1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 22:53:12 +02:00

352 Commits

Author SHA1 Message Date
Bram Matthys 779a427fc7 Updates for new repository name of test framework. 2019-08-18 09:58:24 +02:00
Bram Matthys 6044323d03 Add dot in UNREAL_VERSION_SUFFIX. 2019-07-07 15:39:23 +02:00
Bram Matthys e133b21703 UnrealIRCd 4.2.4.1 2019-07-07 15:05:59 +02:00
Bram Matthys 96ee7083c8 Customizing set::ssl::outdated-protocols and set::ssl::outdated-ciphers
was not possible since the configuration code was missing.
Reported by HeXiLeD in https://bugs.unrealircd.org/view.php?id=5327
2019-07-07 14:57:15 +02:00
Bram Matthys 755ef5b052 Debian 10 effectively overrides our set::ssl::protocols settings
causing UnrealIRCd to only accept SSL/TLS 1.2 and later connections.
We now use SSL_CTX_set_min_proto_version() to set the minimum
protocol version to fix this, only to disable specific SSL/TLS
versions later on via the old API.
It's great that they disabled SSL/TLS <1.2 by default and we have
already been considering doing the same in 2020, laying the
groundwork via set::ssl::outdated-protocols in February 2019.
However, such a chance is unexpected during UnrealIRCd 4.x.
2019-07-07 10:41:55 +02:00
Bram Matthys 8babe4db3f UnrealIRCd 4.2.4 2019-06-30 08:22:15 +02:00
Bram Matthys 58f8943069 More Windows fixes/workarounds.. 2019-06-30 08:10:17 +02:00
Bram Matthys 332135e5b3 Change set::ident::read-timeout from 30 to 15 seconds since otherwise
it exceeds set::handshake-timeout which would be very unfortunate for
those (few) poor users that are affected by this.
2019-06-29 18:49:36 +02:00
Bram Matthys eae47eac5f Fix bug where the Windows version only accepts very few clients. 2019-06-29 17:20:06 +02:00
Bram Matthys 12e1faf417 Fix m_sinfo not marked as an official module. 2019-06-29 16:26:01 +02:00
Bram Matthys f8de9ec78e Windows: duh, update version number there too. 2019-06-29 16:11:17 +02:00
Bram Matthys dc9880ce1e * The Windows version should warn and not error if using old-style regex. 2019-06-29 15:56:53 +02:00
Bram Matthys ac94ef3c85 Preparations for UnrealIRCd 4.2.4 2019-06-29 15:53:40 +02:00
Bram Matthys ce38423b42 Silently force a 'make clean' as otherwise part (or whole) of the
compiled source could be using different settings than the user
just requested when re-running ./Config.
2019-06-16 10:15:57 +02:00
Bram Matthys 06df7cba70 Add new ./configure option (last question at ./Config): --enable-asan
This will enable AddressSanitizer which can be used to catch bugs.
It's only meant for (3rd party module) developers or if you are having
crash issues. On production servers it is not recommended, as it
consumes 3-4 times more memory and incurs a slowdown of about x2.
2019-05-12 15:30:00 +02:00
Bram Matthys 4981bf472c Bump reputation version from 1.0.1 to 1.2 2019-05-11 14:17:45 +02:00
Bram Matthys 3a0d8fc06c Fix another reputation issue: reputation not showing in WHOIS when
a remote user has just connected (could take up to 5 minutes) and
a fix required for previous commit for connthrottle.
2019-05-11 14:15:52 +02:00
Bram Matthys 7a7266bc2f Bump connthrottle version from 1.1 to 1.2 2019-05-11 14:02:42 +02:00
Bram Matthys 64c8096361 Fix connthrottle module counting non-local connecting registered users
always as new users (regardless of reputation), causing the protection
to kick in too quickly for the poor new users. This was noticeable
after for example one server died and new users reconnecting massively
to the remaining servers. Reported by Lord.
2019-05-11 13:58:07 +02:00
Bram Matthys 9f8e73dca7 Make CAP commands case sensitive.
Suggested by Koragg in https://bugs.unrealircd.org/view.php?id=5263
2019-05-10 08:57:16 +02:00
Bram Matthys 872ebca6fa Don't forward PASS to services if the user is already logged in via SASL.
Reported by westor in https://bugs.unrealircd.org/view.php?id=5264
2019-05-10 08:49:40 +02:00
Vitor Luis 92ceb129da Helpop update (#81)
Update help.conf with soft actions and changed *:Lines to be *-Lines which goes more accordingly with the new rewording in UnrealIRCd IRC messages.
2019-05-04 14:45:33 +02:00
Bram Matthys b0d3476176 HELPOP: Update MKPASSWD documentation 2019-05-04 13:47:07 +02:00
Bram Matthys 09d31d8ded Enhance WHOX->WHO auto-conversion for +s serv.er.name, reported by k4be. 2019-05-03 13:15:17 +02:00
Bram Matthys 8a6cbfaaf0 Show linking error messages if these happen during the handshake and we
have already fully authenticated the server (but when it technically is
not fully linked as a server yet, eg post-EAUTH but pre-SERVER).

Also, send ERRORs to junk snomask from untrusted sources. After all,
the junk snomask is precisely there to enable briefly to debug issues.
In case of link errors we always advice to check BOTH sides of the link
as an IRCOp, and this advice still stands. This may just help a little
for people who do not follow our advice.
2019-05-02 09:30:15 +02:00
Bram Matthys 5b63d28e2a Improve error messages in case of failed server linking due to mixed
password types (eg: plaintext on one side, spkifp on the other side).
Refer to https://www.unrealircd.org/docs/FAQ#auth-fail-mixed

Also, unrelated to the above, don't say "Bad password?" if the
password type is not of type plaintext, since it would be confusing.
2019-05-02 08:55:22 +02:00
Bram Matthys 377fa25244 UnrealIRCd 4.2.3 2019-04-30 09:23:44 +02:00
Bram Matthys f9bbeaa6ca [nopost] Send these harmless kill messages to the junk snomask.
Nowadays these are pretty much never proxy attacks. Only scanners and
crawlers trying HTTP commands on IRC connections.. which isn't even that
weird anymore since people tend to open up port 443 for SSL/TLS IRC
to bypass firewall restrictions.
2019-04-28 12:12:53 +02:00
Bram Matthys d3f061bbd9 Updates to example.tr.conf and help.tr.conf by Serkan
[skip ci]
2019-04-28 11:48:11 +02:00
Bram Matthys 8bbc136a66 Updates to help.tr.conf by Serkan 2019-04-27 12:51:27 +02:00
Bram Matthys cc15cd63de [reputation] Disable benchmark, config error should be warning. 2019-04-25 09:56:35 +02:00
Bram Matthys 9bd4f25af5 Handle FLUSH_BUFFER gracefully (only matters in rare cases, such
as in the case of malformed server traffic).
2019-04-22 14:37:37 +02:00
Bram Matthys 15ea9a9347 UnrealIRCd 4.2.3-rc1 2019-04-22 08:25:26 +02:00
Bram Matthys d6e285bdfc AppVeyor: replace wget with curl, since wget mysteriously fails.
[skip travis]
2019-04-22 07:42:04 +02:00
Bram Matthys b1944284bd Trace appveyor issue...
[skip travis]
2019-04-22 07:33:16 +02:00
Bram Matthys 1ada6c09f1 Make clang happy 2019-04-22 07:28:05 +02:00
Bram Matthys 4234400e22 Add 'reputation' and 'connthrottle' modules to fight drones.
See https://www.unrealircd.org/docs/Connthrottle
2019-04-22 07:11:25 +02:00
Bram Matthys 81e2099f7b We already checked for the openssl library but if the openssl binary was
not found then this was not treated as a fatal error. Now it is, since
you will fail later in the installation process when a certificate file
is being made (resulting in mysterious 'req: command not found' errors).
Also, improve the error message both for the missing openssl library
and openssl binary case.
2019-04-15 18:56:11 +02:00
Bram Matthys f3bd95fa42 Create some preliminary release notes.
[skip ci]
2019-04-14 14:12:06 +02:00
Bram Matthys 2ba65ed35c Move previous release notes to doc/RELEASE-NOTES.old
[skip ci]
2019-04-14 13:47:11 +02:00
Bram Matthys 11c6604aeb Print out clear warning/error if using an old spamfilter.conf.
For example for Windows users, or for *NIX users where the automated
patching of the spamfilter.conf did not work.
I've tried to make the error message as clear and big as possible
and the wiki article as clear as possible as to what the user needs
to do. Not much more I can do.... :)
2019-04-14 13:45:11 +02:00
Bram Matthys 4e75af79fa 'make install' will now upgrade the spamfilter.conf examples from
'posix' to 'regex' if the user is using the exact same spamfilter.conf
that shipped with UnrealIRCd 4.x until now. Otherwise, we do not
update anything. Also, custom spamfilters in this file are not touched.
Let's hope this will apply to most of our users to ensure that they
will have no or less issues with the 'posix' to 'regex' conversion
process.
2019-04-14 13:01:31 +02:00
Bram Matthys 3ba5153362 Abort when using list functions on structs with incorrect order.
This is mostly to guard 3rd party module writers against making
such a mistake. Up to now such a mistake would silently corrupt
memory without warning or error. That is, until you crashed :D.
2019-04-14 11:01:20 +02:00
Bram Matthys 570c59b2b2 Bump UNREAL_VERSION_TIME.
[skip ci]
2019-04-12 11:01:15 +02:00
Bram Matthys 3aa5048300 Improve error message if someone uses set::something literally in the
configuration file.
Also, make (global)'unknown directive' errors fatal, as they should be.
2019-04-07 17:09:12 +02:00
Bram Matthys 9d7354147d Add two blacklist blocks in example conf: DroneBL and EFnet RBL. 2019-04-05 21:06:50 +02:00
Bram Matthys 5c30d1af6d * Badword blocks now use PCRE2 if using regex at all (rare,
usually the fast badwords system is used instead)
* Code deduplication in src/modules/{chanmodes,usermodes}/censor.c
  to src/match.c -- which may be moved later again to efuncs.
* Add --without-tre:
  This means USE_TRE will be enabled by default right now
  but if using --without-tre it will be undef'ed. This so we
  can prepare for the TRE phase-out in 2020.
* Remove include/badwords.h, put contents in include/struct.h
2019-04-05 18:19:23 +02:00
Bram Matthys 9e69cd722d Remove unused regex support in antirandom 2019-04-05 16:27:07 +02:00
Bram Matthys 422f76a723 Fix very minor memleak introduced about 2-3 weeks ago. 2019-04-04 19:24:23 +02:00
Bram Matthys f111b5c1ad Update spamfilter.conf: convert some to 'simple' matchers and make clear
that these are just old examples from the year 2005.
Also, no longer include spamfilter.conf from the example*conf by
default as they do not contain any useful spamfilters nowadays.
2019-04-04 18:31:59 +02:00
Bram Matthys 05c4cb5e8f Replace match-type 'posix' with 'regex' in example spamfilter.conf.
Note that I should probably check if they still work now.. ;)
2019-04-02 21:04:40 +02:00
Bram Matthys 83372cc2c8 Bump example.conf server sendq from 5M to 20M. 2019-04-02 20:34:39 +02:00
Bram Matthys bd05cf8e58 Stop accepting /SPAMFILTER add -posix. You should really use PCRE2 by now.
Similarly, raise a warning for spamfilter { } blocks in the configuration
with match-type 'posix'.
See: https://www.unrealircd.org/docs/FAQ#spamfilter-posix-deprecated
2019-04-02 20:33:03 +02:00
Bram Matthys ee342d9b84 Re-indent set_mode and use new paracount_for_chanmode(). 2019-03-27 16:59:42 +01:00
Bram Matthys 8b222a1ed2 -Wno-empty-body 2019-03-27 14:00:35 +01:00
Bram Matthys b2307af8ec Get rid of "unknown option -Wno-invalid-source-encoding" warning when there
is another warning being triggered.
-copy paste comment from configure.ac-
We check for the -Woption even though we are going to use -Wno-option.
This is due to the following (odd) gcc behavior:
"When an unrecognized warning option is requested (e.g.,
 -Wunknown-warning), GCC emits a diagnostic stating that the option is not
 recognized.  However, if the -Wno- form is used, the behavior is slightly
 different: no diagnostic is produced for -Wno-unknown-warning unless
 other diagnostics are being produced.  This allows the use of new -Wno-
 options with old compilers, but if something goes wrong, the compiler
 warns that an unrecognized option is present."
Since we don't want to use any unrecognized -Wno-option, we test for
-Woption instead.
2019-03-27 13:44:29 +01:00
Bram Matthys e7de6cf3a4 Fix compile issue and report error when unable to write to pid file
(data/unrealircd.pid by default).
2019-03-27 13:26:30 +01:00
Bram Matthys dd2af3b31c Enable additional compiler warnings. Update code to conform to these
new standards, possible to compile with -Werror with them.
2019-03-27 09:03:30 +01:00
Bram Matthys 5a38d8ed75 Fix misleading indentation. 2019-03-25 18:37:05 +01:00
Bram Matthys 6d3a98653e The maximum number of clients (MAXCONNECTIONS) no longer defaults to 1024.
The new question in ./Config now defaults to 'auto' (both for new installs
and for upgrades). You can still specify a manual limit but it is no longer
recommended.
A MAXCONNECTIONS of 'auto' means - at present - that UnrealIRCd will try
to set a limit of 8192. This is quite a bump from the original 1024.
On systems where this is not possible we will simply use the highest amount
possible, such as 4096 on many systems, or 1024.
In fact, we now no longer error when MAXCONNECTIONS is higher than the
'ulimit -n' limit but will adjust ourselves to the limit.
Only if the effective limit is below 100 we will print out a fatal error
since running in such a scenario is highly discouraged.
The reason for this change is that nowadays with drone attacks we may need
to be able to handle more concurrent sockets. Also, many Linux distro's
have a default setting of unlimited or 4096 nowadays, out of the box.

For people packaging UnrealIRCd (not end-users):
The ./configure --with-fd-setsize=xx option was removed and the
optional(!!) --with-maxconnections=xx option has been added.
We recommend you NOT to pass this option. Not passing it means that
the previously mentioned 'auto' mode will be used, which is likely
best for most users.

Module coders:
Although it is unlikely you accessed the 'MAXCLIENTS' variable,
if you did, it is now called 'maxclients' (lowercase) since it is
adjusted at runtime and no longer a macro.
2019-03-25 15:43:26 +01:00
Bram Matthys ad173cc5d0 Ignore join flood check in channel mode +f when the server just booted.
This new option is called set::modef-boot-delay (default: 75 seconds).
See https://www.unrealircd.org/docs/Set_block#set::modef-boot-delay
2019-03-25 13:27:28 +01:00
Bram Matthys 5b20716e9b [cleanup] floodprot: move set::modef-* handling from core to module. 2019-03-25 13:10:03 +01:00
Bram Matthys 6c837d3ce4 Cleanup _test_operclass config code. 2019-03-25 09:33:59 +01:00
Bram Matthys 9ca53369e7 Lots of config code checks for "if (!cep->ce_varname)" however this is a
condition that will never happen, as it is already handled by the parser.
2019-03-25 09:21:15 +01:00
Bram Matthys 15d77298fe Empty blacklist::dns::type could lead to a crash (config file error).
All the rest are things that "will never happen" or dead code.
2019-03-25 09:04:31 +01:00
Bram Matthys 4490b8744e Use HAVE_RLIMIT instead of FORCE_CORE. And get rid of error message. 2019-03-24 15:50:56 +01:00
Bram Matthys a9b3e05b0c Brain damage 2019-03-24 15:22:02 +01:00
Bram Matthys b3e9d391d8 More updates to api-command, remove old functions such as del_Command(). 2019-03-24 15:18:41 +01:00
Bram Matthys e19639a1bd Fix compile problem #ifndef DEBUGMODE 2019-03-24 15:13:34 +01:00
Bram Matthys 59e3a42304 For the function declaration of command overrides, module coders are now
encouraged to use CMD_OVERRIDE_FUNC(override_xyz) rather than declaring
the function themselves. This works similar to CMD_FUNC(somecmd).
Example:
/* Forward declaration */
CMD_OVERRIDE_FUNC(override_xyz);
[..]
MOD_LOAD(somemodule)
{
	CmdoverrideAdd(modinfo->module, "XYZ", override_xyz);
[..]
CMD_OVERRIDE_FUNC(override_xyz)
{
	/* Do something useful here */
2019-03-24 08:27:26 +01:00
Bram Matthys 60952328f0 Add function type checking in CommandAdd()
And, for aliases, now use AliasAdd(), CommandAdd() is no longer permitted
for it. Do any modules use this?
2019-03-24 08:16:45 +01:00
Bram Matthys f9db29b768 Smart.. moving code to a separate function resulting in the use
of sizeof() on a char *...
2019-03-24 07:48:08 +01:00
Bram Matthys cb60bf286d Get rid of this useless DLLFUNC junk. This is only needed for symbols
that need to be visible from the outside of the .DLL (symbol export).
Long story short: you never need to use this yourself in a module.
Where needed it is already handled by UnrealIRCd.
2019-03-23 19:53:12 +01:00
Bram Matthys edfc832aa8 Some minor code cleanups, use CMD_FUNC() where possible. 2019-03-23 19:45:34 +01:00
Bram Matthys 7bcf419eda Add references to the technical S2S documentation
@skip-ci
2019-03-23 19:39:56 +01:00
Bram Matthys e4ddc80c2a Code cleanup: m_protoctl. Has always been ugly, just was never bothered
enough to clean it up. Also, remove PROTOCTL -<option> support, which is
not used by anything and was only supported on a handful of options
anyway. Also remove some debugging and PROTOCTL_MADNESS.
Finally, add a reference to the technical documentation.
2019-03-23 19:23:10 +01:00
Bram Matthys a11ee2b1a2 Skip * in PROTOCTL SERVERS=. This probably caused a bug which could be
triggered by doing quick server connects (crossing requests), something
that the PROTOCTL SERVERS= code is supposed to prevent (it should be
safe to connect to X servers at the same time, even every second).
2019-03-23 19:04:59 +01:00
Bram Matthys 5992a759f7 return 0.. 2019-03-23 18:44:00 +01:00
Bram Matthys ab50bf2afc Communicate server featureset (and changes) across server links.
Previously various information was only available for directly attached
servers, since it is communicated via PROTOCTL.
Now, we will also communicate information about leafs behind us.
IRCOps can use the /SINFO command to see these server features.
Services codes don't need to do anything, or at least are not expected
to do anything. They can still receive the information and do something
with it, of course...
Read the following technical documentation for full information,
as it will outline very specific rules for using the command S2S:
https://www.unrealircd.org/docs/Server_protocol:SINFO_command
2019-03-23 17:56:59 +01:00
Bram Matthys 335a7569bb Bugs like this can keep you occupied for a while:
safestrdup(somevar, s+10);
..always caused somevar to be NULL :D.
2019-03-17 20:16:21 +01:00
Bram Matthys 7ad6b15e92 It would be nice if expired TKL's actually get removed (duh).
Caused by fac1e30b91 from March 3, 2019.
2019-03-15 16:34:30 +01:00
Bram Matthys 761ae02935 Change assert() to if..!...abort() so it produces proper core dumps.
Yeah, that's how it works, unfortunately.
2019-03-15 16:03:48 +01:00
Bram Matthys fd73739847 Handle SSL_ERROR_WANT_READ in a better way. 2019-03-10 15:00:45 +01:00
Bram Matthys 872830bdf2 I give up. Test framework will no longer run on Travis-CI, ruby is broken. 2019-03-09 15:38:08 +01:00
Bram Matthys b396dc3c20 .. 2019-03-09 15:33:31 +01:00
Bram Matthys f47dc78418 . 2019-03-09 15:31:48 +01:00
Bram Matthys 2c114d458e ............................... 2019-03-09 15:27:46 +01:00
Bram Matthys f039e08f0b Travis-CI + ruby = .... 2019-03-09 15:17:31 +01:00
Bram Matthys e0a4e7fe71 Travis-CI: :/ 2019-03-09 15:05:47 +01:00
Bram Matthys 2e79c34c11 Travis-CI: more diagnostics 2019-03-09 11:59:33 +01:00
Bram Matthys 99b379fca8 Travis-CI: :( 2019-03-09 11:47:18 +01:00
Bram Matthys 584f3e9d6d Travis-CI: argh argh 2019-03-09 11:32:27 +01:00
Bram Matthys 20550981f8 Travis-CI: argh! 2019-03-09 11:12:55 +01:00
Bram Matthys 5d69fe9d93 Missing return NULL in find_tkline_match_zap_matcher (due to commit from
a few days ago)
2019-03-09 10:23:19 +01:00
Bram Matthys ad063ba36a Fix ./unrealircd spkifp complaining that it could not find the certificate
file if you specified a relative path. Until now only absolute paths worked.
Bug reported by CrazyCat.
2019-03-08 09:32:05 +01:00
Bram Matthys fac1e30b91 Major TKL speed improvements. 2019-03-03 20:25:05 +01:00
Bram Matthys 87c81e7e9f This fsync() call slows things down too much at high connection rates. 2019-03-03 19:03:05 +01:00
Bram Matthys 41c1f01011 Bump version to 4.2.3-dev to make clear that this git version is under development. 2019-03-03 17:14:09 +01:00
Bram Matthys 16659de0b2 Changing set::anti-flood::invite-flood had no effect. It was always 4:60.
Reported by Betaman2k in https://bugs.unrealircd.org/view.php?id=5222
2019-03-03 14:16:49 +01:00
Bram Matthys 766055d5c0 Fix set::ban-setter and set::topic-setter being set to nick-user-host
out of the blue. The classic C mistake where = instead of == was written
in an if statement... duh.
2019-03-02 08:49:47 +01:00
Bram Matthys de1548de73 UnrealIRCd 4.2.2. 2019-03-01 14:38:44 +01:00
Bram Matthys f599ea02cb WHO(X) auto-conversion bug regarding 'a' and 'c' which no longer exist
in WHOX.
2019-03-01 14:34:43 +01:00
Bram Matthys d068cd41ca Fix crash in websocket module. 2019-03-01 14:10:06 +01:00
Bram Matthys d7e5ff82f0 Update curl-ca-bundle.crt (Wed Jan 23 04:12:09 2019 GMT) 2019-03-01 13:57:35 +01:00
Bram Matthys e16e2b36d8 UnrealIRCd 4.2.2-rc2 2019-02-11 09:19:38 +01:00
Bram Matthys c6f01aa3f1 Protect 2 more commands against rogue server to server traffic. 2019-02-11 08:47:51 +01:00
Bram Matthys 294560f944 KILL: Not sure if this fixes anything but at least it's less cryptic. 2019-02-10 17:30:39 +01:00
Bram Matthys 9a0bd31cf8 Fix unlikely crash if you had a spamfilter targetting away that was
only local (so in .conf) and it hit a remote user.
Also, re-indent this monster...
2019-02-10 17:09:48 +01:00
Bram Matthys 1dbef111fb Fix crash if receiving malformed server to server traffic (from an
authenticated server): TKL deleting a spamfilter with insufficient
parameters.
2019-02-10 17:08:47 +01:00
Bram Matthys 1f03dbdd05 CHGNAME and SETNAME: if a remote user used a realname that was banned
on this server then we could possibly crash. (Fortunately most networks
use the same ban realname blocks on all their servers)
2019-02-10 14:54:28 +01:00
Bram Matthys 3712fad891 When a server does not use SID's, set empty id as before.
This bug was post-rc1, caused by dde8f914fb.
2019-02-10 14:48:29 +01:00
Bram Matthys 7e444d3b9f Fix SJOIN bug in rc1: was using an incorrect buffer when SJSBY was
not used, such as in a mixed version scenario.
2019-02-10 14:43:34 +01:00
Bram Matthys 77d3e844dc Fix a bunch of REHASH memory leaks. 2019-02-10 10:36:20 +01:00
Bram Matthys 7d5c3a1b68 Fix hang/crash due to commit from yesterday, reported by k4be.
(cause: dde8f914fb)
2019-02-10 09:56:53 +01:00
Bram Matthys c7f00edd9d Quicker handshake when using many CAP requests and/or AUTHENTICATE.
I was wondering why the handshake took 4 seconds for a client which
authenticates using SASL. Turns out that fake lag was kicking in due
to the many "CAP req" commands combined with the other handshake stuff.
Now the first 15 (or so) "CAP" requests are "free", without fake lag.
2019-02-09 16:47:24 +01:00
Bram Matthys 78cd122a05 Allow SASL post-registration. Unfortunately the anope unreal4 protocol
module also requires an update to support this.
2019-02-09 14:39:34 +01:00
Bram Matthys dde8f914fb Internal: make UID available early (pre-auth). 2019-02-09 14:35:48 +01:00
Bram Matthys a740570710 Fix crash bug (in rc1 only) if ::ssl-options are being used and the
outdated SSL protocols/ciphers are being checked.
2019-02-08 12:02:52 +01:00
Bram Matthys 9c0f1f3505 Fix OOB read in m_whox.
Strange order for a compare, first the 2nd byte, then the 1st byte ;)
Anyway, this issue can only be triggered since rc1, no big issue.
2019-02-06 19:31:10 +01:00
Bram Matthys e443182573 UnrealIRCd 4.2.2-rc1 2019-02-06 16:00:38 +01:00
Bram Matthys 988f64e3b3 Fix crash when linking (caused by commit from 4 days ago). 2019-02-06 12:54:37 +01:00
Bram Matthys f92a6fec79 Release notes: clarify flood limit in older versions
@skip-ci
2019-02-06 12:17:47 +01:00
Bram Matthys 70a9a6f6b2 Added INVITE and KNOCK flood protection (command rate limiting).
set::anti-flood::invite-flood defaults to 4 per 60 seconds.
set::anti-flood::knock-flood defaults to 4 per 120 seconds.
2019-02-06 12:00:51 +01:00
Bram Matthys 57f97a5a43 Removed a debugging message and fixed TARGMAX being broken after a REHASH. 2019-02-06 09:24:31 +01:00
Bram Matthys 1e1f750b44 New set::max-targets-per-command which configures the maximum number
of targets accepted for a command, eg /MSG nick1,nick2,nick3,nick4 hi.
Also changed the following defaults (previously hardcoded):
* PRIVMSG from 20 to 4 targets, to counter /amsg spam
* NOTICE from 20 to 1 target, to counter /anotice spam
* KICK from 1 to 4 targets, to make it easier for channel operators
  to quickly kick a large amount of spambots
See https://www.unrealircd.org/docs/Set_block#set::max-targets-per-command

(actually still need to write the documentation)
2019-02-04 17:51:09 +01:00
Bram Matthys 1e6d8ea536 Fix compile problem due to previous commit. 2019-02-04 14:42:17 +01:00
Bram Matthys 9f4296d648 New set::anti-flood::max-concurrent-conversations which configures the
maximum number of conversations a user can have with other users at the
same time. Until now this was hardcoded at limiting /MSG and /INVITE to
20 different users in a 15 second period. The new default is 10 users,
which serves as a protection measure against spambots.
See https://www.unrealircd.org/docs/Set_block#maxcc for more details.
2019-02-04 09:52:08 +01:00
Bram Matthys 7153468081 UnrealIRCd will now warn if your ulines { } are matching UnrealIRCd servers.
See https://www.unrealircd.org/docs/FAQ#WARNING:_Bad_ulines
2019-02-02 08:44:14 +01:00
Bram Matthys be50ef4a1e Get rid of warning on-boot "Channel modes changed at runtime" 2019-02-02 07:53:07 +01:00
Bram Matthys f9415e1a91 m_whox: now accept and transform most classic UnrealIRCd WHO requests
such as "WHO +s serv.er.name" to "WHO serv.er.name s".
It also does advanced transformation such as "WHO -m z" to "WHO -z m"
**copy paste from comment in code**
Flag a: user is away                                            << no longer exists
Flag c <channel>: user is on <channel>                          << no longer exists
Flag g <gcos/realname>: user has string <gcos> in his/her GCOS  << now called 'r'
Flag h <host>: user has string <host> in his/her hostname       << no change
Flag i <ip>: user has string <ip> in his/her IP address         << no change
Flag m <usermodes>: user has <usermodes> set                    << behavior change
Flag n <nick>: user has string <nick> in his/her nickname       << no change
Flag s <server>: user is on server <server>                     << no change
Flag u <user>: user has string <user> in his/her username       << no change
Behavior flags:
Flag M: check for user in channels I am a member of             << no longer exists
Flag R: show users' real hostnames                              << no change (re-added)
Flag I: show users' IP addresses                                << no change (re-added)
**end of paste**
Of course we cannot convert 100% from classic UnrealIRCd WHO to WHOX-style
because things like "WHO +m r" could mean either "search for +m in realname" (WHOX)
or "search for +r in modes" (classic). In cases like this we assume WHOX, so to not
break any WHOX compatibility.

Added matchers: 'R' (show real host) and 'I' (show IP)

This code will need more testing, both by classic WHO and by WHOX users...
2019-02-01 17:46:59 +01:00
Bram Matthys eecd29bdc8 WHOX: adaptions for UnrealIRCd part 1:
* No longer require a ! prefix for ircops to see users
* "WHO *" is no longer different than the rest
  (previously in m_whox would only list users on 1st channel)
Neither is part of the WHOX specs.
2019-02-01 15:21:53 +01:00
Bram Matthys 52e72c2ed9 Update reference to RELEASE-NOTES.old (link used wrong branch) 2019-02-01 14:27:07 +01:00
Bram Matthys 1790efd05d The message sent to users upon *LINE can now be adjusted completely via
set::reject-message::kline and set::reject-message::gline.
See https://www.unrealircd.org/docs/Set_block#set::reject-message
Suggested by k4be in https://bugs.unrealircd.org/view.php?id=5198
2019-02-01 14:25:52 +01:00
Bram Matthys ff9ca3c8ef Add 005 token DEAF=d 2019-01-31 17:47:06 +01:00
Bram Matthys a999b305a5 Remove 005 CMDS= token, which was an unnecessary abstraction and was
not picked up by any other IRCd. The 005 tokens KNOCK MAP USERIP are
now used instead. We do not announce STARTTLS in 005 anymore as this
is way too late (post-handshake, sensitive info already sent and/or
received). Not to mention STARTTLS is not the preferred method to
setup a secure connection in the first place.
Module coders: this means CommandAdd() with M_ANNOUNCE should no
longer be used. If a 3rd party module does use it, then UnrealIRCd
will now raise a warning. In a later UnrealIRCd version the flag
is likely to be removed completely so would cause a compile error.
(I doubt any module uses this anyway... but still..)
2019-01-31 17:34:07 +01:00
Bram Matthys 6cbd2744d7 * The default maximum topic length has been increased from 307 to 360.
* You can now set more custom limits. The default settings are shown below:
  set {
      topic-length 360; /* maximum: 360 */
      away-length 307; /* maximum: 360 */
      quit-length 307; /* maximum: 395 */
      kick-length 307; /* maximum: 360 */
  };
* A new 005 token has been added: QUITLEN. Works similar to KICKLEN.

The ability to adjust the topic length in the configuration file was
requested by Amiga600 in https://bugs.unrealircd.org/view.php?id=4692
At that place is also additional information on why there is a
"maximum" for topic length.
2019-01-30 17:50:17 +01:00
Bram Matthys 41239119f8 Update release notes a bit. 2019-01-30 16:54:56 +01:00
Bram Matthys 88030c63fb 1) Simplify dealing with isupport (numeric 005) stuff from the config code.
There's now no longer a difference between a rehash or boot.
2) Other cleanups in s_conf.c as well. Looks better now.
3) Sort the 005 tokens alphabetically. Enforcing some other 'logical order'
   was futile and this makes things consistent between rehashes.

For module coders this adds some new functions, such as IsupportSet,
IsupportSetFmt and IsupportDelByName. I'll document them later.
2019-01-30 16:42:19 +01:00
Bram Matthys 98fca7979f Code cleanup: internally rename iConf.nicklen to .nick_length to match the
convention that set::some-name is called iConf.some_name
2019-01-30 10:49:44 +01:00
Bram Matthys 5eaa711969 Update release notes to reflect current state. 2019-01-28 16:06:59 +01:00
Bram Matthys d085fb09c1 Three new config items to make topic and ban setter nick!user@host and
to control synchronization of the +beI setter across server links
(that is, the feature just introduced one commit ago):
set {
     topic-setter [nick|nick-user-host]; /* nick = default */
     ban-setter [nick|nick-user-host]; /* nick = default */
     ban-setter-sync [yes|no]; /* yes = default */
};
This also means that --with-topicisnuhost / TOPIC_NICK_IS_NUHOST
is now removed, since this now goes via set::topic-setter.

Also, moved the "first" PROTOCTL from include/common.h to send_proto()
in src/s_serv.c so the bunch of PROTOCTL lines is all in one place
(and so I could conditionally send SJSBY).
Ok, it's not entirely all in one place, PROTOCTL EAUTH is still sent
at another place (early, duh), but still..
2019-01-28 15:41:44 +01:00
Bram Matthys 874d99e0eb For +beI lists the 'set by' and 'set at' information is now synchronized
when servers link. Thus, you can see the real setter and time also after
a netsplit (/mode #channel b). This, unlike before, when setby was
name.of.server and time was the time of the synch.
This requires the entire network to run UnrealIRCd 4.2.2 or later.
Suggested by k4be in https://bugs.unrealircd.org/view.php?id=5183
Technical details: the PROTOCTL token to enable this is "SJSBY" and see
https://www.unrealircd.org/docs/Server_protocol:SJOIN_command for more
information, in particular the last section there.
2019-01-28 14:36:41 +01:00
Bram Matthys 4aa2d47deb Run test framework with a hub in-between to test command propagation. 2019-01-28 09:29:44 +01:00
Bram Matthys ed1f47f80a Can't stand http:// URLs... 2019-01-25 20:50:05 +01:00
Bram Matthys 2a3dd0e350 what is this 'return 0' doing here... 2019-01-23 16:36:42 +01:00
Bram Matthys ac9463a83f Rename hook HOOKTYPE_CAN_SEND_SECURE to HOOKTYPE_SEND_CHANNEL, which is
more descriptive and AFAICT nobody uses this hook in a public 3rd party
module anyway.
2019-01-21 17:02:14 +01:00
Bram Matthys 083826ee94 modules/usermodes/noctcp (+T): 1) only block CTCP's and not CTCP REPLIES,
2) allow IRCOps to bypass user mode +T restrictions. Reported by St3Nl3y,
HeXiLeD and Koragg in https://bugs.unrealircd.org/view.php?id=5166
2019-01-21 16:55:29 +01:00
Bram Matthys ee20160bc3 Add another type for HOOKTYPE_CONFIGTEST and HOOKTYPE_CONFIGRUN
for CONFIG_LISTEN. This so a module can have custom options in
the listen block. Like all other CONFIG_* options you are supposed
to return 1 if your module handles this option and 0 if not.
From HOOKTYPE_CONFIGTEST you can also return -1 to indicate error
for an option that is handled by the module.
Note that 'cep' is passed, that is the option for the variable
that is being checked, and not the 'ce', the parent of the listen
block. If you want to access the parent, then use ce->ce_prevlevel.
2019-01-21 13:55:20 +01:00
Bram Matthys 7a3ba05c03 Similar to previous commit, fix resolving of temporary modules (.so files)
in crash reports as well... and make them in English, regardless of the
users' locale... better for us ;)
2019-01-21 13:37:52 +01:00
Bram Matthys 6fcacdf148 Fix './unrealircd backtrace' not working correctly in non-English environments.
The script symlinks any missing tmp/xxxx.so's to the real module name but
depends on English statements (ugly, yeah, but it works). With a non-English
locale this did previously not work so the backtrace was screwed.
2019-01-21 13:30:15 +01:00
Bram Matthys 41e6d5b7e9 Fix for strangely formatted 'creation date' if compiled with certain locales.
Reported by k4be.
2019-01-21 13:26:22 +01:00
Bram Matthys bcb667c59e New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you
to send a message at very specific places during the initial welcome
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_WELCOME
2019-01-21 10:12:46 +01:00
Bram Matthys 25ede84a04 This makes more sense. Also testing announcement bot :D 2019-01-21 10:10:51 +01:00
Bram Matthys c726df5758 Travis-CI: The job exceeded the maximum log length, and has been terminated.
Fantastic. https://github.com/travis-ci/travis-ci/issues/1382
2019-01-18 15:31:14 +01:00
Bram Matthys 013dd06aee Travis-CI: End of argh. 2019-01-18 14:45:55 +01:00
Bram Matthys 3bacb28555 Travis-CI: no comment 2019-01-18 14:24:19 +01:00
Bram Matthys 8a9971618f Travis-CI: ..or without sudo..
I really love this..
2019-01-18 14:05:45 +01:00
Bram Matthys 3e3da94a41 Travis-CI: new image, have to install bundler again. 2019-01-18 14:00:00 +01:00
Bram Matthys 4d5e627b27 Update release notes: * New set::outdated-tls-policy which describes what to
do with clients that use outdated SSL/TLS protocols (eg: TLSv1.0) and
ciphers.  The default settings are to warn in all cases: users connecting,
opers
/OPER'ing up and servers linking in.  The user will see a message telling
them to upgrade their IRC client.  This should help with migrating such
users, since in the future, say one or two years from now, we would want to
change the default to only allow TSLv1.2+ with ciphers that provide Forward
Secrecy.  Instead of rejecting clients without any error message, this
provides a way to warn them and give them some time to upgrade their
outdated IRC client.
https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-18 13:38:14 +01:00
Bram Matthys 425571a8d2 Update UnrealIRCd version to 4.2.2-dev 2019-01-18 13:22:58 +01:00
Bram Matthys e82dbdce1a Update doc/RELEASE-NOTES.old. Now contains 4.2.0 and 4.2.1 release notes,
I forgot the 4.2.0 one earlier..
2019-01-18 13:20:28 +01:00
Bram Matthys 4681603c52 Fix bug where "link-security" was downgraded to level 1 if using 'spkifp'. 2019-01-18 13:10:51 +01:00
Bram Matthys 778be86c66 Update HELPOP EXTBANS on ~t (timed bans), ~m (msgbypass) and ~T (textban)
since these are loaded by default since UnrealIRCd 4.2.0.
2019-01-14 15:10:23 +01:00
Bram Matthys f4b432ae94 Add RC4 and 3DES to set::ssl::outdated-ciphers, in case anyone uses some
insecure custom ::ciphers setting, this so RC4 and 3DES still get flagged.
2019-01-12 11:29:16 +01:00
Bram Matthys 67d691fce9 * New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
  The default settings are to warn in all cases: users connecting,
  opers /OPER'ing up and servers linking in. The user will see a message
  telling them to upgrade their IRC client.
  This should help with migrating such users since in the future, say one
  or two years from now, we would want to change the default to only allow
  TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
  clients without any error message, this provides a way to warn them and
  give them some time to upgrade their outdated IRC client.
  https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
2019-01-12 11:08:18 +01:00
Bram Matthys 8e7a085474 AppArmor profile in extras/security/apparmor: no changes but make it
clear that this has been tested on Ubuntu 16.04 and Ubuntu 18.04.
2019-01-12 10:52:05 +01:00
Bram Matthys 5fd673d059 Rename PLAINTEXT_POLICY_* to POLICY_ (and similarly, the struct, etc) 2019-01-11 13:27:29 +01:00
Bram Matthys a1d2698ead Provide get_ssl_options_for_client() to get the SSLOptions * for a client. 2019-01-11 13:16:09 +01:00
Bram Matthys b0c8629284 Travis-CI: remove TLS test for libressl-25 (no longer supported)
[skip ci]
2019-01-11 12:34:43 +01:00
Bram Matthys 72a3a445ee Travis-CI: Update OpenSSL and LibreSSL versions
* Remove LibreSSL versions that are no longer supported (2.5.x and 2.6.x).
* Add LibreSSL 2.8.x (current stable) and 2.9.x (current dev)
* OpenSSL releases only had updates in their 'letter suffixes'
2019-01-11 11:54:13 +01:00
Bram Matthys 9668aaaade Travis-CI: Rename .txt files to match $BUILDCONFIG 2019-01-11 11:42:36 +01:00
Bram Matthys dbeb5af2ea Updates to SSL/TLS tests. 2019-01-11 11:30:40 +01:00
Bram Matthys 227abacdb5 Hm? 2019-01-11 10:52:16 +01:00
Bram Matthys 8e1af5f304 Update SSL/TLS tests and put them in extras/tests/tls 2019-01-11 10:45:20 +01:00
Bram Matthys 9873382e6b Add SSL/TLS tests. 2019-01-11 10:06:21 +01:00
Bram Matthys 7d68ea0570 Update default ciphers, or actually only the ones not providing PFS, by
preferring AES-256 over AES-128 (in contrast to the Mozilla "intermediate"
profile which prefers AES-128). Again, this only affects non-PFS cases, as
all modern clients with PFS already had CHACHA20 and AES-256 negotiated.
The portion of non-PFS clients should only be few percent, if any.
I was actually considering removing non-PFS ciphersuites but it seems a bit
early to do so, at least not without more research on affected clients.
2019-01-11 09:19:44 +01:00
Bram Matthys dbbe6e7248 Travis-CI: another attempt 2019-01-10 20:29:11 +01:00
Bram Matthys 981a5d44b2 Travis-CI: install specific bundler (wtf?) 2019-01-06 20:34:16 +01:00
Bram Matthys 2a9b20369b Travis-CI: use Ubuntu 16.04 instead of 14.04
...since 14.04 seems to fail due to an outdated ruby.
2019-01-06 20:14:04 +01:00
Bram Matthys 8c9e4b8668 Poison unused parv[] elements that code should never access.
The last parv[] array element will be NULL. Accessing any elements after
that is undefined, similar to reading past the nul byte of a string.
This poison will help catch such bugs. Without this poison your code
will also crash, now it just crashes more consistently.
2019-01-06 19:21:59 +01:00
Bram Matthys dbf7aeb386 UnrealIRCd 4.2.1.1: compile fix for Debian stretch if you have a version of
libargon2 installed that does not provide Argon2id.
2019-01-03 08:57:59 +01:00
Bram Matthys 4965fc6741 Fix for systems with libargon2 that don't have Argon2id (Debian 9.6).
Apparently Debian stretch has 20160821's version which just falls short.
20161029 already has it included. We'll now use shipped libargon2 for
versions below 20161029. Thanks to vectr0n for reporting the issue.
2019-01-02 19:20:42 +01:00
Bram Matthys c173b17064 Fix SAJOIN, SAPART and SAMODE not working due to operclass.default.conf
using the 'sacmds' permission, when it should actually be 'sacmd'.
Reported by Stanley.
2018-12-28 17:55:32 +01:00
Bram Matthys 5da3ef8889 UnrealIRCd 4.2.1 (will publish tomorrow) 2018-12-26 23:06:33 +01:00
Bram Matthys 8b0cad3845 Fix for 'require authentication' (duh)
.. yeah I and others were still using 'require sasl' :D
2018-12-22 10:36:48 +01:00
Bram Matthys 56568f4033 Update release notes. This may be final for 4.2.1-rc1. 2018-12-22 10:12:53 +01:00
Bram Matthys 43de2dd747 Update release notes 2018-12-21 18:05:06 +01:00
Bram Matthys 73502ca4b6 Update help.conf with new WHO status flag 's' (secure) 2018-12-21 18:03:57 +01:00
Bram Matthys bb7bc90612 Forgot to update c-ares version in extras/curlinstall.... 2018-12-21 15:59:51 +01:00
Bram Matthys ad9a1b0b94 Import settings from UnrealIRCd 4.2.0
[skip ci]
2018-12-21 15:57:08 +01:00
Bram Matthys e30712f3d4 Update Windows libraries and the Windows build command for build tests.
[skip travis ci]
2018-12-21 15:42:32 +01:00
Bram Matthys f3f397b066 Update shipped libs: c-ares to 1.15.0 and PCRE2 to 10.32 2018-12-21 15:32:23 +01:00
Bram Matthys f1844e40a5 Set version to 4.2.1-rc1. The release notes are still likely to change. 2018-12-21 15:24:12 +01:00
Bram Matthys 54c17aa65d Indicate 's' in WHO reply flags if the user is secure (SSL/TLS). 2018-12-21 14:21:19 +01:00
Bram Matthys bb0530f694 In the authprompt documentation point the user to (possibly) tweaking
the set::handshake-timeout setting as well.
2018-12-21 13:24:25 +01:00
Bram Matthys 7755d10829 [authprompt] Suggest /QUOTE AUTH .. instead of /AUTH .. 2018-12-21 07:58:38 +01:00
Bram Matthys 62e30ec342 Fix typo in config warning. 2018-12-21 07:58:12 +01:00
Bram Matthys 267c2f3e56 Make authprompt work for soft KLINE/GLINE and soft-xx ban actions
(in registration phase anyway), as promised earlier in the documentation.
2018-12-19 17:42:13 +01:00
Bram Matthys 7f8172faef Bump fakelag on failed authentication attempt (SASL, real or emulated) 2018-12-19 17:41:28 +01:00
Bram Matthys 7aaf5e9a42 Update release notes regarding a fix from today.
[skip ci]
2018-12-19 17:13:39 +01:00
Bram Matthys 88fadc134d Fix build issue on Windows
[skip travis ci]
2018-12-19 13:58:44 +01:00
Bram Matthys 0ac56e4444 Fix line number in error messages being off, as reported in
https://bugs.unrealircd.org/view.php?id=5169
caused by commit 51ed51dff1
2018-12-19 13:50:09 +01:00
Bram Matthys 56a964bba1 Hide remote includes auth information in error messages. Reported by Jellis
in https://bugs.unrealircd.org/view.php?id=5172
2018-12-19 13:02:36 +01:00
Bram Matthys 6b089dfcd6 The new module is now called authprompt. Also wrote an article:
https://www.unrealircd.org/docs/Authentication
And "require sasl" is now "require authentication"
(the old name will only raise a warning, not cause an error)

Note that authprompt currently only does the "require authentication"
stuff and not yet the soft-xx actions. That will be something for
later this week, but I've already documented it as such (here and
there anyway).
2018-12-17 17:32:43 +01:00
Bram Matthys b1e1b6d9d5 quick fix for build tests, will fix later. 2018-12-16 16:40:35 +01:00
Bram Matthys ce4aeff63f Add saslemulation to Windows makefile.
[skip travis ci]
2018-12-16 15:53:12 +01:00
Bram Matthys 2ed958f2ee Fix typo in modules.optional.conf. 2018-12-16 15:52:04 +01:00
Bram Matthys 9f3e060a3d This is a better one line description. 2018-12-16 13:56:17 +01:00
Bram Matthys 0254894368 Authentication prompt for non-SASL users:
We previously introduced the "require sasl" block which allows you to
force users from certain IP addresses to authenticate with their nickname
and password via SASL. We now offer a new experimental module called
'saslemulation' which will help non-SASL users by showing a notice and
asking them to authenticate to their account via /AUTH <user>:<pass>.
See https://www.unrealircd.org/docs/Set_block#set::sasl-emulation

Note that this is work in progress, although the functionality of
already works. Still need to do some cleaning and expand the scope.
And more testing...
2018-12-16 13:51:22 +01:00
k4bek4be c124f65027 fix IPv6 DNS blacklist (#78)
Fix IPv6 blacklist checking (DNSBL). Patch from k4be.
2018-12-15 19:53:33 +01:00
Bram Matthys 3774e5661f Fix for *-with-override operclasses. 2018-12-14 18:10:14 +01:00
Bram Matthys a0167c35c0 Major reorganization of operclass privileges:
* The operclass privileges have been redone. Since there were 50+ changes
  to the 100+ privileges it makes little sense to list the changes here.
  If, like 99% of the users, you use default operclasses such as "globop"
  and "admin-with-override" then you don't need to do anything.
  However, if you have custom operclass { } blocks then the privileges
  will have to be redone. For more information on the conversion process,
  see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
  For the new list of permissions, with much better naming and grouping:
  https://www.unrealircd.org/docs/Operclass_permissions
The inconsistency in the privileges was initially reported by webczat in
https://bugs.unrealircd.org/view.php?id=4771
The subsequent reorganization took two full days, so.. hopefully the
people who are using - or plan to use - custom operclasses will like the
new layout... except that they need to redo their work of course ;)
2018-12-14 17:05:32 +01:00
Bram Matthys e470541a8b Windows............ whatever. 2018-12-10 18:28:13 +01:00
Bram Matthys 267f6adc54 Tadah. Fix vs2017, reported by Gottem. 2018-12-10 18:15:22 +01:00
Bram Matthys 7dcb5a5bb1 The authentication types 'md5', 'sha1' and 'ripemd160' have been
deprecated because they can be cracked at high speeds. They still
work, but a warning will be shown on boot and on rehash.
Please use 'bcrypt' or (even better) the new 'argon2' type instead:
"./unrealircd mkpasswd argon2" or "/mkpasswd argon2 passwd" on IRC.

Also, not in release notes because it would take up too much text:
Unix crypt is a bit more complicated: most types are outright 'bad',
while other types have reasonable security similar to 'bcrypt'.
To be honest these people should probably use 'argon2' since it's
a lot better. Then again, warning about this when it's still such
a common hashing method (now, in 2018) may be a bit overzealous.
So: not warning about crypt types $5/$6 which use SHA256/SHA512
with normally at least 5000 rounds (unless deliberately weakened
by the user), but we do warn about other crypt() usage.

Also, mkpasswd support for those deprecated types has been removed since
there's no good reason to generate new password hashes with these.
2018-12-10 15:46:11 +01:00
Bram Matthys 02184fe3a0 Write release notes (reflecting current state, anyway).
[skip ci]
2018-12-10 09:00:35 +01:00
Bram Matthys b335f8c284 Remove -lrt and -ldl for systems lacking pkg-config and building with
system libargon2.
2018-12-10 08:49:30 +01:00
Bram Matthys 8bbcd94071 Set UnrealIRCd version to 4.2.1-dev 2018-12-10 08:24:57 +01:00
Bram Matthys 9fdd93f0e4 Fix libargon2 autodetection (system lib). 2018-12-10 08:19:41 +01:00
Bram Matthys 942da806dd Make build test compile with Argon2 lib 2018-12-09 17:56:04 +01:00
Bram Matthys a852b480d5 Add support for Argon2 password hashes (argon2id).
Also, make this the default for './unrealircd mkpasswd'.
The Windows version also works.. I just need to create a new library
package, will be done later today or tomorrow.
https://bugs.unrealircd.org/view.php?id=5116
2018-12-09 17:22:12 +01:00
Bram Matthys 459a55245a No longer require "};" in config files, from now on "}" will suffice.
Note that both }; and } forms are accepted now, even mixed, and this
will not raise a warning or error.
I've always found it odd that we required a ; after }. In a language
like C for typedef structs it has some meaning since there could be
an alias between the } and the ;, but in UnrealIRCd there's no such
thing.
2018-12-08 16:03:58 +01:00
Bram Matthys 51ed51dff1 Remove non-standard 'nested comments' features, also known as
"comments within comments are not ignored".
Reported by bekarfel in https://bugs.unrealircd.org/view.php?id=4075
FAQ entry: https://www.unrealircd.org/docs/FAQ#Nesting_comments
2018-12-08 15:51:50 +01:00
Bram Matthys 7cd0bbbcb9 On second thought, for m_whox the priority is not important,
so set it to zero (0).
2018-12-08 15:29:02 +01:00
Bram Matthys 9cfff2d07d In 4.2.0 we added support for priorities in CmdoverrideAddEx(),
however it turns out they were accidentally reversed.
This is now corrected: highest number = highest prioty.
Reported by Gottem in https://bugs.unrealircd.org/view.php?id=5162
2018-12-08 15:23:42 +01:00
Bram Matthys 8d1047d4e9 Remove old function is_irc_banned(). Ahhh, WebTV times.. 2018-12-08 13:06:41 +01:00
Bram Matthys 84686f02bb Fix checking for target nick bans (cannot change to a nick that is banned).
This was and still is the default, set::check-target-nick-bans 'yes', however
the feature was broken since UnrealIRCd 4.0.0 (-betaX) by commit
709c7e890e. Reported by PeGaSuS and St3Nl3y.
2018-12-08 13:01:27 +01:00
Bram Matthys 4bef3a5238 Nothing important. Update comments of place_host_ban() and add an explicit
'case BAN_ACT_SOFT_KILL', even though it is already handled by 'case default'.
2018-11-21 14:26:35 +01:00
Bram Matthys 4a0dcc5f13 Load antimixedutf8 from modules.optional.conf 2018-11-21 12:35:25 +01:00
Bram Matthys 9d5e46c43c Set default score to 10. Prevents innocent Russians from getting caught :D 2018-11-18 20:07:09 +01:00
Bram Matthys 9f7b8997f2 Fix stupid bug for <4.2.0, reported by PeGaSuS 2018-11-18 19:52:54 +01:00
Bram Matthys 112c5d922e Fixes for Cyrillic (false positives when speaking Russian, etc...) 2018-11-18 19:39:39 +01:00
Bram Matthys b89bd719a7 Compatibility... 2018-11-18 18:50:45 +01:00
Bram Matthys d0799a0f04 Build antimixedutf8 2018-11-18 18:28:28 +01:00
Vitor 6f3ef8e3a7 Update help.conf (#76)
Update help.conf with +Z and +D
2018-11-18 18:21:34 +01:00
Vitor 4b5e950ffd Update antimixedutf8.c (#77)
Fix credits in antimixedutf8.
2018-11-18 17:00:55 +01:00
Bram Matthys 793e827218 Add "anti mixed utf8" module (antimixedutf8):
This module will detect and stop spam containing of characters of
mixed "scripts", where some characters are in Latin script and other
characters are in Cyrillic.
This unusual behavior can be detected easily and action can be taken.

loadmodule "antimixedutf8"; /* or third/antimixedutf8 */
set {
        antimixedutf8 {
                score 5;
                ban-action block;
                ban-reason "Possible mixed character spam";
                ban-time 4h; // For other types
        };
};
2018-11-18 15:19:11 +01:00
Bram Matthys d11b3228e6 ** UnrealIRCd 4.2.0 ** 2018-09-29 21:31:35 +02:00
Bram Matthys 98a33f7485 Windows: modules.optional.conf missing 2018-09-29 20:08:26 +02:00
Bram Matthys 02d69e7d83 Update release notes / version 2018-09-28 15:32:31 +02:00
Bram Matthys 2509482e02 Update UnrealIRCd version 2018-09-28 09:31:35 +02:00
Bram Matthys 6acfa3404b UnrealIRCd version updates 2018-09-28 09:26:40 +02:00
Bram Matthys 02c5c8567a Fix rare crash if deleting spamfilter by id that isn't a spamfilter. 2018-09-23 18:41:47 +02:00
Bram Matthys b4b6ebbca3 Similarly, use sptr/acptr to conform to current style. 2018-09-22 12:44:03 +02:00
Bram Matthys 75e2ed38e2 Some re-indenting / codestyle changes, nothing fancy, mostly whitespace
and brackets.
2018-09-22 12:42:14 +02:00
Bram Matthys 1feeb86cd3 Fix crash bug in m_whox. 2018-09-22 11:38:08 +02:00
Bram Matthys 24ea77f507 Update release notes
@skip-ci
2018-09-21 09:32:59 +02:00
Bram Matthys a7af69b887 Use same ciphersuite as decided earlier. 2018-09-21 09:11:09 +02:00
Bram Matthys d56eddd69a 'timedban' and 'nocodes' were (still) marked 3rd party, even though
they are official modules.
2018-09-21 08:58:44 +02:00
Bram Matthys 7d38909126 m_whox: fix -Wparentheses warning 2018-09-21 08:50:04 +02:00
Bram Matthys fb0148a44a New set::ssl::options::ciphersuites option for TLSv1.3.
Since OpenSSL decided not to use the regular ciphers but make this a
separate option, we now make this a separate option as well.
So there is ::ciphers for <=TLSv1.2 and ::ciphersuites for TLSv1.3
More documentation will follow.
Patch from 'i' in https://bugs.unrealircd.org/view.php?id=5149
2018-09-20 20:14:18 +02:00
Bram Matthys bd0821fc41 Add m_whox to Windows build makefile 2018-09-20 20:06:19 +02:00
Bram Matthys c4eac1df0e Add initial version of m_whox from 'i'. This is to get it tested
by the buildfarm / autotesters. More commits will follow.
2018-09-20 20:04:29 +02:00
Bram Matthys 30da2ae553 Module devs: Add priorities for command overrides.
Use: CmdoverrideAddEx(module, name, priority, function)
Suggested by Gottem in https://bugs.unrealircd.org/view.php?id=5143
..and needed by some upcoming stuff.
2018-09-20 20:01:39 +02:00
Bram Matthys 886b67ca8a Merge pull request #73 from digitalcircuit/fix-strip-monostrike-format
m_message: Also strip monospace/strikethrough
2018-09-16 08:12:26 +02:00
Shane Synan dba2081641 m_message: Also strip monospace/strikethrough
Add the ASCII character codes for strikethrough (0x1E, 30) and
monospace (0x11, 17) to the _StripControlCodes function.  This
addresses those formatting characters not being filtered when the
"nocodes" module is loaded.

