pegasus/unrealircd
1
0
Fork 0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-06-24 09:56:37 +02:00
Code Activity

Compare commits

base: pegasus/unrealircd:unreal60_dev
Branches Tags
pegasus/unrealircd:unreal60_dev pegasus/unrealircd:unreal52 pegasus/unrealircd:unreal50 pegasus/unrealircd:unreal42 pegasus/unrealircd:unreal40 pegasus/unrealircd:tmcarthur-osx pegasus/unrealircd:master pegasus/unrealircd:unreal33 pegasus/unrealircd:unreal3_2_fixes pegasus/unrealircd:stable pegasus/unrealircd:devel pegasus/unrealircd:c-ares_resolver pegasus/unrealircd:beta pegasus/unrealircd:komara pegasus/unrealircd:u31_chatfirst pegasus/unrealircd:newio pegasus/unrealircd:unrealstorm pegasus/unrealircd:firestorm pegasus/unrealircd:experimentalweirdnes pegasus/unrealircd:unlabeled-1.1.1.1.4 pegasus/unrealircd:unlabeled-1.1.2
..
compare: pegasus/unrealircd:unreal42
Branches Tags
pegasus/unrealircd:unreal60_dev pegasus/unrealircd:unreal52 pegasus/unrealircd:unreal50 pegasus/unrealircd:unreal42 pegasus/unrealircd:unreal40 pegasus/unrealircd:tmcarthur-osx pegasus/unrealircd:master pegasus/unrealircd:unreal33 pegasus/unrealircd:unreal3_2_fixes pegasus/unrealircd:stable pegasus/unrealircd:devel pegasus/unrealircd:c-ares_resolver pegasus/unrealircd:beta pegasus/unrealircd:komara pegasus/unrealircd:u31_chatfirst pegasus/unrealircd:newio pegasus/unrealircd:unrealstorm pegasus/unrealircd:firestorm pegasus/unrealircd:experimentalweirdnes pegasus/unrealircd:unlabeled-1.1.1.1.4 pegasus/unrealircd:unlabeled-1.1.2

15 Commits
unreal60_dev .. unreal42

Author SHA1 Message Date
Bram Matthys 779a427fc7 Updates for new repository name of test framework. 2019-08-18 09:58:24 +02:00
Bram Matthys 6044323d03 Add dot in UNREAL_VERSION_SUFFIX. 2019-07-07 15:39:23 +02:00
Bram Matthys e133b21703 UnrealIRCd 4.2.4.1 2019-07-07 15:05:59 +02:00
Bram Matthys 96ee7083c8 Customizing set::ssl::outdated-protocols and set::ssl::outdated-ciphers 
was not possible since the configuration code was missing.
Reported by HeXiLeD in https://bugs.unrealircd.org/view.php?id=5327
 2019-07-07 14:57:15 +02:00
Bram Matthys 755ef5b052 Debian 10 effectively overrides our set::ssl::protocols settings 
causing UnrealIRCd to only accept SSL/TLS 1.2 and later connections.
We now use SSL_CTX_set_min_proto_version() to set the minimum
protocol version to fix this, only to disable specific SSL/TLS
versions later on via the old API.
It's great that they disabled SSL/TLS <1.2 by default and we have
already been considering doing the same in 2020, laying the
groundwork via set::ssl::outdated-protocols in February 2019.
However, such a chance is unexpected during UnrealIRCd 4.x.
 2019-07-07 10:41:55 +02:00
Bram Matthys 8babe4db3f UnrealIRCd 4.2.4 2019-06-30 08:22:15 +02:00
Bram Matthys 58f8943069 More Windows fixes/workarounds.. 2019-06-30 08:10:17 +02:00
Bram Matthys 332135e5b3 Change set::ident::read-timeout from 30 to 15 seconds since otherwise 
it exceeds set::handshake-timeout which would be very unfortunate for
those (few) poor users that are affected by this.
 2019-06-29 18:49:36 +02:00
Bram Matthys eae47eac5f Fix bug where the Windows version only accepts very few clients. 2019-06-29 17:20:06 +02:00
Bram Matthys 12e1faf417 Fix m_sinfo not marked as an official module. 2019-06-29 16:26:01 +02:00
Bram Matthys f8de9ec78e Windows: duh, update version number there too. 2019-06-29 16:11:17 +02:00
Bram Matthys dc9880ce1e * The Windows version should warn and not error if using old-style regex. 2019-06-29 15:56:53 +02:00
Bram Matthys ac94ef3c85 Preparations for UnrealIRCd 4.2.4 2019-06-29 15:53:40 +02:00
Bram Matthys ce38423b42 Silently force a 'make clean' as otherwise part (or whole) of the 
compiled source could be using different settings than the user
just requested when re-running ./Config.
 2019-06-16 10:15:57 +02:00
Bram Matthys 06df7cba70 Add new ./configure option (last question at ./Config): --enable-asan 
This will enable AddressSanitizer which can be used to catch bugs.
It's only meant for (3rd party module) developers or if you are having
crash issues. On production servers it is not recommended, as it
consumes 3-4 times more memory and incurs a slowdown of about x2.
 2019-05-12 15:30:00 +02:00
594 changed files with 94944 additions and 162669 deletions
Expand all files Collapse all files
.CHANGES.NEW
+20
View File
@@ -0,0 +1,20 @@
_ _ _ ___________ _____ _
| | | | | |_ _| ___ \/ __ \ | |
| | | |_ __ _ __ ___ __ _| | | | | |_/ /| / \/ __| |
| | | | '_ \| '__/ _ \/ _ | | | | | / | | / _ |
| |_| | | | | | | __/ (_| | |_| |_| |\ \ | \__/\ (_| |
\___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_|
Configuration Program
for UnrealIRCd 4.2.4.1
This program will help you to compile your IRC server, and ask you
questions regarding the compile-time settings of it during the process.
regarding the setup of it, during the process.
A short installation guide is available online at:
https://www.unrealircd.org/docs/Installing_from_source
Full documentation is available at:
https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
.github/FUNDING.yml
-2
View File
@@ -1,2 +0,0 @@
github: [syzop]
patreon: UnrealIRCd
.github/workflows/linux-ci.yml
-59
View File
@@ -1,59 +0,0 @@
name: Linux CI
on:
push:
branches: ["unreal60_dev"]
pull_request:
branches: ["unreal60_dev"]
permissions:
contents: read
packages: read
env:
NOSERVICES: 1
RUNTESTFLAGS: "-slightlyfast"
jobs:
build:
runs-on: ubuntu-latest
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
compiler:
- { c: gcc, cpp: g++ }
- { c: clang, cpp: clang++ }
env:
CC: ${{ matrix.compiler.c }}
CXX: ${{ matrix.compiler.cpp }}
steps:
- name: Checkout
#uses: actions/checkout@v4
#no, pin to v4.2.2 for security reasons:
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
#and we don't need the credentials later..
with:
persist-credentials: false
fetch-depth: 1
- name: Install dependencies
run: |
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get update
sudo apt-get install -y --no-install-recommends \
build-essential pkg-config libssl-dev libpcre2-dev libargon2-dev \
libsodium-dev libc-ares-dev libcurl4-openssl-dev libjansson-dev
- name: Install python dependencies
run: |
python -m pip install --break-system-packages pyasyncore pyasynchat
- name: Build
run: extras/build-tests/nix/build
- name: Run tests
run: extras/build-tests/nix/run-tests
.gitignore
+4 -23
View File
@@ -6,9 +6,12 @@ conftest.*
config.settings
extras/pcre2*
extras/c-ares*
extras/regexp*
config.status
extras/tre*
extras/ircdcron/ircd.cron
extras/ircdcron/ircdchk
src/modules/snomasks/Makefile
src/modules/chanmodes/Makefile
src/modules/extbans/Makefile
src/modules/usermodes/Makefile
@@ -30,11 +33,10 @@ tags
server.cert.pem
server.key.pem
server.req.pem
tls.rnd
ssl.rnd
# Ignores for platform stuff
.DS_Store
[D|d]esktop.ini
# Ignores for build artifacts
*.so
@@ -45,24 +47,6 @@ src/ircd
src/version.c
src/include
# Ignores for windows stuff
## Binaries
*.dll
*.exe
*.map
*.pdb
*.lib
## Build artifacts
*.obj
*.exp
*.ilk
*.res
##Other
*.tmp
UnrealIRCd.def*
*.nativecodeanalysis.xml
# Ignores for mac stuff
## Various settings
*.pbxuser
@@ -88,6 +72,3 @@ xcuserdata
src/macosx/build/
DerivedData
src/macosx/pods/
# Doxygen generated files
doc/doxygen/
.gitmodules
+6
View File
@@ -0,0 +1,6 @@
[submodule "extras/tests/ircfly"]
path = extras/tests/ircfly
url = https://github.com/unrealircd/ircfly.git
[submodule "extras/tests/functional-tests"]
path = extras/tests/functional-tests
url = https://github.com/unrealircd/unrealircd-tests-old.git
.travis.yml
+28
View File
@@ -0,0 +1,28 @@
language: c
os: linux
dist: xenial
compiler:
- clang
- gcc
script: extras/build-tests/nix/build $BUILDCONFIG
env:
- BUILDCONFIG=""
- BUILDCONFIG="system-cares"
- BUILDCONFIG="system-cares system-curl"
- BUILDCONFIG="local-curl"
matrix:
include:
- os: osx
env: BUILDCONFIG=""
- os: osx
env: BUILDCONFIG="system-cares"
- os: osx
env: BUILDCONFIG="system-cares system-curl"
- os: osx
env: BUILDCONFIG="local-curl"
- env: BUILDCONFIG="libressl-27"
- env: BUILDCONFIG="libressl-28"
- env: BUILDCONFIG="libressl-29"
- env: BUILDCONFIG="openssl-102"
- env: BUILDCONFIG="openssl-110"
- env: BUILDCONFIG="openssl-111"
BSDmakefile
-4
View File
@@ -1,4 +0,0 @@
.DONE:
@echo "Please use GNU Make (gmake) to build UnrealIRCd"
.DEFAULT:
@echo "Please use GNU Make (gmake) to build UnrealIRCd"
CONTRIBUTING.md
-5
View File
@@ -1,5 +0,0 @@
Help out and make UnrealIRCd a better product!
You can do so by reporting issues, testing, programming, documenting,
translating, helping others, and more.
See https://www.unrealircd.org/docs/Contributing
Config
+549 -544
View File
File diff suppressed because it is too large Load Diff
Makefile.in
+98 -85
View File
@@ -34,11 +34,11 @@ FROMDOS=/home/cmunk/bin/4dos
#
#XCFLAGS=-O -g -export-dynamic
IRCDLIBS=@IRCDLIBS@ @PCRE2_LIBS@ @ARGON2_LIBS@ @CARES_LIBS@ @SODIUM_LIBS@ @JANSSON_LIBS@ @PTHREAD_LIBS@
IRCDLIBS=@IRCDLIBS@ @TRE_LIBS@ @PCRE2_LIBS@ @ARGON2_LIBS@ @CARES_LIBS@ @PTHREAD_LIBS@
CRYPTOLIB=@CRYPTOLIB@
OPENSSLINCLUDES=
XCFLAGS=@PTHREAD_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @SODIUM_CFLAGS@ @JANSSON_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
XCFLAGS=@PTHREAD_CFLAGS@ @TRE_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @CFLAGS@ @HARDEN_CFLAGS@ @CPPFLAGS@
#
# use the following on MIPS:
#CFLAGS= -systype bsd43 -DSYSTYPE_BSD43 -I$(INCLUDEDIR)
@@ -89,18 +89,27 @@ XCFLAGS=@PTHREAD_CFLAGS@ @PCRE2_CFLAGS@ @ARGON2_CFLAGS@ @CARES_CFLAGS@ @SODIUM_C
# you are not defining CMDLINE_CONFIG
IRCDMODE = 711
# Objects that are optional due to optional libraries:
URL=@URL@
GEOIP_CLASSIC_OBJECTS=@GEOIP_CLASSIC_OBJECTS@
GEOIP_CLASSIC_LIBS=@GEOIP_CLASSIC_LIBS@
GEOIP_CLASSIC_CFLAGS=@GEOIP_CLASSIC_CFLAGS@
# [CHANGEME]
# If you get a link-time error dealing with strtoul, comment out
# this line.
# STRTOUL= strtoul.o
STRTOUL=@STRTOUL@
# [CHANGEME]
# If you get crashes around a specific number of clients, and that
# client load comes close or a little over the system-defined value of
# FD_SETSIZE, override it here and see what happens. You may override
# the system FD_SETSIZE by setting the FD_SETSIZE Makefile variable to
# -DFD_SETSIZE=<some number>.
FD_SETSIZE=@FD_SETSIZE@
# Where is your openssl binary
OPENSSLPATH=@OPENSSLPATH@
CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS)
XLDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@ @LDFLAGS@
LDFLAGS=$(XLDFLAGS)
CFLAGS=-I$(INCLUDEDIR) $(XCFLAGS) $(FD_SETSIZE)
LDFLAGS=@LDFLAGS_PRIVATELIBS@ @HARDEN_LDFLAGS@
SHELL=/bin/sh
SUBDIRS=src
@@ -117,13 +126,10 @@ MAKEARGS = 'CFLAGS=${CFLAGS}' 'CC=${CC}' 'IRCDLIBS=${IRCDLIBS}' \
'RES=${RES}' 'BINDIR=${BINDIR}' 'INSTALL=${INSTALL}' \
'INCLUDEDIR=${INCLUDEDIR}' \
'RM=${RM}' 'CP=${CP}' 'TOUCH=${TOUCH}' \
'SHELL=${SHELL}' \
'SHELL=${SHELL}' 'STRTOUL=${STRTOUL}' \
'CRYPTOLIB=${CRYPTOLIB}' \
'CRYPTOINCLUDES=${CRYPTOINCLUDES}' \
'URL=${URL}' \
'GEOIP_CLASSIC_OBJECTS=${GEOIP_CLASSIC_OBJECTS}' \
'GEOIP_CLASSIC_LIBS=${GEOIP_CLASSIC_LIBS}' \
'GEOIP_CLASSIC_CFLAGS=${GEOIP_CLASSIC_CFLAGS}'
'URL=${URL}'
custommodule:
@if test -z "${MODULEFILE}"; then echo "Please set MODULEFILE when calling \`\`make custommodule''. For example, \`\`make custommodule MODULEFILE=callerid''." >&2; exit 1; fi
@@ -142,7 +148,7 @@ build: Makefile
done
@echo ''
@echo '* UnrealIRCd compiled successfully'
@echo '* YOU ARE NOT DONE YET! Run "${MAKE} install" to install UnrealIRCd !'
@echo '* YOU ARE NOT DONE YET! Run "make install" to install UnrealIRCd !'
@echo ''
clean:
@@ -159,7 +165,7 @@ cleandir: clean
rm -rf include/setup.h Makefile Settings
distclean: cleandir
rm -rf extras/*.bak extras/*.tar extras/c-ares
rm -rf extras/*.bak extras/regexp extras/*.tar extras/c-ares
rm -rf extras/c-ares-* extras/tre-*
rm -rf config.log config.settings *.pem ircd.* unrealircd
rm -rf Makefile config.status
@@ -171,72 +177,58 @@ depend:
done
install: all
$(INSTALL) -m 0700 -d $(DESTDIR)@BINDIR@
$(INSTALL) -m 0700 src/ircd $(DESTDIR)@BINDIR@/unrealircd
$(INSTALL) -m 0700 src/unrealircdctl $(DESTDIR)@BINDIR@/unrealircdctl
$(INSTALL) -m 0700 extras/unrealircd-upgrade-script $(DESTDIR)@BINDIR@/unrealircd-upgrade-script
$(INSTALL) -m 0700 -d $(DESTDIR)@DOCDIR@
$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc doc/KEYS doc/RELEASE-NOTES.md $(DESTDIR)@DOCDIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@
$(INSTALL) -m 0600 doc/conf/*.default.conf $(DESTDIR)@CONFDIR@
$(INSTALL) -m 0600 doc/conf/*.optional.conf $(DESTDIR)@CONFDIR@
-@if [ ! -f "$(DESTDIR)@CONFDIR@/modules.sources.list" ] ; then \
$(INSTALL) -m 0600 doc/conf/modules.sources.list $(DESTDIR)@CONFDIR@ ; \
$(INSTALL) -m 0700 -d @BINDIR@
$(INSTALL) -m 0700 src/ircd @BINDIR@/unrealircd
$(INSTALL) -m 0700 -d @DOCDIR@
$(INSTALL) -m 0600 doc/Authors doc/coding-guidelines doc/tao.of.irc @DOCDIR@
$(INSTALL) -m 0700 -d @CONFDIR@
$(INSTALL) -m 0600 doc/conf/*.default.conf @CONFDIR@
$(INSTALL) -m 0600 doc/conf/*.optional.conf @CONFDIR@
-@if [ ! -f "@CONFDIR@/spamfilter.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/spamfilter.conf @CONFDIR@ ; \
fi
-@if [ ! -f "$(DESTDIR)@CONFDIR@/spamfilter.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/spamfilter.conf $(DESTDIR)@CONFDIR@ ; \
-@extras/patches/patch_spamfilter_conf "@CONFDIR@"
-@if [ ! -f "@CONFDIR@/badwords.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/badwords.conf @CONFDIR@ ; \
fi
-@extras/patches/patch_spamfilter_conf "$(DESTDIR)@CONFDIR@"
-@if [ ! -f "$(DESTDIR)@CONFDIR@/badwords.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/badwords.conf $(DESTDIR)@CONFDIR@ ; \
-@if [ ! -f "@CONFDIR@/dccallow.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/dccallow.conf @CONFDIR@ ; \
fi
-@if [ ! -f "$(DESTDIR)@CONFDIR@/dccallow.conf" ] ; then \
$(INSTALL) -m 0600 doc/conf/dccallow.conf $(DESTDIR)@CONFDIR@ ; \
$(INSTALL) -m 0700 -d @CONFDIR@/aliases
$(INSTALL) -m 0600 doc/conf/aliases/*.conf @CONFDIR@/aliases
$(INSTALL) -m 0700 -d @CONFDIR@/help
$(INSTALL) -m 0600 doc/conf/help/*.conf @CONFDIR@/help
$(INSTALL) -m 0700 -d @CONFDIR@/examples
$(INSTALL) -m 0600 doc/conf/examples/*.conf @CONFDIR@/examples
$(INSTALL) -m 0700 -d @CONFDIR@/ssl
$(INSTALL) -m 0600 doc/conf/ssl/curl-ca-bundle.crt @CONFDIR@/ssl
$(INSTALL) -m 0700 unrealircd @SCRIPTDIR@
$(INSTALL) -m 0700 -d @MODULESDIR@
$(INSTALL) -m 0700 src/modules/*.so @MODULESDIR@
$(INSTALL) -m 0700 -d @MODULESDIR@/usermodes
$(INSTALL) -m 0700 src/modules/usermodes/*.so @MODULESDIR@/usermodes
$(INSTALL) -m 0700 -d @MODULESDIR@/chanmodes
$(INSTALL) -m 0700 src/modules/chanmodes/*.so @MODULESDIR@/chanmodes
$(INSTALL) -m 0700 -d @MODULESDIR@/snomasks
$(INSTALL) -m 0700 src/modules/snomasks/*.so @MODULESDIR@/snomasks
$(INSTALL) -m 0700 -d @MODULESDIR@/extbans
$(INSTALL) -m 0700 src/modules/extbans/*.so @MODULESDIR@/extbans
$(INSTALL) -m 0700 -d @MODULESDIR@/cap
$(INSTALL) -m 0700 src/modules/cap/*.so @MODULESDIR@/cap
$(INSTALL) -m 0700 -d @MODULESDIR@/third
@#Ugly stuff to detect 0 files in this directory:
@+for f in src/modules/third/*.so; do \
[ -e $f ] && $(INSTALL) -m 0700 src/modules/third/*.so @MODULESDIR@/third || echo; \
done
$(INSTALL) -m 0700 -d @TMPDIR@
$(INSTALL) -m 0700 -d @CACHEDIR@
$(INSTALL) -m 0700 -d @PERMDATADIR@
$(INSTALL) -m 0700 -d @LOGDIR@
-@if [ ! -f "@CONFDIR@/ssl/server.cert.pem" ] ; then \
$(INSTALL) -m 0600 server.req.pem @CONFDIR@/ssl ; \
$(INSTALL) -m 0600 server.key.pem @CONFDIR@/ssl ; \
$(INSTALL) -m 0600 server.cert.pem @CONFDIR@/ssl ; \
fi
$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/aliases
$(INSTALL) -m 0600 doc/conf/aliases/*.conf $(DESTDIR)@CONFDIR@/aliases
$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/help
$(INSTALL) -m 0600 doc/conf/help/*.conf $(DESTDIR)@CONFDIR@/help
$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/examples
$(INSTALL) -m 0600 doc/conf/examples/*.conf $(DESTDIR)@CONFDIR@/examples
$(INSTALL) -m 0700 unrealircd $(DESTDIR)@SCRIPTDIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@
@rm -f $(DESTDIR)@MODULESDIR@/*.so 1>/dev/null 2>&1
$(INSTALL) -m 0700 src/modules/*.so $(DESTDIR)@MODULESDIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/usermodes
@rm -f $(DESTDIR)@MODULESDIR@/usermodes/*.so 1>/dev/null 2>&1
$(INSTALL) -m 0700 src/modules/usermodes/*.so $(DESTDIR)@MODULESDIR@/usermodes
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/chanmodes
@rm -f $(DESTDIR)@MODULESDIR@/chanmodes/*.so 1>/dev/null 2>&1
$(INSTALL) -m 0700 src/modules/chanmodes/*.so $(DESTDIR)@MODULESDIR@/chanmodes
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/extbans
@rm -f $(DESTDIR)@MODULESDIR@/extbans/*.so 1>/dev/null 2>&1
$(INSTALL) -m 0700 src/modules/extbans/*.so $(DESTDIR)@MODULESDIR@/extbans
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/rpc
@rm -f $(DESTDIR)@MODULESDIR@/rpc/*.so 1>/dev/null 2>&1
$(INSTALL) -m 0700 src/modules/rpc/*.so $(DESTDIR)@MODULESDIR@/rpc
@#If the conf/ssl directory exists then rename it here to conf/tls
@#and add a symlink for backwards compatibility (so that f.e. certbot
@#doesn't randomly fail after an upgrade to U5).
-@if [ -d "$(DESTDIR)@CONFDIR@/ssl" ] ; then \
mv "$(DESTDIR)@CONFDIR@/ssl" "$(DESTDIR)@CONFDIR@/tls" ; \
ln -s "$(DESTDIR)@CONFDIR@/tls" "$(DESTDIR)@CONFDIR@/ssl" ; \
fi
$(INSTALL) -m 0700 -d $(DESTDIR)@CONFDIR@/tls
$(INSTALL) -m 0600 doc/conf/tls/curl-ca-bundle.crt $(DESTDIR)@CONFDIR@/tls
$(INSTALL) -m 0600 doc/conf/tls/tls.cnf $(DESTDIR)@CONFDIR@/tls
@# delete modules/cap directory, to avoid confusing with U4 to U5 upgrades:
rm -rf $(DESTDIR)@MODULESDIR@/cap
$(INSTALL) -m 0700 -d $(DESTDIR)@MODULESDIR@/third
@rm -f $(DESTDIR)@MODULESDIR@/third/*.so 1>/dev/null 2>&1
@#This step can fail with zero files, so we ignore exit status:
-$(INSTALL) -m 0700 src/modules/third/*.so $(DESTDIR)@MODULESDIR@/third
$(INSTALL) -m 0700 -d $(DESTDIR)@TMPDIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@CACHEDIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@PERMDATADIR@
$(INSTALL) -m 0700 -d $(DESTDIR)@LOGDIR@
@rm -f $(DESTDIR)@SCRIPTDIR@/source
ln -s @BUILDDIR@ $(DESTDIR)@SCRIPTDIR@/source
@echo ''
@echo '* UnrealIRCd is now installed.'
@@ -255,18 +247,39 @@ install: all
@echo '* Consult the documentation online at:'
@echo ' * https://www.unrealircd.org/docs/'
@echo ' * https://www.unrealircd.org/docs/FAQ'
@echo ''
@echo '* To ensure UnrealIRCd automatically starts on system startup:'
@echo ' * Install a cron job: https://www.unrealircd.org/docs/Cron_job'
@echo ' * Or, use systemd: https://www.unrealircd.org/docs/Using_systemd_with_UnrealIRCd'
@echo '* You may also wish to install a cron job to ensure UnrealIRCd is always running:'
@echo ' * https://www.unrealircd.org/docs/Cron_job'
@echo ''
-@if [ "@SCRIPTDIR@/bin" = "@BINDIR@" ] ; then \
echo 'Again, be sure to change to the @SCRIPTDIR@ directory!' ; \
fi
pem:
@echo "The command 'make pem' is no longer used to generate the TLS certificate."
@echo "Please run './unrealircd mkcert' instead."
### TODO: all the stuff below ;) ###
pem: src/ssl.cnf
@echo "Generating certificate request .. "
$(OPENSSLPATH) req -new \
-config src/ssl.cnf -sha256 -out server.req.pem \
-keyout server.key.pem -nodes
@echo "Generating self-signed certificate .. "
$(OPENSSLPATH) req -x509 -days 3650 -sha256 -in server.req.pem \
-key server.key.pem -out server.cert.pem
@echo "Generating fingerprint .."
$(OPENSSLPATH) x509 -subject -dates -sha256 -fingerprint -noout \
-in server.cert.pem
@echo "Setting o-rwx & g-rwx for files... "
chmod o-rwx server.req.pem server.key.pem server.cert.pem
chmod g-rwx server.req.pem server.key.pem server.cert.pem
@echo "Done!. If you want to encrypt the private key, run"
@echo "make encpem"
encpem: server.key.pem
@echo "Encrypting server key .."
$(OPENSSLPATH) rsa -in server.key.pem -out server.key.c.pem -des3
-@if [ -f server.key.c.pem ] ; then \
echo "Replacing unencrypted with encrypted .." ; \
cp server.key.c.pem server.key.pem ; \
rm -f server.key.c.pem ; \
fi
Makefile: config.status Makefile.in
./config.status
Makefile.windows
-1465
View File
File diff suppressed because it is too large Load Diff
README.md
+46 -42
View File
@@ -1,53 +1,57 @@
[![Mastodon Follow](https://img.shields.io/mastodon/follow/110769722108208212?domain=https%3A%2F%2Ffosstodon.org&style=social&label=Follow)](https://fosstodon.org/@unrealircd)
[![Build Status - *NIX](https://travis-ci.org/unrealircd/unrealircd.svg?branch=unreal42)](https://travis-ci.org/unrealircd/unrealircd)
[![Build Status - Windows](https://ci.appveyor.com/api/projects/status/9kgectl2mfyia0s5/branch/unreal42?svg=true)](https://ci.appveyor.com/project/syzop/unrealircd/branch/unreal42)
[![Twitter Follow](https://img.shields.io/twitter/follow/Unreal_IRCd.svg?style=social&label=Follow)](https://twitter.com/Unreal_IRCd)
[![Linux CI](https://github.com/unrealircd/unrealircd/actions/workflows/linux-ci.yml/badge.svg)](https://github.com/unrealircd/unrealircd/actions/workflows/linux-ci.yml)
## About UnrealIRCd
UnrealIRCd is an Open Source IRC Server, serving thousands of networks since 1999.
