the commands listed here require the sender to be correctly U:Lined. This means that the services server name must appear within a ulines {} block in the unrealircd.conf configuration for ALL servers in the network. All servers and clients behind a U:Lined server are themselves U:Lined.</p>
<h2><aname="S6_1"></a>6.1 SVSKILL - Force Disconnect by Service (TOKEN: h)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> h <i>target</i> :<i>reason</i></tt></p>
<p>This command is similar to KILL but differs in several ways. First of all: there is no mutilation of the reason value. The reason given is the exact reason used to generate QUIT messages sent to users. Second, it is silent; no server notice is generated in response to this command. Third, it can only be used by a U:Lined server or client (such as services).</p>
<p>Because this command can be dangerous in the hands of an abusive person, service implementations should avoid granting humans control over the reason parameter. In cases of commands where a person has control over such parameter, either use a regular KILL instead, or otherwise modify the reason so that operators can be held accountable if necessary.</p>
<h2><aname="S6_2"></a>6.2 SVSMODE, SVS2MODE - Force User Mode Change (TOKEN: n or v)</h2>
<p><b>Syntax (SVSMODE):</b><tt>:<i>source</i> n <i>target</i> +<i>usermodes</i></tt></p>
<p><b>Syntax (SVS2MODE):</b><tt>:<i>source</i> v <i>target</i> +<i>usermodes</i></tt></p>
<p>Judging by these commands alone, you'd think they are identical. Both commands force a usermode change to occur. This is typically used by services to set +r on a user who has successfully identified. They differ in that SVS2MODE also sends the mode change to the user, while SVSMODE does not (hidden mode change).</p>
<p>SVSMODE and SVS2MODE also give special treatment to usermode +d. Rather than setting the deaf mode like you might expect, SVS(2)MODE +d allows services to change a user's services stamp (which is given in the NICK message). This could allow services to set the service stamp to an easily identifiable value that could then be used to say "hey, this person identified already". The syntax of this is: +d <i>newservice-identifier-token</i> and can be combined with setting other usermodes as well. The deaf mode <b>can</b> be set by using +d without the service stamp parameter; however, in this case you <b>cannot</b> set the service stamp in the same SVS(2)MODE message.</p>
<p><b>Note:</b> Do <b>NOT</b> use SVSMODE to remove IRCop status from a user. Use the SVSO command for that instead.</p>
<p>Alternatively, target can name a channel. In this case, the mode change parameter can consist of a - character, followed by any or all of: b, e, I, q, a, o, h, or v. These characters cause the corresponding lists to be cleared of all entries. For example: SVSMODE #channel -b removes ALL bans from #channel, and SVSMODE #channel -qaohv turns ALL users on #channel into normal users (removes all owner, admin, op, halfop, and voice status). In this case, the uplink will acknowledge with a MODE listing the bans, etc that were removed.</p>
<p>To completely clear a channel of all modes: MODE #channel -cfijklmnprstzACGMKLNOQRSTVu (plus any added by third-party module) followed by SVSMODE #channel -beIqaohv.</p>
<p>Changes a user's snomasks. The difference between SVSSNO and SVS2SNO is the same as with SVSMODE versus SVS2MODE. If the user is not +s, you must add it via SVSMODE +s. For example:</p>
<pre>:OperServ v someuser +s
:OperServ BW someuser +ks</pre>
<h2><aname="S6_4"></a>6.4 SVSNICK - Forced Nick Change (TOKEN: e)</h2>
<p><b>Syntax:</b><tt>:<i>source</i> e <i>target</i><i>newnick</i> :<i>newtimestamp</i></tt></p>