See https://modern.ircdocs.horse/formatting.html#characters
2018-09-15 16:25:05 -05:00
Bram Matthys 3f7ec605dd The away-notify CAP did not send AWAY status upon join, which is required.
Reported by digitalcircuit in https://bugs.unrealircd.org/view.php?id=5144
2018-09-15 08:46:18 +02:00
Bram Matthys 57a008b808 UnrealIRCd 4.0.19-rc2 2018-09-14 09:51:25 +02:00
Bram Matthys cd2f77defd Update release notes
@skip-ci
2018-09-14 09:45:19 +02:00
Bram Matthys 402958a3c6 Allow slashes in vhost/chghost/sethost/.. (but not through DNS) 2018-09-11 20:25:32 +02:00
Bram Matthys 8738c42b82 Update release notes
@skip-ci
2018-09-10 18:47:01 +02:00
Bram Matthys 05745124f1 Fix tld::options::ssl not detecting remote SSL users.
Reported by HeXiLeD in https://bugs.unrealircd.org/view.php?id=4952
2018-09-10 18:33:40 +02:00
Bram Matthys a4e076c08c Allow ASCII 0xa0 in channels / Fix truncated channel name.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=4538
2018-09-10 08:38:41 +02:00
Bram Matthys d610dfbe9f Duplicate error messages when trying to set channel modes +O/+P.
Reported by FwdInTime in https://bugs.unrealircd.org/view.php?id=4840
2018-09-09 18:03:54 +02:00
Bram Matthys 5445a009a3 Fix bug preventing (insecure) IRCops from overriding +z.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5134
2018-09-09 17:49:32 +02:00
Bram Matthys 5921924297 Update release notes 2018-09-09 17:27:25 +02:00
Bram Matthys f876983cb3 Fix bug where halfops don't see users JOIN if chmode +D is set.
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5123
2018-09-09 17:15:49 +02:00
Bram Matthys 681640024a Fix permission issues with minimal IRCOps.
Reported by capitaine in https://bugs.unrealircd.org/view.php?id=5130
2018-09-09 17:01:35 +02:00
Bram Matthys 2935385bf2 allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
2018-09-09 09:49:03 +02:00
Bram Matthys 3f0d349e2b Update releasenotes: shorten text about compatibility.
@skip-ci
2018-09-08 17:51:43 +02:00
Bram Matthys a66373f74e Add header to release notes 2018-09-08 17:21:37 +02:00
Bram Matthys 77000795c7 Make ./Config import settings from 4.0.18 2018-09-08 17:18:24 +02:00
Bram Matthys bc139098c9 UnrealIRCd 4.0.19-rc1
(The actual release will be ~24hrs from now)
2018-09-07 18:20:04 +02:00
Bram Matthys 73f69ccb11 Fix clang warning 2018-09-07 18:14:14 +02:00
Bram Matthys 2cbcc29a0d Update release notes a bit 2018-09-07 12:20:09 +02:00
Bram Matthys 9ed6a9ae79 Found some more for #3973 2018-09-07 12:07:09 +02:00
Bram Matthys ab321f632b For outgoing server connection attempts there was no message to ircops
nor to the log about connection or handshake timeouts. Now there is.
2018-09-07 11:59:52 +02:00
Bram Matthys bd19e9c87a Log linking attempts and errors. Also report them to IRCOps in an uniform way.
Reported by Mr_Smoke in https://bugs.unrealircd.org/view.php?id=3973
2018-09-07 11:59:12 +02:00
Bram Matthys 8d05951298 Silence a warning 2018-09-07 10:50:55 +02:00
Bram Matthys 858aaa774a 'SVSMODE Nick -t' does not remove vhost (while MODE 'MODE Nick -t' does)
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=5111
2018-09-07 10:50:00 +02:00
Bram Matthys aa3e66bb5b We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.