UnrealIRCd is an Open Source IRC Server, serving thousands of networks since 1999.
It runs on Linux, OS X and Windows and is currently the most widely deployed IRCd
with a [market share of 37%](https://www.ircstats.org/servers). UnrealIRCd is a
highly advanced IRCd with a strong focus on modularity and security. It uses an
advanced and highly configurable configuration file. Other key features include:
full IRCv3 support, SSL/TLS, cloaking, JSON-RPC, advanced anti-flood and anti-spam
systems, GeoIP, remote includes, and lots of [other features](https://www.unrealircd.org/docs/About_UnrealIRCd).
We are also particularly proud on our extensive online documentation.
## Versions
* UnrealIRCd 6 is the *stable* series since December 2021. It is the only supported version.
* For full details of release scheduling and EOL dates, see
[UnrealIRCd releases](https://www.unrealircd.org/docs/UnrealIRCd_releases) on the wiki
with a market share of over 50%. UnrealIRCd is a highly advanced IRCd with a strong
focus on modularity, an advanced and highly configurable configuration file.
Key features include SSL, cloaking, its advanced anti-flood and anti-spam systems,
swear filtering and module support. We are also particularly proud on our extensive
online documentation.
## How to get started
Follow the installation guide on the wiki. See:
* [Installing from source for *NIX](https://www.unrealircd.org/docs/Installing_from_source)
* [Installation instructions for Windows](https://www.unrealircd.org/docs/Installing_(Windows))
Please consult our excellent online documentation at https://www.unrealircd.org/docs/
when setting up the IRCd!
## Documentation and Support
You can find all **documentation** online at: https://www.unrealircd.org/docs/
### Step 1: Installation
#### Windows
Simply download the UnrealIRCd Windows version from www.unrealircd.org
Alternatively you can compile UnrealIRCd for Windows yourself. However this is not straightforward and thus not recommended.
#### *BSD/Linux/macOS
First you must compile the IRCd:
* Run `./Config`
* Run `make`
* Run `make install`
* Now change to the directory where you installed UnrealIRCd, e.g. `cd /home/xxxx/unrealircd`
### Step 2: Configuration
Configuration files are stored in the conf/ folder by default (eg: /home/xxxx/unrealircd/conf)
#### Create a configuration file
If you are new, then you need to create your own configuration file:
Copy conf/examples/example.conf to conf/ and call it unrealircd.conf.
Then open it in an editor and carefully modify it using the documentation and FAQ as a guide (see below).
### Step 3: Booting
#### Linux/*BSD/macOS
Run `./unrealircd start` in the directory where you installed UnrealIRCd.
#### Windows
Start -> All Programs -> UnrealIRCd -> UnrealIRCd
## Documentation & FAQ
You can find the **documentation** online at: https://www.unrealircd.org/docs/
We also have a good **FAQ**: https://www.unrealircd.org/docs/FAQ
If you are in need of support, you can pop up on [**#unreal-support** on `irc.unrealircd.org`](ircs://irc.unrealircd.org:6697/unreal-support)
or ask your question on the [forums](https://forums.unrealircd.org).
## Supported systems
We try to **support** all major *NIX systems: all Linux distros but also NetBSD, OpenBSD and macOS,
provided the OS version was released within the past ~5 years.
We use a private BuildBot instance to test each commit. The **tested** systems are (others are
likely to work too):
* Linux: Debian (10, 11, 12, 13), Ubuntu (18.04, 20.04, 22.04, 24.04, 26.04)
* FreeBSD: 15
* Windows: 11
UnrealIRCd is architecture-agnostic. Most of the BuildBot workers run on x64 but we
also have some on x86 and arm64 to ensure these work as well.
## Other links ##
* https://www.unrealircd.org - Main website
## Website, support, and other links ##
* https://www.unrealircd.org - Our main website
* https://forums.unrealircd.org - Support
* https://bugs.unrealircd.org - Bug tracker
* https://fosstodon.org/@unrealircd - Mastodon
* https://twitter.com/Unreal_IRCd - Twitter
* [SECURITY.md](https://github.com/unrealircd/unrealircd/blob/unreal60_dev/SECURITY.md#security-policy) - How to report security issues
* [LICENSE](https://github.com/unrealircd/unrealircd/blob/unreal60_dev/LICENSE) - LICENSE: GPLv2 or later
* [Contributing](https://www.unrealircd.org/docs/Contributing) - How to help: report bugs, test, write or translate documentations, ..
* ircs://irc.unrealircd.org:6697/unreal-support - IRC support
SECURITY.md
-70
View File
@@ -1,70 +0,0 @@
# Security Policy
## Supported Versions
* The latest *stable* release of UnrealIRCd 6
See [UnrealIRCd releases](https://www.unrealircd.org/docs/UnrealIRCd_releases)
for information on older versions and End Of Life dates.
## Scope
In general, issues triggered by regular users involving memory safety issues
(such as OOB read/write or UAF), sensitive information disclosure, privilege elevation,
Denial of Service (e.g. a crash), or remote code execution fall within the scope of
this security policy.
Issues that require IRCOp rights, server-to-server traffic, or editing of config
files may still fall within scope, but are classified case by case depending on
the impact and circumstances.
Issues that require shell access as the same user running UnrealIRCd are not
considered security issues. See the
[full policy](https://www.unrealircd.org/docs/Policy:_Handling_of_security_issues)
for details.
## Use of AI or other tools
It is normal and acceptable to use tools for finding security vulnerabilities.
We use them ourselves as well: AI, static code analyzers, fuzzing. This is all fine.
If a tool flagged an issue then we ask only **one extra thing**: that you
**reproduce the issue** on your own local server. So: confirm the issue by
actually running UnrealIRCd with a reproducer (which usually means: by sending
IRC traffic to trigger the bug). This is because tools regularly flag something
as an issue but in practice it may be impossible to happen because of some extra
check somewhere or other requirements.
If you are trying to reproduce an issue, then we suggest running `./Config` and
answering `Yes` to the near-last question about AddressSanitizer (ASan),
especially for memory safety issues. Please include the reproducer and any
relevant ASan output in the bug report. ASan output is useful even if a normal
build does not visibly crash. It helps us a lot.
If you used AI, static code analyzers, fuzzing, or similar tools and fail to
follow the procedure above, expect us to ask you again to reproduce the issue.
If you refuse to do so, don't respond in a timely manner, or keep sending reports
without doing so after we asked, then we will close the bug report. For repeat
offenders, we may proceed with putting you on ignore, banning or deleting your
account, or similar. Giving a reproducer is not a big ask and is normal procedure
nowadays. It should be part of your standard workflow if you are a security
researcher.
## Reporting a Vulnerability
Please report issues on the [bug tracker](https://bugs.unrealircd.org) and in
the bug submit form **set the 'View Status' to 'private'**.
Do not report security issues as a Pull Request, on the forums or in a public
IRC channel such as #unreal-support. If you insist on e-mail then you can use
syzop@unrealircd.org or security@unrealircd.org. Again, the bug tracker is
preferred.
If you found a real issue but are *unsure* if it is a security issue, then
report it at the bug tracker as a 'private' bug anyway. Better safe than sorry.
Do not ask around in public channels or forums.
You should get a response or at least an acknowledgement soon. If you don't hear
back within 24 hours, then please try to contact us again.
## Full policy
See https://www.unrealircd.org/docs/Policy:_Handling_of_security_issues for full information.
appveyor.yml
+10
View File
@@ -0,0 +1,10 @@
version: 4.2.x-devbuild-{build}
environment:
matrix:
- APPVEYOR_BUILD_WORKER_IMAGE: "Visual Studio 2017"
TARGET: "Visual Studio 2017"
SHORTNAME: "vs2017"
init:
- cmd: git config --global core.autocrlf true
build_script:
- cmd: call extras\\build-tests\\windows\\build.bat
autoconf/config.guess
Vendored
+685 -995
View File
File diff suppressed because it is too large Load Diff
autoconf/config.sub
Vendored
+1410 -1484
View File
File diff suppressed because it is too large Load Diff
autoconf/m4/pkg.m4
-343
View File
@@ -1,343 +0,0 @@
# pkg.m4 - Macros to locate and use pkg-config. -*- Autoconf -*-
# serial 12 (pkg-config-0.29.2)
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
dnl
dnl This program is free software; you can redistribute it and/or modify
dnl it under the terms of the GNU General Public License as published by
dnl the Free Software Foundation; either version 2 of the License, or
dnl (at your option) any later version.
dnl
dnl This program is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl General Public License for more details.
dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program; if not, write to the Free Software
dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
dnl 02111-1307, USA.
dnl
dnl As a special exception to the GNU General Public License, if you
dnl distribute this file as part of a program that contains a
dnl configuration script generated by Autoconf, you may include it under
dnl the same distribution terms that you use for the rest of that
dnl program.
dnl PKG_PREREQ(MIN-VERSION)
dnl -----------------------
dnl Since: 0.29
dnl
dnl Verify that the version of the pkg-config macros are at least
dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
dnl installed version of pkg-config, this checks the developer's version
dnl of pkg.m4 when generating configure.
dnl
dnl To ensure that this macro is defined, also add:
dnl m4_ifndef([PKG_PREREQ],
dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
dnl
dnl See the "Since" comment for each macro you use to see what version
dnl of the macros you require.
m4_defun([PKG_PREREQ],
[m4_define([PKG_MACROS_VERSION], [0.29.2])
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
])dnl PKG_PREREQ
dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
dnl ----------------------------------
dnl Since: 0.16
dnl
dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
dnl first found in the path. Checks that the version of pkg-config found
dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
dnl used since that's the first version where most current features of
dnl pkg-config existed.
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_default([$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])dnl PKG_PROG_PKG_CONFIG
dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
dnl -------------------------------------------------------------------
dnl Since: 0.18
dnl
dnl Check to see whether a particular set of modules exists. Similar to
dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
dnl
dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
dnl only at the first occurrence in configure.ac, so if the first place
dnl it's called might be skipped (such as if it is within an "if", you
dnl have to call PKG_CHECK_EXISTS manually
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_default([$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
dnl ---------------------------------------------
dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
dnl pkg_failed based on the result.
m4_define([_PKG_CONFIG],
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
elif test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes ],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])dnl _PKG_CONFIG
dnl _PKG_SHORT_ERRORS_SUPPORTED
dnl ---------------------------
dnl Internal check to see if pkg-config supports short errors.
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi[]dnl
])dnl _PKG_SHORT_ERRORS_SUPPORTED
dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
dnl [ACTION-IF-NOT-FOUND])
dnl --------------------------------------------------------------
dnl Since: 0.4.0
dnl
dnl Note that if there is a possibility the first call to
dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $2])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
m4_default([$4], [AC_MSG_ERROR(
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
$3
fi[]dnl
])dnl PKG_CHECK_MODULES
dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
dnl [ACTION-IF-NOT-FOUND])
dnl ---------------------------------------------------------------------
dnl Since: 0.29
dnl
dnl Checks for existence of MODULES and gathers its build flags with
dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
dnl and VARIABLE-PREFIX_LIBS from --libs.
dnl
dnl Note that if there is a possibility the first call to
dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
dnl configure.ac.
AC_DEFUN([PKG_CHECK_MODULES_STATIC],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
_save_PKG_CONFIG=$PKG_CONFIG
PKG_CONFIG="$PKG_CONFIG --static"
PKG_CHECK_MODULES($@)
PKG_CONFIG=$_save_PKG_CONFIG[]dnl
])dnl PKG_CHECK_MODULES_STATIC
dnl PKG_INSTALLDIR([DIRECTORY])
dnl -------------------------
dnl Since: 0.27
dnl
dnl Substitutes the variable pkgconfigdir as the location where a module
dnl should install pkg-config .pc files. By default the directory is
dnl $libdir/pkgconfig, but the default can be changed by passing
dnl DIRECTORY. The user can override through the --with-pkgconfigdir
dnl parameter.
AC_DEFUN([PKG_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([pkgconfigdir],
[AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
[with_pkgconfigdir=]pkg_default)
AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
])dnl PKG_INSTALLDIR
dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
dnl --------------------------------
dnl Since: 0.27
dnl
dnl Substitutes the variable noarch_pkgconfigdir as the location where a
dnl module should install arch-independent pkg-config .pc files. By
dnl default the directory is $datadir/pkgconfig, but the default can be
dnl changed by passing DIRECTORY. The user can override through the
dnl --with-noarch-pkgconfigdir parameter.
AC_DEFUN([PKG_NOARCH_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([noarch-pkgconfigdir],
[AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
[with_noarch_pkgconfigdir=]pkg_default)
AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
])dnl PKG_NOARCH_INSTALLDIR
dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
dnl -------------------------------------------
dnl Since: 0.28
dnl
dnl Retrieves the value of the pkg-config variable for the given module.
AC_DEFUN([PKG_CHECK_VAR],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
_PKG_CONFIG([$1], [variable="][$3]["], [$2])
AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND],
dnl [DESCRIPTION], [DEFAULT])
dnl ------------------------------------------
dnl
dnl Prepare a "--with-" configure option using the lowercase
dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and
dnl PKG_CHECK_MODULES in a single macro.
AC_DEFUN([PKG_WITH_MODULES],
[
m4_pushdef([with_arg], m4_tolower([$1]))
m4_pushdef([description],
[m4_default([$5], [build with ]with_arg[ support])])
m4_pushdef([def_arg], [m4_default([$6], [auto])])
m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes])
m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no])
m4_case(def_arg,
[yes],[m4_pushdef([with_without], [--without-]with_arg)],
[m4_pushdef([with_without],[--with-]with_arg)])
AC_ARG_WITH(with_arg,
AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),,
[AS_TR_SH([with_]with_arg)=def_arg])
AS_CASE([$AS_TR_SH([with_]with_arg)],
[yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)],
[auto],[PKG_CHECK_MODULES([$1],[$2],
[m4_n([def_action_if_found]) $3],
[m4_n([def_action_if_not_found]) $4])])
m4_popdef([with_arg])
m4_popdef([description])
m4_popdef([def_arg])
])dnl PKG_WITH_MODULES
dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [DESCRIPTION], [DEFAULT])
dnl -----------------------------------------------
dnl
dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES
dnl check._[VARIABLE-PREFIX] is exported as make variable.
AC_DEFUN([PKG_HAVE_WITH_MODULES],
[
PKG_WITH_MODULES([$1],[$2],,,[$3],[$4])
AM_CONDITIONAL([HAVE_][$1],
[test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"])
])dnl PKG_HAVE_WITH_MODULES
dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES,
dnl [DESCRIPTION], [DEFAULT])
dnl ------------------------------------------------------
dnl
dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after
dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make
dnl and preprocessor variable.
AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES],
[
PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4])
AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"],
[AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])])
])dnl PKG_HAVE_DEFINE_WITH_MODULES
autoconf/m4/unreal.m4
+5 -255
View File
@@ -97,7 +97,7 @@ AC_DEFUN([CHECK_LIBCURL],
with the system-installed libcURL, this is a bad idea which may result in error
messages looking like:
error downloading ... Could not resolve host: example.net (Successful completion)
\`\`[error] unrealircd.conf:9: include: error downloading '(http://example.net/ex.conf)': Could not resolve host: example.net (Successful completion)''
Or UnrealIRCd might even crash.
@@ -130,13 +130,9 @@ AC_DEFUN([CHECK_LIBCURL],
LIBS="$LIBS_SAVEDA"
CFLAGS="$CFLAGS_SAVEDA"
dnl Finally, choose the cURL implementation of url.c
URL="url_curl.o"
],[
dnl Choose UnrealIRCds internal implementation of url.c
URL="url_unreal.o"
URL="url.o"
AC_SUBST(URL)
]) dnl AS_IF(enable_curl)
AC_SUBST(URL)
])
dnl the following 2 macros are based on CHECK_SSL by Mark Ethan Trostler <trostler@juniper.net>
@@ -149,7 +145,7 @@ AC_ARG_ENABLE(ssl,
[enable_ssl=no])
AS_IF([test $enable_ssl != "no"],
[
AC_MSG_CHECKING([for OpenSSL])
AC_MSG_CHECKING([for openssl])
for dir in $enable_ssl /usr/local/opt/openssl /usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/sfw /usr/local /usr; do
ssldir="$dir"
if test -f "$dir/include/openssl/ssl.h"; then
@@ -182,65 +178,12 @@ AS_IF([test $enable_ssl != "no"],
else
CRYPTOLIB="-lssl -lcrypto";
if test ! "$ssldir" = "/usr" ; then
if test -d "$ssldir/lib64" ; then
LDFLAGS="$LDFLAGS -L$ssldir/lib64";
else
LDFLAGS="$LDFLAGS -L$ssldir/lib";
fi
dnl check if binary path exists
if test -f "$ssldir/bin/openssl"; then
OPENSSLPATH="$ssldir/bin/openssl";
fi
LDFLAGS="$LDFLAGS -L$ssldir/lib";
fi
dnl linking require -ldl?
AC_MSG_CHECKING([OpenSSL linking with -ldl])
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB -ldl"
AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
[
AC_MSG_RESULT(yes)
CRYPTOLIB="$CRYPTOLIB -ldl"
],
[
AC_MSG_RESULT(no)
dnl linking require both -ldl and -lpthread?
AC_MSG_CHECKING([OpenSSL linking with -ldl and -lpthread])
LIBS="$SAVE_LIBS $CRYPTOLIB -ldl -lpthread"
AC_TRY_LINK([#include <openssl/err.h>], [ERR_clear_error();],
[
AC_MSG_RESULT(yes)
CRYPTOLIB="$CRYPTOLIB -ldl -lpthread"
],
[
AC_MSG_RESULT(no)
])
])
LIBS="$SAVE_LIBS"
fi
])
])
AC_DEFUN([CHECK_SSL_CTX_SET1_SIGALGS_LIST],
[
AC_MSG_CHECKING([for SSL_CTX_set1_sigalgs_list in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL_CTX *ctx = NULL; SSL_CTX_set1_sigalgs_list(ctx, "test");],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_CTX_SET1_SIGALGS_LIST], [], [Define if ssl library has SSL_CTX_set1_sigalgs_list])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_SSL_CTX_SET1_CURVES_LIST],
[
AC_MSG_CHECKING([for SSL_CTX_set1_curves_list in SSL library])
@@ -261,46 +204,6 @@ else
fi
])
AC_DEFUN([CHECK_SSL_CTX_SET1_GROUPS_LIST],
[
AC_MSG_CHECKING([for SSL_CTX_set1_groups_list in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL_CTX *ctx = NULL; SSL_CTX_set1_groups_list(ctx, "test");],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_CTX_SET1_GROUPS_LIST], [], [Define if ssl library has SSL_CTX_set1_groups_list])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_SSL_GET_NEGOTIATED_GROUP],
[
AC_MSG_CHECKING([for SSL_get_negotiated_group in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL *ssl = NULL; SSL_get_negotiated_group(ssl);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_GET_NEGOTIATED_GROUP], [], [Define if ssl library has SSL_get_negotiated_group])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_SSL_CTX_SET_MIN_PROTO_VERSION],
[
AC_MSG_CHECKING([for SSL_CTX_set_min_proto_version in SSL library])
@@ -320,156 +223,3 @@ else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_SSL_CTX_SET_SECURITY_LEVEL],
[
AC_MSG_CHECKING([for SSL_CTX_set_security_level in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[SSL_CTX *ctx = NULL; SSL_CTX_set_security_level(ctx, 1);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_SSL_CTX_SET_SECURITY_LEVEL], [], [Define if ssl library has SSL_CTX_set_security_level])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_ASN1_TIME_diff],
[
AC_MSG_CHECKING([for ASN1_TIME_diff in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[int one, two; ASN1_TIME_diff(&one, &two, NULL, NULL);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_ASN1_TIME_diff], [], [Define if ssl library has ASN1_TIME_diff])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_X509_get0_notAfter],
[
AC_MSG_CHECKING([for X509_get0_notAfter in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/ssl.h>],
[X509_get0_notAfter(NULL);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_X509_get0_notAfter], [], [Define if ssl library has X509_get0_notAfter])
else
AC_MSG_RESULT([no])
fi
])
AC_DEFUN([CHECK_X509_check_host],
[
AC_MSG_CHECKING([for X509_check_host in SSL library])
AC_LANG_PUSH(C)
SAVE_LIBS="$LIBS"
LIBS="$LIBS $CRYPTOLIB"
AC_TRY_LINK([#include <openssl/x509v3.h>],
[X509_check_host(NULL, NULL, 0, 0, NULL);],
has_function=1,
has_function=0)
LIBS="$SAVE_LIBS"
AC_LANG_POP(C)
if test $has_function = 1; then
AC_MSG_RESULT([yes])
AC_DEFINE([HAS_X509_check_host], [], [Define if ssl library has X509_check_host])
OPENSSL_HOSTNAME_VALIDATION_OBJ=""
else
AC_MSG_RESULT([no])
OPENSSL_HOSTNAME_VALIDATION_OBJ="openssl_hostname_validation.o"
fi
AC_SUBST(OPENSSL_HOSTNAME_VALIDATION_OBJ)
])
dnl For geoip-api-c
AC_DEFUN([CHECK_GEOIP_CLASSIC],
[
AC_ARG_ENABLE(geoip_classic,
[AC_HELP_STRING([--enable-geoip-classic=no/yes],[enable GeoIP Classic support])],
[enable_geoip_classic=$enableval],
[enable_geoip_classic=no])
AS_IF([test "x$enable_geoip_classic" = "xyes"],
[
dnl First see if the system provides it
has_system_geoip_classic="no"
PKG_CHECK_MODULES([GEOIP_CLASSIC], [geoip >= 1.6.0],
[has_system_geoip_classic=yes
AS_IF([test "x$PRIVATELIBDIR" != "x"], [rm -f "$PRIVATELIBDIR/"libGeoIP.*])],
[has_system_geoip_classic=no])
dnl Otherwise fallback to our own..
AS_IF([test "$has_system_geoip_classic" = "no"],[
dnl REMEMBER TO CHANGE WITH A NEW GEOIP LIBRARY RELEASE!
geoip_classic_version="1.6.12"
AC_MSG_RESULT(extracting GeoIP Classic library)
cur_dir=`pwd`
cd extras
dnl remove old directory to force a recompile...
dnl and remove its installation prefix just to clean things up.
rm -rf GeoIP-$geoip_classic_version geoip-classic
if test "x$ac_cv_path_GUNZIP" = "x" ; then
tar xfz geoip-classic.tar.gz
else
cp geoip-classic.tar.gz geoip-classic.tar.gz.bak
gunzip -f geoip-classic.tar.gz
cp geoip-classic.tar.gz.bak geoip-classic.tar.gz
tar xf geoip-classic.tar
fi
AC_MSG_RESULT(configuring GeoIP Classic library)
cd GeoIP-$geoip_classic_version
save_cflags="$CFLAGS"
save_ldflags="$LDFLAGS"
CFLAGS="$orig_cflags $HARDEN_LIB_CFLAGS"
LDFLAGS="$HARDEN_LIB_LDFLAGS"
export CFLAGS LDFLAGS
./configure --prefix=$cur_dir/extras/geoip-classic --libdir=$PRIVATELIBDIR --enable-shared --disable-static || exit 1
CFLAGS="$save_cflags"
LDFLAGS="$save_ldflags"
AC_MSG_RESULT(compiling GeoIP Classic library)
$ac_cv_prog_MAKER || exit 1
AC_MSG_RESULT(installing GeoIP Classic library)
rm -f "$PRIVATELIBDIR/"libGeoIP.so*
$ac_cv_prog_MAKER install || exit 1
dnl Try pkg-config first...
AS_IF([test -n "$ac_cv_path_PKGCONFIG"],
[GEOIP_CLASSIC_LIBS="`$ac_cv_path_PKGCONFIG --libs geoip.pc`"
GEOIP_CLASSIC_CFLAGS="`$ac_cv_path_PKGCONFIG --cflags geoip.pc`"])
dnl In case the system does not have pkg-config, fallback to hardcoded settings...
AS_IF([test -z "$GEOIP_CLASSIC_LIBS"],
[GEOIP_CLASSIC_LIBS="-L$PRIVATELIBDIR -lGeoIP"
GEOIP_CLASSIC_CFLAGS="-I$cur_dir/extras/geoip-classic/include"])
cd $cur_dir
])
AC_SUBST(GEOIP_CLASSIC_LIBS)
AC_SUBST(GEOIP_CLASSIC_CFLAGS)
GEOIP_CLASSIC_OBJECTS="geoip_classic.so"
AC_SUBST(GEOIP_CLASSIC_OBJECTS)
AC_DEFINE([GEOIP_ENGINE], ["geoip_classic"], [Classic GeoIP engine])
]) dnl AS_IF(enable_geoip_classic)
])
autogen.sh
-2
View File
@@ -1,6 +1,4 @@
#!/bin/bash
echo "Regenerating 'configure' and headers..."
echo "NOTE: Normally only UnrealIRCd developers run this command!!"
cd "$(dirname "${0}")"
configure
Vendored
+5485 -5479
View File
File diff suppressed because it is too large Load Diff
configure.ac
+386 -380
View File
File diff suppressed because it is too large Load Diff
doc/Config.header
-32
View File
@@ -1,32 +0,0 @@
_ _ _ ___________ _____ _
| | | | | |_ _| ___ \/ __ \ | |
| | | |_ __ _ __ ___ __ _| | | | | |_/ /| / \/ __| |
| | | | '_ \| '__/ _ \/ _ | | | | | / | | / _ |
| |_| | | | | | | __/ (_| | |_| |_| |\ \ | \__/\ (_| |
\___/|_| |_|_| \___|\__,_|_|\___/\_| \_| \____/\__,_|
Configuration Program
for UnrealIRCd 6.2.6-rc1
This program will help you to compile your IRC server, and ask you
questions regarding the compile-time settings of it during the process.
A short installation guide is available online at:
https://www.unrealircd.org/docs/Installing_from_source
Full documentation is available at:
https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
--------------------------------------------------------------------------------------
The full release notes are available in doc/RELEASE-NOTES.md
For easier viewing, check out the latest online release notes at:
https://github.com/unrealircd/unrealircd/blob/unreal60_dev/doc/RELEASE-NOTES.md
UnrealIRCd 6 is compatible with the following services:
* anope 2.0.x (stable) with the "unreal4" protocol module - anope 2.0.7 or higher required
* anope 2.1.x (dev) with the "unrealircd" protocol module
* atheme with the "unreal4" protocol module - tested with version 7.2.9
--------------------------------------------------------------------------------------
doc/Donation
+14
View File
@@ -0,0 +1,14 @@
Although UnrealIRCd is a free program, we do put a great deal of time,
effort, and money into keeping UnrealIRCd alive. If you like UnrealIRCd and
want to support us then please consider making a donation.