<p>Forces the specified user to change his nick to newnick and also sets the nick timestamp to newtimestamp (so, for example, services could protect identified users from a nick collision by simply setting the nick timestamp to something way less than "now" - though currently this requires actually changing the nick too). SVSNICK requires the server to which the target is connected to acknowledge the nick change. If the user specified by newnick already exists, then target will be disconnected (even if it's something like a case-change).</p>
<p>This is identical to SAJOIN with a few exceptions: 1) It is U:Line-only. 2) No opernotice on use. 3) Bans and restricting modes are respected, a prior INVITE message must be sent to cause bans to be ignored.</p>
<h2><aname="S6_6"></a>6.6 SVSPART - Forced Part (TOKEN: BT)</h2>
<p>Also identical to SAPART with a few exceptions: no static prefix on the optional part reason, and no global notice, and requires a U:Line. Usage recommendation of SVSPART versus KICK is the same as for SVSKILL versus KILL.</p>
<p>This allows a service to add or remove IRCop permission flags for a user. Flagchanges is formatted similar to that of MODE with the exception that operflags are used instead of usermodes. If the change string consists only of -, then all oper permissions, usermodes, and snomasks are removed (as if the user had himself typed MODE nick -Oo).</p>
<p>If you are granting IRCop permissions to a user who is not currently an IRCop, you should follow up with an SVSMODE +o or SVSMODE +O as appropriate. For example:</p>
<pre>:OperServ BB somenick +o
:OperServ BW somenick +cefknoqsSv
:OperServ AL somenick local.oper.somethinghere.net
<p><b>Syntax:</b><tt>:<i>source</i> f <i>(op)</i><i>server.name</i></tt></p>
<p>The (op) parameter is either a + or - indicating if NOOP mode should be activated (+) or deactivated (-). When NOOP mode is activated, all IRCops on the server are deopered (including local operators) and the /oper command is disabled. IRCop privileges can still be granted through use of SVSO. On UnrealIRCd, it is not necessary to masskill all IRCops on the nooped server, as they are deopered automatically.</p>
<h2><aname="S6_9"></a>6.9 SVSNLINE - RealName Ban (TOKEN: BR)</h2>
<p>Op is either + (add) or - (remove). In the case of +, reason is a space-escaped string (all space chars are encoded as _). If -, reason is ignored.</p>
<h2><aname="S6_10"></a>6.10 SVSFLINE - File Ban (TOKEN: BC)</h2>
<p><b>Syntax (add):</b><tt>:<i>source</i> BC + <i>filemask</i> :<i>reason</i></tt></p>
<p><b>Syntax (remove):</b><tt>:<i>source</i> BC - <i>filemask</i></tt></p>
<p><b>Syntax (clear):</b><tt>:<i>source</i> BC *</tt></p>
<p>Adds or removes a DCCDENY item for the specified filemask on all servers. These DCCDENYs are hard dccdenies - the /dccallow command cannot override it. The last form removes all dccdenies added via SVSFLINE.</p>
<hr/>
<h1><aname="S7"></a>7 Messaging</h1>
<p>What good is Internet Relay <b>CHAT</b> if users cannot <b>CHAT</b>? This section addresses the commands through which arbitrary user messages are sent.</p>
<p><b>NOTICE Syntax:</b><tt>:<i>source</i> B <i>target</i> :<i>message</i></tt></p>
<p>Sends a messages to the given target. The target either names a single client, or identifies a list of clients in which the message is to be sent to. The available targets include:</p>
<ul>
<li><i>nickname</i>: Names a single user to whom the message is delivered.</li>
<li><i>nickname</i>@<i>servermask</i>: Also names a single user, but the message will only be delivered if the user is connected to a server matching the specified servermask. This is typically used for sending messages to services. The target must not be changed at any point along the path it must travel for delivery, even up to the final receipt of the message by the target. This allows the target to know it has been sent a message in this way.</li>
<li>#<i>channelname</i>: Sends a message to all users on the specified channel (except when channel is a moderated auditorium (+mu), in which case the wierd +mu sending behavior goes off).</li>