It's likely I made some mistakes somewhere => testing required!!
2018-09-05 16:24:08 +02:00
Bram Matthys 107d8ccf6a * A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
  the specified hostmask are are rejected.
  See https://www.unrealircd.org/docs/Require_sasl_block
Feature suggestion: https://bugs.unrealircd.org/view.php?id=5107
2018-09-05 11:34:48 +02:00
Bram Matthys ffcf85f409 Announce the soft bans in release notes. (Best to read that rather
than the million commits before it)
2018-09-05 10:03:42 +02:00
Bram Matthys c4760cc83c Add more soft actions. The full list is available on
https://www.unrealircd.org/docs/Actions
Also, some minor cleanups / simplifications.
2018-09-05 09:39:44 +02:00
Bram Matthys c8c0199095 Fix potential bug if there are both soft and hard tkl's matching the user.
Add soft-shun. Use IsLoggedIn() to detect logged in to services status
rather than repeating the more elaborate if ... isdigit...svid.. etc.. stuff.
2018-09-04 21:08:48 +02:00
Bram Matthys aa45ce11cc ..and the necessary stuff for softbans in the blacklist module. 2018-09-03 20:18:23 +02:00
Bram Matthys b2be1009a0 Second parameter to find_tkline_match() can now be used to skip
soft ban checking. Necessary for blacklist module.
2018-09-03 19:55:48 +02:00
Bram Matthys 1d42ccd973 DNSBL: Fix possible problem where multiple blacklists are not processed.
Also fix a memory leak triggered in some circumstances.
2018-09-03 19:31:27 +02:00
Bram Matthys 1eb09484f1 Add 'soft-kline' and 'soft-gline' to ban actions (more information soon)
If you don't know what ban actions are, they are listed here:
https://www.unrealircd.org/docs/Actions
2018-09-03 17:24:23 +02:00
Bram Matthys 5f116cc64e Part one of soft gline/kline (more information will follow) 2018-09-03 17:07:22 +02:00
Bram Matthys 2537fb5e1c extbans/textban was not working properly on words with dots
Reported by The_Myth in https://bugs.unrealircd.org/view.php?id=4909
2018-09-02 21:55:57 +02:00
Bram Matthys d3dba63f56 AntiRandom: The module will now (by default) exempt WEBIRC gateways
from antirandom checking because they frequently cause false positives.
This new behavior can be disabled via:
set { antirandom { except-webirc no; }; };
Suggested by The_Myth in https://bugs.unrealircd.org/view.php?id=5007
2018-09-02 12:34:03 +02:00
Bram Matthys 5f597c0b08 Sync 'webirc' status of a client with the rest of the network (via ModData).
Also necessary for upcoming commit..
2018-09-02 12:16:45 +02:00
Bram Matthys cab8ea7066 * Potential crash issue when concurrently checking DNSBL for the WEBIRC
gateway and the spoofed host.
2018-09-02 12:16:15 +02:00
Bram Matthys 883a5fe413 * The except throttle { } block now also overrides any limitations from
set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
Reported by KnuX https://bugs.unrealircd.org/view.php?id=5088
2018-09-02 11:40:15 +02:00
Bram Matthys b1b73e0e56 * Localhost connections are considered secure, so these can be used even
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
  the case for servers, but now also for users and opers)
https://bugs.unrealircd.org/view.php?id=5108
2018-09-02 11:24:19 +02:00
Bram Matthys 3c801ced2e Load by default: extbans/textban, extbans/timedban, extbans/msgbypass.
https://bugs.unrealircd.org/view.php?id=5117
2018-09-02 11:17:14 +02:00
Bram Matthys bf08c5d121 Update instructions on customizing modules.default.conf now that
we have blacklist-module.
2018-09-01 21:08:58 +02:00
Bram Matthys 477694bd11 Update release notes: Add info on 'blacklist-module'. 2018-09-01 21:02:24 +02:00
Bram Matthys d86d4c7c71 Add new option: blacklist-module "<modulename>";
This is meant to blacklist modules that are in modules.default.conf (or
elsewhere). The 'loadmodule' line for any such module is effective ignored.
https://bugs.unrealircd.org/view.php?id=5118
Note: I had to move the loadmodule code. Previously this was done as each
config file (include) was loaded into memory. Now it is done after *ALL*
config files have been read into memory. This shouldn't matter for module
devs, though..
2018-09-01 20:31:14 +02:00
Bram Matthys cf97de890a These should be marked extern. 2018-09-01 19:37:25 +02:00
Bram Matthys c2f9df9e48 Update release notes (no we're not anywhere near a release at this point) 2018-07-15 18:30:52 +02:00
Bram Matthys 26c194d8db Update paths. Again.
Slashes in my editor are special so a replace with \u becomes..
ah well.. long story.
2018-07-15 18:19:11 +02:00
Bram Matthys 4900fb01df Remove Visual Studio 2012 leftovers.
[skip ci]
2018-07-15 18:11:49 +02:00
Bram Matthys 54a6e2f61f Update build command for vs2017 with new deps 2018-07-15 18:11:00 +02:00
Bram Matthys 8fc4f68bcc Make AppVeyor only build VS2017 version (and update library deps) 2018-07-15 17:58:07 +02:00
Bram Matthys 8150c6c237 Change default library paths for Visual Studio 2017 lib build.
Will upload the dependencies in a couple of minutes to:
https://www.unrealircd.org/docs/Windows_external_libraries_for_UnrealIRCd
2018-07-15 17:47:37 +02:00
Bram Matthys 1f4fcb9407 Set version to 4.0.19-dev 2018-07-15 17:40:18 +02:00
Bram Matthys 3bd83829e3 Work towards moving to Visual Studio 2017.
Compiling already works (this is already tested by AppVeyor for quite a
while), but the installer in git required VS 2015. The actual releases
up to now required VS 2012.
To be more precise, either VS 2015 Redist or VS 2017 Redist is enough,
the x86 version that is, as they are binary compatible and both provide
"version 14". So if one of those is installed, the installer just runs.
If neither of these is installed we tell the user to install the VS 2017
Redist package, not mentioning 2015 as it would only cause confusion.
2018-07-15 14:49:24 +02:00
Bram Matthys f3b9753460 Fix compile problem with clang if -Werror is active.
(introduced by previous commit, 98709beee2)
2018-07-08 14:52:43 +02:00
Bram Matthys 98709beee2 ./configure: -Wno-format-truncation 2018-07-08 13:35:53 +02:00
Bram Matthys bc8ac7c7f6 ./Config: For remote includes, suggest /usr when /usr/bin/curl-config
is found. This fixes an issue on Ubuntu 18 where the library is
stored in /usr/include/x86_64-linux-gnu and ./Config doesn't detect
it and thus reverts to using local-curl.
2018-07-08 13:31:23 +02:00
Bram Matthys 25f08d50ac UnrealIRCd 4.0.18 2018-06-23 16:06:12 +02:00
Bram Matthys c4d132c8f9 No longer permit 'require-sasl' or 'require-ssl', as introduced in rcX,
as it would be confusing with the current functionality.
Use 'sasl' or 'ssl' instead. See bug #5107.
2018-06-23 08:16:04 +02:00
Bram Matthys 05dcf18ea6 When importing ./Config settings from a previous UnrealIRCd, with
curl enabled but without system curl, the build could fail with
an libCURL configure error. This is is because it imported the
CURLDIR but it referred to an old UnrealIRCd directory.
Reported by The_Myth (#5106)
2018-06-23 08:13:02 +02:00
Bram Matthys f9f03190f8 ** 4.0.18-rc2 ** 2018-06-16 18:22:31 +02:00
Bram Matthys 14eda9638d curl-ca-bundle.crt: update to latest mozilla (Wed Mar 7 04:12:06 2018 GMT)
[skip ci]
2018-06-16 18:14:06 +02:00
Bram Matthys 0961b95ba9 Move setting of curves (duh) 2018-06-16 17:58:15 +02:00
Bram Matthys 52afbeee50 Travis-CI: cipherscan: it helps if you scan on the right port.. 2018-06-16 09:19:03 +02:00
Bram Matthys da98080860 Travis-CI: add cipherscan test
TODO: fail if certain criterea are not met
2018-06-16 08:40:39 +02:00
Bram Matthys 49bfb1e782 Fix ECDHE not working on 4.0.18-rc1 with older OpenSSL versions.
For example Ubuntu 16.04 LTS with OpenSSL 1.0.2g.
Especially in strict config it would error 'No shared ciphers'.
Had to do with #if(def) ordering. SSL_CTX_set_ecdh_auto() is
still required in 1.0.x even if SSL_CTX_set1_curves_list() is
used. Understandable.
2018-06-16 08:21:13 +02:00
Bram Matthys 18b793db9a UnrealIRCd 4.0.18-rc1 2018-06-11 10:46:44 +02:00
Bram Matthys a236eb0fc1 Update release notes
[skip ci]
2018-06-11 10:17:41 +02:00
Bram Matthys 3aec69192b Build with -Werror except on macOS 2018-06-11 10:11:16 +02:00
Bram Matthys 5461d24124 Update openssl test to 1.1.1-pre7.
[skip ci]
2018-06-11 09:57:49 +02:00
Bram Matthys 93957fc7ee blacklist module: also check the ip of WEBIRC users.
Suggested by jesopo (#0005098).
2018-06-11 08:53:34 +02:00
Bram Matthys cd6d7a2bb7 Add allow::options::sasl (or require-sasl) to require SASL authentication
as suggested in https://bugs.unrealircd.org/view.php?id=5098
The allow block documentation has been updated, including an example at
the end of the page - https://www.unrealircd.org/docs/Allow_block
2018-06-11 08:22:29 +02:00
Bram Matthys 46a60ec795 Fix OOB read (1 byte to the left) 2018-06-11 08:05:14 +02:00
Bram Matthys ad63a499e1 Remove invalid globally declared variables (should be externs). 2018-06-11 08:04:37 +02:00
Bram Matthys 8b988622cd Fix memory leak in channel mode +f 2018-06-11 08:04:10 +02:00
Bram Matthys e456f621ef Fix OOB read in extended bans handling.
(Bug caused by commit dd6f67a266)
2018-06-11 08:02:35 +02:00
Bram Matthys 21af7689c0 Fix memory leak in dead socket handling. 2018-06-11 08:02:07 +02:00
Bram Matthys af46d569f6 Updated Turkish translations from Serkan Sepetçi. 2018-06-09 15:08:00 +02:00
Bram Matthys aebf9691bd Convert example.tr.conf to UTF8 2018-06-09 15:07:03 +02:00
Bram Matthys 362033b73f Drop -xxxbits suffix in on-connect message (and elsewhere).
Change from this TLSv1.2 and TLSv1.3 message:
*** You are connected with TLSv1.2-ECDHE-RSA-AES256-GCM-SHA384-256bits
*** You are connected with TLSv1.3-TLS_AES_256_GCM_SHA384-256bits
To this:
*** You are connected with TLSv1.2-ECDHE-RSA-AES256-GCM-SHA384
*** You are connected with TLSv1.3-TLS_AES_256_GCM_SHA384
Since: 1) those bits are redundant (AES 256 is already mentioned),
and 2) Bits are also not an universal method to measure strength across
algorithms (think: elliptic curve).
2018-06-04 19:45:40 +02:00
Bram Matthys 686fc1b03d Convert /HELPOP translations to UTF-8. 2018-05-25 12:49:01 +02:00
Bram Matthys 8a73b96aee Revert 39e2d88f6c 2018-05-18 18:57:43 +02:00
Bram Matthys 2be4668d9b Travis-CI: 'apt-get update' is required 2018-05-18 18:56:24 +02:00
Bram Matthys 39e2d88f6c Fix Travis-CI 2018-05-18 18:52:40 +02:00
Bram Matthys b597999a34 Update release notes 2018-05-09 22:44:04 +02:00
Bram Matthys 5e8334a9be Use "macOS" in README rather than OS X.
[ci skip]
2018-05-02 19:53:09 +02:00
Bram Matthys 8ac5a49d9d Travis-CI: Swap gcc and clang in initial build matrix, simplifying
things for MacOS and making the LibreSSL/OpenSSL builds use clang.
2018-05-02 19:23:39 +02:00
Bram Matthys 85cfe2a779 Fix travis-ci 2018-05-02 19:19:08 +02:00
Bram Matthys d9c30aaeb8 Further reduce build matrix, since gcc links to clang on OS X anyway 2018-05-02 19:15:11 +02:00
Bram Matthys 53f7ee81b1 Attempt to reduce build matrix 2018-05-02 19:10:14 +02:00
Bram Matthys 717be3afcb Older OpenSSL versions (1.0.2) need an explicit -fPIC... wow. 2018-05-02 16:49:41 +02:00
Bram Matthys 201159c630 I forgot.. openssl is special :D 2018-05-02 16:12:10 +02:00
Bram Matthys cb4be97bdf Add various libressl & openssl versions to build tests. 2018-05-02 15:55:04 +02:00
Bram Matthys 3b0cb5c2a9 .. 2018-05-02 15:37:08 +02:00
Bram Matthys 53c1ea6226 Add libressl-27 to build test matrix. 2018-05-02 15:30:43 +02:00
Bram Matthys 923619ba30 Merge branch 'unreal40' of github.com:unrealircd/unrealircd into unreal40 2018-05-01 15:23:26 +02:00
Bram Matthys 8efcd684d3 Fix /SPAMFILTER add having the regex syntax check backwards.
(Not too surprising when add is 0 and delete is 1)
Not fatal, as error was still handled & send, but it went to
all opers instead of just the one person adding it..
2018-05-01 15:22:39 +02:00
261 changed files with 16906 additions and 8389 deletions
+1 -1
View File
@@ -7,7 +7,7 @@
\___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_|
Configuration Program
for UnrealIRCd 4.0.18-devel
for UnrealIRCd 4.2.4.1
This program will help you to compile your IRC server, and ask you
questions regarding the compile-time settings of it during the process.
+1 -1
View File
@@ -3,4 +3,4 @@
url = https://github.com/unrealircd/ircfly.git
[submodule "extras/tests/functional-tests"]
path = extras/tests/functional-tests
url = https://github.com/unrealircd/unrealircd-tests.git
url = https://github.com/unrealircd/unrealircd-tests-old.git
+19 -4
View File
@@ -1,13 +1,28 @@
language: c
os:
- linux
- osx
os: linux
dist: xenial
compiler:
- gcc
- clang
- gcc
script: extras/build-tests/nix/build $BUILDCONFIG
env:
- BUILDCONFIG=""
- BUILDCONFIG="system-cares"
- BUILDCONFIG="system-cares system-curl"
- BUILDCONFIG="local-curl"
matrix:
include:
- os: osx
env: BUILDCONFIG=""
- os: osx
env: BUILDCONFIG="system-cares"
- os: osx
env: BUILDCONFIG="system-cares system-curl"
- os: osx
env: BUILDCONFIG="local-curl"
- env: BUILDCONFIG="libressl-27"
- env: BUILDCONFIG="libressl-28"
- env: BUILDCONFIG="libressl-29"
- env: BUILDCONFIG="openssl-102"
- env: BUILDCONFIG="openssl-110"
- env: BUILDCONFIG="openssl-111"
+68 -24
View File
@@ -1,7 +1,7 @@
#!/bin/sh
#
# Config script for UnrealIRCd
# (C) 2001-2016 The UnrealIRCd Team
# (C) 2001-2019 The UnrealIRCd Team
#
# This configure script is free software; the UnrealIRCd Team gives
# unlimited permission to copy, distribute and modify as long as the
@@ -70,6 +70,9 @@ fi
if [ "$PREFIXAQ" != "1" ]; then
ARG="$ARG--disable-prefixaq "
fi
if [ "$MAXCONNECTIONS_REQUEST" != "auto" ]; then
ARG="$ARG--with-maxconnections=$MAXCONNECTIONS_REQUEST "
fi
ARG="$ARG--with-bindir=$BINDIR "
ARG="$ARG--with-datadir=$DATADIR "
@@ -85,7 +88,6 @@ ARG="$ARG--with-scriptdir=$BASEPATH "
ARG="$ARG--with-nick-history=$NICKNAMEHISTORYLENGTH "
ARG="$ARG--with-sendq=$MAXSENDQLENGTH "
ARG="$ARG--with-permissions=$DEFPERM "
ARG="$ARG--with-fd-setsize=$MAXCONNECTIONS "
ARG="$ARG--enable-dynamic-linking "
ARG="$ARG $EXTRAPARA "
CONF="./configure $ARG"
@@ -145,6 +147,11 @@ else
echo "SSL certificate exists in $CONFDIR/ssl/server.cert.pem, no need to regenerate."
fi
fi
# Silently force a 'make clean' as otherwise part (or whole) of the
# compiled source could be using different settings than the user
# just requested when re-running ./Config.
make clean 1>/dev/null 2>&1
}
RUN_ADVANCED () {
@@ -362,7 +369,7 @@ DEFPERM="0600"
SSLDIR=""
NICKNAMEHISTORYLENGTH="2000"
MAXSENDQLENGTH="3000000"
MAXCONNECTIONS="1024"
MAXCONNECTIONS_REQUEST="auto"
REMOTEINC=""
CURLDIR=""
PREFIXAQ="1"
@@ -381,6 +388,22 @@ else
n="-n"
fi
date|grep 2019 1>/dev/null 2>&1
if [ "$?" -ne 0 ]; then
echo "*** WARNING ***"
echo "UnrealIRCd 4.x will no longer be supported after December 31, 2020."
echo "You should upgrade to UnrealIRCd 5 before that date."
echo "See https://www.unrealircd.org/docs/UnrealIRCd_4_EOL"
echo $n . $c
sleep 1
echo $n . $c
sleep 1
echo $n . $c
echo ""
sleep 1
echo "Press ENTER to continue"
read xyz
fi
#parse arguments
NOCACHE=""
@@ -452,7 +475,7 @@ echo ""
if [ -z "$NOCACHE" ] ; then
# This needs to be updated each release so auto-upgrading works for settings, modules, etc!!:
UNREALRELEASES="unrealircd-4.0.17 unrealircd-4.0.17-rc1 unrealircd-4.0.16.1 unrealircd-4.0.16 unrealircd-4.0.15 unrealircd-4.0.14 unrealircd-4.0.14-rc1 unrealircd-4.0.13 unrealircd-4.0.13-rc1 unrealircd-4.0.12.1 unrealircd-4.0.12 unrealircd-4.0.11 unrealircd-4.0.10 unrealircd-4.0.9 unrealircd-4.0.8.4 unrealircd-4.0.8.3 unrealircd-4.0.8.2 unrealircd-4.0.8.1"
UNREALRELEASES="unrealircd-4.2.3-rc1 unrealircd-4.2.2 unrealircd-4.2.2-rc2 unrealircd-4.2.2-rc1 unrealircd-4.2.1.1 unrealircd-4.2.1 unrealircd-4.2.1-rc1 unrealircd-4.2.0 unrealircd-4.0.19-rc2 unrealircd-4.0.19-rc1 unrealircd-4.0.18 unrealircd-4.0.18-rc2 unrealircd-4.0.18-rc1 unrealircd-4.0.17 unrealircd-4.0.17-rc1 unrealircd-4.0.16.1 unrealircd-4.0.16 unrealircd-4.0.15 unrealircd-4.0.14 unrealircd-4.0.14-rc1 unrealircd-4.0.13 unrealircd-4.0.13-rc1 unrealircd-4.0.12.1 unrealircd-4.0.12"
if [ -f "config.settings" ]; then
. ./config.settings
else
@@ -500,6 +523,15 @@ if [ -z "$NOCACHE" ] ; then
done
fi
fi
# If we just imported settings and the curl dir is set to
# something like /home/xxx/unrealircd-4.x.y/extras/curl/
# (what we call 'local-curl') then remove this setting as
# it would refer to the old UnrealIRCd installation.
if [ ! -z "$IMPORTEDSETTINGS" ]; then
if echo "$CURLDIR"|grep -qi unrealircd; then
CURLDIR=""
fi
fi
fi
TEST="$BASEPATH"
@@ -625,7 +657,6 @@ if [ "$REMOTEINC" = "1" ] ; then
CURLDIR=""
fi
INSTALLCURL="0"
SUGGESTCURLDIR=""
@@ -635,6 +666,10 @@ if [ "$REMOTEINC" = "1" ] ; then
if [ -d "/usr/include/curl" ]; then
SUGGESTCURLDIR="/usr"
fi
# This one also works for /usr/include/x86_64-linux-gnu and friends:
if [ -f "/usr/bin/curl-config" ]; then
SUGGESTCURLDIR="/usr"
fi
GOTASYNC=0
if [ "x$SUGGESTCURLDIR" != "x" ]; then
@@ -821,25 +856,34 @@ done
echo ""
TEST=""
while [ -z "$TEST" ] ; do
TEST="$MAXCONNECTIONS"
echo ""
echo "How many file descriptors (or sockets) can the IRCd use?"
echo $n "[$TEST] -> $c"
TEST="$MAXCONNECTIONS_REQUEST"
echo ""
echo "What is the maximum number of sockets (and file descriptors) that"
echo "UnrealIRCd may use?"
echo "It is recommended to leave this at the default setting 'auto',"
echo "which at present results in a limit of up to 8192, depending on"
echo "the system. When you boot UnrealIRCd later you will always see"
echo "the effective limit."
echo $n "[$TEST] -> $c"
read cc
if [ -z "$cc" ] ; then
MAXCONNECTIONS=$TEST
break
fi
case "$cc" in
[1-9][0-9][0-9]*)
MAXCONNECTIONS="$cc"
;;
*)
echo ""
echo "You must to enter a number greater than or equal to 100"
TEST=""
;;
esac
if [ -z "$cc" ] ; then
MAXCONNECTIONS_REQUEST=$TEST
break
fi
case "$cc" in
auto)
MAXCONNECTIONS_REQUEST="$cc"
;;
[1-9][0-9][0-9]*)
MAXCONNECTIONS_REQUEST="$cc"
;;
*)
echo ""
echo "You must to enter a number greater than or equal to 100."
echo "Or enter 'auto' to leave it at automatic, which is recommended."
TEST=""
;;
esac
done
if [ -n "$ADVANCED" ] ; then
RUN_ADVANCED
@@ -870,7 +914,7 @@ TMPDIR="$TMPDIR"
LIBDIR="$LIBDIR"
PREFIXAQ="$PREFIXAQ"
MAXSENDQLENGTH="$MAXSENDQLENGTH"
MAXCONNECTIONS="$MAXCONNECTIONS"
MAXCONNECTIONS_REQUEST="$MAXCONNECTIONS_REQUEST"
NICKNAMEHISTORYLENGTH="$NICKNAMEHISTORYLENGTH"
DEFPERM="$DEFPERM"
SSLDIR="$SSLDIR"
+4 -3
View File
@@ -34,11 +34,11 @@ FROMDOS=/home/cmunk/bin/4dos
#
#XCFLAGS=-O -g -export-dynamic
IRCDLIBS=@IRCDLIBS@ @TRE_LIBS@ @PCRE2_LIBS@ @CARES_LIBS@ @PTHREAD_LIBS@
IRCDLIBS=@IRCDLIBS@ @TRE_LIBS@ @PCRE2_LIBS@ @ARGON2_LIBS@ @CARES_LIBS@ @PTHREAD_LIBS@
CRYPTOLIB=@CRYPTOLIB@
OPENSSLINCLUDES=
XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
#
# use the following on MIPS:
#CFLAGS= -systype bsd43 -DSYSTYPE_BSD43 -I$(INCLUDEDIR)
@@ -187,6 +187,7 @@ install: all
-@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \
fi
-@extras/patches/patch_spamfilter_conf "@CONFDIR@"
-@if [ ! -f "@CONFDIR@/badwords.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/badwords.conf @CONFDIR@ ; \
fi
@@ -244,7 +245,7 @@ install: all
@echo '* To start/stop UnrealIRCd run: @SCRIPTDIR@/unrealircd"'
@echo ''
@echo '* Consult the documentation online at:'
@echo ' * https://www.unrealircd.org/docs/UnrealIRCd_4_documentation'
@echo ' * https://www.unrealircd.org/docs/'
@echo ' * https://www.unrealircd.org/docs/FAQ'
@echo '* You may also wish to install a cron job to ensure UnrealIRCd is always running:'
@echo ' * https://www.unrealircd.org/docs/Cron_job'
+4 -4
View File
@@ -1,5 +1,5 @@
[![Build Status - *NIX](https://travis-ci.org/unrealircd/unrealircd.svg?branch=unreal40)](https://travis-ci.org/unrealircd/unrealircd)
[![Build Status - Windows](https://ci.appveyor.com/api/projects/status/9kgectl2mfyia0s5/branch/unreal40?svg=true)](https://ci.appveyor.com/project/syzop/unrealircd/branch/unreal40)
[![Build Status - *NIX](https://travis-ci.org/unrealircd/unrealircd.svg?branch=unreal42)](https://travis-ci.org/unrealircd/unrealircd)
[![Build Status - Windows](https://ci.appveyor.com/api/projects/status/9kgectl2mfyia0s5/branch/unreal42?svg=true)](https://ci.appveyor.com/project/syzop/unrealircd/branch/unreal42)
[![Twitter Follow](https://img.shields.io/twitter/follow/Unreal_IRCd.svg?style=social&label=Follow)](https://twitter.com/Unreal_IRCd)
## About UnrealIRCd
@@ -21,7 +21,7 @@ Simply download the UnrealIRCd Windows version from www.unrealircd.org
Alternatively you can compile UnrealIRCd for Windows yourself. However this is not straightforward and thus not recommended.
#### *BSD/Linux/OS X
#### *BSD/Linux/macOS
First you must compile the IRCd:
* Run `./Config`
@@ -39,7 +39,7 @@ Then open it in an editor and carefully modify it using the documentation and FA
### Step 3: Booting
#### Linux/*BSD/OS X
#### Linux/*BSD/macOS
Run `./unrealircd start` in the directory where you installed UnrealIRCd.
#### Windows
+1 -4
View File
@@ -1,9 +1,6 @@
version: 4.0.x-devbuild-{build}
version: 4.2.x-devbuild-{build}
environment:
matrix:
- APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2015"
TARGET: "Visual Studio 2012"
SHORTNAME: "vs2012"
- APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017"
TARGET: "Visual Studio 2017"
SHORTNAME: "vs2017"
+28 -6
View File
@@ -169,9 +169,11 @@ AS_IF([test $enable_ssl != "no"],
AC_MSG_RESULT(not found)
echo ""
echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
echo "Please install the needed binaries and libraries."
echo "The package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
echo "After doing so re-run ./Config"
echo "The following packages are required:"
echo "1) The library package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
echo "2) The binary package is usually called 'openssl'."
echo "NOTE: you or your system administrator needs to install the library AND the binary package."
echo "After doing so, simply re-run ./Config"
exit 1
else
CRYPTOLIB="-lssl -lcrypto";
@@ -190,14 +192,34 @@ SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL_CTX *ctx = NULL; SSL_CTX_set1_curves_list(ctx, "test");],
has_curves=1,
has_curves=0)
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_curves = 1; then
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_CTX_SET1_CURVES_LIST], [], [Define if ssl library has SSL_CTX_set1_curves_list])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_SSL_CTX_SET_MIN_PROTO_VERSION],
[
AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL_CTX *ctx = NULL; SSL_CTX_set_min_proto_version(ctx, TLS1_VERSION);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_CTX_SET_MIN_PROTO_VERSION], [], [Define if ssl library has SSL_CTX_set_min_proto_version])
else
AC_MSG_RESULT([no])
fi
])
Vendored
+2121 -673
View File
File diff suppressed because it is too large Load Diff
+167 -96
View File
@@ -8,7 +8,7 @@ dnl src/win32/unrealinst.iss
dnl .CHANGES.NEW
dnl src/version.c.SH
AC_INIT([unrealircd], [4.0.18-devel], [http://bugs.unrealircd.org/], [], [http://unrealircd.org/])
AC_INIT([unrealircd], [4.2.4.1], [https://bugs.unrealircd.org/], [], [https://unrealircd.org/])
AC_CONFIG_SRCDIR([src/ircd.c])
AC_CONFIG_HEADER([include/setup.h])
AC_CONFIG_AUX_DIR([autoconf])
@@ -32,85 +32,35 @@ UNREAL_VERSION_GENERATION=["4"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_GENERATION], [$UNREAL_VERSION_GENERATION], [Generation version number (e.g.: X for X.Y.Z)])
# Major version number (e.g.: Y in X.Y.Z)
UNREAL_VERSION_MAJOR=["0"]
UNREAL_VERSION_MAJOR=["2"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_MAJOR], [$UNREAL_VERSION_MAJOR], [Major version number (e.g.: Y for X.Y.Z)])
# Minor version number (e.g.: Z in X.Y.Z)
UNREAL_VERSION_MINOR=["18"]
UNREAL_VERSION_MINOR=["4"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_MINOR], [$UNREAL_VERSION_MINOR], [Minor version number (e.g.: Z for X.Y.Z)])
# The version suffix such as a beta marker or release candidate
# marker. (e.g.: -rcX for unrealircd-3.2.9-rcX). This macro is a
# string instead of an integer because it contains arbitrary data.
UNREAL_VERSION_SUFFIX=["-devel"]
UNREAL_VERSION_SUFFIX=[".1"]
AC_DEFINE_UNQUOTED([UNREAL_VERSION_SUFFIX], ["$UNREAL_VERSION_SUFFIX"], [Version suffix such as a beta marker or release candidate marker. (e.g.: -rcX for unrealircd-3.2.9-rcX)])
AC_PROG_CC
if test "$ac_cv_prog_gcc" = "yes"; then
CFLAGS="$CFLAGS -funsigned-char"
AC_CACHE_CHECK(if gcc has a working -pipe, ac_cv_pipe, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -pipe"
AC_TRY_COMPILE(,, ac_cv_pipe="yes", ac_cv_pipe="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_pipe" = "yes"; then
CFLAGS="-pipe $CFLAGS"
fi
fi
dnl UnrealIRCd might not be strict-aliasing safe at this time
AC_CACHE_CHECK(if the compiler has a working -fno-strict-aliasing, ac_cv_nsa, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -fno-strict-aliasing"
AC_TRY_COMPILE(,, ac_cv_nsa="yes", ac_cv_nsa="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_nsa" = "yes"; then
CFLAGS="$CFLAGS -fno-strict-aliasing"
fi
dnl Pointer signedness warnings are really a pain and 99.9% of the time
dnl they are of absolutely no use whatsoever. IMO the person who decided
dnl to enable this without -Wall should be shot on sight.
AC_CACHE_CHECK(if the compiler has a working -Wno-pointer-sign, ac_cv_nps, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wno-pointer-sign"
AC_TRY_COMPILE(,, ac_cv_nps="yes", ac_cv_nps="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_nps" = "yes"; then
CFLAGS="$CFLAGS -Wno-pointer-sign"
fi
dnl This is purely for charsys.c... I like it so we can easily read
dnl this for non-utf8. We can remove it once we ditch non-utf8 some day
dnl of course, or decide to ignore me and encode them.
AC_CACHE_CHECK(if the compiler has a working -Wno-invalid-source-encoding, ac_cv_nise, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wno-invalid-source-encoding"
AC_TRY_COMPILE(,, ac_cv_nise="yes", ac_cv_nise="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_nise" = "yes"; then
CFLAGS="$CFLAGS -Wno-invalid-source-encoding"
fi
dnl Pffff..
AC_CACHE_CHECK(if the compiler has a working -Wno-format-zero-length, ac_cv_nfzl, [
save_cflags="$CFLAGS"
CFLAGS="$CFLAGS -Wno-format-zero-length"
AC_TRY_COMPILE(,, ac_cv_nfzl="yes", ac_cv_nfzl="no")
CFLAGS="$save_cflags"
])
if test "$ac_cv_nfzl" = "yes"; then
CFLAGS="$CFLAGS -Wno-format-zero-length"
fi
AC_PATH_PROG(RM,rm)
AC_PATH_PROG(CP,cp)
AC_PATH_PROG(TOUCH,touch)
AC_PATH_PROG(OPENSSLPATH,openssl)
AS_IF([test x"$OPENSSLPATH" = "x"],
[
echo ""
echo "Apparently you do not have both the openssl binary and openssl development libraries installed."
echo "The following packages are required:"
echo "1) The library package is often called 'openssl-dev', 'openssl-devel' or 'libssl-dev'"
echo "2) The binary package is usually called 'openssl'."
echo "NOTE: you or your system administrator needs to install the library AND the binary package."
echo "After doing so, simply re-run ./Config"
exit 1
])
AC_PATH_PROG(INSTALL,install)
AC_CHECK_PROG(MAKER, gmake, gmake, make)
AC_PATH_PROG(GMAKE,gmake)
@@ -135,7 +85,6 @@ AC_CHECK_LIB(nsl, inet_ntoa,
AC_CHECK_LIB(crypto, RAND_egd,
AC_DEFINE(HAVE_RAND_EGD, 1, [Define if the libcrypto has RAND_egd]))
AC_SUBST(IRCDLIBS)
AC_SUBST(MKPASSWDLIBS)
dnl HARDENING START
@@ -213,6 +162,83 @@ CXX="$saved_CXX"
LD="$saved_LD"
dnl HARDENING END
dnl UnrealIRCd might not be strict-aliasing safe at this time
check_cc_cxx_flag([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"])
dnl Previously -funsigned-char was in a config check. It would always
dnl be enabled with gcc and clang. We now unconditionally enable it,
dnl skipping the check. This will cause an error if someone uses a
dnl non-gcc/non-clang compiler that does not support -funsigned-char
dnl which is good. After all, we really depend on it.
dnl UnrealIRCd should never be compiled without char being unsigned.
CFLAGS="$CFLAGS -funsigned-char"
dnl Compiler -W checks...
dnl We should be able to turn this on unconditionally:
CFLAGS="$CFLAGS -Wall"
dnl More warnings (if the compiler supports it):
check_cc_cxx_flag([-Wextra], [CFLAGS="$CFLAGS -Wextra"])
check_cc_cxx_flag([-Waggregate-return], [CFLAGS="$CFLAGS -Waggregate-return"])
dnl The following few are more experimental, if they have false positives we'll have
dnl to disable them:
dnl Can't use this, too bad: check_cc_cxx_flag([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"])
check_cc_cxx_flag([-Wduplicated-cond], [CFLAGS="$CFLAGS -Wduplicated-cond"])
check_cc_cxx_flag([-Wduplicated-branches], [CFLAGS="$CFLAGS -Wduplicated-branches"])
dnl And now to filter out certain warnings:
dnl [!] NOTE REGARDING THE check_cc_cxx_flag used by these:
dnl We check for the -Woption even though we are going to use -Wno-option.
dnl This is due to the following (odd) gcc behavior:
dnl "When an unrecognized warning option is requested (e.g.,
dnl -Wunknown-warning), GCC emits a diagnostic stating that the option is not
dnl recognized. However, if the -Wno- form is used, the behavior is slightly
dnl different: no diagnostic is produced for -Wno-unknown-warning unless
dnl other diagnostics are being produced. This allows the use of new -Wno-
dnl options with old compilers, but if something goes wrong, the compiler
dnl warns that an unrecognized option is present."
dnl Since we don't want to use any unrecognized -Wno-option, we test for
dnl -Woption instead.
dnl Pointer signedness warnings are really a pain and 99.9% of the time
dnl they are of absolutely no use whatsoever. IMO the person who decided
dnl to enable this without -Wall should be shot on sight.
check_cc_cxx_flag([-Wpointer-sign], [CFLAGS="$CFLAGS -Wno-pointer-sign"])
dnl This is purely for charsys.c... I like it so we can easily read
dnl this for non-utf8. We can remove it once we ditch non-utf8 some day
dnl of course, or decide to ignore me and encode them.
check_cc_cxx_flag([-Winvalid-source-encoding], [CFLAGS="$CFLAGS -Wno-invalid-source-encoding"])
check_cc_cxx_flag([-Wformat-zero-length], [CFLAGS="$CFLAGS -Wno-format-zero-length"])
check_cc_cxx_flag([-Wformat-truncation], [CFLAGS="$CFLAGS -Wno-format-truncation"])
dnl While it can be useful to occasionally to compile with warnings about
dnl unused variables and parameters, we often 'think ahead' when coding things
dnl so they may be useless now but not later. Similarly, for variables, we
dnl don't always care about a variable that may still be present in a build
dnl without DEBUGMODE. Unused variables are optimized out anyway.
check_cc_cxx_flag([-Wunused], [CFLAGS="$CFLAGS -Wno-unused"])
check_cc_cxx_flag([-Wunused-parameter], [CFLAGS="$CFLAGS -Wno-unused-parameter"])
dnl We use this and this warning is meaningless since 'char' is always unsigned
dnl in UnrealIRCd compiles (-funsigned-char).
check_cc_cxx_flag([-Wchar-subscripts], [CFLAGS="$CFLAGS -Wno-char-subscripts"])
check_cc_cxx_flag([-Wsign-compare], [CFLAGS="$CFLAGS -Wno-sign-compare"])
dnl Don't warn about empty body, we use this, eg via Debug(()) or in if's.
check_cc_cxx_flag([-Wempty-body], [CFLAGS="$CFLAGS -Wno-empty-body"])
dnl This one fails with ircstrdup(var, staticstring)
dnl Shame we have to turn it off completely...
check_cc_cxx_flag([-Waddress], [CFLAGS="$CFLAGS -Wno-address"])
dnl End of -W... compiler checks.
dnl module checking based on Hyb7's module checking code
AC_DEFUN([AC_ENABLE_DYN],
[
@@ -452,26 +478,7 @@ if test "$ac_cv_varlen_arrays" = "yes" ; then
AC_DEFINE([HAVE_C99_VARLEN_ARRAY], [], [Define if you have a compiler with C99 variable length array support])
fi
dnl This check doesn't need to be in ./configure, we can
dnl write the sourcecode to actually handle the return value
dnl of setrlimit if necessary... -- ohnobinki
AC_CACHE_CHECK([if we can set the core size to unlimited], [ac_cv_force_core], [
AC_TRY_RUN([
#include <sys/time.h>
#include <sys/resource.h>
#include <unistd.h>
int main() {
struct rlimit corelim;
corelim.rlim_cur = corelim.rlim_max = RLIM_INFINITY;
if (setrlimit(RLIMIT_CORE, &corelim))
exit(1);
exit(0);
}
],ac_cv_force_core=yes,ac_cv_force_core=no)
])
if test "$ac_cv_force_core" = "yes"; then
AC_DEFINE([FORCE_CORE], [], [Define if you can set the core size to unlimited])
fi
AC_CHECK_FUNCS([setrlimit])
AC_FUNC_VPRINTF
AC_CHECK_FUNCS([gettimeofday],
[AC_DEFINE([GETTIMEOFDAY], [], [Define if you have gettimeofday])],
@@ -654,10 +661,10 @@ AC_SUBST(DOCDIR)
AC_SUBST(PIDFILE)
AC_SUBST(LDFLAGS_PRIVATELIBS)
AC_ARG_WITH(fd-setsize, [AS_HELP_STRING([--with-fd-setsize=size], [Specify the max file descriptors to use])],
AC_ARG_WITH(maxconnections, [AS_HELP_STRING([--with-maxconnections=size], [Specify the max file descriptors to use])],
[ac_fd=$withval],
[ac_fd=1024])
AC_DEFINE_UNQUOTED([MAXCONNECTIONS], [$ac_fd], [Set to the max connections you want])
[ac_fd=0])
AC_DEFINE_UNQUOTED([MAXCONNECTIONS_REQUEST], [$ac_fd], [Set to the maximum number of connections you want])
AC_ARG_ENABLE([prefixaq],
[AS_HELP_STRING([--disable-prefixaq],[Disable chanadmin (+a) and chanowner (+q) prefixes])],
@@ -670,9 +677,6 @@ AC_ARG_WITH(showlistmodes,
[AS_HELP_STRING([--with-showlistmodes], [Specify whether modes are shown in /list])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([LIST_SHOW_MODES], [], [Define if you want modes shown in /list])])])
AC_ARG_WITH(topicisnuhost, [AS_HELP_STRING([--with-topicisnuhost], [Display nick!user@host as the topic setter])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([TOPIC_NICK_IS_NUHOST], [], [Define if you want nick!user@host shown for the topic setter])])])
AC_ARG_WITH(shunnotices, [AS_HELP_STRING([--with-shunnotices], [Notify a user when he/she is no longer shunned])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([SHUN_NOTICES], [], [Define if you want users to be notified when their shun is removed])])])
@@ -688,11 +692,14 @@ AC_ARG_WITH(operoverride-verify, [AS_HELP_STRING([--with-operoverride-verify], [
AC_ARG_WITH(disable-extendedban-stacking, [AS_HELP_STRING([--with-disable-extendedban-stacking], [Disable extended ban stacking])],
[AS_IF([test $withval = "yes"],
[AC_DEFINE([DISABLE_STACKED_EXTBANS], [], [Define to disable extended ban stacking (~q:~c:\#chan, etc)])])])
AC_ARG_WITH(tre, [AS_HELP_STRING([--without-tre], [Do not use the old deprecated TRE regex library])], [with_tre=no], [with_tre=yes])
AC_ARG_WITH(system-tre, [AS_HELP_STRING([--with-system-tre], [Use the system tre package instead of bundled, discovered using pkg-config])], [], [with_system_tre=no])
AC_ARG_WITH(system-pcre2, [AS_HELP_STRING([--with-system-pcre2], [Use the system pcre2 package instead of bundled, discovered using pkg-config])], [], [with_system_pcre2=no])
AC_ARG_WITH(system-argon2, [AS_HELP_STRING([--without-system-argon2], [Use bundled version instead of system argon2 library. Normally autodetected via pkg-config])], [], [with_system_argon2=yes])
AC_ARG_WITH(system-cares, [AS_HELP_STRING([--without-system-cares], [Use bundled version instead of system c-ares. Normally autodetected via pkg-config.])], [], [with_system_cares=yes])
CHECK_SSL
CHECK_SSL_CTX_SET1_CURVES_LIST
CHECK_SSL_CTX_SET_MIN_PROTO_VERSION
AC_ARG_ENABLE(dynamic-linking, [AS_HELP_STRING([--disable-dynamic-linking], [Make the IRCd statically link with shared objects rather than dynamically (noone knows if disabling dynamic linking actually does anything or not)])],
[enable_dynamic_linking=$enableval], [enable_dynamic_linking="yes"])
AS_IF([test $enable_dynamic_linking = "yes"],
@@ -705,6 +712,12 @@ AC_ARG_ENABLE([werror],
[ac_cv_werror="$enableval"],
[ac_cv_werror="no"])
AC_ARG_ENABLE([asan],
[AS_HELP_STRING([--enable-asan],
[Enable address sanitizer, not recommended for production servers!])],
[ac_cv_asan="$enableval"],
[ac_cv_asan="no"])
AC_MSG_CHECKING([if FD_SETSIZE is large enough to allow $ac_fd file descriptors])
AC_COMPILE_IFELSE([
#include <sys/types.h>
@@ -741,7 +754,17 @@ dnl fail on certain solaris boxes. We might as
dnl well set it here.
export PATH_SEPARATOR
AS_IF([test "x$with_tre" = "xyes"],[
AC_DEFINE([USE_TRE], [], [Use the old deprecated TRE regex library])
])
AS_IF([test "x$with_system_tre" = "xno"],[
AS_IF([test "x$with_tre" = "xyes"],[
compile_tre="yes"
])
])
AS_IF([test "x$compile_tre" = "xyes"],[
dnl REMEMBER TO CHANGE WITH A NEW TRE RELEASE!
tre_version="0.8.0-git"
AC_MSG_RESULT(extracting TRE regex library)
@@ -777,14 +800,16 @@ AS_IF([test -z "$TRE_LIBS"],
[TRE_LIBS="$PRIVATELIBDIR/libtre.so"])
AC_SUBST(TRE_LIBS)
cd $cur_dir
],[
])
AS_IF([test "x$with_system_tre" = "xyes"],[
dnl use pkgconfig for tre:
PKG_CHECK_MODULES([TRE], tre >= 0.7.5)
])
AS_IF([test "x$with_system_pcre2" = "xno"],[
dnl REMEMBER TO CHANGE WITH A NEW PCRE2 RELEASE!
pcre2_version="10.30"
pcre2_version="10.32"
AC_MSG_RESULT(extracting PCRE2 regex library)
cur_dir=`pwd`
cd extras
@@ -826,6 +851,44 @@ dnl use pkgconfig for pcre2:
PKG_CHECK_MODULES([PCRE2], libpcre2-8 >= 10.00)
])
dnl Use system argon2 when available, unless --without-system-argon2
has_system_argon2="no"
AS_IF([test "x$with_system_argon2" = "xyes"],[
PKG_CHECK_MODULES([ARGON2], [libargon2 >= 0~20161029],[has_system_argon2=yes
AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libargon2*])],[has_system_argon2=no])])
AS_IF([test "$has_system_argon2" = "no"],[
dnl REMEMBER TO CHANGE WITH A NEW ARGON2 RELEASE!
argon2_version="20181209"
AC_MSG_RESULT(extracting Argon2 library)
cur_dir=`pwd`
cd extras
dnl remove old argon2 directory to force a recompile...
dnl and remove its installation prefix just to clean things up.
rm -rf argon2-$argon2_version argon2
if test "x$ac_cv_path_GUNZIP" = "x" ; then
tar xfz argon2-$argon2_version.tar.gz
else
cp argon2-$argon2_version.tar.gz argon2-$argon2_version.tar.gz.bak
gunzip -f argon2-$argon2_version.tar.gz
cp argon2-$argon2_version.tar.gz.bak argon2-$argon2_version.tar.gz
tar xf argon2-$argon2_version.tar
fi
AC_MSG_RESULT(compiling Argon2 library)
cd argon2-$argon2_version
$ac_cv_prog_MAKER || exit 1
AC_MSG_RESULT(installing Argon2 library)
$ac_cv_prog_MAKER install PREFIX=$cur_dir/extras/argon2 || exit 1
# We need to manually copy the libs to PRIVATELIBDIR because
# there is no way to tell make install in libargon2 to do so.
cp -av $cur_dir/extras/argon2/lib/* $PRIVATELIBDIR/
ARGON2_CFLAGS="-I$cur_dir/extras/argon2/include"
AC_SUBST(ARGON2_CFLAGS)
ARGON2_LIBS="-L$PRIVATELIBDIR -largon2"
AC_SUBST(ARGON2_LIBS)
cd $cur_dir
])
dnl Use system c-ares when available, unless --without-system-cares.
has_system_cares="no"
AS_IF([test "x$with_system_cares" = "xyes"],[
@@ -836,7 +899,7 @@ AS_IF([test "$has_system_cares" = "no"], [
dnl REMEMBER TO CHANGE WITH A NEW C-ARES RELEASE!
dnl NOTE: when changing this here, ALSO change it in extras/curlinstall
dnl and in the comment in this file around line 400!
cares_version="1.13.0"
cares_version="1.15.0"
AC_MSG_RESULT(extracting c-ares resolver library)
cur_dir=`pwd`
cd extras
@@ -913,6 +976,14 @@ if test "$ac_cv_werror" = "yes" ; then
CFLAGS="$CFLAGS -Werror"
fi
dnl Address sanitizer build
if test "$ac_cv_asan" = "yes" ; then
CFLAGS="$CFLAGS -O0 -fno-inline -fsanitize=address -fno-omit-frame-pointer -DNOCLOSEFD"
IRCDLIBS="-fsanitize=address $IRCDLIBS"
fi
AC_SUBST(IRCDLIBS)
AC_SUBST(UNRLINCDIR)
AC_CONFIG_FILES([Makefile
+53 -36
View File
@@ -1,49 +1,66 @@
UnrealIRCd 4.0.18-devel Release Notes
======================================
UnrealIRCd 4.2.4.1 Release Notes
=================================
UnrealIRCd 4.0.18-devel is work in progress.
This version, 4.2.4.1, fixes an issue with Debian 10. On Debian 10 the
list of permitted SSL/TLS protocols was ignored (set::ssl::protocols).
Other than that, set::ssl::outdated-protocols and set::ssl::outdated-ciphers
are now configurable (rarely needed, though).
==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
Below are the release notes of previous release, 4.2.4.
==[ 4.2.4 release notes ]==
This release fixes a crash issue if UnrealIRCd is configured to use utf8 or
chinese character sets in set::allowed-nickchars. This is not the default.
We don't expect many users to run their IRCd with this enabled, as the utf8
support was tagged as experimental and the chinese/gbk implementation is
incomplete.
In addition to the bug fix from above, this release also contains a number
of other fixes and enhancements. In particular there were some Windows
fixes and the reputation and connthrottle modules are now working better.
Enhancements:
* None
* Improve server linking error messages
* Enhance WHOX to WHO auto-conversion for "WHO +s serv.er.name"
Major issues fixed:
* The new optional feature 'set::cloak-method ip' caused identical cloaks
* A crash issue if using utf8 or chinese in set::allowed-nickchars.
* The Windows version only accepted very few clients.
* The Windows version should warn and not error if using old-style regex.
* The Windows version did not save the reputation database.
Minor issues fixed:
* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
the SSL certificate/key if you were using ssl-options in listen, sni or
link blocks. In short: it only reloaded the ones from set::ssl until now.
* The 'connthrottle' module incorrectly allowed 0 unknown users in when
it was throttling, rather than the set rate.
* The 'reputation' module did not show scores for remote users in /WHOIS,
only after 5 minutes had passed.
* Some users may have experienced a "Registration Timeout" error when
connecting. This happened because their ident server accepted the TCP/IP
connection but after that failed to respond to the ident request. We
have now lowered set::ident::read-timeout to 15 seconds to fix this.
* If successfully logged in using SASL then avoid an "You are already
logged in" error message that could happen due to PASS forwarding.
The message was harmless, but annoying in some setups.
Other:
* The built-in time synchronization feature is now disabled by default.
TimeSynch was added back in 2006 when lot's of operating systems did not
ship with time synchronization turned on by default. Since incorrect time
severely breaks IRC networks this was a major problem. Nowadays this is
completely different with most Linux distro's, OS X, Windows, etc. doing
time synchronization out of the box. Since UnrealIRCd's implementation is
less precise and lacks authentication it's best left over to the system.
You can still re-enable timesynch via:
set { timesynch { enabled yes; }; };
.. but you should really use NTP or similar for system-wide time
synchronization instead.
* Just as a reminder (this change was already in version 4.0.17):
UnrealIRCd will no longer give user mode +z to users on WEBIRC
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
some assurance that the client<->webirc gateway connection is
also secure (eg: https).
This is the regular WEBIRC format:
WEBIRC password gateway hostname ip
This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.
Module coders / Developers:
* If you are debugging or developing modules then we encourage you to
use AddressSanitizer. This does come at a 10x performance slowdown
and can consume a lot more memory, but it is very useful in tracing
common C mistakes such as out of bounds read/writes, double frees,
and so on. You will see exactly where a mistake was made.
To use this, in the last ./Config question you answer: --enable-asan
Module coders:
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
IRC protocol:
* No changes
Other changes:
* Various HELPOP updates
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the summer of 2019. This will deny /OPER when used from a non-SSL
connection. For security, IRC Operators should really use SSL/TLS!
==[ CHANGES IN OLDER RELEASES ]==
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal40/doc/RELEASE-NOTES.old
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal42/doc/RELEASE-NOTES.old
+555
View File
@@ -3,6 +3,561 @@ See doc/RELEASE-NOTES for the latest release notes.
This file (doc/RELEASE-NOTES.old) contains the release notes
of OLDER releases for historical purposes.
==[ CHANGES BETWEEN 4.2.2 AND 4.2.3 ]==
This UnrealIRCd release adds new modules to combat drones, it bumps the
default concurrent user limit, and UnrealIRCd can now easily deal with
1 million *LINE's placed on *@IP without any noticeable performance impact.
There is also one important change with regards to old style 'posix'
spamfilters (see under "Deprecated"), these will raise a warning but
will continue to work for now.
Enhancements:
* New optional modules 'reputation' and 'connthrottle' to fight drones:
* The 'reputation' module will learn what users (IP addresses) are
frequently seen on your server and classify these as "known IP's".
For every 5 minutes that someone is connected, the IP address receives
+1 point. IP's with registered users receive +2 points per 5 minutes.
An IRCOp can /WHOIS a user to view this "reputation score".
The "/REPUTATION nick" and "/REPUTATION ip" commands are also available.
Note that the reputation score is capped at a maximum of 10000 and
entries expire if the IP has not been seen online for 30 days (or
even sooner for very low reputation scores).
* The 'connthrottle' module puts users in one of these two groups:
* "known users" with IP addresses that have been online before on
your network for some time. By default: 2+ hours past 30 days.
* "new users" who have not been seen online before (or too short).
Users in the "known users" group can connect without any limitation.
Similarly, users who authenticate to services using SASL can also
always get in. However, "new users" can be limited, for example
at a maximum rate of 20 "new users" per minute.
The end result and goal is that in case of a drone attack, 99% of
your regular users can still connect as usual. This, while drones
and other unknown IP's are limited at, for example, 20 per minute.
By limiting the connection rate for drones and other unknown users
the damage is limited. It also gives IRCOps a chance to react and
take additional countermeasures, if possible.
* The modules are not loaded by default. If you want to use them,
then have a look at their example configuration in the file
conf/modules.optional.conf
* The reputation module needs to be running for some time before it
contains a meaningful database of "known users". Therefore the
connthrottle module will be disabled until the reputation module
has gathered sufficient data. This defaults to 1 week.
* Full documentation: https://www.unrealircd.org/docs/Connthrottle
* On *NIX we now default to 'auto' mode to discover MAXCONNECTIONS.
On systems that support it this means UnrealIRCd supports up to 8192
connections by default. It automatically falls back to a lower value
such as 2048 or 1024 if the user account has a lower limit or if the OS
does not support it. We recommend users to no longer set any specific
value in ./Config and just leave it at 'auto'. If you want to see the
effective limit, then look at this message when you start the server
on the console: "This server can handle XYZ concurrent sockets".
* UnrealIRCd now uses a technique that makes KLINE's, GLINE's and (G)ZLINE's
placed on individual IP's (*@IP) extremely fast. Just to illustrate:
* Previously it took 129 seconds to add 100k ZLINE's, now it takes 2.5 secs.
* Checking a connection against 100,000 ZLINE's is now 250 times faster.
* Previously 7,500 clients could connect per minute, now 33,560 per minute.
* Even with 1 million ZLINE's on *@IP it can handle 30,000 connections p/m.
* Rejecting Z-lined users is even faster at 435,000 connections per minute
with 100,000 active ZLINE's.
Benchmarked on a 2GHz Intel Xeon Skylake CPU with Linux 4.15.
To benefit from these speed improvements, just place a *LINE on *@IP.
* When the server has just been restarted, many users will reconnect and
rejoin channels. We now disable the join flood limit in channel mode +f
during the first 75 seconds since startup. This so the channel does not
become +i or +R due to "flooding". See:
https://www.unrealircd.org/docs/Set_block#set::modef-boot-delay
Deprecated:
* Spamfilter has 3 matching methods: 'simple', 'regex' and 'posix'.
The old method 'posix' is deprecated as this uses the TRE regex library
which contains bugs and has not been maintained for more than 10 years.
On *NIX the 'make install' script will try to upgrade the example
spamfilter.conf. This may not work if you have customizations in that
file or if it was originating from 3.2.x. Helpful warnings or error
messages are printed when you try to start UnrealIRCd, to guide the
user in this upgrade process. For details see:
https://www.unrealircd.org/docs/FAQ#spamfilter-posix-deprecated
https://www.unrealircd.org/docs/FAQ#old-spamfilter-conf
Major issues fixed:
* None
Minor issues fixed:
* Changing the set::anti-flood::invite-flood setting had no effect.
* Sometimes when a server (re)links to the network via 2+ connections it
could trigger a race condition where the server would be delinked again.
Module coders / Developers:
* We now compile with a lot more compiler warnings enabled by default.
Similarly, our Travis-CI compiles with --with-werror which enables the
-Werror compiler option, which you may want to use as well. This enables
the compiler to detect more possible bugs and sketchy code.
* Some modules still prepend DLLFUNC to functions. This is unnecessary.
* Similarly, if (!cep->ce_varname) is unnecessary, it never happens.
* The functions del_Command() and such have been removed. You never needed
to use this. Just use CommandAdd() and UnrealIRCd takes care of the rest.
* For command functions we encourage you to use CMD_FUNC(m_something),
this is not new. New is that we now also have something similar for
command overrides, namely: CMD_OVERRIDE_FUNC(override_something).
This way you don't have to type yourself the int parc, char *parv[] etc.
stuff and this way we can also easily change the passed parameters in
the future in an automatic way. Eg: provide more variables.
* If you use linked lists and you use AddListItem() or DelListItem() then
you should always have pointers to prev and next at the beginning of
your struct (and in that order!), otherwise you risk memory corruption.
Because this is an easy mistake to make we will now abort() we detect
such an error at runtime in AddListItem or DelListItem (on *NIX).
IRC protocol:
* Many things changed in previous release (4.2.2).
* No changes in this release.
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the summer of 2019. This will deny /OPER when used from a non-SSL
connection. For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.2.1 AND 4.2.2 ]==
This is the stable version of UnrealIRCd 4.2.2. It contains several
major enhancements, in particular with regards to flood controls.
It also fixes a crash issue in the websocket module. Note that this
is module is not loaded by default (only via modules.optional.conf
or explicitly via a loadmodule "websocket").
Enhancements:
* Quicker connection handshake for clients which use CAP and/or SASL.
* With "TOPIC #chan" and "MODE #chan +b" (and +e/+I) you can see who set the
topic and bans/exempts/invex. The default is to only show the nick of the
person who set the item. This can be changed (not the default) by setting:
set { topic-setter nick-user-host; };
set { ban-setter nick-user-host; };
* The 'set by' and 'set at' information for +beI lists are now synchronized
when servers link. You still see the MODE originating from the server,
however when the banlist is queried you will now be able to see the
original nick and time of the bansetter rather than serv.er.name.
If you want the OLD behavior you can use set { ban-setter-sync no; };
* The default maximum topic length has been increased from 307 to 360.
* You can now set more custom limits. The default settings are shown below:
set {
topic-length 360; /* maximum: 360 */
away-length 307; /* maximum: 360 */
quit-length 307; /* maximum: 395 */
kick-length 307; /* maximum: 360 */
};
* The message sent to users upon *LINE can now be adjusted completely via
set::reject-message::kline and set::reject-message::gline.
See https://www.unrealircd.org/docs/Set_block#set::reject-message
* New set::anti-flood::max-concurrent-conversations which configures the
maximum number of conversations a user can have with other users at the
same time. Until now this was hardcoded at limiting /MSG and /INVITE to
20 different users in a 15 second period. The new default is 10 users,
which serves as a protection measure against spambots.
See https://www.unrealircd.org/docs/Set_block#maxcc for more details.
* New set::max-targets-per-command which configures the maximum number
of targets accepted for a command, eg /MSG nick1,nick2,nick3,nick4 hi.
Also changed the following defaults (previously hardcoded):
* PRIVMSG from 20 to 4 targets, to counter /amsg spam
* NOTICE from 20 to 1 target, to counter /anotice spam
* KICK from 1 to 4 targets, to make it easier for channel operators
to quickly kick a large amount of spambots
See https://www.unrealircd.org/docs/Set_block#set::max-targets-per-command
Technical: the 005 token TARGMAX= is used to communicate this information
and the old MAXTARGETS= token has been removed.
* Added INVITE and KNOCK flood protection (command rate limiting):
* set::anti-flood::invite-flood now defaults to 4 per 60 seconds
(previously the effective limit was 1 invite per 6 seconds).
* set::anti-flood::knock-flood now defaults to 4 per 120 seconds.
* New set::outdated-tls-policy which describes what to do with clients
that use outdated SSL/TLS protocols (eg: TLSv1.0) and ciphers.
The default settings are to warn in all cases: users connecting,
opers /OPER'ing up and servers linking in. The user will see a message
telling them to upgrade their IRC client.
This should help with migrating such users, since in the future, say one
or two years from now, we would want to change the default to only allow
TSLv1.2+ with ciphers that provide Forward Secrecy. Instead of rejecting
clients without any error message, this provides a way to warn them and
give them some time to upgrade their outdated IRC client.
https://www.unrealircd.org/docs/Set_block#set::outdated-tls-policy
Major issues fixed:
* Crash issue in the 'websocket' module.
Minor issues fixed:
* The advertised "link-security" was incorrectly downgraded from
level 2 to 1 if spkifp was used as an authentication method.
* In case of a crash, the "./unrealircd backtrace" script was not working
correctly in non-English environments, leading to less accurate bug reports.
* Various crashes if a server receives incorrect commands from a trusted
linked server.
* A number of memory leaks on REHASH (about 1K).
* SASL was not working post-registration, eg: when services link back in.
This is now fixed in UnrealIRCd, but may require a services update as well.
Changed:
* The noctcp user mode (+T) will now only block CTCP's and not CTCP REPLIES.
Also, IRCOps can bypass user mode +T restrictions.
* UnrealIRCd will warn if your ulines { } are matching UnrealIRCd servers.
* The m_whox module now contains various features that m_who already had.
Also, m_whox will try to convert classic UnrealIRCd WHO requests such as
"WHO +i 127.0.0.1" to whox style "WHO 127.0.0.1 i". Unfortunately, auto-
converting WHO requests this is not always possible. When in doubt the
WHOX syntax is assumed. Users are thus (still) encouraged to use the
whox style when m_whox is loaded.
Deprecated:
* None?
Removed:
* The option to show the topic setter as nick!user@host was previously a
config option --with-topicisnuhost and a macro TOPIC_NICK_IS_NUHOST.
These are removed, use set::topic-setter "nick-user-host" instead.
Module coders:
* New hook HOOKTYPE_WELCOME (aClient *acptr, int after_numeric): allows you
to send a message at very specific places during the initial welcome
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_WELCOME
* New Isupport functions: IsupportSet, IsupportSetFmt and IsupportDelByName.
* The M_ANNOUNCE flag in the command add functions should no longer be used
as the CMDS= 005 token is removed. Please update your module.
* New "SJSBY" in PROTOCTL, which is used in SJOIN to sync extra data. See
https://www.unrealircd.org/docs/Server_protocol:SJOIN_command at the end.
* For a command with 2 arguments, eg "PRIVMSG #a :txt", parv[1] is "#a",
parv[2] is "txt" and parv[3] is NULL. Any arguments beyond that, such as
parv[4] should not be accessed. To help module coders with detecting such
bugs we now poison unused parv[] elements that should never be accessed.
Note that without this poison your code will also crash, now it just
crashes more consistently.
IRC protocol:
This section is intended for client coders and people interested in IRC
protocol technicalities:
* Many changes in the tokens used in numeric 005 (RPL_ISUPPORT):
* Removed CMDS= because this was an unnecessary abstraction and it was
not picked up by any other IRCd.
* The tokens KNOCK MAP USERIP have been added (moved from CMDS=..)
* STARTTLS is no longer advertised in 005 since doing so would be too
late. Also, STARTTLS is not the preferred method of using SSL/TLS.
* Added TARGMAX= to communicate set::max-targets-per-command limits.
* Removed the MAXTARGETS= token because TARGMAX= replaces it.
* Added DEAF=d to signal what user mode is used for "deaf"
* Added QUITLEN to communicate the set::quit-length setting (after all,
why communicate length for KICK but not for QUIT?)
* The 005 tokens are now sorted alphabetically
* When hitting the TARGMAX limit (set::max-targets-per-command), for
example with "/MSG k001,k002,k003,k004,k005 hi", you will see:
:server 407 me k005 :Too many targets. The maximum is 4 for PRIVMSG.
* When hitting the set::anti-flood::max-concurrent-conversations limit
(so not per command, but per time frame), you will see:
:server 439 me k011 :Message target change too fast. Please wait 7 seconds
* When hitting the set::anti-flood::invite-flood limit you will get:
:server 263 me INVITE :Flooding detected. Please wait a while and try again.
* When hitting the set::anti-flood::knock-flood limit you will get:
:server 480 me :Cannot knock on #channel (You are KNOCK flooding)
* Not a protocol change. But when a server returns from a netsplit and
syncs modes such as: :server MODE #chan +b this!is@an.old.ban
Then later on you can query the banlist (MODE #chan b) and you may see
the actual original setter and timestamp of the ban. So if a user wishes
to see the banlist then IRC clients are encouraged to actively query
the banlist before displaying it. Fortunately most clients do this.
* If the set::topic-setter or set::ban-setter are set to nick-user-host
then the "added by" field in numerics that show these entries will
contain nick!user@host instead of nick, eg:
:server 367 me #channel this!is@some.ban bansetter!user@some.host 1549461765
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the year 2019. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.2.1 AND 4.2.1.1 ]==
The 4.2.1.1 version includes a compile fix for Debian.