PayPal Donation Link: https://unrealircd.org/index/donations
If you don't want to use PayPal, or you want to donate something other than
money, then please contact Syzop (syzop@unrealircd.com).
All those who donate at least a certain minimum amount will have their name
and/or company listed in /CREDITS and will be listed on the website.
Thank you for your support,
The UnrealIRCd Team
doc/KEYS
-33
View File
@@ -1,33 +0,0 @@
pub rsa4096 2024-11-18 [SC] [expires: 2030-11-17]
36E6F65706E36B0937280299101001DAF48BB56D
uid UnrealIRCd releases and patches (for verification of software downloads only!) <releases@unrealircd.org>
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGc7EBEBEADDZzlLVArYr2kE9NlhnuUF31rW3wvZ4avjhzhmO6bL0I0RESZC
PrtiFVJyjcSScObOVONFSC2YQiLVpezkKX4AYoqfnsuWfHg3xlGqCY8Ip+V5XJ6v
8G5haFFEgTL10UtqzPNymygWmoEr11u3BUKIzAJAuec7dl7PyfGU2JDkl+NtWm31
WyKCMuK3TKaD8UjGd5PPQR4jA6k1Hn8kvUl53EmkJjRyJc1XVz4AjZFywyUENGJv
HVdVFOPDaKzIx6N6+2dm0ZxXIPOISycwEQuk1++E7NyOS5u+lzlFN7RAXR/5Ogv5
pZzdcsPXp0RHHVeM8qgV7kvRTG9xhfFcXjs9Hanp2siy80HWs56o7nNN2eQNA31W
5lfGIWaA3pY4rpBoiQc3IMGD+vkACfRFH468+cx50zP9gbqSaxUaj6Z0e/jBNf26
7MIEKUjVCunQjO0Lob346FTAvdnXEXCwwJdQFF2tkxnpUBs6sSXjJwVgsfrkizXS
X0qsX7DTn9QpF9Z+0czqdoyJuLLPOFx+6Xj7l2riBYyzMAa8c6odLXTReMaVxFN+
clIVMCrfYXuURb4QGKB0ewW/wZd1fgsPAV4D1qypFAnM0D+qsfpKFI1QQY7WEUcC
YVMkzjZHPWaBdRQf7KLXasx7/ouM5nIlZdRrPDrCXXiqAlA20aWqvZ8N1wARAQAB
tGhVbnJlYWxJUkNkIHJlbGVhc2VzIGFuZCBwYXRjaGVzIChmb3IgdmVyaWZpY2F0
aW9uIG9mIHNvZnR3YXJlIGRvd25sb2FkcyBvbmx5ISkgPHJlbGVhc2VzQHVucmVh
bGlyY2Qub3JnPokCVAQTAQoAPhYhBDbm9lcG42sJNygCmRAQAdr0i7VtBQJnOxAR
AhsDBQkLRzUABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEBAQAdr0i7Vt1hoQ
ALCuqTuVqYOiwBsccS8Qt52l+8pOr0hcF49GM+eBM7Evq2tlwL4FOEyzbsO94yRH
qTxGg/0puYkF74+vZnS2Vlo/F90FTmypy4oVQr+K/dd11ZEVLEpNcdaXuj68vP4c
UCsUPmQyPGERCIlKMe1U+n6yQWgx7xLbuqlOuxcwKDddYa6hhToogUxBbdOZZrYl
I4LN38ztSr0xjp0b67gdrMgOByS/r1AOX61L4DL2/glGOCt4GpKWPj8bOrK+Y/eK
HRK72TezQ+XPFAqsXNmeaLBVVFM8L3fPBBEmVV5tULZ7+/3Qlyub78/OK3Y1/fV7
qFY1S0WnTWY5mBNtUSgF9bGK/UyySNtPFtihmyg0xGQ/cNwiH7QXp38LboEBDoTF
lRT42nX1Nw9KpIWqGPTowB4qhN7znAseYkuH1XtDJHm1OKQjUB8lyBupq3cXYUju
JJH4zfdpWeLWQktb3D8uQsvEBcIyaVRs8wlPdAQBZBL0cLvE0ACpcsbsua26ihzB
ZCGzYmdZvBPpRo2e5xzC9ur3VOQzHqsebFrRKzDD6PgYCgnqJ+03vMToGua9MVX+
FFd2BSLO3UGUPdZESNzik2cILyZPRucwGWnL4wh+v+eOP9ZS4QpACye38VkGWUVR
YqzzK4QaI3m1xrRbcuCXdiMymWnWV3yW6AU+eGB8aEDW
=p0TV
-----END PGP PUBLIC KEY BLOCK-----
doc/RELEASE-NOTES
+66
View File
@@ -0,0 +1,66 @@
UnrealIRCd 4.2.4.1 Release Notes
=================================
This version, 4.2.4.1, fixes an issue with Debian 10. On Debian 10 the
list of permitted SSL/TLS protocols was ignored (set::ssl::protocols).
Other than that, set::ssl::outdated-protocols and set::ssl::outdated-ciphers
are now configurable (rarely needed, though).
Below are the release notes of previous release, 4.2.4.
==[ 4.2.4 release notes ]==
This release fixes a crash issue if UnrealIRCd is configured to use utf8 or
chinese character sets in set::allowed-nickchars. This is not the default.
We don't expect many users to run their IRCd with this enabled, as the utf8
support was tagged as experimental and the chinese/gbk implementation is
incomplete.
In addition to the bug fix from above, this release also contains a number
of other fixes and enhancements. In particular there were some Windows
fixes and the reputation and connthrottle modules are now working better.
Enhancements:
* Improve server linking error messages
* Enhance WHOX to WHO auto-conversion for "WHO +s serv.er.name"
Major issues fixed:
* A crash issue if using utf8 or chinese in set::allowed-nickchars.
* The Windows version only accepted very few clients.
* The Windows version should warn and not error if using old-style regex.
* The Windows version did not save the reputation database.
Minor issues fixed:
* The 'connthrottle' module incorrectly allowed 0 unknown users in when
it was throttling, rather than the set rate.
* The 'reputation' module did not show scores for remote users in /WHOIS,
only after 5 minutes had passed.
* Some users may have experienced a "Registration Timeout" error when
connecting. This happened because their ident server accepted the TCP/IP
connection but after that failed to respond to the ident request. We
have now lowered set::ident::read-timeout to 15 seconds to fix this.
* If successfully logged in using SASL then avoid an "You are already
logged in" error message that could happen due to PASS forwarding.
The message was harmless, but annoying in some setups.
Module coders / Developers:
* If you are debugging or developing modules then we encourage you to
use AddressSanitizer. This does come at a 10x performance slowdown
and can consume a lot more memory, but it is very useful in tracing
common C mistakes such as out of bounds read/writes, double frees,
and so on. You will see exactly where a mistake was made.
To use this, in the last ./Config question you answer: --enable-asan
IRC protocol:
* No changes
Other changes:
* Various HELPOP updates
Future versions:
* We intend to change the default plaintext oper policy from 'warn' to 'deny'
in the summer of 2019. This will deny /OPER when used from a non-SSL
connection. For security, IRC Operators should really use SSL/TLS!
==[ CHANGES IN OLDER RELEASES ]==
For changes in previous UnrealIRCd releases see doc/RELEASE-NOTES.old or
https://raw.githubusercontent.com/unrealircd/unrealircd/unreal42/doc/RELEASE-NOTES.old
doc/RELEASE-NOTES.md
-2772
View File
File diff suppressed because it is too large Load Diff
doc/RELEASE-NOTES.old
+1453
View File
File diff suppressed because it is too large Load Diff
doc/coding-guidelines
+143 -123
View File
@@ -1,123 +1,143 @@
Rules about patches & modifications to UnrealIRCd
1. When making a change, always add a small description in the commit log.
Don't forget to mention the bug# and credit the reporter (if any).
2. If new files are made, they must contain proper copyright headers.
3. Each bug or feature should have a bug# so people can have a discussion
about it. This has a few implications (read!!):
* People must report bugs/feature requests to bugs.unrealircd.org and
not on IRC, e-mail, etc.
* That means other people can see the bug# and comment on it. This means
discussion is easy to read back for each issue and not spread between
several IRC logs.
Furthermore, by using the bugtracker instead of directly committing,
people could point out that there might be a better way to do things
than you originally thought, or it might be that other devs don't like
it at all.
* If a head coder has 'acknowledged' or 'confirmed' the issue or stated
in a comment that it's OK to implement, then any dev may take the issue.
The dev should change the status to 'assigned' and work on it, then
commit and change it to 'resolved', set 'fixed in version' to the
correct release, and add a comment pasting the relevant commit log.
Of course other guidelines, in particular rule #7, still applies.
4. If you don't have direct write access to the repository then you can
submit changes as as PR on github. It is very much preferred to also
have a bugs.unrealircd.org entry for it as well (see previous item).
5. For the stable branch, in general, only commit changes that have an
associated bugid# and/or were discussed.
For branches currently in development (alpha/beta) there's more freedom
and if you think the change will be small and is fine without a
discussion then feel free to commit.
6. Regarding reidenting, restructuring or other major code cleanups: please
discuss before doing so. The other devs might not agree with you on the
particular cleanup you have in mind which would result in another
clean-up-the-cleanup commit.
You may, however reindent and clean up individual sections when you are
working on fixing a particular bug# or implementing a new feature. In fact
you're encouraged to do so if the code is confusing without it. However,
obey the style of Unreal's code (mostly outlined in this document)
and do not introduce yet another (new) style. Also, be careful with doing
any cleanup: if you're unsure in any way about the use of something,
or something that looks redundant on first sight, then look more
carefully... it might indeed be useless and/or redundant, but it might
also be a subtle thing that can create great bugs when 'cleaned up'.
7. During the Release Candidate stage (from RC1 until the final release)
only the head coder may commit directly, all others should ask and
present their patch before committing. Yes, even if you are changing
only 1 line of code or text.
9. UnrealIRCd should compile on all supported operating systems and
platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
higher on Windows. This means you cannot blindly use all C99 extensions.
10. Coders must test their code before committing.
11. /*
* These kind of comments
*/
NOT
// These kind of comments
12. if (something == 1)
{
moo; /* comment */
/* This does what what what */
cow(go(moo));
}
NOT
if (something == 1) {
}
13. Do not touch version.c.SH or version.h, unless you are a head coder.
If you need a credit in, contact us
14. Protocol changes must be discussed before making patches for it.
15. We do NOT rip people off. If we use other people's code, it MUST be
properly credited.
16. We use tabsize 8 and we use tabs AND NOT SPACES.
Some code is old and horrible and has a mix of tabs and spaces used for
spacing, that's something we do not want to have ;)
17. Be careful about overflows. Do not do any unchecked string copies.
Instead of strcpy, strcat and sprintf/ircsprintf, use the following
functions: strlcpy, strlcat, snprintf/ircnsprintf.
If you are copying/writing character-by-character or word-by-word in a
loop, eg using *p++ = x; then be very sure about your size counting.
Often it's better to avoid such code altogether, by simply using
strlcat for everything.
18. Speed. When optimizing or writing code, keep in mind that readability and
stability comes FIRST, and after that comes speed. So we'd rather prefer some
readable code (even if difficult) over some odd highly optimized routine which
nobody understands, is difficult to extend, and might have several bugs.
As mentioned earlier: use ircsnprintf, not snprintf (this is because
ircsnprintf is optimized for simple strings like the ones we use).
ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
can't handle. Simple format specifiers do not have prefixes other than
h and l.
19. Initialize your structs and use the proper memory calls.
In UnrealIRCd we use safe_alloc, safe_free, safe_strdup and safe_strldup.
Do NOT use malloc, calloc or strdup.
20. Comment your code! This should speak for itself...
Put comments wherever you think they are needed, to aid any further coders
with reading your code.. and, in fact, it will aid yourself as well if you
would look back at your code 2 years later.
If there's some obscure pitfall, DO mention it! Don't just "hope" a next
author will see it like you did.
21. Use enums whenever possible, rather than #define constants. Besides making
things more clean, it also aids debugging.
Rules about patches & modifications to UnrealIRCd
1. When making a change, always add a small description in the commit log.
Don't forget to mention the bug# and credit the reporter (if any).
2. If new files are made, it must contain proper copyright headers.
3. If you want to submit patches (f.e. if you don't have write access to
the repository), then submit them to https://bugs.unrealircd.org/
using "hg export" or "hg diff". Naturally include a clear description
of what the change does.
4. Each bug or feature should have a bug# so people can have a discussion
about it. This has a few implications (read!!):
* People must report bugs/feature requests to bugs.unrealircd.org and
not on IRC, e-mail, etc.
* That means other people can see the bug# and comment on it. This means
discussion is easy to read back for each issue and not spread between
several IRC logs.
Furthermore, by using the bugtracker instead of directly committing,
people could point out that there might be a better way to do things
than you originally thought, or it might be that other devs don't like
it at all.
* If a head coder has 'acknowledged' or 'confirmed' the bug or stated in
a comment that it's OK to implement, then a dev may take the issue.
The dev should change the status to 'assigned' and work on it, then
commit and change it to 'resolved', set 'fixed in version' to next
release, and add a comment pasting the relevant Changelog item and the
releaseid (.XYZ).
Of course other guidelines, like #7 and #8 still apply.
5. Do not commit changes that do not have an associated bug# and have not
had any discussion.
3.2.x: Small/tiny bugfixes that do not change any functionality, are
very unlikely to break anything and definitely don't require any prior
discussion may be exempted.
3.4.x: During the alpha & beta stage it is permitted to commit fixes
and code cleanups / restructuring without any discussion.
However in general, and in particular for new features, it is appreciated
if there has been prior discussion on bugs.unrealircd.org (or by mail).
6. Regarding reidenting, restructuring or other major code cleanups: please
discuss before doing so. The other devs might not agree with you on the
particular cleanup you have in mind which would result in another
clean-up-the-cleanup commit.
You may, however reindent and clean up individual sections when you are
working on fixing a particular bug# or implementing a new feature. In fact
you're encouraged to do so if the code is confusing without it. However,
obey the style of Unreal's code (mostly outlined in this document)
and do not introduce yet another (new) style. Also, be careful with doing
any cleanup: if you're unsure in any way about the use of something,
or something that looks redundant on first sight, then look more
carefully... it might indeed be useless and/or redundant, but it might
also be a subtle thing that can create great bugs when 'cleaned up'.
7. Prior to a 3.2.x release: be very careful with any restructuring of a
subsystem or doing any major commits that may break things. Stuff like
this can be perfectly fine if there are many months to go, but are not
good to do a month before release. The head coder may impose additional
restrictions during such a period.
8. During the Release Candidate stage (from RC1 until the final release)
only the head coder may commit directly, all others should ask and
present their patch before committing. Yes, even if you are changing
only 1 line of code or text.
9. UnrealIRCd should compile on all supported operating systems and
platforms, using GCC 3 or higher on *NIX, and Visual Studio 2008 or
higher on Windows. This means you cannot blindly use all C99 extensions.
10. Coders must test their code before committing.
11. /*
* These kind of comments
*/
NOT
// These kind of comments
12. if (something == 1)
{
moo; /* comment */
/* This does what what what */
cow(go(moo));
}
NOT
if (something == 1) {
}
13. Do not touch version.c.SH or version.h, unless you are a head coder
if you need a credit in, contact us
14. Protocol changes must be discussed before making patches for it.
15. We do NOT rip people off. If we use other people's code, it MUST be
properly credited.
16. We generally use tabsize 4 and 8. In any case, use tabs and NOT spaces.
Some code is old and horrible and has a mix of tabs and spaces used for
spacing, that's something we do not want to have ;)
17. Be careful about overflows. Do not do any unchecked string copies.
Instead of strcpy, strcat and sprintf/ircsprintf, use the following
functions: strlcpy, strlcat, snprintf/ircnsprintf.
If you are copying/writing character-by-character or word-by-word in a
loop, be very sure about your size counting. Sometimes it's possible
to avoid such code alltogether by just calling strlcat each time.
18. Speed. When optimizing or writing code, keep in mind that readability and
stability comes FIRST, and after that comes speed. So we'd rather prefer some
readable code (even if difficult) over some odd highly optimized routine which
nobody understands, is difficult to extend, and might have several bugs.
As mentioned earlier: use ircsnprintf, not snprintf (this is because
ircsnprintf is optimized for simple strings like the ones we use).
ircsnprintf calls snprintf when it finds a (non-simple) format specifier it
can't handle. Simple format specifiers do not have prefixes other than
h and l.
19. Initialize your structs and use the proper memory calls.
In UnrealIRCd we use MyMalloc, MyMallocEx and MyFree (so not malloc/free).
MyMalloc usually maps to malloc, and MyMallocEx is a malloc plus filling
the memory area (eg: the struct) with zero's (a la calloc).
Use of MyMallocEx is suggested. In general you should not be using MyMalloc.
"But MyMalloc is faster!" you might say. This is true, but using MyMallocEx
has very little speed impact and enormous benefits: people tend to forget
to set certain fields in the struct to NULL, or much more common: when
someone later on (eg: 1 year later) adds a field to a struct, there could
be several places he/she needs to update to make sure x->something is NULL
after allocating a new struct. Bad idea.
Little speed impact, huge stability benefits, easy decision ;).
20. Comment your code! This should speak for itself...
Put comments wherever you think they are needed, to aid any further coders
with reading your code.. and, in fact, it will aid yourself as well if you
would look back at your code 2 years later.
If there's some obscure pitfall, DO mention it! Don't just "hope" a next
author will see it like you did.
21. Use enums whenever possible, rather than #define constants. Besides making
things more clean, it also aids debugging.
doc/conf/aliases/aliases.conf
+9 -9
View File
@@ -5,39 +5,39 @@ alias identify {
target chanserv;
type services;
parameters "IDENTIFY %1-";
}
};
format "^[^#]" {
target nickserv;
type services;
parameters "IDENTIFY %1-";
}
};
type command;
}
};
alias services {
format "^#" {
target chanserv;
type services;
parameters "%1-";
}
};
format "^[^#]" {
target nickserv;
type services;
parameters "%1-";
}
};
type command;
}
};
alias register {
format "^#" {
target chanserv;
type services;
parameters "REGISTER %1-";
}
};
format "^[^#]" {
target nickserv;
type services;
parameters "REGISTER %1-";
}
};
type command;
}
};
doc/conf/aliases/anope.conf
+13 -12
View File
@@ -1,17 +1,18 @@
/* Anope Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias helpserv { type services; };
alias botserv { type services; };
alias bs { target botserv; type services; };
alias hostserv { type services; };
alias hs { target hostserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/atheme.conf
+21 -21
View File
@@ -1,26 +1,26 @@
/* Atheme Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
alias saslserv { type services; }
alias sss { target saslserv; type services; }
alias gameserv { type services; }
alias gms { target gameserv; type services; }
alias groupserv { type services; }
alias grs { target groupserv; type services; }
alias alis { type services; }
alias ls { target alis; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias helpserv { type services; };
alias botserv { type services; };
alias bs { target botserv; type services; };
alias hostserv { type services; };
alias hs { target hostserv; type services; };
alias saslserv { type services; };
alias sss { target saslserv; type services; };
alias gameserv { type services; };
alias gms { target gameserv; type services; };
alias groupserv { type services; };
alias grs { target groupserv; type services; };
alias alis { type services; };
alias ls { target alis; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/auspice.conf
+25 -25
View File
@@ -1,33 +1,33 @@
/* Auspice Aliases */
/* Uncomment this, if you have enabled "MassServ, W and X" in auspice */
# alias massserv { type services; }
# alias ma { target massserv; type services; }
# alias W { type services; }
# alias X { type services; }
# alias massserv { type services; };
# alias ma { target massserv; type services; };
# alias W { type services; };
# alias X { type services; };
/* Uncomment this, if you have enabled "WebServ" in auspice */
# alias webserv { type services; }
# alias ws { target webserv; type services; }
# alias webserv { type services; };
# alias ws { target webserv; type services; };
alias agent { type services; }
alias adminserv { type services; }
alias as { target adminserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias hostserv { type services; }
alias ho { target hostserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias rootserv { type services; }
alias rs { target rootserv; type services; }
alias agent { type services; };
alias adminserv { type services; };
alias as { target adminserv; type services; };
alias botserv { type services; };
alias bs { target botserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias helpserv { type services; };
alias hs { target helpserv; type services; };
alias hostserv { type services; };
alias ho { target hostserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias rootserv { type services; };
alias rs { target rootserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/cygnus.conf
+8 -8
View File
@@ -1,12 +1,12 @@
/* Cygnus Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias rootserv { type services; }
alias rs { target rootserv; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias rootserv { type services; };
alias rs { target rootserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/epona.conf
+12 -12
View File
@@ -1,16 +1,16 @@
/* Epona Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias botserv { type services; }
alias bs { target botserv; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias helpserv { type services; };
alias hs { target helpserv; type services; };
alias botserv { type services; };
alias bs { target botserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/generic.conf
+10 -10
View File
@@ -1,14 +1,14 @@
/* Generic Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias helpserv { type services; };
alias hs { target helpserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/genericstats.conf
+2 -2
View File
@@ -1,4 +1,4 @@
/* Generic StatServ Aliases */
alias statserv { type stats; }
alias ss { target statserv; type stats; }
alias statserv { type stats; };
alias ss { target statserv; type stats; };
doc/conf/aliases/ircservices.conf
+13 -13
View File
@@ -1,17 +1,17 @@
/* IRCServices Aliases */
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias memoserv { type services; spamfilter yes; }
alias ms { target memoserv; type services; spamfilter yes; }
alias operserv { type services; }
alias os { target operserv; type services; }
alias helpserv { type services; }
alias hs { target helpserv; type services; }
alias irciihelp { type services; }
alias statserv { type services; }
alias ss { target statserv; type services; }
alias nickserv { type services; };
alias ns { target nickserv; type services; };
alias chanserv { type services; };
alias cs { target chanserv; type services; };
alias memoserv { type services; spamfilter yes; };
alias ms { target memoserv; type services; spamfilter yes; };
alias operserv { type services; };
alias os { target operserv; type services; };
alias helpserv { type services; };
alias hs { target helpserv; type services; };
alias irciihelp { type services; };
alias statserv { type services; };
alias ss { target statserv; type services; };
include "aliases/aliases.conf";
doc/conf/aliases/operstats.conf
+4 -4
View File
@@ -1,6 +1,6 @@
/* OperStats Aliases */
alias operserv { type stats; }
alias os { target operserv; type stats; }
alias statserv { type stats; }
alias ss { target statserv; type stats; }
alias operserv { type stats; };
alias os { target operserv; type stats; };
alias statserv { type stats; };
alias ss { target statserv; type stats; };
doc/conf/badwords.conf
+20 -19
View File
@@ -5,6 +5,7 @@
NOTE: Those words are not meant to insult you (the user)
but is meant to be a list of words so that the +G channel/user mode
will work properly. You can easily modify this file at your will.
If you got words to add to this file, please mail badwords@tspre.org
@@ -29,22 +30,22 @@
*/
badword all { word "pussy"; }
badword all { word "fuck"; }
badword all { word "whore"; }
badword all { word "slut"; }
badword all { word "shit"; }
badword all { word "asshole"; }
badword all { word "bitch"; }
badword all { word "cunt"; }
badword all { word "vagina"; }
badword all { word "penis"; }
badword all { word "jackass"; }
badword all { word "*fucker*"; }
badword all { word "faggot"; }
badword all { word "fag"; }
badword all { word "horny"; }
badword all { word "dickhead"; }
badword all { word "sonuvabitch"; }
badword all { word "*fuck*"; }
badword all { word "tits"; }
badword all { word "pussy"; };
badword all { word "fuck"; };
badword all { word "whore"; };
badword all { word "slut"; };
badword all { word "shit"; };
badword all { word "asshole"; };
badword all { word "bitch"; };
badword all { word "cunt"; };
badword all { word "vagina"; };
badword all { word "penis"; };
badword all { word "jackass"; };
badword all { word "*fucker*"; };
badword all { word "faggot"; };
badword all { word "fag"; };
badword all { word "horny"; };
badword all { word "dickhead"; };
badword all { word "sonuvabitch"; };
badword all { word "*fuck*"; };
badword all { word "tits"; };
doc/conf/dccallow.conf
+20 -20
View File
@@ -17,26 +17,26 @@
*/
/* first.. deny everything, then allow known-good stuff... */
deny dcc { filename "*"; reason "Possible executable content"; soft yes; }
deny dcc { filename "*"; reason "Possible executable content"; soft yes; };
/* common image formats */
allow dcc { filename "*.jpg"; soft yes; }
allow dcc { filename "*.jpeg"; soft yes; }
allow dcc { filename "*.gif"; soft yes; }
allow dcc { filename "*.png"; soft yes; }
allow dcc { filename "*.bmp"; soft yes; }
allow dcc { filename "*.jpg"; soft yes; };
allow dcc { filename "*.jpeg"; soft yes; };
allow dcc { filename "*.gif"; soft yes; };
allow dcc { filename "*.png"; soft yes; };
allow dcc { filename "*.bmp"; soft yes; };
/* audio / video (but not scripted/playlists!) */
allow dcc { filename "*.mp1"; soft yes; }
allow dcc { filename "*.mp2"; soft yes; }
allow dcc { filename "*.mp3"; soft yes; }
allow dcc { filename "*.mpg"; soft yes; }
allow dcc { filename "*.mpeg"; soft yes; }
allow dcc { filename "*.m1v"; soft yes; }
allow dcc { filename "*.m2v"; soft yes; }
allow dcc { filename "*.vob"; soft yes; }
allow dcc { filename "*.wav"; soft yes; }
allow dcc { filename "*.mp1"; soft yes; };
allow dcc { filename "*.mp2"; soft yes; };
allow dcc { filename "*.mp3"; soft yes; };
allow dcc { filename "*.mpg"; soft yes; };
allow dcc { filename "*.mpeg"; soft yes; };
allow dcc { filename "*.m1v"; soft yes; };
allow dcc { filename "*.m2v"; soft yes; };
allow dcc { filename "*.vob"; soft yes; };
allow dcc { filename "*.wav"; soft yes; };
/* text / misc */
allow dcc { filename "*.txt"; soft yes; }
allow dcc { filename "*.log"; soft yes; }
allow dcc { filename "*.pdf"; soft yes; }
allow dcc { filename "*.c"; soft yes; }
allow dcc { filename "*.cpp"; soft yes; }
allow dcc { filename "*.txt"; soft yes; };
allow dcc { filename "*.log"; soft yes; };
allow dcc { filename "*.pdf"; soft yes; };
allow dcc { filename "*.c"; soft yes; };
allow dcc { filename "*.cpp"; soft yes; };
doc/conf/examples/example.conf
+178 -416
View File
@@ -1,28 +1,23 @@
/* Configuration file for UnrealIRCd 6
/* Configuration file for UnrealIRCd 4
*
* Simply copy this file to your conf/ directory and call it 'unrealircd.conf'
* Simply copy this file to your conf/ directory, call it
* 'unrealircd.conf' and walk through it line by line (edit it!)
*
* If you are in a hurry then you can CTRL+F for: CHANGE THIS
* The items that must be changed are indicated with those two words.