<li><i>modeprefix</i>#<i>channelname</i>: Sends a message to all users on the given channel having the given status or higher. For example: + means all voices, halfops, etc.</li>
<li>$<i>servermask</i>: Sends a message to ALL users on all servers matching the specified servermask (known as a server broadcast message). The RFC requirements of having a TLD with no wildcards is not applied to U:Lined clients.</li>
</ul>
<p>Unreal does not support the #hostmask format.</p>
<h2><aname="S7_2"></a>7.2 SENDUMODE, SMO - Usermode-based Delivery (TOKEN: AP or AU)</h2>
<p><b>Syntax:</b><tt>@<i>servernumeric</i> AU <i>umode</i> :<i>message</i></tt></p>
<p>Sends the specified message to all users with the given mode. Only one usermode may be given. This is a server-only command if you can't tell from the sender prefix :) .</p>
<p>The message will be displayed as coming from the receiving client's own server. It may be appropriate to add a "*** Notice (or other leader here) -- from blah:" if you wish to clarify where the message is from.</p>
<p><b>Syntax:</b><tt>@<i>servernumeric</i> Ss <i>snomask</i> :<i>message</i></tt></p>
<p>Sends the specified message to all users with the given snomask. Only one snomask may be given. This is a server-only command if you can't tell from the sender prefix :) .</p>
<p>The message will be displayed as coming from the receiving client's own server. It may be appropriate to add a "*** Notice (or other leader here) -- from blah:" if you wish to clarify where the message is from.</p>
<p><b>Syntax:</b><tt>:<i>source</i> AC :<i>message</i></tt></p>
<p>Send the message to all Network Admins (usermode +N).</p>
<hr/>
<h1><aname="S8"></a>8 Ban Control</h1>
<p>Sometimes, you have the misfortune of encountering a user who has no purpose but to serve as an annoyance to your server or network. These commands transmit network-wide ban information amongst each other.</p>
<h2><aname="S8_1"></a>8.1 TKL - Master Ban Control (TOKEN: BD)</h2>
<p>The TKL command seems to have one oddity about it: the real ban source is included in the TKL command rather than in the sender prefix. Most likely this is done for synching reasons (so that the *line ban can be credited to the proper person even if he/she is offline). For this reason, the command syntax is given without any sender prefix at all. It is still permissible to use one, however.</p>
<p><b>Add Syntax (TKL):</b><tt>BD + G <i>userpart</i><i>hostpart</i><i>source</i><i>expiretimestamp</i><i>settimestamp</i> :<i>reason</i></tt></p>
<p><b>Remove Syntax (TKL):</b><tt>BD - G <i>userpart</i><i>hostpart</i><i>source</i></tt></p>
<p>Adds and Removes Network-wide user@host bans, known as G:Lines. The GLINE command itself must not be used. The userpart and hostpart are the user portion and hostname portion of the ban mask. The expiretimestamp is 0 if the G:Line should not expire, otherwise it will expire at the given time. It is an absolute time, not relative, thus it's imperitive to have reasonably synchrnoized clocks or bans may be removed too early or even immediately!</p>
<h3><aname="S8_1_2"></a>8.1.2 GZLINE - Network-wide IP ban</h3>
<p><b>Add Syntax (TKL):</b><tt>BD + Z * <i>ipmask</i><i>source</i><i>expiretimestamp</i><i>settimestamp</i> :<i>reason</i></tt></p>
<p><b>Remove Syntax (TKL):</b><tt>BD - Z * <i>ipmask</i><i>source</i></tt></p>
<p>Adds and Removes Network-wide IP bans, known as Global Z:Lines. The GZLINE command itself must not be used. Ipmask permits CIDR notation as well as wildcard masks.</p>
<h3><aname="S8_1_3"></a>8.1.3 SQLINE, UNSQLINE - Network-wide Nickname ban (TOKEN: c or d)</h3>
<p><b>Remove Syntax (UNSQLINE):</b><tt>:<i>source</i> d <i>nickmask</i></tt></p>