==[ CHANGES BETWEEN 4.2.0 AND 4.2.1 ]==
This version enhances support for authentication for clients that do not
support SASL. Also new is a module to combat mixed UTF8 character spam,
a rewrite of the operclass privileges and more secure password hashing.
If you missed the 4.2.0 release, then consider looking at the previous
release announcement as well, since it introduced a lot of new features:
https://forums.unrealircd.org/viewtopic.php?f=1&t=8843
NOTE: There will be no further 4.0.x releases. Current stable is 4.2.x.
https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series
Enhancements:
* Support for authentication prompt:
Since 4.2.0 you can require specific users to authenticate themselves with
their nickname and password via SASL. We now offer a new experimental
module called 'authprompt' which will help non-SASL users by showing a
notice and asking them to authenticate to their account using the command
/AUTH <user>:<pass>. See the new authentication article on the wiki for
an overview: https://www.unrealircd.org/docs/Authentication and also
https://www.unrealircd.org/docs/Set_block#set::authentication-prompt
* New optional module 'antimixedutf8' to combat mixed UTF8 character spam
(also called freenode spam) that has been plaguing networks.
See: https://www.unrealircd.org/docs/Set_block#set::antimixedutf8
* Support for Argon2 password hashing, which is more resilient against
brute force cracking.
* Indicate 's' in WHO reply flags if the user is secure (SSL/TLS).
Configuration changes:
* The require sasl { } block is now called require authentication { }
* The operclass privileges have been redone. Since there were 50+ changes
to the 100+ privileges it makes little sense to list the changes here.
If, like 99% of the users, you use default operclasses such as "globop"
and "admin-with-override" then you don't need to do anything.
However, if you have custom operclass { } blocks then the privileges
will have to be redone. For more information on the conversion process,
see https://www.unrealircd.org/docs/FAQ#New_operclass_permissions
For the new list of permissions, with much better naming and grouping:
https://www.unrealircd.org/docs/Operclass_permissions
* In the configuration file you can now use } instead of };
Both forms are accepted. There's no need to change if you don't like it.
* A /* comment in the configuration file is now terminated at the
first occurrence of */, instead of two /* /* requiring two */ */.
See https://www.unrealircd.org/docs/FAQ#Nesting_comments
Major issues fixed:
* The blacklist module did not act on IPv6 users listed in DNSBLs.
Minor issues fixed:
* By default a user shouldn't be allowed to change to a banned nick,
unless (s)he has +hoaq in the channel. This was broken since 4.0.0.
This feature can be disabled via set { check-target-nick-bans no; };
* Rehash error messages sent to opers regarding remote includes now no
longer include authentication information (replaced with ***:***).
Deprecated:
* The authentication types 'md5', 'sha1' and 'ripemd160' have been
deprecated because they can be cracked at high speeds. They still
work, but a warning will be shown on boot and on rehash.
Please use the new 'argon2' type instead. Type /MKPASSWD argon2 passwd
on IRC, or "./unrealircd mkpasswd argon2" on the command line.
Module coders:
* Priorities in command overrides were reversed (was added in 4.2.0).
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the year 2019. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.0.18 AND 4.2.0 ]==
There have been so many changes in this and the last few 4.0.x versions,
it justifies calling this new release "UnrealIRCd 4.2.0".
Marking the beginning of the 4.2 series, this release introduces features
such as "soft klines" and "soft actions". A significant number of optional
modules are now loaded as default, including timed channel bans and
textbans. Also, a lot more smaller changes are included in this release,
such as fixes for TLSv1.3 and experimental WHOX support.
See further down for a full list of changes.
NOTE: Version 4.2.0 is the direct successor to 4.0.18. There will be
no further 4.0.x releases (in particular there will be no 4.0.19).
https://www.unrealircd.org/docs/FAQ#Questions_about_the_new_4.2.x_series
Enhancements:
* New option to disable a module: blacklist-module "modulename";
This will cause any 'loadmodule' lines for that module to be ignored.
This is especially useful if you only want to disable a few modules
that are (normally) automatically loaded by conf/modules.default.conf.
https://www.unrealircd.org/docs/Blacklist-module_directive
* Next three new features have to do with SASL. More information on SASL
in general can be found at https://www.unrealircd.org/docs/SASL
* A new require sasl { } block which allows you to force users on the
specified hostmask to use SASL. Any unauthenticated users matching
the specified hostmask are are rejected.
See https://www.unrealircd.org/docs/Require_sasl_block
* New "soft kline" and "soft gline". These will not be applied to users
that are authenticated to services using SASL.
These are just GLINE/KLINE's but prefixed with a percent sign:
Example: /GLINE %*@10.* 0 Only SASL allowed from here
* New "soft" ban actions for spamfilter, blacklist, antirandom, etc.
Actions such as "soft-kline" and "soft-kill" will only be applied to
unauthenticated users. Users who are authenticated to services (SASL)
are exempt from the corresponding spamfilter/blacklist/antirandom/..
See https://www.unrealircd.org/docs/Actions for the full action list.
* WARNING: If your network also contains UnrealIRCd servers below v4.2.0
then it is not recommended to use global soft bans (such as soft gline
or any spamfilter with soft-xx actions). There won't be havoc, but the
bans won't be effective on parts of the network.
* The following extban modules are not new but are now enabled by default:
extbans/textban, extbans/timedban and extbans/msgbypass.
In case you don't like them, use blacklist-module as mentioned earlier.
Just as a reminder, they provide the following functionality:
* TextBan: +b ~T:block:*badword* to block sentences with 'badword'
* Timed bans: ~t:duration:mask
These are bans that are automatically removed by the server.
The duration is in minutes and the mask can be any ban mask.
Some examples:
* A 5 minute ban on a host:
+b ~t:5:*!*@host
* A 5 minute quiet ban on a host (unable to speak):
+b ~t:5:~q:*!*@host
* An invite exception for 24 hours (1440 minutes):
+I ~t:1440:*!*@host
* A temporary exempt ban for a services account:
+e ~t:1440:~a:Account
* Allows someone to speak through +m for the next 24hrs:
+e ~t:1440:~m:moderated:*!*@host
* And any other crazy ideas you can come up with...
* Ban exception ~m:type:mask to allow bypassing of message restrictions.
Valid types are: 'external' (bypass +n), moderated (bypass +m/+M),
'censor' (bypass +G), 'color' (bypass +S/+c) and 'notice' (bypass +T).
Some examples:
* Let LAN users bypass +m: +e ~m:moderated:*!*@192.168.*
* Let ops in #otherchan bypass +m: +e ~m:moderated:~c:@#otherchan
* Make GitHub commit bot bypass +n: +e ~m:external:*!*@ipmask
* Allow a services account to use color: +e ~m:color:~a:ColorBot
* Timedban support in +f [5t#b2]:10 (set 2 minute ban on text flood).
* AntiRandom: The module will now (by default) exempt WEBIRC gateways
from antirandom checking because they frequently cause false positives.
This new behavior can be disabled via:
set { antirandom { except-webirc no; }; };
* Server linking attempts and errors are now also put in the log file.
* A new module that provides WHOX support, an enhanced and more standard
version of WHO (NOTE: the command is still "WHO").
This allows, among other things, the client to request additional
information, such as which services account each channel member is using.
The module is currently experimental. To use it, add this to your conf:
loadmodule "m_whox";
Major issues fixed:
* Blacklist: Potential crash issue when concurrently checking DNSBL
for the WEBIRC gateway and the spoofed host.
* Blacklist: In case of multiple blacklists the 2nd/3rd/.. blacklists
were not always checked properly.
Minor issues fixed:
* Remote includes: ./Config didn't properly detect libcurl on Ubuntu 18
(and possibly other Linux distributions as well)
* Timeouts during server linking attempts were not displayed.
* Delayjoin: Halfops did not see JOIN's when channel mode +D was set.
* IRCOps with minimal privileges lost their user modes on MODE change.
* IRCOps could not override channel mode +z (when not using SSL/TLS)
* Channel names sometimes truncated if using accents or special chars.
* TLSv1.3 ciphersuite setting was changed to reflect OpenSSL's behavior.
There is now set::ssl::ciphersuites, specifically for TLSv1.3.
Note that the default is perfectly fine so at this point in time it
shouldn't need any adjustment (but the option is there...).
* Windows: conf\modules.optional.conf was missing.
Removed:
* allow::options::sasl has been removed. Use the new and more flexible
require sasl { } block instead.
Other changes:
* Windows users may be prompted to install the Visual C++ redistributable
package for Visual Studio 2017. This is because we now build on VS 2017
instead of VS 2012.
* We now use standard formatted messages for all K-Lines, G-Lines and
any other bans that will cause the user to be disconnected.
For technical details see the banned_client() function.
* The except throttle { } block now also overrides any limitations from
set::max-unknown-connection-per-ip. Useful for WEBIRC/cgiirc gateways.
* Localhost connections are considered secure, so these can be used even
if you have a plaintext-policy of 'deny' or 'warn'. (This was already
the case for servers, but now also for users and opers)
* Allow slashes in vhost/chghost/sethost/.. (but not through DNS)
Module coders:
* Windows: Be aware that we now build with Visual Studio 2017. This means
3rd party modules should be compiled with VS 2017 (or VS 2015) as well.
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
later this year. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.0.17 AND 4.0.18 ]==
Enhancements:
* Support for checking IPv6 addresses in DNS blacklists
* For SSL/TLS we now set the default ECDH(E) curves to be
X25519:secp521r1:secp384r1:prime256v1 if using a recent version of
OpenSSL/LibreSSL. This can be overridden via set::ssl::ecdh-curve.
* The blacklist module now checks WEBIRC users as well.
* You can now require SASL for all clients via the allow block via:
allow { ip *; class clients; maxperip 2; options { sasl; }; };
This can be useful for a special sasl-only server which, for example,
only permits proxies and tor clients. In a future release the feature
will be made more flexible so it can be used for other purposes
as well.
Major issues fixed:
* A number of (potential) security issues were fixed:
* Memory leaks: this could allow an attacker to slowly consume all
available memory and ultimately cause UnrealIRCd to crash.
* Out of bounds read: in practice this does not seem to be
exploitable due to the many restrictions that are imposed.
* Compile issues on macOS
* Bug in blacklist module which could have caused false negatives,
allowing bad guys in which should have been denied.
* The new optional feature 'set::cloak-method ip' caused identical cloaks
Minor issues fixed:
* When using '/REHASH -ssl' or './unrealircd reloadtls' it did not reload
the SSL certificate/key if you were using ssl-options in listen, sni or
link blocks. In short: it only reloaded the ones from set::ssl until now.
* m_ircops sent a conflicting numeric, confusing some clients.
* Starting UnrealIRCd through a non-interactive(!) ssh session could cause
the ssh session to hang.
* An upgrade issue with non-system cURL causing compile problems.
Other changes:
* The built-in time synchronization feature is now disabled by default.
TimeSynch was added back in 2006 when lots of operating systems did not
ship with time synchronization turned on by default. Since incorrect time
severely breaks IRC networks this was a major problem. Nowadays this is
completely different with most Linux distro's, OS X, Windows, etc. doing
time synchronization out of the box. Since UnrealIRCd's implementation is
less precise and lacks authentication it's best left over to the system.
You can still re-enable timesynch via:
set { timesynch { enabled yes; }; };
.. but you should really use NTP or similar for system-wide time
synchronization instead.
* For developers there's now the --with-werror compile option which will
add -Werror.
* Added a lot more Travis-CI tests: various LibreSSL/OpenSSL versions
and also test macOS. This to prevent us from releasing broken stuff.
* Various code cleanups to get rid of lots of needless casts and to
eliminate compiler warnings.
* Just as a reminder (this change was already in version 4.0.17):
UnrealIRCd will no longer give user mode +z to users on WEBIRC
gateways using SSL/TLS IRC, unless the WEBIRC gateway gives us
some assurance that the client<->webirc gateway connection is
also secure (eg: https).
This is the regular WEBIRC format:
WEBIRC password gateway hostname ip
This indicates a secure client connection (NEW):
WEBIRC password gateway hostname ip :secure
Naturally, WEBIRC gateways MUST NOT send the "secure" option if
the client is using http or some other insecure protocol.
Module coders:
* HOOKTYPE_CHANNEL_SYNCED prototype changed, the 'merge' and 'removetheirs'
is now no longer an 'unsigned short' but an 'int' instead.
* HOOKTYPE_MODE_DEOP prototype changed, the 'modechar' is now no longer
a 'char' but an 'int' instead.
* In addition to safestrdup() there's now also safestrldup() which allows
you to specify a maximum allocated length (so including the nul byte).
This is used in m_pass.c and m_topic.c.
* New hook HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
https://www.unrealircd.org/docs/Dev:Hook_API#HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
later this year. This will deny /OPER when used from a non-SSL connection.
For security, IRC Operators should really use SSL/TLS!
==[ CHANGES BETWEEN 4.0.16.1 AND 4.0.17 ]==
Enhancements:
+49 -3
View File
@@ -1,4 +1,4 @@
/* Configuration file for UnrealIRCd 4.0
/* Configuration file for UnrealIRCd 4
*
* Simply copy this file to your conf/ directory, call it
* 'unrealircd.conf' and walk through it line by line (edit it!)
@@ -42,12 +42,13 @@ include "modules.default.conf";
* - help/help.conf for our on-IRC /HELPOP system
* - badwords.conf for channel and user mode +G
* - spamfilter.conf as an example for spamfilter usage
* (commented out)
* - operclass.default.conf contains some good operclasses which
* you can use in your oper blocks.
*/
include "help/help.conf";
include "badwords.conf";
include "spamfilter.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
/* This is the me { } block which basically says who we are.
@@ -103,7 +104,7 @@ class servers
pingfreq 60;
connfreq 15; /* try to connect every 15 seconds */
maxclients 10; /* max servers */
sendq 5M;
sendq 20M;
};
/* Allow blocks define which clients may connect to this server.
@@ -375,6 +376,51 @@ vhost {
password "test";
};
/* Blacklist blocks will query an external DNS Blacklist service
* whenever a user connects, to see if the IP address is known
* to cause drone attacks, is a known hacked machine, etc.
* Documentation: https://www.unrealircd.org/docs/Blacklist_block
* Or just have a look at the blocks below.
*/
/* DroneBL, probably the most popular blacklist used by IRC Servers.
* See https://dronebl.org/ for their documentation and the
* meaning of the reply types. At time of writing we use types:
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
* 16: Autorooting worms.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
};
/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
* and the meaning of the reply types.
* At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
*
* NOTE: If you want to permit TOR proxies on your server, then
* you need to remove the '4;' below in the reply section.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check http://rbl.efnetrbl.org/?i=$ip for details.";
};
/* You can include other configuration files */
/* include "klines.conf"; */
+2 -2
View File
@@ -1,4 +1,4 @@
/* Fichier de configuration pour UnrealIRCd 4.0
/* Fichier de configuration pour UnrealIRCd 4
*
* Copiez ce fichier dans le répertoire conf/, renommez le
* 'unrealircd.conf' et parcourez-le ligne par ligne (modifiez le !)
@@ -49,7 +49,7 @@ include "modules.default.conf";
*/
include "help/help.conf";
include "badwords.conf";
include "spamfilter.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
/* Le bloc me { } indique qui est le serveur.
+235 -156
View File
@@ -1,57 +1,62 @@
/* UnrealIRCd 4.0 Yapılandırma Dosyası
/* UnrealIRCd 4 için yapılandırma dosyası
* Türkçe Çeviri: Diablo - (Serkan Sepetçi)
* İletişim: irc.trirc.com:6667 - diablo@unrealircd.org
*
* Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
* Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
* Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
* Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
*
* Önemli: Satırların hepsi, açılış başına { satır sonuna ;
* }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
* eksik koyarsanız yapılandırma dosyası hata verecek
* ve dosya doğru işlemde olmayacaktır!
* Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
* dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
* bu size bilgi edinmeniz açısından yardımcı olacaktır:
* Önemli: Satırların hepsi, açılış başına { satır sonuna ;
* }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
* eksik koyarsanız yapılandırma dosyası hata verecek
* ve dosya doğru işlemde olmayacaktır!
* Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
* dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
* bu size bilgi edinmeniz açısından yardımcı olacaktır:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 4.0 belgeleme (çok geniş!):
* UnrealIRCd 4 belgeleme (çok geniş!):
* https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
*
* Sıkça Sorulan Sorular:
* Sıkça Sorulan Sorular:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* Bu bir açıklamadır, burada tüm metin göz ardı edilir (açıklama tipi #1) */
// Bu da bir açıklamadır, bu satır göz ardı edilir (açıklama tipi #2)
# Bu da bir açıklamadır, bu satır yine göz ardı edilir (açıklama tipi #3)
/* Bu bir açıklamadır, burada tüm metin göz ardı edilir (açıklama tipi #1) */
// Bu da bir açıklamadır, bu satır göz ardı edilir (açıklama tipi #2)
# Bu da bir açıklamadır, bu satır yine göz ardı edilir (açıklama tipi #3)
/* UnrealIRCd yoğun modul kullanımını kolaylaştırır. UnrealIRCd'de
* etkinleştirmek istediğiniz özellikleri tamamen moduller ile aktif edebilirsiniz.
* Görmek için; https://www.unrealircd.org/docs/Modules
/* UnrealIRCd yoğun modul kullanımını kolaylaştırır. UnrealIRCd'de
* etkinleştirmek istediğiniz özellikleri tamamen moduller ile aktif edebilirsiniz.
* Görmek için; https://www.unrealircd.org/docs/Modules
*
* Biz 'modules.default.conf' dosyasını okumak için IRCd talimatı altında kullanarak
* UnrealIRCd ile birlikte gelen 150'den fazla modĂĽlleri yĂĽkleyecektir.
* Başka bir deyişle: Bu sadece UnrealIRCd'de mevcut tüm özelliklerini yükleyecektir.
* İlk kez UnrealIRCd kuruyorsanız size bunu kullanmanızı öneririz.
* Biz 'modules.default.conf' dosyasını okumak için IRCd talimatı altında kullanarak
* UnrealIRCd ile birlikte gelen 150'den fazla modĂĽlleri yĂĽkleyecektir.
* Başka bir deyişle: Bu sadece UnrealIRCd'de mevcut tüm özelliklerini yükleyecektir.
* İlk kez UnrealIRCd kuruyorsanız size bunu kullanmanızı öneririz.
* UnrealIRCd'yi ilk kez kuruyorsanız bunu kullanmanızı öneririz.
* Daha sonra her şey hazır olduğunda ve çalışıyorsa (eğer isterseniz)
* listeyi özelleştirmek için geri dönebilirsiniz.
*/
include "modules.default.conf";
/* Şimdi de diğer bazı dosyaları dahil edelim:
/* Şimdi de diğer bazı dosyaları dahil edelim:
* - help/help.conf /HELPOP sistemi
* - badwords.conf kanal ve kullanıcı modu için +G
* - spamfilter.conf için örnek olarak spamfilter kullanımı
* - operclass.default.conf oper bloklarında kullanabileceğiniz
* oper sınıflarını görüntüler.
* - badwords.conf kanal ve kullanıcı modu için +G
* - spamfilter.conf için örnek olarak spamfilter kullanımı
* - operclass.default.conf oper bloklarında kullanabileceğiniz
* oper sınıflarını görüntüler.
*/
include "help/help.conf";
include "badwords.conf";
include "spamfilter.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
/* me { } bloÄźu genelde kim olduÄźumuzu belirtir.
* Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
* Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
* başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
* kendi sid olmalıdır).
/* me { } bloÄźu genelde kim olduÄźumuzu belirtir.
* Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
* Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
* başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
* kendi sid olmalıdır).
*/
me {
name "irc.foonet.com";
@@ -59,8 +64,8 @@ me {
sid "001";
};
/* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
* Normalde yöneticiye ulaşma konusunda bilgi içerir.
/* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
* Normalde yöneticiye ulaşma konusunda bilgi içerir.
*/
admin {
"Bob Smith";
@@ -68,15 +73,15 @@ admin {
"widely@used.name";
};
/* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
* Class blokları aşağıdaki işlemlerden oluşur:
* - pingfreq: kullanıcı/sunucu için ping'ler arası zaman belirtir (saniyede)
* - connfreq: sunucuya bağlanmaya çalıştığınızda tekrar için zaman belirtir (saniyede)
* - sendq: bir bağlantı için maksimum veri boyutu
* - recvq: bir bağlantı için maksimum alınan veri boyutu (flood kontrol)
/* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
* Class blokları aşağıdaki işlemlerden oluşur:
* - pingfreq: kullanıcı/sunucu için ping'ler arası zaman belirtir (saniyede)
* - connfreq: sunucuya bağlanmaya çalıştığınızda tekrar için zaman belirtir (saniyede)
* - sendq: bir bağlantı için maksimum veri boyutu
* - recvq: bir bağlantı için maksimum alınan veri boyutu (flood kontrol)
*/
/* Kullanıcılar için varsayılan class ayarları */
/* Kullanıcılar için varsayılan class ayarları */
class clients
{
pingfreq 90;
@@ -85,7 +90,7 @@ class clients
recvq 8000;
};
/* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
/* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
class opers
{
pingfreq 90;
@@ -94,32 +99,32 @@ class opers
recvq 8000;
};
/* Sunucular için varsayılan class ayarları */
/* Sunucular için varsayılan class ayarları */
class servers
{
pingfreq 60;
connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
maxclients 10; /* maksimum kullanıcı */
connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
maxclients 10; /* maksimum kullanıcı */
sendq 5M;
};
/* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
* Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
* giriş izini verilebilir. Ayrıca IP başına ne kadar bağlantıya izin
* verileceÄźini belirtir.
* Görmeniz için: https://www.unrealircd.org/docs/Allow_block
/* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
* Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
* giriş izini verilebilir. Ayrıca IP başına ne kadar bağlantıya izin
* verileceÄźini belirtir.
* Görmeniz için: https://www.unrealircd.org/docs/Allow_block
*/
/* IP başına sadece 5 bağlantı izini verir */
/* IP başına sadece 5 bağlantı izini verir */
allow {
ip *@*;
class clients;
maxperip 5;
maxperip 3;
};
/* Örnek olarak özel bir IP bloğu izini:
* Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
* Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
/* Örnek olarak özel bir IP bloğu izini:
* Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
* Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
*/
allow {
ip *@192.0.2.1;
@@ -128,41 +133,46 @@ allow {
maxperip 20;
};
/* Oper bloğu, IRC Operatorleri tanımlar.
* IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
* örneğin diğer kullanıcılara /KILL uygulayabilmesi, sunucu birleştirmesinin başlatılması,
* /JOIN yaptığı odalardan banlansa bile tekrar giriş yapabilmesi, vs.
* Görmeniz için: https://www.unrealircd.org/docs/Oper_block
/* Oper bloğu, IRC Operatorleri tanımlar.
* IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
* örneğin diğer kullanıcılara /KILL uygulayabilmesi, sunucu birleştirmesinin başlatılması,
* /JOIN yaptığı odalardan banlansa bile tekrar giriş yapabilmesi, vs.
*
* IRCOp olmak ve nasıl Admin olunacağı hakkında daha fazla bilgi için
* https://www.unrealircd.org/docs/IRCOp_guide
*
* Oper {} bloğunun kendisi ile ilgili ayrıntıları görmeniz için
* https://www.unrealircd.org/docs/Oper_block
*/
/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
* Bunu değiştirmeniz GEREKİR!!
/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
* Bunu değiştirmeniz GEREKİR!!
*/
oper bobsmith {
class opers;
mask *@*;
password "test";
/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
* Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd varsayılan bloklar makalesi için,
* tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
* Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd varsayılan bloklar makalesi için,
* tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.mynet.org;
};
/* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
* Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
* sunucuya bağlantı kurmasını sağlar.
/* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
* Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
* sunucuya bağlantı kurmasını sağlar.
*
* Kullanımı:
* Kullanımı:
* listen
* {
* ip <ip numarası>;
* port <port numarası>;
* ip <ip numarası>;
* port <port numarası>;
* options {
* <seçenekler....>;
* <seçenekler....>;
* };
* };
*/
@@ -180,24 +190,24 @@ listen {
options { ssl; };
};
/* Özel SSL/TLS sadece sunucuları bağlamak için port */
/* Özel SSL/TLS sadece sunucuları bağlamak için port */
listen {
ip *;
port 6900;
options { ssl; serversonly; };
};
/* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
* logunuzda olası 'Address already in use' hatasını alacaksınız
* ve ircd başlamayacaktır.
* Bunun anlamı '*' yerine belirli bir IP yazmanız GEREKİR anlamına gelir:
/* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
* logunuzda olası 'Address already in use' hatasını alacaksınız
* ve ircd başlamayacaktır.
* Bunun anlamı '*' yerine belirli bir IP yazmanız GEREKİR anlamına gelir:
* listen 1.2.3.4:6667;
* Açıkçası, IP yi önceden koyduğunuz IP ile değiştirin.
* Açıkçası, IP yi önceden koyduğunuz IP ile değiştirin.
*/
/*
* Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
* Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
* Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
* Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.mynet.org
{
@@ -206,41 +216,58 @@ link hub.mynet.org
};
outgoing {
bind-ip *; /* veya açıkça bir IP */
bind-ip *; /* veya açıkça bir IP */
hostname hub.mynet.org;
port 6900;
options { ssl; };
};
password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* diğer sunucu için SSL fingerprint */
/* Kimlik doğrulaması için diğer sunucunun SPKI parmak izini kullanıyoruz.
* Kullanmamız için diğer tarafda './unrealircd spkifp' uygulayıp çalıştırıyoruz.
* NOT: UnrealIRCd 4.0.16 veya üzeri versiyonları gerektirir.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
class servers;
};
/* U-lines satırları sunuculara daha güç/komut kazandırır.
* Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
* ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
* ( Eğer servisler kaynağını görmek istiyorsanız bakınız;
* https://www.unrealircd.org/docs/Services )
/* Servis'ler için bağlantı bloğu genellikle çok daha basittir.
* Servis'lerin ne olduğu hakkında daha fazla bilgi için,
* https://www.unrealircd.org/docs/Services
*/
link services.mynet.org
{
incoming {
mask 127.0.0.1;
};
password "changemeplease";
class servers;
};
/* U-lines satırları sunuculara daha güç/komut kazandırır.
* Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
* ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
*/
ulines {
services.mynet.org;
};
/* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
* Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
* koruma sağlamak içindir.
/* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
* Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
* koruma sağlamak içindir.
*/
drpass {
restart "restart";
die "die";
};
/* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
* Görmeniz için: https://www.unrealircd.org/docs/Log_block
/* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
* Görmeniz için: https://www.unrealircd.org/docs/Log_block
*/
/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
log "ircd.log" {
flags {
oper;
@@ -256,42 +283,42 @@ log "ircd.log" {
};
};
/* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
* takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
/* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
* takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
*
* Biz önceden ayarlanmış bir takma adı dosyaları dizini oluşturduk, alias/ dizini kontrol ediniz.
* Örnek olarak, burada anope servisler ve kullanılan tüm diğer servisler adları bulunmaktadır.
* Biz önceden ayarlanmış bir takma adı dosyaları dizini oluşturduk, alias/ dizini kontrol ediniz.
* Örnek olarak, burada anope servisler ve kullanılan tüm diğer servisler adları bulunmaktadır.
*/
include "aliases/anope.conf";
/* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
/* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Servisler için ayrılmış";
reason "Servisler için ayrılmış";
};
/* Ban ip.
* Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
* Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
*/
ban ip {
mask 195.86.232.81;
reason "Senden nefret ediyorum";
};
/* Ban server - bir sunucunun bağlanmasını devredışı kılar */
/* Ban server - bir sunucunun bağlanmasını devredışı kılar */
ban server {
mask eris.berkeley.edu;
reason "Defol git buradan.";
};
/* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
/* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Salak";
};
/* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak
* banlamanıza olanak sağlar.
/* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak
* banlamanıza olanak sağlar.
*/
ban realname {
mask "Swat Team";
@@ -303,45 +330,45 @@ ban realname {
reason "sub7";
};
/* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
* KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
* EÄźer statik IP (ve bu IP ĂĽzerinde gĂĽvenilmeyen kiĹźiler) ile bir IRCOp
* iseniz o zaman kendinizi burada eklemenizi öneririz. Yanlışlıkla kendinize
* bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
/* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
* KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
* EÄźer statik IP (ve bu IP ĂĽzerinde gĂĽvenilmeyen kiĹźiler) ile bir IRCOp
* iseniz o zaman kendinizi burada eklemenizi öneririz. Yanlışlıkla kendinize
* bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
*/
/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
except ban {
mask *@192.0.2.1;
// burada daha fazla mask girdileri ekleyebilirsiniz..
};
/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
except tkl {
mask *@192.0.2.1;
type all;
};
/* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
/* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
deny dcc {
filename "*sub7*";
reason "Olası Sub7 Virüsü";
reason "Olası Sub7 Virüsü";
};
/* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
/* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
};
/* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
* Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
/* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
* Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
*/
/* Kullanabileceğiniz örnek vhost. IRC tipi: /VHOST test test
* DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
* maske 'unrealircd.com' olarak belirlenmiĹźtir.
/* Kullanabileceğiniz örnek vhost. IRC tipi: /VHOST test test
* DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
* maske 'unrealircd.com' olarak belirlenmiĹźtir.
*/
vhost {
vhost i.hate.microsefrs.com;
@@ -350,10 +377,55 @@ vhost {
password "test";
};
/* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
/* Blacklist blokları, bir kullanıcı bağlandığında IP adresinin drone saldırılarına
* neden olduğunu, bilinen bir saldırıya uğramış bir makine olup olmadığını görmek
* için harici bir DNS Kara Liste hizmetinden sorgulayacaktır.
* Belgeleme: https://www.unrealircd.org/docs/Blacklist_block
* veya aşağıdaki bloklar satırına bakınız.
*/
/* DroneBL, muhtemelen IRC Sunucuları tarafından kullanılan en popüler kara liste.
* Belgeler ve cevap (reply) tiplerin anlamlarını görmek için https://dronebl.org/
* adresine bakınız. Bu zamanda aşağıdaki cevap (reply) tiplerini kullanıyoruz:
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
* 16: Autorooting worms.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone belirlendi. Ayrıntılar için https://dronebl.org/lookup?ip=$ip adresine bakınız.";
};
/* EFnetRBL, belgeler ve cevap (reply) tiplerini görmek için https://rbl.efnetrbl.org/
* adresine bakınız.
* Yazma sırasında: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
*
* NOT: Sunucunuzda TOR proxy'lerine izin vermek istiyorsanız,
* cevap (reply) tiplerinden '4;' öğesini kaldırmanız gerekiyor.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR belirlendi. Ayrıntılar için http://rbl.efnetrbl.org/?i=$ip adresine bakınız.";
};
/* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
/* include "klines.conf"; */
/* Ağ yapılandırması */
/* Ağ yapılandırması */
set {
network-name "MYNet";
default-server "irc.mynet.org";
@@ -363,68 +435,75 @@ set {
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
* Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
* Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve
* küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
* Bunu NIX üzerinde çalıştırabilirsiniz.
/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
* Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
* Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve
* küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
* Bunu NIX üzerinde çalıştırabilirsiniz.
*/
cloak-keys {
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"ve diÄźeri";
"ve diÄźeri";
"ve diÄźeri";
"ve diÄźeri";
};
};
/* Sunucunun kendine özgü yapılandırması */
/* Sunucunun kendine özgü yapılandırması */
set {
kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
modes-on-oper "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
modes-on-oper "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
options {
hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
};
maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
/* QUIT mesajının görüntülenebilmesi için, bir kullanıcının sunucuya bağlı kalması
* gereken süre. Bu durum umarım spamları durdurmak için yardımcı olacaktır.
/* QUIT mesajının görüntülenebilmesi için, bir kullanıcının sunucuya bağlı kalması
* gereken süre. Bu durum umarım spamları durdurmak için yardımcı olacaktır.
*/
anti-spam-quit-message-time 10s;
/* Kullanıcı sunucudan ayrılırken çıkış sebebini sabitler. /QUIT sebeb gözardı edilecektir. */
/* Kullanıcı sunucudan ayrılırken çıkış sebebini sabitler. /QUIT sebeb gözardı edilecektir. */
/* static-quit "Client quit"; */
/* static-part /PART komutu ile aynı işi görür */
/* static-part /PART komutu ile aynı işi görür */
/* static-part yes; */
/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
oper-only-stats "*";
/* Anti flood Koruması */
/* Anti flood Koruması */
anti-flood {
nick-flood 3:60; /* Her 60 saniyede 3 nick değişikliği (varsayılan) */
connect-flood 3:60; /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
away-flood 4:120; /* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
nick-flood 3:60; /* Her 60 saniyede 3 nick değişikliği (varsayılan) */
connect-flood 3:60; /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
away-flood 4:120; /* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
};
/* Spam filter Ayarları */
/* Spam filter Ayarları */
spamfilter {
ban-time 1d; /* varsayılan spamfilter tarafından ban süresini belirtir */
ban-reason "Spam/Advertising"; /* varsayılan sebep */
virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
ban-time 1d; /* varsayılan spamfilter tarafından ban süresini belirtir */
ban-reason "Spam/Advertising"; /* varsayılan sebep */
virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
/* except "#help"; Spamfilter'den muaf tutulacak kanal */
};
};
/* Son olarak, bir MOTD (Günün Mesajı) oluşturabilirsiniz, bu
* conf/ dizininde 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
* Bu dosyanın içeriği bağlantı kuran kullanıcılara gösterilecektir.
* Daha fazla bilgi için https://www.unrealircd.org/docs/MOTD_and_Rules bölümünü inceleyiniz.
*/
/*
* Sorununuza veya daha fazla yardımamı ihtiyacınız var?
* Sorununuza veya daha fazla yardımamı ihtiyacınız var?
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
* 3) Eğer probleminiz hala devam ediyorsa irc.unrealircd.org sunucusu #unreal-support kanalına girebilirsiniz
* DÖKÜMANTASYON ve FAQ kısmını okumanızı gerekli gördüğümüzü belirtiyoruz!
* 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
* 3) EÄźer probleminiz hala devam ediyorsa:
* - Forums: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support
* İlk önce Dökümantasyon ve FAQ kısmını okumanızı gerektirdiğini unutmayın!
*/
+108 -66
View File
@@ -1,4 +1,4 @@
/* UnrealIRCd 4.0 Help Configuration
/* UnrealIRCd 4 Help Configuration
* Based on the original help text written by hAtbLaDe
* Revised by CC (07/2002) and many others
*/
@@ -13,7 +13,7 @@ help {
" -";
" /HELPOP USERCMDS - To get the list of User Commands";
" /HELPOP OPERCMDS - To get the list of Oper Commands";
" /HELPOP SVSCMDS - Commands sent via U:Lined Server (Services)";
" /HELPOP SVSCMDS - Commands sent via U-Lined Server (Services)";
" /HELPOP UMODES - To get the list of User Modes";
" /HELPOP SNOMASKS - To get a list of Snomasks";
" /HELPOP CHMODES - To get the list of Channel Modes";
@@ -68,7 +68,7 @@ help Opercmds {
help Svscmds {
" This section gives the commands that can be";
" sent via a U:Lined Server such as Services.";
" sent via a U-Lined Server such as Services.";
" The command is typically sent as:";
" /MSG OPERSERV RAW :services <command>";
" Use /HELPOP <command name> to get more information about";
@@ -92,7 +92,7 @@ help Umodes {
" d = Only receive channel PRIVMSGs starting with a bot command character (Deaf)";
" i = Invisible (Not shown in /WHO searches)";
" p = Hide all channels in /whois and /who";
" q = Only U:lines can kick you (Services Admins/Net Admins only)";
" q = Only U-Lines can kick you (Services Admins/Net Admins only)";
" r = Identifies the nick as being Registered (settable by services only)";
" s = Can listen to Server notices";
" t = Says that you are using a /VHOST";
@@ -100,6 +100,7 @@ help Umodes {
" x = Gives the user Hidden Hostname (security)";
" z = Marks the client as being on a Secure Connection (SSL)";
" B = Marks you as being a Bot";
" D = Only receive PRIVMSGs from IRCOps, servers and services (privdeaf)";
" G = Filters out all Bad words in your messages with <censored>";
" H = Hide IRCop status in /WHO and /WHOIS. (IRC Operators only)";
" I = Hide an oper's idle time (in /whois output) from regular users.";
@@ -107,6 +108,7 @@ help Umodes {
" S = For Services only. (Protects them)";
" T = Prevents you from receiving CTCPs";
" W = Lets you see when people do a /WHOIS on you (IRC Operators only)";
" Z = Only receive/send PRIVMSGs from/to users using a Secure Connection (SSL)";
" ==---------------------------oOo---------------------------==";
};
@@ -124,14 +126,14 @@ help Snomasks {
" c = View connects/disconnects on local server";
" e = View 'Eyes' server messages (OperOverride, /CHG* and /SET* usage, ..)";
" f = View flood alerts";
" F = View connects/disconnects on remote servers (except U-lines)";
" F = View connects/disconnects on remote servers (except U-Lines)";
" G = View TKL notices (Gline, GZline, Shun, etc)";
" j = View Junk notices (not recommended for normal use)";
" k = View KILL notices";
" n = View nick changes on local server";
" N = View nick changes on remote servers";
" o = View oper-up notices";
" q = View rejected nick changes due to Q:lines";
" q = View rejected nick changes due to Q-Lines";
" s = View general notices";
" S = View spamfilter matches";
" v = View usage of /VHOST command";
@@ -187,8 +189,15 @@ help Chmodes {
help ExtBans {
" These bans let you ban based on things other than the traditional nick!user@host";
" mask. They also provide support for things like ``quieting'' users (on other IRCds";
" you might do +q <hostmask>, on UnrealIRCd use +b ~q:<hostmask>).";
" mask. These bans start with a tilde, followed by a letter denoting the extban type.";
" For example +b ~q:nick!user@host denotes a quiet extban.";
" -";
" The following ban type can be used in front of any (ext)ban:";
" ==-Type--------Name---------------------------Explanation-----------------------==";
" | | Timed bans are automatically unset by the server after ";
" ~t | timedban | the specified number of minutes. For example: ";
" | | +b ~t:3:*!*@hostname ";
" ==------------------------------------------------------------------------------==";
" -";
" These bantypes specify which actions are affected by a ban:";
" ==-Type--------Name---------------------------Explanation-----------------------==";
@@ -206,6 +215,16 @@ help ExtBans {
" ~j | join | He may perform all other activities if he is already on ";
" | | the channel, such as speaking and changing his nick. ";
"-----------------------------------------------------------------------------------";
" | | Bypass message restrictions. This extended ban is only ";
" | | available as +e and not as +b. Syntax: +e ~m:type:mask. ";
" | | Valid types: 'external' (bypass +n), 'censor' (bypass +G),";
" | | 'moderated' (bypass +m/+M), 'color' (bypass +S/+c), and ";
" ~m | msgbypass | 'notice' (bypass +T). Some examples: ";
" | | +e ~m:moderated:*!*@192.168.* Allow IP to bypass +m ";
" | | +e ~m:external:*!*@192.168.* Allow IP to bypass +n ";
" | | +e ~m:color:~a:ColorBot Allow account 'ColorBot' ";
" | | to bypass +c ";
" ==------------------------------------------------------------------------------==";
" -";
" These bantypes introduce new criteria which can be used:";
" ==-Type--------Name---------------------------Explanation-----------------------==";
@@ -249,12 +268,16 @@ help ExtBans {
" ~S | certfp | (the one you see in /WHOIS). Mostly useful for safe ";
" | | ban exceptions and invite exceptions. ";
" | | Example: +iI ~S:00112233445566778899aabbccddeeff..etc.. ";
"-----------------------------------------------------------------------------------";
" | | Channel-specific text filtering. Supports two actions: ";
" ~T | textban | 'censor' and 'block'. Two examples: ";
" | | +b ~T:censor:*badword* and +b ~T:block:*something* ";
" ==------------------------------------------------------------------------------==";
" -";
"You may stack extended bans from the first group with the second group.";
"For example +b ~q:~c:#lamers would quiet all users who have joined #lamers.";
"Bans from the second group may also be used for invite exceptions (+I),";
"such as +I ~c:#trusted and +I ~a:accountname.";
"You may stack extended bans from the 2nd group with the 3rd group.";
"For example +b ~q:~c:#lamers would quiet all users who are also in #lamers.";
"Bans from the 3rd group may also be used for invite exceptions (+I),";
"such as +I ~c:@#trusted and +I ~a:accountname.";
};
help Chmodef {
@@ -345,6 +368,7 @@ help Who {
" H - User is not /away (here)";
" r - User is using a registered nickname";
" B - User is a bot (+B)";
" s - User is securely connected (SSL/TLS)";
" * - User is an IRC Operator";
" ~ - User is a Channel Owner (+q)";
" & - User is a Channel Admin (+a)";
@@ -503,7 +527,7 @@ help Stats {
help Links {
" Lists all of the servers currently linked to the network.";
" Only IRCops can see linked U:lined servers.";
" Only IRCops can see linked U-Lined servers.";
" -";
" Syntax: LINKS";
};
@@ -743,14 +767,14 @@ help Locops {
" Sends a message to all IRCops at this server (local).";
" -";
" Syntax: LOCOPS <message>";
" Example: LOCOPS Gonna k:line that user ...";
" Example: LOCOPS Gonna K-Line that user ...";
};
help Globops {
" Sends a message to all ircops (global).";
" -";
" Syntax: GLOBOPS <message>";
" Example: GLOBOPS Gonna k:line that user ...";
" Example: GLOBOPS Gonna K-Line that user ...";
};
help Kill {
@@ -762,49 +786,69 @@ help Kill {
};
help Kline {
" This command provides timed K:Lines. If you match a K:Line you cannot";
" This command provides timed K-Lines. If you match a K-Line you cannot";
" connect to the server";
" A time of 0 in the KLINE makes it permanent (Never Expires).";
" You may also specify the time in the format 1d10h15m30s.";
" IRC Operator only command.";
" -";
" Syntax: KLINE <hostmask or nick> [time] <reason> (adds a Kline)";
" KLINE -<hostmask> (removes a Kline)";
" Example: KLINE *@*.aol.com Abuse (Adds a permanent K:line)";
" KLINE *@*.someisp.com 2d Abuse (Adds a K:line for 2 days)";
" Syntax: KLINE <hostmask or nick> [time] <reason> (adds a K-Line)";
" KLINE -<hostmask> (removes a K-Line)";
" Example: KLINE *@*.aol.com Abuse (Adds a permanent K-Line)";
" KLINE *@*.someisp.com 2d Abuse (Adds a K-Line for 2 days)";
" KLINE Idiot 1d Please go away";
" KLINE -*@*.aol.com";
" -";
" Soft actions (more info at https://www.unrealircd.org/docs/Actions)";
" Syntax: KLINE %<hostmask or nick> [time] <reason> (adds a soft K-Line)";
" KLINE -%<hostmask> (removes a soft K-Line)";
" Example: KLINE %*@*.aol.com Abuse (Adds a permanent soft K-Line)";
" KLINE %*@*.someisp.com 2d Abuse (Adds a soft K-Line for 2 days)";
" KLINE %Idiot 1d Please go away";
" KLINE -%*@*.aol.com";
};
help Zline {
" This command provides timed Z:Lines. If you match a Z:Line you cannot";
" This command provides timed Z-Lines. If you match a Z-Line you cannot";
" connect to the server";
" A time of 0 in the ZLINE makes it permanent (Never Expires).";
" You may also specify the time in the format 1d10h15m30s.";
" IRC Operator only command.";
" -";
" Syntax: ZLINE <*@ipmask> [time] <reason> (adds a Zline)";
" ZLINE -<*@ipmask> (removes a Zline)";
" Example: ZLINE *@127.0.0.1 Abuse (Adds a permanent Z:line)";
" ZLINE *@127.0.0.1 2d Abuse (Adds a Z:line for 2 days)";
" Syntax: ZLINE <*@ipmask> [time] <reason> (adds a Z-Line)";
" ZLINE -<*@ipmask> (removes a Z-Line)";
" Example: ZLINE *@127.0.0.1 Abuse (Adds a permanent Z-Line)";
" ZLINE *@127.0.0.1 2d Abuse (Adds a Z-Line for 2 days)";
" ZLINE -*@127.0.0.1";
" NOTE: requires the can_zline oper flag";
};
help Gline {
" This command provides timed G:Lines. If you match a G:Line you cannot";
" This command provides timed G-Lines. If you match a G-Line you cannot";
" connect to ANY server on the IRC network";
" A time of 0 in the GLINE makes it permanent (Never Expires).";
" You may also specify the time in the format 1d10h15m30s.";
" IRC Operator only command.";
" -";
" Syntax: GLINE <user@host mask or nick> [time] <reason>";
" (Adds a G:line for user@host)";
" GLINE -<user@host mask> (Removes a G:line for user@host)";
" Example: GLINE *@*.idiot.net 900 Spammers (Adds a 15 min G:line)";
" GLINE *@*.idiot.net 1d5h Spammers (Adds a 29 hour G:line)";
" (Adds a G-Line for user@host)";
" GLINE -<user@host mask> (Removes a G-Line for user@host)";
" Example: GLINE *@*.idiot.net 900 Spammers (Adds a 15 min G-Line)";
" GLINE *@*.idiot.net 1d5h Spammers (Adds a 29 hour G-Line)";
" GLINE Idiot 1d Abuse";
" GLINE -*@*.idiot.net";
" -";
" Soft Actions (More info at https://www.unrealircd.org/docs/Actions)";
" -";
" Syntax: GLINE %<user@host mask or nick> [time] <reason>";
" (Adds a G-Line for user@host, but still allows the connection if the";
" user has a registered account and identifies using SASL)";
" GLINE -%<user@host mask> (Removes a soft G-Line for user@host)";
" Example: GLINE %*@*.idiot.net 900 Spammers (Adds a 15 min soft G-Line)";
" GLINE %*@*.idiot.net 1d5h Spammers (Adds a 29 hour soft G-Line)";
" GLINE %Idiot 1d Abuse";
" GLINE -%*@*.idiot.net";
" -";
" NOTE: requires the can_gkline oper flag";
};
@@ -827,17 +871,17 @@ help Shun {
};
help Gzline {
" This command provides timed global Z:line. If you match a Global Z:Line you cannot";
" This command provides timed global Z-Line. If you match a Global Z-Line you cannot";
" connect to ANY server on the IRC network";
" A time of 0 in the GZLINE makes it permanent (Never Expires).";
" You may also specify the time in the format 1d10h15m30s.";
" IRC Operator only command.";
" -";
" Syntax: GZLINE <*@ipmask> <seconds to be banned> :<reason>";
" (Adds a Global Z:line for *@ipmask)";
" GZLINE -<*@ipmask> (Removes a Global Z:line for *@ipmask)";
" Example: GZLINE *@4.16.200.* 900 Spammers (Adds a 15 min Global Z:line)";
" GZLINE *@4.16.200.* 1d5h Spammers (Adds a 29 hour Global Z:line)";
" (Adds a Global Z-Line for *@ipmask)";
" GZLINE -<*@ipmask> (Removes a Global Z-Line for *@ipmask)";
" Example: GZLINE *@4.16.200.* 900 Spammers (Adds a 15 min Global Z-Line)";
" GZLINE *@4.16.200.* 1d5h Spammers (Adds a 29 hour Global Z-Line)";
" NOTE: requires the can_gzline oper flag";
};
@@ -1021,16 +1065,14 @@ help Sdesc {
};
help Mkpasswd {
" This command will return a 'hash' of the string that has been specified,";
" you can use this hash for any encrypted passwords in your configuration file:";
" eg: for oper::password, vhost::password, etc.";
" Available types (in order of 'secureness'):";
" *NIX: crypt, md5, sha1 [*], ripemd160 [*]";
" Windows: crypt [*], md5, sha1, ripemd160 [*]";
" [*: only available if compiled with SSL support]";
" This command will return a 'hash' of the string that has been specified.";
" You can use this hash for any encrypted passwords in your configuration";
" file, such as for oper::password, vhost::password, etc.";
" See https://www.unrealircd.org/docs/Authentication_types for a list of";
" types and general recommendations.";
" -";
" Syntax: MKPASSWD <method> <password>";
" Example: MKPASSWD md5 IamTeh1337";
" Example: MKPASSWD argon2 IamTeh1337";
};
help Module {
@@ -1075,7 +1117,7 @@ help Tsctl {
help Svsnick {
" Changes the nickname of the user in question.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSNICK <nickname> <new nickname> <timestamp>";
" Example: SVSNICK hAtbLaDe Foobar 963086432";
@@ -1083,7 +1125,7 @@ help Svsnick {
help Svsmode {
" Changes the mode of the User in question.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSMODE <nickname> <usermode>";
" Example: SVSMODE hAtbLaDe +i";
@@ -1091,7 +1133,7 @@ help Svsmode {
help Svskill {
" Forcefully disconnects a user from the network.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSKILL <user> :<reason>";
" Example: SVSKILL Lamer21 :Goodbye";
@@ -1100,7 +1142,7 @@ help Svskill {
help Svsnoop {
" Enables or disables whether IRCop functions";
" exist on the server in question or not.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSNOOP <server> <+/->";
" Example: SVSNOOP leaf.server.net -";
@@ -1108,7 +1150,7 @@ help Svsnoop {
help Svsjoin {
" Forces a user to join a channel.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSJOIN <nick> <channel>[,<channel2>..] [key1[,key2[..]]]";
" Example: SVSJOIN hAtbLaDe #jail";
@@ -1117,7 +1159,7 @@ help Svsjoin {
help Svspart {
" Forces a user to leave a channel.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSPART <nick> <channel>[,<channel2>..] [<comment>]";
" Example: SVSPART hAtbLaDe #Hanson";
@@ -1126,18 +1168,18 @@ help Svspart {
};
help Svso {
" Gives nick Operflags like the ones in O:lines.";
" Gives nick Operflags like the ones in O-Lines.";
" Remember to set SVSMODE +o and alike.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSO <nick> <+operflags> (Adds the Operflags)";
" SVSO <nick> - (Removes all O:Line flags)";
" SVSO <nick> - (Removes all O-Line flags)";
" Example: SVSO SomeNick +bBkK";
};
help Swhois {
" Changes the WHOIS message of the Nickname.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SWHOIS <nick> :<message> (Sets the SWHOIS)";
" SWHOIS <nick> : (Resets the SWHOIS)";
@@ -1146,7 +1188,7 @@ help Swhois {
help Sqline {
" Bans a Nickname or a certain Nickname mask from the Server.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SQLINE <nickmask> :<Reason>";
" Example: SQLINE *Bot* :No bots";
@@ -1154,7 +1196,7 @@ help Sqline {
help Unsqline {
" Un-Bans a Nickname or Nickname mask";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Synax: UNSQLINE <nickmask>";
" Example: UNSQLINE *Bot*";
@@ -1163,7 +1205,7 @@ help Unsqline {
help Svs2mode {
" Changes the Usermode of a nickname and displays";
" the change to the user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVS2MODE <nickname> <usermodes>";
" Example: SVS2MODE hAtbLaDe +h";
@@ -1171,7 +1213,7 @@ help Svs2mode {
help Svsfline {
" Adds the given Filename mask to DCCDENY";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: :server SVSFLINE + file :reason (Add the filename)";
" :server SVSFLINE - file (Deletes the filename)";
@@ -1180,7 +1222,7 @@ help Svsfline {
help Svsmotd {
"Changes the Services Message Of The Day";
"Must be sent through an U:Lined server.";
"Must be sent through an U-Lined server.";
"Syntax: SVSMOTD # :<text> (Adds to Services MOTD)";
" SVSMOTD ! (Deletes the MOTD)";
" SVSMOTD ! :<text> (Deletes and Adds text)";
@@ -1189,7 +1231,7 @@ help Svsmotd {
help Svsnline {
" Adds a global realname ban.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" The reason must be a single parameter therefore";
" spaces are indicated by _, Unreal will internally";
" translate these to spaces.";
@@ -1204,7 +1246,7 @@ help Svslusers {
" Changes the global and/or local maximum user count";
" for a server. If -1 is specified for either of the";
" values, the current value is kept.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSLUSERS <server> <globalmax|-1> <localmax|-1>";
" Example: SVSLUSERS irc.test.com -1 200";
@@ -1212,14 +1254,14 @@ help Svslusers {
help Svswatch {
" Changes the WATCH list of a user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" Syntax: SVSWATCH <nick> :<watch parameters>";
" Example: SVSWATCH Blah :+Blih!*@* +Bluh!*@* +Bleh!*@*.com";
};
help Svssilence {
" Changes the SILENCE list of a user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" In contrast to the SILENCE command, you can add/remove";
" multiple entries in one line.";
" Syntax: SVSSILENCE <nick> :<silence parameters>";
@@ -1228,7 +1270,7 @@ help Svssilence {
help Svssno {
" Changes the snomask of the User in question.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSSNO <nickname> <snomasks>";
" Example: SVSSNO joe +Gc";
@@ -1237,7 +1279,7 @@ help Svssno {
help Svs2sno {
" Changes the snomask of a nickname and displays";
" the change to the user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVS2SNO <nickname> <snomasks>";
" Example: SVS2SNO joe +Gc";
@@ -1245,7 +1287,7 @@ help Svs2sno {
help Svsnolag {
" Enable 'no fake lag' for a user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVSNOLAG [+|-] <nickname>";
" Example: SVSNOLAG + joe";
@@ -1253,7 +1295,7 @@ help Svsnolag {
help Svs2nolag {
" Enable 'no fake lag' for a user.";
" Must be sent through an U:Lined server.";
" Must be sent through an U-Lined server.";
" -";
" Syntax: SVS2NOLAG [+|-] <nickname>";
" Example: SVS2NOLAG + joe";
+287 -289
View File
File diff suppressed because it is too large Load Diff
+404 -406
View File
File diff suppressed because it is too large Load Diff
+4 -6
View File
@@ -1,4 +1,4 @@
/* UnrealIRCd 4.0 Help Configuration
/* UnrealIRCd 4 Help Configuration
* Based on the original help text written by hAtbLaDe
* Revised by CC (07/2002) and many others
*
@@ -1018,13 +1018,11 @@ help Mkpasswd {
" Restituisce un 'hash' della stringa specificata.";
" Può essere utilizzato per ogni password criptata da inserire nel file di configurazione,";
" ad esempio come password per gli oper o per i vhost.";
" Metodi disponibili (in ordine di sicurezza):";
" *NIX: crypt, md5, sha1 [*], ripemd160 [*]";
" Windows: crypt [*], md5, sha1, ripemd160 [*]";
" [*: disponibile solo se compilato con supporto SSL]";
" Per ulteriori informazioni e metodi disponibili, consultare:";
" https://www.unrealircd.org/docs/Authentication_types";
" -";
" Sintassi: MKPASSWD <metodo> <password>";
" Esempio: MKPASSWD md5 LaMiaPassword";
" Esempio: MKPASSWD argon2 LaMiaPassword";
};
help Module {
+904 -906
View File
File diff suppressed because it is too large Load Diff
+753 -788
View File
File diff suppressed because it is too large Load Diff
+16 -3
View File
@@ -6,9 +6,18 @@
* include "modules.default.conf";
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize the modules to load, make a copy of this
* file (eg: name it modules.custom.conf) and edit it.
* Then include that file from your unrealircd.conf instead of this one.
* If you want to customize the modules to load you have two options:
* 1) Keep the include for modules.default.conf as usual and make use
* of blacklist-module "xyz"; to selectively disable modules.
* See https://www.unrealircd.org/docs/Blacklist-module_directive
* 2) OR, make a copy of this file (eg: name it modules.custom.conf)
* and edit it. Then include that file from your unrealircd.conf
* instead of this one.
* The downside of option #2 is that you will need to track changes
* in the original modules.default.conf with each new UnrealIRCd
* release to make sure you don't miss any new functionality (as new
* important modules may be added you need to add them to your conf).
* You don't have this problem with option #1.
*/
/*** Cloaking (for user mode +x) ***/
@@ -109,6 +118,7 @@ loadmodule "m_sjoin";
loadmodule "m_sqline";
loadmodule "m_swhois";
loadmodule "m_umode2";
loadmodule "m_sinfo";
// Services commands
// You could disable these if you don't use Services
@@ -179,6 +189,9 @@ loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services ac
loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
/*** CAP modules ***/
+124 -8
View File
@@ -31,14 +31,6 @@ set { staff-file "network.staff"; };
loadmodule "nocodes";
/*** Extended Bans ***/
/* See https://www.unrealircd.org/docs/Extended_bans for information */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