* However, we actually recommend going through the file line by line
* and edit it where needed, so you can see all the basic items and
* what they are set to.
*
* BEFORE YOU PROCEED:
* Important: all lines, except { and } end with an ;
* This is very important, if you miss a ; somewhere then the
* configuration file parser will complain and the file will not
* Important: All lines, except the opening { line, end with an ;
* including };. This is very important, if you miss a ; somewhere then
* the configuration file parser will complain and your file will not
* be processed correctly!
* If this is your first experience with an UnrealIRCd configuration
* file then we really recommend you to read a little about the syntax,
* this only takes a few minutes and will help you a lot:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 6 documentation (very extensive!):
* https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
* UnrealIRCd 4 documentation (very extensive!):
* https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
*
* Frequently Asked Questions:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* This is a comment, all text here is ignored (comment type #1) */
@@ -55,35 +50,27 @@ include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
/* Load the default cloaking module (2021 onwards): */
loadmodule "cloak_sha256";
/* Or load the old module from UnrealIRCd 3.2/4/5 instead: */
//loadmodule "cloak_md5";
// CHANGE THIS (the 'name' and the 'info'):
/* This is the me { } block which basically says who we are.
* It defines our server name, some information line and an unique "sid".
* The server id (sid) must start with a digit followed by two digits or
* letters. The sid must be unique for your IRC network (each server should
* have it's own sid). It is common to use 001 for the first server.
* have it's own sid).
*/
me {
name "irc.example.org";
info "ExampleNET Server";
name "irc.foonet.com";
info "FooNet Server";
sid "001";
}
};
// CHANGE THIS:
/* The admin { } block defines what users will see if they type /ADMIN.
* It normally contains information on how to contact the administrator.
*/
admin {
"Bob Smith";
"bob";
"email@example.org";
}
"widely@used.name";
};
/* Clients and servers are put in class { } blocks, we define them here.
* Class blocks consist of the following items:
@@ -100,7 +87,7 @@ class clients
maxclients 1000;
sendq 200k;
recvq 8000;
}
};
/* Special class for IRCOps with higher limits */
class opers
@@ -109,7 +96,7 @@ class opers
maxclients 50;
sendq 1M;
recvq 8000;
}
};
/* Server class with good defaults */
class servers
@@ -118,32 +105,32 @@ class servers
connfreq 15; /* try to connect every 15 seconds */
maxclients 10; /* max servers */
sendq 20M;
}
};
/* Allow blocks define which clients may connect to this server.
* This allows you to add a server password or restrict the server to
* specific IPs only. You also configure the maximum connections
* specific IP's only. You also configure the maximum connections
* allowed per IP here.
* See also: https://www.unrealircd.org/docs/Allow_block
*/
/* Allow everyone in, but only 3 connections per IP */
allow {
mask *;
ip *@*;
class clients;
maxperip 3;
}
};
/* Example of a special allow block on a specific IP:
* Requires users on that IP to connect with a password. If the password
* is correct then it permits 20 connections on that IP.
*/
// allow {
// mask 192.0.2.1;
// class clients;
// password "somesecretpasswd";
// maxperip 20;
// }
allow {
ip *@192.0.2.1;
class clients;
password "somesecretpasswd";
maxperip 20;
};
/* Oper blocks define your IRC Operators.
* IRC Operators are people who have "extra rights" compared to others,
@@ -157,25 +144,13 @@ allow {
* https://www.unrealircd.org/docs/Oper_block
*/
/* Here is an example oper block for 'bobsmith'
* YOU MUST CHANGE THIS!! (the oper name and the password)
/* Here is an example oper block for 'bobsmith' with password 'test'.
* You MUST change this!!
*/
oper bobsmith {
class opers;
mask *@*;
/* Technically you can put oper passwords in plaintext in the conf but
* this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
* On *NIX, run: ./unrealircd mkpasswd
* On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
* .. and then paste the result below:
*/
password "$argon2id..etc..";
/* See https://www.unrealircd.org/docs/Authentication_types for
* more information, including even better authentication types
* such as 'certfp', and how to generate hashes on Windows.
*/
password "test";
/* Oper permissions are defined in an 'operclass' block.
* See https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd ships with a number of default blocks, see
@@ -183,8 +158,8 @@ oper bobsmith {
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.example.org;
}
vhost netadmin.mynet.org;
};
/* Listen blocks define the ports where the server should listen on.
* In other words: the ports that clients and servers may use to
@@ -192,44 +167,40 @@ oper bobsmith {
*
* Syntax:
* listen {
* {
* ip <ip>;
* port <port>;
* options {
* <options....>;
* }
* }
* };
* };
*/
/* Standard IRC port 6667:
* Insecure plaintext (NOT for production servers)
* This listen block is here only for quick testing.
* Delete or comment out this listen block on production servers
* and use TLS on port 6697 instead.
*/
/* Standard IRC port 6667 */
listen {
ip *;
port 6667;
}
};
/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
options { ssl; };
};
/* Special SSL/TLS servers-only port for linking */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
options { ssl; serversonly; };
};
/* NOTE: If you are on an IRCd shell with multiple IP's and you use
* the above listen { } blocks then you will likely get an
* 'Address already in use' error and the ircd won't start.
* This means you MUST bind to a specific IP instead of '*' like:
* listen { ip 1.2.3.4; port 6667; }
* listen { ip 1.2.3.4; port 6667; };
* Of course, replace the IP with the IP that was assigned to you.
*/
@@ -237,54 +208,50 @@ listen {
* Link blocks allow you to link multiple servers together to form a network.
* See https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
//link hub.example.org
//{
// incoming {
// mask *@something;
// }
//
// outgoing {
// bind-ip *; /* or explicitly an IP */
// hostname hub.example.org;
// port 6900;
// options { tls; }
// }
//
// /* We use the SPKI fingerprint of the other server for authentication.
// * Open a shell on the OTHER SERVER and run the command to get the fingerprint:
// * On *NIX, run: ./unrealircd spkifp
// * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
// */
// password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
//
// class servers;
//}
link hub.mynet.org
{
incoming {
mask *@something;
};
outgoing {
bind-ip *; /* or explicitly an IP */
hostname hub.mynet.org;
port 6900;
options { ssl; };
};
/* We use the SPKI fingerprint of the other server for authentication.
* Run './unrealircd spkifp' on the other side to get it.
* NOTE: requires UnrealIRCd 4.0.16 or later.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
class servers;
};
/* The link block for services is usually much simpler.
* For more information about what Services are,
* see https://www.unrealircd.org/docs/Services
*/
//link services.example.org
//{
// incoming {
// mask 127.0.0.1;
// }
//
// password "changemeplease";
//
// class servers;
//}
link services.mynet.org
{
incoming {
mask 127.0.0.1;
};
password "changemeplease";
class servers;
};
/* U-lines give other servers (even) more power/commands.
* If you use services you MUST add them here. You must add the
* services server name in ulines { } in the config file on
* every UnrealIRCd server on your network.
* IMPORTANT: Never put the name of an UnrealIRCd server here,
* it's only for Services!
* If you use services you must add them here.
* NEVER put the name of an UnrealIRCd server here!!!
*/
//ulines {
// services.example.org;
//}
ulines {
services.mynet.org;
};
/* Here you can add a password for the IRCOp-only /DIE and /RESTART commands.
* This is mainly meant to provide a little protection against accidental
@@ -293,51 +260,27 @@ listen {
drpass {
restart "restart";
die "die";
}
};
/* The log block defines what should be logged and to what file.
* See also https://www.unrealircd.org/docs/Log_block
*/
/* This is a good default, it logs everything except
* debug stuff and join/part/kick.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.log" { maxsize 100M; }
}
}
/* In addition to regular logging, also add a JSON log file.
* This includes lots of information about every event so is great
* for auditing purposes and is machine readable. It is, however
* less readable for humans.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.json.log" { maxsize 250M; type json; }
}
}
/* This is a good default, it logs almost everything */
log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
};
};
/* With "aliases" you can create an alias like /SOMETHING to send a message to
* some user or bot. They are usually used for services.
@@ -348,43 +291,43 @@ log {
include "aliases/anope.conf";
/* Ban nick names so they cannot be used by regular users */
// ban nick {
// mask "*C*h*a*n*S*e*r*v*";
// reason "Reserved for Services";
// }
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Reserved for Services";
};
/* Ban ip.
* Note that you normally use /KLINE, /GLINE and /ZLINE for this.
*/
// ban ip {
// mask 195.86.232.81;
// reason "Hate you";
// }
ban ip {
mask 195.86.232.81;
reason "Hate you";
};
/* Ban server - if we see this server linked to someone then we delink */
// ban server {
// mask eris.berkeley.edu;
// reason "Get out of here.";
// }
ban server {
mask eris.berkeley.edu;
reason "Get out of here.";
};
/* Ban user - just as an example, you normally use /KLINE or /GLINE for this */
// ban user {
// mask *tirc@*.saturn.bbn.com;
// reason "Idiot";
// }
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
};
/* Ban realname allows you to ban clients based on their 'real name'
* or 'gecos' field.
*/
// ban realname {
// mask "Swat Team";
// reason "mIRKFORCE";
// }
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
};
// ban realname {
// mask "sub7server";
// reason "sub7";
// }
ban realname {
mask "sub7server";
reason "sub7";
};
/* Ban and TKL exceptions. Allows you to exempt users / machines from
* KLINE, GLINE, etc.
@@ -393,45 +336,45 @@ include "aliases/anope.conf";
* even if you accidentally place a *LINE ban on yourself.
*/
/* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
// except ban {
// mask *@192.0.2.1;
// type all;
// }
/* This allows IRCCloud connections in without maxperip restrictions
* and also exempt them from connect-flood throttling.
*/
/* except ban protects you from KLINE and ZLINE */
except ban {
mask *.irccloud.com;
type { maxperip; connect-flood; }
}
mask *@192.0.2.1;
// you may add more mask entries here..
};
/* except tkl with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */
except tkl {
mask *@192.0.2.1;
type all;
};
/* With deny dcc blocks you can ban filenames for DCC */
// deny dcc {
// filename "*sub7*";
// reason "Possible Sub7 Virus";
// }
deny dcc {
filename "*sub7*";
reason "Possible Sub7 Virus";
};
/* deny channel allows you to ban a channel (mask) entirely */
// deny channel {
// channel "*warez*";
// reason "Warez is illegal";
// class "clients";
// }
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
};
/* VHosts (Virtual Hosts) allow users to acquire a different host.
* See https://www.unrealircd.org/docs/Vhost_block
*/
/* Example vhost which you can use. On IRC type: /VHOST test test
* NOTE: only people with an 'unrealircd.com' host may use it so
* be sure to change the vhost::mask before you test.
*/
// vhost {
// vhost i.hate.microsefrs.com;
// mask *@*;
// login "test";
// password "test";
// }
vhost {
vhost i.hate.microsefrs.com;
mask *@unrealircd.com;
login "test";
password "test";
};
/* Blacklist blocks will query an external DNS Blacklist service
* whenever a user connects, to see if the IP address is known
@@ -453,12 +396,12 @@ blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
}
};
/* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation
* and the meaning of the reply types.
@@ -471,58 +414,51 @@ blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
reply { 1; 4; 5; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
}
reason "Proxy/Drone/TOR detected. Check http://rbl.efnetrbl.org/?i=$ip for details.";
};
/* You can include other configuration files */
/* include "klines.conf"; */
/* Network configuration */
set {
// CHANGE THIS, ALL 4 ITEMS:
network-name "ExampleNET";
default-server "irc.example.org";
services-server "services.example.org";
stats-server "stats.example.org";
/* Normal defaults */
network-name "MYNet";
default-server "irc.mynet.org";
services-server "services.mynet.org";
stats-server "stats.mynet.org";
help-channel "#Help";
cloak-prefix "Clk";
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Cloak keys should be the same at all servers on the network.
* They are used for generating masked hosts and should be kept secret.
* YOU MUST CHANGE THIS!
* The keys should be 3 random strings of 80 characters each (or more).
* The keys should be 3 random strings of 50-100 characters
* and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9).
* On *NIX, you can run './unrealircd gencloak' in your shell to let
* UnrealIRCd generate 3 random strings for you.
* On Windows, you can run "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
* HINT: On *NIX, you can run './unrealircd gencloak' in your shell to let
* UnrealIRCd generate 3 random strings for you.
*/
cloak-keys {
"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"and another one";
"and another one";
}
}
};
};
/* Server specific configuration */
set {
// FINALLY, YOU MUST CHANGE THIS NEXT ITEM:
kline-address 'set.this.to.email.address'; /* e-mail or URL shown when a user is banned */
set {
kline-address "set.this.to.email.address"; /* e-mail or URL shown when a user is banned */
modes-on-connect "+ixw"; /* when users connect, they will get these user modes */
modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */
modes-on-join "+nt"; /* default channel modes when a new channel is created */
modes-on-oper "+xwgs"; /* when someone becomes IRCOp they'll get these modes */
oper-auto-join "#opers"; /* IRCOps are auto-joined to this channel */
options {
hide-ulines; /* hide U-lines in /MAP and /LINKS */
show-connect-info; /* show "looking up your hostname" messages on connect */
}
};
maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */
@@ -537,26 +473,15 @@ set {
/* static-part does the same for /PART */
/* static-part yes; */
/* Flood protection */
anti-flood {
/* There are lots of settings for this and most have good defaults.
* See https://www.unrealircd.org/docs/Anti-flood_settings
*/
/* Which /STATS to restrict to opers only. We suggest to leave it to * (ALL) */
oper-only-stats "*";
channel {
/* For channel-specific anti-flood settings, see
* https://www.unrealircd.org/docs/Channel_anti-flood_settings
* In UnrealIRCd 6.2.0+ the default is profile "normal".
* Chanops can override this via "MODE #channel +F relaxed"
* or "+F off". If you are afraid of too many false positives
* then you could set this to "relaxed" instead. Note that
* doing so would reduce protection for everyone. Another
* option is to set it here to "off" to disable this default
* channel protection entirely (not recommended).
*/
default-profile normal;
}
}
/* Anti flood protection */
anti-flood {
nick-flood 3:60; /* 3 nick changes per 60 seconds (the default) */
connect-flood 3:60; /* 3 connection attempts per 60 seconds (the default) */
away-flood 4:120; /* 4 times per 2 minutes you may use /AWAY (default) */
};
/* Settings for spam filter */
spamfilter {
@@ -564,171 +489,8 @@ set {
ban-reason "Spam/Advertising"; /* default reason */
virus-help-channel "#help"; /* channel to use for 'viruschan' action */
/* except "#help"; channel to exempt from Spamfilter */
}
/* Restrict certain commands.
* See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
except {
connect-time 60; /* after 60 seconds you can use LIST */
identified yes; /* or immediately, if you are identified to services */
reputation-score 24; /* or if you have a reputation score of 24 or more */
}
}
invite {
except {
connect-time 120;
identified yes;
reputation-score 24;
}
}
/* In addition to the ability to restrict any command,
* such as shown above. There are also 4 special types
* that you can restrict. These are "private-message",
* "private-notice", "channel-message" and "channel-notice".
* They are commented out (disabled) in this example:
*/
//private-message {
// except { connect-time 10; }
//}
//private-notice {
// except { connect-time 10; }
//}
}
}
/* RECOMMENDED:
* Everyone should be using IRC over SSL/TLS on port 6697. However, to use
* it properly, you have to get a "real" certificate instead of the
* self-signed default certificate that was generated by the installer.
* The Let's Encrypt initiative allows you to get a free certificate that is
* issued by a trusted Certificate Authority. Instructions are at:
* https://www.unrealircd.org/docs/Using_Let's_Encrypt_with_UnrealIRCd
*
* When you follow that guide you will have a "dual certificate" setup:
* set::tls:
* Your trusted CA certificate, served to clients on port 6697.
* (key and certificate change and renew every xx days automatically)
* set::server-linking::tls-options
* A long-lived self-signed certificate for server linking, with
* a stable 'spkifp' signature that you use in link blocks.
* This certificate is used automatically in "serversonly" listen blocks
* (port 6900 in this configuration file) and automatically used for all
* link { } blocks.
*
*/
//set {
// tls {
// certificate "/etc/letsencrypt/live/irc.example.org/fullchain.pem";
// key "/etc/letsencrypt/live/irc.example.org/privkey.pem";
// }
// server-linking {
// tls-options {
// certificate "tls/server.cert.pem";
// key "tls/server.key.pem";
// }
// }
//}
/*
* The following will configure connection throttling of "unknown users".
*
* When UnrealIRCd detects a high number of users connecting from IP addresses
* that have not been seen before, then connections from new IP's are rejected
* above the set rate. For example at 10:60 only 10 users per minute can connect
* that have not been seen before. Known IP addresses can always get in,
* regardless of the set rate. Same for users who login using SASL.
*
* See also https://www.unrealircd.org/docs/Connthrottle for details.
* Or just keep reading the default configuration settings below:
*/
set {
connthrottle {
/* First we configure which users are exempt from the
* restrictions. These users are always allowed in!
* By default these are users on IP addresses that have
* a score of 24 or higher. A score of 24 means that the
* IP was connected to this network for at least 2 hours
* in the past month (or minimum 1 hour if registered).
* We also allow users who are identified to services via
* SASL to bypass the restrictions.
*/
except {
reputation-score 24;
identified yes;
/* for more options, see
* https://www.unrealircd.org/docs/Mask_item
*/
}
/* New users are all users that do not belong in the
* known-users group. They are considered "new" and in
* case of a high number of such new users connecting
* they are subject to connection rate limiting.
* By default the rate is 20 new local users per minute
* and 30 new global users per minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* For IPv6 users, on top of 'maxperip' (which limits
* connections per /64), connthrottle also limits how
* many unknown users can be online from wider IPv6
* prefixes (/56, /48, /32). This is an additional
* security measure, separate from the rate-throttle
* above. People in the security-group "known-users"
* bypass this, as well as set::connthrottle::except.
* The defaults below should fit most networks unchanged.
* Uncomment to tune. Set a cidr-xx item to max 0;
* to disable it.
*/
//ipv6-unknown-users-limit {
// cidr-56 { max 8; }
// cidr-48 { max 32; }
// cidr-32 { max 256; }
//}
/* This configures when this module will NOT be active.
* The default settings will disable the module when:
* - The reputation module has been running for less than
* a week. If running less than 1 week then there is
* insufficient data to consider who is a "known user".
* - The server has just been booted up (first 3 minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* CHANNEL HISTORY:
* UnrealIRCd has channel mode +H which can be used by users to read back
* channel history, such as from before they joined. For general information
* on this feature, see https://www.unrealircd.org/docs/Channel_history
*
* The history limits can be configured via set::history. The defaults are
* probably already good for you, but if you are on a low-memory system
* or have thousands of channels then you may want to double check. See
* https://www.unrealircd.org/docs/Set_block#set::history for the options.
*
* In addition to that, you can have "persistent channel history", which
* means channel history is stored encrypted on disk so it is preserved
* between IRC server restarts, see
* https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
* The persistent history feature is NOT enabled by default because you
* need to configure a secret { } block for it. The following is a simple
* example with passwords stored directly in the configuration file.
* To get better security, read https://www.unrealircd.org/docs/Secret_block
* on alternative ways so you don't store passwords directly in the config.
*/
//secret historydb { password "somepassword"; }
//set { history { channel { persist yes; db-secret "historydb"; } } }
};
};
/* Finally, you may wish to have a MOTD (Message of the Day), this can be
* done by creating an 'ircd.motd' text file in your conf/ directory.
@@ -738,7 +500,7 @@ set {
/*
* Problems or need more help?
* 1) https://www.unrealircd.org/docs/
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions!
* 3) If you are still having problems then you can get support:
* - Forums: https://forums.unrealircd.org/
doc/conf/examples/example.es.conf
-659
View File
@@ -1,659 +0,0 @@
/* Archivo de configuración para UnrealIRCd 6
*
* Simplemente copie este archivo a su directorio conf/, llámelo
* 'unrealircd.conf' y revíselo línea por línea (¡edítelo!)
*
* Importante: Todas las líneas, excepto { y } terminan con ;
* Esto es muy importante, si pierde un ; en algún lugar entonces el
* el analizador del archivo de configuración se quejará y el archivo no
* ser procesado correctamente!
* Si esta es tu primera experiencia con una configuración de UnrealIRCd
* entonces te recomendamos que leas un poco sobre la sintaxis,
* esto solo toma unos minutos y te ayudará mucho:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* Documentación de UnrealIRCd 6 (¡muy extensa!):
* https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
*
* Preguntas frecuentes:
* https://www.unrealircd.org/docs/FAQ
*
*/
/* Esto es un comentario, todo el texto aquí es ignorado (tipo de comentario #1) */
// Esto también es un comentario, esta línea se ignora (tipo de comentario #2)
# Esto también es un comentario, nuevamente esta línea se ignora (tipo de comentario #3)
/* UnrealIRCd hace un uso intensivo de los módulos. Los módulos le permiten completamente
* personaliza el conjunto de características que deseas habilitar en UnrealIRCd.
* Ver: https://www.unrealircd.org/docs/Modules
*
* Al usar el incluir a continuación, le indicamos al IRCd que lea el archivo
* 'modules.default.conf' que cargará más de 150 módulos
* enviado con UnrealIRCd. En otras palabras: esto simplemente cargará
* todas las funciones disponibles en UnrealIRCd.
* Si está configurando UnrealIRCd por primera vez, le sugerimos
* utilizar esta. Luego, cuando todo esté funcionando, puedes venir
* volver más tarde para personalizar la lista (si lo desea).
*/
include "modules.default.conf";
/* Ahora incluyamos algunos otros archivos también:
* - help/help.conf para nuestro sistema on-IRC /HELPOP
* - badwords.conf para canal y modo de usuario +G
* - spamfilter.conf como ejemplo para el uso de spamfilter
* (Comentado)
* - operclass.default.conf contiene algunas buenas operclasses que
* puedes usar en tus bloques operativos.
*/
include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
/* Cargar el módulo de encubrimiento predeterminado (2021 en adelante): */
loadmodule "cloak_sha256";
/* O cargue el módulo antiguo de UnrealIRCd 3.2/4/5 en su lugar: */
//loadmodule "cloak_md5";
/* Este es el bloque yo { } que básicamente dice quiénes somos.
* Define el nombre de nuestro servidor, alguna línea de información y un "sid" único.
* La identificación del servidor (sid) debe comenzar con un dígito seguido de dos dígitos o
* cartas. El sid debe ser único para su red IRC (cada servidor debe
* tener su propio sid).
*/
me {
name "irc.example.org";
info "ExampleNET Server";
sid "001";
}
/* El bloque admin { } define lo que verán los usuarios si escriben /ADMIN.
* Normalmente contiene información sobre cómo contactar con el administrador.
*/
admin {
"Bob Smith";
"bob";
"email@example.org";
}
/* Los clientes y servidores se colocan en bloques de clase { }, los definimos aquí.
* Los bloques de clase constan de los siguientes elementos:
* - pingfreq: con qué frecuencia hacer ping a un usuario/servidor (en segundos)
* - connfreq: con qué frecuencia intentamos conectarnos a este servidor (en segundos)
* - sendq: el tamaño máximo de cola para una conexión
* - recvq: máxima cola de recepción de una conexión (control de inundación)
*/
/* Clase de cliente con buenos valores predeterminados */
class clients
{
pingfreq 90;
maxclients 1000;
sendq 200k;
recvq 8000;
}
/* Clase especial para IRCOps con límites más altos */
class opers
{
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}
/* Clase de servidor con buenos valores predeterminados */
class servers
{
pingfreq 60;
connfreq 15; /* intenta conectarte cada 15 segundos */
maxclients 10; /* maximo de servidores */
sendq 20M;
}
/* Permitir que los bloques definan qué clientes pueden conectarse a este servidor.
* Esto le permite agregar una contraseña de servidor o restringir el servidor a
* IP específicas solamente. También configuras las conexiones máximas
* permitido por IP aquí.
* Ver también: https://www.unrealircd.org/docs/Allow_block
*/
/* Permitir el ingreso de todos, pero solo 3 conexiones por IP */
allow {
mask *;
class clients;
maxperip 3;
}
/* Los bloques Oper definen sus operadores IRC.
* Los operadores de IRC son personas que tienen "derechos adicionales" en comparación con otros,
* por ejemplo, pueden /MATAR a otras personas, iniciar la vinculación del servidor,
* /ÚNETE a los canales aunque estén prohibidos, etc.
*
* Para obtener más información sobre cómo convertirse en un IRCOp y cómo ser administrador
* tareas, ver: https://www.unrealircd.org/docs/IRCOp_guide
*
* Para obtener detalles sobre el propio bloque oper { }, consulte
* https://www.unrealircd.org/docs/Oper_block
*/
/* Aquí hay un bloque de operación de ejemplo para 'bobsmith'.
* ¡DEBES cambiar esto!
*/
oper bobsmith {
class opers;
mask *@*;
/* Technically you can put oper passwords in plaintext in the conf but
* this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
* On *NIX, run: ./unrealircd mkpasswd
* On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
* .. and then paste the result below:
*/
password "$argon2id..etc..";
/* See https://www.unrealircd.org/docs/Authentication_types for
* more information, including even better authentication types
* such as 'certfp', and how to generate hashes on Windows.
*/
/* Los permisos de operación se definen en un bloque 'operclass'.
* Ver https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd se envía con una serie de bloques predeterminados, consulte
* el artículo para una lista completa. Elegimos 'netadmin' aquí.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.example.org;
}
/* Los bloques de escucha definen los puertos donde el servidor debe escuchar.
* En otras palabras: los puertos que los clientes y servidores pueden usar para
* conectarse a este servidor.
*
* Sintaxis:
* listen {
* ip <ip>;
* port <port>;
* options {
* <options....>;
* }
* }
*/
/* Puerto IRC estándar 6667
* Insecure plaintext (NOT for production servers)
* This listen block is here only for quick testing.
* Delete or comment out this listen block on production servers
* and use TLS on port 6697 instead.
*/
listen {
ip *;
port 6667;
}
/* Puerto IRC estándar 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
/* Puerto especial solo para servidores SSL/TLS para vincular */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
/* NOTA: Si está en una shell IRCd con múltiples IP y usa
* los bloques de escucha anteriores { } entonces probablemente obtendrás un
* Error 'Dirección ya en uso' y el ircd no se iniciará.
* Esto significa que DEBE vincularse a una IP específica en lugar de '*' como:
* escucha { ip 1.2.3.4; puerto 6667; }
* Por supuesto, reemplaza la IP con la IP que te fue asignada.
*/
/*
* Los bloques de enlace le permiten vincular varios servidores para formar una red.
* Ver https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.ejemplo.org
{
incoming {
mask *@algo;
}
outgoing {
bind-ip *; /* o explícitamente una IP */
hostname hub.ejemplo.org;
port 6900;
options { tls; }
}
/* Usamos la huella digital SPKI del otro servidor para la autenticación.
* Ejecute './unrealircd spkifp' en el otro lado del linkeo para obtenerlo.
* ( Windows: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp )
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
class servers;
}
/* El bloque de enlace para servicios suele ser mucho más simple.