<p>In the TKL syntax, the hold parameter is either a * to mark the qline as a nick ban, or an H to mark it as a services hold. A services hold does not trigger qline rejection notice, and is typically used by NickServ to reserve registered nicks until they are released by the owner. The (UN)SQLINE syntax can only be used by a server, but any user can be used as the source for the TKL syntax. Unlike G and GZ lines, Q:Lines do not cause existing matching users to be disconnected or otherwise affected.</p>
<p>The TKL syntax is preferred, since it is more flexible, but (UN)SQLINE is permitted for compatibility.</p>
<p>Proper use of spamfilter in TKL commands requires use of PROTOCTL TKLEXT, which increases the number of parameters allowed in TKL.</p>
<p><b>Add Syntax (TKL):</b><tt>BD + F <i>target(s)</i><i>action</i><i>source</i> 0 <i>settimestamp</i><i>tklduration</i><i>tklreason</i> :<i>regex</i></tt></p>
<p><b>Remove Syntax (TKL):</b><tt>BD - F <i>target(s)</i><i>action</i><i>source</i> 0 <i>settimestap</i> :<i>regex</i></tt></p>
<p>Adds and Removes network-wide spamfilters. The SPAMFILTER command itself must not be used. See <ahref="http://vulnscan.org/UnrealIrcd/unreal32docs.html#feature_spamfilter">http://vulnscan.org/UnrealIrcd/unreal32docs.html#feature_spamfilter</a> for a list of valid targets. For actions, a single character is used to identify the action to be taken:</p>
<ul>
<li>K (kill) - The user is simply disconnected, with the reason given.</li>
<li>S (tempshun) - A temporary shun is placed on the user. This shun is applied only to that user, and disappears if the user reconnects.</li>
<li>s (shun) - A regular shun on the user's IP address is added. This causes all users with the same hostname to be shunned, but they will also stay shunned if they reconnect.</li>
<li>k (kline) - A K:Line is added on the user's IP address.</li>
<li>z (zline) - A Z:Line is added on the user's IP address.</li>
<li>g (gline) - A G:Line is added on the user's IP address.</li>
<li>Z (gzline) - A Global Z:Line is added on the user's IP address.</li>
<li>b (block) - Messages (or users!) matching the filter are simply blocked.</li>
<li>d (dccblock) - The user is prevented from sending files using DCC for the remainder of his session (in other words, until he quits).</li>
<li>v (viruschan) - User is removed from all channels, joined to the viruschan as defined in conf, and cannot message anything but that channel.</li>
<li>w (warn) - No action on the user is taken. Only the Spamfilter notice is sent to opers with snomask +S.</li>
</ul>
<h1><aname="S9">9 Base64 Tables</a></h1>
<p>Unreal uses base64 encoding to allow saving bandwidth by encoding numbers in a more compact format. Unreal uses two different variations of base64, one used for the SJB64 PROTOCTL option (in NICK and SJOIN), and one used for NICKIP.</p>
<h2><aname="S9_1">9.1 Table for SJB64 (NICK and SJOIN).</a></h2>
<p>In NICK and SJOIN, remember that the timestamp will be prefixed with ! to signal a base64 timestamp.</p>
<p>Just like in base10, the least significant "digit" is last.</p>
<pre> 0 0 17 H 34 Y 51 p
1 1 18 I 35 Z 52 q
2 2 19 J 36 a 53 r
3 3 20 K 37 b 54 s
4 4 21 L 38 c 55 t
5 5 22 M 39 d 56 u
6 6 23 N 40 e 57 v
7 7 24 O 41 f 58 w
8 8 25 P 42 g 59 x
9 9 26 Q 43 h 60 y
10 A 27 R 44 i 61 z
11 B 28 S 45 j 62 {
12 C 29 T 46 k 63 }
13 D 30 U 47 l
14 E 31 V 48 m
15 F 32 W 49 n
16 G 33 X 50 o</pre>
<h2><aname="S9_2">9.2 Table for NICKIP.</a></h2>
<p>In this table, the IP is encoded in network byte order. In terms of IPs, this means the first byte of the address really is first. Each "digit" in the base64 encoded IP corresponds to 6 bits of the IP address.</p>
<p>An IPv4 address is 32 bits, so 6 base64 "digits" are needed. Since base64 requires values to come in multiples of 4 "digits", padding characters (=) need to be added if a value comes up short. In the case of IPv4 addresses, two are needed.</p>
<p>IPv6 addresses are 128-bit. They therefore need 22 base64 "digits" plus 2 pad characters.</p>
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Bram Matthys