/*** Other ***/
// The hideserver module will hide /MAP and /LINKS to regular users.
@@ -135,9 +127,133 @@ set {
mask 192.168.*;
mask 127.*;
};
/* EXCEPT-WEBIRC:
* This will make antirandom not check connections from WEBIRC gateways.
* ( see https://www.unrealircd.org/docs/WebIRC_block )
* It seems WEBIRC connections frequently cause false positives so the
* default is 'yes'.
*/
except-webirc yes;
};
};
// This adds websocket support. For more information, see:
// https://www.unrealircd.org/docs/WebSocket_support
loadmodule "websocket";
// This adds support for WHOX
// This is currently experimental!
loadmodule "m_whox";
// This module will detect and stop spam containing of characters of
// mixed "scripts", where (for example) some characters are in
// Latin script and other characters are in Cyrillic script.
loadmodule "antimixedutf8";
set {
antimixedutf8 {
/* Take action at this 'score'.
* 10 is a good and safe default.
*/
score 10;
/* Action to take, see:
* https://www.unrealircd.org/docs/Actions
*/
ban-action block;
/* Block/kill/ban reason (sent to user) */
ban-reason "Possible mixed character spam";
/* Duration of ban (does not apply to block/kill) */
ban-time 4h; // For other types
};
};
// This provides an authentication prompt if a user is forced to
// authenticate due to a 'require authentication' block or for
// some other reason. It tells them to use SASL or type /AUTH user:pass
// See also the following article for more general information:
// https://www.unrealircd.org/docs/Authentication
// NOTE: This feature is currently experimental.
loadmodule "authprompt";
set {
authentication-prompt {
/* Enabled or not? */
enabled yes;
message "The server requires clients from this IP address to authenticate with a registered nickname and password.";
message "Please reconnect using SASL, or authenticate now by typing: /QUOTE AUTH nick:password";
/* As you can see you can have multiple 'message' items.
* It may be useful to refer to a webpage for more
* information and/or where users can register their nick.
*/
//fail-message "Authentication failed";
/* Multiple fail-message lines are also supported */
};
};
// If you use the authprompt module then you may want to raise the
// timeout in which users must complete the handshake.
// By uncommenting the following, you can raise it from 30 to 60 seconds:
// set { handshake-timeout 60s; };
/*
* The following will configure connection throttling of "unknown users".
*
* When UnrealIRCd detects a high number of users connecting from IP addresses
* that have not been seen before, then connections from new IP's are rejected
* above the set rate. For example at 10:60 only 10 users per minute can connect
* that have not been seen before. Known IP addresses can always get in,
* regardless of the set rate. Same for users who login using SASL.
*
* See also https://www.unrealircd.org/docs/Connthrottle
* Or just keep reading the default configuration below:
*/
loadmodule "reputation";
loadmodule "connthrottle";
set {
connthrottle {
/* First we must configure what we call "known users".
* By default these are users on IP addresses that have
* a score of 24 or higher. A score of 24 means that the
* IP was connected to this network for at least 2 hours
* in the past month (or minimum 1 hour if registered).
* The sasl-bypass option is another setting. It means
* that users who authenticate to services via SASL
* are considered known users as well.
* Users in the "known-users" group (either by reputation
* or by SASL) are always allowed in by this module.
*/
known-users {
minimum-reputation-score 24;
sasl-bypass yes;
};
/* New users are all users that do not belong in the
* known-users group. They are considered "new" and in
* case of a high number of such new users connecting
* they are subject to connection rate limiting.
* By default the rate is 20 new local users per minute
* and 30 new global users per minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
};
/* This configures when this module will NOT be active.
* The default settings will disable the module when:
* - The reputation module has been running for less than
* a week. If running less than 1 week then there is
* insufficient data to consider who is a "known user".
* - The server has just been booted up (first 3 minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
};
};
};
+43 -67
View File
@@ -6,9 +6,11 @@
*
* The operclass block is extensively documented at:
* https://www.unrealircd.org/docs/Operclass_block
* And the permissions itself (operclass::permissions) at:
* https://www.unrealircd.org/docs/Operclass_permissions
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* Instead, if you want to change the privileges in an operclass block,
* Instead, if you want to change the permissions in an operclass block,
* you should copy the definition, or this entire file, to either your
* unrealircd.conf or some other file (eg: operclass.conf) that you
* you will include from your unrealircd.conf.
@@ -18,147 +20,121 @@
/* Local IRC Operator */
operclass locop {
privileges {
privacy;
permissions {
chat;
channel;
client;
channel { operonly; override { flood; }; };
client { see; };
immune;
self;
notice { local; };
server { opermotd; info; close; module; dns; rehash; };
route { local; };
kill { local; };
tkl {
server-ban {
kline;
zline { local; };
};
trace { local; invisible-users; };
map;
};
};
/* Global IRC Operator */
operclass globop {
privileges {
privacy;
permissions {
chat;
channel;
channel { operonly; see; override { flood; }; };
client;
immune;
notice;
self;
server { opermotd; info; close; remote; module; dns; rehash; };
server { opermotd; info; close; module; dns; rehash;
remote; tsctl { view; }; };
route;
kill;
tkl { shun; zline; kline; gline; };
trace;
who;
override { see; };
map;
server-ban { dccdeny; shun; zline; kline; gline; };
};
};
/* Server administrator */
operclass admin {
privileges {
privacy;
permissions {
chat;
channel;
channel { operonly; see; override { flood; }; };
client;
immune;
notice;
self;
server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; }; };
route;
kill;
tkl { shun; zline; kline; gline; };
spamfilter;
trace;
who;
override { see; };
map;
server-ban;
};
};
/* Services Admin */
operclass services-admin {
privileges {
privacy;
permissions {
chat;
channel;
channel { operonly; see; override { flood; }; };
client;
immune;
notice;
self;
server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; }; };
route;
kill;
tkl { shun; zline; kline; gline; };
spamfilter;
trace;
who;
sajoin;
sapart;
samode;
override { see; };
server-ban;
sacmd;
services;
};
};
/* Network Administrator */
operclass netadmin {
privileges {
privacy;
permissions {
chat;
channel;
channel { operonly; see; override { flood; }; };
client;
immune;
notice;
self;
server { opermotd; info; close; remote; module; dns; addline; rehash; description; addmotd; addomotd; tsctl; };
kill;
tkl { shun; zline; kline; gline; };
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl; };
route;
spamfilter;
trace;
who;
sajoin;
sapart;
samode;
servicebot { deop; kill; };
override { see; };
map;
kill;
server-ban;
sacmd;
services;
};
};
/* Same as 'globop' operclass, but with OperOverride capabilities added */
operclass globop-with-override {
parent globop;
privileges {
override;
permissions {
channel { operonly; see; override; };
};
};
/* Same as 'admin' operclass, but with OperOverride capabilities added */
operclass admin-with-override {
parent admin;
privileges {
override;
permissions {
channel { operonly; see; override; };
};
};
/* Same as 'services-admin' operclass, but with OperOverride capabilities added */
operclass services-admin-with-override {
parent services-admin;
privileges {
override;
permissions {
channel { operonly; see; override; };
};
};
/* Same as 'netadmin' operclass, but with OperOverride capabilities added */
operclass netadmin-with-override {
parent netadmin;
privileges {
override;
permissions {
channel { operonly; see; override; };
};
};
+119 -197
View File
@@ -1,232 +1,154 @@
/*
* This an example spamfilter file, it contains several
* real and useful spamfilters. This should give you an
* idea of how powerful spamfilter can be in real-life
* situations.
* This configuration file contains example spamfilter rules.
* They are real rules that were useful a long time ago.
* Since 2005 these rules are no longer maintained.
* The main purpose nowadays is to serve as an example
* to give you an idea of how powerful spamfilters can
* be in real-life situations.
*
* $Id$
* Documentation on spamfilter is available at:
* https://www.unrealircd.org/docs/Spamfilter
*/
/* Guidelines on the 'action' field:
* As a general rule we use 'action block' for any newly added
* spamfilters at first, later on (after knowing about false
* positives) we might change some to viruschan/kill/gline/etc..
/* General note:
* If you want to use a \ in a spamfilter, or in fact
* anywhere in the configuration file, then you need
* to escape this to \\ instead.
*/
/* First some spamfilters with match-type 'simple'.
* The only matchers available are * and ?
* PRO's: very fast, easy matching: everyone can do this.
* CON's: limited ability to fine-tune spamfilters
*/
spamfilter {
match-type posix;
match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
target { private; channel; };
action kill;
reason "mIRC 6.0-6.11 exploit attempt";
};
spamfilter {
match-type posix;
match "\x01DCC (SEND|RESUME).{225}";
target { private; channel; };
action kill;
reason "Possible mIRC 6.12 exploit attempt";
};
spamfilter {
match-type posix;
match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
match-type simple;
match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
target private;
action gline;
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
};
/* This signature uses a \ which has to escaped to \\ in the configuration file */
spamfilter {
match-type posix;
match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
target private;
action gline;
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
};
spamfilter {
match-type posix;
match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
action block;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
};
spamfilter {
match-type posix;
match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
target private;
action gline;
reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
};
spamfilter {
match-type posix;
match "^!login Wasszup!$";
target channel;
action gline;
reason "Attempting to login to a GTBot";
};
spamfilter {
match-type posix;
match "^!login grrrr yeah baby!$";
target channel;
action gline;
reason "Attempting to login to a GTBot";
};
spamfilter {
match-type posix;
match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
target channel;
action gline;
reason "Attempting to use a GTBot";
};
spamfilter {
match-type posix;
match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
target channel;
action gline;
reason "Attempting to use a GTBot";
};
spamfilter {
match-type posix;
match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
target channel;
action gline;
reason "Attempting to use a GTBot";
};
spamfilter {
match-type posix;
match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
target channel;
action gline;
reason "Attempting to use a GTBot";
};
spamfilter {
match-type posix;
match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
target channel;
action gline;
reason "Attempting to use an SDBot";
};
spamfilter {
match-type posix;
match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
target { channel; private; };
action gline;
reason "Attempting to use a SpyBot";
};
spamfilter {
match-type posix;
match "^porn! porno! http://.+\/sexo\.exe";
target private;
action gline;
reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
};
spamfilter {
match-type posix;
match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
target private;
action gline;
reason "Infected by some trojan (erotica?)";
};
spamfilter {
match-type posix;
match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
};
spamfilter {
match-type posix;
match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
};
spamfilter {
match-type posix;
match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
};
spamfilter {
match-type posix;
match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
target private;
action gline;
reason "Infected by LOI trojan";
};
/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
spamfilter {
match-type posix;
match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
match-type simple;
match "C:\\WINNT\\system32\\*.zip";
target dcc;
action block;
reason "Infected by Gaggle worm?";
};
spamfilter {
match-type posix;
match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
target dcc;
action dccblock;
reason "Infected by Gaggle worm";
};
spamfilter {
match-type posix;
match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
target { private; quit; };
action block;
reason "Infected by Gaggle worm";
};
spamfilter {
match-type posix;
match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
match-type simple;
match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
target private;
action block;
reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
action gline;
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
};
spamfilter {
match-type posix;
match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
target channel;
action block;
reason "$decode exploit";
match-type simple;
match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
};
/*
/* Now spamfilters of type 'regex'.
* These use powerful regular expressions (Perl/PCRE style)
* You may have to learn more about "regex" first before you
* can use them. For example the dot ('.') has special meaning.
*/
/* This regex shows a pattern which requires 20 paramaters,
* such as "x x x x x x x x x x x x x x x x x x x x"
*/
spamfilter {
regex "//write \$decode\(.+\|.+load -rs";
match-type regex;
match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
target { private; channel; };
reason "Generic $decode exploit";
action block;
action kill;
reason "mIRC 6.0-6.11 exploit attempt";
};
*/
/* Similarly, this regex shows a pattern that matches
* against at least 225 characters in length.
*/
spamfilter {
match-type posix;
match-type regex;
match "\x01DCC (SEND|RESUME).{225}";
target { private; channel; };
action kill;
reason "Possible mIRC 6.12 exploit attempt";
};
/* Earlier you saw an example of a $decode exploit which used
* match-type 'simple' and - indeed - the filter was quite simple.
* The following uses a regex with a similar example.
* Regular expressions are very powerful but here you can see
* that it actually complicates writing a filter quite a bit.
* With regex in this filter we need to escape the ( and all
* the dots, question marks, etc. if we want to match these
* characters in literal text.
*/
spamfilter {
match-type regex;
match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
target private;
action block;
reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
};
spamfilter {
match-type regex;
match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
action block;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
};
/* This shows a regex which specifically matches an entire line by
* the use of ^ and $
*/
spamfilter {
match-type regex;
match "^!login Wasszup!$";
target channel;
action gline;
reason "Attempting to login to a GTBot";
};
/* An example of how to match against an IP address in text (IPv4 only) */
spamfilter {
match-type regex;
match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
target channel;
action gline;
reason "Attempting to use a GTBot";
};
/* A slightly more complex example with a partial OR matcher (|) */
spamfilter {
match-type regex;
match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
target private;
action gline;
reason "Infected by some trojan (erotica?)";
};
/* In regex a \ is special and needs to be escaped to \\
* However in this configuration file, \ is also special and
* needs to be escaped to \\ as well.
* The result is that we need double escaping:
* To match a \ you need to write \\\\ in the configuration file.
*/
spamfilter {
match-type regex;
match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
target dcc;
action dccblock;
reason "Infected by Gaggle worm";
};
File diff suppressed because it is too large Load Diff
Binary file not shown.
+9 -3
View File
@@ -14,6 +14,12 @@ export MAKE="make -j3"
export CPPFLAGS="-DFAKELAG_CONFIGURABLE"
extras/build-tests/nix/select-config $BUILDCONFIG
# Read config.settings, this makes a couple of variables available to us.
. ./config.settings
if [ "$SSLDIR" != "" ]; then
# In case we build local openssl/libressl
export LD_LIBRARY_PATH="$SSLDIR/lib"
fi
./Config -quick || (tail -n 5000 config.log; echo '*** now tre:'; tail -n 5000 extras/tre-0.8.0-git/config.log; echo '** end of tre config.log **'; exit 1)
$MAKE
yes ''|make pem
@@ -47,6 +53,6 @@ fi
echo ""
echo ""
echo "Now running UnrealIRCd test framework..."
set -x
extras/build-tests/nix/run-tests
#echo "Now running UnrealIRCd test framework..."
#set -x
#extras/build-tests/nix/run-tests
+16 -6
View File
@@ -18,11 +18,11 @@ if [[ "$OSTYPE" == "darwin"* ]]; then
gem install rspec || true
else
sudo apt-get install git python rake -y
sudo gem install bundler
gem install bundler -v "~>1.0"
fi
# Install 'ircfly'
git clone https://github.com/unrealircd/ircfly.git
git clone -q https://github.com/unrealircd/ircfly.git
cd ircfly
bundle install
bundle exec rake build
@@ -33,20 +33,30 @@ else
fi
cd ..
# Install 'unrealircd-tests'
git clone https://github.com/unrealircd/unrealircd-tests.git
cd unrealircd-tests
# Install 'cipherscan'
git clone -q https://github.com/mozilla/cipherscan
# Install 'unrealircd-tests-old'
git clone -q https://github.com/unrealircd/unrealircd-tests-old.git
cd unrealircd-tests-old
bundle install
mv config.yaml.example config.yaml
# Start the IRC servers
cp ircdconfig/* ~/unrealircd/conf/
cd ~/unrealircd
bin/unrealircd -f hub.conf
bin/unrealircd -f irc1.conf
bin/unrealircd -f irc2.conf
cd -
# Back in unrealircd-tests, run the tests!
# Do cipherscan test
sleep 2
cd ../extras/tests/tls
./tls-tests
cd -
# Back in unrealircd-tests-old, run the tests!
if [[ "$OSTYPE" == "darwin"* ]]; then
bundle exec rake
else
+40 -1
View File
@@ -4,8 +4,28 @@
# It is not meant to be used by end-users
#
function fail()
{
echo "select-config failed: $*"
exit 1
}
function build_ssl {
DIR="$2"
URL="$1/$2.tar.gz"
savewd="$PWD"
cd ~
wget "$URL" || exit 1
tar xzf $DIR.tar.gz
cd "$DIR"
(./configure --prefix=$HOME/ssl 1>/dev/null 2>&1 || ./config --prefix=$HOME/ssl -fPIC 1>/dev/null 2>&1 ) || fail "build_ssl: configure/config failed"
(make -j2 1>/dev/null 2>&1 && make install 1>/dev/null 2>&1) || fail "build_ssl: make failed"
cd "$savewd"
echo "SSLDIR=$HOME/ssl" >>config.settings
}
if [ ! -d extras ]; then
echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.0.x or similar"
echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.2.x or similar"
exit 1
fi
@@ -18,6 +38,7 @@ cp extras/build-tests/nix/configs/default ./config.settings
# Also for our FreeBSD machine we have to uninstall some stuff since a clean
# environment is not guaranteed...
if [ "$OSTYPE" = "linux-gnu" ]; then
sudo apt-get -qq update
sudo apt-get install libtool -qq
elif [[ "$OSTYPE" == "freebsd"* ]]; then
sudo pkg install -y libtool
@@ -67,9 +88,27 @@ do
fi
echo 'REMOTEINC=1' >>config.settings
echo "CURLDIR=`pwd`/extras/curl" >>config.settings
elif [ "$1" = "libressl-27" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.7.5
elif [ "$1" = "libressl-28" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.8.3
elif [ "$1" = "libressl-29" ]; then
build_ssl https://ftp.openbsd.org/pub/OpenBSD/LibreSSL libressl-2.9.0
elif [ "$1" = "openssl-102" ]; then
build_ssl https://www.openssl.org/source openssl-1.0.2q
elif [ "$1" = "openssl-110" ]; then
build_ssl https://www.openssl.org/source openssl-1.1.0j
elif [ "$1" = "openssl-111" ]; then
build_ssl https://www.openssl.org/source openssl-1.1.1a
else
echo "Unknown option $1"
exit 1
fi
shift
done
if [[ "$OSTYPE" == "darwin"* ]]; then
echo "NOTE: Not building with -Werror for now on macOS..."
else
echo 'EXTRAPARA="--enable-werror"' >>config.settings
fi
+4 -6
View File
@@ -1,23 +1,21 @@
rem Build script for appveyor
rem Initialize Visual Studio variables
if "%TARGET%" == "Visual Studio 2012" call "C:\Program Files (x86)\Microsoft Visual Studio 11.0\VC\vcvarsall.bat" x86
if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"
rem Installing tools
cinst unrar -y
cinst unzip -y
cinst wget -y
cinst innosetup -y
wget https://www.unrealircd.org/files/dev/win/dlltool.exe
curl -fsS -o dlltool.exe https://www.unrealircd.org/files/dev/win/dlltool.exe
rem Installing UnrealIRCd dependencies
cd \projects
mkdir unrealircd-deps
cd unrealircd-deps
wget https://www.unrealircd.org/files/dev/win/SetACL.exe
wget https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-4.0.16.zip
unzip unrealircd-libraries-4.0.16.zip
curl -fsS -o SetACL.exe https://www.unrealircd.org/files/dev/win/SetACL.exe
curl -fsS -o unrealircd-libraries-devel.zip https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-devel.zip
unzip unrealircd-libraries-devel.zip
cd \projects\unrealircd
@@ -1,28 +0,0 @@
rem Build command for Visual Studio 2012
rem This version needs a patch of the makefile.win32
IF EXIST rollback409410.rar GOTO nopatch
rem Patch to support Visual Studio 2012
wget https://www.unrealircd.org/files/dev/win/rollback409410.rar
unrar x rollback409410.rar
patch -p1 -R <rollback409.makefile.patch
patch -p1 -R <rollback409.unrealinst.patch
:nopatch
nmake -f makefile.win32 ^
USE_SSL=1 ^
OPENSSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
OPENSSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\x86" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc110\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
CARESLIB="cares.lib" ^
TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
TRELIB="tre.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\build" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\build\release" ^
PCRE2LIB="pcre2-8.lib" %*
@@ -2,17 +2,20 @@ rem Build command for Visual Studio 2017
nmake -f makefile.win32 ^
LIBRESSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\x86" ^
SSLLIB="libcrypto-41.lib libssl-43.lib libtls-15.lib" ^
LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\lib" ^
SSLLIB="crypto-44.lib ssl-46.lib" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc110\cares\dll-release" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
CARESLIB="cares.lib" ^
TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
TRELIB="tre.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\build" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\build\release" ^
PCRE2LIB="pcre2-8.lib" %*
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\include" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\lib" ^
PCRE2LIB="pcre2-8.lib" ^
ARGON2_LIB_DIR="c:\projects\unrealircd-deps\argon2\vs2015\build" ^
ARGON2_INC_DIR="c:\projects\unrealircd-deps\argon2\include" ^
ARGON2LIB="Argon2RefDll.lib" %*
Binary file not shown.
+2 -2
View File
@@ -4,7 +4,7 @@ OUTF="curl-latest.tar.gz"
OUTD="curl-latest"
ARESPATH="`pwd`/extras/c-ares"
UNREALDIR="`pwd`"
CARESVERSION="1.13.0"
CARESVERSION="1.15.0"
LIBDIR="$1"
if [ "x$1" = "x" ]; then
@@ -18,7 +18,7 @@ if [ ! -f src/parse.c ]; then
cd ..
else
echo "Please run this program from your UnrealIRCd directory"
echo "(usually $HOME/unrealircd-4.0.X or something like that)"
echo "(usually $HOME/unrealircd-4.2.X or something like that)"
exit 1
fi
fi
+40
View File
@@ -0,0 +1,40 @@
#!/bin/sh
#
# This script tries to upgrade spamfilter.conf from an old
# version that uses 'posix' spamfilters to a bit more recent
# version with examples using 'regex' spamfilters.
# This so fewer users end up with a headache when upgrading
# to UnrealIRCd 4.2.3+.
#
if [ -f spamfilter.conf.patch ]; then
F="`pwd`/spamfilter.conf.patch"
elif [ -f extras/patches/spamfilter.conf.patch ]; then
F="`pwd`/extras/patches/spamfilter.conf.patch"
else
echo "WARNING: spamfilter.conf.patch not found"
exit 0
fi
if [ ! -f "$F" ]; then
echo "WARNING: spamfilter.conf.patch not found in round two"
exit 0
fi
if [ "$1" = "" ]; then
echo "ERROR: No target confdir specified."
exit 0
fi
if [ ! -f "$1/spamfilter.conf" ]; then
echo "WARNING: no spamfilter.conf found in $1 -- strange"
exit 0
fi
cd "$1" || exit 1
cat "$F"|patch -p0 --dry-run -N 1>/dev/null 2>&1
if [ "$?" = 0 ]; then
# Patch succeeded, patch now!
echo "Upgrading examples in your spamfilter.conf..."
cat "$F"|patch -p0 -N
fi
+328
View File
@@ -0,0 +1,328 @@
--- spamfilter.conf.old 2015-06-27 18:29:01.084559805 +0200
+++ spamfilter.conf 2019-04-04 18:29:38.390647262 +0200
@@ -1,232 +1,154 @@
/*
- * This an example spamfilter file, it contains several
- * real and useful spamfilters. This should give you an
- * idea of how powerful spamfilter can be in real-life
- * situations.
+ * This configuration file contains example spamfilter rules.
+ * They are real rules that were useful a long time ago.
+ * Since 2005 these rules are no longer maintained.
+ * The main purpose nowadays is to serve as an example
+ * to give you an idea of how powerful spamfilters can
+ * be in real-life situations.
*
- * $Id$
+ * Documentation on spamfilter is available at:
+ * https://www.unrealircd.org/docs/Spamfilter
*/
-/* Guidelines on the 'action' field:
- * As a general rule we use 'action block' for any newly added
- * spamfilters at first, later on (after knowing about false
- * positives) we might change some to viruschan/kill/gline/etc..
+/* General note:
+ * If you want to use a \ in a spamfilter, or in fact
+ * anywhere in the configuration file, then you need
+ * to escape this to \\ instead.
*/
-spamfilter {
- match-type posix;
- match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
- target { private; channel; };
- action kill;
- reason "mIRC 6.0-6.11 exploit attempt";
-};
-spamfilter {
- match-type posix;
- match "\x01DCC (SEND|RESUME).{225}";
- target { private; channel; };
- action kill;
- reason "Possible mIRC 6.12 exploit attempt";
-};
+/* First some spamfilters with match-type 'simple'.
+ * The only matchers available are * and ?
+ * PRO's: very fast, easy matching: everyone can do this.
+ * CON's: limited ability to fine-tune spamfilters
+ */
spamfilter {
- match-type posix;
- match "Come watch me on my webcam and chat /w me :-\) http://.+:\d+/me\.mpg";
+ match-type simple;
+ match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
target private;
action gline;
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
};
+/* This signature uses a \ which has to escaped to \\ in the configuration file */
spamfilter {
- match-type posix;
- match "Speed up your mIRC DCC Transfer by up to 75%.*www\.freewebs\.com/mircupdate/mircspeedup\.exe";
- target private;
- action gline;
- reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
-};
-
-spamfilter {
- match-type posix;
- match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
- target private;
+ match-type simple;
+ match "C:\\WINNT\\system32\\*.zip";
+ target dcc;
action block;
- reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
+ reason "Infected by Gaggle worm?";
};
spamfilter {
- match-type posix;
- match "^FREE PORN: http://free:porn@([0-9]{1,3}\.){3}[0-9]{1,3}:8180$";
+ match-type simple;
+ match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
target private;
action gline;
- reason "Infected by aplore worm: see http://www.f-secure.com/v-descs/aplore.shtml";
-};
-
-spamfilter {
- match-type posix;
- match "^!login Wasszup!$";
- target channel;
- action gline;
- reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
- match-type posix;
- match "^!login grrrr yeah baby!$";
- target channel;
- action gline;
- reason "Attempting to login to a GTBot";
-};
-
-spamfilter {
- match-type posix;
- match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
- target channel;
- action gline;
- reason "Attempting to use a GTBot";
-};
-
-spamfilter {
- match-type posix;
- match "^!icqpagebomb ([0-9]{1,15} ){2}.+";
- target channel;
- action gline;
- reason "Attempting to use a GTBot";
+ reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
};
spamfilter {
- match-type posix;
- match "^!pfast [0-9]{1,15} ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5}$";
- target channel;
+ match-type simple;
+ match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
+ target private;
action gline;
- reason "Attempting to use a GTBot";
+ reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
};
-spamfilter {
- match-type posix;
- match "^!portscan ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,5} [0-9]{1,5}$";
- target channel;
- action gline;
- reason "Attempting to use a GTBot";
-};
-spamfilter {
- match-type posix;
- match "^.u(dp)? ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15} [0-9]{1,15} [0-9]{1,15}( [0-9])*$";
- target channel;
- action gline;
- reason "Attempting to use an SDBot";
-};
+/* Now spamfilters of type 'regex'.
+ * These use powerful regular expressions (Perl/PCRE style)
+ * You may have to learn more about "regex" first before you
+ * can use them. For example the dot ('.') has special meaning.
+ */
+/* This regex shows a pattern which requires 20 paramaters,
+ * such as "x x x x x x x x x x x x x x x x x x x x"
+ */
spamfilter {
- match-type posix;
- match "^.syn ((([0-9]{1,3}\.){3}[0-9]{1,3})|([a-zA-Z0-9_-]+\.[a-zA-Z0-9_-]+\.[a-zA-Z0-9_.-]+)) [0-9]{1,5} [0-9]{1,15} [0-9]{1,15}";
- target { channel; private; };
- action gline;
- reason "Attempting to use a SpyBot";
+ match-type regex;
+ match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
+ target { private; channel; };
+ action kill;
+ reason "mIRC 6.0-6.11 exploit attempt";
};
+/* Similarly, this regex shows a pattern that matches
+ * against at least 225 characters in length.
+ */
spamfilter {
- match-type posix;
- match "^porn! porno! http://.+\/sexo\.exe";
- target private;
- action gline;
- reason "Infected by soex trojan: see http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FSOEX.A";
+ match-type regex;
+ match "\x01DCC (SEND|RESUME).{225}";
+ target { private; channel; };
+ action kill;
+ reason "Possible mIRC 6.12 exploit attempt";
};
+/* Earlier you saw an example of a $decode exploit which used
+ * match-type 'simple' and - indeed - the filter was quite simple.
+ * The following uses a regex with a similar example.
+ * Regular expressions are very powerful but here you can see
+ * that it actually complicates writing a filter quite a bit.
+ * With regex in this filter we need to escape the ( and all
+ * the dots, question marks, etc. if we want to match these
+ * characters in literal text.
+ */
spamfilter {
- match-type posix;
- match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
+ match-type regex;
+ match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
target private;
- action gline;
- reason "Infected by some trojan (erotica?)";
+ action block;
+ reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
};
spamfilter {
- match-type posix;
- match "^STOP SPAM, USE THIS COMMAND: //write nospam \$decode\(.+\) \| \.load -rs nospam \| //mode \$me \+R$";
+ match-type regex;
+ match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
- action gline;
- reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ action block;
+ reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
};
+/* This shows a regex which specifically matches an entire line by
+ * the use of ^ and $
+ */
spamfilter {
- match-type posix;
- match "^FOR MATRIX 2 DOWNLOAD, USE THIS COMMAND: //write Matrix2 \$decode\(.+=,m\) \| \.load -rs Matrix2 \| //mode \$me \+R$";
- target private;
+ match-type regex;
+ match "^!login Wasszup!$";
+ target channel;
action gline;
- reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ reason "Attempting to login to a GTBot";
};
+/* An example of how to match against an IP address in text (IPv4 only) */
spamfilter {
- match-type posix;
- match "^hey .* to get OPs use this hack in the chan but SHH! //\$decode\(.*,m\) \| \$decode\(.*,m\)$";
- target private;
+ match-type regex;
+ match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
+ target channel;
action gline;
- reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
+ reason "Attempting to use a GTBot";
};
+/* A slightly more complex example with a partial OR matcher (|) */
spamfilter {
- match-type posix;
- match ".*(http://jokes\.clubdepeche\.com|http://horny\.69sexy\.net|http://private\.a123sdsdssddddgfg\.com).*";
+ match-type regex;
+ match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
target private;
action gline;
- reason "Infected by LOI trojan";
-};
-
-/* This is a 'general sig' which might have a tad more false positives, hence just 'block' is used */
-spamfilter {
- match-type posix;
- match "C:\\WINNT\\system32\\[][0-9a-z_-{|}`]+\.zip";
- target dcc;
- action block;
- reason "Infected by Gaggle worm?";
+ reason "Infected by some trojan (erotica?)";
};
+/* In regex a \ is special and needs to be escaped to \\
+ * However in this configuration file, \ is also special and
+ * needs to be escaped to \\ as well.
+ * The result is that we need double escaping:
+ * To match a \ you need to write \\\\ in the configuration file.
+ */
spamfilter {
- match-type posix;
- match "C:\\WINNT\\system32\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
+ match-type regex;
+ match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
target dcc;
action dccblock;
reason "Infected by Gaggle worm";
};
-
-spamfilter {
- match-type posix;
- match "http://.+\.lycos\..+/[iy]server[0-9]/[a-z]{4,11}\.(gif|jpg|avi|txt)";
- target { private; quit; };
- action block;
- reason "Infected by Gaggle worm";
-};
-
-spamfilter {
- match-type posix;
- match "^Free porn pic.? and movies (www\.sexymovies\.da\.ru|www\.girlporn\.org)";
- target private;
- action block;
- reason "Unknown virus. Site causes Backdoor.Delf.lq infection";
-};
-
-spamfilter {
- match-type posix;
- match "^LOL! //echo -a \$\(\$decode\(.+,m\),[0-9]\)$";
- target channel;
- action block;
- reason "$decode exploit";
-};
-
-/*
-spamfilter {
- regex "//write \$decode\(.+\|.+load -rs";
- target { private; channel; };
- reason "Generic $decode exploit";
- action block;
-};
-*/
-
-spamfilter {
- match-type posix;
- match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
- target private;
- action block;
- reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
-};
Binary file not shown.
+3 -3
View File
@@ -3,10 +3,10 @@
# Note that you may still see some DENIED warnings in logs with
# operation="chmod". These are harmless and can be safely ignored.
#
# Tested on Ubuntu 16.x and 17.x
# Tested on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
#
# NOTE: you will have to modify the path to executable below
# if it's not /home/ircd/unrealircd/bin/unrealircd.
# IMPORTANT: you will have to modify the path to executable below
# if it's not /home/ircd/unrealircd/bin/unrealircd !
#include <tunables/global>
@@ -0,0 +1,33 @@
Target: 127.0.0.1:5900
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
3 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
4 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
5 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
7 AES256-GCM-SHA384 TLSv1.2 None None
8 AES128-GCM-SHA256 TLSv1.2 None None
9 AES256-SHA256 TLSv1.2 None None
10 AES128-SHA256 TLSv1.2 None None
11 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
12 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
Certificate: untrusted, 4096 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: None
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes
Intolerance to:
SSL 3.254 : absent
TLS 1.0 : absent
TLS 1.1 : absent
TLS 1.2 : absent
TLS 1.3 : absent
TLS 1.4 : absent
@@ -0,0 +1,33 @@
Target: 127.0.0.1:5900
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
3 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
4 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-521,521bits secp521r1,secp384r1,prime256v1
7 AES256-GCM-SHA384 TLSv1.2 None None
8 AES128-GCM-SHA256 TLSv1.2 None None
9 AES256-SHA256 TLSv1.2 None None
10 AES128-SHA256 TLSv1.2 None None
11 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
12 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
Certificate: untrusted, 4096 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: None
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes
Intolerance to:
SSL 3.254 : absent
TLS 1.0 : absent
TLS 1.1 : absent
TLS 1.2 : absent
TLS 1.3 : absent
TLS 1.4 : absent
@@ -0,0 +1,33 @@
Target: 127.0.0.1:5900
prio ciphersuite protocols pfs curves
1 ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
2 ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
3 ECDHE-RSA-AES256-SHA384 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
4 ECDHE-RSA-AES256-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
5 ECDHE-RSA-AES128-SHA256 TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
6 ECDHE-RSA-AES128-SHA TLSv1,TLSv1.1,TLSv1.2 ECDH,P-256,256bits prime256v1,secp521r1,brainpoolP512r1,brainpoolP384r1,secp384r1,brainpoolP256r1,secp256k1,sect571r1,sect571k1,sect409k1,sect409r1,sect283k1,sect283r1
7 AES256-GCM-SHA384 TLSv1.2 None None
8 AES128-GCM-SHA256 TLSv1.2 None None
9 AES256-SHA256 TLSv1.2 None None
10 AES128-SHA256 TLSv1.2 None None
11 AES256-SHA TLSv1,TLSv1.1,TLSv1.2 None None
12 AES128-SHA TLSv1,TLSv1.1,TLSv1.2 None None
Certificate: untrusted, 4096 bits, sha256WithRSAEncryption signature
TLS ticket lifetime hint: None
NPN protocols: None
OCSP stapling: not supported
Cipher ordering: server
Curves ordering: server - fallback: no
Server supports secure renegotiation
Server supported compression methods: NONE
TLS Tolerance: yes
Intolerance to:
SSL 3.254 : absent
TLS 1.0 : absent
TLS 1.1 : absent
TLS 1.2 : absent
TLS 1.3 : absent
TLS 1.4 : absent
+81
View File
@@ -0,0 +1,81 @@
#!/bin/bash
# We assume we are executed from extras/tests/tls
function fail()
{
echo "TLS TEST ERROR: $*"
exit 1
}
CIPHERSCAN="cipherscan"
OPENSSL="openssl"
if [ -x /home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan ]; then
CIPHERSCAN="/home/travis/build/unrealircd/unrealircd/cipherscan/cipherscan"
OPENSSL="/home/travis/build/unrealircd/unrealircd/cipherscan/openssl"
fi
$CIPHERSCAN --help >/dev/null || exit 1
# This is the basic cipherscan test.
# It compares the output against a reference .txt file and alarms us if there
# are any changes. These changes may not always be harmful, but at least we
# will get warned on any possible changes.
$CIPHERSCAN --no-colors 127.0.0.1:5900|grep -vF '.....' >cipherscan.test.txt
# Now check if profile matches, if so.. everything is ok.
# We have 1 or more baseline profiles
# And you can optionally add profile-specific, eg openssl-102.txt
FAILED=1
for f in cipherscan_profiles/baseline*txt cipherscan_profiles/$BUILDCONFIG.txt
do
diff -uab $f cipherscan.test.txt 1>/dev/null 2>&1
if [ "$?" -eq 0 ]; then
FAILED=0
echo "Cipherscan profile $f matched."
break
fi
done
if [ "$FAILED" -eq 1 ]; then
echo "*** Differences found between cipherscan scan and expected output ***"
if [ -f cipherscan_profiles/$BUILDCONFIG.txt ]; then
COMPARE_PROFILE="cipherscan_profiles/$BUILDCONFIG.txt"
else
COMPARE_PROFILE="cipherscan_profiles/baseline.txt"
fi
echo "== EXPECTED OUTPUT ($COMPARE_PROFILE) =="
cat $COMPARE_PROFILE
echo
echo "== ACTUAL TEST OUTPUT =="
cat cipherscan.test.txt
echo
echo "== DIFF =="
diff -uab $COMPARE_PROFILE cipherscan.test.txt
echo
echo "cipherscan test failed."
exit 1
else
echo "*** Cipherscan output was good ***"
cat cipherscan.test.txt
fi
# This checks for a couple of old ciphers that should never work:
for cipher in 3DES RC4
do
echo "Testing cipher $cipher (MUST FAIL!).."
(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5900 -cipher $cipher) &&
fail "UnrealIRCd allowed us to connect with cipher $cipher, BAD!"
done
# This checks older SSL/TLS versions that should not work:
for protocol in ssl2 ssl3
do
echo "Testing protocol $protocol (MUST FAIL!).."
(echo QUIT|$OPENSSL s_client -connect 127.0.0.1:5900 -$protocol) &&
fail "UnrealIRCd allowed us to connect with protocol $protocol, BAD!"
done
echo
echo "TLS tests ended (no issues)."
exit 0
+1
View File
@@ -33,6 +33,7 @@ typedef struct {
#define AUTHTYPE_SSL_CLIENTCERTFP 6
#define AUTHTYPE_BCRYPT 7
#define AUTHTYPE_SPKIFP 8
#define AUTHTYPE_ARGON2 9
#ifndef HAVE_CRYPT
#define crypt DES_crypt
-36
View File
@@ -1,36 +0,0 @@
#ifndef __BADWORDS_H
#define __BADWORDS_H
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "tre/regex.h"
#define MAX_MATCH 1
#define MAX_WORDLEN 64
#define PATTERN "\\w*%s\\w*"
#define REPLACEWORD "<censored>"
#define BADW_TYPE_INVALID 0x0
#define BADW_TYPE_FAST 0x1
#define BADW_TYPE_FAST_L 0x2
#define BADW_TYPE_FAST_R 0x4
#define BADW_TYPE_REGEX 0x8
#define BADWORD_REPLACE 1
#define BADWORD_BLOCK 2
typedef struct _configitem_badword ConfigItem_badword;
struct _configitem_badword {
ConfigItem_badword *prev, *next;
ConfigFlag flag;
char *word, *replace;
unsigned short type;
char action;
regex_t expr;
};
#endif
+3 -20
View File
@@ -130,7 +130,7 @@ const char *inet_ntop(int, const void *, char *, size_t);
int inet_pton(int af, const char *src, void *dst);
#endif
MODVAR int global_count, max_global_count;
extern MODVAR int global_count, max_global_count;
extern char *myctime(time_t);
extern char *strtoken(char **, char *, char *);
@@ -225,7 +225,7 @@ static char *StsMalloc(size_t size, char *file, long line)
#endif
#define safestrdup(x,y) do { if (x) MyFree(x); if (!y) x = NULL; else x = strdup(y); } while(0)
#define safestrdup(x,y) do { if (x) MyFree(x); if (!(y)) x = NULL; else x = strdup(y); } while(0)
#define safestrldup(x,y,sz) do { if (x) MyFree(x); if (!y) x = NULL; else x = strldup(y,sz); } while(0)
#define safefree(x) do { if (x) MyFree(x); x = NULL; } while(0)
@@ -255,23 +255,6 @@ extern struct SLink *find_user_link( /* struct SLink *, struct Client * */ );
#define CHPAR3 "l"
#define CHPAR4 "psmntir"
/* Server-Server PROTOCTL -Stskeeps
* This is the FIRST line only, please check send_proto() for more. -- Syzop
* Also take MAXPARA into account !
*/
#define PROTOCTL_SERVER "NOQUIT" \
" NICKv2" \
" SJOIN" \
" SJOIN2" \
" UMODE2" \
" VL" \
" SJ3" \
" TKLEXT" \
" TKLEXT2" \
" NICKIP" \
" ESVID"
#ifdef _WIN32
/*
* Used to display a string to the GUI interface.
@@ -291,7 +274,7 @@ extern int lu_noninv, lu_inv, lu_serv, lu_oper,
lu_unknown, lu_channel, lu_lu, lu_lulocal, lu_lserv,
lu_clu, lu_mlu, lu_cglobalu, lu_mglobalu;
MODVAR TS now;
extern MODVAR TS now;
#ifndef _WIN32
#if defined(__STDC__)
+37 -26
View File
@@ -215,14 +215,6 @@
*/
#define NickServ "NickServ"
/*
* How many open targets can one nick have for messaging nicks and
* inviting them?
*/
#define MAXTARGETS 20
#define TARGET_DELAY 15
/* STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP STOP */
/* You shouldn't change anything below this line, unless absolutely needed. */
@@ -242,8 +234,36 @@
*
* 2004-10-13: 1024 -> 4096
*/
#ifndef MAXCONNECTIONS
#define MAXCONNECTIONS 10240
#ifdef _WIN32
#define MAXCONNECTIONS 10240
#else
/* Non-Windows: */
#if (!defined(MAXCONNECTIONS_REQUEST) || (MAXCONNECTIONS_REQUEST < 1)) && \
(defined(HAVE_POLL) || defined(HAVE_EPOLL) || defined(HAVE_KQUEUE))
/* Have poll/epoll/kqueue and either no --with-maxconnections or
* --with-maxconnections=0, either of which indicates 'automatic' mode.
* At the time of writing we will try a limit of 8192.
* It will automatically be lowered at boottime if we can only use
* 4096, 2048 or 1024. No problem.
*/
#define MAXCONNECTIONS 8192
#elif defined(MAXCONNECTIONS_REQUEST) && (MAXCONNECTIONS_REQUEST >= 1)
/* --with-maxconnections=something */
#define MAXCONNECTIONS MAXCONNECTIONS_REQUEST
#else
/* Automatic mode, but we only have select(). Bummer... */
#define MAXCONNECTIONS 1024
#endif
#endif
/* Number of file descriptors reserved for non-incoming-clients.
* One of which may be used by auth, the rest are really reserved.
* They can be used for outgoing server links, listeners, logging, etc.
*/
#if MAXCONNECTIONS > 1024
#define CLIENTS_RESERVE 8
#else
#define CLIENTS_RESERVE 4
#endif
/*
@@ -295,9 +315,6 @@
#define SPAMFILTER_DETECTSLOW
#endif
/* Use TRE Regex Library (as well) ? */
#define USE_TRE
/* Maximum number of ModData objects that may be attached to an object */
/* UnrealIRCd 4.0.0 - 4.0.13: 8, 8, 4, 4
* UnrealIRCd 4.0.14+ : 12, 8, 4, 4
@@ -313,10 +330,15 @@
*/
#undef EXPERIMENTAL
/* Default SSL/TLS cipherlist.
/* Default SSL/TLS cipherlist (except for TLS1.3, see further down).
* This can be changed via set::ssl::options::ciphers in the config file.
*/
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-128-GCM-SHA256 TLS13-AES-256-GCM-SHA384 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES128-GCM-SHA256 AES256-GCM-SHA384 AES128-SHA256 AES256-SHA256 AES128-SHA AES256-SHA"
#define UNREALIRCD_DEFAULT_CIPHERS "TLS13-CHACHA20-POLY1305-SHA256 TLS13-AES-256-GCM-SHA384 TLS13-AES-128-GCM-SHA256 EECDH+CHACHA20 EECDH+AESGCM EECDH+AES AES256-GCM-SHA384 AES128-GCM-SHA256 AES256-SHA256 AES128-SHA256 AES256-SHA AES128-SHA"
/* Default TLS 1.3 ciphersuites.
* This can be changed via set::ssl::options::ciphersuites in the config file.
*/
#define UNREALIRCD_DEFAULT_CIPHERSUITES "TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_AES_128_CCM_SHA256"
/* Default SSL/TLS curves for ECDH(E)
* This can be changed via set::ssl::options::ecdh-curve in the config file.
@@ -410,11 +432,6 @@ error You stuffed up config.h signals
#ifdef POSIX_SIGNALS
#define HAVE_RELIABLE_SIGNALS
#endif
/*
* safety margin so we can always have one spare fd, for motd/authd or
* whatever else. -4 allows "safety" margin of 1 and space reserved.
*/
#define MAXCLIENTS (MAXCONNECTIONS-4)
#ifdef HAVECURSES
# define DOCURSES
#else
@@ -459,12 +476,6 @@ error You stuffed up config.h signals
#if defined(SOL20) || defined(SOL25) || defined(SOL26) || defined(SOL27)
#define _SOLARIS
#endif
/*
* Cleaup for WIN32 platform.
*/
#ifdef _WIN32
# undef FORCE_CORE
#endif
#ifdef NEED_BCMP
#define bcmp memcmp
#endif
+31 -12
View File
@@ -92,11 +92,16 @@ struct zConfiguration {
char *static_quit;
char *static_part;
SSLOptions *ssl_options;
PlaintextPolicy plaintext_policy_user;
Policy plaintext_policy_user;
char *plaintext_policy_user_message;
PlaintextPolicy plaintext_policy_oper;
Policy plaintext_policy_oper;
char *plaintext_policy_oper_message;
PlaintextPolicy plaintext_policy_server;
Policy plaintext_policy_server;
Policy outdated_tls_policy_user;
char *outdated_tls_policy_user_message;
Policy outdated_tls_policy_oper;
char *outdated_tls_policy_oper_message;
Policy outdated_tls_policy_server;
enum UHAllowed userhost_allowed;
char *restrict_usermodes;
char *restrict_channelmodes;
@@ -111,13 +116,17 @@ struct zConfiguration {
long away_period;
unsigned char nick_count;
long nick_period;
unsigned char invite_count;
long invite_period;
unsigned char knock_count;
long knock_period;
unsigned char max_concurrent_conversations_users;
unsigned char max_concurrent_conversations_new_user_every;
int ident_connect_timeout;
int ident_read_timeout;
long default_bantime;
int who_limit;
int silence_limit;
unsigned char modef_default_unsettime;
unsigned char modef_max_unsettime;
long ban_version_tkl_time;
long spamfilter_ban_time;
char *spamfilter_ban_reason;
@@ -138,7 +147,11 @@ struct zConfiguration {
aNetwork network;
unsigned short default_ipv6_clone_mask;
int ping_cookie;
int nicklen;
int nick_length;
int topic_length;
int kick_length;
int quit_length;
int away_length;
int hide_list;
int max_unknown_connections_per_ip;
long handshake_timeout;
@@ -148,6 +161,11 @@ struct zConfiguration {
char *reject_message_too_many_connections;
char *reject_message_server_full;
char *reject_message_unauthorized;
char *reject_message_kline;
char *reject_message_gline;
int topic_setter;
int ban_setter;
int ban_setter_sync;
};
#ifndef DYNCONF_C
@@ -216,6 +234,10 @@ extern MODVAR int ipv6_disabled;
#define AWAY_COUNT iConf.away_count
#define NICK_PERIOD iConf.nick_period
#define NICK_COUNT iConf.nick_count
#define KNOCK_PERIOD iConf.knock_period
#define KNOCK_COUNT iConf.knock_count
#define INVITE_PERIOD iConf.invite_period
#define INVITE_COUNT iConf.invite_count
#define IDENT_CONNECT_TIMEOUT iConf.ident_connect_timeout
#define IDENT_READ_TIMEOUT iConf.ident_read_timeout
@@ -228,9 +250,6 @@ extern MODVAR int ipv6_disabled;
#define DEFAULT_BANTIME iConf.default_bantime
#define WHOLIMIT iConf.who_limit
#define MODEF_DEFAULT_UNSETTIME iConf.modef_default_unsettime
#define MODEF_MAX_UNSETTIME iConf.modef_max_unsettime
#define ALLOW_PART_IF_SHUNNED iConf.allow_part_if_shunned
#define DISABLE_CAP iConf.disable_cap
@@ -313,6 +332,8 @@ struct SetCheck {
unsigned has_anti_flood_away_period:1;
unsigned has_anti_flood_nick_flood:1;
unsigned has_anti_flood_connect_flood:1;
unsigned has_anti_flood_invite_flood:1;
unsigned has_anti_flood_knock_flood:1;
unsigned has_ident_connect_timeout:1;
unsigned has_ident_read_timeout:1;
unsigned has_default_bantime:1;
@@ -320,8 +341,6 @@ struct SetCheck {
unsigned has_maxbans:1;
unsigned has_maxbanlength:1;
unsigned has_silence_limit:1;
unsigned has_modef_default_unsettime:1;
unsigned has_modef_max_unsettime:1;
unsigned has_ban_version_tkl_time:1;
unsigned has_spamfilter_ban_time:1;
unsigned has_spamfilter_ban_reason:1;
@@ -351,7 +370,7 @@ struct SetCheck {
unsigned has_options_disable_cap:1;
unsigned has_options_disable_ipv6:1;
unsigned has_ping_cookie:1;
unsigned has_nicklen:1;
unsigned has_nick_length:1;
unsigned has_hide_ban_reason:1;
};
+45 -24
View File
@@ -43,12 +43,15 @@ extern MODVAR struct stats *ircstp;
extern MODVAR int bootopt;
extern MODVAR time_t TSoffset;
extern MODVAR time_t timeofday;
extern MODVAR char cmodestring[512];
extern MODVAR char umodestring[UMODETABLESZ+1];
/* newconf */
#define get_sendq(x) ((x)->local->class ? (x)->local->class->sendq : MAXSENDQLENGTH)
/* get_recvq is only called in send.c for local connections */
#define get_recvq(x) ((x)->local->class->recvq ? (x)->local->class->recvq : DEFAULT_RECVQ)
#define CMD_FUNC(x) int (x) (aClient *cptr, aClient *sptr, int parc, char *parv[])
#define CMD_OVERRIDE_FUNC(x) int (x)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[])
/*
* Configuration linked lists
@@ -125,6 +128,7 @@ extern void OperClassValidatorDel(OperClassValidator *validator);
extern ConfigItem_ban *Find_ban_ip(aClient *sptr);
extern void add_ListItem(ListStruct *, ListStruct **);
extern void append_ListItem(ListStruct *item, ListStruct **list);
extern void add_ListItemPrio(ListStructPrio *, ListStructPrio **, int);
extern ListStruct *del_ListItem(ListStruct *, ListStruct **);
extern aClient *find_match_server(char *mask);
@@ -235,6 +239,7 @@ extern void get_my_name(aClient *, char *, int);
extern int get_sockerr(aClient *);
extern int inetport(ConfigItem_listen *, char *, int, int);
extern void init_sys();
extern void check_user_limit(void);
extern void init_modef();
extern int verify_hostname(char *name);
@@ -290,9 +295,10 @@ extern void sendto_snomask_normal(int snomask, char *pattern, ...) __attribute__
extern void sendto_snomask_normal_global(int snomask, char *pattern, ...) __attribute__((format(printf,2,3)));
extern void sendnotice(aClient *to, char *pattern, ...) __attribute__((format(printf,2,3)));
extern void sendto_server(aClient *one, unsigned long caps, unsigned long nocaps, const char *format, ...) __attribute__((format(printf, 4,5)));
extern void sendto_ops_and_log(char *pattern, ...) __attribute__((format(printf,1,2)));
extern MODVAR int writecalls, writeb[];
extern int deliver_it(aClient *, char *, int);
extern int deliver_it(aClient *cptr, char *str, int len, int *want_read);
extern int check_for_target_limit(aClient *sptr, void *target, const char *name);
extern char *canonize(char *buffer);
extern ConfigItem_deny_dcc *dcc_isforbidden(aClient *sptr, char *filename);
@@ -430,17 +436,10 @@ extern int checkprotoflags(aClient *, int, char *, int);
extern char *inetntop(int af, const void *in, char *local_dummy, size_t the_size);
/*
* CommandHash -Stskeeps
*/
/* Internal command stuff - not for modules */
extern MODVAR aCommand *CommandHash[256];
extern void init_CommandHash(void);
extern aCommand *add_Command_backend(char *cmd, int (*func)(), unsigned char parameters, int flags);
extern void add_Command(char *cmd, int (*func)(), unsigned char parameters);
extern void add_Command_to_list(aCommand *item, aCommand **list);
extern aCommand *del_Command_from_list(aCommand *item, aCommand **list);
extern int del_Command(char *cmd, int (*func)());
extern void add_CommandX(char *cmd, int (*func)(), unsigned char parameters, int flags);
extern void init_CommandHash(void);
extern aCommand *add_Command_backend(char *cmd);
/* CRULE */
char *crule_parse(char *);
@@ -489,6 +488,7 @@ extern void flag_add(char ch);
extern void flag_del(char ch);
extern void init_dynconf(void);
extern char *pretty_time_val(long);
extern char *pretty_date(TS t);
extern int init_conf(char *filename, int rehash);
extern void validate_configuration(void);
extern void run_configuration(void);
@@ -503,6 +503,9 @@ extern time_t rfc2time(char *s);
extern char *rfctime(time_t t, char *buf);
extern void *MyMallocEx(size_t size);
extern MODFUNC char *ssl_get_cipher(SSL *ssl);
extern SSLOptions *get_ssl_options_for_client(aClient *acptr);
extern int outdated_tls_client(aClient *acptr);
extern char *outdated_tls_client_build_string(char *pattern, aClient *acptr);
extern long config_checkval(char *value, unsigned short flags);
extern void config_status(char *format, ...) __attribute__((format(printf,1,2)));
extern void init_random();
@@ -512,7 +515,6 @@ extern u_int32_t getrandom32();
extern void ident_failed(aClient *cptr);
extern MODVAR char extchmstr[4][64];
extern MODVAR char extbanstr[EXTBANTABLESZ+1];
extern int extcmode_default_requirechop(aClient *, aChannel *, char, char *, int, int);
extern int extcmode_default_requirehalfop(aClient *, aChannel *, char, char *, int, int);
@@ -552,7 +554,6 @@ extern void ExtbanDel(Extban *);
extern void extban_init(void);
extern char *trim_str(char *str, int len);
extern MODVAR char *ban_realhost, *ban_virthost, *ban_ip;
extern char *unreal_checkregex(char *s, int fastsupport, int check_broadness);
extern int banact_stringtoval(char *s);
extern char *banact_valtostring(int val);
extern int banact_chartoval(char c);
@@ -600,7 +601,6 @@ extern int del_dccallow(aClient *sptr, aClient *optr);
extern void delete_linkblock(ConfigItem_link *link_ptr);
extern void delete_classblock(ConfigItem_class *class_ptr);
extern void del_async_connects(void);
extern void make_extbanstr(void);
extern void isupport_init(void);
extern void clicap_init(void);
extern int do_cmd(aClient *cptr, aClient *sptr, char *cmd, int parc, char *parv[]);
@@ -620,17 +620,16 @@ extern MODVAR int (*register_user)(aClient *cptr, aClient *sptr, char *nick, cha
extern MODVAR int (*tkl_hash)(unsigned int c);
extern MODVAR char (*tkl_typetochar)(int type);
extern MODVAR aTKline *(*tkl_add_line)(int type, char *usermask, char *hostmask, char *reason, char *setby,
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type);
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type, int soft);
extern MODVAR aTKline *(*tkl_del_line)(aTKline *tkl);
extern MODVAR void (*tkl_check_local_remove_shun)(aTKline *tmp);
extern MODVAR aTKline *(*tkl_expire)(aTKline * tmp);
extern MODVAR EVENT((*tkl_check_expire));
extern MODVAR int (*find_tkline_match)(aClient *cptr, int xx);
extern MODVAR int (*find_tkline_match)(aClient *cptr, int skip_soft);
extern MODVAR int (*find_shun)(aClient *cptr);
extern MODVAR int (*find_spamfilter_user)(aClient *sptr, int flags);
extern MODVAR aTKline *(*find_qline)(aClient *cptr, char *nick, int *ishold);
extern MODVAR int (*find_tkline_match_zap)(aClient *cptr);
extern MODVAR int (*find_tkline_match_zap_ex)(aClient *cptr, aTKline **rettk);
extern MODVAR aTKline *(*find_tkline_match_zap)(aClient *cptr);
extern MODVAR void (*tkl_stats)(aClient *cptr, int type, char *para);
extern MODVAR void (*tkl_synch)(aClient *sptr);
extern MODVAR int (*m_tkl)(aClient *cptr, aClient *sptr, int parc, char *parv[]);
@@ -659,7 +658,7 @@ extern MODVAR void (*send_moddata_members)(aClient *srv);
extern MODVAR void (*broadcast_moddata_client)(aClient *acptr);
extern MODVAR int (*check_banned)(aClient *cptr);
extern MODVAR void (*introduce_user)(aClient *to, aClient *acptr);
extern MODVAR int (*check_deny_version)(aClient *cptr, char *version_string, int protocol, char *flags);
extern MODVAR int (*check_deny_version)(aClient *cptr, char *software, int protocol, char *flags);
extern MODVAR int (*match_user)(char *rmask, aClient *acptr, int options);
extern MODVAR void (*userhost_save_current)(aClient *sptr);
extern MODVAR void (*userhost_changed)(aClient *sptr);
@@ -667,11 +666,13 @@ extern MODVAR void (*send_join_to_local_users)(aClient *sptr, aChannel *chptr);
extern MODVAR int (*do_nick_name)(char *nick);
extern MODVAR int (*do_remote_nick_name)(char *nick);
extern MODVAR char *(*charsys_get_current_languages)(void);
extern MODVAR void *(*broadcast_sinfo)(aClient *acptr, aClient *to, aClient *except);
/* /Efuncs */
extern MODVAR aMotdFile opermotd, svsmotd, motd, botmotd, smotd, rules;
extern MODVAR int max_connection_count;
extern int add_listmode(Ban **list, aClient *cptr, aChannel *chptr, char *banid);
extern int add_listmode_ex(Ban **list, aClient *cptr, aChannel *chptr, char *banid, char *setby, TS seton);
extern int del_listmode(Ban **list, aChannel *chptr, char *banid);
extern int Halfop_mode(long mode);
extern char *clean_ban_mask(char *, int, aClient *);
@@ -681,9 +682,10 @@ extern char *md5hash(unsigned char *dst, const unsigned char *src, unsigned long
extern MODVAR char langsinuse[4096];
extern MODVAR char *casemapping[2];
extern MODVAR aTKline *tklines[TKLISTLEN];
extern MODVAR aTKline *tklines_ip_hash[TKLIPHASHLEN1][TKLIPHASHLEN2];
extern char *cmdname_by_spamftarget(int target);
extern void unrealdns_delreq_bycptr(aClient *cptr);
extern void sendtxtnumeric(aClient *to, char *pattern, ...) __attribute__((format(printf,2,3)));;
extern void sendtxtnumeric(aClient *to, char *pattern, ...) __attribute__((format(printf,2,3)));
extern void unrealdns_gethostbyname_link(char *name, ConfigItem_link *conf, int ipv4_only);
extern void unrealdns_delasyncconnects(void);
extern int is_autojoin_chan(char *chname);
@@ -737,6 +739,7 @@ extern MODVAR BOOL IsService;
#endif
extern int match_ip46(char *a, char *b);