* Para más información sobre qué son los Servicios,
* ver https://www.unrealircd.org/docs/Services
*/
link services.ejemplo.org
{
incoming {
mask 127.0.0.1;
}
password "cambiameporfavor";
class servers;
}
/* Las líneas U dan a otros servidores (incluso) más poder/comandos.
* Si usas servicios debes agregarlos aquí.
* ¡NUNCA pongas el nombre de un servidor UnrealIRCd aquí!
*/
ulines {
services.ejemnplo.org;
}
/* Aquí puede agregar una contraseña para los comandos /DIE y /RESTART exclusivos de IRCOp.
* Esto está destinado principalmente a proporcionar un poco de protección contra accidentes
* reinicios y muertes del servidor.
*/
drpass {
restart "restart";
die "die";
}
/* El bloque de registro define qué debe registrarse y en qué archivo.
* Ver también https://www.unrealircd.org/docs/Log_block
*/
/* Este es un buen valor predeterminado, registra todo excepto
* cosas de depuración y unión/parte/kick.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.log" { maxsize 100M; }
}
}
/* In addition to regular logging, also add a JSON log file.
* This includes lots of information about every event so is great
* for auditing purposes and is machine readable. It is, however
* less readable for humans.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.json.log" { maxsize 250M; type json; }
}
}
/* Con "aliases" puedes crear un alias como /ALGO para enviar un mensaje a
* algún usuario o bot. Suelen utilizarse para servicios.
*
* Tenemos una cantidad de archivos de alias preestablecidos, consulte el directorio alias/.
* A modo de ejemplo, aquí incluimos todos los alias utilizados para los servicios de anope.
*/
include "aliases/anope.conf";
/* Prohibir los apodos para que no puedan ser utilizados por usuarios regulares */
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Reservado para Servicios";
}
/* Baneo por ip.
* Tenga en cuenta que normalmente usa /KLINE, /GLINE y /ZLINE para esto.
*/
ban ip {
mask 195.86.232.81;
reason "Te odio";
}
/* Baneo del servidor: si vemos que este servidor está vinculado a alguien, lo desvinculamos */
ban server {
mask eris.berkeley.edu;
reason "Sal de aquí.";
}
/* Baneo de usuario: solo como ejemplo, normalmente usa /KLINE o /GLINE para esto */
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
}
/* Baneo del nombre real le permite prohibir clientes en función de su 'nombre real'
* o campo 'gecos'.
*/
ban realname {
mask "Equipo Swat";
reason "mIRKFORCE";
}
ban realname {
mask "sub7server";
reason "sub7";
}
/* Excepciones de baneo y TKL. Le permite eximir a los usuarios/máquinas de
* KLINE, GLINE, etc.
* Si es un IRCOp con una IP estática (y no hay personas que no sean de confianza en esa IP)
* entonces te sugerimos que te añadas aquí. Así siempre puedes entrar
* incluso si accidentalmente colocas una prohibición de *LINE en ti mismo.
*/
/* excepto el baneo con el tipo 'todos' (all) te proteja de GLINE, GZLINE, QLINE, SHUN */
except ban {
mask *@192.0.2.1;
type all;
}
/* This allows IRCCloud connections in without maxperip restrictions
* and also exempt them from connect-flood throttling.
*/
except ban {
mask *.irccloud.com;
type { maxperip; connect-flood; }
}
/* Con los bloques de denegación de DCC puede prohibir los nombres de archivo para DCC */
deny dcc {
filename "*sub7*";
reason "Posible Sub7 Virus";
}
/* denegar canal le permite prohibir un canal (máscara) por completo */
deny channel {
channel "*warez*";
reason "Warez es ilegal";
class "clients";
}
/* Los VHosts (hosts virtuales) permiten a los usuarios adquirir un host diferente.
* Ver https://www.unrealircd.org/docs/Vhost_block
*/
/* Ejemplo de vhost que puede usar. En el tipo de IRC: prueba de prueba /VHOST
* NOTA: solo las personas con un host 'unrealircd.com' pueden usarlo para
* asegúrese de cambiar el vhost::mask antes de probar.
*/
vhost {
vhost odio.microsefrs.com;
mask *@unrealircd.com;
login "test";
password "test";
}
/* Los bloques de la lista negra consultarán un servicio de lista negra de DNS externo
* cada vez que un usuario se conecta, para ver si se conoce la dirección IP
* para causar ataques de drones, es una máquina pirateada conocida, etc.
* Documentación: https://www.unrealircd.org/docs/Blacklist_block
* O simplemente eche un vistazo a los bloques a continuación.
*/
/* DroneBL, probablemente la lista negra más popular utilizada por los servidores IRC.
* Ver https://dronebl.org/ para su documentación y el
* significado de los tipos de respuesta. Al momento de escribir usamos tipos:
* 3: IRC Drone, 5: Embotellador, 6: Spambot o drone desconocido,
* 7: Drone DDoS, 8: Proxy SOCKS, 9: Proxy HTTP, 10: ProxyChain,
* 11: Proxy de página web, 12: Open DNS Resolver, 13: Atacantes de fuerza bruta,
* 14: Proxy Wingate abierto, 15: Enrutador / puerta de enlace comprometidos,
* 16: Gusanos autoenraizadores.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone Detectado. Chequea https://dronebl.org/lookup?ip=$ip para más detalles.";
}
/* EFnetRBL, consulte https://rbl.efnetrbl.org/ para obtener la documentación
* y el significado de los tipos de respuesta.
* Al momento de escribir: 1 es proxy abierto, 4 es TOR, 5 es drones/inundaciones.
*
* NOTA: Si desea permitir proxies TOR en su servidor, entonces
* necesita eliminar el '4;' abajo en la sección de respuesta.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
}
/* Puede incluir otros archivos de configuración */
/* include "klines.conf"; */
/* Configuración de la red */
set {
network-name "EjemploNET";
default-server "irc.ejemplo.org";
services-server "services.ejemplo.org";
stats-server "stats.ejemplo.org";
help-channel "#Ayuda";
cloak-prefix "Clk";
prefix-quit "Quit";
/* Las claves de ocultación deben ser las mismas en todos los servidores de la red.
* Se utilizan para generar hosts enmascarados y deben mantenerse en secreto.
* Las claves deben ser 3 cadenas aleatorias de 80 caracteres cada una (o más).
* y debe constar de minúsculas (a-z), mayúsculas (A-Z) y dígitos (0-9).
* SUGERENCIA: En *NIX, puede ejecutar './unrealircd gencloak' en su shell para dejar
* UnrealIRCd genera 3 cadenas aleatorias para ti.
* On Windows, you can run "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
*/
cloak-keys {
"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
"y otra llave";
"y otra llave";
}
}
/* Configuración específica del servidor */
set {
kline-address 'agrega.una.dirección.de.correo-electrónico'; /* correo electrónico o URL que se muestra cuando un usuario está baneado */
modes-on-connect "+ixw"; /* cuando los usuarios se conecten, obtendrán estos modos de usuario */
modes-on-oper "+xws"; /* cuando alguien se convierte en IRCOp obtendrá estos modos */
modes-on-join "+nt"; /* modos de canal predeterminados cuando se crea un nuevo canal */
oper-auto-join "#opers"; /* Los IRCOps se unen automáticamente a este canal */
options {
hide-ulines; /* ocultar líneas U en /MAP y /LINKS */
show-connect-info; /* mostrar mensajes de "buscando su nombre de host" al conectarse */
}
maxchannelsperuser 10; /* número máximo de canales que un usuario puede /JOIN */
/* El tiempo mínimo que un usuario debe estar conectado antes de que se le permita
* use un mensaje SALIR. Con suerte, esto ayudará a detener el spam.
*/
anti-spam-quit-message-time 10s;
/* O simplemente establezca una salida estática, lo que significa que se ignora cualquier razón /QUIT */
/* static-quit "Salida del cliente"; */
/* static-part hace lo mismo para /PART */
/* static-part yes; */
/* Protección contra inundaciones:
* Hay muchas configuraciones para esto y la mayoría tiene buenos valores predeterminados.
* Ver https://www.unrealircd.org/docs/Set_block#set::anti-flood
*/
anti-flood {
}
/* Configuración del filtro de spam */
spamfilter {
ban-time 1d; /* duración predeterminada de una prohibición de *LINE establecida por spamfilter */
ban-reason "Spam/Publicidad"; /* razón por defecto */
virus-help-channel "#Ayuda"; /* canal a usar para la acción 'viruschan' */
/* except "#Ayuda"; canal para eximir de Spamfilter */
}
/* Restringir ciertos comandos.
* Ver https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
except {
connect-time 60;
identified yes;
reputation-score 24;
}
}
invite {
except {
connect-time 120;
identified yes;
reputation-score 24;
}
}
/* Además de la capacidad de restringir cualquier comando,
* como se muestra arriba. También hay 4 tipos especiales.
* que puedes restringir. Estos son "mensajes privados",
* "aviso privado", "mensaje de canal" y "aviso de canal".
* Están comentados (deshabilitados) en este ejemplo:
*/
//private-message {
// except {
// connect-time 10;
// }
//}
//private-notice {
// except {
// connect-time 10;
// }
//}
}
}
/*
* Lo siguiente configurará la limitación de conexión de "usuarios desconocidos".
*
* Cuando UnrealIRCd detecta una gran cantidad de usuarios que se conectan desde direcciones IP
* que no se han visto antes, entonces se rechazan las conexiones de nuevas IP
* por encima de la tarifa establecida. Por ejemplo a las 10:60 solo se pueden conectar 10 usuarios por minuto
* que no se han visto antes. Las direcciones IP conocidas siempre pueden entrar,
* independientemente de la tarifa establecida. Lo mismo para los usuarios que inician sesión con SASL.
*
* Ver también https://www.unrealircd.org/docs/Connthrottle para más detalles.
* O simplemente siga leyendo los ajustes de configuración predeterminados a continuación:
*/
set {
connthrottle {
/* Primero debemos configurar lo que llamamos "usuarios conocidos".
* De forma predeterminada, estos son usuarios en direcciones IP que tienen
* una puntuación de 24 o superior. Una puntuación de 24 significa que el
* La IP estuvo conectada a esta red durante al menos 2 horas
* en el último mes (o mínimo 1 hora si está registrado).
* La opción sasl-bypass es otra configuración. Significa
* que los usuarios que se autentican en los servicios a través de SASL
* también se consideran usuarios conocidos.
* Usuarios en el grupo de "usuarios conocidos" (ya sea por reputación
* o por SASL) siempre están permitidas en este módulo.
*/
except {
reputation-score 24;
identified yes;
}
/* Los nuevos usuarios son todos los usuarios que no pertenecen al
* grupo de usuarios conocidos. Se consideran "nuevos" y en
* caso de un alto número de tales nuevos usuarios que se conectan
* están sujetos a limitación de velocidad de conexión.
* Por defecto la tarifa es de 20 nuevos usuarios locales por minuto
* y 30 nuevos usuarios globales por minuto.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* Esto configura cuando este módulo NO estará activo.
* La configuración predeterminada deshabilitará el módulo cuando:
* - El módulo de reputación se ha estado ejecutando durante menos de
* una semana. Si se ejecuta menos de 1 semana, entonces hay
* datos insuficientes para considerar quién es un "usuario conocido".
* - El servidor acaba de iniciarse (primeros 3 minutos).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* HISTORIAL DE UN CANAL:
* UnrealIRCd tiene el modo de canal +H que los usuarios pueden usar para volver a leer
* los mensajes del canal, antes de que se unieran. Para información general
* en esta función, lee https://www.unrealircd.org/docs/Channel_history
*
* El historial del canal puede ser configurado vía set::history. Los valores predeterminados
* son probablemente buenos para ti, pero si está en un sistema con poca memoria
* o tiene miles de canales, entonces es posible que debas volver a verificar. Lee
* https://www.unrealircd.org/docs/Set_block#set::history para las opciones.
*
* Además de eso, puedes tener "persistent channel history", cual
* significa que el historial del canal se almacena encriptado en el disco
* para que se conserve entre reinicios del servidor IRC, lee
* https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
* La función de historial persistente NO está habilitada de manera predeterminada
* porque usted necesita configurar un bloque de secreto { } para ello. Un sencillo
* ejemplo con contraseñas almacenadas directamente en el archivo de configuración.
* Para obtener una mejor seguridad, lee https://www.unrealircd.org/docs/Secret_block
* las diferentes alternativas para que no almacenes contraseñas directamente en la configuración.
*/
//secret historydb { password "somepassword"; }
//set { history { channel { persist yes; db-secret "historydb"; } } }
/* Finalmente, es posible que desee tener un MOTD (Mensaje del día), esto puede ser
* se hace creando un archivo de texto 'ircd.motd' en su directorio conf/.
* Este archivo se mostrará a tus usuarios al conectarse.
* Para obtener más información, consulte https://www.unrealircd.org/docs/MOTD_and_Rules
*/
/*
* Problemas o necesita más ayuda?
* 1) https://www.unrealircd.org/docs/
* 2) https://www.unrealircd.org/docs/Main_Page/es <- ¡responde el 80% de tus preguntas!
* 3) Si aún tiene problemas, puede obtener soporte:
* - Foros: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL en el puerto 6697) / #unreal-support
* ¡Tenga en cuenta que primero le pedimos que lea la documentación y las preguntas frecuentes!
*/
doc/conf/examples/example.fr.conf
+98 -303
View File
@@ -1,4 +1,4 @@
/* Fichier de configuration pour UnrealIRCd 6
/* Fichier de configuration pour UnrealIRCd 4
*
* Copiez ce fichier dans le répertoire conf/, renommez le
* 'unrealircd.conf' et parcourez-le ligne par ligne (modifiez le !)
@@ -13,8 +13,8 @@
* beaucoup :
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* Documentation pour UnrealIRCd 6 (très complète !) :
* https://www.unrealircd.org/docs/UnrealIRCd_6_documentation/fr
* Documentation pour UnrealIRCd 4 (très complète !) :
* https://www.unrealircd.org/docs/UnrealIRCd_4_documentation/fr
*
* Foire Aux Questions :
* https://www.unrealircd.org/docs/FAQ
@@ -51,12 +51,6 @@ include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
/* Load the default cloaking module (2021 onwards): */
loadmodule "cloak_sha256";
/* Or load the old module from UnrealIRCd 3.2/4/5 instead: */
//loadmodule "cloak_md5";
/* Le bloc me { } indique qui est le serveur.
* Il définit le nom du serveur, une ligne d'informations et un identifiant
@@ -65,10 +59,10 @@ loadmodule "cloak_sha256";
* (chaque serveur doit avoir un sid différent).
*/
me {
name "irc.example.org";
info "Serveur ExampleNET";
name "irc.foonet.com";
info "Serveur FooNet";
sid "001";
}
};
/* Le bloc admin { } définit ce que les utilisateurs verront en faisant
* /ADMIN. C'est généralement des infos de contact de l'administrateur.
@@ -76,8 +70,8 @@ me {
admin {
"Bob Smith";
"bob";
"adresse.email@example.org";
}
"adresse.email@foonet.com";
};
/* Les clients et serveurs sont placés dans des classes, que nous
* définissons dans ces blocs class { }.
@@ -98,7 +92,7 @@ class clients
maxclients 1000;
sendq 200k;
recvq 8000;
}
};
/* Classe spéciale pour des IRCOps avec des limites plus hautes */
class opers
@@ -107,7 +101,7 @@ class opers
maxclients 50;
sendq 1M;
recvq 8000;
}
};
/* Classe pour des serveurs */
class servers
@@ -116,7 +110,7 @@ class servers
connfreq 15; /* essayer de se connecter toutes les 15 sec */
maxclients 10; /* nombre max de serveurs */
sendq 5M;
}
};
/* Les blocs allow définissent quels clients peuvent se connecter au
* serveur. Ils vous permettent d'ajouter un mot de passe ou de restreindre
@@ -127,21 +121,21 @@ class servers
/* Accepter tout le monde, mais seulement 5 connexions par IP */
allow {
mask *;
ip *@*;
class clients;
maxperip 5;
}
};
/* Exemple de bloc allow spécial pour une IP donnée :
* Les utilisateurs sur cette IP doivent se connecter avec un mot de passe.
* S'il est correct, alors autoriser 20 connexions sur cette IP.
*/
allow {
mask 192.0.2.1;
ip *@192.0.2.1;
class clients;
password "unmotdepassesecret";
maxperip 20;
}
};
/* Les blocs oper définissent vos Opérateurs IRC.
* Les Opérateurs IRC sont des utilisateurs avec des "droits en plus"
@@ -151,25 +145,14 @@ allow {
* Voir aussi : https://www.unrealircd.org/docs/Oper_block
*/
/* Voici un exemple de bloc oper pour 'bobsmith'.
/* Voici un exemple de bloc oper pour 'bobsmith' avec le mot de
* passe 'test'.
* Vous DEVEZ le modifier !!
*/
oper bobsmith {
class opers;
mask *@*;
/* Technically you can put oper passwords in plaintext in the conf but
* this is HIGHLY DISCOURAGED. Instead you should generate a password hash:
* On *NIX, run: ./unrealircd mkpasswd
* On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
* .. and then paste the result below:
*/
password "$argon2id..etc..";
/* See https://www.unrealircd.org/docs/Authentication_types for
* more information, including even better authentication types
* such as 'certfp', and how to generate hashes on Windows.
*/
password "test";
/* Les permissions Oper sont définies dans un bloc 'operclass'.
* Voir https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd est fourni avec des classes par défaut, voir la doc
@@ -177,47 +160,43 @@ oper bobsmith {
*/
operclass netadmin;
swhois "est un Administrateur du Réseau";
vhost netadmin.example.org;
}
vhost netadmin.mynet.org;
};
/* Les blocs listen définissent les ports sur lesquels le serveur écoute.
* C'est-à-dire les ports que les clients et les serveurs utilisent pour
* se connecter à ce serveur.
*
* Syntaxe :
* listen {
* listen
* {
* ip <adresse ip>;
* port <numéro de port>;
* options {
* <options....>;
* }
* }
* };
* };
*/
/* Port standard pour IRC 6667
* Insecure plaintext (NOT for production servers)
* This listen block is here only for quick testing.
* Delete or comment out this listen block on production servers
* and use TLS on port 6697 instead.
*/
/* Port standard pour IRC 6667 */
listen {
ip *;
port 6667;
}
};
/* Port standard pour IRC sur SSL/TLS 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
options { ssl; };
};
/* Port SSL/TLS spécial pour la connexion entre serveurs */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
options { ssl; serversonly; };
};
/* NOTE : Si vous utilisez un serveur IRC avec plusieurs IP et que vous
* utilisez les blocs listen ci-dessus, vous aurez peut-être une
@@ -233,23 +212,23 @@ listen {
* pour former un réseau IRC.
* Voir https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.example.org
link hub.mynet.org
{
incoming {
mask *@something;
}
};
outgoing {
bind-ip *; /* ou une IP précise */
hostname hub.example.org;
hostname hub.mynet.org;
port 6900;
options { tls; }
}
options { ssl; };
};
password "00:11:22:33:44:55:66:77:88:99:AA:BB:CC:DD:EE:FF"; /* Empreinte SSL de l'autre serveur */
class servers;
}
};
/* Les U-lines donnent encore plus de pouvoir à certains serveurs.
* Si vous utilisez des Services, vous devez les indiquer ici.
@@ -258,8 +237,8 @@ link hub.example.org
* https://www.unrealircd.org/docs/Services )
*/
ulines {
services.example.org;
}
services.mynet.org;
};
/* Ici vous pouvez indiquer un mot de passe pour les commandes /DIE et
* /RESTART, qui sont restreintes aux IRCops.
@@ -269,49 +248,27 @@ ulines {
drpass {
restart "restart";
die "die";
}
};
/* Le bloc log indique ce qui doit être journalisé et dans quel fichier.
* Voir aussi https://www.unrealircd.org/docs/Log_block
*/
/* Ceci est une bonne valeur par défaut, elle journalise presque tout */
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.log" { maxsize 100M; }
}
}
/* In addition to regular logging, also add a JSON log file.
* This includes lots of information about every event so is great
* for auditing purposes and is machine readable. It is, however
* less readable for humans.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.json.log" { maxsize 250M; type json; }
}
}
log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
};
};
/* Avec des "alias", vous pouvez créer un alias comme /UNTRUC pour envoyer
* un message à un utilisateur ou à un bot. Ils sont souvent utilisés pour
@@ -329,7 +286,7 @@ include "aliases/anope.conf";
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Réservé aux Services";
}
};
/* Bannir une IP.
* NB : vous pouvez aussi utiliser /KLINE, /GLINE et /ZLINE pour ça.
@@ -337,7 +294,7 @@ ban nick {
ban ip {
mask 195.86.232.81;
reason "Je vous hais !";
}
};
/* Bannir un serveur - si ce serveur est connecté au réseau, nous nous
* déconnecterons
@@ -345,7 +302,7 @@ ban ip {
ban server {
mask eris.berkeley.edu;
reason "Va-t-en d'ici.";
}
};
/* Bannir un utilisateur - juste pour l'exemple, on utilise normalement
* /KLINE or /GLINE pour ça
@@ -353,18 +310,18 @@ ban server {
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Idiot";
}
};
/* Bannir un realname (ou 'gecos') */
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
}
};
ban realname {
mask "sub7server";
reason "sub7";
}
};
/* Exceptions de ban et TKL. Vous permet d'exempter des utilisateurs des
* KLINE, GLINE, etc ...
@@ -374,19 +331,17 @@ ban realname {
* accidentellement.
*/
/* except ban avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
/* except ban vous protège des KLINE et ZLINE */
except ban {
mask *@192.0.2.1;
type all;
}
// vous pouvez ajouter d'autres lignes mask à la suite
};
/* This allows IRCCloud connections in without maxperip restrictions
* and also exempt them from connect-flood throttling.
*/
except ban {
mask *.irccloud.com;
type { maxperip; connect-flood; }
}
/* except tkl avec le type 'all' vous protège des GLINE, GZLINE, QLINE, SHUN */
except tkl {
mask *@192.0.2.1;
type all;
};
/* Avec un bloc deny dcc vous pouvez interdire des noms de fichiers dans
* les échanges DCC
@@ -394,14 +349,14 @@ except ban {
deny dcc {
filename "*sub7*";
reason "Possible virus Sub7";
}
};
/* deny channel vous permet d'interdire des masques de noms de salons */
deny channel {
channel "*warez*";
reason "Le warez est illegal";
class "clients";
}
};
/* Les VHosts (Virtual Hosts - Hôtes Virtuels) permettent aux utilisateurs
* d'avoir un nom d'hôte différent.
@@ -417,94 +372,48 @@ vhost {
mask *@unrealircd.com;
login "test";
password "test";
}
/* Les blocs de liste noire interrogeront un service de liste noire DNS externe
* chaque fois qu'un utilisateur se connecte, pour voir si l'adresse IP est connue
* pour provoquer des attaques de drones, est une machine piratée connue, etc..
* Documentation: https://www.unrealircd.org/docs/Blacklist_block
* Ou regardez simplement les blocs ci-dessous.
*/
/* DroneBL, probablement la liste noire la plus populaire utilisée par les serveurs IRC.
* Voir https://dronebl.org/ pour leur documentation et les
* significations des types de réponse. AAu moment de la rédaction, nous utilisons des types:
* 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone,
* 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain,
* 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers,
* 14: Open Wingate Proxy, 15: Compromised router / gateway,
* 16: Autorooting worms.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details.";
}
/* EFnetRBL, voir https://rbl.efnetrbl.org/ pour la documentation
* et la signification des types de réponse.
* Au moment de la rédaction: 1 is open proxy, 4 is TOR, 5 is drones/flooding.
*
* REMARQUE: Si vous souhaitez autoriser les proxys TOR sur votre serveur, alors
* vous devez supprimer le '4;' ci-dessous dans la section de réponse.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details.";
}
};
/* Vous pouvez inclure d'autres fichiers de configuration */
/* include "klines.conf"; */
/* Configuration du réseau */
set {
network-name "ExampleNET";
default-server "irc.example.org";
services-server "services.example.org";
stats-server "stats.example.org";
network-name "MYNet";
default-server "irc.mynet.org";
services-server "services.mynet.org";
stats-server "stats.mynet.org";
help-channel "#Help";
cloak-prefix "Clk";
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Les clés de cloaking doivent être identiques sur tous les serveurs
* d'un réseau. Elles sont utilisées pour générer les noms d'hôtes
* masqués et doivent être gardées secrètes. Les clés doivent être
* 3 chaînes de 80 caractères aléatoires et ne comporter que des
* minuscules (a-z), des majuscules (A-Z) et des chiffres (0-9).
* (voir l'exemple)
* NB : sur *NIX, vous pouvez exécuter './unrealircd gencloak' sur votre
* serveur pour que Unrealircd génère 3 clés aléatoires pour vous.
* On Windows, use "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
* 3 chaînes de 5 à 100 caractères aléatoires (entre 10 et 20 suffisent)
* et ne comporter que des minuscules (a-z), des majuscules (A-Z) et des
* chiffres (0-9). (voir l'exemple)
* NB : sur *NIX, vous pouvez exécuter './unreal gencloak' sur votre
* serveur pour que Unreal génère 3 clés aléatoires pour vous.
*/
cloak-keys {
"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"et une autre";
"et une troisième";
}
}
};
};
/* Configuration spécifique au serveur */
set {
kline-address 'indiquez.une.adresse.email'; /* e-mail ou URL indiquée lorsqu'un utilisateur est banni */
kline-address "indiquez.une.adresse.email"; /* e-mail ou URL indiquée lorsqu'un utilisateur est banni */
modes-on-connect "+ixw"; /* modes utilisateur ajoutés lorsqu'un utilisateur se connecte */
modes-on-oper "+xws"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
modes-on-oper "+xwgs"; /* modes utilisateur ajoutés lorsqu'un utilisateur devient IRCOp */
oper-auto-join "#opers"; /* salon que les IRCOps joignent automatiquement */
options {
hide-ulines; /* cacher les U-lines de /MAP et /LINKS */
show-connect-info; /* afficher les messages "looking up your hostname" à la connexion */
}
};
maxchannelsperuser 10; /* nombre max de salons par utilisateur */
@@ -521,11 +430,17 @@ set {
/* static-part fait la même chose pour /PART */
/* static-part yes; */
/* Protections anti-flood.
* Voir: https://www.unrealircd.org/docs/Set_block#set::anti-flood
/* Quelles /STATS sont restreintes aux Opérateurs. Nous vous
* conseillons de laisser '*' (toutes)
*/
oper-only-stats "*";
/* Protections anti-flood */
anti-flood {
}
nick-flood 3:60; /* 3 changements de nick par 60 secondes */
connect-flood 3:60; /* 3 tentatives de connexions par 60 seconds */
away-flood 4:120; /* 4 utilisation de /AWAY par 2 minutes */
};
/* Paramètres de Spamfilter */
spamfilter {
@@ -533,132 +448,12 @@ set {
ban-reason "Spam/Publicité"; /* raison par defaut */
virus-help-channel "#help"; /* salon par défaut pour l'action 'viruschan' */
/* except "#help"; salon à exempter de Spamfilter */
}
/* Restreindre certaines commandes.