extern void extcmodes_check_for_changes(void);
extern void umodes_check_for_changes(void);
extern int config_parse_flood(char *orig, int *times, int *period);
extern int swhois_add(aClient *acptr, char *tag, int priority, char *swhois, aClient *from, aClient *skip);
extern int swhois_delete(aClient *acptr, char *tag, char *swhois, aClient *from, aClient *skip);
@@ -759,7 +762,7 @@ extern int has_channel_mode(aChannel *chptr, char mode);
extern int has_user_mode(aClient *acptr, char mode);
extern long find_user_mode(char mode);
extern void start_listeners(void);
extern void buildvarstring(char *inbuf, char *outbuf, size_t len, char *name[], char *value[]);
extern void buildvarstring(const char *inbuf, char *outbuf, size_t len, const char *name[], const char *value[]);
extern void reinit_ssl(aClient *);
extern int m_error(aClient *cptr, aClient *sptr, int parc, char *parv[]);
extern int m_dns(aClient *cptr, aClient *sptr, int parc, char *parv[]);
@@ -783,9 +786,9 @@ extern int invisible_user_in_channel(aClient *target, aChannel *chptr);
extern MODVAR int ssl_client_index;
extern SSLOptions *FindSSLOptionsForUser(aClient *acptr);
extern int IsWebsocket(aClient *acptr);
extern PlaintextPolicy plaintextpolicy_strtoval(char *s);
extern char *plaintextpolicy_valtostr(PlaintextPolicy policy);
extern char plaintextpolicy_valtochar(PlaintextPolicy policy);
extern Policy policy_strtoval(char *s);
extern char *policy_valtostr(Policy policy);
extern char policy_valtochar(Policy policy);
extern int verify_certificate(SSL *ssl, char *hostname, char **errstr);
extern char *certificate_name(SSL *ssl);
extern int cipher_check(SSL_CTX *ctx, char **errstr);
@@ -797,3 +800,21 @@ extern MODVAR int current_serial;
extern char *spki_fingerprint(aClient *acptr);
extern int is_module_loaded(char *name);
extern void close_std_descriptors(void);
extern int banned_client(aClient *acptr, char *bantype, char *reason, int global, int noexit);
extern char *mystpcpy(char *dst, const char *src);
extern size_t add_sjsby(char *buf, char *setby, TS seton);
extern MaxTarget *findmaxtarget(char *cmd);
extern void setmaxtargets(char *cmd, int limit);
extern void freemaxtargets(void);
extern int max_targets_for_command(char *cmd);
extern void set_targmax_defaults(void);
extern void parse_chanmodes_protoctl(aClient *sptr, char *str);
extern void concat_params(char *buf, int len, int parc, char *parv[]);
extern void charsys_check_for_changes(void);
extern int maxclients;
extern int fast_badword_match(ConfigItem_badword *badword, char *line);
extern int fast_badword_replace(ConfigItem_badword *badword, char *line, char *buf, int max);
extern char *stripbadwords(char *str, ConfigItem_badword *start_bw, int *blocked);
extern int badword_config_process(ConfigItem_badword *ca, char *str);
extern void badword_config_free(ConfigItem_badword *ca);
extern char *badword_config_check_regex(char *s, int fastsupport, int check_broadness);
+76 -38
View File
@@ -426,8 +426,8 @@ struct _irccallback {
* for things like do_join, join_channel, etc.
* The difference between callbacks and efunctions are:
* - efunctions are mandatory, while callbacks can be optional (depends!)
* - efunctions are ment for internal usage, so 3rd party modules are not allowed
* to add them.
* - efunctions are meant for internal usage, so 3rd party modules are
* not allowed to add them.
* - all efunctions are declared as function pointers in modules.c
*/
struct _ircefunction {
@@ -489,10 +489,10 @@ typedef struct _ModuleObject {
#define MODERR_INVALID 3
#define MODERR_NOTFOUND 4
unsigned int ModuleGetError(Module *module);
const char *ModuleGetErrorStr(Module *module);
unsigned int ModuleGetOptions(Module *module);
unsigned int ModuleSetOptions(Module *module, unsigned int options, int action);
extern unsigned int ModuleGetError(Module *module);
extern const char *ModuleGetErrorStr(Module *module);
extern unsigned int ModuleGetOptions(Module *module);
extern unsigned int ModuleSetOptions(Module *module, unsigned int options, int action);
struct _Module
{
@@ -560,8 +560,6 @@ struct _eventinfo {
};
/* Huh? Why are those not marked as extern?? -- Syzop */
extern MODVAR Hook *Hooks[MAXHOOKTYPES];
extern MODVAR Hooktype Hooktypes[MAXCUSTOMHOOKS];
extern MODVAR Callback *Callbacks[MAXCALLBACKS], *RCallbacks[MAXCALLBACKS];
@@ -569,31 +567,32 @@ extern MODVAR Efunction *Efunctions[MAXEFUNCTIONS];
extern MODVAR ClientCapability *clicaps;
#define EventAdd(name, every, howmany, event, data) EventAddEx(NULL, name, every, howmany, event, data)
Event *EventAddEx(Module *, char *name, long every, long howmany,
extern Event *EventAddEx(Module *, char *name, long every, long howmany,
vFP event, void *data);
Event *EventDel(Event *event);
Event *EventMarkDel(Event *event);
Event *EventFind(char *name);
int EventMod(Event *event, EventInfo *mods);
void DoEvents(void);
void EventStatus(aClient *sptr);
void SetupEvents(void);
void LockEventSystem(void);
void UnlockEventSystem(void);
extern Event *EventDel(Event *event);
extern Event *EventMarkDel(Event *event);
extern Event *EventFind(char *name);
extern int EventMod(Event *event, EventInfo *mods);
extern void DoEvents(void);
extern void EventStatus(aClient *sptr);
extern void SetupEvents(void);
extern void LockEventSystem(void);
extern void UnlockEventSystem(void);
void Module_Init(void);
char *Module_Create(char *path);
void Init_all_testing_modules(void);
void Unload_all_loaded_modules(void);
void Unload_all_testing_modules(void);
int Module_Unload(char *name);
vFP Module_Sym(char *name);
vFP Module_SymX(char *name, Module **mptr);
int Module_free(Module *mod);
extern void Module_Init(void);
extern char *Module_Create(char *path);
extern char *Module_TransformPath(char *path_);
extern void Init_all_testing_modules(void);
extern void Unload_all_loaded_modules(void);
extern void Unload_all_testing_modules(void);
extern int Module_Unload(char *name);
extern vFP Module_Sym(char *name);
extern vFP Module_SymX(char *name, Module **mptr);
extern int Module_free(Module *mod);
#ifdef __OpenBSD__
void *obsd_dlsym(void *handle, char *symbol);
extern void *obsd_dlsym(void *handle, char *symbol);
#endif
extern Versionflag *VersionflagAdd(Module *module, char flag);
@@ -603,6 +602,9 @@ extern Isupport *IsupportAdd(Module *module, const char *token, const char *valu
extern void IsupportSetValue(Isupport *isupport, const char *value);
extern void IsupportDel(Isupport *isupport);
extern Isupport *IsupportFind(const char *token);
extern void IsupportSet(Module *module, const char *name, const char *value);
extern void IsupportSetFmt(Module *module, const char *name, const char *pattern, ...) __attribute__((format(printf,3,4)));
extern void IsupportDelByName(const char *name);
extern ClientCapability *ClientCapabilityFind(const char *token, aClient *sptr);
extern ClientCapability *ClientCapabilityFindReal(const char *token);
@@ -672,6 +674,16 @@ extern void HooktypeDel(Hooktype *hooktype, Module *module);
if (retval retchk) return retval; \
} \
}
#define RunHookReturnInt4(hooktype,a,b,c,d,retchk) \
{ \
int retval; \
Hook *h; \
for (h = Hooks[hooktype]; h; h = h->next) \
{ \
retval = (*(h->func.intfunc))(a,b,c,d); \
if (retval retchk) return retval; \
} \
}
#define RunHookReturnVoid(hooktype,x,ret) do { Hook *h; for (h = Hooks[hooktype]; h; h = h->next) if((*(h->func.intfunc))(x) ret) return; } while(0)
#define RunHook2(hooktype,x,y) do { Hook *h; for (h = Hooks[hooktype]; h; h = h->next) (*(h->func.intfunc))(x,y); } while(0)
@@ -699,18 +711,21 @@ extern Callback *CallbackDel(Callback *cb);
extern Efunction *EfunctionAddMain(Module *module, int eftype, int (*intfunc)(), void (*voidfunc)(), void *(*pvoidfunc)(), char *(*pcharfunc)());
extern Efunction *EfunctionDel(Efunction *cb);
Command *CommandAdd(Module *module, char *cmd, int (*func)(aClient *cptr, aClient *sptr, int parc, char *parv[]), unsigned char params, int flags);
void CommandDel(Command *command);
int CommandExists(char *name);
Cmdoverride *CmdoverrideAdd(Module *module, char *cmd, int (*func)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]));
void CmdoverrideDel(Cmdoverride *ovr);
int CallCmdoverride(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
extern Command *CommandAdd(Module *module, char *cmd, CmdFunc func, unsigned char params, int flags);
extern Command *AliasAdd(Module *module, char *cmd, AliasCmdFunc aliasfunc, unsigned char params, int flags);
extern void CommandDel(Command *command);
extern void CommandDelX(Command *command, aCommand *cmd);
extern int CommandExists(char *name);
extern Cmdoverride *CmdoverrideAdd(Module *module, char *cmd, OverrideCmdFunc func);
extern Cmdoverride *CmdoverrideAddEx(Module *module, char *name, int priority, OverrideCmdFunc func);
extern void CmdoverrideDel(Cmdoverride *ovr);
extern int CallCmdoverride(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
extern void moddata_free_client(aClient *acptr);
extern void moddata_free_channel(aChannel *chptr);
extern void moddata_free_member(Member *m);
extern void moddata_free_membership(Membership *m);
ModDataInfo *findmoddata_byname(char *name, ModDataType type);
extern ModDataInfo *findmoddata_byname(char *name, ModDataType type);
extern int moddata_client_set(aClient *acptr, char *varname, char *value);
extern char *moddata_client_get(aClient *acptr, char *varname);
@@ -791,7 +806,7 @@ extern char *moddata_client_get(aClient *acptr, char *varname);
#define HOOKTYPE_VIEW_TOPIC_OUTSIDE_CHANNEL 75
#define HOOKTYPE_CHAN_PERMIT_NICK_CHANGE 76
#define HOOKTYPE_IS_CHANNEL_SECURE 77
#define HOOKTYPE_CAN_SEND_SECURE 78
#define HOOKTYPE_SEND_CHANNEL 78
#define HOOKTYPE_CHANNEL_SYNCED 79
#define HOOKTYPE_CAN_SAJOIN 80
#define HOOKTYPE_WHOIS 81
@@ -805,6 +820,12 @@ extern char *moddata_client_get(aClient *acptr, char *varname);
#define HOOKTYPE_SERVER_SYNCHED 89
#define HOOKTYPE_SECURE_CONNECT 90
#define HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION 91
#define HOOKTYPE_REQUIRE_SASL 92
#define HOOKTYPE_SASL_CONTINUATION 93
#define HOOKTYPE_SASL_RESULT 94
#define HOOKTYPE_PLACE_HOST_BAN 95
#define HOOKTYPE_FIND_TKLINE_MATCH 96
#define HOOKTYPE_WELCOME 97
/* Adding a new hook here?
* 1) Add the #define HOOKTYPE_.... with a new number
@@ -903,6 +924,12 @@ int hooktype_server_handshake_out(aClient *sptr);
int hooktype_server_synched(aClient *sptr);
int hooktype_secure_connect(aClient *sptr);
int hooktype_can_bypass_channel_message_restriction(aClient *sptr, aChannel *chptr, BypassChannelMessageRestrictionType bypass_type);
int hooktype_require_sasl(aClient *sptr, char *reason);
int hooktype_sasl_continuation(aClient *sptr, char *buf);
int hooktype_sasl_result(aClient *sptr, int success);
int hooktype_place_host_ban(aClient *sptr, int action, char *reason, long duration);
int hooktype_find_tkline_match(aClient *sptr, aTKline *tk);
int hooktype_welcome(aClient *sptr, int after_numeric);
#ifdef GCC_TYPECHECKING
#define ValidateHook(validatefunc, func) __builtin_types_compatible_p(__typeof__(func), __typeof__(validatefunc))
@@ -985,7 +1012,7 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
((hooktype == HOOKTYPE_VIEW_TOPIC_OUTSIDE_CHANNEL) && !ValidateHook(hooktype_view_topic_outside_channel, func)) || \
((hooktype == HOOKTYPE_CHAN_PERMIT_NICK_CHANGE) && !ValidateHook(hooktype_chan_permit_nick_change, func)) || \
((hooktype == HOOKTYPE_IS_CHANNEL_SECURE) && !ValidateHook(hooktype_is_channel_secure, func)) || \
((hooktype == HOOKTYPE_CAN_SEND_SECURE) && !ValidateHook(hooktype_can_send_secure, func)) || \
((hooktype == HOOKTYPE_SEND_CHANNEL) && !ValidateHook(hooktype_can_send_secure, func)) || \
((hooktype == HOOKTYPE_CHANNEL_SYNCED) && !ValidateHook(hooktype_channel_synced, func)) || \
((hooktype == HOOKTYPE_CAN_SAJOIN) && !ValidateHook(hooktype_can_sajoin, func)) || \
((hooktype == HOOKTYPE_WHOIS) && !ValidateHook(hooktype_whois, func)) || \
@@ -998,7 +1025,13 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
((hooktype == HOOKTYPE_SERVER_HANDSHAKE_OUT) && !ValidateHook(hooktype_server_handshake_out, func)) || \
((hooktype == HOOKTYPE_SERVER_SYNCHED) && !ValidateHook(hooktype_server_synched, func)) || \
((hooktype == HOOKTYPE_SECURE_CONNECT) && !ValidateHook(hooktype_secure_connect, func)) || \
((hooktype == HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION) && !ValidateHook(hooktype_can_bypass_channel_message_restriction, func)) ) \
((hooktype == HOOKTYPE_CAN_BYPASS_CHANNEL_MESSAGE_RESTRICTION) && !ValidateHook(hooktype_can_bypass_channel_message_restriction, func)) || \
((hooktype == HOOKTYPE_REQUIRE_SASL) && !ValidateHook(hooktype_require_sasl, func)) || \
((hooktype == HOOKTYPE_SASL_CONTINUATION) && !ValidateHook(hooktype_sasl_continuation, func)) || \
((hooktype == HOOKTYPE_SASL_RESULT) && !ValidateHook(hooktype_sasl_result, func)) || \
((hooktype == HOOKTYPE_PLACE_HOST_BAN) && !ValidateHook(hooktype_place_host_ban, func)) || \
((hooktype == HOOKTYPE_FIND_TKLINE_MATCH) && !ValidateHook(hooktype_find_tkline_match, func)) || \
((hooktype == HOOKTYPE_WELCOME) && !ValidateHook(hooktype_welcome, func)) ) \
_hook_error_incompatible();
#endif /* GCC_TYPECHECKING */
@@ -1011,6 +1044,8 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
#define CALLBACKTYPE_CLOAK 1
#define CALLBACKTYPE_CLOAKKEYCSUM 2
#define CALLBACKTYPE_CLOAK_EX 3
#define CALLBACKTYPE_BLACKLIST_CHECK 4
#define CALLBACKTYPE_REPUTATION_STARTTIME 5
/* Efunction types */
#define EFUNC_DO_JOIN 1
@@ -1069,6 +1104,7 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
#define EFUNC_DO_NICK_NAME 57
#define EFUNC_DO_REMOTE_NICK_NAME 58
#define EFUNC_CHARSYS_GET_CURRENT_LANGUAGES 59
#define EFUNC_BROADCAST_SINFO 60
/* Module flags */
#define MODFLAG_NONE 0x0000
@@ -1090,6 +1126,8 @@ _UNREAL_ERROR(_hook_error_incompatible, "Incompatible hook function. Check argum
#define CONFIG_ALLOW 6
#define CONFIG_CLOAKKEYS 7
#define CONFIG_SET_ANTI_FLOOD 8
#define CONFIG_REQUIRE 9
#define CONFIG_LISTEN 10
#define MOD_HEADER(name) Mod_Header
#define MOD_TEST(name) DLLFUNC int Mod_Test(ModuleInfo *modinfo)
+1
View File
@@ -308,6 +308,7 @@
#define RPL_ADMINEMAIL 259
#define RPL_TRACELOG 261
#define RPL_TRYAGAIN 263
#define RPL_LOCALUSERS 265
#define RPL_GLOBALUSERS 266
+11 -8
View File
@@ -28,9 +28,6 @@
/* Define the location of the documentation */
#undef DOCDIR
/* Define if you can set the core size to unlimited */
#undef FORCE_CORE
/* Define if you have getrusage */
#undef GETRUSAGE_2
@@ -46,6 +43,9 @@
/* Define if ssl library has SSL_CTX_set1_curves_list */
#undef HAS_SSL_CTX_SET1_CURVES_LIST
/* Define if ssl library has SSL_CTX_set_min_proto_version */
#undef HAS_SSL_CTX_SET_MIN_PROTO_VERSION
/* Define to 1 if you have the `bcmp' function. */
#undef HAVE_BCMP
@@ -136,6 +136,9 @@
/* Define if you have setproctitle */
#undef HAVE_SETPROCTITLE
/* Define to 1 if you have the `setrlimit' function. */
#undef HAVE_SETRLIMIT
/* Define to 1 if you have the `snprintf' function. */
#undef HAVE_SNPRINTF
@@ -214,8 +217,8 @@
/* Define to <malloc.h> you need malloc.h. */
#undef MALLOCH
/* Set to the max connections you want */
#undef MAXCONNECTIONS
/* Set to the maximum number of connections you want */
#undef MAXCONNECTIONS_REQUEST
/* Set to the max sendq you want */
#undef MAXSENDQLENGTH
@@ -369,9 +372,6 @@
/* Define to 1 if your <sys/time.h> declares `struct tm'. */
#undef TM_IN_SYS_TIME
/* Define if you want nick!user@host shown for the topic setter */
#undef TOPIC_NICK_IS_NUHOST
/* Define if your system prepends an underscore to symbols */
#undef UNDERSCORE
@@ -395,6 +395,9 @@
support */
#undef USE_LIBCURL
/* Use the old deprecated TRE regex library */
#undef USE_TRE
/* Define if you are compiling unrealircd on Sun's (or Oracle's?) Solaris */
#undef _SOLARIS
+182 -32
View File
@@ -59,7 +59,9 @@
# endif
#endif
#include "auth.h"
#ifdef USE_TRE
#include "tre/regex.h"
#endif
#define PCRE2_CODE_UNIT_WIDTH 8
#include "pcre2.h"
@@ -116,6 +118,7 @@ typedef struct _configitem_unknown_ext ConfigItem_unknown_ext;
typedef struct _configitem_alias ConfigItem_alias;
typedef struct _configitem_alias_format ConfigItem_alias_format;
typedef struct _configitem_include ConfigItem_include;
typedef struct _configitem_blacklist_module ConfigItem_blacklist_module;
typedef struct _configitem_help ConfigItem_help;
typedef struct _configitem_offchans ConfigItem_offchans;
typedef struct liststruct ListStruct;
@@ -179,7 +182,10 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
#define USERLEN 10
#define REALLEN 50
#define SVIDLEN 30
#define TOPICLEN 307
#define MAXTOPICLEN 360 /* absolute maximum permitted topic length (above this = potential desynch) */
#define MAXAWAYLEN 360 /* absolute maximum permitted away length (above this = potential desynch) */
#define MAXKICKLEN 360 /* absolute maximum kick length (above this = only cutoff danger) */
#define MAXQUITLEN 395 /* absolute maximum quit length (above this = only cutoff danger) */
#define CHANNELLEN 32
#define PASSWDLEN 48 /* was 20, then 32, now 48. */
#define KEYLEN 23
@@ -192,6 +198,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
#define SIDLEN 3
#define SWHOISLEN 256
#define UMODETABLESZ (sizeof(long) * 8)
#define MAXCCUSERS 20 /* Maximum for set::anti-flood::target-limit::max-concurrent-conversations */
/*
* Watch it - Don't change this unless you also change the ERR_TOOMANYWATCH
* and PROTOCOL_SUPPORTED settings.
@@ -359,7 +366,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
#define PROTO_EXTSWHOIS 0x800000 /* extended SWHOIS support */
#define PROTO_CAP_CHGHOST 0x1000000 /* CAP chghost */
#define PROTO_CAP_EXTENDED_JOIN 0x2000000 /* CAP extended-join */
#define PROTO_SJSBY 0x4000000 /* SJOIN setby information (TS and nick) */
/*
* flags macros.
*/
@@ -459,6 +466,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
#define SupportUMODE2(x) (CHECKPROTO(x, PROTO_UMODE2))
#define SupportVL(x) (CHECKPROTO(x, PROTO_VL))
#define SupportSJ3(x) (CHECKPROTO(x, PROTO_SJ3))
#define SupportSJSBY(x) (CHECKPROTO(x, PROTO_SJSBY))
#define SupportVHP(x) (CHECKPROTO(x, PROTO_VHP))
#define SupportTKLEXT(x) (CHECKPROTO(x, PROTO_TKLEXT))
#define SupportTKLEXT2(x) (CHECKPROTO(x, PROTO_TKLEXT2))
@@ -474,6 +482,7 @@ typedef OperPermission (*OperClassEntryEvalCallback)(OperClassACLEntryVar* varia
#define SetUMODE2(x) ((x)->local->proto |= PROTO_UMODE2)
#define SetVL(x) ((x)->local->proto |= PROTO_VL)
#define SetSJ3(x) ((x)->local->proto |= PROTO_SJ3)
#define SetSJSBY(x) ((x)->local->proto |= PROTO_SJSBY)
#define SetVHP(x) ((x)->local->proto |= PROTO_VHP)
#define SetTKLEXT(x) ((x)->local->proto |= PROTO_TKLEXT)
#define SetTKLEXT2(x) ((x)->local->proto |= PROTO_TKLEXT2)
@@ -595,9 +604,7 @@ struct aloopStruct {
typedef enum {
MATCH_SIMPLE=1, /**< Simple pattern with * and ? */
MATCH_PCRE_REGEX=2, /**< PCRE2 Perl-like regex (new) */
#ifdef USE_TRE
MATCH_TRE_REGEX=3, /**< TRE POSIX regex (old, unreal3.2.x) */
#endif
} MatchType;
/** Match struct, which allows various matching styles, see MATCH_* */
@@ -673,8 +680,12 @@ struct User {
struct {
time_t nick_t;
unsigned char nick_c;
time_t away_t; /* last time the user set away */
time_t away_t; /* last time the user set away */
unsigned char away_c; /* number of times away has been set */
time_t knock_t; /* last time the user has knocked */
unsigned char knock_c; /* number of times the user knocked */
time_t invite_t; /* last time the user used /invite */
unsigned char invite_c; /* number of times the user used /invite */
} flood;
TS lastaway;
};
@@ -685,8 +696,9 @@ struct Server {
char *up; /* uplink for this server */
char by[NICKLEN + 1];
ConfigItem_link *conf;
TS timestamp; /* Remotely determined connect try time */
long users;
TS timestamp; /* Remotely determined connect try time */
long users;
TS boottime; /* Startup time of server */
#ifdef LIST_DEBUG
aClient *bcptr;
#endif
@@ -695,8 +707,11 @@ struct Server {
unsigned server_sent:1; /* SERVER message sent to this link? (for outgoing links) */
} flags;
struct {
char *usermodes;
char *chanmodes[4];
int protocol;
char *software;
char *nickchars;
} features;
};
@@ -708,15 +723,15 @@ struct Server {
#define M_ALIAS 0x0020
#define M_RESETIDLE 0x0040
#define M_VIRUS 0x0080
#define M_ANNOUNCE 0x0100
#define M_ANNOUNCE 0x0100 /* deprecated! */
#define M_OPER 0x0200
/* tkl:
* TKL_KILL|TKL_GLOBAL = Global K:Line (G:Line)
* TKL_ZAP|TKL_GLOBAL = Global Z:Line (ZLINE)
* TKL_KILL = Timed local K:Line
* TKL_ZAP = Local Z:Line
* TKL_KILL|TKL_GLOBAL = Global K-Line (GLINELine)
* TKL_ZAP|TKL_GLOBAL = Global Z-Line (ZLINE)
* TKL_KILL = Local K-Line
* TKL_ZAP = Local Z-Line
*/
#define TKL_KILL 0x0001
#define TKL_ZAP 0x0002
@@ -747,10 +762,13 @@ struct _spamfilter {
TS tkl_duration;
};
#define TKL_SUBTYPE_NONE 0x0000
#define TKL_SUBTYPE_SOFT 0x0001 /* (require SASL) */
struct t_kline {
aTKline *prev, *next;
int type;
unsigned short subtype; /* subtype (currently spamfilter only), see SPAMF_* */
unsigned short subtype; /* subtype: for spamfilter see SPAMF_*, otherwise TKL_SUBTYPE_* */
union {
Spamfilter *spamf;
} ptr;
@@ -779,6 +797,10 @@ typedef struct ircstatsx {
extern MODVAR ircstats IRCstats;
typedef int (*CmdFunc)(aClient *cptr, aClient *sptr, int parc, char *parv[]);
typedef int (*AliasCmdFunc)(aClient *cptr, aClient *sptr, int parc, char *parv[], char *cmd);
typedef int (*OverrideCmdFunc)(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[]);
#include "modules.h"
extern MODVAR Umode *Usermode_Table;
@@ -858,7 +880,7 @@ struct LocalClient {
TS last; /* last time a RESETIDLE message was received */
TS nexttarget; /* next time that a new target will be allowed (msg/notice/invite) */
TS nextnick; /* Time the next nick change will be allowed */
u_char targets[MAXTARGETS]; /* hash values of targets */
u_char targets[MAXCCUSERS]; /* hash values of targets */
char buffer[BUFSIZE]; /* Incoming message buffer */
short lastsq; /* # of 2k blocks when sendqueued called last */
dbuf sendQ; /* Outgoing message queue--if socket full */
@@ -951,12 +973,13 @@ struct _configflag_tld
unsigned rulesptr : 1;
};
#define CONF_BAN_NICK 1
#define CONF_BAN_IP 2
#define CONF_BAN_SERVER 3
#define CONF_BAN_USER 4
#define CONF_BAN_REALNAME 5
#define CONF_BAN_VERSION 6
#define CONF_BAN_NICK 1
#define CONF_BAN_IP 2
#define CONF_BAN_SERVER 3
#define CONF_BAN_USER 4
#define CONF_BAN_REALNAME 5
#define CONF_BAN_VERSION 6
#define CONF_BAN_UNAUTHENTICATED 7
#define CONF_BAN_TYPE_CONF 0
#define CONF_BAN_TYPE_AKILL 1
@@ -965,16 +988,29 @@ struct _configflag_tld
/* Ban actions. These must be ordered by severity (!) */
#define BAN_ACT_GZLINE 1100
#define BAN_ACT_GLINE 1000
#define BAN_ACT_SOFT_GLINE 950
#define BAN_ACT_ZLINE 900
#define BAN_ACT_KLINE 800
#define BAN_ACT_SOFT_KLINE 850
#define BAN_ACT_SHUN 700
#define BAN_ACT_SOFT_SHUN 650
#define BAN_ACT_KILL 600
#define BAN_ACT_SOFT_KILL 550
#define BAN_ACT_TEMPSHUN 500
#define BAN_ACT_SOFT_TEMPSHUN 450
#define BAN_ACT_VIRUSCHAN 400
#define BAN_ACT_SOFT_VIRUSCHAN 350
#define BAN_ACT_DCCBLOCK 300
#define BAN_ACT_SOFT_DCCBLOCK 250
#define BAN_ACT_BLOCK 200
#define BAN_ACT_SOFT_BLOCK 150
#define BAN_ACT_WARN 100
#define BAN_ACT_SOFT_WARN 50
#define IsSoftBanAction(x) ((x == BAN_ACT_SOFT_GLINE) || (x == BAN_ACT_SOFT_KLINE) || \
(x == BAN_ACT_SOFT_SHUN) || (x == BAN_ACT_SOFT_KILL) || \
(x == BAN_ACT_SOFT_TEMPSHUN) || (x == BAN_ACT_SOFT_VIRUSCHAN) || \
(x == BAN_ACT_SOFT_DCCBLOCK) || (x == BAN_ACT_SOFT_BLOCK) || \
(x == BAN_ACT_SOFT_WARN))
#define CRULE_ALL 0
#define CRULE_AUTO 1
@@ -1100,6 +1136,11 @@ struct _configitem_oper {
int maxlogins;
};
/** The SSL options that are used in set::ssl and otherblocks::ssl-options.
* NOTE: If you add something here then you must also update the
* conf_sslblock() function in s_conf.c to have it inherited
* from set::ssl to the other config blocks!
*/
typedef struct _ssloptions SSLOptions;
struct _ssloptions {
char *certificate_file;
@@ -1108,7 +1149,10 @@ struct _ssloptions {
char *trusted_ca_file;
unsigned int protocols;
char *ciphers;
char *ciphersuites;
char *ecdh_curves;
char *outdated_protocols;
char *outdated_ciphers;
long options;
int renegotiate_bytes;
int renegotiate_timeout;
@@ -1334,6 +1378,11 @@ struct _configitem_include {
int included_from_line;
};
struct _configitem_blacklist_module {
ConfigItem_blacklist_module *prev, *next;
char *name;
};
struct _configitem_help {
ConfigItem_help *prev, *next;
ConfigFlag flag;
@@ -1352,6 +1401,9 @@ struct _configitem_offchans {
#define HM_IPV4 2
#define HM_IPV6 3
#define SETTER_NICK 0
#define SETTER_NICK_USER_HOST 1
/*
* statistics structures
*/
@@ -1509,11 +1561,65 @@ struct DSlink {
char *cp;
} value;
};
#define AddListItem(item,list) add_ListItem((ListStruct *)item, (ListStruct **)&list)
#define DelListItem(item,list) del_ListItem((ListStruct *)item, (ListStruct **)&list)
#ifndef _WIN32
#define CHECK_LIST_ENTRY(list) if (offsetof(typeof(*list),prev) != offsetof(ListStruct,prev)) \
{ \
ircd_log(LOG_ERROR, "[BUG] %s:%d: List operation on struct with incorrect order (->prev must be 1st struct member)", __FILE__, __LINE__); \
abort(); \
} \
if (offsetof(typeof(*list),next) != offsetof(ListStruct,next)) \
{ \
ircd_log(LOG_ERROR, "[BUG] %s:%d: List operation on struct with incorrect order (->next must be 2nd struct member))", __FILE__, __LINE__); \
abort(); \
}
#else
#define CHECK_LIST_ENTRY(list) /* not available on Windows, typeof() not reliable */
#endif
#define AddListItemPrio(item,list,prio) add_ListItemPrio((ListStructPrio *)item, (ListStructPrio **)&list, prio)
#define DelListItemPrio(item,list,prio) del_ListItem((ListStruct *)item, (ListStruct **)&list)
#define AddListItem(item,list) do { \
CHECK_LIST_ENTRY(list) \
add_ListItem((ListStruct *)item, (ListStruct **)&list); \
} while(0)
#define AppendListItem(item,list) do { \
CHECK_LIST_ENTRY(list) \
append_ListItem((ListStruct *)item, (ListStruct **)&list); \
} while(0)
#define DelListItem(item,list) do { \
CHECK_LIST_ENTRY(list) \
del_ListItem((ListStruct *)item, (ListStruct **)&list); \
} while(0)
#ifndef _WIN32
#define CHECK_PRIO_LIST_ENTRY(list) if (offsetof(typeof(*list),prev) != offsetof(ListStructPrio,prev)) \
{ \
ircd_log(LOG_ERROR, "[BUG] %s:%d: List operation on struct with incorrect order (->prev must be 1st struct member)", __FILE__, __LINE__); \
abort(); \
} \
if (offsetof(typeof(*list),next) != offsetof(ListStructPrio,next)) \
{ \
ircd_log(LOG_ERROR, "[BUG] %s:%d: List operation on struct with incorrect order (->next must be 2nd struct member))", __FILE__, __LINE__); \
abort(); \
} \
if (offsetof(typeof(*list),priority) != offsetof(ListStructPrio,priority)) \
{ \
ircd_log(LOG_ERROR, "[BUG] %s:%d: List operation on struct with incorrect order (->priority must be 3rd struct member))", __FILE__, __LINE__); \
abort(); \
}
#else
#define CHECK_PRIO_LIST_ENTRY(list) /* not available on Windows, typeof() not reliable */
#endif
#define AddListItemPrio(item,list,prio) do { \
CHECK_PRIO_LIST_ENTRY(list); \
add_ListItemPrio((ListStructPrio *)item, (ListStructPrio **)&list, prio); \
} while(0)
#define DelListItemPrio(item,list,prio) do { \
CHECK_PRIO_LIST_ENTRY(list); \
del_ListItem((ListStruct *)item, (ListStruct **)&list); \
} while(0)
struct liststruct {
ListStruct *prev, *next;
@@ -1664,7 +1770,8 @@ extern MODVAR char *gnulicense[];
struct Command {
aCommand *prev, *next;
char *cmd;
int (*func) ();
CmdFunc func;
AliasCmdFunc aliasfunc;
int flags;
unsigned int count;
unsigned parameters : 5;
@@ -1681,9 +1788,10 @@ struct Command {
struct _cmdoverride {
Cmdoverride *prev, *next;
int priority;
Module *owner;
aCommand *command;
int (*func)();
OverrideCmdFunc func;
};
struct ThrottlingBucket
@@ -1731,6 +1839,14 @@ struct ThrottlingBucket *find_throttling_bucket(aClient *);
void add_throttling_bucket(aClient *);
int throttle_can_connect(aClient *);
typedef struct _maxtargets MaxTarget;
struct _maxtargets {
MaxTarget *prev, *next;
char *cmd;
int limit;
};
#define MAXTARGETS_MAX 1000000 /* used for 'max' */
#define VERIFY_OPERCOUNT(clnt,tag) { if (IRCstats.operators < 0) verify_opercount(clnt,tag); } while(0)
#define MARK_AS_OFFICIAL_MODULE(modinf) do { if (modinf && modinf->handle) ModuleSetOptions(modinfo->handle, MOD_OPT_OFFICIAL, 1); } while(0)
@@ -1743,7 +1859,9 @@ int throttle_can_connect(aClient *);
#define BANCHK_MSG 1 /* checking if a ban forbids the person from sending messages */
#define BANCHK_NICK 2 /* checking if a ban forbids the person from changing his/her nick */
#define TKLISTLEN 26
#define TKLISTLEN 26
#define TKLIPHASHLEN1 4
#define TKLIPHASHLEN2 1021
#define MATCH_CHECK_IP 0x0001
#define MATCH_CHECK_REAL_HOST 0x0002
@@ -1759,10 +1877,42 @@ int throttle_can_connect(aClient *);
#define MATCH_USE_IDENT 0x0100
typedef enum {
PLAINTEXT_POLICY_ALLOW=1,
PLAINTEXT_POLICY_WARN=2,
PLAINTEXT_POLICY_DENY=3
} PlaintextPolicy;
POLICY_ALLOW=1,
POLICY_WARN=2,
POLICY_DENY=3
} Policy;
#define NO_EXIT_CLIENT 99
/*-- badwords --*/
#define MAX_MATCH 1
#define MAX_WORDLEN 64
#define PATTERN "\\w*%s\\w*"
#define REPLACEWORD "<censored>"
#define BADW_TYPE_INVALID 0x0
#define BADW_TYPE_FAST 0x1
#define BADW_TYPE_FAST_L 0x2
#define BADW_TYPE_FAST_R 0x4
#define BADW_TYPE_REGEX 0x8
#define BADWORD_REPLACE 1
#define BADWORD_BLOCK 2
typedef struct _configitem_badword ConfigItem_badword;
struct _configitem_badword {
ConfigItem_badword *prev, *next;
ConfigFlag flag;
char *word, *replace;
unsigned short type;
char action;
pcre2_code *pcre2_expr;
};
/*-- end of badwords --*/
#endif /* __struct_include__ */
-1
View File
@@ -22,7 +22,6 @@
#endif
#include <fcntl.h>
#include "h.h"
#include "badwords.h"
#ifdef _WIN32
#include "version.h"
#endif
+1
View File
@@ -3,6 +3,7 @@
#include "types.h"
int MODFUNC url_is_valid(const char *);
extern const char MODFUNC *displayurl(const char *url);
char MODFUNC *url_getfilename(const char *url);
char MODFUNC *download_file(const char *, char **);
void MODFUNC download_file_async(const char *, time_t, vFP, void *callback_data);
+2 -2
View File
@@ -54,9 +54,9 @@
* Can be useful if the above 3 versionids are insufficient for you (eg: you want to support CVS).
* This is updated automatically on the CVS server every Monday. so don't touch it.
*/
#define UNREAL_VERSION_TIME 201552
#define UNREAL_VERSION_TIME 201915
#define UnrealProtocol 4018
#define UnrealProtocol 4203
#define PATCH1 macro_to_str(UNREAL_VERSION_GENERATION)
#define PATCH2 "." macro_to_str(UNREAL_VERSION_MAJOR)
#define PATCH3 "." macro_to_str(UNREAL_VERSION_MINOR)
+4 -3
View File
@@ -54,6 +54,7 @@
#define NEED_U_INT32_T
#define PREFIX_AQ
#define LIST_SHOW_MODES
#define USE_TRE
#ifndef mode_t
#define GOT_STRCASECMP
#define strcasecmp _stricmp
@@ -81,13 +82,13 @@
#define UNREAL_VERSION_GENERATION 4
/* Major version number (e.g.: 2 for Unreal3.2*) */
#define UNREAL_VERSION_MAJOR 0
#define UNREAL_VERSION_MAJOR 2
/* Minor version number (e.g.: 1 for Unreal3.2.1) */
#define UNREAL_VERSION_MINOR 18
#define UNREAL_VERSION_MINOR 4
/* Version suffix such as a beta marker or release candidate marker. (e.g.:
-rcX for unrealircd-3.2.9-rcX) */
#define UNREAL_VERSION_SUFFIX "-devel"
#define UNREAL_VERSION_SUFFIX ".1"
#endif
+41 -5
View File
@@ -24,6 +24,11 @@ MT=mt
#PCRE2_INC_DIR="C:\dev\pcre2"
#PCRE2LIB="pcre2-8.lib"
### ARGON2 ###
#ARGON2_LIB_DIR="C:\dev\argon2\vs2015\build"
#ARGON2_INC_DIR="C:\dev\argon2\include"
#ARGON2LIB="Argon2RefDll.lib"
### C-ARES ####
#CARES_LIB_DIR="C:\dev\c-ares\vc\cares\dll-release"
#CARES_INC_DIR="C:\dev\c-ares"
@@ -94,6 +99,13 @@ PCRE2_INC=/I "$(PCRE2_INC_DIR)"
PCRE2_LIB=/LIBPATH:"$(PCRE2_LIB_DIR)"
!ENDIF
!IFDEF ARGON2_INC_DIR
ARGON2_INC=/I "$(ARGON2_INC_DIR)"
!ENDIF
!IFDEF ARGON2_LIB_DIR
ARGON2_LIB=/LIBPATH:"$(ARGON2_LIB_DIR)"
!ENDIF
!IFDEF USE_REMOTEINC
CURLCFLAGS=/D USE_LIBCURL
CURLOBJ=SRC/URL.OBJ
@@ -126,19 +138,19 @@ MODDBGCFLAG=/LDd /MD /Zi
!ENDIF
FD_SETSIZE=/D FD_SETSIZE=16384
CFLAGS=$(DBGCFLAG) $(TRE_INC) $(PCRE2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /J /I ./INCLUDE /I ./INCLUDE/WIN32/ARES /Fosrc/ /nologo \
CFLAGS=$(DBGCFLAG) $(TRE_INC) $(PCRE2_INC) $(ARGON2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /J /I ./INCLUDE /I ./INCLUDE/WIN32/ARES /Fosrc/ /nologo \
$(CURLCFLAGS) $(FD_SETSIZE) $(SSLCFLAGS) /D NOSPOOF=1 /c /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _USE_32BIT_TIME_T
CFLAGSST=$(DBGCFLAGST) $(TRE_INC) $(PCRE2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /J /I ./INCLUDE /I ./INCLUDE/WIN32/ARES /Fosrc/ /nologo \
CFLAGSST=$(DBGCFLAGST) $(TRE_INC) $(PCRE2_INC) $(ARGON2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /J /I ./INCLUDE /I ./INCLUDE/WIN32/ARES /Fosrc/ /nologo \
$(CURLCFLAGS) $(FD_SETSIZE) $(SSLCFLAGS) /D NOSPOOF=1 /c /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _USE_32BIT_TIME_T
LFLAGS=kernel32.lib user32.lib gdi32.lib shell32.lib ws2_32.lib advapi32.lib \
dbghelp.lib oldnames.lib comctl32.lib comdlg32.lib $(CARES_LIB) $(CARESLIB) $(TRE_LIB) $(TRELIB) \
$(PCRE2_LIB) $(PCRE2LIB) $(LIBRESSL_LIB) $(SSLLIB) $(LIBCURL_LIB) $(CURLLIB) /def:UnrealIRCd.def /implib:UnrealIRCd.lib \
$(PCRE2_LIB) $(PCRE2LIB) $(ARGON2_LIB) $(ARGON2LIB) $(LIBRESSL_LIB) $(SSLLIB) $(LIBCURL_LIB) $(CURLLIB) /def:UnrealIRCd.def /implib:UnrealIRCd.lib \
/nologo $(DBGLFLAG) /out:UnrealIRCd.exe
MODCFLAGS=$(MODDBGCFLAG) $(SSLCFLAGS) $(CURLCFLAGS) /J /Fesrc/modules/ \
/Fosrc/modules/ /nologo $(TRE_INC) $(PCRE2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /I ./INCLUDE /D \
/Fosrc/modules/ /nologo $(TRE_INC) $(PCRE2_INC) $(ARGON2_INC) $(CARES_INC) $(LIBCURL_INC) $(LIBRESSL_INC) /I ./INCLUDE /D \
DYNAMIC_LINKING /D NOSPOOF /D MODULE_COMPILE /D _CRT_SECURE_NO_DEPRECATE /D _CRT_NONSTDC_NO_DEPRECATE /D _USE_32BIT_TIME_T
MODLFLAGS=/link /def:src/modules/module.def UnrealIRCd.lib ws2_32.lib $(TRE_LIB) $(TRELIB) \
$(PCRE2_LIB) $(PCRE2LIB) $(CARES_LIB) $(LIBRESSL_LIB) $(SSLLIB) \
$(PCRE2_LIB) $(PCRE2LIB) $(ARGON2_LIB) $(ARGON2LIB) $(CARES_LIB) $(LIBRESSL_LIB) $(SSLLIB) \
$(LIBCURL_LIB) $(CURLLIB)
INCLUDES=./include/struct.h ./include/config.h ./include/sys.h \
@@ -168,6 +180,7 @@ OBJ_FILES=$(EXP_OBJ_FILES) SRC/GUI.OBJ SRC/SERVICE.OBJ SRC/DEBUG.OBJ SRC/RTF.OBJ
DLL_FILES=SRC/MODULES/M_CHGHOST.DLL SRC/MODULES/M_SDESC.DLL SRC/MODULES/M_SETIDENT.DLL \
SRC/MODULES/M_SETNAME.DLL SRC/MODULES/M_SETHOST.DLL SRC/MODULES/M_CHGIDENT.DLL \
SRC/MODULES/M_SVSMOTD.DLL SRC/MODULES/M_SVSNLINE.DLL SRC/MODULES/M_WHO.DLL \
SRC/MODULES/M_WHOX.DLL \
SRC/MODULES/M_SWHOIS.DLL SRC/MODULES/M_SVSMODE.DLL SRC/MODULES/M_AWAY.DLL \
SRC/MODULES/M_SVSNOOP.DLL SRC/MODULES/M_MKPASSWD.DLL \
SRC/MODULES/M_SVSNICK.DLL \
@@ -217,6 +230,11 @@ DLL_FILES=SRC/MODULES/M_CHGHOST.DLL SRC/MODULES/M_SDESC.DLL SRC/MODULES/M_SETIDE
SRC/MODULES/M_STAFF.DLL \
SRC/MODULES/NOCODES.DLL \
SRC/MODULES/CHARSYS.DLL \
SRC/MODULES/ANTIMIXEDUTF8.DLL \
SRC/MODULES/AUTHPROMPT.DLL \
SRC/MODULES/M_SINFO.DLL \
SRC/MODULES/REPUTATION.DLL \
SRC/MODULES/CONNTHROTTLE.DLL \
SRC/MODULES/CHANMODES/CENSOR.DLL \
SRC/MODULES/CHANMODES/DELAYJOIN.DLL \
SRC/MODULES/CHANMODES/FLOODPROT.DLL \
@@ -552,6 +570,9 @@ src/modules/m_svsnline.dll: src/modules/m_svsnline.c $(INCLUDES)
src/modules/m_who.dll: src/modules/m_who.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_who.c $(MODLFLAGS)
src/modules/m_whox.dll: src/modules/m_whox.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_whox.c $(MODLFLAGS)
src/modules/m_away.dll: src/modules/m_away.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_away.c $(MODLFLAGS)
@@ -843,6 +864,21 @@ src/modules/nocodes.dll: src/modules/nocodes.c $(INCLUDES)
src/modules/charsys.dll: src/modules/charsys.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/charsys.c $(MODLFLAGS)
src/modules/antimixedutf8.dll: src/modules/antimixedutf8.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/antimixedutf8.c $(MODLFLAGS)
src/modules/authprompt.dll: src/modules/authprompt.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/authprompt.c $(MODLFLAGS)
src/modules/m_sinfo.dll: src/modules/m_sinfo.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/m_sinfo.c $(MODLFLAGS)
src/modules/reputation.dll: src/modules/reputation.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/reputation.c $(MODLFLAGS)
src/modules/connthrottle.dll: src/modules/connthrottle.c $(INCLUDES)
$(CC) $(MODCFLAGS) src/modules/connthrottle.c $(MODLFLAGS)
src/modules/chanmodes/censor.dll: src/modules/chanmodes/censor.c $(INCLUDES)
$(CC) $(MODCFLAGS) /Fosrc/modules/chanmodes/ /Fesrc/modules/chanmodes/ src/modules/chanmodes/censor.c $(MODLFLAGS)
+4
View File
@@ -224,4 +224,8 @@ void clicap_post_rehash(void)
send_cap_notify(1, name);
}
}
/* Now free the old caps. */
for (i = 0; old_caps[i]; i++)
safefree(old_caps[i]);
}
+48 -54
View File
@@ -24,8 +24,6 @@
#include "h.h"
#include <string.h>
char *cmdstr = NULL;
int CommandExists(char *name)
{
aCommand *p;
@@ -39,7 +37,7 @@ int CommandExists(char *name)
return 0;
}
Command *CommandAdd(Module *module, char *cmd, int (*func)(), unsigned char params, int flags)
Command *CommandAddInternal(Module *module, char *cmd, CmdFunc func, AliasCmdFunc aliasfunc, unsigned char params, int flags)
{
Command *command = NULL;
aCommand *c;
@@ -59,7 +57,11 @@ Command *CommandAdd(Module *module, char *cmd, int (*func)(), unsigned char para
return NULL;
}
c = add_Command_backend(cmd, func, params, flags);
c = add_Command_backend(cmd);
c->parameters = (params > MAXPARA) ? MAXPARA : params;
c->flags = flags;
c->func = func;
c->aliasfunc = aliasfunc;
if (module)
{
@@ -76,73 +78,65 @@ Command *CommandAdd(Module *module, char *cmd, int (*func)(), unsigned char para
if (flags & M_ANNOUNCE)
{
char *tmp;
if (cmdstr)
tmp = MyMallocEx(strlen(cmdstr)+strlen(cmd)+2);
else
tmp = MyMallocEx(strlen(cmd)+2);
if (cmdstr)
{
strcpy(tmp, cmdstr);
strcat(tmp, ",");
}
strcat(tmp, cmd);
if (cmdstr)
{
IsupportSetValue(IsupportFind("CMDS"), tmp);
free(cmdstr);
}
else
IsupportAdd(NULL, "CMDS", tmp);
cmdstr = tmp;
config_warn("Command '%s' has M_ANNOUNCE set, but this is no longer "
"supported. Old 3rd party module %s? Check for updates!",
c->cmd, module ? module->header->name : "");
}
return command;
}
Command *CommandAdd(Module *module, char *cmd, CmdFunc func, unsigned char params, int flags)
{
if (flags & M_ALIAS)
{
config_error("Command '%s' used CommandAdd() to add a command alias, "
"but should have used AliasAdd() instead. "
"Old 3rd party module %s? Check for updates!",
cmd,
module ? module->header->name : "");
return NULL;
}
return CommandAddInternal(module, cmd, func, NULL, params, flags);
}
void CommandDel(Command *command) {
Command *AliasAdd(Module *module, char *cmd, AliasCmdFunc aliasfunc, unsigned char params, int flags)
{
if (!(flags & M_ALIAS))
flags |= M_ALIAS;
return CommandAddInternal(module, cmd, NULL, aliasfunc, params, flags);
}
void CommandDelX(Command *command, aCommand *cmd)
{
Cmdoverride *ovr, *ovrnext;
if (command->cmd->flags & M_ANNOUNCE)
DelListItem(cmd, CommandHash[toupper(*cmd->cmd)]);
if (command && cmd->owner)
{
char *tmp = MyMallocEx(strlen(cmdstr)+1);
char *tok;
for (tok = strtok(cmdstr, ","); tok; tok = strtok(NULL, ","))
{
if (!stricmp(tok, command->cmd->cmd))
continue;
if (tmp)
strcat(tmp, ",");
strcat(tmp, tok);
}
free(cmdstr);
if (!*tmp)
{
IsupportDel(IsupportFind("CMDS"));
free(tmp);
cmdstr = NULL;
}
else
cmdstr = tmp;
}
DelListItem(command->cmd, CommandHash[toupper(*command->cmd->cmd)]);
if (command->cmd->owner) {
ModuleObject *cmdobj;
for (cmdobj = command->cmd->owner->objects; cmdobj; cmdobj = cmdobj->next) {
if (cmdobj->type == MOBJ_COMMAND && cmdobj->object.command == command) {
DelListItem(cmdobj,command->cmd->owner->objects);
for (cmdobj = cmd->owner->objects; cmdobj; cmdobj = cmdobj->next)
{
if (cmdobj->type == MOBJ_COMMAND && cmdobj->object.command == command)
{
DelListItem(cmdobj,cmd->owner->objects);
MyFree(cmdobj);
break;
}
}
}
for (ovr = command->cmd->overriders; ovr; ovr = ovrnext)
for (ovr = cmd->overriders; ovr; ovr = ovrnext)
{
ovrnext = ovr->next;
CmdoverrideDel(ovr);
}
MyFree(command->cmd->cmd);
MyFree(command->cmd);
MyFree(command);
MyFree(cmd->cmd);
MyFree(cmd);
if (command)
MyFree(command);
}
void CommandDel(Command *command)
{
return CommandDelX(command, command->cmd);
}
+165 -94
View File
@@ -43,114 +43,107 @@ Isupport *Isupports; /* List of ISUPPORT (005) tokens */
#define MAXISUPPORTLINES 10
MODVAR char *IsupportStrings[MAXISUPPORTLINES+1];
extern char *cmdstr;
/**
* Builds isupport token strings.
* Respects both the 13 token limit and the 512 buffer limit.
void isupport_add_sorted(Isupport *is);
void make_isupportstrings(void);
/** Easier way to set a 005 name or name=value.
* @param name Name of the 005 token
* @param value Value of the 005 token (or NULL)
* @note The 'name' 005 token will be overwritten if it already exists.
* The 'value' may be NULL, in which case if there was a value
* it will be unset.
*/
/* TODO: is all this code really safe? */
void make_isupportstrings(void)
void IsupportSet(Module *module, const char *name, const char *value)
{
int i;
int bufsize = BUFSIZE-HOSTLEN-NICKLEN-39;
int tokcnt = 0, len = 0;
Isupport *isupport;
/* Clear out the old junk */
for (i = 0; IsupportStrings[i]; i++)
{
safefree(IsupportStrings[i]);
}
i = 0;
IsupportStrings[i] = MyMallocEx(bufsize);
for (isupport = Isupports; isupport; isupport = isupport->next)
{
int toklen;
/* Just a token */
if (!isupport->value)
{
toklen = strlen(isupport->token);
if (tokcnt == 13 || bufsize < len+toklen+1)
{
tokcnt = 0;
len = 0;
IsupportStrings[++i] = MyMallocEx(bufsize);
}
if (IsupportStrings[i][0]) toklen++;
ircsnprintf(IsupportStrings[i]+len, bufsize-len, "%s%s", IsupportStrings[i][0]? " ": "", isupport->token);
len += toklen;
tokcnt++;
}
else
{
toklen = strlen(isupport->token)+strlen(isupport->value)+1;
if (tokcnt == 13 || bufsize < len+toklen+1) {
tokcnt = 0;
len = 0;
IsupportStrings[++i] = MyMallocEx(bufsize);
}
if (IsupportStrings[i][0]) toklen++;
ircsnprintf(IsupportStrings[i]+len, bufsize-len, "%s%s=%s", IsupportStrings[i][0]? " ": "", isupport->token, isupport->value);
len += toklen;
tokcnt++;
}
if (i == MAXISUPPORTLINES)
abort(); /* should never happen anyway */
}
Isupport *is = IsupportFind(name);
if (!is)
is = IsupportAdd(module, name, value);
IsupportSetValue(is, value);
}
/** Easy way to set a 005 name=value with printf style formatting.
* @param name Name of the 005 token
* @param pattern Value pattern for the 005 token (or NULL)
* @param ... Any variables needed for 'pattern'.
* @note The 'name' 005 token will be overwritten if it already exists.
* The 'pattern' may be NULL, in which case if there was a value
* it will be unset.
*/
void IsupportSetFmt(Module *module, const char *name, const char *pattern, ...)
{
const char *value = NULL;
char buf[256];
va_list vl;
if (pattern)
{
va_start(vl, pattern);
ircvsnprintf(buf, sizeof(buf), pattern, vl);
va_end(vl);
value = buf;
}
IsupportSet(module, name, value);
}
void IsupportDelByName(const char *name)
{
Isupport *is = IsupportFind(name);
if (is)
IsupportDel(is);
}
extern void set_isupport_extban(void);
extern void set_isupport_targmax(void);
/**
* Initializes the builtin isupport tokens.
*/
void isupport_init(void)
{
char tmpbuf[512];
int i;
IsupportAdd(NULL, "INVEX", NULL);
IsupportAdd(NULL, "EXCEPTS", NULL);
IsupportSet(NULL, "INVEX", NULL);
IsupportSet(NULL, "EXCEPTS", NULL);
#ifdef PREFIX_AQ
IsupportAdd(NULL, "STATUSMSG", "~&@%+");
IsupportSet(NULL, "STATUSMSG", "~&@%+");
#else
IsupportAdd(NULL, "STATUSMSG", "@%+");
IsupportSet(NULL, "STATUSMSG", "@%+");
#endif
IsupportAdd(NULL, "ELIST", "MNUCT");
ircsnprintf(tmpbuf, sizeof(tmpbuf), "~,%s", extbanstr);
IsupportAdd(NULL, "EXTBAN", tmpbuf);
IsupportAdd(NULL, "CASEMAPPING", "ascii");
IsupportAdd(NULL, "NETWORK", ircnet005);
ircsnprintf(tmpbuf, sizeof(tmpbuf), CHPAR1 "%s," CHPAR2 "%s," CHPAR3 "%s," CHPAR4 "%s",
EXPAR1, EXPAR2, EXPAR3, EXPAR4);
IsupportAdd(NULL, "CHANMODES", tmpbuf);
IsupportAdd(NULL, "PREFIX", CHPFIX);
IsupportAdd(NULL, "CHANTYPES", "#");
IsupportAdd(NULL, "MODES", my_itoa(MAXMODEPARAMS));
IsupportAdd(NULL, "SILENCE", my_itoa(SILENCE_LIMIT));
IsupportSet(NULL, "ELIST", "MNUCT");
IsupportSet(NULL, "CASEMAPPING", "ascii");
IsupportSet(NULL, "NETWORK", ircnet005);
IsupportSetFmt(NULL, "CHANMODES",
CHPAR1 "%s," CHPAR2 "%s," CHPAR3 "%s," CHPAR4 "%s",
EXPAR1, EXPAR2, EXPAR3, EXPAR4);
IsupportSet(NULL, "PREFIX", CHPFIX);
IsupportSet(NULL, "CHANTYPES", "#");
IsupportSetFmt(NULL, "MODES", "%d", MAXMODEPARAMS);
IsupportSetFmt(NULL, "SILENCE", "%d", SILENCE_LIMIT);
if (WATCH_AWAY_NOTIFICATION)
IsupportAdd(NULL, "WATCHOPTS", "A");
IsupportAdd(NULL, "WATCH", my_itoa(MAXWATCH));
IsupportAdd(NULL, "WALLCHOPS", NULL);
IsupportAdd(NULL, "MAXTARGETS", my_itoa(MAXTARGETS));
IsupportAdd(NULL, "AWAYLEN", my_itoa(TOPICLEN));
IsupportAdd(NULL, "KICKLEN", my_itoa(TOPICLEN));
IsupportAdd(NULL, "TOPICLEN", my_itoa(TOPICLEN));
IsupportAdd(NULL, "CHANNELLEN", my_itoa(CHANNELLEN));
IsupportAdd(NULL, "NICKLEN", my_itoa(iConf.nicklen));
IsupportAdd(NULL, "MAXNICKLEN", my_itoa(NICKLEN));
ircsnprintf(tmpbuf, sizeof(tmpbuf), "b:%d,e:%d,I:%d", MAXBANS, MAXBANS, MAXBANS);
IsupportAdd(NULL, "MAXLIST", tmpbuf);
ircsnprintf(tmpbuf, sizeof(tmpbuf), "#:%d", MAXCHANNELSPERUSER);
IsupportAdd(NULL, "CHANLIMIT", tmpbuf);
IsupportAdd(NULL, "MAXCHANNELS", my_itoa(MAXCHANNELSPERUSER));
IsupportAdd(NULL, "HCN", NULL);
IsupportAdd(NULL, "SAFELIST", NULL);
IsupportAdd(NULL, "NAMESX", NULL);
IsupportSet(NULL, "WATCHOPTS", "A");
else
IsupportDelByName("WATCHOPTS");
IsupportSetFmt(NULL, "WATCH", "%d", MAXWATCH);
IsupportSet(NULL, "WALLCHOPS", NULL);
IsupportSetFmt(NULL, "AWAYLEN", "%d", iConf.away_length);
IsupportSetFmt(NULL, "KICKLEN", "%d", iConf.kick_length);
IsupportSetFmt(NULL, "TOPICLEN", "%d", iConf.topic_length);
IsupportSetFmt(NULL, "QUITLEN", "%d", iConf.quit_length);
IsupportSetFmt(NULL, "CHANNELLEN", "%d", CHANNELLEN);
IsupportSetFmt(NULL, "NICKLEN", "%d", iConf.nick_length);
IsupportSetFmt(NULL, "MAXNICKLEN", "%d", NICKLEN);
IsupportSetFmt(NULL, "MAXLIST", "b:%d,e:%d,I:%d", MAXBANS, MAXBANS, MAXBANS);
IsupportSetFmt(NULL, "CHANLIMIT", "#:%d", MAXCHANNELSPERUSER);
IsupportSetFmt(NULL, "MAXCHANNELS", "%d", MAXCHANNELSPERUSER);
IsupportSet(NULL, "HCN", NULL);
IsupportSet(NULL, "SAFELIST", NULL);
IsupportSet(NULL, "NAMESX", NULL);
if (UHNAMES_ENABLED)
IsupportAdd(NULL, "UHNAMES", NULL);
if (cmdstr)
IsupportAdd(NULL, "CMDS", cmdstr);
IsupportSet(NULL, "UHNAMES", NULL);
else
IsupportDelByName("UHNAMES");
IsupportSet(NULL, "DEAF", "d");
set_isupport_extban(); /* EXTBAN=xyz */
set_isupport_targmax(); /* TARGMAX=... */
}
/**
@@ -245,7 +238,7 @@ Isupport *IsupportAdd(Module *module, const char *token, const char *value)
isupport->token = strdup(token);
if (value)
isupport->value = strdup(value);
AddListItem(isupport, Isupports);
isupport_add_sorted(isupport);
make_isupportstrings();
if (module)
{
@@ -272,3 +265,81 @@ void IsupportDel(Isupport *isupport)
free(isupport);
make_isupportstrings();
}
/**
* Builds isupport token strings.
* Respects both the 13 token limit and the 512 buffer limit.
*/
void make_isupportstrings(void)
{
int i;
#define ISUPPORTLEN BUFSIZE-HOSTLEN-NICKLEN-39
int bufsize = ISUPPORTLEN;
int tokcnt = 0, len = 0;
Isupport *isupport;
char tmp[ISUPPORTLEN];
/* Free any previous strings */
for (i = 0; IsupportStrings[i]; i++)
safefree(IsupportStrings[i]);
i = 0;
IsupportStrings[i] = MyMallocEx(bufsize+1);
for (isupport = Isupports; isupport; isupport = isupport->next)
{
if (isupport->value)
snprintf(tmp, sizeof(tmp), "%s=%s", isupport->token, isupport->value);
else
strlcpy(tmp, isupport->token, sizeof(tmp));
tokcnt++;
if ((strlen(IsupportStrings[i]) + strlen(tmp) + 1 >= ISUPPORTLEN) || (tokcnt == 13))
{
/* No room or max tokens reached: start a new buffer */
IsupportStrings[++i] = MyMallocEx(bufsize+1);
tokcnt = 1;
if (i == MAXISUPPORTLINES)
abort(); /* should never happen anyway */
}
if (*IsupportStrings[i])
strlcat(IsupportStrings[i], " ", ISUPPORTLEN);
strlcat(IsupportStrings[i], tmp, ISUPPORTLEN);
}
}
void isupport_add_sorted(Isupport *n)
{
Isupport *e;
if (!Isupports)
{
Isupports = n;
return;
}
for (e = Isupports; e; e = e->next)
{
if (strcmp(n->token, e->token) < 0)
{
/* Insert us before */
if (e->prev)
e->prev->next = n;
else
Isupports = n; /* new head */
n->prev = e->prev;
n->next = e;
e->prev = n;
return;
}
if (!e->next)
{
/* Append us at end */
e->next = n;
n->prev = e;
return;
}
}
}
+104 -183
View File
@@ -19,6 +19,7 @@
#include "unrealircd.h"
#include "crypt_blowfish.h"
#include <argon2.h>
anAuthStruct MODVAR AuthTypes[] = {
{"plain", AUTHTYPE_PLAINTEXT},
@@ -34,6 +35,7 @@ anAuthStruct MODVAR AuthTypes[] = {
{"sslclientcertfp", AUTHTYPE_SSL_CLIENTCERTFP},
{"certfp", AUTHTYPE_SSL_CLIENTCERTFP},
{"spkifp", AUTHTYPE_SPKIFP},
{"argon2", AUTHTYPE_ARGON2},
{NULL, 0}
};
@@ -83,6 +85,9 @@ int Auth_AutoDetectHashType(char *hash)
if (!strncmp(hash, "$2a$", 4) || !strncmp(hash, "$2b$", 4) || !strncmp(hash, "$2y$", 4))
return AUTHTYPE_BCRYPT;
if (!strncmp(hash, "$argon2", 7))
return AUTHTYPE_ARGON2;
/* Now handle UnrealIRCd-style password hashes.. */
if (parsepass(hash, &saltstr, &hashstr) == 0)
return AUTHTYPE_PLAINTEXT; /* old method (pre-3.2.1) or could not detect, fallback. */
@@ -197,7 +202,34 @@ int Auth_CheckError(ConfigEntry *ce)
break;
default: ;
}
if ((type == AUTHTYPE_MD5) || (type == AUTHTYPE_SHA1) || (type == AUTHTYPE_RIPEMD160))
{
config_warn("%s:%i: Deprecated authentication type. "
"Consider using the more secure auth-type 'argon2' instead. "
"See https://www.unrealircd.org/docs/Authentication_types for the complete list.",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
/* do not return, not an error. */
}
/* Unix crypt is a bit more complicated: most types are outright 'bad',
* while other types have reasonable security similar to 'bcrypt'.
* To be honest these people should probably use 'argon2' since it's
* a lot better. Then again, warning about this when it's still such
* a common hashing method (now, in 2018) may be a bit overzealous.
* So: not warning about crypt types $5/$6 which use SHA256/SHA512
* with normally at least 5000 rounds (unless deliberately weakened
* by the user).
*/
if ((type == AUTHTYPE_UNIXCRYPT) && strncmp(ce->ce_vardata, "$5", 2) &&
strncmp(ce->ce_vardata, "$6", 2) && !strstr(ce->ce_vardata, "$rounds"))
{
config_warn("%s:%i: Using simple crypt for authentication is not recommended. "
"Consider using the more secure auth-type 'argon2' instead. "
"See https://www.unrealircd.org/docs/Authentication_types for the complete list.",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
/* do not return, not an error. */
}
if ((type == AUTHTYPE_PLAINTEXT) && (strlen(ce->ce_vardata) > PASSWDLEN))
{
config_error("%s:%i: passwords length may not exceed %d",
@@ -272,6 +304,31 @@ int max;
return 1;
}
static int authcheck_argon2(aClient *cptr, anAuthStruct *as, char *para)
{
argon2_type hashtype;
if (!para)
return -1;
/* Find out the hashtype. Why do we need to do this, why is this
* not in the library or irrelevant by using some generic function?
*/
if (!strncmp(as->data, "$argon2id", 9))
hashtype = Argon2_id;
else if (!strncmp(as->data, "$argon2i", 8))
hashtype = Argon2_i;
else if (!strncmp(as->data, "$argon2d", 8))
hashtype = Argon2_d;
else
return -1; /* unknown argon2 type */
if (argon2_verify(as->data, para, strlen(para), hashtype) == ARGON2_OK)
return 2; /* MATCH */
return -1; /* NO MATCH or error */
}
static int authcheck_bcrypt(aClient *cptr, anAuthStruct *as, char *para)
{
char data[512]; /* NOTE: only 64 required by BF_crypt() */
@@ -500,6 +557,9 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
return 2;
return -1;
case AUTHTYPE_ARGON2:
return authcheck_argon2(cptr, as, para);
case AUTHTYPE_BCRYPT:
return authcheck_bcrypt(cptr, as, para);
@@ -603,6 +663,44 @@ int Auth_Check(aClient *cptr, anAuthStruct *as, char *para)
return -1;
}
#define UNREALIRCD_ARGON2_DEFAULT_TIME_COST 3
#define UNREALIRCD_ARGON2_DEFAULT_MEMORY_COST 8192
#define UNREALIRCD_ARGON2_DEFAULT_PARALLELISM_COST 2
#define UNREALIRCD_ARGON2_DEFAULT_HASH_LENGTH 32
#define UNREALIRCD_ARGON2_DEFAULT_SALT_LENGTH (128/8)
static char *mkpass_argon2(char *para)
{
static char buf[512];
char salt[UNREALIRCD_ARGON2_DEFAULT_SALT_LENGTH];
int ret, i;
if (!para)
return NULL;
/* Initialize salt */
for (i=0; i < sizeof(salt); i++)
salt[i] = getrandom8();
*buf = '\0';
ret = argon2id_hash_encoded(UNREALIRCD_ARGON2_DEFAULT_TIME_COST,
UNREALIRCD_ARGON2_DEFAULT_MEMORY_COST,
UNREALIRCD_ARGON2_DEFAULT_PARALLELISM_COST,
para,
strlen(para),
salt,
sizeof(salt),
UNREALIRCD_ARGON2_DEFAULT_HASH_LENGTH,
buf,
sizeof(buf));
if (ret != ARGON2_OK)
return NULL; /* internal error */
return buf;
}
static char *mkpass_bcrypt(char *para)
{
static char buf[128];
@@ -634,197 +732,20 @@ static char *mkpass_bcrypt(char *para)
return buf;
}
static char *mkpass_md5(char *para)
{
static char buf[128];
char result1[16+REALSALTLEN];
char result2[16];
char saltstr[REALSALTLEN]; /* b64 encoded printable string*/
char saltraw[RAWSALTLEN]; /* raw binary */
char xresult[64];
int i;
if (!para) return NULL;
/* generate a random salt... */
for (i=0; i < RAWSALTLEN; i++)
saltraw[i] = getrandom8();
i = b64_encode(saltraw, RAWSALTLEN, saltstr, REALSALTLEN);
if (!i) return NULL;
/* b64(MD5(MD5(<pass>)+salt))
* ^^^^^^^^^^^
* step 1
* ^^^^^^^^^^^^^^^^^^^^^
* step 2
* ^^^^^^^^^^^^^^^^^^^^^^^^^^
* step 3
*/
/* STEP 1 */
DoMD5(result1, para, strlen(para));
/* STEP 2 */
/* add salt to result */
memcpy(result1+16, saltraw, RAWSALTLEN);
/* Then hash it all together */
DoMD5(result2, result1, RAWSALTLEN+16);
/* STEP 3 */
/* Then base64 encode it all together.. */
i = b64_encode(result2, sizeof(result2), xresult, sizeof(xresult));
if (!i) return NULL;
/* Good.. now create the whole string:
* $<saltb64d>$<totalhashb64d>
*/
ircsnprintf(buf, sizeof(buf), "$%s$%s", saltstr, xresult);
return buf;
}
static char *mkpass_sha1(char *para)
{
static char buf[128];
char result1[20+REALSALTLEN];
char result2[20];
char saltstr[REALSALTLEN]; /* b64 encoded printable string*/
char saltraw[RAWSALTLEN]; /* raw binary */
char xresult[64];
SHA_CTX hash;
int i;
if (!para) return NULL;
/* generate a random salt... */
for (i=0; i < RAWSALTLEN; i++)
saltraw[i] = getrandom8();
i = b64_encode(saltraw, RAWSALTLEN, saltstr, REALSALTLEN);
if (!i) return NULL;
/* b64(SHA1(SHA1(<pass>)+salt))
* ^^^^^^^^^^^
* step 1
* ^^^^^^^^^^^^^^^^^^^^^
* step 2
* ^^^^^^^^^^^^^^^^^^^^^^^^^^
* step 3
*/
/* STEP 1 */
SHA1_Init(&hash);
SHA1_Update(&hash, para, strlen(para));
SHA1_Final(result1, &hash);
/* STEP 2 */
/* add salt to result */
memcpy(result1+20, saltraw, RAWSALTLEN);
/* Then hash it all together */
SHA1_Init(&hash);
SHA1_Update(&hash, result1, RAWSALTLEN+20);
SHA1_Final(result2, &hash);
/* STEP 3 */
/* Then base64 encode it all together.. */
i = b64_encode(result2, sizeof(result2), xresult, sizeof(xresult));
if (!i) return NULL;
/* Good.. now create the whole string:
* $<saltb64d>$<totalhashb64d>
*/
ircsnprintf(buf, sizeof(buf), "$%s$%s", saltstr, xresult);
return buf;
}
static char *mkpass_ripemd160(char *para)
{
static char buf[128];
char result1[20+REALSALTLEN];
char result2[20];
char saltstr[REALSALTLEN]; /* b64 encoded printable string*/
char saltraw[RAWSALTLEN]; /* raw binary */
char xresult[64];
RIPEMD160_CTX hash;
int i;
if (!para) return NULL;
/* generate a random salt... */
for (i=0; i < RAWSALTLEN; i++)
saltraw[i] = getrandom8();
i = b64_encode(saltraw, RAWSALTLEN, saltstr, REALSALTLEN);
if (!i) return NULL;
/* b64(RIPEMD160(RIPEMD160(<pass>)+salt))
* ^^^^^^^^^^^
* step 1
* ^^^^^^^^^^^^^^^^^^^^^
* step 2
* ^^^^^^^^^^^^^^^^^^^^^^^^^^
* step 3
*/
/* STEP 1 */
RIPEMD160_Init(&hash);
RIPEMD160_Update(&hash, para, strlen(para));
RIPEMD160_Final(result1, &hash);
/* STEP 2 */
/* add salt to result */
memcpy(result1+20, saltraw, RAWSALTLEN);
/* Then hash it all together */
RIPEMD160_Init(&hash);
RIPEMD160_Update(&hash, result1, RAWSALTLEN+20);
RIPEMD160_Final(result2, &hash);
/* STEP 3 */
/* Then base64 encode it all together.. */
i = b64_encode(result2, sizeof(result2), xresult, sizeof(xresult));
if (!i) return NULL;
/* Good.. now create the whole string:
* $<saltb64d>$<totalhashb64d>
*/
ircsnprintf(buf, sizeof(buf), "$%s$%s", saltstr, xresult);
return buf;
}
char *Auth_Make(short type, char *para)
{
char salt[3];
extern char *crypt();
switch (type)
{
case AUTHTYPE_PLAINTEXT:
return (para);
return para;
case AUTHTYPE_ARGON2:
return mkpass_argon2(para);
case AUTHTYPE_BCRYPT:
return mkpass_bcrypt(para);
case AUTHTYPE_UNIXCRYPT:
if (!para)
return NULL;
/* If our data is like 1 or none, we just let em through .. */
if (!(para[0] && para[1]))
return NULL;
snprintf(salt, sizeof(salt), "%02X", (unsigned int)getrandom8());
return(crypt(para, salt));
case AUTHTYPE_MD5:
return mkpass_md5(para);
case AUTHTYPE_SHA1:
return mkpass_sha1(para);
case AUTHTYPE_RIPEMD160:
return mkpass_ripemd160(para);
default:
return (NULL);
return NULL;
}
}
+107 -55
View File
@@ -80,7 +80,7 @@ aCtab cFlagTab[] = {
{MODE_BAN, 'b', 1, 1},
{MODE_EXCEPT, 'e', 1, 1}, /* exception ban */
{MODE_INVEX, 'I', 1, 1}, /* invite-only exception */
{0x0, 0x0, 0x0}
{0x0, 0x0, 0x0, 0x0}
};
char cmodestring[512];
@@ -332,15 +332,15 @@ int identical_ban(char *one, char *two)
return 0;
}
/*
* add_listmode - Add a listmode (+beI) with the specified banid to
* the specified channel.
/** Add a listmode (+beI) with the specified banid to
* the specified channel. (Extended version with
* set by nick and set on timestamp)
*/
int add_listmode(Ban **list, aClient *cptr, aChannel *chptr, char *banid)
int add_listmode_ex(Ban **list, aClient *cptr, aChannel *chptr, char *banid, char *setby, TS seton)
{
Ban *ban;
int cnt = 0, len;
int do_not_add = 0;
if (MyClient(cptr))
(void)collapse(banid);
@@ -348,9 +348,13 @@ int add_listmode(Ban **list, aClient *cptr, aChannel *chptr, char *banid)
len = strlen(banid);
if (!*list && ((len > MAXBANLENGTH) || (MAXBANS < 1)))
{
sendto_one(cptr, err_str(ERR_BANLISTFULL),
me.name, cptr->name, chptr->chname, banid);
return -1;
if (MyClient(cptr))
{
/* Only send the error to local clients */
sendto_one(cptr, err_str(ERR_BANLISTFULL),
me.name, cptr->name, chptr->chname, banid);
}
do_not_add = 1;
}
for (ban = *list; ban; ban = ban->next)
{
@@ -366,19 +370,56 @@ int add_listmode(Ban **list, aClient *cptr, aChannel *chptr, char *banid)
sendto_one(cptr, err_str(ERR_BANLISTFULL),
me.name, cptr->name, chptr->chname, banid);
}
return -1;
do_not_add = 1;
}
if (identical_ban(ban->banstr, banid))
return -1;
break; /* update existing ban (potentially) */
}
ban = make_ban();
ban->next = *list;
ban->banstr = strdup(banid);
ban->who = strdup(cptr->name);
ban->when = TStime();
*list = ban;
/* Create a new ban if needed */
if (!ban)
{
if (do_not_add)
{
/* The banlist is full and trying to add a new ban.
* This is not permitted.
*/
return -1;
}
ban = make_ban();
ban->next = *list;
*list = ban;
}
if ((ban->when > 0) && (seton >= ban->when))
{
/* Trying to add the same ban while an older version
* or identical version of the ban already exists.
*/
return -1;
}
/* Update/set if this ban is new or older than existing one */
safestrdup(ban->banstr, banid); /* cAsE may differ, use oldest version of it */
safestrdup(ban->who, setby);
ban->when = seton;
return 0;
}
/** Add a listmode (+beI) with the specified banid to
* the specified channel. (Simplified version)
*/
int add_listmode(Ban **list, aClient *cptr, aChannel *chptr, char *banid)
{
char *setby = cptr->name;
char nuhbuf[NICKLEN+USERLEN+HOSTLEN+4];
if (IsPerson(cptr) && (iConf.ban_setter == SETTER_NICK_USER_HOST))
setby = make_nick_user_host_r(nuhbuf, cptr->name, cptr->user->username, GetHost(cptr));
return add_listmode_ex(list, cptr, chptr, banid, setby, TStime());
}
/*
* del_listmode - delete a listmode (+beI) from a channel
* that matches the specified banid.
@@ -419,7 +460,7 @@ int del_listmode(Ban **list, aChannel *chptr, char *banid)
*/
inline Ban *is_banned(aClient *sptr, aChannel *chptr, int type)
{
return is_banned_with_nick(sptr, chptr, type, sptr->name);
return is_banned_with_nick(sptr, chptr, type, NULL);
}
/** ban_check_mask - Checks if the user matches the specified n!u@h mask -or- run an extended ban.
@@ -459,52 +500,63 @@ inline int ban_check_mask(aClient *sptr, aChannel *chptr, char *banstr, int type
* @param sptr Client to check (can be remote client)
* @param chptr Channel to check
* @param type Type of ban to check for (BANCHK_*)
* @param nick Nick of the user
* @param nick Nick of the user (or NULL, to default to sptr->name)
* @returns A pointer to the ban struct if banned, otherwise NULL.
*/
Ban *is_banned_with_nick(aClient *sptr, aChannel *chptr, int type, char *nick)
{
Ban *tmp, *tmp2;
Ban *ban, *ex;
char savednick[NICKLEN+1];
/* It's not really doable to pass 'nick' to all the ban layers,
* including extbans (with stacking) and so on. Or at least not
* without breaking several module API's.
* So, instead, we temporarily set 'sptr->name' to 'nick' and
* restore it to the orginal value at the end of this function.
* This is possible because all these layers never send a message
* to 'sptr' and only indicate success/failure.
* Note that all this ONLY happens if is_banned_with_nick() is called
* with a non-NULL nick. That doesn't happen much. In UnrealIRCd
* only in case of '/NICK newnick'. This fixes #5165.
*/
if (nick)
{
strlcpy(savednick, sptr->name, sizeof(savednick));
strlcpy(sptr->name, nick, sizeof(sptr->name));
}
/* We check +b first, if a +b is found we then see if there is a +e.
* If a +e was found we return NULL, if not, we return the ban.
*/
for (tmp = chptr->banlist; tmp; tmp = tmp->next)
{
if (!ban_check_mask(sptr, chptr, tmp->banstr, type, 0))
continue;
/* Ban found, now check for +e */
for (tmp2 = chptr->exlist; tmp2; tmp2 = tmp2->next)
{
if (ban_check_mask(sptr, chptr, tmp2->banstr, type, 0))
return NULL; /* except matched */
}
break; /* ban found and not on except */
for (ban = chptr->banlist; ban; ban = ban->next)
{
if (ban_check_mask(sptr, chptr, ban->banstr, type, 0))
break;
}
return (tmp);
}
/*
* Checks if the "user" IRC is banned, used by +mu.
*/
static int is_irc_banned(aChannel *chptr)
{
Ban *tmp;
/* Check for this user, ident/host are "illegal" on purpose */
char *check = "IRC!\001@\001";
for (tmp = chptr->banlist; tmp; tmp = tmp->next)
if (match(tmp->banstr, check) == 0)
if (ban)
{
/* Ban found, now check for +e */
for (ex = chptr->exlist; ex; ex = ex->next)
{
/* Ban found, now check for +e */
for (tmp = chptr->exlist; tmp; tmp = tmp->next)
if (match(tmp->banstr, check) == 0)
return 0; /* In exception list */
return 1;
if (ban_check_mask(sptr, chptr, ex->banstr, type, 0))
{
/* except matched */
ban = NULL;
break;
}
}
return 0;
/* user is not on except, 'ban' stays non-NULL. */
}
if (nick)
{
/* Restore the nick */
strlcpy(sptr->name, savednick, sizeof(sptr->name));
}
return ban;
}
/*
@@ -709,7 +761,7 @@ int can_send(aClient *cptr, aChannel *chptr, char *msgtext, int notice)
}
lp = find_membership_link(cptr->user->channel, chptr);
if (chptr->mode.mode & MODE_MODERATED && !op_can_override("override:message:moderated",cptr,chptr,NULL) &&
if (chptr->mode.mode & MODE_MODERATED && !op_can_override("channel:override:message:moderated",cptr,chptr,NULL) &&
(!lp
|| !(lp->flags & (CHFL_CHANOP | CHFL_VOICE | CHFL_CHANOWNER |
CHFL_HALFOP | CHFL_CHANPROT))))
@@ -739,7 +791,7 @@ int can_send(aClient *cptr, aChannel *chptr, char *msgtext, int notice)
return i;
/* Makes opers able to talk thru bans -Stskeeps suggested by The_Cat */
if (op_can_override("override:message:ban",cptr,chptr,NULL))
if (op_can_override("channel:override:message:ban",cptr,chptr,NULL))
return 0;
if ((!lp
@@ -963,7 +1015,7 @@ char *clean_ban_mask(char *mask, int what, aClient *cptr)
/* Extended ban? */
if ((*mask == '~') && mask[1] && (mask[2] == ':'))
{
if (RESTRICT_EXTENDEDBANS && MyClient(cptr) && !ValidatePermissionsForPath("channel:extbans",cptr,NULL,NULL,NULL))
if (RESTRICT_EXTENDEDBANS && MyClient(cptr) && !ValidatePermissionsForPath("immune:restrict-extendedbans",cptr,NULL,NULL,NULL))
{
if (!strcmp(RESTRICT_EXTENDEDBANS, "*"))
{
@@ -1048,7 +1100,7 @@ void clean_channelname(char *cn)
* or some such.
* --Wizzu
*/
if (*ch < 33 || *ch == ',' || *ch == ':' || *ch == 160)
if (*ch < 33 || *ch == ',' || *ch == ':')
{
*ch = '\0';
return;
+11 -1
View File
@@ -129,7 +129,13 @@ void crash_report_fix_libs(char *coredump, int *thirdpartymods)
#ifndef _WIN32
FILE *fd;
char cmd[512], buf[1024];
/* This is needed for this function to work, but we keep it since it's
* useful in general to have the bug report in English as well.
*/
setenv("LANG", "C", 1);
setenv("LC_ALL", "C", 1);
snprintf(cmd, sizeof(cmd), "echo info sharedlibrary|gdb %s/unrealircd %s 2>&1",
BINDIR, coredump);
@@ -367,7 +373,11 @@ int attach_coredump(FILE *fdo, char *coredump)
attach_file(fdi, fdo);
#ifndef _WIN32
pclose(fdi);
#else
fclose(fdi);
#endif
return 1;
}
+1 -1
View File
@@ -169,7 +169,7 @@ int dbuf_getmsg(dbuf *dyn, char *buf)
}
else switch (phase)
{
case 0: phase = 1;
case 0: phase = 1; /* FALLTHROUGH */
case 1: if (line_bytes++ < BUFSIZE - 2)
*buf++ = c;
break;
+2
View File
@@ -46,6 +46,7 @@ ID_Copyright("(C) Carsten Munk 2001");
MODVAR Event *events = NULL;
extern EVENT(unrealdns_removeoldrecords);
extern EVENT(deprecated_notice);
void LockEventSystem(void)
{
@@ -213,6 +214,7 @@ void SetupEvents(void)
EventAddEx(NULL, "garbage", GARBAGE_COLLECT_EVERY, 0, garbage_collect, NULL);
EventAddEx(NULL, "loop", 0, 0, loop_event, NULL);
EventAddEx(NULL, "unrealdns_removeoldrecords", 15, 0, unrealdns_removeoldrecords, NULL);
EventAddEx(NULL, "deprecated_notice", (86400*7)-(3600*8), 0, deprecated_notice, NULL);
EventAddEx(NULL, "check_pings", 1, 0, check_pings, NULL);
EventAddEx(NULL, "check_deadsockets", 1, 0, check_deadsockets, NULL);
EventAddEx(NULL, "check_unknowns", 1, 0, check_unknowns, NULL);
+6 -14
View File
@@ -42,12 +42,10 @@
Extban MODVAR ExtBan_Table[EXTBANTABLESZ]; /* this should be fastest */
unsigned MODVAR short ExtBan_highest = 0;
char MODVAR extbanstr[EXTBANTABLESZ+1];
void make_extbanstr(void)
void set_isupport_extban(void)
{
int i;
char *m;
char extbanstr[EXTBANTABLESZ+1], *m;
m = extbanstr;
for (i = 0; i <= ExtBan_highest; i++)
@@ -56,6 +54,7 @@ void make_extbanstr(void)
*m++ = ExtBan_Table[i].flag;
}
*m = 0;
IsupportSetFmt(NULL, "EXTBAN", "~,%s", extbanstr);
}
Extban *findmod_by_bantype(char c)
@@ -106,12 +105,7 @@ char tmpbuf[512];
module->errorcode = MODERR_NOERROR;
}
ExtBan_highest = slot;
if (loop.ircd_booted)
{
make_extbanstr();
ircsnprintf(tmpbuf, sizeof(tmpbuf), "~,%s", extbanstr);
IsupportSetValue(IsupportFind("EXTBAN"), tmpbuf);
}
set_isupport_extban();
return &ExtBan_Table[slot];
}
@@ -134,9 +128,7 @@ char tmpbuf[512];
}
}
memset(eb, 0, sizeof(Extban));
make_extbanstr();
ircsnprintf(tmpbuf, sizeof(tmpbuf), "~,%s", extbanstr);
IsupportSetValue(IsupportFind("EXTBAN"), tmpbuf);
set_isupport_extban();
/* Hmm do we want to go trough all chans and remove the bans?
* I would say 'no' because perhaps we are just reloading,
* and else.. well... screw them?
@@ -162,7 +154,7 @@ int extban_is_ok_nuh_extban(aClient* sptr, aChannel* chptr, char* para, int chec
if (extban_is_ok_recursion)
return 0; /* Fail: more than one stacked extban */
if ((checkt == EXBCHK_PARAM) && RESTRICT_EXTENDEDBANS && !ValidatePermissionsForPath("channel:extbans",sptr,NULL,chptr,NULL))
if ((checkt == EXBCHK_PARAM) && RESTRICT_EXTENDEDBANS && !ValidatePermissionsForPath("immune:restrict-extendedbans",sptr,NULL,chptr,NULL))
{
/* Test if this specific extban has been disabled.
* (We can be sure RESTRICT_EXTENDEDBANS is not *. Else this extended ban wouldn't be happening at all.)
+18 -7
View File
@@ -39,8 +39,6 @@
#include <fcntl.h>
#include "h.h"
extern char cmodestring[512];
/* Channel parameter to slot# mapping */
MODVAR unsigned char param_to_slot_mapping[256];
@@ -93,12 +91,25 @@ void extcmodes_check_for_changes(void)
{
char chanmodes[256];
Isupport *isup;
make_cmodestr();
make_extcmodestr();
ircsnprintf(chanmodes, sizeof(chanmodes), CHPAR1 "%s," CHPAR2 "%s," CHPAR3 "%s," CHPAR4 "%s",
EXPAR1, EXPAR2, EXPAR3, EXPAR4);
snprintf(chanmodes, sizeof(chanmodes), "%s%s", CHPAR1, EXPAR1);
safestrdup(me.serv->features.chanmodes[0], chanmodes);
snprintf(chanmodes, sizeof(chanmodes), "%s%s", CHPAR2, EXPAR2);
safestrdup(me.serv->features.chanmodes[1], chanmodes);
snprintf(chanmodes, sizeof(chanmodes), "%s%s", CHPAR3, EXPAR3);
safestrdup(me.serv->features.chanmodes[2], chanmodes);
snprintf(chanmodes, sizeof(chanmodes), "%s%s", CHPAR4, EXPAR4);
safestrdup(me.serv->features.chanmodes[3], chanmodes);
ircsnprintf(chanmodes, sizeof(chanmodes), "%s,%s,%s,%s",
me.serv->features.chanmodes[0],
me.serv->features.chanmodes[1],
me.serv->features.chanmodes[2],
me.serv->features.chanmodes[3]);
isup = IsupportFind("CHANMODES");
if (!isup)
{
@@ -108,7 +119,7 @@ void extcmodes_check_for_changes(void)
IsupportSetValue(isup, chanmodes);
if (strcmp(chanmodes, previous_chanmodes))
if (*previous_chanmodes && strcmp(chanmodes, previous_chanmodes))
{
ircd_log(LOG_ERROR, "Channel modes changed at runtime: %s -> %s",
previous_chanmodes, chanmodes);
+49 -15
View File
@@ -402,6 +402,18 @@ EVENT(garbage_collect)
loop.do_garbage_collect = 0;
}
EVENT(deprecated_notice)
{
/* Send a warning to opers currently online every week after June 1, 2020 */
if (TStime() > 1590962400)
{
char *msg = "[WARNING] UnrealIRCd 4.x is no longer supported after December 31, 2020. "
"See https://www.unrealircd.org/docs/UnrealIRCd_4_EOL";
sendto_realops("%s", msg);
ircd_log(LOG_ERROR, "%s", msg);
}
}
/*
** try_connections
**
@@ -544,6 +556,13 @@ EVENT(check_unknowns)
{
if (cptr->local->firsttime && ((TStime() - cptr->local->firsttime) > iConf.handshake_timeout))
{
if (cptr->serv && *cptr->serv->by)
{
/* If this is a handshake timeout to an outgoing server then notify ops & log it */
sendto_ops_and_log("Connection handshake timeout while connecting to server '%s' (%s)",
cptr->name, cptr->ip?cptr->ip:"<unknown ip>");
}
(void)exit_client(cptr, cptr, &me, "Registration Timeout");
continue;
}
@@ -581,7 +600,7 @@ int check_ping(aClient *cptr)
IsHandshake(cptr)
|| IsSSLConnectHandshake(cptr)
) {
sendto_realops
sendto_ops_and_log
("No response from %s, closing link",
get_client_name(cptr, FALSE));
sendto_server(&me, 0, 0,
@@ -991,7 +1010,7 @@ int InitUnrealIRCd(int argc, char *argv[])
union pstun pstats;
#endif
int portarg = 0;
#ifdef FORCE_CORE
#ifdef HAVE_SETRLIMIT
struct rlimit corelim;
#endif
@@ -1067,10 +1086,10 @@ int InitUnrealIRCd(int argc, char *argv[])
extcmode_init();
init_random(); /* needs to be done very early!! */
clear_scache_hash_table();
#ifdef FORCE_CORE
#ifdef HAVE_SETRLIMIT
/* Make it so we can dump core */
corelim.rlim_cur = corelim.rlim_max = RLIM_INFINITY;
if (setrlimit(RLIMIT_CORE, &corelim))
printf("unlimit core size failed; errno = %d\n", errno);
setrlimit(RLIMIT_CORE, &corelim);
#endif
/*
* ** All command line parameters have the syntax "-fstring"
@@ -1130,7 +1149,7 @@ int InitUnrealIRCd(int argc, char *argv[])
type = Auth_FindType(NULL, p);
if (type == -1)
{
type = AUTHTYPE_BCRYPT;
type = AUTHTYPE_ARGON2;
} else {
p = *++argv;
argc--;
@@ -1148,11 +1167,11 @@ int InitUnrealIRCd(int argc, char *argv[])
{
/* Hmmm.. is this warning really still true (and always) ?? */
printf("WARNING: Password truncated to 8 characters due to 'crypt' algorithm. "
"You are suggested to use the 'bcrypt' algorithm instead.");
"You are suggested to use the 'argon2' algorithm instead.");
p[8] = '\0';
}
if (!(result = Auth_Make(type, p))) {
printf("Authentication failed\n");
printf("Failed to generate password. Deprecated method? Try 'argon2' instead.\n");
exit(0);
}
printf("Encrypted password is: %s\n", result);
@@ -1299,12 +1318,19 @@ int InitUnrealIRCd(int argc, char *argv[])
fprintf(stderr, "%s", unreallogo);
fprintf(stderr, " v%s\n\n", VERSIONONLY);
fprintf(stderr, " using %s\n", pcre2_version());
#ifdef USE_TRE
fprintf(stderr, " using %s\n", tre_version());
#endif
fprintf(stderr, " using %s\n", SSLeay_version(SSLEAY_VERSION));
#ifdef USE_LIBCURL
fprintf(stderr, " using %s\n", curl_version());
#endif
#endif
check_user_limit();
#ifndef _WIN32
fprintf(stderr, "\n");
fprintf(stderr, "This server can handle %d concurrent sockets (%d clients + %d reserve)\n\n",
maxclients+CLIENTS_RESERVE, maxclients, CLIENTS_RESERVE);
#endif
clear_client_hash_table();
clear_channel_hash_table();
@@ -1340,9 +1366,13 @@ int InitUnrealIRCd(int argc, char *argv[])
booted = TRUE;
load_tunefile();
make_umodestr();
me.flags = FLAGS_LISTEN;
me.fd = -1;
SetMe(&me);
make_server(&me);
extcmodes_check_for_changes();
make_extbanstr();
isupport_init();
umodes_check_for_changes();
charsys_check_for_changes();
clicap_init();
if (!find_Command_simple("AWAY") /*|| !find_Command_simple("KILL") ||
!find_Command_simple("OPER") || !find_Command_simple("PING")*/)
@@ -1369,15 +1399,17 @@ int InitUnrealIRCd(int argc, char *argv[])
#ifndef _WIN32
fprintf(stderr, "Dynamic configuration initialized.. booting IRCd.\n");
#endif
/* Warn about this starting March 1, 2020 */
if (time(NULL) > 1583017200)
{
fprintf(stderr, "WARNING: UnrealIRCd 4.x is no longer supported after December 31, 2020.\n"
"See https://www.unrealircd.org/docs/UnrealIRCd_4_EOL\n");
}
open_debugfile();
if (portnum < 0)
portnum = PORTNUM;
me.local->port = portnum;
(void)init_sys();
me.flags = FLAGS_LISTEN;
me.fd = -1;
SetMe(&me);
make_server(&me);
applymeblock();
#ifdef HAVE_SYSLOG
openlog("ircd", LOG_PID | LOG_NDELAY, LOG_DAEMON);
@@ -1404,7 +1436,9 @@ int InitUnrealIRCd(int argc, char *argv[])
me_hash = find_or_add(me.name);
me.serv->up = me_hash;
timeofday = time(NULL);
me.local->lasttime = me.local->since = me.local->firsttime = TStime();
me.local->lasttime = me.local->since = me.local->firsttime = me.serv->boottime = TStime();
me.serv->features.protocol = UnrealProtocol;
me.serv->features.software = strdup(version);
(void)add_to_client_hash_table(me.name, &me);
(void)add_to_id_hash_table(me.id, &me);
list_add(&me.client_node, &global_server_list);
+48 -3
View File
@@ -144,6 +144,7 @@ aClient *make_client(aClient *from, aClient *servr)
if (!from)
{
/* Local client */
const char *id;
cptr->local = MyMallocEx(sizeof(aLocalClient));
@@ -161,6 +162,11 @@ aClient *make_client(aClient *from, aClient *servr)
dbuf_queue_init(&cptr->local->recvQ);
dbuf_queue_init(&cptr->local->sendQ);
while (hash_find_id((id = uid_get()), NULL) != NULL)
;
strlcpy(cptr->id, id, sizeof cptr->id);
add_to_id_hash_table(cptr->id, cptr);
} else {
cptr->fd = -256;
}
@@ -189,6 +195,14 @@ void free_client(aClient *cptr)
MyFree(cptr->local);
}
if (*cptr->id)
{
/* This is already del'd in exit_one_client, so we
* only have it here in case a shortcut was taken,
* such as from add_connection() to free_client().
*/
del_from_id_hash_table(cptr->id, cptr);
}
}
safefree(cptr->ip);
@@ -257,6 +271,14 @@ aServer *make_server(aClient *cptr)
serv->up = NULL;
cptr->serv = serv;
}
if (strlen(cptr->id) > 3)
{
/* Probably the auto-generated UID for a server that
* still uses the old protocol (without SID).
*/
del_from_id_hash_table(cptr->id, cptr);
*cptr->id = '\0';
}
return cptr->serv;
}
@@ -341,10 +363,13 @@ void remove_client_from_list(aClient *cptr)
{
if (cptr->serv->user)
free_user(cptr->serv->user, cptr);
safefree(cptr->serv->features.usermodes);
safefree(cptr->serv->features.chanmodes[0]);
safefree(cptr->serv->features.chanmodes[1]);
safefree(cptr->serv->features.chanmodes[2]);
safefree(cptr->serv->features.chanmodes[3]);
safefree(cptr->serv->features.software);
safefree(cptr->serv->features.nickchars);
MyFree(cptr->serv);
#ifdef DEBUGMODE
servs.inuse--;
@@ -356,9 +381,12 @@ void remove_client_from_list(aClient *cptr)
else
crem.inuse--;
#endif
assert(list_empty(&cptr->client_node));
assert(list_empty(&cptr->client_hash));
assert(list_empty(&cptr->id_hash));
if (!list_empty(&cptr->client_node))
abort();
if (!list_empty(&cptr->client_hash))
abort();
if (!list_empty(&cptr->id_hash))
abort();
(void)free_client(cptr);
checklist();
numclients--;
@@ -538,6 +566,23 @@ void add_ListItem(ListStruct *item, ListStruct **list) {
*list = item;
}
/* (note that if you end up using this, you should probably
* use a circular linked list instead)
*/
void append_ListItem(ListStruct *item, ListStruct **list) {
ListStruct *l;
if (!*list)
{
*list = item;
return;
}
for (l = *list; l->next; l = l->next);
l->next = item;
item->prev = l;
}
ListStruct *del_ListItem(ListStruct *item, ListStruct **list) {
ListStruct *l, *ret;
+385
View File
@@ -581,3 +581,388 @@ char *unreal_match_method_valtostr(int val)
return "unknown";
}
/* It is unfortunately that we have 2 matching/replace systems.
* However, the above is for spamfilter matching and stuff
* and below is for matching on WORDS, which does specific things
* like replacement on word boundaries etc.
* Moved here from the censor channel and user mode module
* (previously was present in both modules, code duplication)
*/
int fast_badword_match(ConfigItem_badword *badword, char *line)
{
char *p;
int bwlen = strlen(badword->word);
if ((badword->type & BADW_TYPE_FAST_L) && (badword->type & BADW_TYPE_FAST_R))
return (our_strcasestr(line, badword->word) ? 1 : 0);
p = line;
while((p = our_strcasestr(p, badword->word)))
{
if (!(badword->type & BADW_TYPE_FAST_L))
{
if ((p != line) && !iswseperator(*(p - 1))) /* aaBLA but no *BLA */
goto next;
}
if (!(badword->type & BADW_TYPE_FAST_R))
{
if (!iswseperator(*(p + bwlen))) /* BLAaa but no BLA* */
goto next;
}
/* Looks like it matched */
return 1;
next:
p += bwlen;
}
return 0;
}
/* fast_badword_replace:
* A fast replace routine written by Syzop used for replacing badwords.
* This searches in line for the bad word and replaces it.
* buf is used for the result and max is sizeof(buf).
* Assumptions[!]: max > 0 AND max > strlen(line)+1
*/
int fast_badword_replace(ConfigItem_badword *badword, char *line, char *buf, int max)
{
/* Some aliases ;P */
char *replacew = badword->replace ? badword->replace : REPLACEWORD;
char *pold = line, *pnew = buf; /* Pointers to old string and new string */
char *poldx = line;
int replacen = -1; /* Only calculated if needed. w00t! saves us a few nanosecs? lol */
int searchn = -1;
char *startw, *endw;
char *c_eol = buf + max - 1; /* Cached end of (new) line */
int run = 1;
int cleaned = 0;
Debug((DEBUG_NOTICE, "replacing %s -> %s in '%s'", badword->word, replacew, line));
while(run) {
pold = our_strcasestr(pold, badword->word);
if (!pold)
break;
if (replacen == -1)
replacen = strlen(replacew);
if (searchn == -1)
searchn = strlen(badword->word);
/* Hunt for start of word */
if (pold > line) {
for (startw = pold; (!iswseperator(*startw) && (startw != line)); startw--);
if (iswseperator(*startw))
startw++; /* Don't point at the space/seperator but at the word! */
} else {
startw = pold;
}
if (!(badword->type & BADW_TYPE_FAST_L) && (pold != startw)) {
/* not matched */
pold++;
continue;
}
/* Hunt for end of word
* Fix for bug #4909: word will be at least 'searchn' long so we can skip
* 'searchn' bytes and avoid stopping half-way the badword.
*/
for (endw = pold+searchn; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
if (!(badword->type & BADW_TYPE_FAST_R) && (pold+searchn != endw)) {
/* not matched */
pold++;
continue;
}
cleaned = 1; /* still too soon? Syzop/20050227 */
/* Do we have any not-copied-yet data? */
if (poldx != startw) {
int tmp_n = startw - poldx;
if (pnew + tmp_n >= c_eol) {
/* Partial copy and return... */
memcpy(pnew, poldx, c_eol - pnew);
*c_eol = '\0';
return 1;
}
memcpy(pnew, poldx, tmp_n);
pnew += tmp_n;
}
/* Now update the word in buf (pnew is now something like startw-in-new-buffer */
if (replacen) {
if ((pnew + replacen) >= c_eol) {
/* Partial copy and return... */
memcpy(pnew, replacew, c_eol - pnew);
*c_eol = '\0';
return 1;
}
memcpy(pnew, replacew, replacen);
pnew += replacen;
}
poldx = pold = endw;
}
/* Copy the last part */
if (*poldx) {
strncpy(pnew, poldx, c_eol - pnew);
*(c_eol) = '\0';
} else {
*pnew = '\0';
}
return cleaned;
}
/*
* Returns a string, which has been filtered by the words loaded via
* the loadbadwords() function. It's primary use is to filter swearing
* in both private and public messages
*/
char *stripbadwords(char *str, ConfigItem_badword *start_bw, int *blocked)
{
static char cleanstr[4096];
char buf[4096];
char *ptr;
int matchlen, m, stringlen, cleaned;
ConfigItem_badword *this_word;
*blocked = 0;
if (!start_bw)
return str;
/*
* work on a copy
*/
stringlen = strlcpy(cleanstr, StripControlCodes(str), sizeof cleanstr);
matchlen = 0;
buf[0] = '\0';
cleaned = 0;
for (this_word = start_bw; this_word; this_word = this_word->next)
{
if (this_word->type & BADW_TYPE_FAST)
{
if (this_word->action == BADWORD_BLOCK)
{
if (fast_badword_match(this_word, cleanstr))
{
*blocked = 1;
return NULL;
}
}
else
{
int n;
/* fast_badword_replace() does size checking so we can use 512 here instead of 4096 */
n = fast_badword_replace(this_word, cleanstr, buf, 512);
if (!cleaned && n)
cleaned = n;
strcpy(cleanstr, buf);
memset(buf, 0, sizeof(buf)); /* regexp likes this somehow */
}
} else
if (this_word->type & BADW_TYPE_REGEX)
{
if (this_word->action == BADWORD_BLOCK)
{
pcre2_match_data *md = pcre2_match_data_create(9, NULL);
int ret;
ret = pcre2_match(this_word->pcre2_expr, cleanstr, PCRE2_ZERO_TERMINATED, 0, 0, md, NULL); /* run the regex */
pcre2_match_data_free(md); /* yeah, we never use it. unfortunately argument must be non-NULL for pcre2_match() */
if (ret > 0)
{
*blocked = 1;
return NULL;
}
}
else
{
pcre2_match_data *md;
int ret;
PCRE2_SIZE *dd;
int start, end;
ptr = cleanstr; /* set pointer to start of string */
while(1) {
md = pcre2_match_data_create(9, NULL);
/* ^^ we need to free 'md' in ALL circumstances.
* remember this if you break or continue in this loop!
*/
ret = pcre2_match(this_word->pcre2_expr, ptr, PCRE2_ZERO_TERMINATED, 0, 0, md, NULL); /* run the regex */
if (ret > 0)
{
ircd_log(LOG_ERROR, "pcre2_get_ovector_count: %d", pcre2_get_ovector_count(md));
dd = pcre2_get_ovector_pointer(md);
start = (int)dd[0];
end = (int)dd[1];
if ((start < 0) || (end < 0) || (start > strlen(ptr)) || (end > strlen(ptr)+1))
{
ircd_log(LOG_ERROR, "pcre2_match() returned an ovector with OOB start/end: %d/%d, str (%d): '%s'",
(int)start, (int)end, (int)strlen(ptr), ptr);
abort();
}
m = end - start;
if (m == 0)
{
pcre2_match_data_free(md);
break; /* anti-loop */
}
cleaned = 1;
matchlen += m;
strlncat(buf, ptr, sizeof buf, start);
if (this_word->replace)
strlcat(buf, this_word->replace, sizeof buf);
else
strlcat(buf, REPLACEWORD, sizeof buf);
ptr += end; /* Set pointer after the match pos */
pcre2_match_data_free(md);
continue; /* next! */
}
pcre2_match_data_free(md);
break; /* NOMATCH: we are done! */
}
/* All the better to eat you with! */
strlcat(buf, ptr, sizeof buf);
memcpy(cleanstr, buf, sizeof cleanstr);
memset(buf, 0, sizeof(buf));
if (matchlen == stringlen)
break;
}
}
}
cleanstr[511] = '\0'; /* cutoff, just to be sure */
return (cleaned) ? cleanstr : str;
}
/** Checks if the specified regex (or fast badwords) is valid.
* returns NULL in case of success [!],
* pointer to buffer with error message otherwise
* if check_broadness is 1, the function will attempt to determine
* if the given regex string is too broad (i.e. matches everything)
*/
char *badword_config_check_regex(char *str, int fastsupport, int check_broadness)
{
int errorcode, errorbufsize, regex=0;
char *errtmp, *tmp;
static char errorbuf[512];
if (fastsupport)
{
for (tmp = str; *tmp; tmp++) {
if (!isalnum(*tmp) && !(*tmp >= 128)) {
if ((str == tmp) && (*tmp == '*'))
continue;
if ((*(tmp + 1) == '\0') && (*tmp == '*'))
continue;
regex = 1;
break;
}
}
}
if (!fastsupport || regex)
{
int errorcode = 0;
PCRE2_SIZE erroroffset = 0;
pcre2_code *expr;
int options = 0;
char buf2[512];
options = PCRE2_CASELESS|PCRE2_NEVER_UTF|PCRE2_NEVER_UCP;
expr = pcre2_compile(str, PCRE2_ZERO_TERMINATED, options, &errorcode, &erroroffset, NULL);
if (expr == NULL)
{
pcre2_get_error_message(errorcode, buf2, sizeof(buf2));
if (erroroffset > 0)
snprintf(errorbuf, sizeof(errorbuf), "%s (at character #%d)", buf2, (int)erroroffset);
else
strlcpy(errorbuf, buf2, sizeof(errorbuf));
return errorbuf;
}
pcre2_code_free(expr);
}
return NULL;
}
int badword_config_process(ConfigItem_badword *ca, char *str)
{
char *tmp;
short regex = 0;
int regflags = 0;
int ast_l = 0, ast_r = 0;
/* The fast badwords routine can do: "blah" "*blah" "blah*" and "*blah*",
* in all other cases use regex.
*/
for (tmp = str; *tmp; tmp++) {
if (!isalnum(*tmp) && !(*tmp >= 128)) {
if ((str == tmp) && (*tmp == '*')) {
ast_l = 1; /* Asterisk at the left */
continue;
}
if ((*(tmp + 1) == '\0') && (*tmp == '*')) {
ast_r = 1; /* Asterisk at the right */
continue;
}
regex = 1;
break;
}
}
if (regex)
{
int errorcode = 0;
PCRE2_SIZE erroroffset = 0;
int options = 0;
char buf2[512];
ca->type = BADW_TYPE_REGEX;
safestrdup(ca->word, str);
options = PCRE2_CASELESS|PCRE2_NEVER_UTF|PCRE2_NEVER_UCP;
ca->pcre2_expr = pcre2_compile(str, PCRE2_ZERO_TERMINATED, options, &errorcode, &erroroffset, NULL);
if (ca->pcre2_expr == NULL)
{
/* This cannot happen since badword_config_check_regex()
* should be called from config_test on each regex.
*/
config_error("badword_config_process(): failed to compile regex '%s', this is impossible!", str);
abort();
}
pcre2_jit_compile(ca->pcre2_expr, PCRE2_JIT_COMPLETE);
}
else
{
char *tmpw;
ca->type = BADW_TYPE_FAST;
ca->word = tmpw = MyMallocEx(strlen(str) - ast_l - ast_r + 1);
/* Copy except for asterisks */
for (tmp = str; *tmp; tmp++)
if (*tmp != '*')
*tmpw++ = *tmp;
*tmpw = '\0';
if (ast_l)
ca->type |= BADW_TYPE_FAST_L;
if (ast_r)
ca->type |= BADW_TYPE_FAST_R;
}
return 1;
}
/** Frees a ConfigItem_badword item.
* Note that it does NOT remove from the list, you need
* to do this BEFORE calling this function.
*/
void badword_config_free(ConfigItem_badword *e)
{
safefree(e->word);
if (e->replace)
safefree(e->replace);
if (e->pcre2_expr)
pcre2_code_free(e->pcre2_expr);
MyFree(e);
}
+51 -31
View File
@@ -91,23 +91,22 @@ int (*register_user)(aClient *cptr, aClient *sptr, char *nick, char *username, c
int (*tkl_hash)(unsigned int c);
char (*tkl_typetochar)(int type);
aTKline *(*tkl_add_line)(int type, char *usermask, char *hostmask, char *reason, char *setby,
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type);
TS expire_at, TS set_at, TS spamf_tkl_duration, char *spamf_tkl_reason, MatchType match_type, int soft);
aTKline *(*tkl_del_line)(aTKline *tkl);
void (*tkl_check_local_remove_shun)(aTKline *tmp);
aTKline *(*tkl_expire)(aTKline * tmp);
EVENT((*tkl_check_expire));
int (*find_tkline_match)(aClient *cptr, int xx);
int (*find_tkline_match)(aClient *cptr, int skip_soft);
int (*find_shun)(aClient *cptr);
int(*find_spamfilter_user)(aClient *sptr, int flags);
aTKline *(*find_qline)(aClient *cptr, char *nick, int *ishold);
int (*find_tkline_match_zap)(aClient *cptr);
aTKline *(*find_tkline_match_zap)(aClient *cptr);
void (*tkl_stats)(aClient *cptr, int type, char *para);
void (*tkl_synch)(aClient *sptr);
int (*m_tkl)(aClient *cptr, aClient *sptr, int parc, char *parv[]);
int (*place_host_ban)(aClient *sptr, int action, char *reason, long duration);
int (*dospamfilter)(aClient *sptr, char *str_in, int type, char *target, int flags, aTKline **rettk);
int (*dospamfilter_viruschan)(aClient *sptr, aTKline *tk, int type);
int (*find_tkline_match_zap_ex)(aClient *cptr, aTKline **rettk);
void (*send_list)(aClient *cptr);
unsigned char *(*StripColors)(unsigned char *text);
const char *(*StripControlCodes)(unsigned char *text);
@@ -122,7 +121,7 @@ void (*broadcast_md_channel)(ModDataInfo *mdi, aChannel *chptr, ModData *md);
void (*broadcast_md_member)(ModDataInfo *mdi, aChannel *chptr, Member *m, ModData *md);
void (*broadcast_md_membership)(ModDataInfo *mdi, aClient *acptr, Membership *m, ModData *md);
int (*check_banned)(aClient *cptr);
int (*check_deny_version)(aClient *cptr, char *version_string, int protocol, char *flags);
int (*check_deny_version)(aClient *cptr, char *software, int protocol, char *flags);
void (*broadcast_md_client_cmd)(aClient *except, aClient *sender, aClient *acptr, char *varname, char *value);
void (*broadcast_md_channel_cmd)(aClient *except, aClient *sender, aChannel *chptr, char *varname, char *value);
void (*broadcast_md_member_cmd)(aClient *except, aClient *sender, aChannel *chptr, aClient *acptr, char *varname, char *value);
@@ -138,6 +137,7 @@ void (*send_join_to_local_users)(aClient *sptr, aChannel *chptr);
int (*do_nick_name)(char *nick);
int (*do_remote_nick_name)(char *nick);
char *(*charsys_get_current_languages)(void);
void *(*broadcast_sinfo)(aClient *acptr, aClient *to, aClient *except);
static const EfunctionsList efunction_table[MAXEFUNCTIONS] = {
/* 00 */ {NULL, NULL},
@@ -166,11 +166,11 @@ static const EfunctionsList efunction_table[MAXEFUNCTIONS] = {
/* 23 */ {"place_host_ban", (void *)&place_host_ban},
/* 24 */ {"dospamfilter", (void *)&dospamfilter},
/* 25 */ {"dospamfilter_viruschan", (void *)&dospamfilter_viruschan},
/* 26 */ {"find_tkline_match_zap_ex", (void *)&find_tkline_match_zap_ex},
/* 26 */ {NULL, NULL},
/* 27 */ {"send_list", (void *)&send_list},
/* 28 */ {NULL,NULL},
/* 29 */ {NULL,NULL},
/* 30 */ {NULL,NULL},
/* 28 */ {NULL, NULL},
/* 29 */ {NULL, NULL},
/* 30 */ {NULL, NULL},
/* 31 */ {"StripColors", (void *)&StripColors},
/* 32 */ {"StripControlCodes", (void *)&StripControlCodes},
/* 33 */ {"spamfilter_build_user_string", (void *)&spamfilter_build_user_string},
@@ -200,7 +200,8 @@ static const EfunctionsList efunction_table[MAXEFUNCTIONS] = {
/* 57 */ {"do_nick_name", (void *)&do_nick_name},
/* 58 */ {"do_remote_nick_name", (void *)&do_remote_nick_name},
/* 59 */ {"charsys_get_current_languages", (void *)&charsys_get_current_languages},
/* 60 */ {NULL, NULL}
/* 60 */ {"broadcast_sinfo", (void *)&broadcast_sinfo},
/* 61 */ {NULL, NULL}
};
#ifdef UNDERSCORE
@@ -344,6 +345,31 @@ unsigned int maj, min, plevel;
snprintf(buf, buflen, "%d.%d.%d", maj, min, plevel);
}
/** Transform a loadmodule path like "third/la" to
* something like "/home/xyz/unrealircd/modules/third/la.so
* (and other tricks)
*/
char *Module_TransformPath(char *path_)
{
static char path[1024];
/* Prefix the module path with MODULESDIR, unless it's an absolute path
* (we check for "/", "\" and things like "C:" to detect absolute paths).
*/
if ((*path_ != '/') && (*path_ != '\\') && !(*path_ && (path_[1] == ':')))
{
snprintf(path, sizeof(path), "%s/%s", MODULESDIR, path_);
} else {
strlcpy(path, path_, sizeof(path));
}
/* Auto-suffix .dll / .so */
if (!strstr(path, MODULE_SUFFIX))
strlcat(path, MODULE_SUFFIX, sizeof(path));
return path;
}
/*
* Returns an error if insucessful .. yes NULL is OK!
*/
@@ -361,8 +387,7 @@ char *Module_Create(char *path_)
char *Mod_Version;
unsigned int *compiler_version;
static char errorbuf[1024];
char path[1024];
char *tmppath;
char *path, *tmppath;
ModuleHeader *mod_header = NULL;
int ret = 0;
Module *mod = NULL, **Mod_Handle = NULL;
@@ -371,20 +396,8 @@ char *Module_Create(char *path_)
long modsys_ver = 0;
Debug((DEBUG_DEBUG, "Attempting to load module from %s", path_));
/* Prefix the module path with MODULESDIR, unless it's an absolute path
* (we check for "/", "\" and things like "C:" to detect absolute paths).
_ */
if ((*path_ != '/') && (*path_ != '\\') && !(*path_ && (path_[1] == ':')))
{
snprintf(path, sizeof(path), "%s/%s", MODULESDIR, path_);
} else {
strlcpy(path, path_, sizeof(path));
}
path = Module_TransformPath(path_);
/* auto-suffix .dll / .so */
if (!strstr(path, MODULE_SUFFIX))
strlcat(path, MODULE_SUFFIX, sizeof(path));
tmppath = unreal_mktemp(TMPDIR, unreal_getmodfilename(path));
if (!tmppath)
return "Unable to create temporary file!";
@@ -1379,11 +1392,12 @@ Callback *CallbackDel(Callback *cb)
Efunction *EfunctionAddMain(Module *module, int eftype, int (*func)(), void (*vfunc)(), void *(*pvfunc)(), char *(*cfunc)())
{
Efunction *p;
Efunction *p;
if (!module || !(module->options & MOD_OPT_OFFICIAL))
{
module->errorcode = MODERR_INVALID;
if (module)
module->errorcode = MODERR_INVALID;
return NULL;
}
@@ -1435,7 +1449,7 @@ Efunction *p, *q;
return NULL;
}
Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
Cmdoverride *CmdoverrideAddEx(Module *module, char *name, int priority, OverrideCmdFunc function)
{
aCommand *p;
Cmdoverride *ovr;
@@ -1458,6 +1472,7 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
ovr = MyMallocEx(sizeof(Cmdoverride));
ovr->func = function;
ovr->owner = module; /* TODO: module objects */
ovr->priority = priority;
if (module)
{
ModuleObject *cmdoverobj = MyMallocEx(sizeof(ModuleObject));
@@ -1469,7 +1484,7 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
ovr->command = p;
if (!p->overriders)
p->overridetail = ovr;
AddListItem(ovr, p->overriders);
AddListItemPrio(ovr, p->overriders, ovr->priority);
if (p->friend)
{
if (!p->friend->overriders)
@@ -1479,6 +1494,11 @@ Cmdoverride *CmdoverrideAdd(Module *module, char *name, iFP function)
return ovr;
}
Cmdoverride *CmdoverrideAdd(Module *module, char *name, OverrideCmdFunc function)
{
return CmdoverrideAddEx(module, name, 0, function);
}
void CmdoverrideDel(Cmdoverride *cmd)
{
if (!cmd->next)
@@ -1512,8 +1532,8 @@ void CmdoverrideDel(Cmdoverride *cmd)
int CallCmdoverride(Cmdoverride *ovr, aClient *cptr, aClient *sptr, int parc, char *parv[])
{
if (ovr->prev)
return ovr->prev->func(ovr->prev, cptr, sptr, parc, parv);
if (ovr->next)
return ovr->next->func(ovr->next, cptr, sptr, parc, parv);
return ovr->command->func(cptr, sptr, parc, parv);
}
+27 -2
View File
@@ -37,7 +37,7 @@ INCLUDES = ../include/auth.h ../include/channel.h \
R_MODULES= \
m_sethost.so m_chghost.so m_chgident.so m_setname.so \
m_setident.so m_sdesc.so m_svsmode.so m_swhois.so\
m_svsmotd.so m_svsnline.so m_who.so m_mkpasswd.so \
m_svsmotd.so m_svsnline.so m_who.so m_whox.so m_mkpasswd.so \
m_away.so m_svsnoop.so m_svsnick.so \
m_chgname.so m_kill.so \
m_lag.so m_message.so m_oper.so m_pingpong.so \
@@ -62,7 +62,8 @@ R_MODULES= \
blacklist.so jointhrottle.so \
antirandom.so hideserver.so jumpserver.so \
m_ircops.so m_staff.so nocodes.so \
charsys.so
charsys.so antimixedutf8.so authprompt.so m_sinfo.so \
reputation.so connthrottle.so
MODULES=cloak.so $(R_MODULES)
MODULEFLAGS=@MODULEFLAGS@
@@ -174,6 +175,10 @@ m_who.so: m_who.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_who.so m_who.c
m_whox.so: m_whox.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_whox.so m_whox.c
m_mkpasswd.so: m_mkpasswd.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_mkpasswd.so m_mkpasswd.c
@@ -514,6 +519,26 @@ charsys.so: charsys.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o charsys.so charsys.c
antimixedutf8.so: antimixedutf8.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o antimixedutf8.so antimixedutf8.c
authprompt.so: authprompt.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o authprompt.so authprompt.c
m_sinfo.so: m_sinfo.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o m_sinfo.so m_sinfo.c
reputation.so: reputation.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o reputation.so reputation.c
connthrottle.so: connthrottle.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o connthrottle.so connthrottle.c
#############################################################################
# capabilities
#############################################################################
+349
View File
@@ -0,0 +1,349 @@
/*
* Anti mixed UTF8 - a filter written by Bram Matthys ("Syzop").
* Reported by Mr_Smoke in https://bugs.unrealircd.org/view.php?id=5163
* Tested by PeGaSuS (The_Myth) with some of the most used spam lines.
* Help with testing and fixing Cyrillic from 'i' <info@servx.org>
*
* ==[ ABOUT ]==
* This module will detect and stop spam containing of characters of
* mixed "scripts", where some characters are in Latin script and other
* characters are in Cyrillic.
* This unusual behavior can be detected easily and action can be taken.
*
* ==[ MODULE LOADING AND CONFIGURATION ]==
* loadmodule "antimixedutf8";
* set {
* antimixedutf8 {
* score 10;
* ban-action block;
* ban-reason "Possible mixed character spam";
* ban-time 4h; // For other types
* };
* };
*
* ==[ LICENSE AND PORTING ]==
* Feel free to copy/move the idea or code to other IRCds.
* The license is GPLv1 (or later, at your option):
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "unrealircd.h"
ModuleHeader MOD_HEADER(antimixedutf8)
= {
"antimixedutf8",
"1.0",
"Mixed UTF8 character filter (look-alike character spam) - by Syzop",
"3.2-b8-1",
NULL
};
struct {
int score;
int ban_action;
char *ban_reason;
long ban_time;
} cfg;
static void free_config(void);
static void init_config(void);
int antimixedutf8_config_test(ConfigFile *, ConfigEntry *, int, int *);
int antimixedutf8_config_run(ConfigFile *, ConfigEntry *, int);
#define SCRIPT_UNDEFINED 0
#define SCRIPT_LATIN 1
#define SCRIPT_CYRILLIC 2
/**** the detection algorithm follows first, the module/config code is at the end ****/
/** Detect which script the current character is,
* such as latin script or cyrillic script.
* @retval See SCRIPT_*
*/
int detect_script(const char *t)
{
/* Safety: as long as *t is never \0 then at worst
* the character after this will be \0 and since we
* only look at 2 characters (at most) at a time
* this will be safe.
*/
/* Currently we only detect cyrillic and call all the
* rest latin (which is not true). This can always
* be enhanced later.
*/
if ((t[0] == 0xd0) && (t[1] >= 0x80) && (t[1] <= 0xbf))
return SCRIPT_CYRILLIC;
else if ((t[0] == 0xd1) && (t[1] >= 0x80) && (t[1] <= 0xbf))
return SCRIPT_CYRILLIC;
else if ((t[0] == 0xd2) && (t[1] >= 0x80) && (t[1] <= 0xbf))
return SCRIPT_CYRILLIC;
else if ((t[0] == 0xd3) && (t[1] >= 0x80) && (t[1] <= 0xbf))
return SCRIPT_CYRILLIC;
if ((t[0] >= 'a') && (t[0] <= 'z'))
return SCRIPT_LATIN;
if ((t[0] >= 'A') && (t[0] <= 'Z'))
return SCRIPT_LATIN;
return SCRIPT_UNDEFINED;
}
/** Returns length of an (UTF8) character. May return <1 for error conditions.
* Made by i <info@servx.org>
*/
static int utf8_charlen(const char *str)
{
struct { char mask; char val; } t[4] =
{ { 0x80, 0x00 }, { 0xE0, 0xC0 }, { 0xF0, 0xE0 }, { 0xF8, 0xF0 } };
unsigned k, j;
for (k = 0; k < 4; k++)
{
if ((*str & t[k].mask) == t[k].val)
{
for (j = 0; j < k; j++)
{
if ((*(++str) & 0xC0) != 0x80)
return -1;
}
return k + 1;
}
}
return 1;
}
int lookalikespam_score(const char *text)
{
const char *p;
int last_script = SCRIPT_UNDEFINED;
int current_script;
int points = 0;
int last_character_was_word_separator = 0;
int skip = 0;
for (p = text; *p; p++)
{
current_script = detect_script(p);
if (current_script != SCRIPT_UNDEFINED)
{
if ((current_script != last_script) && (last_script != SCRIPT_UNDEFINED))
{
/* A script change = 1 point */
points++;
/* Give an additional point if the script change happened
* within the same word, as that would be rather unusual
* in normal cases.
*/
if (!last_character_was_word_separator)
points++;
}
last_script = current_script;
}
if (strchr("., ", *p))
last_character_was_word_separator = 1;
else
last_character_was_word_separator = 0;
skip = utf8_charlen(p);
if (skip > 1)
p += skip - 1;
}
return points;
}
CMD_OVERRIDE_FUNC(override_msg)
{
int score, ret;
if (!MyClient(sptr) || (parc < 3) || BadPtr(parv[2]))
{
/* Short circuit for: remote clients or insufficient parameters */
return CallCmdoverride(ovr, cptr, sptr, parc, parv);
}
score = lookalikespam_score(StripControlCodes(parv[2]));
if (score >= cfg.score)
{
if (cfg.ban_action == BAN_ACT_KILL)
{
sendto_realops("[antimixedutf8] Killed connection from %s (score %d)",
GetIP(sptr), score);
} /* no else here!! */
if ((cfg.ban_action == BAN_ACT_BLOCK)
#ifdef BAN_ACT_SOFT_BLOCK
|| ((cfg.ban_action == BAN_ACT_SOFT_BLOCK) && !IsLoggedIn(sptr))
#endif
)
{
sendnotice(sptr, "%s", cfg.ban_reason);
return 0;
} else {
ret = place_host_ban(sptr, cfg.ban_action, cfg.ban_reason, cfg.ban_time);
if (ret != 0)
return ret;
/* a return value of 0 means the user is exempted, so fallthrough.. */
}
}
return CallCmdoverride(ovr, cptr, sptr, parc, parv);
}
/*** rest is module and config stuff ****/
MOD_TEST(antimixedutf8)
{
HookAdd(modinfo->handle, HOOKTYPE_CONFIGTEST, 0, antimixedutf8_config_test);
return MOD_SUCCESS;
}
MOD_INIT(antimixedutf8)
{
MARK_AS_OFFICIAL_MODULE(modinfo);
init_config();
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, antimixedutf8_config_run);
return MOD_SUCCESS;
}
MOD_LOAD(antimixedutf8)
{
if (!CmdoverrideAdd(modinfo->handle, "PRIVMSG", override_msg))
return MOD_FAILED;
if (!CmdoverrideAdd(modinfo->handle, "NOTICE", override_msg))
return MOD_FAILED;
return MOD_SUCCESS;
}
MOD_UNLOAD(antimixedutf8)
{
free_config();
return MOD_SUCCESS;
}
static void init_config(void)
{
memset(&cfg, 0, sizeof(cfg));
/* Default values */
cfg.score = 10;
cfg.ban_reason = strdup("Possible mixed character spam");
cfg.ban_action = BAN_ACT_BLOCK;
cfg.ban_time = 60 * 60 * 4; /* irrelevant for block, but some default for others */
}
static void free_config(void)
{
safefree(cfg.ban_reason);
memset(&cfg, 0, sizeof(cfg)); /* needed! */
}
int antimixedutf8_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
{
int errors = 0;
ConfigEntry *cep;
if (type != CONFIG_SET)
return 0;
/* We are only interrested in set::antimixedutf8... */
if (!ce || !ce->ce_varname || strcmp(ce->ce_varname, "antimixedutf8"))
return 0;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!cep->ce_vardata)
{
config_error("%s:%i: set::antimixedutf8::%s with no value",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, cep->ce_varname);
errors++;
} else
if (!strcmp(cep->ce_varname, "score"))
{
int v = atoi(cep->ce_vardata);
if ((v < 1) || (v > 99))
{
config_error("%s:%i: set::antimixedutf8::score: must be between 1 - 99 (got: %d)",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, v);
errors++;
}
} else
if (!strcmp(cep->ce_varname, "ban-action"))
{
if (!banact_stringtoval(cep->ce_vardata))
{
config_error("%s:%i: set::antimixedutf8::ban-action: unknown action '%s'",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, cep->ce_vardata);
errors++;
}
} else
if (!strcmp(cep->ce_varname, "ban-reason"))
{
} else
if (!strcmp(cep->ce_varname, "ban-time"))
{
} else
{
config_error("%s:%i: unknown directive set::antimixedutf8::%s",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, cep->ce_varname);
errors++;
}
}
*errs = errors;
return errors ? -1 : 1;
}
int antimixedutf8_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
{
ConfigEntry *cep;
if (type != CONFIG_SET)
return 0;
/* We are only interrested in set::antimixedutf8... */
if (!ce || !ce->ce_varname || strcmp(ce->ce_varname, "antimixedutf8"))
return 0;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!strcmp(cep->ce_varname, "score"))
{
cfg.score = atoi(cep->ce_vardata);
} else
if (!strcmp(cep->ce_varname, "ban-action"))
{
cfg.ban_action = banact_stringtoval(cep->ce_vardata);
} else
if (!strcmp(cep->ce_varname, "ban-reason"))
{
if (cfg.ban_reason)
MyFree(cfg.ban_reason);
cfg.ban_reason = strdup(cep->ce_vardata);
} else
if (!strcmp(cep->ce_varname, "ban-time"))
{
cfg.ban_time = config_checkval(cep->ce_vardata, CFG_TIME);
}
}
return 1;
}
+65 -153
View File
@@ -46,29 +46,10 @@ ModuleHeader MOD_HEADER(antirandom)
#define MAX(x,y) ((x) > (y) ? (x) : (y))
#endif
#ifndef _WIN32
typedef struct {
char *regex;
int score;
} ScoreTable;
#endif
#ifndef BAN_ACT_WARN
#define BAN_ACT_WARN 11
#endif
#ifndef _WIN32
/* You can define regexes here.. the format is:
* {"<REGEX>", SCORE},
*/
ScoreTable regex_scores[] = {
/* These have all been moved to internal digit/vowel/consonant checks.
* But I've left the regex ability here, in case someone else uses it.
*/
{NULL, 0}
};
#endif
/* "<char1><char2>" followed by "<rest>" */
static char *triples_txt[] = {
"aj", "fqtvxz",
@@ -513,19 +494,6 @@ static char *triples_txt[] = {
NULL, NULL
};
#ifndef _WIN32
/* Used for parsed sregexes */
typedef struct _regexlist RegexList;
struct _regexlist {
RegexList *next;
regex_t regex;
#ifdef DEBUGMODE
char *regextxt;
#endif
int score;
};
#endif
/* Used for parsed triples: */
#define TRIPLES_REST_SIZE 32
typedef struct _triples Triples;
@@ -535,9 +503,6 @@ struct _triples {
char rest[TRIPLES_REST_SIZE];
};
#ifndef _WIN32
RegexList *sregexes = NULL;
#endif
Triples *triples = NULL;
struct {
@@ -556,11 +521,11 @@ struct {
int show_failedconnects;
int fullstatus_on_load;
ConfigItem_mask *except_hosts;
int except_webirc;
} cfg;
/* Forward declarations */
static int init_stuff(void);
static int init_sregexes(void);
static int init_triples(void);
static void free_stuff(void);
static void free_config(void);
@@ -568,7 +533,7 @@ int antirandom_config_test(ConfigFile *, ConfigEntry *, int, int *);
int antirandom_config_run(ConfigFile *, ConfigEntry *, int);
int antirandom_config_posttest(int *);
int antirandom_preconnect(aClient *sptr);
static int is_except_host(aClient *sptr);
static int is_exempt(aClient *sptr);
MOD_TEST(antirandom)
{
@@ -588,11 +553,14 @@ MOD_INIT(antirandom)
free_stuff();
return MOD_FAILED;
}
cfg.fullstatus_on_load = 1; /* default */
cfg.convert_to_lowercase = 1; /* default */
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, 0, antirandom_preconnect);
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, antirandom_config_run);
/* Some default values: */
cfg.fullstatus_on_load = 1;
cfg.convert_to_lowercase = 1;
cfg.except_webirc = 1;
return MOD_SUCCESS;
}
@@ -615,8 +583,8 @@ MOD_UNLOAD(antirandom)
/* Sends a message to all (local) opers AND logs to the ircdlog (as LOG_ERROR) */
static void multi_log(char *fmt, ...)
{
va_list vl;
static char buf[2048];
va_list vl;
static char buf[2048];
va_start(vl, fmt);
vsnprintf(buf, sizeof(buf), fmt, vl);
@@ -636,8 +604,8 @@ static void free_config(void)
int antirandom_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
{
int errors = 0;
ConfigEntry *cep;
int errors = 0;
ConfigEntry *cep;
if (type != CONFIG_SET)
return 0;
@@ -648,15 +616,22 @@ ConfigEntry *cep;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!cep->ce_varname)
{
config_error("%s:%i: blank set::antirandom item",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
errors++;
} else
if (!strcmp(cep->ce_varname, "except-hosts"))
{
} else
if (!strcmp(cep->ce_varname, "except-webirc"))
{
/* This should normally be UNDER the generic 'set::antirandom::%s with no value'
* stuff but I put it here because people may think it's a hostlist and then
* the error can be a tad confusing. -- Syzop
*/
if (!cep->ce_vardata)
{
config_error("%s:%i: set::antirandom::except-webirc should be 'yes' or 'no'",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
errors++;
}
} else
if (!cep->ce_vardata)
{
config_error("%s:%i: set::antirandom::%s with no value",
@@ -722,6 +697,10 @@ int antirandom_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
for (cep2 = cep->ce_entries; cep2; cep2 = cep2->ce_next)
unreal_add_masks(&cfg.except_hosts, cep2);
} else
if (!strcmp(cep->ce_varname, "except-webirc"))
{
cfg.except_webirc = config_checkval(cep->ce_vardata, CFG_YESNO);
} else
if (!strcmp(cep->ce_varname, "threshold"))
{
cfg.threshold = atoi(cep->ce_vardata);
@@ -760,7 +739,7 @@ int antirandom_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
int antirandom_config_posttest(int *errs)
{
int errors = 0;
int errors = 0;
if (!req.threshold) { config_error("set::antirandom::threshold missing"); errors++; }
if (!req.ban_action) { config_error("set::antirandom::ban-action missing"); errors++; }
@@ -773,64 +752,17 @@ int errors = 0;
static int init_stuff(void)
{
if (!init_sregexes() || !init_triples())
if (!init_triples())
return 0;
return 1;
}
/** Initializes the sregexes regex list */
static int init_sregexes(void)
{
#ifndef _WIN32
ScoreTable *s = &regex_scores[0];
RegexList *e, *last=NULL;
int cnt=0, n;
char *res;
for (s=&regex_scores[0]; s->regex; s++)
{
cnt++;
e = MyMallocEx(sizeof(RegexList));
/* validate regex */
res = unreal_checkregex(s->regex, 0, 1);
if (res)
{
config_error("init_sregexes: sregexes_txt contains invalid regex (nr %d): %s",
cnt, res);
return 0;
}
/* parse regex here (should go fine, checked above) */
n = regcomp(&e->regex, s->regex, REG_ICASE|REG_EXTENDED);
if (n)
{
/* should never happen (yes I'm too lazy to get the errormsg) */
config_error("init_sregexes: weird regcomp() failure: item=%d, errorcode=%d, aborting...",
cnt, n);
return 0;
}
#ifdef DEBUGMODE
e->regextxt = strdup(s->regex);
#endif
e->score = s->score;
/* Append at end of list (to keep it in order, not importent yet, but..) */
if (last)
last->next = e;
else
sregexes = e; /*(head)*/
last = e;
}
#endif
return 1;
}
/** Initializes the triples list. */
static int init_triples(void)
{
char **s;
Triples *e, *last=NULL;
int cnt=0;
char **s;
Triples *e, *last=NULL;
int cnt=0;
for (s=triples_txt; *s; s++)
{
@@ -871,32 +803,16 @@ int cnt=0;
/** Run the actual tests over this string.
* There are 3 tests:
* - weird chars (not used)
* - sregexes (easy stuff)
* - sregexes (not used)
* - triples (three-letter combinations)
*/
static int internal_getscore(char *str)
{
#ifndef _WIN32
RegexList *r;
#endif
Triples *t;
register char *s;
int score = 0;
int highest_vowels=0, highest_consonants=0, highest_digits=0;
int vowels=0, consonants=0, digits=0;
#ifndef _WIN32
for (r=sregexes; r; r=r->next)
{
if (!regexec(&r->regex, str, 0, NULL, 0))
{
score += r->score; /* note: in the draft this returns the # of occurances, not 1 */
#ifdef DEBUGMODE
multi_log("score@'%s': MATCH for '%s'", str, r->regextxt);
#endif
}
}
#endif
Triples *t;
register char *s;
int score = 0;
int highest_vowels=0, highest_consonants=0, highest_digits=0;
int vowels=0, consonants=0, digits=0;
/* Fast digit/consonant/vowel checks... */
for (s=str; *s; s++)
@@ -967,7 +883,7 @@ int vowels=0, consonants=0, digits=0;
void strtolower_safe(char *dst, char *src, int size)
{
int i;
int i;
if (!size)
return; /* size of 0 is unworkable */
@@ -986,13 +902,13 @@ int i;
*/
static int get_spam_score(aClient *sptr)
{
char *nick = sptr->name;
char *user = sptr->user->username;
char *gecos = sptr->info;
char nbuf[NICKLEN+1], ubuf[USERLEN+1], rbuf[REALLEN+1];
int nscore, uscore, gscore, score;
char *nick = sptr->name;
char *user = sptr->user->username;
char *gecos = sptr->info;
char nbuf[NICKLEN+1], ubuf[USERLEN+1], rbuf[REALLEN+1];
int nscore, uscore, gscore, score;
#ifdef TIMING
struct timeval tv_alpha, tv_beta;
struct timeval tv_alpha, tv_beta;
gettimeofday(&tv_alpha, NULL);
#endif
@@ -1034,7 +950,7 @@ void check_all_users(void)
{
if (IsPerson(acptr))
{
if (is_except_host(acptr))
if (is_exempt(acptr))
continue;
score = get_spam_score(acptr);
@@ -1054,9 +970,9 @@ void check_all_users(void)
int antirandom_preconnect(aClient *sptr)
{
int score;
int score;
if (!is_except_host(sptr))
if (!is_exempt(sptr))
{
score = get_spam_score(sptr);
if (score > cfg.threshold)
@@ -1078,24 +994,7 @@ int score;
static void free_stuff(void)
{
#ifndef _WIN32
RegexList *r, *r_next;
#endif
Triples *t, *t_next;
#ifndef _WIN32
for (r=sregexes; r; r=r_next)
{
r_next = r->next;
regfree(&r->regex);
#ifdef DEBUGMODE
if (r->regextxt)
MyFree(r->regextxt);
#endif
MyFree(r);
}
sregexes = NULL;
#endif
Triples *t, *t_next;
for (t=triples; t; t=t_next)
{
@@ -1105,8 +1004,21 @@ Triples *t, *t_next;
triples = NULL;
}
/** Finds out if the host is on the except list. 1 if yes, 0 if no */
static int is_except_host(aClient *sptr)
/** Is this user exempt from antirandom interventions? */
static int is_exempt(aClient *sptr)
{
/* WEBIRC gateway and exempt? */
if (cfg.except_webirc)
{
char *val = moddata_client_get(sptr, "webirc");
if (val && (atoi(val)>0))
return 1;
}
/* Soft ban and logged in? */
if (IsSoftBanAction(cfg.ban_action) && IsLoggedIn(sptr))
return 1;
/* On except host? */
return unreal_mask_match(sptr, cfg.except_hosts);
}
+523
View File
@@ -0,0 +1,523 @@
/*
* Auth prompt: SASL authentication for clients that don't support SASL
* (C) Copyright 2018 Bram Matthys ("Syzop") and the UnrealIRCd team
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/
#include "unrealircd.h"
ModuleHeader MOD_HEADER(authprompt)
= {
"authprompt",
"1.0",
"SASL authentication for clients that don't support SASL",
"3.2-b8-1",
NULL
};
typedef struct _multiline MultiLine;
struct _multiline {
MultiLine *prev, *next;
char *line;
};
/** Configuration settings */
struct {
int enabled;
MultiLine *message;
MultiLine *fail_message;
} cfg;
/** User struct */
typedef struct _apuser APUser;
struct _apuser {
char *authmsg;
};
/* Global variables */
ModDataInfo *authprompt_md = NULL;
/* Forward declarations */
static void free_config(void);
static void init_config(void);
static void config_postdefaults(void);
int authprompt_config_test(ConfigFile *, ConfigEntry *, int, int *);
int authprompt_config_run(ConfigFile *, ConfigEntry *, int);
int authprompt_require_sasl(aClient *acptr, char *reason);
int authprompt_sasl_continuation(aClient *acptr, char *buf);
int authprompt_sasl_result(aClient *acptr, int success);
int authprompt_place_host_ban(aClient *sptr, int action, char *reason, long duration);
int authprompt_find_tkline_match(aClient *sptr, aTKline *tk);
int authprompt_pre_connect(aClient *sptr);
CMD_FUNC(m_auth);
void authprompt_md_free(ModData *md);
/* Some macros */
#define SetAPUser(x, y) do { moddata_client(x, authprompt_md).ptr = y; } while(0)
#define SEUSER(x) ((APUser *)moddata_client(x, authprompt_md).ptr)
#define AGENT_SID(agent_p) (agent_p->user != NULL ? agent_p->user->server : agent_p->name)
MOD_TEST(authprompt)
{
HookAdd(modinfo->handle, HOOKTYPE_CONFIGTEST, 0, authprompt_config_test);
return MOD_SUCCESS;
}
MOD_INIT(authprompt)
{
ModDataInfo mreq;
MARK_AS_OFFICIAL_MODULE(modinfo);
memset(&mreq, 0, sizeof(mreq));
mreq.name = "authprompt";
mreq.type = MODDATATYPE_CLIENT;
mreq.free = authprompt_md_free;
authprompt_md = ModDataAdd(modinfo->handle, mreq);
if (!authprompt_md)
{
config_error("could not register authprompt moddata");
return MOD_FAILED;
}
init_config();
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, authprompt_config_run);
HookAdd(modinfo->handle, HOOKTYPE_REQUIRE_SASL, 0, authprompt_require_sasl);
HookAdd(modinfo->handle, HOOKTYPE_SASL_CONTINUATION, 0, authprompt_sasl_continuation);
HookAdd(modinfo->handle, HOOKTYPE_SASL_RESULT, 0, authprompt_sasl_result);
HookAdd(modinfo->handle, HOOKTYPE_PLACE_HOST_BAN, 0, authprompt_place_host_ban);
HookAdd(modinfo->handle, HOOKTYPE_FIND_TKLINE_MATCH, 0, authprompt_find_tkline_match);
/* For HOOKTYPE_PRE_LOCAL_CONNECT we want a low priority, so we are called last.
* This gives hooks like the one from the blacklist module (pending softban)
* a chance to be handled first.
*/
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, -1000000, authprompt_pre_connect);
CommandAdd(modinfo->handle, "AUTH", m_auth, 1, M_UNREGISTERED);
return MOD_SUCCESS;
}
MOD_LOAD(authprompt)
{
config_postdefaults();
return MOD_SUCCESS;
}
MOD_UNLOAD(authprompt)
{
free_config();
return MOD_SUCCESS;
}
static void init_config(void)
{
/* This sets some default values */
memset(&cfg, 0, sizeof(cfg));
cfg.enabled = 0;
}
static void addmultiline(MultiLine **l, char *line)
{
MultiLine *m = MyMallocEx(sizeof(MultiLine));
m->line = strdup(line);
append_ListItem((ListStruct *)m, (ListStruct **)l);
}
static void freemultiline(MultiLine *l)
{
MultiLine *l_next;
for (; l; l = l_next)
{
l_next = l->next;
safefree(l->line);
MyFree(l);
}
}
static void config_postdefaults(void)
{
if (!cfg.message)
{
addmultiline(&cfg.message, "The server requires clients from this IP address to authenticate with a registered nickname and password.");
addmultiline(&cfg.message, "Please reconnect using SASL, or authenticate now by typing: /QUOTE AUTH nick:password");
}
if (!cfg.fail_message)
{
addmultiline(&cfg.fail_message, "Authentication failed.");
}
}
static void free_config(void)
{
freemultiline(cfg.message);
freemultiline(cfg.fail_message);
memset(&cfg, 0, sizeof(cfg)); /* needed! */
}
int authprompt_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
{
int errors = 0;
ConfigEntry *cep;
if (type != CONFIG_SET)
return 0;
/* We are only interrested in set::authentication-prompt... */
if (!ce || !ce->ce_varname || strcmp(ce->ce_varname, "authentication-prompt"))
return 0;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!cep->ce_vardata)
{
config_error("%s:%i: set::authentication-prompt::%s with no value",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, cep->ce_varname);
errors++;
} else
if (!strcmp(cep->ce_varname, "enabled"))
{
} else
if (!strcmp(cep->ce_varname, "message"))
{
} else
if (!strcmp(cep->ce_varname, "fail-message"))
{
} else
{
config_error("%s:%i: unknown directive set::authentication-prompt::%s",
cep->ce_fileptr->cf_filename, cep->ce_varlinenum, cep->ce_varname);
errors++;
}
}
*errs = errors;
return errors ? -1 : 1;
}
int authprompt_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
{
ConfigEntry *cep;
if (type != CONFIG_SET)
return 0;
/* We are only interrested in set::authentication-prompt... */
if (!ce || !ce->ce_varname || strcmp(ce->ce_varname, "authentication-prompt"))
return 0;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!strcmp(cep->ce_varname, "enabled"))
{
cfg.enabled = config_checkval(cep->ce_vardata, CFG_YESNO);
} else
if (!strcmp(cep->ce_varname, "message"))
{
addmultiline(&cfg.message, cep->ce_vardata);
} else
if (!strcmp(cep->ce_varname, "fail-message"))
{
addmultiline(&cfg.fail_message, cep->ce_vardata);
}
}
return 1;
}
void authprompt_md_free(ModData *md)
{
APUser *se = md->ptr;
if (se)
{
safefree(se->authmsg);
MyFree(se);
md->ptr = se = NULL;
}
}
/** Parse an authentication request from the user (form: <user>:<pass>).
* @param str The input string with the request.
* @param username Pointer to the username string.