* Voir https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
except {
connect-time 60; /* après 60 secondes, vous pouvez utiliser LIST */
identified yes; /* ou immédiatement, si vous êtes identifié aux services */
reputation-score 24; /* ou si vous avez un score de réputation de 24 ou plus */
}
}
invite {
except {
connect-time 120;
identified yes;
reputation-score 24;
}
}
/* En plus de la possibilité de restreindre toute commande,
* tel qu'illustré ci-dessus. Il existe également 4 types spéciaux
* que vous pouvez restreindre. Ceux-ci sont "private-message",
* "private-notice", "channel-message" and "channel-notice".
* Ils sont commentés (désactivés) dans cet exemple :
*/
//private-message {
// except { connect-time 10; }
//}
//private-notice {
// except { connect-time 10; }
//}
}
}
/*
* Ce qui suit configurera la limitation de connexion de "unknown users".
*
* Quand UnrealIRCd détecte un nombre élevé d'utilisateurs se connectant à partir d'adresses IP
* qui n'ont pas été vus auparavant, les connexions des nouvelles IP sont rejetées
* au-dessus du taux fixé. Par exemple à 10:60 seuls 10 utilisateurs par minute peuvent se connecter
* qui n'ont pas été vus auparavant. Les adresses IP connues peuvent toujours entrer,
* quel que soit le tarif fixé. Idem pour les utilisateurs qui se connectent avec SASL.
*
* Voir également https://www.unrealircd.org/docs/Connthrottle pour les détails.
* Ou continuez simplement à lire les paramètres de configuration par défaut ci-dessous:
*/
set {
connthrottle {
/* Nous configurons d'abord quels utilisateurs sont exemptés de la
* restrictions. Ces utilisateurs sont toujours autorisés!
* Par défaut, ce sont des utilisateurs sur des adresses IP qui ont
* un score de 24 ou plus. Un score de 24 signifie que l'IP
* était connecté à ce réseauk pendant au moins 2 heures
* au cours du mois passé (ou minimum 1h si inscrit).
* Nous permettons également aux utilisateurs qui sont identifiés aux services via
* SASL contourner les restrictions.
*/
except {
reputation-score 24;
identified yes;
/* pour plus d'options, voir restrictions
* https://www.unrealircd.org/docs/Mask_item
*/
}
/* Les nouveaux utilisateurs sont tous les utilisateurs qui n'appartiennent pas au
* groupe d'utilisateurs connus. Ils sont considérés comme "nouveaux" et dans
* le cas d'un nombre élevé de ces nouveaux utilisateurs se connectant
* ils sont soumis à une limitation du débit de connexion.
* Par défaut, le taux est de 20 nouveaux utilisateurs locaux par minute
* et 30 nouveaux utilisateurs global par minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* Ceci configure quand ce module ne sera PAS actif.
* Les paramètres par défaut désactiveront le module lors que:
* - Le module de réputation fonctionne depuis moins d'une
* semaine. Si vous courez moins d'une semaine, il y a
* données insuffisantes pour déterminer qui est un "utilisateur connu".
* - Le serveur vient d'être démarré (3 premières minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* HISTORIQUE DES CANAUX:
* UnrealIRCd a le mode canal +H qui peut être utilisé par les utilisateurs pour relire
* historique de la chaîne, comme avant leur adhésion. Pour des informations générales
* sur cette fonctionnalité, voir https://www.unrealircd.org/docs/Channel_history
*
* Les limites de l'historique peuvent être configurées via set::history.
* Les valeurs par défaut sont probablement déjà bien pour toi, mais si vous êtes sur un
* système à faible mémoire ou ayant des milliers de canaux, vous voudrez peut-être re vérifier.
* Voir https://www.unrealircd.org/docs/Set_block#set::history pour les options.
*
* En plus de cela, vous pouvez avoir "persistent channel history", qui
* signifie que l'historique des chaînes est stocké crypté sur le disque
* afin qu'il soit préservé entre les redémarrages du serveur IRC, voir
* https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
* La fonction d'historique persistant n'est PAS activée par défaut car vous
* devez de configurer un bloque de secret { }. Ce qui suit est un simple
* exemple avec des mots de passe stockés directement dans le fichier de configuration.
* Pour une meilleure sécurité, voir https://www.unrealircd.org/docs/Secret_block
* sur des moyens alternatifs pour ne pas stocker les mots de passe directement dans la configuration.
*/
//secret historydb { password "somepassword"; }
//set { history { channel { persist yes; db-secret "historydb"; } } }
/* Enfin, vous souhaiterez peut-être avoir un MOTD (Le message du jour), cela peut être
* fait en créant un archive de text 'ircd.motd' dans votre répertoire conf/.
* Ce fichier sera montré à vos utilisateurs lors de la connexion.
* Pour plus d'informations, voir https://www.unrealircd.org/docs/MOTD_and_Rules
*/
};
};
/*
* Un problème ou besoin d'aide supplémentaire ?
* 1) https://www.unrealircd.org/docs/
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation/fr
* 2) https://www.unrealircd.org/docs/FAQ <- répond à 80% des questions !
* 3) Si vous avez toujours des problèmes, vous pouvez aller sur
* irc.unrealircd.org #unreal-support,
doc/conf/examples/example.pt.conf
-684
View File
@@ -1,684 +0,0 @@
/* Arquivo de configuração para o UnrealIRCd 6
* OBSERVAÇÃO: Este arquivo utiliza a tradução Português do Brasil (pt-br).
*
* Apenas copie este arquivo para seu diretório conf/ e renomeie-o para 'unrealircd.conf'
*
* Se você estiver com pressa, pode CTRL+F (localizar) pelo termo ALTERAR ISTO
* Os pontos que obrigatoriamente devem ser alterados estão indicados por essas duas palavras.
* No entanto, recomendamos que você revise este arquivo linha por linha
* e o altere conforme necessário, para que possa ver todos os pontos básicos e seus valores.
*
* ANTES DE PROSSEGUIR:
* Importante: Todas as linhas, exceto { e } terminam com ;
* Isto é muito importante, visto que se você esquecer um ; em algum lugar,
* a checagem do arquivo de configuração irá criticar e o arquivo não será processado!
* Se esta é sua primeira experiência com o arquivo de configuração do UnrealIRCd
* então nós recomendamos fortemente que você se dedique um pouco para ler sobre a sintaxe,
* isto levará apenas alguns minutos e o ajudará consideravelmente:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* Documentação completa do UnrealIRCd 6 (bem extensa!):
* https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
*
* Questões Frequentes:
* https://www.unrealircd.org/docs/FAQ
*/
/* Este é um comentário, todo o texto aqui será ignorado (comentário de tipo #1) */
// Este também é um comentário, e esta linha será ignorada (comentário de tipo #2)
# Este também é um comentário, e novamente esta linha será ignorada (comentário de tipo #3)
/* O UnrealIRCd faz um intenso uso dos Módulos, que permitem que você personalize completamente
* o conjunto de recursos que você deseja habilitar no UnrealIRCd.
* Veja: https://www.unrealircd.org/docs/Modules
*
* Utilizando o include abaixo, nós instruímos o IRCd a ler o arquivo
* 'modules.default.conf' que carregará mais de 150 módulos
* que vem com o UnrealIRCd. Em outras palavras: Isso simplesmente irá carregar
* todos os recursos disponíveis no UnrealIRCd.
* Se você está configurando o UnrealIRCd pela primeira vez, nós sugerimos que você
* o use. Então, quando tudo estiver configurado e rodando, você poderá retornar
* e personalizar a lista (se você desejar).
*/
include "modules.default.conf";
/* Agora vamos incluir alguns outros arquivos de configuração também:
* - help/help.conf para nosso sistema de ajuda /HELPOP
* - badwords.conf para os modos de usuário e canal +G
* - spamfilter.conf como um exemplo para filtragem de spam
* (comentado)
* - operclass.default.conf contém algumas boas classes de operadores que
* você pode usar em seus blocos de operadores.
*/
include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
/* Carrega por padrão o módulo de cloaking em SHA256 (implementado em 2021): */
loadmodule "cloak_sha256";
/* Ou carrega o antigo módulo de clocking em MD5 que veio do UnrealIRCd 3.2/4/5: */
//loadmodule "cloak_md5";
// ALTERAR ISTO (o 'name' e 'info')
/* Este é o bloco me { } que basicamente diz quem somos.
* Ele define o nome do nosso servidor, algumas linhas informativas e um "sid" único.
* O id do servidor (sid) precisa iniciar com um dígito numérico seguido por dois dígitos numéricos
* ou alfanuméricos de A à Z. O sid precisa ser único para a sua rede de IRC (cada servidor
* deve ter seu próprio sid). É comum utilizar 001 para seu primeiro servidor.
*/
me {
name "irc.exemplo.org";
info "Servidor ExemploNET";
sid "001";
}
// ALTERAR ISTO:
/* O bloco admin { } define quem os usuário verão quando eles digitarem /ADMIN.
* Normalmente contém infomações de como eles podem contatar o administrador.
*/
admin {
"Bob Smith";
"bob";
"email@exemplo.org";
}
/* Clientes e servidores são colocados no bloco class { }, e os definimos aqui.
* Blocos Class consistem nos seguintes itens:
* - pingfreq: com que frequência será efetuado ping em um usuário / servidor (em segundos)
* - connfreq: quantas vezes tentamos nos conectar a este servidor (em segundos)
* - sendq: o tamanho máximo da fila para uma conexão
* - recvq: o recebimento máximo da fila para uma conexão (controle de flood)
*/
/* Classe Client padrão, com valores de limites aceitáveis */
class clients
{
pingfreq 90;
maxclients 1000;
sendq 200k;
recvq 8000;
}
/* Uma classe Especial para IRCOps com valores de limites mais altos */
class opers
{
pingfreq 90;
maxclients 50;
sendq 1M;
recvq 8000;
}
/* Classe Server padrão, com valores de limites aceitáveis */
class servers
{
pingfreq 60;
connfreq 15; /* tenta se conectar a cada 15 segundos */
maxclients 10; /* máximo de servidores */
sendq 20M;
}
/* Blocos allow definem quais classe clients podem se conectar a este servidor.
* Isto permite que você adicione uma senha ao servidor ou restrinja o acesso ao servidor
* apenas por IPs específicos. Você também pode configurar o máximo de conexões
* permitidas por IP.
* Veja também: https://www.unrealircd.org/docs/Allow_block
*/
/* Permite todos entrarem, mas apenas 3 conexões simultâneas por IP */
allow {
mask *;
class clients;
maxperip 3;
}
/* Exemplo de um bloco especial allow em um IP específico:
* Requer que usuários neste IP conectem por uma senha. Se a senha
* estiver correta, então permite 20 conexões simultâneas deste IP.
*/
//allow {
// mask 192.0.2.1;
// class clients;
// password "alguma_senha_secreta";
// maxperip 20;
//}
/* Blocos oper definem os Operadores de IRC.
* Operadores de IRC são pessoas com "privilégios extras" comparado a outros,
* eles podem por exemplo dar /KILL (derrubar) outras pessoas, iniciar uma conexão com server,
* dar /JOIN (entrar) em canais ainda que eles estejam banidos, etc.
*
* Para mais informações sobre como se tornar um IRCOp e como executar
* tarefas administrativas, veja: https://www.unrealircd.org/docs/IRCOp_guide
*
* Para obter mais detalhes sobre o bloco oper { } , veja
* https://www.unrealircd.org/docs/Oper_block
*/
/* Aqui está um exemplo de um bloco oper para o 'bobsmith'
* VOCÊ DEVE ALTERAR ISTO!! (o nome do operador e a senha)
*/
oper bobsmith {
class opers;
mask *@*;
/* Tecnicamente você pode deixar as senhas de oper em texto puro no arquivo de configuração, mas
* isto é ALTAMENTE DESENCORAJADO. No lugar disso, você deve gerar uma senha hasheada:
* No *NIX, execute: ./unrealircd mkpasswd
* No Windows, execute: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
* ... e então cole a senha no campo abaixo:
*/
password "$argon2id..etc..";
/* Veja https://www.unrealircd.org/docs/Authentication_types para
* mais informações, incluindo formas melhores de autenticação
* como por exemplo o 'certfp', e como gerar hashes no Windows.
*/
/* Permissões de oper são definidos no bloco 'operclass'.
* Veja https://www.unrealircd.org/docs/Operclass_block
* O UnrealIRCd vem com um número padrão de blocos, leia
* o artigo acima para ver a lista completa. Nós escolhemos o 'netadmin' aqui.
*/
operclass netadmin;
swhois "é o Administrador da Rede";
vhost netadmin.exemplo.org;
}
/* Blocos listen definem as portas onde o servidor irá escutar.
* Em outras palavras: as portas que os clientes e servidores podem usar
* para se conectar a este servidor.
*
* Sintaxe:
* listen {
* ip <ip>;
* port <port>;
* options {
* <options....>;
* }
* }
*/
/* Porta padrão 6667 do IRC
* Insecure plaintext (NOT for production servers)
* This listen block is here only for quick testing.
* Delete or comment out this listen block on production servers
* and use TLS on port 6697 instead.
*/
listen {
ip *;
port 6667;
}
/* Porta padrão 6697 do IRC sob tunel SSL/TLS */
listen {
ip *;
port 6697;
options { tls; }
}
/* Porta especial padrão para uso de servidores sob tunel SSL/TLS para vincular a outros servidores */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
/* OBSERVAÇÃO: Se você está em uma shell IRCd com múltiplos IPs e você usa
* os blocos listen { } acima, então você provavelmente receberá o erro
* 'Address already in use' e o IRCd não iniciará.
* Isto significa que você DEVE colocar em escuta um IP específico no lugar do '*', como por exemplo:
* listen { ip 1.2.3.4; port 6667; }
* Claro, substituindo o IP pelo IP que foi fornecido a você.
*/
/*
* Blocos link permitem que você vincule múltiplos servidores uns aos outros para formar uma rede.
* Veja https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
//link hub.exemplo.org
//{
// incoming {
// mask *@alguma_coisa;
// }
//
// outgoing {
// bind-ip *; /* ou especificar um IP */
// hostname hub.exemplo.org;
// port 6900;
// options { tls; }
// }
//
// /* Nós usamos a impressão digital SPKI do outro servidor para autenticação.
// * Abra uma shell no OUTRO SERVIDOR e execute o comando abaixo para obter a impressão digital:
// * No *NIX, execute: ./unrealircd spkifp
// * No Windows, execute: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
// */
// password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
//
// class servers;
//}
/* O Bloco link para o services é muito mais simples.
* Para mais informações sobre o que são o Services,
* leia https://www.unrealircd.org/docs/Services
*/
//link services.exemplo.org
//{
// incoming {
// mask 127.0.0.1;
// }
//
// password "me_altere_por_favor";
//
// class servers;
//}
/* U-lines dão a outros servidores (ainda) mais poderes/comandos.
* Se você usa o services, você DEVE adicioná-los aqui. Você deve adicionar o
* nome do servidor do services no bloco ulines { } no arquivo de configuração
* em todo servidor UnrealIRCd da sua rede.
* IMPORTANTE: Jamais insira o nome do servidor do UnrealIRCd aqui,
* é apenas para o Services!
*/
//ulines {
// services.exemplo.org;
//}
/* Aqui você pode adicionar uma senha (apenas para IRCOps) para os comandos /DIE e /RESTART.
* Isto para que se tenha uma pouco mais de proteção contra reinicio acidental
* do servidor e ele seja derrubado inadvertidante.
*/
drpass {
restart "reiniciar";
die "matar";
}
/* O bloco log define o que deve ser registrado (logado) e em qual arquivo.
* Leia também https://www.unrealircd.org/docs/Log_block
*/
/* Este é um bom padrão, ele registra tudo, exceto
* coisas de depuração e comandos join/part/kick.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.log" { maxsize 100M; }
}
}
/* Além do log regular, também adicionamos um arquivo de log em JSON.
* Isso inclui muitas informações sobre cada evento, sendo ótimo
* para fins de auditoria e legível por máquinas. No entanto,
* é menos legível para humanos.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.json.log" { maxsize 250M; type json; }
}
}
/* Com o "aliases" você pode criar um atalho como /ALGUMACOISA para enviar uma mensagem para
* algum usuário ou bot. Eles são usados normalmente por services.
*
* Nós temos um arquivo com um número pré-definido de atalhos, confira o diretório alias/ .
* Como exemplo, aqui nós incluímos todos os atalhos utilizados pelo services anope.
*/
include "aliases/anope.conf";
/* Bane nicks para que eles não sejam utilizados por usuários comuns */
//ban nick {
// mask "*C*h*a*n*S*e*r*v*";
// reason "Reservado para Services";
//}
/* Bane um IP
* Observe que você normalmente usa /KLINE, /GLINE e /ZLINE para isto.
*/
//ban ip {
// mask 195.86.232.81;
// reason "Te odeio";
//}
/* Bane um servidor - se observarmos este servidor vinculado a alguém, então o expulsaremos */
//ban server {
// mask pedro.usp.br;
// reason "Caia fora daqui.";
//}
/* Bane um usuário - mas você normalmente usa /KLINE ou /GLINE para isso */
//ban user {
// mask *usuariotroll@*.saturn.bbn.com;
// reason "Idiota";
//}
/* Este tipo de banimento permite que clientes sejam banidos com base no seu nome real (realname)
* ou campo 'gecos'.
*/
//ban realname {
// mask "Time Swat";
// reason "FORCAOSTENSIVA";
//}
//ban realname {
// mask "sub7server";
// reason "sub7";
//}
/* Exceções de banimento e TKL. Permite que você crie exceções a usuários/IPs a um
* KLINE, GLINE, etc.
* Se você é um IRCOp com IP estático (e não há ninguém não confiável utilizando este IP),
* então nós sugerimos que você seja adicionado aqui. Desta forma, você sempre poderá entrar
* mesmo se acidentalmente você colocar um *LINE em si mesmo.
*/
/* Exceções de banimento de tipo 'all' protegem você de GLINE, GZLINE, QLINE, SHUN */
//except ban {
// mask *@192.0.2.1;
// type all;
//}
/* Isto permite que clientes do IRCCloud não tenham restrição de IP por conexão
* e também cria exceção a eles de flood por conexão.
*/
except ban {
mask *.irccloud.com;
type { maxperip; connect-flood; }
}
/* deny dcc permite você possa banir nomes de arquivos transferidos por DCC */
//deny dcc {
// filename "*sub7*";
// reason "Possível Virus Sub7";
//}
/* deny channel permite a você banir um canal (por máscara) */
//deny channel {
// channel "*warez*";
// reason "Warez é ilegal";
// class "clients";
//}
/* VHosts (Hosts Virtuais) permite aos usuários adquirirem um vhost diferente.
* Veja https://www.unrealircd.org/docs/Vhost_block
*/
/* Exemplo de vhost que você pode usar. No IRC digite: /VHOST teste teste
* OBSERVAÇÃO: apenas pessoas com o host 'unrealircd.com' podem usá-lo, então
* tenha certeza de modificar o vhost::mask antes de seu teste.
*/
//vhost {
// vhost eu.odeio.microsefrs.com;
// mask *@unrealircd.com;
// login "teste";
// password "teste";
//}
/* Blocos blacklist irão consultar um serviço externo de blacklist
* sempre que um usuário se conectar, para saber se seu endereço de IP é conhecido
* por ataques de drone, como uma máquina hackeada, etc.
* Documentação: https://www.unrealircd.org/docs/Blacklist_block
* Ou apenas dê uma olhada nos blocos abaixo.
*/
/* DroneBL é provavelmente o serviço de blacklist mais popular usada por servidores de IRC.
* Veja https://dronebl.org/ para ler a documentação e
* o significado dos tipos de resposta. No momento em que este arquivo foi escrito, nós usamos os tipos:
* 3: IRC Drone, 5: Flooder, 6: Drone ou bot de spam desconhecido,
* 7: Drone de DDoS, 8: Proxy SOCKS, 9: Proxy HTTP, 10: ProxyChain,
* 11: Proxy de página web, 12: Resolvedor de DNS aberto, 13: Atacantes de força bruta,
* 14: Proxy Wingate público, 15: Roteador/Gateway comprometido,
* 16: Virus que tentam conseguir root.
*/
blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone detectado. Confira https://dronebl.org/lookup?ip=$ip para detalhes.";
}
/* EFnetRBL, veja https://rbl.efnetrbl.org/ para ler a documentação
* e o significado dos tipos de resposta.
* No momento em que este arquivo foi escrito: 1 é proxy público, 4 é TOR, 5 é drones/flooders.
*
* OBSERVAÇÃO: Se você deseja permitir proxies TOR no seu servidor, então
* você precisa remover o '4;' abaixo da seção reply.
*/
blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR detectado. Confira https://rbl.efnetrbl.org/?i=$ip para detalhes.";
}
/* Você pode incluir outros arquivos de configuração */
/* include "klines.conf"; */
/* Configuração da Rede */
set {
// ALTERAR ISTO, todos os 4 itens abaixo
network-name "ExemploNET";
default-server "irc.exemplo.org";
services-server "services.exemplo.org";
stats-server "stats.exemplo.org";
/* Valores Padrão */
help-channel "#ajuda";
cloak-prefix "Clk";
prefix-quit "Saindo";
/* Chaves cloak devem ser a mesma em todos os servidores da rede.
* Eles são usados para geração de hosts mascarados e devem ser mantidos em segredo.
* VOCÊ PRECISA ALTERAR ISTO!
* As chaves devem ser 3 strings (ou mais) de 80 caracteres randômicos
* e devem se constituir de letras minúsculas (a-z), maiúsculas (A-Z) e números (0-9).
* No *NIX, você pode executar './unrealircd gencloak' na sua shell para que o
* UnrealIRCd gere 3 strings randômicas para você.
* No Windows, você pode executar "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
*/
cloak-keys {
"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
"adicione a outra";
"adicione a outra";
}
}
/* Configurações específicas do servidor */
set {
// POR ÚLTIMO, VOCÊ PRECISA ALTERAR ISTO:
kline-address 'definir.seu.endereco.de.email'; /* e-mail ou URL exibido quando um usuário é banido */
modes-on-connect "+ixw"; /* quando os usuários conectam, esses modos de usuário é atribuído a eles */
modes-on-oper "+xws"; /* quado alguém se torna IRCOp, esses modos de usuário é atribuído a ele */
modes-on-join "+nt"; /* modos de canal padrão, quando um novo canal é criado */
oper-auto-join "#opers"; /* IRCOps entram automaticamente neste canal */
options {
hide-ulines; /* esconde U-lines do /MAP e /LINKS */
show-connect-info; /* exibe a mensagem "looking up your hostname" ao se conectar */
}
maxchannelsperuser 10; /* número máximo de canais que um usuário pode entrar com /JOIN */
/* O tempo mínimo que um usuário precisa estar conectado antes de ser permitido
* utilizar a mensagem de QUIT. Isto irá ajudar no combate a SPAM.
*/
anti-spam-quit-message-time 10s;
/* Ou simplesmente defina um quit estático, de forma que qualquer motivo de /QUIT seja ignorado */
/* static-quit "Cliente saindo"; */
/* static-part faz com que o mesmo acima aconteça ao comando /PART */
/* static-part yes; */
/* Proteção contra Flood:
* Há uma série de configurações para isso, e a maioria delas tem bons padrões.
* Veja https://www.unrealircd.org/docs/Set_block#set::anti-flood
*/
anti-flood {
}
/* Configurações para filtragem de SPAM */
spamfilter {
ban-time 1d; /* duração padrão de um ban *LINE definido pelo filtro de spam */
ban-reason "Spam/Propaganda"; /* motivo padrão */
virus-help-channel "#help"; /* canal utilizado para usar em uma ação de 'virus de canal' */
/* except "#help"; exceção de canal ao filtro de spam */
}
/* Restringindo certos comandos
* Veja https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
except {
connect-time 60; /* após 60 segundos, o usuário pode usar o comando /LIST */
identified yes; /* ou imediatamente, se estiver identificado ao services */
reputation-score 24; /* ou se tiver um score de reputação maior ou igual a 24 */
}
}
invite {
except {
connect-time 120;
identified yes;
reputation-score 24;
}
}
/* Somando a possibilidade de restringir qualquer comando,
* também existem 4 tipos especiais
* que você pode restringir. Eles são "private-message",
* "private-notice", "channel-message" e "channel-notice".
* Eles estão todos comentados neste exemplo:
*/
//private-message {
// except { connect-time 10; }
//}
//private-notice {
// except { connect-time 10; }
//}
}
}
/*
* A seguir será configurado o limite de conexão para "unknown users".
*
* Quando o UnrealIRCd detecta um número elevado de usuários conectando de um endereço IP
* que nunca viu antes, então conexões do novo IP são rejeitadas quando estiverem
* acima da taxa abaixo especificada. Por exemplo, na taxa 10:60 apenas 10 usuários por minuto podem conectar
* por este IP que nunca foi visto antes. Endereços de IP conhecidos sempre podem entrar,
* independente da taxa definida. O mesmo para usuários que se conectam via SASL.
*
* Leia também https://www.unrealircd.org/docs/Connthrottle para detalhes.
* Ou apenas continue lendo a configuração abaixo:
*/
set {
connthrottle {
/* Primeiro nós configuramos quais usuários serão excluídos
* das restrições. Estes usuários sempre conseguirão acessar.
* Por padrão, entra como exceção usuários identificados com o services
* com um score igual ou maior a 24. Um score 24 significa que
* este IP foi conectado a esta rede por pelo menos 2 horas em algum momento
* no mês passado (ou no mínimo por 1 hora se registrado).
* Nós também permitimos usuários que se identificaram através do services via
* SASL para passar por cima destas restrições.
*/
except {
reputation-score 24;
identified yes;
/* Para mais informações, leia
* https://www.unrealircd.org/docs/Mask_item
*/
}
/* Novos usuários são todos os usuários que não pertencem
* ao grupo known-users. Eles são considerados "novos" e no
* caso de um número elevado de novos usuários se conectando,
* eles serão sujeiros ao limite de taxa de conexão.
* Por padrão a taxa é 20 novos usuários locais por minuto
* e 30 novos usuários globais por minuto.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* Esta seção configura quando este módulo não será ativado.
* As configurações padrão desabilitarão o módulo quando:
* - O módulo reputation esteja em execução a menos de
* uma semana. Se estiver rodando há menos de 1 semana, então ainda temos
* dados insuficientes para considerar quem é um "known user" (usuário conhecido).
* - O servidor acabou de ser inicializado (primeiros 3 minutos).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* HISTÓRICO DE CANAL:
* UnrealIRCd possui modo de canal +H que pode ser usado pelos usuários para recuperar
* o histórico do canal antes deles terem entrado. Para informações gerais
* sobre esta funcionalidade, leia https://www.unrealircd.org/docs/Channel_history
*
* Os limites do histórico podem ser configurados pelo set::history. Os padrões são
* provavelmente bons para você, mas se você estiver em um sistema com pouca memória
* ou tem centenas de canais, então você pode querer verificar esses padrões novamente. Leia
* https://www.unrealircd.org/docs/Set_block#set::history
* para ver as opções disponíveis.