* @param password Pointer to the password string.
* @retval 1 if the format is correct, 0 if not.
* @notes The returned 'username' and 'password' are valid until next call to parse_nickpass().
*/
int parse_nickpass(const char *str, char **username, char **password)
{
static char buf[250];
char *p;
strlcpy(buf, str, sizeof(buf));
p = strchr(buf, ':');
if (!p)
return 0;
*p++ = '\0';
*username = buf;
*password = p;
if (!*username[0] || !*password[0])
return 0;
return 1;
}
/* NOTE: This function is stolen from m_sasl. Not good. */
static const char *encode_puid(aClient *client)
{
static char buf[HOSTLEN + 20];
/* create a cookie if necessary (and in case getrandom16 returns 0, then run again) */
while (!client->local->sasl_cookie)
client->local->sasl_cookie = getrandom16();
snprintf(buf, sizeof buf, "%s!0.%d", me.name, client->local->sasl_cookie);
return buf;
}
char *make_authbuf(const char *username, const char *password)
{
char inbuf[256];
static char outbuf[512];
int size;
size = strlen(username) + 1 + strlen(username) + 1 + strlen(password);
if (size >= sizeof(inbuf))
return NULL; /* too long */
/* Because size limits are already checked above, we can cut some corners here: */
memset(inbuf, 0, sizeof(inbuf));
strcpy(inbuf, username);
strcpy(inbuf+strlen(username)+1, username);
strcpy(inbuf+strlen(username)+1+strlen(username)+1, password);
/* ^ normal people use stpcpy here ;) */
if (b64_encode(inbuf, size, outbuf, sizeof(outbuf)) < 0)
return NULL; /* base64 encoding error */
return outbuf;
}
/** Send first SASL authentication request (AUTHENTICATE PLAIN).
* Among other things, this is used to discover the agent
* which will later be used for this session.
*/
void send_first_auth(aClient *sptr)
{
aClient *acptr;
char *addr = BadPtr(sptr->ip) ? "0" : sptr->ip;
char *certfp = moddata_client_get(sptr, "certfp");
acptr = find_client(SASL_SERVER, NULL);
if (!acptr)
{
/* Services down. */
return;
}
sendto_one(acptr, ":%s SASL %s %s H %s %s",
me.name, SASL_SERVER, encode_puid(sptr), addr, addr);
if (certfp)
sendto_one(acptr, ":%s SASL %s %s S %s %s",
me.name, SASL_SERVER, encode_puid(sptr), "PLAIN", certfp);
else
sendto_one(acptr, ":%s SASL %s %s S %s",
me.name, SASL_SERVER, encode_puid(sptr), "PLAIN");
/* The rest is sent from authprompt_sasl_continuation() */
sptr->local->sasl_out++;
}
CMD_FUNC(m_auth)
{
char *username = NULL;
char *password = NULL;
char *authbuf;
if (!SEUSER(sptr))
{
if (CHECKPROTO(sptr, PROTO_SASL))
sendnotice(sptr, "ERROR: Cannot use /AUTH when your client is doing SASL.");
else
sendnotice(sptr, "ERROR: /AUTH authentication request received before authentication prompt (too early!)");
return 0;
}
if ((parc < 2) || BadPtr(parv[1]) || !parse_nickpass(parv[1], &username, &password))
{
sendnotice(sptr, "ERROR: Syntax is: /AUTH <nickname>:<password>");
sendnotice(sptr, "Example: /AUTH mynick:secretpass");
return 0;
}
if (!SASL_SERVER)
{
sendnotice(sptr, "ERROR: SASL is not configured on this server, or services are down.");
// numeric instead? SERVICESDOWN?
return 0;
}
/* Presumably if the user is really fast, this could happen.. */
if (*sptr->local->sasl_agent || SEUSER(sptr)->authmsg)
{
sendnotice(sptr, "ERROR: Previous authentication request is still in progress. Please wait.");
return 0;
}
authbuf = make_authbuf(username, password);
if (!authbuf)
{
sendnotice(sptr, "ERROR: Internal error. Oversized username/password?");
return 0;
}
safestrdup(SEUSER(sptr)->authmsg, authbuf);
send_first_auth(sptr);
return 0;
}
void send_multinotice(aClient *sptr, MultiLine *m)
{
for (; m; m = m->next)
sendnotice(sptr, "%s", m->line);
}
void authprompt_tag_as_auth_required(aClient *sptr)
{
/* Allocate, and therefore indicate, that we are going to handle SASL for this user */
if (!SEUSER(sptr))
SetAPUser(sptr, MyMallocEx(sizeof(APUser)));
}
void authprompt_send_auth_required_message(aClient *sptr)
{
/* Display set::authentication-prompt::message */
send_multinotice(sptr, cfg.message);
}
int authprompt_require_sasl(aClient *sptr, char *reason)
{
/* If the client did SASL then we (authprompt) will not kick in */
if (CHECKPROTO(sptr, PROTO_SASL))
return 0;
authprompt_tag_as_auth_required(sptr);
/* Display the require authentication::reason */
if (reason)
sendnotice(sptr, "%s", reason);
authprompt_send_auth_required_message(sptr);
return 1;
}
/* Called upon "place a host ban on this user" (eg: spamfilter, blacklist, ..) */
int authprompt_place_host_ban(aClient *sptr, int action, char *reason, long duration)
{
/* If it's a soft-xx action and the user is not logged in
* and the user is not yet online, then we will handle this user.
*/
if (IsSoftBanAction(action) && !IsLoggedIn(sptr) && !IsPerson(sptr))
{
/* Send ban reason */
if (reason)
sendnotice(sptr, "%s", reason);
/* And tag the user */
authprompt_tag_as_auth_required(sptr);
return 0; /* pretend user is exempt */
}
return 99; /* no action taken, proceed normally */
}
/** Called upon "check for KLINE/GLINE" */
int authprompt_find_tkline_match(aClient *sptr, aTKline *tk)
{
/* If it's a soft-xx action and the user is not logged in
* and the user is not yet online, then we will handle this user.
*/
if ((tk->subtype & TKL_SUBTYPE_SOFT) && !IsLoggedIn(sptr) && !IsPerson(sptr))
{
/* Send ban reason */
if (tk->reason)
sendnotice(sptr, "%s", tk->reason);
/* And tag the user */
authprompt_tag_as_auth_required(sptr);
return 0; /* pretend user is exempt */
}
return 99; /* no action taken, proceed normally */
}
int authprompt_pre_connect(aClient *sptr)
{
/* If the user is tagged as auth required and not logged in, then.. */
if (SEUSER(sptr) && !IsLoggedIn(sptr))
{
authprompt_send_auth_required_message(sptr);
return -1; /* do not process register_user() */
}
return 0; /* no action taken, proceed normally */
}
int authprompt_sasl_continuation(aClient *sptr, char *buf)
{
/* If it's not for us (eg: user is doing real SASL) then return 0. */
if (!SEUSER(sptr) || !SEUSER(sptr)->authmsg)
return 0;
if (!strcmp(buf, "+"))
{
aClient *agent = find_client(sptr->local->sasl_agent, NULL);
if (agent)
{
sendto_one(agent, ":%s SASL %s %s C %s",
me.name, AGENT_SID(agent), encode_puid(sptr), SEUSER(sptr)->authmsg);
}
SEUSER(sptr)->authmsg = NULL;
}
return 1; /* inhibit displaying of message */
}
int authprompt_sasl_result(aClient *sptr, int success)
{
/* If it's not for us (eg: user is doing real SASL) then return 0. */
if (!SEUSER(sptr))
return 0;
if (!success)
{
send_multinotice(sptr, cfg.fail_message);
return 1;
}
/* Authentication was a success */
if (*sptr->name && sptr->user && *sptr->user->username && IsNotSpoof(sptr))
{
register_user(sptr, sptr, sptr->name, sptr->user->username, NULL, NULL, NULL);
/* NOTE: register_user() may return FLUSH_BUFFER here, but since the caller
* won't continue processing (won't touch 'sptr') it's safe.
* That is, as long as we 'return 1'.
*/
}
return 1; /* inhibit success/failure message */
}
+98 -45
View File
@@ -1,5 +1,5 @@
/*
* Blacklist support (currently just DNS Blacklists)
* Blacklist support (currently only DNS Blacklists)
* (C) Copyright 2015-.. Bram Matthys (Syzop) and the UnrealIRCd team
*
* This program is free software; you can redistribute it and/or modify
@@ -23,7 +23,7 @@
ModuleHeader MOD_HEADER(blacklist)
= {
"blacklist",
"4.0",
"4.2",
"Check connecting users against DNS Blacklists",
"3.2-b8-1",
NULL
@@ -76,7 +76,13 @@ struct _blacklist {
typedef struct _bluser BLUser;
struct _bluser {
aClient *cptr;
int is_ipv6;
int refcnt;
/* The following save_* fields are used by softbans: */
int save_action;
long save_tkltime;
char *save_opernotice;
char *save_reason;
};
/* Global variables */
@@ -90,7 +96,7 @@ void blacklist_free_conf(void);
void delete_blacklist_block(Blacklist *e);
void blacklist_md_free(ModData *md);
int blacklist_handshake(aClient *cptr);
int blacklist_quit(aClient *cptr, char *comment);
int blacklist_preconnect(aClient *sptr);
void blacklist_resolver_callback(void *arg, int status, int timeouts, struct hostent *he);
int blacklist_start_check(aClient *cptr);
int blacklist_dns_request(aClient *cptr, Blacklist *bl);
@@ -107,6 +113,8 @@ long SNO_BLACKLIST = 0L;
MOD_TEST(blacklist)
{
HookAdd(modinfo->handle, HOOKTYPE_CONFIGTEST, 0, blacklist_config_test);
CallbackAddEx(modinfo->handle, CALLBACKTYPE_BLACKLIST_CHECK, blacklist_start_check);
return MOD_SUCCESS;
}
@@ -131,8 +139,7 @@ MOD_INIT(blacklist)
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, blacklist_config_run);
HookAdd(modinfo->handle, HOOKTYPE_HANDSHAKE, 0, blacklist_handshake);
HookAdd(modinfo->handle, HOOKTYPE_LOCAL_QUIT, 0, blacklist_quit);
HookAdd(modinfo->handle, HOOKTYPE_UNKUSER_QUIT, 0, blacklist_quit);
HookAdd(modinfo->handle, HOOKTYPE_PRE_LOCAL_CONNECT, 0, blacklist_preconnect);
HookAdd(modinfo->handle, HOOKTYPE_REHASH, 0, blacklist_rehash);
HookAdd(modinfo->handle, HOOKTYPE_REHASH_COMPLETE, 0, blacklist_rehash_complete);
@@ -235,7 +242,7 @@ int blacklist_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
if (type != CONFIG_MAIN)
return 0;
if (!ce || !ce->ce_varname)
if (!ce)
return 0;
if (strcmp(ce->ce_varname, "blacklist"))
@@ -252,12 +259,6 @@ int blacklist_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
/* Now actually go parse the blacklist { } block */
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
if (!cep->ce_varname)
{
config_error_blank(cep->ce_fileptr->cf_filename, cep->ce_varlinenum, "blacklist");
errors++;
continue;
}
if (!strcmp(cep->ce_varname, "dns"))
{
for (cepp = cep->ce_entries; cepp; cepp = cepp->ce_next)
@@ -273,7 +274,7 @@ int blacklist_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
errors++;
continue;
}
if (!cepp->ce_vardata && !(cepp->ce_entries && cepp->ce_entries->ce_varname))
if (!cepp->ce_vardata && !cepp->ce_entries)
{
config_error_blank(cepp->ce_fileptr->cf_filename, cepp->ce_varlinenum, "blacklist::dns::reply");
errors++;
@@ -326,7 +327,7 @@ int blacklist_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
cepp->ce_varlinenum, "blacklist::dns::name");
}
has_dns_name = 1;
}
} else
if (!strcmp(cepp->ce_varname, "type"))
{
if (has_dns_type)
@@ -533,8 +534,12 @@ int blacklist_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
void blacklist_md_free(ModData *md)
{
/* we have nothing to free actually, but we must set to zero */
md->l = 0;
BLUser *bl = md->ptr;
/* Mark bl->cptr as dead. Free the struct, if able. */
blacklist_free_bluser_if_able(bl);
md->ptr = NULL;
}
int blacklist_handshake(aClient *cptr)
@@ -556,11 +561,6 @@ int blacklist_start_check(aClient *cptr)
SetBLUser(cptr, MyMallocEx(sizeof(BLUser)));
BLUSER(cptr)->cptr = cptr;
}
#ifdef DEBUGMODE
else {
abort(); /* hmmm. unless we add some /Blacklist CHECK command. then this needs to be removed */
}
#endif
for (bl = conf_blacklist; bl; bl = bl->next)
{
@@ -573,10 +573,6 @@ int blacklist_start_check(aClient *cptr)
blacklist_dns_request(cptr, bl);
}
/* Free bluser entry. This only happens if you have no blacklist configured or they fail very early */
if (BLUSER(cptr))
blacklist_free_bluser_if_able(BLUSER(cptr));
return 0;
}
@@ -603,6 +599,7 @@ int blacklist_dns_request(aClient *cptr, Blacklist *d)
{
int i, j;
/* IPv6 */
BLUSER(cptr)->is_ipv6 = 1;
if (sscanf(ip, "%x:%x:%x:%x:%x:%x:%x:%x",
&e[0], &e[1], &e[2], &e[3], &e[4], &e[5], &e[6], &e[7]) != 8)
{
@@ -643,26 +640,41 @@ int blacklist_quit(aClient *cptr, char *comment)
return 0;
}
/** Free the BLUSER() struct, if we are able to do so.
* This should only be called if the underlying client is dead or dyeing
* and not earlier.
* Reasons why we 'are not able' are: refcnt is non-zero, that is:
* there is still an outstanding resolver request (eg: slow blacklist).
* In that case, no worries, we will be called again after that request
* is finished.
*/
void blacklist_free_bluser_if_able(BLUser *bl)
{
if (bl->cptr)
bl->cptr = NULL;
if (bl->refcnt > 0)
return; /* unable, still have DNS requests/replies in-flight */
if (bl->cptr)
SetBLUser(bl->cptr, NULL);
safefree(bl->save_opernotice);
safefree(bl->save_reason);
MyFree(bl);
}
char *getdnsblname(char *p)
char *getdnsblname(char *p, aClient *cptr)
{
int dots = 0;
int dots_count;
if(!cptr) return NULL;
if(BLUSER(cptr)->is_ipv6)
dots_count = 32;
else
dots_count = 4;
for (; *p; p++)
if (*p == '.')
{
dots++;
if (dots == 4)
if (dots == dots_count)
return p+1;
}
return NULL;
@@ -690,23 +702,33 @@ int blacklist_parse_reply(struct hostent *he, int entry)
return atoi(p+1);
}
/** Take the actual ban action.
* Called from blacklist_hit() and for immediate bans and
* from blacklist_preconnect() for softbans that need to be delayed
* as to give the user the opportunity to do SASL Authentication.
*/
int blacklist_action(aClient *acptr, char *opernotice, int ban_action, char *ban_reason, long ban_time)
{
sendto_snomask(SNO_BLACKLIST, "%s", opernotice);
ircd_log(LOG_KILL, "%s", opernotice);
return place_host_ban(acptr, ban_action, ban_reason, ban_time);
}
void blacklist_hit(aClient *acptr, Blacklist *bl, int reply)
{
char buf[512];
char *name[4], *value[4];
char opernotice[512], banbuf[512];
const char *name[4], *value[4];
BLUser *blu = BLUSER(acptr);
if (find_tkline_match(acptr, 0) < 0)
if (find_tkline_match(acptr, 1) < 0)
return; /* already klined/glined. Don't send the warning from below. */
if (IsPerson(acptr))
snprintf(buf, sizeof(buf), "[Blacklist] IP %s (%s) matches blacklist %s (%s/reply=%d)",
snprintf(opernotice, sizeof(opernotice), "[Blacklist] IP %s (%s) matches blacklist %s (%s/reply=%d)",
GetIP(acptr), acptr->name, bl->name, bl->backend->dns->name, reply);
else
snprintf(buf, sizeof(buf), "[Blacklist] IP %s matches blacklist %s (%s/reply=%d)",
snprintf(opernotice, sizeof(opernotice), "[Blacklist] IP %s matches blacklist %s (%s/reply=%d)",
GetIP(acptr), bl->name, bl->backend->dns->name, reply);
sendto_snomask(SNO_BLACKLIST, "%s", buf);
ircd_log(LOG_KILL, "%s", buf);
name[0] = "ip";
value[0] = GetIP(acptr);
@@ -715,9 +737,19 @@ void blacklist_hit(aClient *acptr, Blacklist *bl, int reply)
name[2] = NULL;
value[2] = NULL;
buildvarstring(bl->reason, buf, sizeof(buf), name, value);
place_host_ban(acptr, bl->action, buf, bl->ban_time);
buildvarstring(bl->reason, banbuf, sizeof(banbuf), name, value);
if (IsSoftBanAction(bl->action) && blu)
{
/* For soft bans, delay the action until later (so user can do SASL auth) */
blu->save_action = bl->action;
blu->save_tkltime = bl->ban_time;
safestrdup(blu->save_opernotice, opernotice);
safestrdup(blu->save_reason, banbuf);
} else {
/* Otherwise, execute the action immediately */
blacklist_action(acptr, opernotice, bl->action, banbuf, bl->ban_time);
}
}
void blacklist_process_result(aClient *acptr, int status, struct hostent *he)
@@ -731,7 +763,7 @@ void blacklist_process_result(aClient *acptr, int status, struct hostent *he)
if ((status != 0) || (he->h_length != 4) || !he->h_name)
return; /* invalid reply */
domain = getdnsblname(he->h_name);
domain = getdnsblname(he->h_name, acptr);
if (!domain)
return; /* odd */
bl = blacklist_find_block_by_dns(domain);
@@ -760,13 +792,34 @@ void blacklist_resolver_callback(void *arg, int status, int timeouts, struct hos
{
BLUser *blu = (BLUser *)arg;
aClient *acptr = blu->cptr;
blu->refcnt--; /* one less outstanding DNS request remaining */
blacklist_free_bluser_if_able(blu);
/* If we are the last to resolve something and the client is gone
* already then free the struct.
*/
if ((blu->refcnt == 0) && !acptr)
blacklist_free_bluser_if_able(blu);
blu = NULL;
if (!acptr)
return; /* Client left already */
/* ^^ note: do not merge this with the other 'if' a few lines up (refcnt!) */
blacklist_process_result(acptr, status, he);
}
int blacklist_preconnect(aClient *acptr)
{
BLUser *blu = BLUSER(acptr);
if (!blu || !blu->save_action)
return 0;
/* There was a pending softban... has the user authenticated via SASL by now? */
if (IsLoggedIn(acptr))
return 0; /* yup, so the softban does not apply. */
return blacklist_action(acptr, blu->save_opernotice, blu->save_action, blu->save_reason, blu->save_tkltime);
}
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/badwords.h ../../include/channel.h \
INCLUDES = ../../include/auth.h ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/hash.h ../../include/inet.h ../../include/ircsprintf.h \
+3 -2
View File
@@ -26,7 +26,7 @@
ModuleHeader MOD_HEADER(link_security)
= {
"link-security",
"4.0",
"4.2",
"Link Security CAP",
"3.2-b8-1",
NULL
@@ -127,7 +127,8 @@ int certificate_verification_active(aClient *acptr)
return 1; /* yes, verify-certificate is 'yes' */
if ((conf->auth->type == AUTHTYPE_SSL_CLIENTCERT) ||
(conf->auth->type == AUTHTYPE_SSL_CLIENTCERTFP))
(conf->auth->type == AUTHTYPE_SSL_CLIENTCERTFP) ||
(conf->auth->type == AUTHTYPE_SPKIFP))
{
/* yes, verified by link::password being a
* certificate fingerprint or certificate file.
+4 -4
View File
@@ -25,7 +25,7 @@
ModuleHeader MOD_HEADER(plaintext_policy)
= {
"plaintext-policy",
"4.0",
"4.2",
"Plaintext Policy CAP",
"3.2-b8-1",
NULL
@@ -57,9 +57,9 @@ char *plaintext_policy_capability_parameter(aClient *acptr)
static char buf[128];
snprintf(buf, sizeof(buf), "user=%s,oper=%s,server=%s",
plaintextpolicy_valtostr(iConf.plaintext_policy_user),
plaintextpolicy_valtostr(iConf.plaintext_policy_oper),
plaintextpolicy_valtostr(iConf.plaintext_policy_server));
policy_valtostr(iConf.plaintext_policy_user),
policy_valtostr(iConf.plaintext_policy_oper),
policy_valtostr(iConf.plaintext_policy_server));
return buf;
}
+1 -1
View File
@@ -25,7 +25,7 @@
ModuleHeader MOD_HEADER(sts)
= {
"sts",
"4.0",
"4.2",
"Strict Transport Security CAP",
"3.2-b8-1",
NULL
+1 -1
View File
@@ -14,7 +14,7 @@
ModuleHeader MOD_HEADER(certfp)
= {
"certfp",
"4.0",
"4.2",
"Certificate fingerprint",
"3.2-b8-1",
NULL
+2 -2
View File
@@ -80,11 +80,11 @@ link.so: link.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o link.so link.c
censor.so: censor.c $(INCLUDES) ../../include/badwords.h
censor.so: censor.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o censor.so censor.c
delayjoin.so: delayjoin.c $(INCLUDES) ../../include/badwords.h
delayjoin.so: delayjoin.c $(INCLUDES)
$(CC) $(CFLAGS) $(MODULEFLAGS) -DDYNAMIC_LINKING \
-o delayjoin.so delayjoin.c
+13 -276
View File
@@ -9,7 +9,7 @@
ModuleHeader MOD_HEADER(censor)
= {
"chanmodes/censor",
"4.0",
"4.2",
"Channel Mode +G",
"3.2-b8-1",
NULL,
@@ -24,8 +24,8 @@ char *censor_pre_chanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
char *censor_pre_local_part(aClient *sptr, aChannel *chptr, char *text);
char *censor_pre_local_quit(aClient *sptr, char *text);
DLLFUNC int censor_config_test(ConfigFile *, ConfigEntry *, int, int *);
DLLFUNC int censor_config_run(ConfigFile *, ConfigEntry *, int);
int censor_config_test(ConfigFile *, ConfigEntry *, int, int *);
int censor_config_run(ConfigFile *, ConfigEntry *, int);
ModuleInfo *ModInfo = NULL;
@@ -73,17 +73,13 @@ MOD_UNLOAD(censor)
for (badword = conf_badword_channel; badword; badword = next)
{
next = badword->next;
safefree(badword->word);
if (badword->replace)
safefree(badword->replace);
regfree(&badword->expr);
DelListItem(badword, conf_badword_channel);
MyFree(badword);
badword_config_free(badword);
}
return MOD_SUCCESS;
}
DLLFUNC int censor_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
int censor_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
{
int errors = 0;
ConfigEntry *cep;
@@ -133,7 +129,7 @@ DLLFUNC int censor_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *e
continue;
}
has_word = 1;
if ((errbuf = unreal_checkregex(cep->ce_vardata,1,1)))
if ((errbuf = badword_config_check_regex(cep->ce_vardata,1,1)))
{
config_error("%s:%i: badword::%s contains an invalid regex: %s",
cep->ce_fileptr->cf_filename,
@@ -203,14 +199,10 @@ DLLFUNC int censor_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *e
}
DLLFUNC int censor_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
int censor_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
{
ConfigEntry *cep, *word = NULL;
ConfigItem_badword *ca;
char *tmp;
short regex = 0;
int regflags = 0;
int ast_l = 0, ast_r = 0;
if (type != CONFIG_MAIN)
return 0;
@@ -223,7 +215,6 @@ DLLFUNC int censor_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
ca = MyMallocEx(sizeof(ConfigItem_badword));
ca->action = BADWORD_REPLACE;
regflags = REG_ICASE|REG_EXTENDED;
for (cep = ce->ce_entries; cep; cep = cep->ce_next)
{
@@ -232,57 +223,20 @@ DLLFUNC int censor_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
if (!strcmp(cep->ce_vardata, "block"))
{
ca->action = BADWORD_BLOCK;
/* If it is set to just block, then we don't need to worry about
* replacements
*/
regflags |= REG_NOSUB;
}
}
else if (!strcmp(cep->ce_varname, "replace"))
{
safestrdup(ca->replace, cep->ce_vardata);
}
else if (!strcmp(cep->ce_varname, "word"))
} else
if (!strcmp(cep->ce_varname, "word"))
{
word = cep;
}
/* The fast badwords routine can do: "blah" "*blah" "blah*" and "*blah*",
* in all other cases use regex.
*/
for (tmp = word->ce_vardata; *tmp; tmp++) {
if (!isalnum(*tmp) && !(*tmp >= 128)) {
if ((word->ce_vardata == tmp) && (*tmp == '*')) {
ast_l = 1; /* Asterisk at the left */
continue;
}
if ((*(tmp + 1) == '\0') && (*tmp == '*')) {
ast_r = 1; /* Asterisk at the right */
continue;
}
regex = 1;
break;
}
}
if (regex)
{
ca->type = BADW_TYPE_REGEX;
safestrdup(ca->word, word->ce_vardata);
regcomp(&ca->expr, ca->word, regflags);
}
else
{
char *tmpw;
ca->type = BADW_TYPE_FAST;
ca->word = tmpw = MyMallocEx(strlen(word->ce_vardata) - ast_l - ast_r + 1);
/* Copy except for asterisks */
for (tmp = word->ce_vardata; *tmp; tmp++)
if (*tmp != '*')
*tmpw++ = *tmp;
*tmpw = '\0';
if (ast_l)
ca->type |= BADW_TYPE_FAST_L;
if (ast_r)
ca->type |= BADW_TYPE_FAST_R;
}
badword_config_process(ca, word->ce_vardata);
if (!strcmp(ce->ce_vardata, "channel"))
AddListItem(ca, conf_badword_channel);
else if (!strcmp(ce->ce_vardata, "all"))
@@ -294,223 +248,6 @@ DLLFUNC int censor_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
return 1;
}
static inline int fast_badword_match(ConfigItem_badword *badword, char *line)
{
char *p;
int bwlen = strlen(badword->word);
if ((badword->type & BADW_TYPE_FAST_L) && (badword->type & BADW_TYPE_FAST_R))
return (our_strcasestr(line, badword->word) ? 1 : 0);
p = line;
while((p = our_strcasestr(p, badword->word)))
{
if (!(badword->type & BADW_TYPE_FAST_L))
{
if ((p != line) && !iswseperator(*(p - 1))) /* aaBLA but no *BLA */
goto next;
}
if (!(badword->type & BADW_TYPE_FAST_R))
{
if (!iswseperator(*(p + bwlen))) /* BLAaa but no BLA* */
goto next;
}
/* Looks like it matched */
return 1;
next:
p += bwlen;
}
return 0;
}
/* fast_badword_replace:
* a fast replace routine written by Syzop used for replacing badwords.
* searches in line for huntw and replaces it with replacew,
* buf is used for the result and max is sizeof(buf).
* (Internal assumptions: max > 0 AND max > strlen(line)+1)
*/
static inline int fast_badword_replace(ConfigItem_badword *badword, char *line, char *buf, int max)
{
/* Some aliases ;P */
char *replacew = badword->replace ? badword->replace : REPLACEWORD;
char *pold = line, *pnew = buf; /* Pointers to old string and new string */
char *poldx = line;
int replacen = -1; /* Only calculated if needed. w00t! saves us a few nanosecs? lol */
int searchn = -1;
char *startw, *endw;
char *c_eol = buf + max - 1; /* Cached end of (new) line */
int run = 1;
int cleaned = 0;
Debug((DEBUG_NOTICE, "replacing %s -> %s in '%s'", badword->word, replacew, line));
while(run) {
pold = our_strcasestr(pold, badword->word);
if (!pold)
break;
if (replacen == -1)
replacen = strlen(replacew);
if (searchn == -1)
searchn = strlen(badword->word);
/* Hunt for start of word */
if (pold > line) {
for (startw = pold; (!iswseperator(*startw) && (startw != line)); startw--);
if (iswseperator(*startw))
startw++; /* Don't point at the space/seperator but at the word! */
} else {
startw = pold;
}
if (!(badword->type & BADW_TYPE_FAST_L) && (pold != startw)) {
/* not matched */
pold++;
continue;
}
/* Hunt for end of word */
for (endw = pold; ((*endw != '\0') && (!iswseperator(*endw))); endw++);
if (!(badword->type & BADW_TYPE_FAST_R) && (pold+searchn != endw)) {
/* not matched */
pold++;
continue;
}
cleaned = 1; /* still too soon? Syzop/20050227 */
/* Do we have any not-copied-yet data? */
if (poldx != startw) {
int tmp_n = startw - poldx;
if (pnew + tmp_n >= c_eol) {
/* Partial copy and return... */
memcpy(pnew, poldx, c_eol - pnew);
*c_eol = '\0';
return 1;
}
memcpy(pnew, poldx, tmp_n);
pnew += tmp_n;
}
/* Now update the word in buf (pnew is now something like startw-in-new-buffer */
if (replacen) {
if ((pnew + replacen) >= c_eol) {
/* Partial copy and return... */
memcpy(pnew, replacew, c_eol - pnew);
*c_eol = '\0';
return 1;
}
memcpy(pnew, replacew, replacen);
pnew += replacen;
}
poldx = pold = endw;
}
/* Copy the last part */
if (*poldx) {
strncpy(pnew, poldx, c_eol - pnew);
*(c_eol) = '\0';
} else {
*pnew = '\0';
}
return cleaned;
}
/*
* Returns a string, which has been filtered by the words loaded via
* the loadbadwords() function. It's primary use is to filter swearing
* in both private and public messages
*/
char *stripbadwords(char *str, ConfigItem_badword *start_bw, int *blocked)
{
regmatch_t pmatch[MAX_MATCH];
static char cleanstr[4096];
char buf[4096];
char *ptr;
int matchlen, m, stringlen, cleaned;
ConfigItem_badword *this_word;
*blocked = 0;
if (!start_bw)
return str;
/*
* work on a copy
*/
stringlen = strlcpy(cleanstr, StripControlCodes(str), sizeof cleanstr);
memset(&pmatch, 0, sizeof pmatch);
matchlen = 0;
buf[0] = '\0';
cleaned = 0;
for (this_word = start_bw; this_word; this_word = this_word->next)
{
if (this_word->type & BADW_TYPE_FAST)
{
if (this_word->action == BADWORD_BLOCK)
{
if (fast_badword_match(this_word, cleanstr))
{
*blocked = 1;
return NULL;
}
}
else
{
int n;
/* fast_badword_replace() does size checking so we can use 512 here instead of 4096 */
n = fast_badword_replace(this_word, cleanstr, buf, 512);
if (!cleaned && n)
cleaned = n;
strcpy(cleanstr, buf);
memset(buf, 0, sizeof(buf)); /* regexp likes this somehow */
}
} else
if (this_word->type & BADW_TYPE_REGEX)
{
if (this_word->action == BADWORD_BLOCK)
{
if (!regexec(&this_word->expr, cleanstr, 0, NULL, 0))
{
*blocked = 1;
return NULL;
}
}
else
{
ptr = cleanstr; /* set pointer to start of string */
while (regexec(&this_word->expr, ptr, MAX_MATCH, pmatch,0) != REG_NOMATCH)
{
if (pmatch[0].rm_so == -1)
break;
m = pmatch[0].rm_eo - pmatch[0].rm_so;
if (m == 0)
break; /* anti-loop */
cleaned = 1;
matchlen += m;
strlncat(buf, ptr, sizeof buf, pmatch[0].rm_so);
if (this_word->replace)
strlcat(buf, this_word->replace, sizeof buf);
else
strlcat(buf, REPLACEWORD, sizeof buf);
ptr += pmatch[0].rm_eo; /* Set pointer after the match pos */
memset(&pmatch, 0, sizeof(pmatch));
}
/* All the better to eat you with! */
strlcat(buf, ptr, sizeof buf);
memcpy(cleanstr, buf, sizeof cleanstr);
memset(buf, 0, sizeof(buf));
if (matchlen == stringlen)
break;
}
}
}
cleanstr[511] = '\0'; /* cutoff, just to be sure */
return (cleaned) ? cleanstr : str;
}
char *stripbadwords_channel(char *str, int *blocked)
{
return stripbadwords(str, conf_badword_channel, blocked);
+23 -23
View File
@@ -23,15 +23,15 @@ static Cmode *CmodePostDelayed = NULL;
static Cmode_t EXTMODE_DELAYED;
static Cmode_t EXTMODE_POST_DELAYED;
DLLFUNC int visible_in_channel( aClient *cptr, aChannel *chptr);
DLLFUNC int moded_check_part( aClient *cptr, aChannel *chptr);
DLLFUNC int moded_join(aClient *cptr, aChannel *chptr);
DLLFUNC int moded_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment);
DLLFUNC int deny_all(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
DLLFUNC int moded_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment);
DLLFUNC int moded_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
int visible_in_channel( aClient *cptr, aChannel *chptr);
int moded_check_part( aClient *cptr, aChannel *chptr);
int moded_join(aClient *cptr, aChannel *chptr);
int moded_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment);
int deny_all(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
int moded_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment);
int moded_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
char *modebuf, char *parabuf, time_t sendts, int samode);
DLLFUNC char *moded_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
char *moded_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
char *moded_serialize(ModData *m);
void moded_unserialize(char *str, ModData *m);
@@ -95,13 +95,13 @@ MOD_UNLOAD(delayjoin)
return MOD_SUCCESS;
}
DLLFUNC void set_post_delayed(aChannel *chptr)
void set_post_delayed(aChannel *chptr)
{
chptr->mode.extmode |= EXTMODE_POST_DELAYED;
sendto_channel_butserv(chptr, &me, ":%s MODE %s +d", me.name, chptr->chname);
}
DLLFUNC void clear_post_delayed(aChannel *chptr)
void clear_post_delayed(aChannel *chptr)
{
chptr->mode.extmode &= ~EXTMODE_POST_DELAYED;
sendto_channel_butserv(chptr, &me, ":%s MODE %s -d", me.name, chptr->chname);
@@ -130,7 +130,7 @@ bool moded_user_invisible(aClient *cptr, aChannel *chptr)
return moded_member_invisible(find_member_link(chptr->members, cptr),chptr);
}
DLLFUNC bool channel_has_invisible_users(aChannel *chptr)
bool channel_has_invisible_users(aChannel *chptr)
{
Member* i;
for (i = chptr->members; i; i = i->next)
@@ -143,21 +143,21 @@ DLLFUNC bool channel_has_invisible_users(aChannel *chptr)
return false;
}
DLLFUNC bool channel_is_post_delayed(aChannel *chptr)
bool channel_is_post_delayed(aChannel *chptr)
{
if (chptr->mode.extmode & EXTMODE_POST_DELAYED)
return true;
return false;
}
DLLFUNC bool channel_is_delayed(aChannel *chptr)
bool channel_is_delayed(aChannel *chptr)
{
if (chptr->mode.extmode & EXTMODE_DELAYED)
return true;
return false;
}
DLLFUNC void clear_user_invisible(aChannel *chptr, aClient *sptr)
void clear_user_invisible(aChannel *chptr, aClient *sptr)
{
Member *i;
ModDataInfo *md;
@@ -194,7 +194,7 @@ DLLFUNC void clear_user_invisible(aChannel *chptr, aClient *sptr)
}
}
DLLFUNC void clear_user_invisible_announce(aChannel *chptr, aClient *sptr)
void clear_user_invisible_announce(aChannel *chptr, aClient *sptr)
{
Member *i;
char joinbuf[512];
@@ -223,7 +223,7 @@ DLLFUNC void clear_user_invisible_announce(aChannel *chptr, aClient *sptr)
}
}
DLLFUNC void set_user_invisible(aChannel *chptr, aClient *sptr)
void set_user_invisible(aChannel *chptr, aClient *sptr)
{
Member *m = find_member_link(chptr->members,sptr);
ModDataInfo *md;
@@ -240,19 +240,19 @@ DLLFUNC void set_user_invisible(aChannel *chptr, aClient *sptr)
}
DLLFUNC int deny_all(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
int deny_all(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
{
return EX_ALWAYS_DENY;
}
DLLFUNC int visible_in_channel(aClient *cptr, aChannel *chptr)
int visible_in_channel(aClient *cptr, aChannel *chptr)
{
return channel_is_delayed(chptr) && moded_user_invisible(cptr,chptr);
}
DLLFUNC int moded_join(aClient *cptr, aChannel *chptr)
int moded_join(aClient *cptr, aChannel *chptr)
{
if (channel_is_delayed(chptr))
set_user_invisible(chptr,cptr);
@@ -260,7 +260,7 @@ DLLFUNC int moded_join(aClient *cptr, aChannel *chptr)
return 0;
}
DLLFUNC int moded_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment)
int moded_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment)
{
if (channel_is_delayed(chptr) || channel_is_post_delayed(chptr))
clear_user_invisible(chptr,cptr);
@@ -268,7 +268,7 @@ DLLFUNC int moded_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comm
return 0;
}
DLLFUNC int moded_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment)
int moded_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment)
{
if (channel_is_delayed(chptr) || channel_is_post_delayed(chptr))
if (moded_user_invisible(acptr, chptr))
@@ -278,7 +278,7 @@ DLLFUNC int moded_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *c
}
DLLFUNC int moded_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
int moded_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
char *modebuf, char *parabuf, time_t sendts, int samode)
{
// Handle case where we just unset +D but have invisible users
@@ -356,7 +356,7 @@ DLLFUNC int moded_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
return 0;
}
DLLFUNC char *moded_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
char *moded_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
{
if ((channel_is_delayed(chptr) || channel_is_post_delayed(chptr)) && (moded_user_invisible(sptr,chptr)))
+157 -28
View File
@@ -1,6 +1,7 @@
/*
* Channel Mode +f
* (C) Copyright 2005-2014 Bram Matthys and The UnrealIRCd team.
* (C) Copyright 2005-2019 Bram Matthys and The UnrealIRCd team.
* License: GPLv2
*/
#include "unrealircd.h"
@@ -25,6 +26,17 @@ ModuleHeader MOD_HEADER(floodprot)
#define NUMFLD 6 /* 6 flood types */
/** Configuration settings */
struct {
unsigned char modef_default_unsettime;
unsigned char modef_max_unsettime;
long modef_boot_delay;
} cfg;
#define MODEF_DEFAULT_UNSETTIME cfg.modef_default_unsettime
#define MODEF_MAX_UNSETTIME cfg.modef_max_unsettime
#define MODEF_BOOT_DELAY cfg.modef_boot_delay
typedef struct SChanFloodProt ChanFloodProt;
typedef struct SRemoveFld RemoveFld;
@@ -66,7 +78,10 @@ static int timedban_available = 0; /**< Set to 1 if extbans/timedban module is l
#define IsFloodLimit(x) ((x)->mode.extmode & EXTMODE_FLOODLIMIT)
/* Forward declarations */
static void init_config(void);
int floodprot_rehash_complete(void);
int floodprot_config_test(ConfigFile *, ConfigEntry *, int, int *);
int floodprot_config_run(ConfigFile *, ConfigEntry *, int);
void floodprottimer_del(aChannel *chptr, char mflag);
void floodprottimer_stopchantimers(aChannel *chptr);
static inline char *chmodefstrhelper(char *buf, char t, char tdef, unsigned short l, unsigned char a, unsigned char r);
@@ -92,6 +107,13 @@ int floodprot_local_nickchange(aClient *sptr, char *oldnick);
int floodprot_remote_nickchange(aClient *cptr, aClient *sptr, char *oldnick);
int floodprot_chanmode_del(aChannel *chptr, int m);
void userfld_free(ModData *md);
int floodprot_stats(aClient *sptr, char *flag);
MOD_TEST(floodprot)
{
HookAdd(modinfo->handle, HOOKTYPE_CONFIGTEST, 0, floodprot_config_test);
return MOD_SUCCESS;
}
MOD_INIT(floodprot)
{
@@ -115,6 +137,8 @@ MOD_INIT(floodprot)
creq.sjoin_check = cmodef_sjoin_check;
CmodeAdd(modinfo->handle, creq, &EXTMODE_FLOODLIMIT);
init_config();
memset(&mreq, 0, sizeof(mreq));
mreq.name = "floodprot";
mreq.type = MODDATATYPE_MEMBERSHIP;
@@ -122,7 +146,8 @@ MOD_INIT(floodprot)
mdflood = ModDataAdd(modinfo->handle, mreq);
if (!mdflood)
abort();
HookAdd(modinfo->handle, HOOKTYPE_CONFIGRUN, 0, floodprot_config_run);
HookAddPChar(modinfo->handle, HOOKTYPE_PRE_CHANMSG, 0, floodprot_pre_chanmsg);
HookAdd(modinfo->handle, HOOKTYPE_CHANMSG, 0, floodprot_post_chanmsg);
HookAdd(modinfo->handle, HOOKTYPE_KNOCK, 0, floodprot_knock);
@@ -133,6 +158,7 @@ MOD_INIT(floodprot)
HookAdd(modinfo->handle, HOOKTYPE_REMOTE_JOIN, 0, floodprot_join);
HookAdd(modinfo->handle, HOOKTYPE_CHANNEL_DESTROY, 0, cmodef_channel_destroy);
HookAdd(modinfo->handle, HOOKTYPE_REHASH_COMPLETE, 0, floodprot_rehash_complete);
HookAdd(modinfo->handle, HOOKTYPE_STATS, 0, floodprot_stats);
return MOD_SUCCESS;
}
@@ -154,6 +180,99 @@ int floodprot_rehash_complete(void)
return 0;
}
static void init_config(void)
{
/* This sets some default values */
memset(&cfg, 0, sizeof(cfg));
cfg.modef_default_unsettime = 0;
cfg.modef_max_unsettime = 60; /* 1 hour seems enough :p */
cfg.modef_boot_delay = 75;
}
int floodprot_config_test(ConfigFile *cf, ConfigEntry *ce, int type, int *errs)
{
int errors = 0;
if (type != CONFIG_SET)
return 0;
if (!strcmp(ce->ce_varname, "modef-default-unsettime"))
{
if (!ce->ce_vardata)
{
config_error_empty(ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
"set", ce->ce_varname);
errors++;
} else {
int v = atoi(ce->ce_vardata);
if ((v <= 0) || (v > 255))
{
config_error("%s:%i: set::modef-default-unsettime: value '%d' out of range (should be 1-255)",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, v);
errors++;
}
}
} else
if (!strcmp(ce->ce_varname, "modef-max-unsettime"))
{
if (!ce->ce_vardata)
{
config_error_empty(ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
"set", ce->ce_varname);
errors++;
} else {
int v = atoi(ce->ce_vardata);
if ((v <= 0) || (v > 255))
{
config_error("%s:%i: set::modef-max-unsettime: value '%d' out of range (should be 1-255)",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, v);
errors++;
}
}
} else
if (!strcmp(ce->ce_varname, "modef-boot-delay"))
{
if (!ce->ce_vardata)
{
config_error_empty(ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
"set", ce->ce_varname);
errors++;
} else {
long v = config_checkval(ce->ce_vardata, CFG_TIME);
if ((v < 0) || (v > 600))
{
config_error("%s:%i: set::modef-boot-delay: value '%ld' out of range (should be 0-600)",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, v);
errors++;
}
}
} else
{
/* Not handled by us */
return 0;
}
*errs = errors;
return errors ? -1 : 1;
}
int floodprot_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
{
if (type != CONFIG_SET)
return 0;
if (!strcmp(ce->ce_varname, "modef-default-unsettime"))
cfg.modef_default_unsettime = (unsigned char)atoi(ce->ce_vardata);
else if (!strcmp(ce->ce_varname, "modef-max-unsettime"))
cfg.modef_max_unsettime = (unsigned char)atoi(ce->ce_vardata);
else if (!strcmp(ce->ce_varname, "modef-boot-delay"))
cfg.modef_boot_delay = config_checkval(ce->ce_vardata, CFG_TIME);
else
return 0; /* not handled by us */
return 1;
}
int cmodef_is_ok(aClient *sptr, aChannel *chptr, char mode, char *param, int type, int what)
{
if ((type == EXCHK_ACCESS) || (type == EXCHK_ACCESS_ERR))
@@ -383,7 +502,7 @@ invalidsyntax:
return EX_DENY;
}
/* falltrough -- should not be used */
/* fallthrough -- should not be used */
return EX_DENY;
}
@@ -820,13 +939,19 @@ int floodprot_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *parv[])
/* I'll explain this only once:
* 1. if channel is +f
* 2. local client OR synced server
* 3. then, increase floodcounter
* 4. if we reached the limit AND only if source was a local client.. do the action (+i).
* Nr 4 is done because otherwise you would have a noticeflood with 'joinflood detected'
* 3. server uptime more than XX seconds (if this information is available)
* 4. is not a uline
* 5. then, increase floodcounter
* 6. if we reached the limit AND only if source was a local client.. do the action (+i).
* Nr 6 is done because otherwise you would have a noticeflood with 'joinflood detected'
* from all servers.
*/
if (IsFloodLimit(chptr) && (MyClient(sptr) || sptr->srvptr->serv->flags.synced) &&
!IsULine(sptr) && do_floodprot(chptr, FLD_JOIN) && MyClient(sptr))
if (IsFloodLimit(chptr) &&
(MyClient(sptr) || sptr->srvptr->serv->flags.synced) &&
(sptr->srvptr->serv->boottime && (TStime() - sptr->srvptr->serv->boottime >= MODEF_BOOT_DELAY)) &&
!IsULine(sptr) &&
do_floodprot(chptr, FLD_JOIN) &&
MyClient(sptr))
{
do_floodprot_action(chptr, FLD_JOIN, "join");
}
@@ -924,15 +1049,6 @@ int floodprot_post_chanmsg(aClient *sptr, aChannel *chptr, char *text, int notic
return 0;
}
#if 0
int floodprot_remotejoin(aClient *cptr, aClient *acptr, aChannel *chptr, char *parv[])
{
if (IsFloodLimit(chptr) && acptr->serv->flags.synced && !IsULine(acptr)) /* hope that's correctly copied? acptr/cptr fun */
do_floodprot(chptr, FLD_JOIN);
return 0;
}
#endif
int floodprot_knock(aClient *sptr, aChannel *chptr)
{
if (IsFloodLimit(chptr) && !IsULine(sptr) && do_floodprot(chptr, FLD_KNOCK) && MyClient(sptr))
@@ -1023,7 +1139,7 @@ int check_for_chan_flood(aClient *sptr, aChannel *chptr)
ChanFloodProt *chp;
aUserFld *userfld;
if (ValidatePermissionsForPath("immune:channel:flood",sptr,NULL,chptr,NULL) || !IsFloodLimit(chptr) || is_skochanop(sptr, chptr))
if (ValidatePermissionsForPath("channel:override:flood",sptr,NULL,chptr,NULL) || !IsFloodLimit(chptr) || is_skochanop(sptr, chptr))
return 0;
if (!(lp = find_membership_link(sptr->user->channel, chptr)))
@@ -1177,6 +1293,7 @@ void floodprottimer_del(aChannel *chptr, char mflag)
return;
DelListItem(e, removefld_list);
MyFree(e);
if (chp)
{
@@ -1216,13 +1333,14 @@ Cmode_t get_extmode_bitbychar(char m)
EVENT(modef_event)
{
RemoveFld *e = removefld_list;
RemoveFld *e, *e_next;
time_t now;
now = TStime();
while(e)
for (e = removefld_list; e; e = e_next)
{
e_next = e->next;
if (e->when <= now)
{
/* Remove chanmode... */
@@ -1245,27 +1363,29 @@ EVENT(modef_event)
}
/* And delete... */
e = (RemoveFld *)DelListItem(e, removefld_list);
DelListItem(e, removefld_list);
MyFree(e);
} else {
#ifdef NEWFLDDBG
sendto_realops("modef_event: chan %s mode -%c about %d seconds",
e->chptr->chname, e->m, e->when - now);
#endif
e = e->next;
}
}
}
void floodprottimer_stopchantimers(aChannel *chptr)
{
RemoveFld *e = removefld_list;
while(e)
RemoveFld *e, *e_next;
for (e = removefld_list; e; e = e_next)
{
e_next = e->next;
if (e->chptr == chptr)
e = (RemoveFld *)DelListItem(e, removefld_list);
else
e = e->next;
{
DelListItem(e, removefld_list);
MyFree(e);
}
}
}
@@ -1365,3 +1485,12 @@ void userfld_free(ModData *md)
{
MyFree(md->ptr);
}
int floodprot_stats(aClient *sptr, char *flag)
{
sendto_one(sptr, ":%s %i %s :modef-default-unsettime: %hd", me.name, RPL_TEXT,
sptr->name, (unsigned short)MODEF_DEFAULT_UNSETTIME);
sendto_one(sptr, ":%s %i %s :modef-max-unsettime: %hd", me.name, RPL_TEXT,
sptr->name, (unsigned short)MODEF_MAX_UNSETTIME);
return 0;
}
+11 -11
View File
@@ -31,7 +31,7 @@ CMD_FUNC(issecure);
ModuleHeader MOD_HEADER(issecure)
= {
"chanmodes/issecure",
"4.0",
"4.2",
"Channel Mode +Z",
"3.2-b8-1",
NULL
@@ -43,11 +43,11 @@ Cmode_t EXTCMODE_ISSECURE;
int IsSecureJoin(aChannel *chptr);
int modeZ_is_ok(aClient *sptr, aChannel *chptr, char mode, char *para, int checkt, int what);
DLLFUNC int issecure_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *parv[]);
DLLFUNC int issecure_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment);
DLLFUNC int issecure_quit(aClient *acptr, char *comment);
DLLFUNC int issecure_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment);
DLLFUNC int issecure_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
int issecure_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *parv[]);
int issecure_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment);
int issecure_quit(aClient *acptr, char *comment);
int issecure_kick(aClient *cptr, aClient *sptr, aClient *acptr, aChannel *chptr, char *comment);
int issecure_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
char *modebuf, char *parabuf, time_t sendts, int samode);
@@ -178,7 +178,7 @@ void issecure_set(aChannel *chptr, aClient *sptr, int notice)
* so while they can be written shorter, they would only take longer to execute!
*/
DLLFUNC int issecure_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *parv[])
int issecure_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *parv[])
{
/* Check only if chan already +zZ and the user joining is insecure (no need to count) */
if (IsSecureJoin(chptr) && IsSecureChanIndicated(chptr) && !IsSecureConnect(sptr) && !IsULine(sptr))
@@ -191,7 +191,7 @@ DLLFUNC int issecure_join(aClient *cptr, aClient *sptr, aChannel *chptr, char *p
return 0;
}
DLLFUNC int issecure_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment)
int issecure_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *comment)
{
/* Only care if chan is +z-Z and the user leaving is insecure, then count */
if (IsSecureJoin(chptr) && !IsSecureChanIndicated(chptr) && !IsSecureConnect(sptr) &&
@@ -200,7 +200,7 @@ DLLFUNC int issecure_part(aClient *cptr, aClient *sptr, aChannel *chptr, char *c
return 0;
}
DLLFUNC int issecure_quit(aClient *sptr, char *comment)
int issecure_quit(aClient *sptr, char *comment)
{
Membership *membership;
aChannel *chptr;
@@ -216,7 +216,7 @@ aChannel *chptr;
return 0;
}
DLLFUNC int issecure_kick(aClient *cptr, aClient *sptr, aClient *victim, aChannel *chptr, char *comment)
int issecure_kick(aClient *cptr, aClient *sptr, aClient *victim, aChannel *chptr, char *comment)
{
/* Identical to part&quit, except we care about 'victim' and not 'sptr' */
if (IsSecureJoin(chptr) && !IsSecureChanIndicated(chptr) &&
@@ -225,7 +225,7 @@ DLLFUNC int issecure_kick(aClient *cptr, aClient *sptr, aClient *victim, aChanne
return 0;
}
DLLFUNC int issecure_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
int issecure_chanmode(aClient *cptr, aClient *sptr, aChannel *chptr,
char *modebuf, char *parabuf, time_t sendts, int samode)
{
if (!strchr(modebuf, 'z'))
+2 -2
View File
@@ -9,7 +9,7 @@
ModuleHeader MOD_HEADER(link)
= {
"chanmodes/link",
"4.0",
"4.2",
"Channel Mode +L",
"3.2-b8-1",
NULL,
@@ -107,7 +107,7 @@ int cmodeL_is_ok(aClient *sptr, aChannel *chptr, char mode, char *para, int type
return EX_ALLOW;
}
/* falltrough -- should not be used */
/* fallthrough -- should not be used */
return EX_DENY;
}
+7 -7
View File
@@ -24,7 +24,7 @@ CMD_FUNC(nocolor);
ModuleHeader MOD_HEADER(nocolor)
= {
"chanmodes/nocolor",
"4.0",
"4.2",
"Channel Mode +c",
"3.2-b8-1",
NULL
@@ -34,9 +34,9 @@ Cmode_t EXTCMODE_NOCOLOR;
#define IsNoColor(chptr) (chptr->mode.extmode & EXTCMODE_NOCOLOR)
DLLFUNC char *nocolor_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
DLLFUNC char *nocolor_prelocalpart(aClient *sptr, aChannel *chptr, char *comment);
DLLFUNC char *nocolor_prelocalquit(aClient *sptr, char *comment);
char *nocolor_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
char *nocolor_prelocalpart(aClient *sptr, aChannel *chptr, char *comment);
char *nocolor_prelocalquit(aClient *sptr, char *comment);
MOD_TEST(nocolor)
{
@@ -84,7 +84,7 @@ static int IsUsingColor(char *s)
return 0;
}
DLLFUNC char *nocolor_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
char *nocolor_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
{
Hook *h;
int i;
@@ -112,7 +112,7 @@ DLLFUNC char *nocolor_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int
return text;
}
DLLFUNC char *nocolor_prelocalpart(aClient *sptr, aChannel *chptr, char *comment)
char *nocolor_prelocalpart(aClient *sptr, aChannel *chptr, char *comment)
{
if (!comment)
return NULL;
@@ -134,7 +134,7 @@ static int IsAnyChannelNoColor(aClient *sptr)
return 0;
}
DLLFUNC char *nocolor_prelocalquit(aClient *sptr, char *comment)
char *nocolor_prelocalquit(aClient *sptr, char *comment)
{
if (!comment)
return NULL;
+3 -3
View File
@@ -24,7 +24,7 @@ CMD_FUNC(noctcp);
ModuleHeader MOD_HEADER(noctcp)
= {
"chanmodes/noctcp",
"4.0",
"4.2",
"Channel Mode +C",
"3.2-b8-1",
NULL
@@ -34,7 +34,7 @@ Cmode_t EXTCMODE_NOCTCP;
#define IsNoCTCP(chptr) (chptr->mode.extmode & EXTCMODE_NOCTCP)
DLLFUNC char *noctcp_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
char *noctcp_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice);
MOD_TEST(noctcp)
{
@@ -78,7 +78,7 @@ static int IsACTCP(char *s)
return 0;
}
DLLFUNC char *noctcp_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
char *noctcp_prechanmsg(aClient *sptr, aChannel *chptr, char *text, int notice)
{
if (MyClient(sptr) && IsNoCTCP(chptr) && IsACTCP(text))
{
+6 -6
View File
@@ -24,7 +24,7 @@ CMD_FUNC(noinvite);
ModuleHeader MOD_HEADER(noinvite)
= {
"chanmodes/noinvite",
"4.0",
"4.2",
"Channel Mode +V",
"3.2-b8-1",
NULL
@@ -34,8 +34,8 @@ Cmode_t EXTCMODE_NOINVITE;
#define IsNoInvite(chptr) (chptr->mode.extmode & EXTCMODE_NOINVITE)
DLLFUNC int noinvite_pre_knock(aClient *sptr, aChannel *chptr);
DLLFUNC int noinvite_pre_invite(aClient *sptr, aClient *acptr, aChannel *chptr, int *override);
int noinvite_pre_knock(aClient *sptr, aChannel *chptr);
int noinvite_pre_invite(aClient *sptr, aClient *acptr, aChannel *chptr, int *override);
MOD_TEST(noinvite)
{
@@ -70,7 +70,7 @@ MOD_UNLOAD(noinvite)
}
DLLFUNC int noinvite_pre_knock(aClient *sptr, aChannel *chptr)
int noinvite_pre_knock(aClient *sptr, aChannel *chptr)
{
if (MyClient(sptr) && IsNoInvite(chptr))
{
@@ -84,11 +84,11 @@ DLLFUNC int noinvite_pre_knock(aClient *sptr, aChannel *chptr)
return HOOK_CONTINUE;
}
DLLFUNC int noinvite_pre_invite(aClient *sptr, aClient *acptr, aChannel *chptr, int *override)
int noinvite_pre_invite(aClient *sptr, aClient *acptr, aChannel *chptr, int *override)
{
if (MyClient(sptr) && IsNoInvite(chptr))
{
if (ValidatePermissionsForPath("override:invite:nopermissions",sptr,NULL,chptr,NULL) && sptr == acptr)
if (ValidatePermissionsForPath("channel:override:invite:noinvite",sptr,NULL,chptr,NULL) && sptr == acptr)
{
*override = 1;
} else {
+1 -1
View File
@@ -23,7 +23,7 @@
ModuleHeader MOD_HEADER(nokick)
= {
"chanmodes/nokick",
"4.0",
"4.2",
"Channel Mode +Q",
"3.2-b8-1",
NULL
+7 -7
View File
@@ -22,7 +22,7 @@
ModuleHeader MOD_HEADER(noknock)
= {
"chanmodes/noknock",
"4.0",
"4.2",
"Channel Mode +K",
"3.2-b8-1",
NULL
@@ -32,9 +32,9 @@ Cmode_t EXTCMODE_NOKNOCK;
#define IsNoKnock(chptr) (chptr->mode.extmode & EXTCMODE_NOKNOCK)
DLLFUNC int noknock_check (aClient *sptr, aChannel *chptr);
DLLFUNC int noknock_mode_allow(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
DLLFUNC int noknock_mode_del (aChannel *chptr, int modeChar);
int noknock_check (aClient *sptr, aChannel *chptr);
int noknock_mode_allow(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
int noknock_mode_del (aChannel *chptr, int modeChar);
MOD_TEST(noknock)
{
@@ -70,7 +70,7 @@ MOD_UNLOAD(noctcp)
}
DLLFUNC int noknock_check (aClient *sptr, aChannel *chptr)
int noknock_check (aClient *sptr, aChannel *chptr)
{
if (MyClient(sptr) && IsNoKnock(chptr))
{
@@ -83,7 +83,7 @@ DLLFUNC int noknock_check (aClient *sptr, aChannel *chptr)
return HOOK_CONTINUE;
}
DLLFUNC int noknock_mode_del (aChannel *chptr, int modeChar)
int noknock_mode_del (aChannel *chptr, int modeChar)
{
// Remove noknock when we're removing invite only
if (modeChar == 'i')
@@ -92,7 +92,7 @@ DLLFUNC int noknock_mode_del (aChannel *chptr, int modeChar)
return 0;
}
DLLFUNC int noknock_mode_allow(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
int noknock_mode_allow(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
{
if (!(chptr->mode.mode & MODE_INVITEONLY))
+3 -3
View File
@@ -23,7 +23,7 @@
ModuleHeader MOD_HEADER(nonickchange)
= {
"chanmodes/nonickchange",
"4.0",
"4.2",
"Channel Mode +N",
"3.2-b8-1",
NULL
@@ -33,7 +33,7 @@ Cmode_t EXTCMODE_NONICKCHANGE;
#define IsNoNickChange(chptr) (chptr->mode.extmode & EXTCMODE_NONICKCHANGE)
DLLFUNC int nonickchange_check (aClient *sptr, aChannel *chptr);
int nonickchange_check (aClient *sptr, aChannel *chptr);
MOD_TEST(nonickchange)
{
@@ -67,7 +67,7 @@ MOD_UNLOAD(nonickchange)
return MOD_SUCCESS;
}
DLLFUNC int nonickchange_check (aClient *sptr, aChannel *chptr)
int nonickchange_check (aClient *sptr, aChannel *chptr)
{
if (!IsOper(sptr) && !IsULine(sptr)
&& IsNoNickChange(chptr)
+1 -1
View File
@@ -22,7 +22,7 @@
ModuleHeader MOD_HEADER(nonotice)
= {
"chanmodes/nonotice",
"4.0",
"4.2",
"Channel Mode +T",
"3.2-b8-1",
NULL
+15 -14
View File
@@ -24,7 +24,7 @@ CMD_FUNC(operonly);
ModuleHeader MOD_HEADER(operonly)
= {
"chanmodes/operonly",
"4.0",
"4.2",
"Channel Mode +O",
"3.2-b8-1",
NULL
@@ -32,10 +32,10 @@ ModuleHeader MOD_HEADER(operonly)
Cmode_t EXTCMODE_OPERONLY;
DLLFUNC int operonly_require_oper(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
DLLFUNC int operonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[]);
DLLFUNC int operonly_topic_allow (aClient *sptr, aChannel *chptr);
DLLFUNC int operonly_check_ban(aClient *cptr, aChannel *chptr);
int operonly_require_oper(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what);
int operonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[]);
int operonly_topic_allow (aClient *sptr, aChannel *chptr);
int operonly_check_ban(aClient *cptr, aChannel *chptr);
MOD_TEST(operonly)
{
@@ -71,23 +71,23 @@ MOD_UNLOAD(noctcp)
return MOD_SUCCESS;
}
DLLFUNC int operonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[])
int operonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[])
{
if ((chptr->mode.extmode & EXTCMODE_OPERONLY) && !ValidatePermissionsForPath("channel:operonly",cptr,NULL,chptr,NULL))
if ((chptr->mode.extmode & EXTCMODE_OPERONLY) && !ValidatePermissionsForPath("channel:operonly:join",cptr,NULL,chptr,NULL))
return ERR_OPERONLY;
return 0;
}
DLLFUNC int operonly_check_ban(aClient *cptr, aChannel *chptr)
int operonly_check_ban(aClient *cptr, aChannel *chptr)
{
if ((chptr->mode.extmode & EXTCMODE_OPERONLY) &&
!ValidatePermissionsForPath("override:ban:operonly",cptr,NULL,NULL,NULL))
!ValidatePermissionsForPath("channel:operonly:ban",cptr,NULL,NULL,NULL))
return HOOK_DENY;
return HOOK_CONTINUE;
}
DLLFUNC int operonly_topic_allow (aClient *sptr, aChannel *chptr)
int operonly_topic_allow (aClient *sptr, aChannel *chptr)
{
if (chptr->mode.extmode & EXTCMODE_OPERONLY && !ValidatePermissionsForPath("channel:operonly:topic",sptr,NULL,chptr,NULL))
return HOOK_DENY;
@@ -95,14 +95,15 @@ DLLFUNC int operonly_topic_allow (aClient *sptr, aChannel *chptr)
return HOOK_CONTINUE;
}
DLLFUNC int operonly_require_oper(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
int operonly_require_oper(aClient *cptr, aChannel *chptr, char mode, char *para, int checkt, int what)
{
if (!MyClient(cptr) || ValidatePermissionsForPath("channel:operonly",cptr,NULL,chptr,NULL))
if (!MyClient(cptr) || ValidatePermissionsForPath("channel:operonly:set",cptr,NULL,chptr,NULL))
return EX_ALLOW;
if (checkt == EXCHK_ACCESS_ERR)
sendto_one(cptr, err_str(ERR_CANNOTCHANGECHANMODE),
me.name, cptr->name, 'O', "You are not an IRC operator");
sendto_one(cptr, err_str(ERR_CANNOTCHANGECHANMODE),
me.name, cptr->name, 'O', "You are not an IRC operator");
return EX_DENY;
}
+4 -2
View File
@@ -22,7 +22,7 @@
ModuleHeader MOD_HEADER(permanent)
= {
"chanmodes/permanent",
"4.0",
"4.2",
"Permanent channel mode (+P)",
"3.2-b8-1",
NULL
@@ -42,7 +42,9 @@ static int permanent_is_ok(aClient *cptr, aChannel *chptr, char mode, char *para
{
if (!IsOper(cptr))
{
sendto_one(cptr, err_str(ERR_NOPRIVILEGES), me.name, cptr->name);
if (checkt == EXCHK_ACCESS_ERR)
sendto_one(cptr, err_str(ERR_NOPRIVILEGES), me.name, cptr->name);
return EX_DENY;
}
+3 -3
View File
@@ -23,7 +23,7 @@
ModuleHeader MOD_HEADER(regonly)
= {
"chanmodes/regonly",
"4.0",
"4.2",
"Channel Mode +R",
"3.2-b8-1",
NULL
@@ -33,7 +33,7 @@ Cmode_t EXTCMODE_REGONLY;
#define IsRegOnly(chptr) (chptr->mode.extmode & EXTCMODE_REGONLY)
DLLFUNC int regonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[]);
int regonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[]);
MOD_TEST(regonly)
@@ -68,7 +68,7 @@ MOD_UNLOAD(regonly)
return MOD_SUCCESS;
}
DLLFUNC int regonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[])
int regonly_check (aClient *cptr, aChannel *chptr, char *key, char *parv[])
{
if (IsRegOnly(chptr) && !IsLoggedIn(cptr))
return ERR_NEEDREGGEDNICK;
+7 -7
View File
@@ -23,7 +23,7 @@
ModuleHeader MOD_HEADER(regonlyspeak)
= {
"chanmodes/regonlyspeak",
"4.0",
"4.2",
"Channel Mode +M",
"3.2-b8-1",
NULL
@@ -34,8 +34,8 @@ static char errMsg[2048];
#define IsRegOnlySpeak(chptr) (chptr->mode.extmode & EXTCMODE_REGONLYSPEAK)
DLLFUNC int regonlyspeak_can_send (aClient* cptr, aChannel *chptr, char* message, Membership* lp, int notice);
DLLFUNC char * regonlyspeak_part_message (aClient* sptr, aChannel *chptr, char* comment);
int regonlyspeak_can_send (aClient* cptr, aChannel *chptr, char* message, Membership* lp, int notice);
char * regonlyspeak_part_message (aClient* sptr, aChannel *chptr, char* comment);
MOD_TEST(regonlyspeak)
{
@@ -70,23 +70,23 @@ MOD_UNLOAD(regonlyspeak)
return MOD_SUCCESS;
}
DLLFUNC char *regonlyspeak_part_message (aClient *sptr, aChannel *chptr, char *comment)
char *regonlyspeak_part_message (aClient *sptr, aChannel *chptr, char *comment)
{
if (!comment)
return NULL;
if (IsRegOnlySpeak(chptr) && !IsLoggedIn(sptr) && !ValidatePermissionsForPath("immune:regonly",sptr,NULL,NULL,NULL))
if (IsRegOnlySpeak(chptr) && !IsLoggedIn(sptr) && !ValidatePermissionsForPath("channel:override:message:regonlyspeak",sptr,NULL,NULL,NULL))
return NULL;
return comment;
}
DLLFUNC int regonlyspeak_can_send (aClient *cptr, aChannel *chptr, char *message, Membership *lp, int notice)
int regonlyspeak_can_send (aClient *cptr, aChannel *chptr, char *message, Membership *lp, int notice)
{
Hook *h;
int i;
if (IsRegOnlySpeak(chptr) && !op_can_override("override:message:regonlyspeak",cptr,chptr,NULL) && !IsLoggedIn(cptr) &&
if (IsRegOnlySpeak(chptr) && !op_can_override("channel:override:message:regonlyspeak",cptr,chptr,NULL) && !IsLoggedIn(cptr) &&
(!lp
|| !(lp->flags & (CHFL_CHANOP | CHFL_VOICE | CHFL_CHANOWNER |
CHFL_HALFOP | CHFL_CHANPROT))))
+14 -14
View File
@@ -22,7 +22,7 @@
ModuleHeader MOD_HEADER(sslonly)
= {
"chanmodes/sslonly",
"4.0",
"4.2",
"Channel Mode +z",
"3.2-b8-1",
NULL
@@ -34,7 +34,7 @@ Cmode_t EXTCMODE_SSLONLY;
int secureonly_check_join(aClient *sptr, aChannel *chptr, char *key, char *parv[]);
void secureonly_channel_sync (aChannel* chptr, int merge, int removetheirs, int nomode);
int secureonly_check_send(aClient *acptr, aChannel* chptr);
int secureonly_send_channel(aClient *acptr, aChannel* chptr);
int secureonly_check_secure(aChannel* chptr);
int secureonly_check_sajoin(aClient *acptr, aChannel* chptr, aClient *sptr);
int secureonly_specialcheck(aClient *sptr, aChannel *chptr, char *parv[]);
@@ -58,7 +58,7 @@ MOD_INIT(sslonly)
HookAdd(modinfo->handle, HOOKTYPE_CAN_JOIN, 0, secureonly_check_join);
HookAddVoid(modinfo->handle, HOOKTYPE_CHANNEL_SYNCED, 0, secureonly_channel_sync);
HookAdd(modinfo->handle, HOOKTYPE_IS_CHANNEL_SECURE, 0, secureonly_check_secure);
HookAdd(modinfo->handle, HOOKTYPE_CAN_SEND_SECURE, 0, secureonly_check_send);
HookAdd(modinfo->handle, HOOKTYPE_SEND_CHANNEL, 0, secureonly_send_channel);
HookAdd(modinfo->handle, HOOKTYPE_CAN_SAJOIN, 0, secureonly_check_sajoin);
@@ -119,18 +119,18 @@ int secureonly_check_join(aClient *sptr, aChannel *chptr, char *key, char *parv[
Link *lp;
if (IsSecureOnly(chptr) && !(sptr->umodes & UMODE_SECURE))
{
if (ValidatePermissionsForPath("channel:override:secureonly",sptr,NULL,chptr,NULL))
{
if (ValidatePermissionsForPath("immune:secureonly",sptr,NULL,chptr,NULL))
{
/* if the channel is +z we still allow an ircop to bypass it
* if they are invited.
*/
for (lp = sptr->user->invited; lp; lp = lp->next)
if (lp->value.chptr == chptr)
return HOOK_CONTINUE;
}
return (ERR_SECUREONLYCHAN);
/* if the channel is +z we still allow an ircop to bypass it
* if they are invited.
*/
for (lp = sptr->user->invited; lp; lp = lp->next)
if (lp->value.chptr == chptr)
return HOOK_CONTINUE;
}
return (ERR_SECUREONLYCHAN);
}
return 0;
}
@@ -152,7 +152,7 @@ void secureonly_channel_sync(aChannel *chptr, int merge, int removetheirs, int n
}
}
int secureonly_check_send(aClient *acptr, aChannel *chptr)
int secureonly_send_channel(aClient *acptr, aChannel *chptr)
{
if (IsSecureOnly(chptr))
if (!IsSecure(acptr))

Some files were not shown because too many files have changed in this diff Show More