*
* Além disso, você pode definir um "histórico de canal persistente", o que
* significa que o histórico do canal é armazenado de modo criptografado no disco e é preservado
* entre os reinícios do servidor. Leia
* https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
* A funcionalidade de histórico persistente NÃO é habilitado por padrão porque você
* precisa configurar o Bloco secret { } para ele antes. A seguir um exemplo simples
* de senhas armazenadas diretamente no arquivo de configuração:
* Para obter uma melhor segurança, leia https://www.unrealircd.org/docs/Secret_block
* como formas alternativas para não armazenar senhas diretamente no arquivo de configuração.
*/
//secret historydb { password "algumasenha"; }
//set { history { channel { persist yes; db-secret "historydb"; } } }
/* Finalmente, você pode querer ter um MOTD (Mensagem do Dia), isto pode ser
* feito criando um arquivo de texto 'ircd.motd' no seu diretório conf/ .
* O texto dentro deste arquivo será exibido aos usuários ao se conectarem.
* Para mais informações, veja https://www.unrealircd.org/docs/MOTD_and_Rules
*/
/*
* Problemas ou precisa de ajuda?
* 1) https://www.unrealircd.org/docs/
* 2) https://www.unrealircd.org/docs/FAQ <- responde a 80% das suas perguntas!
* 3) Se ainda assim você está enfrentando problemas, você pode obter ajuda em:
* - Fóruns: https://forums.unrealircd.org/
* - IRC: irc.unrealircd.org (SSL na porta 6697) / #unreal-support
* Observe que pedimos que você leia a documentação e as perguntas frequentes (FAQ) primeiro!
*/
doc/conf/examples/example.tr.conf
+164 -347
View File
@@ -1,29 +1,21 @@
/* UnrealIRCd 6 için yapılandırma dosyası
*
/* UnrealIRCd 4 için yapılandırma dosyası
* Türkçe Çeviri: Diablo - (Serkan Sepetçi)
* İletişim: irc.turkirc.net:6667 - diablo@unrealircd.org
* İletişim: irc.trirc.com:6667 - diablo@unrealircd.org
*
* Bu dosyayı conf/ dizininize kopyalayın ve 'unrealircd.conf' olarak adlandırın.
* Biz buna basit bir 'unrealircd.conf' dosyası diyoruz.
* Bu dosyası satır satır editleyip conf/ dizinine kopyalayınız. (düzenleyin!)
*
* Aceleniz varsa CTRL+F tuşlarına basıp şunu yapabilirsiniz: BUNU DEĞİŞTİRİN
* Değiştirilmesi gereken maddeler bu iki kelimeyle belirtilir.
* Ancak aslında dosyayı satır satır incelemenizi ve gereken yerde
* düzenlemenizi öneririz. Böylece tüm temel öğeleri ve bunların nasıl
* ayarlandığını görebilirsiniz.
*
* DEVAM ETMEDEN ÖNCE:
* Önemli: { ve } dışındaki tüm satırlar ; ile biter
* Bu çok önemlidir. Eğer bir şeyi yanlış yaparsanız,
* yapılandırma dosyası ayrıştırıcısı hata verecek ve
* dosya doğru şekilde çalışmayacaktır!
*
* Eğer bu UnrealIRCd yapılandırma dosyasıyla ilk deneyiminizse
* sözdizimi hakkında biraz okumanızı öneririz.
* bu yalnızca birkaç dakika sürer ve size çok yardımcı olacaktır:
* Önemli: Satırların hepsi, açılış başına { satır sonuna ;
* }; dahil edin. Bu çok önemli, eğer siz ayrıştırıcıyı ;
* eksik koyarsanız yapılandırma dosyası hata verecek
* ve dosya doğru işlemde olmayacaktır!
* Bu sizin UnrealIRCd yapılandırması ile ilk deneyiminiz ise
* dosyayı okumanız için birkaç dakika ayırmanızı öneniriz,
* bu size bilgi edinmeniz açısından yardımcı olacaktır:
* https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax
*
* UnrealIRCd 6 belgeleri (çok kapsamlı!):
* https://www.unrealircd.org/docs/UnrealIRCd_6_documentation
* UnrealIRCd 4 belgeleme (çok geniş!):
* https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
*
* Sıkça Sorulan Sorular:
* https://www.unrealircd.org/docs/FAQ
@@ -52,7 +44,6 @@ include "modules.default.conf";
* - help/help.conf /HELPOP sistemi
* - badwords.conf kanal ve kullanıcı modu için +G
* - spamfilter.conf için örnek olarak spamfilter kullanımı
* (yorumlandı)
* - operclass.default.conf oper bloklarında kullanabileceğiniz
* oper sınıflarını görüntüler.
*/
@@ -60,35 +51,27 @@ include "help/help.conf";
include "badwords.conf";
//include "spamfilter.conf";
include "operclass.default.conf";
include "snomasks.default.conf";
/* Varsayılan gizleme modülünü yükleyin (2021'den itibaren): */
loadmodule "cloak_sha256";
/* Veya eski modülü UnrealIRCd 3.2/4/5'ten yükleyin: */
//loadmodule "cloak_md5";
// BUNU DEĞİŞTİRİN ('ad' ve 'bilgi'):
/* me { } bloğu genelde kim olduğumuzu belirtir.
* Sunucumuz için isim, birkaç satır bazı bilgileri belirler "sid".
* Sunucu kimliği (sid) iki basamağı veya harf tarafından izlenen bir rakam ile
* başlamalıdır. Sid IRC ağı için benzersiz olmalıdır (her sunucu için
* kendi sid olmalıdır). İlk sunucu için 001 kullanılması uygundur.
* kendi sid olmalıdır).
*/
me {
name "irc.example.org";
info "ExampleNET Server";
name "irc.foonet.com";
info "FooNet Server";
sid "001";
}
};
// BUNU DEĞİŞTİRİN:
/* admin { } bloğu /ADMIN sorgusunda kullanıcılara görüntülenecek metni belirler.
* Normalde yöneticiye ulaşma konusunda bilgi içerir.
*/
admin {
"Bob Smith";
"bob";
"email@example.org";
}
"widely@used.name";
};
/* Kullanıcılar ve sunucular için class { } bloğu belirtilir.
* Class blokları aşağıdaki işlemlerden oluşur:
@@ -105,7 +88,7 @@ class clients
maxclients 1000;
sendq 200k;
recvq 8000;
}
};
/* IRCOp'lar için varsaylan yüksek limitli özel class ayarları */
class opers
@@ -114,7 +97,7 @@ class opers
maxclients 50;
sendq 1M;
recvq 8000;
}
};
/* Sunucular için varsayılan class ayarları */
class servers
@@ -122,8 +105,8 @@ class servers
pingfreq 60;
connfreq 15; /* Her 15 saniyede bir bağlanmayı dener */
maxclients 10; /* maksimum kullanıcı */
sendq 20M;
}
sendq 5M;
};
/* Allow blockları sunucunuza kimlerin bağlanabileceğini belirtir.
* Bir sunucu şifresi eklenebilir veya belirlitilen bir IP adresi için
@@ -132,23 +115,23 @@ class servers
* Görmeniz için: https://www.unrealircd.org/docs/Allow_block
*/
/* IP başına sadece 3 bağlantı izini verir */
/* IP başına sadece 5 bağlantı izini verir */
allow {
mask *;
ip *@*;
class clients;
maxperip 3;
}
};
/* Örnek olarak özel bir IP bloğu izini:
* Bu IP bir şifre ile bağlantı yapması olduğunu gerektirir.
* Şifre doğru ise o zaman bu IP 20 bağlantıya izin verecektir.
*/
// allow {
// mask 192.0.2.1;
// class clients;
// password "somesecretpasswd";
// maxperip 20;
// }
allow {
ip *@192.0.2.1;
class clients;
password "somesecretpasswd";
maxperip 20;
};
/* Oper bloğu, IRC Operatorleri tanımlar.
* IRC Operatörler, diğer kullanıcılara göre "ekstra haklara" sahip kullanıcılardır.
@@ -162,76 +145,57 @@ allow {
* https://www.unrealircd.org/docs/Oper_block
*/
/* İşte 'bobsmith' için örnek bir oper bloğu
* BUNU DEĞİŞTİRMELİSİN!! (oper adı ve şifre)
/* Örnek bir oper bloğu için 'bobsmith' ile şifresi 'test'.
* Bunu değiştirmeniz GEREKİR!!
*/
oper bobsmith {
class opers;
mask *@*;
/* Teknik olarak oper şifrelerini conf'a düz metin olarak koyabilirsiniz, ancak bu
* KESİNLİKLE ÖNERİLEN bir durum değildir. Bunun yerine bir şifre karması oluşturmalısınız:
* *NIX'te şunu çalıştırın: ./unrealircd mkpasswd
* Windows'ta şunu çalıştırın: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd
* .. ve ardından sonucu aşağıya yapıştırın:
*/
password "$argon2id..etc..";
/* 'Certfp' gibi daha iyi kimlik doğrulama türleri ve Windows'ta
* karmaların nasıl oluşturulacağı da dahil olmak üzere daha fazla bilgi için
* https://www.unrealircd.org/docs/Authentication_types adresine bakın.
*/
password "test";
/* Oper izinleri bir "operclass 'bloğunda tanımlanır.
* Görmeniz için: https://www.unrealircd.org/docs/Operclass_block
* UnrealIRCd varsayılan bloklar makalesi için,
* tam listesine bakınız. Buradan 'netadmin' seçiyoruz.
*/
operclass netadmin;
swhois "is a Network Administrator";
vhost netadmin.example.org;
}
vhost netadmin.mynet.org;
};
/* Listen blokları sunucu portu için gereken bağlantı noktalarını tanımlar.
* Diğer bir deyişle: Bu portlar kullanıcılar ve serverlar için
* sunucuya bağlantı kurmasını sağlar.
*
* Kullanımı:
* listen {
* listen
* {
* ip <ip numarası>;
* port <port numarası>;
* options {
* <seçenekler....>;
* }
* }
* };
* };
*/
/* Standard IRC port 6667
* Insecure plaintext (NOT for production servers)
* This listen block is here only for quick testing.
* Delete or comment out this listen block on production servers
* and use TLS on port 6697 instead.
*/
/* Standard IRC port 6667 */
listen {
ip *;
port 6667;
}
};
/* Standard IRC SSL/TLS port 6697 */
listen {
ip *;
port 6697;
options { tls; }
}
options { ssl; };
};
/* Özel SSL/TLS sadece sunucuları bağlamak için port */
listen {
ip *;
port 6900;
options { tls; serversonly; }
}
options { ssl; serversonly; };
};
/* DiKKAT: Eğer bir çok IP barındıran bir IRCd Shell kullanıyorsanız
* logunuzda olası 'Address already in use' hatasını alacaksınız
@@ -245,51 +209,50 @@ listen {
* Link blockları bir ağ oluşturmak için birden fazla sunucu bağlamaya izin verir.
* Görmek için: https://www.unrealircd.org/docs/Tutorial:_Linking_servers
*/
link hub.example.org
link hub.mynet.org
{
incoming {
mask *@something;
}
};
outgoing {
bind-ip *; /* veya açıkça bir IP */
hostname hub.example.org;
hostname hub.mynet.org;
port 6900;
options { tls; }
}
options { ssl; };
};
/* Kimlik doğrulaması için diğer sunucunun SPKI parmak izini kullanıyoruz.
* Kullanmamız için diğer tarafda './unrealircd spkifp' uygulayıp çalıştırıyoruz.
* *NIX'te şunu çalıştırın: ./unrealircd spkifp
* Windows'ta şunu çalıştırın: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp
* NOT: UnrealIRCd 4.0.16 veya üzeri versiyonları gerektirir.
*/
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; }
password "AABBCCDDEEFFGGHHIIJJKKLLMMNNOOPPQQRRSSTTUUV=" { spkifp; };
class servers;
}
};
/* Servis'ler için bağlantı bloğu genellikle çok daha basittir.
* Servis'lerin ne olduğu hakkında daha fazla bilgi için,
* https://www.unrealircd.org/docs/Services
*/
link services.example.org
link services.mynet.org
{
incoming {
mask 127.0.0.1;
}
};
password "changemeplease";
class servers;
}
};
/* U-lines satırları sunuculara daha güç/komut kazandırır.
* Eğer hizmetlerini kullanmak istiyorsanız onları buraya eklemeniz gerekir.
* ÖNEMLİ: ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
* ASLA buraya (normal) UnrealIRCd sunucunun adını yazmayınız!!!
*/
ulines {
services.example.org;
}
services.mynet.org;
};
/* Bu blok /DIE ve /RESTART için şifre tanımlamanızı sağlar. Sadece IRCOp'lar içindir.
* Bu genelde kazara sunucuyu yeniden başlatma ve kapanmasına karşı biraz
@@ -298,50 +261,27 @@ ulines {
drpass {
restart "restart";
die "die";
}
};
/* Bu log bloğu hangi dosyaya ve nelerin olması gerektiğini tanımlar.
* Görmeniz için: https://www.unrealircd.org/docs/Log_block
*/
/* Bu iyi bir varsayılandır, hata ayıklama ve
* join/part/kick dışındaki her şeyi günlüğe kaydeder.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.log" { maxsize 100M; }
}
}
/* Düzenli günlük kaydına ek olarak bir JSON günlük dosyası ekleyin.
* Bu her olayla ilgili birçok bilgi içerir dolayısıyla denetim amaçları
* için mükemmeldir ve makine tarafından okunabilir. Ancak insanlar için daha az okunabilir.
*/
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
file "ircd.json.log" { maxsize 250M; type json; }
}
}
/* Varsayılan ayarlar, neredeyse her şeyi kaydedecektir */
log "ircd.log" {
flags {
oper;
connects;
server-connects;
kills;
errors;
sadmin-commands;
chg-commands;
oper-override;
tkl;
spamfilter;
};
};
/* Bazı kullanıcılara veya botlara bir mesaj göndermek için "aliases"
* takma ad oluşturmanızı sağlar. Genellikle servisler için kullanılır.
@@ -352,43 +292,43 @@ log {
include "aliases/anope.conf";
/* Ban nick bloğu bir nickin sunucuda kullanımını yasaklamanıza olanak sağlar */
// ban nick {
// mask "*C*h*a*n*S*e*r*v*";
// reason "Servisler için ayrılmış";
// }
ban nick {
mask "*C*h*a*n*S*e*r*v*";
reason "Servisler için ayrılmış";
};
/* Ban ip.
* Normalde bunun için /KLINE, /GLINE ve /ZLINE kullanıldığını unutmayınız.
*/
// ban ip {
// mask 195.86.232.81;
// reason "Senden nefret ediyorum";
// }
ban ip {
mask 195.86.232.81;
reason "Senden nefret ediyorum";
};
/* Ban server - bir sunucunun bağlanmasını devredışı kılar */
// ban server {
// mask eris.berkeley.edu;
// reason "Defol buradan.";
// }
ban server {
mask eris.berkeley.edu;
reason "Defol git buradan.";
};
/* Ban user - normalde /KLINE veya /GLINE kullanıldığını unutmayınız */
// ban user {
// mask *tirc@*.saturn.bbn.com;
// reason "Aptal";
// }
ban user {
mask *tirc@*.saturn.bbn.com;
reason "Salak";
};
/* Ban realname bloğu bir kullanıcıyı, GECOS kısmı esas alınarak
* banlamanıza olanak sağlar.
*/
// ban realname {
// mask "Swat Team";
// reason "mIRKFORCE";
// }
ban realname {
mask "Swat Team";
reason "mIRKFORCE";
};
// ban realname {
// mask "sub7server";
// reason "sub7";
// }
ban realname {
mask "sub7server";
reason "sub7";
};
/* Ban ve TKL istisnaları. Kullanıcıları / makineleri gözetmeksizin
* KLINE, GLINE, gibi banlardan muaf tutmanıza olanak sağlar.
@@ -397,32 +337,30 @@ include "aliases/anope.conf";
* bir *LINE ban koyarsanız bile yinede muaf tutulacaksınız.
*/
/* except ban bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
// except ban {
// mask *@192.0.2.1;
// type all;
// }
/* This allows IRCCloud connections in without maxperip restrictions
* and also exempt them from connect-flood throttling.
*/
/* except ban bloğu, sizi KLINE ve ZLINE gibi banlardan koruyacaktır */
except ban {
mask *.irccloud.com;
type { maxperip; connect-flood; }
}
mask *@192.0.2.1;
// burada daha fazla mask girdileri ekleyebilirsiniz..
};
/* except tkl bloğu, sizi 'tüm' GLINE, GZLINE, QLINE, SHUN gibi banlardan koruyacaktır */
except tkl {
mask *@192.0.2.1;
type all;
};
/* Deny dcc bloğu, sunucu üzerinden DCC yoluyla dosya gönderilmesine izin vermeyecektir */
// deny dcc {
// filename "*sub7*";
// reason "Possible Sub7 Virus";
// }
deny dcc {
filename "*sub7*";
reason "Olası Sub7 Virüsü";
};
/* Deny channel bloğu, kullanıcıların belirtilen kanallara girmesini engeller */
// deny channel {
// channel "*warez*";
// reason "Warez is illegal";
// class "clients";
// }
deny channel {
channel "*warez*";
reason "Warez is illegal";
class "clients";
};
/* VHosts (Virtual Hosts) bloğu, kullanıcının yeni bir host alabilmesine olanak sağlar.
* Görmeniz için; https://www.unrealircd.org/docs/Vhost_block
@@ -432,12 +370,12 @@ except ban {
* DiKKAT: Güvenlik açısından aşağıdaki vhost::mask yönergesinde
* maske 'unrealircd.com' olarak belirlenmiştir.
*/
// vhost {
// vhost i.hate.microsefrs.com;
// mask *@unrealircd.com;
// login "test";
// password "test";
// }
vhost {
vhost i.hate.microsefrs.com;
mask *@unrealircd.com;
login "test";
password "test";
};
/* Blacklist blokları, bir kullanıcı bağlandığında IP adresinin drone saldırılarına
* neden olduğunu, bilinen bir saldırıya uğramış bir makine olup olmadığını görmek
@@ -459,12 +397,12 @@ blacklist dronebl {
dns {
name dnsbl.dronebl.org;
type record;
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; }
}
reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone belirlendi. Ayrıntılar için https://dronebl.org/lookup?ip=$ip adresine bakınız.";
}
};
/* EFnetRBL, belgeler ve cevap (reply) tiplerini görmek için https://rbl.efnetrbl.org/
* adresine bakınız.
@@ -477,56 +415,51 @@ blacklist efnetrbl {
dns {
name rbl.efnetrbl.org;
type record;
reply { 1; 4; 5; }
}
reply { 1; 4; 5; };
};
action gline;
ban-time 24h;
reason "Proxy/Drone/TOR tespit edildi. Ayrıntılar için https://rbl.efnetrbl.org/?i=$ip adresine bakınız.";
}
reason "Proxy/Drone/TOR belirlendi. Ayrıntılar için http://rbl.efnetrbl.org/?i=$ip adresine bakınız.";
};
/* Diğer yapılandırma dosyalarını dahil edebilirsiniz */
/* include "klines.conf"; */
/* Ağ yapılandırması */
set {
// BU 4 ÖĞENİN TÜMÜNÜ DEĞİŞTİRİN:
network-name "ExampleNET";
default-server "irc.example.org";
services-server "services.example.org";
stats-server "stats.example.org";
/* Normal varsayılanlar */
network-name "MYNet";
default-server "irc.mynet.org";
services-server "services.mynet.org";
stats-server "stats.mynet.org";
help-channel "#Help";
cloak-prefix "Clk";
hiddenhost-prefix "Clk";
prefix-quit "Quit";
/* Gizleme anahtarları ağ üzerindeki bütün sunucularda aynı olmalı.
* Bu anahtarlar maskeli hostlar yaratmak ve bunları saklamak için kullanılır.
* Anahtarlar 80 karakterlik 3 rastgele diziden oluşmalı ve küçük harf (a-z),
* büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unrealircd gencloak' Unrealircd sizin için rastgele 3 adet dizin oluşturur.
* Anahtarlar 5-100 karakterlik (10-20 karakter yeterli) 3 rastgele diziden oluşmalı ve
* küçük harf (a-z), büyük harf (A-Z) ve rakamlardan (0-9) meydana gelmelidirler.. [ilk örneğe bakınız].
* IPUCU: './unreal gencloak' Unreal sizin için rastgele 3 adet dizin oluşturur.
* Bunu NIX üzerinde çalıştırabilirsiniz.
* On Windows, use "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak
*/
cloak-keys {
"Oozahho1raezoh0iMee4ohvegaifahv5xaepeitaich9tahdiquaid0geecipahdauVaij3zieph4ahi";
"aoAr1HnR6gl3sJ7hVz4Zb7x4YwpW";
"ve diğeri";
"ve diğeri";
}
}
};
};
/* Sunucunun kendine özgü yapılandırması */
set {
// SON OLARAK, BU SONRAKİ ÖĞEYİ DEĞİŞTİRMENİZ GEREKİR:
kline-address 'set.this.to.email.address'; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
kline-address "set.this.to.email.address"; /* bir kullanıcı banlandığında e-mail yada URL satırı gösterir */
modes-on-connect "+ixw"; /* kullanıcılar bağlandığında, bu modları alacaktır */
modes-on-oper "+xws"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
modes-on-join "+nt"; /* yeni bir kanal oluşturulduğunda varsayılan kanal modlarını alacaktır */
modes-on-oper "+xwgs"; /* Birisi IRC Operatör olduğunda bu modları alacaktır */
oper-auto-join "#opers"; /* IRCoplar bu kanala otomatik olarak giriş yapacaktır */
options {
hide-ulines; /* U-lines satırları /MAP ve /LINKS komutunda gözükmez */
show-connect-info; /* sunucuya bağlanırken "looking up your hostname" mesajı görüntülenecektir */
}
};
maxchannelsperuser 10; /* bir kullanıcının maksimum girebileceği kanal sayısı */
@@ -541,12 +474,15 @@ set {
/* static-part /PART komutu ile aynı işi görür */
/* static-part yes; */
/* Flood Koruması:
* Bunun için birçok ayarları vardır ve çoğu iyi varsayılanlara sahiptir.
* Görmeniz için: https://www.unrealircd.org/docs/Set_block#set::anti-flood
*/
/* /STATS komutunu operler için kısıtlar. Önerilen * (TÜMÜ) */
oper-only-stats "*";
/* Anti flood Koruması */
anti-flood {
}
nick-flood 3:60; /* Her 60 saniyede 3 nick değişikliği (varsayılan) */
connect-flood 3:60; /* Her 60 saniyede 3 bağlantı girişi izni (varsayılan) */
away-flood 4:120; /* Her 2 dakikada 4 kez /AWAY kullanımı izni (varsayılan) */
};
/* Spam filter Ayarları */
spamfilter {
@@ -554,136 +490,17 @@ set {
ban-reason "Spam/Advertising"; /* varsayılan sebep */
virus-help-channel "#help"; /* 'viruschan' eylemi için kullanılacak kanal */
/* except "#help"; Spamfilter'den muaf tutulacak kanal */
}
/* Belirli komutları kısıtlayın.
* See https://www.unrealircd.org/docs/Set_block#set::restrict-commands
*/
restrict-commands {
list {
except {
connect-time 60;
identified yes;
reputation-score 24;
}
}
invite {
except {
connect-time 120;
identified yes;
reputation-score 24;
}
}
/* Yukarıda gösterildiği gibi herhangi bir komutu kısıtlama
* yeteneğine sahiptir. Ayrıca kısıtlayabileceğiniz 4
* özel tip vardır. Bunlar "private-message",
* "private-notice", "channel-message" ve "channel-notice".
* Bu örnekte olduğu gibi (kapalı) yorumlanmıştır:
*/
//private-message {
// except { connect-time 10; }
//}
//private-notice {
// except { connect-time 10; }
//}
}
}
};
};
/* Son olarak, bir MOTD (Günün Mesajı) oluşturabilirsiniz, bu
* conf/ dizininde 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
* Bu dosyanın içeriği bağlantı kuran kullanıcılara gösterilecektir.
* Daha fazla bilgi için https://www.unrealircd.org/docs/MOTD_and_Rules bölümünü inceleyiniz.
*/
/*
* Aşağıdaki ayar "bilinmeyen kullanıcılar" için bağlantı kısıtlamasını yapılandıracaktır.
*
* UnrealIRCd, IP adreslerinden bağlanan çok sayıda kullanıcı tespit ettiğinde
* daha önce görülmemişse, yeni IP'lerden gelen bağlantılar ayarlanan
* hızın üzerinde reddedilir. örneğin 10:60'ta dakikada sadece 10 kullanıcı daha önce
* görülmemiş şekilde bağlanabilir. Bilinen IP adresleri, ayarlanan orandan bağımsız olarak
* her zaman girebilir. SASL kullanarak giriş yapan kullanıcılar için de aynıdır.
*
* Ayrıntılar için https://www.unrealircd.org/docs/Connthrottle adresine bakınız.
* Veya aşağıdaki varsayılan yapılandırma ayarlarını okumaya devam edin:
*/
set {
connthrottle {
/* ilk önce "bilinen kullanıcılar" dediğimiz şeyi yapılandırmalıyız.
* Varsayılan olarak bunlar, IP adresleri üzerinde 24 veya
* daha yüksek puana sahip kullanıcılardır. 24 puan IP'nin geçen ay
* en az 2 saat (veya kayıtlıysa en az 1 saat) boyunca bu sunucuya
* bağlı olduğu anlamına gelir.
* Sasl-bypass seçeneği başka bir ayardır. Bu ayar
* SASL aracılığıyla hizmetlere kimlik doğrulaması yapan
* kullanıcıların da bilinen kullanıcılar olarak kabul edildiği anlamına gelir.
* "known-users" grubundaki kullanıcılar (herhangi bir reputation
* veya SASL) modülleri tarafından her zaman izin verilir.
*/
except {
reputation-score 24;
identified yes;
/* daha fazla seçenek için bkz.
* https://www.unrealircd.org/docs/Mask_item
*/
}
/* Yeni kullanıcılar, aşağıdakilere ait olmayan tüm
* bilinen-kullanıcılar grubundandır. Bunlar "yeni" ve
* bu tür yeni kullanıcıların çok sayıda bağlanması durumunda
* bağlantı hızı sınırlamasına tabidirler.
* Varsayılan bu oran dakikada 20 yeni yerel kullanıcı
* ve dakikada 30 yeni global kullanıcı olarak belirlenmiştir.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
}
/* Bu modülün ne zaman aktif OLMAYACAĞINI yapılandırır.
* Varsayılan ayarlar, şu durumlarda modülü devre dışı bırakacaktır:
* - Reputation modülü 1 haftadan kısa bir süredir çalışıyor ise.
* 1 haftadan az çalışıyorsa, kimin "bilinen kullanıcı"
* olduğunu düşünmek için yeterli veri yoktur.
* - Sunucu yeni açıldı (ilk 3 dakika).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
}
}
}
/* KANAL GEÇMİŞİ:
* UnrealIRCd, kullanıcılar tarafından bir kanala katılmadan önce
* kanal geçmişini okumak için, kullanılabilen +H kanal moduna sahip olmalıdır.
* Bu özellik hakkında bilgi için bkz. https://www.unrealircd.org/docs/Channel_history
*
* Geçmiş limitleri set::history aracılığıyla yapılandırılabilir. Varsayılan ayarlar
* muhtemelen sizin için zaten iyidir, ancak düşük bellekli bir sistemdeyseniz veya
* binlerce kanalınız varsa, iki kez kontrol etmek isteyebilirsiniz. Seçenekler için
* https://www.unrealircd.org/docs/Set_block#set::history adresine bakın.
*
* Buna ek olarak "kalıcı kanal geçmişine" sahip olabilirsiniz. Bu kanal
* geçmişinin diskte şifreli olarak depolandığı ve böylece IRC sunucusu yeniden
* başlatılması halinde korunması anlamına gelir.
* bkz. https://www.unrealircd.org/docs/Set_block#Persistent_channel_history
* Kalıcı geçmiş özelliği varsayılan olarak ETKİNLEŞTİRİLMEMİŞTİR bunun için
* bir secret { } bloğu yapılandırmanız gerekir. Aşağıdaki yapılandırma dosyasında
* saklanan parolalar doğrudan bunlara basit bir örnektir.
* Daha iyi güvenlik elde etmek için https://www.unrealircd.org/docs/Secret_block
* adresini okuyun böylece şifreleri doğrudan yapılandırmada saklamazsınız.
*/
//secret historydb { password "somepassword"; }
//set { history { channel { persist yes; db-secret "historydb"; } } }
/* Son olarak, bir MOTD'ye (Günün Mesajı) sahip olmak isteyebilirsiniz, bunu
* conf/ dizininizde bir 'ircd.motd' metin dosyası oluşturarak yapabilirsiniz.
* Bu dosya bağlantıda kullanıcılarınıza gösterilecektir.
* Daha fazla bilgi için bkz. https://www.unrealircd.org/docs/MOTD_and_Rules
*/
/*
* Sorun mu yaşıyorsunuz veya daha fazla yardıma mı ihtiyacınız var?
* 1) https://www.unrealircd.org/docs/
* Sorununuza veya daha fazla yardımamı ihtiyacınız var?
* 1) https://www.unrealircd.org/docs/UnrealIRCd_4_documentation
* 2) https://www.unrealircd.org/docs/FAQ <- sorularınızın %80 ini kapsamakta!
* 3) Eğer probleminiz hala devam ediyorsa:
* - Forums: https://forums.unrealircd.org/
doc/conf/help/help.conf
+338 -508
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.de.conf
+182 -148
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.es.conf
-1439
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.fr.conf
+383 -425
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.it.conf
+192 -146
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.nl.conf
-1431
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.pl.conf
-1499
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.ru.conf
+504 -554
View File
File diff suppressed because it is too large Load Diff
doc/conf/help/help.tr.conf
+473 -679
View File
File diff suppressed because it is too large Load Diff
doc/conf/modules.default.conf
+131 -259
View File
@@ -1,5 +1,4 @@
/* [6.2.6-rc1]
* This file will load (nearly) all modules available on UnrealIRCd.
/* This file will load (nearly) all modules available on UnrealIRCd.
* So all commands, channel modes, user modes, etc..
*
* If you want to have all UnrealIRCd functionality, then include this
@@ -11,169 +10,142 @@
* 1) Keep the include for modules.default.conf as usual and make use
* of blacklist-module "xyz"; to selectively disable modules.
* See https://www.unrealircd.org/docs/Blacklist-module_directive
* This is the highly recommended approach of doing customizations!
* 2) OR, make a copy of this file (eg: name it modules.custom.conf)
* and edit it. Then include that file from your unrealircd.conf
* instead of this one.
* The problem with this option #2 is that you need to track ALL
* changes in UnrealIRCd, that means: every loadmodule line that
* we add or remove in each and every release. If you don't do this
* or forget one little loadmodule line then you will end up with:
* * Missing functionality (that could have been useful)
* * Breaking of existing functionality, like the (in)famous example
* of when the existing svslogin command got split off in a separate
* new svslogin module and people who didn't load that new module
* would have services who would not set users as 'logged in'.
* Or the existing anti connect-flood feature being split off into
* the 'connect-flood' module, so your server suddenly being
* vulnerable to connect flooding because you failed to load it.
* So please do know what you are doing if you choose option #2.
* Again, best is to go for option #1 and opt-out.
* The downside of option #2 is that you will need to track changes
* in the original modules.default.conf with each new UnrealIRCd
* release to make sure you don't miss any new functionality (as new
* important modules may be added you need to add them to your conf).
* You don't have this problem with option #1.
*/
/*** Cloaking (for user mode +x) ***/
loadmodule "cloak";
/*** Commands ***/
// User commands (MINIMAL)
// These provide just the minimal set of IRC commands that are
// required by RFC1459 along with WATCH and MAP.
loadmodule "admin";
loadmodule "away";
loadmodule "invite";
loadmodule "ison";
loadmodule "join";
loadmodule "kick";
loadmodule "links";
loadmodule "list";
loadmodule "lusers";
loadmodule "map";
loadmodule "message";
loadmodule "mode";
loadmodule "motd";
loadmodule "names";
loadmodule "nick";
loadmodule "part";
loadmodule "pass";
loadmodule "pingpong";
loadmodule "protoctl";
loadmodule "quit";
loadmodule "rules";
loadmodule "topic";
loadmodule "user";
loadmodule "userhost";
loadmodule "watch";
loadmodule "whox";
loadmodule "whois";
loadmodule "whowas";
loadmodule "m_admin";
loadmodule "m_away";
loadmodule "m_invite";
loadmodule "m_ison";
loadmodule "m_join";
loadmodule "m_kick";
loadmodule "m_links";
loadmodule "m_list";
loadmodule "m_lusers";
loadmodule "m_map";
loadmodule "m_message";
loadmodule "m_mode";
loadmodule "m_motd";
loadmodule "m_names";
loadmodule "m_nick";
loadmodule "m_part";
loadmodule "m_pass";
loadmodule "m_pingpong";
loadmodule "m_protoctl";
loadmodule "m_quit";
loadmodule "m_rules";
loadmodule "m_topic";
loadmodule "m_user";
loadmodule "m_userhost";
loadmodule "m_watch";
loadmodule "m_who";
loadmodule "m_whois";
loadmodule "m_whowas";
// User commands (EXTENDED)
// These are commands that provide extended functionality.
loadmodule "botmotd";
loadmodule "cap";
loadmodule "cycle";
loadmodule "dccallow";
loadmodule "help";
loadmodule "knock";
loadmodule "lag";
loadmodule "sasl";
loadmodule "setname";
loadmodule "silence";
loadmodule "starttls";
loadmodule "time";
loadmodule "userip";
loadmodule "vhost";
loadmodule "history";
loadmodule "m_botmotd";
loadmodule "m_cap";
loadmodule "m_cycle";
loadmodule "m_dccallow";
loadmodule "m_help";
loadmodule "m_knock";
loadmodule "m_lag";
loadmodule "m_sasl";
loadmodule "m_setname";
loadmodule "m_silence";
loadmodule "m_starttls";
loadmodule "m_time";
loadmodule "m_userip";
loadmodule "m_vhost";
// IRC Operator commands
// Note: several of these like kill are also server-to-server commands
// Note: several of these like m_kill are also server-to-server commands
// which are required if you link to other servers.
loadmodule "addmotd";
loadmodule "addomotd";
loadmodule "chghost";
loadmodule "chgident";
loadmodule "chgname";
loadmodule "close";
loadmodule "connect";
loadmodule "squit";
loadmodule "dccdeny";
loadmodule "globops";
loadmodule "kill"; /* also server-to-server */
loadmodule "locops";
loadmodule "mkpasswd";
loadmodule "oper";
loadmodule "operinfo"; /* not really a command but for whois */
loadmodule "opermotd";
loadmodule "sajoin";
loadmodule "samode";
loadmodule "sapart";
loadmodule "sdesc";
loadmodule "sethost";
loadmodule "setident";
loadmodule "stats";
loadmodule "tkl"; /* also server-to-server */
loadmodule "tline";
loadmodule "trace";
loadmodule "tsctl";
loadmodule "unsqline";
loadmodule "m_addmotd";
loadmodule "m_addomotd";
loadmodule "m_chghost";
loadmodule "m_chgident";
loadmodule "m_chgname";
loadmodule "m_close";
loadmodule "m_connect";
loadmodule "m_squit";
loadmodule "m_dccdeny";
loadmodule "m_globops";
loadmodule "m_kill"; /* also server-to-server */
loadmodule "m_locops";
loadmodule "m_mkpasswd";
loadmodule "m_oper";
loadmodule "m_opermotd";
loadmodule "m_sajoin";
loadmodule "m_samode";
loadmodule "m_sapart";
loadmodule "m_sdesc";
loadmodule "m_sethost";
loadmodule "m_setident";
loadmodule "m_stats";
loadmodule "m_tkl"; /* also server-to-server */
loadmodule "m_trace";
loadmodule "m_tsctl";
loadmodule "m_undccdeny";
loadmodule "m_unsqline";
loadmodule "m_wallops";
loadmodule "jumpserver";
// Server-to-server commands
// Don't remove these, unless you never link to other servers.
loadmodule "eos";
loadmodule "md";
loadmodule "netinfo";
loadmodule "server";
loadmodule "sjoin";
loadmodule "sqline";
loadmodule "swhois";
loadmodule "umode2";
loadmodule "sinfo";
loadmodule "require-module";
loadmodule "slog";
loadmodule "creationtime";
loadmodule "sreply";
loadmodule "unreal_server_compat";
loadmodule "m_eos";
loadmodule "m_md";
loadmodule "m_netinfo";
loadmodule "m_server";
loadmodule "m_sjoin";
loadmodule "m_sqline";
loadmodule "m_swhois";
loadmodule "m_umode2";
loadmodule "m_sinfo";
// Services commands
// You could disable these if you don't use Services
// https://www.unrealircd.org/docs/Services
loadmodule "sendsno";
loadmodule "sendumode";
loadmodule "svsjoin";
loadmodule "svskill";
loadmodule "svslusers";
loadmodule "svsmode";
loadmodule "svsmotd";
loadmodule "svsnick";
loadmodule "svsnline";
loadmodule "svsnolag";
loadmodule "svsnoop";
loadmodule "svspart";
loadmodule "svssilence";
loadmodule "svssno";
loadmodule "svswatch";
loadmodule "svso";
loadmodule "svslogin";
loadmodule "m_sendsno";
loadmodule "m_sendumode";
loadmodule "m_svsfline";
loadmodule "m_svsjoin";
loadmodule "m_svskill";
loadmodule "m_svslusers";
loadmodule "m_svsmode";
loadmodule "m_svsmotd";
loadmodule "m_svsnick";
loadmodule "m_svsnline";
loadmodule "m_svsnolag";
loadmodule "m_svsnoop";
loadmodule "m_svspart";
loadmodule "m_svssilence";
loadmodule "m_svssno";
loadmodule "m_svswatch";
/*** Channel modes ***/
loadmodule "chanmodes/chanowner"; /* +q */
loadmodule "chanmodes/chanadmin"; /* +a */
loadmodule "chanmodes/chanop"; /* +o */
loadmodule "chanmodes/halfop"; /* +h */
loadmodule "chanmodes/voice"; /* +v */
loadmodule "chanmodes/key"; /* +k */
loadmodule "chanmodes/limit"; /* +l */
loadmodule "chanmodes/inviteonly"; /* +i */
loadmodule "chanmodes/secret"; /* +s */
loadmodule "chanmodes/private"; /* +p */
loadmodule "chanmodes/moderated"; /* +m */
loadmodule "chanmodes/noexternalmsgs"; /* +n */
loadmodule "chanmodes/topiclimit"; /* +t */
loadmodule "chanmodes/floodprot"; /* +f */
loadmodule "chanmodes/nocolor"; /* +c */
loadmodule "chanmodes/noctcp"; /* +C */
loadmodule "chanmodes/stripcolor"; /* +S */
loadmodule "chanmodes/isregistered"; /* +r */
loadmodule "chanmodes/issecure"; /* +Z */
loadmodule "chanmodes/permanent"; /* +P */
loadmodule "chanmodes/link"; /* +L */
@@ -188,11 +160,9 @@ loadmodule "chanmodes/nonickchange"; /* +N */
loadmodule "chanmodes/nokick"; /* +Q */
loadmodule "chanmodes/regonlyspeak"; /* +M */
loadmodule "chanmodes/secureonly"; /* +z */
loadmodule "chanmodes/history"; /* +H */
/*** User modes ***/
loadmodule "usermodes/wallops"; /* +w (listen to /WALLOPS messages) */
loadmodule "usermodes/bot"; /* +B (mark yourself as a bot) */
loadmodule "usermodes/servicebot"; /* +S (service bot) */
loadmodule "usermodes/noctcp"; /* +T (block CTCP's) */
@@ -201,139 +171,41 @@ loadmodule "usermodes/showwhois"; /* +W (show if someone does /WHOIS) */
loadmodule "usermodes/privacy"; /* +p (privacy, hide channels in /WHOIS) */
loadmodule "usermodes/nokick"; /* +q (unkickable oper) */
loadmodule "usermodes/regonlymsg"; /* +R (only registered users may private message you) */
loadmodule "usermodes/secureonlymsg"; /* +Z (only TLS users may private message you) */
loadmodule "usermodes/secureonlymsg"; /* +Z (only SSL/TLS users may private message you) */
loadmodule "usermodes/privdeaf"; /* +D (don't let other user PM you) */
/*** Server notice masks */
loadmodule "snomasks/dccreject"; /* +D (rejected DCC's) */
/*** Extended Bans ***/
loadmodule "extbans/join"; /* +b ~join (old ~j mode, prevent only joins) */
loadmodule "extbans/quiet"; /* +b ~quiet (old ~q mode, prevent only messaging) */
loadmodule "extbans/nickchange"; /* +b ~nickchange (old ~n mode, prevent only nick changes) */
loadmodule "extbans/realname"; /* +b ~realname (old ~r mode, ban by real name) */
loadmodule "extbans/account"; /* +b ~account (old ~a mode, ban/exempt if logged in with services account) */
loadmodule "extbans/inchannel"; /* +b ~channel (old, ~c mode, ban/exempt if in channel) */
loadmodule "extbans/operclass"; /* +b ~operclass (old ~O mode, ban/exempt by operclass) */
loadmodule "extbans/certfp"; /* +b ~certfp (old ~S mode, ban/exempt by certfp) */
loadmodule "extbans/textban"; /* +b ~text (old ~T mode, censor or block text) */
loadmodule "extbans/timedban"; /* +b ~time (old ~t mode, timed bans / temporary bans) */
loadmodule "extbans/partmsg"; /* +b ~partmsg (old ~p mode, hide part/quit message) */
loadmodule "extbans/securitygroup"; /* +b ~security-group (old ~G mode, security group) */
loadmodule "extbans/country"; /* +b ~country (country via geoip) */
loadmodule "extbans/msgbypass"; /* +e ~msgbypass (old ~m mode, bypass message restrictions) */
loadmodule "extbans/flood"; /* +e ~flood (flood exemption for chanmode +f/+F) */
loadmodule "extbans/asn"; /* +b ~asn (ASN via geoip) */
loadmodule "extbans/inherit"; /* +b ~inherit (inherit bans from another channel) */
loadmodule "extbans/join"; /* +b ~j (prevent only joins) */
loadmodule "extbans/quiet"; /* +b ~q (prevent only messaging) */
loadmodule "extbans/nickchange"; /* +b ~n (prevent only nick changes) */
loadmodule "extbans/realname"; /* +b ~r (ban by real name) */
loadmodule "extbans/regnick"; /* +b ~R (ban/exempt if using registered nick) */
loadmodule "extbans/account"; /* +b ~a (ban/exempt if logged in with services account) */
loadmodule "extbans/inchannel"; /* +b ~c (ban/exempt if in channel) */
loadmodule "extbans/operclass"; /* +b ~O (ban/exempt by operclass) */
loadmodule "extbans/certfp"; /* +b ~S (ban/exempt by certfp) */
loadmodule "extbans/textban"; /* +b ~T (censor or block text) */
loadmodule "extbans/msgbypass"; /* +e ~m (bypass message restrictions) */
loadmodule "extbans/timedban"; /* +b ~t (timed bans / temporary bans) */
/*** IRCv3 extensions ***/
loadmodule "account-notify"; /* send ACCOUNT message upon services account login */
loadmodule "message-tags"; /* add tags to messages, required for various IRCv3 features */
loadmodule "batch"; /* also required for several IRCv3 features */
loadmodule "server-time"; /* adds server timestamp to various messages */
loadmodule "message-ids"; /* adds unique msgid to various messages */
loadmodule "account-tag"; /* adds services account information to messages */
loadmodule "echo-message"; /* shows clients if their messages are altered/filtered */
loadmodule "labeled-response"; /* correlate requests and responses easily */
loadmodule "bot-tag"; /* indicate the message comes from a bot (draft/bot) */
loadmodule "typing-indicator"; /* typing indicator in PM and channels (+typing) */
loadmodule "channel-context";
loadmodule "reply-tag"; /* indicate to which message you are responding (+draft/reply) */
loadmodule "clienttagdeny"; /* informs clients about supported client-only message tags */
loadmodule "sts"; /* strict transport policy (set::tls::sts-policy) */
loadmodule "link-security"; /* link-security announce */
loadmodule "plaintext-policy"; /* plaintext-policy announce */
loadmodule "chathistory"; /* CHATHISTORY client command, 005 and a CAP (draft) */
loadmodule "monitor"; /* MONITOR command with functionality similar to WATCH */
loadmodule "extended-monitor"; /* add away status, gecos and userhost changes to MONITOR (draft) */
loadmodule "standard-replies"; /* Standard Replies */
loadmodule "no-implicit-names"; /* Opt out of receiving implicit NAMES when joining a channel */
loadmodule "extended-isupport"; /* draft/extended-isupport */
loadmodule "multiline"; /* draft/multiline */
/*** RPC modules ***/
// There's a JSON-RPC interface that can be used to communicate with UnrealIRCd
// outside of IRC. See https://www.unrealircd.org/docs/JSON-RPC for more info.
// Or, more technical, for a list of all JSON-RPC Methods, have a look at
// https://www.unrealircd.org/docs/JSON-RPC:Technical_documentation
// (Don't just look at the list of rpc/* modules below, occasionaly some rpc
// functionality is together in a regular module which has no rpc/* prefix)
//
// By loading the following modules, we enable RRPC for intra-server JSON-RPC,
// so calls like modules.list work properly accross the network. It DOES NOT
// enable the webserver, nor does it listen on any RPC socket. For that, you
// need to include "conf/rpc.modules.default.conf";
loadmodule "rpc/rpc";
loadmodule "rpc/stats";
loadmodule "rpc/user";
loadmodule "rpc/server";
loadmodule "rpc/channel";
loadmodule "rpc/server_ban";
loadmodule "rpc/server_ban_exception";
loadmodule "rpc/name_ban";
loadmodule "rpc/spamfilter";
loadmodule "rpc/log";
loadmodule "rpc/whowas";
loadmodule "rpc/message";
loadmodule "rpc/security_group";
/*** CAP modules ***/
loadmodule "cap/sts"; /* strict transport policy (set::ssl::sts-policy) */
loadmodule "cap/plaintext-policy"; /* plaintext-policy announce */
loadmodule "cap/link-security"; /* link-security announce */
/*** Other ***/
// These are modules that don't fit in any of the previous sections
loadmodule "ident_lookup"; /* Ident lookups if set::options::identd-check is set*/
loadmodule "certfp"; /* TLS certificate fingerprint in /WHOIS (& more) */
loadmodule "tls_cipher"; /* Store and retrieve TLS cipher of local and remote clients */
loadmodule "tls_antidos"; /* prevent TLS DoS (renegotiate floods) */
loadmodule "connect-flood"; /* throttling against connection flooding */
loadmodule "max-unknown-connections-per-ip"; /* limit number of connections in 'unknown state' */
loadmodule "certfp"; /* SSL certificate fingerprint in /WHOIS (& more) */
loadmodule "ssl_antidos"; /* prevent SSL DoS (renegotiate floods) */
loadmodule "m_nopost"; /* Block POST commands (Firefox XPS IRC Attack) */
loadmodule "webirc"; /* WEBIRC command. See webirc block. */
loadmodule "blacklist"; /* Blacklist support (DNSBL). See blacklist block. */
loadmodule "jointhrottle"; /* set::anti-flood::join-flood (previously chanmode +j) */
loadmodule "charsys"; /* Provides set::allowed-nickchars (must always be loaded!) */
loadmodule "authprompt"; /* Authentication prompt, see set::authentication-prompt */
loadmodule "history_backend_mem"; /* History storage backend (used by chanmodes/history) */
loadmodule "tkldb"; /* Write TKLines to .db file */
loadmodule "channeldb"; /* Write channel settings to .db file (+P channels only) */
loadmodule "rmtkl"; /* Easily remove *-Lines in bulk with /RMTKL */
loadmodule "restrict-commands"; /* Provides set::restrict-commands settings */
loadmodule "reputation"; /* used by Connthrottle and others, see next */
loadmodule "connthrottle"; /* see https://www.unrealircd.org/docs/Connthrottle */
loadmodule "userip-tag"; /* unrealircd.org/userip tag for ircops (IP address) */
loadmodule "userhost-tag"; /* unrealircd.org/userhost tag for ircops (real host) */
loadmodule "geoip-tag"; /* unrealircd.org/geoip tag for ircops (country) */
loadmodule "json-log-tag"; /* unrealircd.org/json-log tag and CAP for ircops */
loadmodule "issued-by-tag"; /* unrealircd.org/issued-by tag for servers and ircops */
loadmodule "real-quit-reason"; /* unrealircd.org/real-quit-reason for servers only */
loadmodule "targetfloodprot"; /* set::anti-flood::target-flood protection */
loadmodule "watch-backend"; /* used by watch and other modules */
loadmodule "geoip_base"; /* needed for ALL geoip functions */
loadmodule "websocket_common"; /* helper functions for websocket (internal) */
loadmodule "spamreport"; /* Spam reporting to a blacklist */
loadmodule "crule"; /* Rules in spamfilter::rule and deny link::rule */
loadmodule "maxperip"; /* allow::maxperip restrictions */
loadmodule "utf8functions"; /* Various UTF8 helper functions */
loadmodule "utf8only"; /* UTF8ONLY via set::utf8-only */
loadmodule "portinfo"; /* storing local_port and server_port of users */
loadmodule "isupport"; /* ISUPPORT / numeric 005 handling */
@if !defined(NO_DEFAULT_GEOIP)
@if $GEOIP_ENGINE != "none"
loadmodule "$GEOIP_ENGINE";
@endif
@if module-loaded("geoip_classic")
set {
geoip-classic {
ipv4-database "https://geoip.unrealircd.org/classic/GeoIP.dat" { url-refresh 14d; url-fail warn; }
ipv6-database "https://geoip.unrealircd.org/classic/GeoIPv6.dat" { url-refresh 14d; url-fail warn; }
asn-ipv4-database "https://geoip.unrealircd.org/classic/GeoIPASNum.dat" { url-refresh 14d; url-fail warn; }
asn-ipv6-database "https://geoip.unrealircd.org/classic/GeoIPASNumv6.dat" { url-refresh 14d; url-fail warn; }
}
}
@endif
@if module-loaded("geoip_mmdb")
set {
geoip-mmdb {
database "https://geoip.unrealircd.org/mmdb/GeoIP.mmdb" { url-refresh 14d; url-fail warn; }
asn-database "https://geoip.unrealircd.org/mmdb/GeoIP-ASN.mmdb" { url-refresh 14d; url-fail warn; }
}
}
@endif
@endif
doc/conf/modules.optional.conf
+149 -139
View File
@@ -15,14 +15,12 @@
// This add the /IRCOPS command: A more visual way for users
// to see which IRCOps are online.
loadmodule "ircops";
loadmodule "m_ircops";
// This adds the /STAFF command: This command simply displays
// a text file that you can configure here:
loadmodule "staff";
@if module-loaded("staff")
set { staff-file "network.staff"; }
@endif
loadmodule "m_staff";
set { staff-file "network.staff"; };
/*** Channel modes ***/
@@ -38,8 +36,7 @@ loadmodule "nocodes";
// The hideserver module will hide /MAP and /LINKS to regular users.
// It does not truly enhance security as server names can still be
// seen at other places.
// Comment out the following line to enable this:
// loadmodule "hideserver";
loadmodule "hideserver";
// The antirandom module will kill or *line users that have a nick,
// ident and/or realname that is considered "random".
@@ -49,29 +46,28 @@ loadmodule "nocodes";
// the module may consider a sequence of characters "random" even though
// it is a perfectly pronounceable word in your language.
loadmodule "antirandom";
@if module-loaded("antirandom")
set {
antirandom {
/* THRESHOLD:
* This is the most important setting of all.
* For every randomly looking item the user gets a certain amount of
* 'points'. If the points reach the 'threshold' then the appropriate
* This is pretty much the most important setting of all.
* For every randomly looking ident the user gets a certain amount of
* 'points', if this value reaches 'threshold' then the appropriate
* action is taken (killed, *lined, see later on).
* lower = more randomly looking users will be caught
* (but also more innocent users).
* higher = less chance of innocent users getting killed
* (but also less chance on bots getting caught).
* lower = more randomly looking users will be catched (but also more
* innocent users)
* higher = less chance of innocent users getting killed, but also less
* chance on bots getting catched.
* <2: DON'T!!
* 4: Works good, probably a few more innocent kills, but if you have a
* big problem with drone attacks then this might be a good setting.
* 4: Works good, probably a few more innocent kills but if you got
* quite a bot problem then this might be a useful setting.
* 5: Works well with few innocent kills, probably good to begin with.
* 6: If you want to be a tad more careful
* >6: For the paranoid. Module can still be quite effective, though :)
*/
threshold 6;
threshold 7;
/* BAN-ACTION:
* Action to take whenever the user is caught as random, options:
* Action to take whenever the user is catched as random, options:
* warn, kill, gline, gzline, kline, zline, shun, tempshun
*/
ban-action kill;
@@ -86,85 +82,80 @@ set {
ban-time 4h;
/* BAN-REASON:
* The ban or kill reason to use.
* Tip: you might want to put in an entry to a FAQ or an email address where
* users can mail if they have been caught and don't know what to do.
* NOTE: One of the various reasons that "innocent users" are blocked is when
* they randomly type in info for their nick, ident, or realname.
* The ban (or kill) reason to use.
* You might want to put in an entry to a FAQ or an email address
* where users can mail if they have been catched and don't know what to do.
* NOTE: One of the various reasons that ""innocent users"" are catched is
* if they just randomly type in info for their nick, ident, or realname.
*/
ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
/* CONVERT-TO-LOWERCASE:
* Convert nicks, idents, and realnames to lowercase before doing random checks?
* Useful to catch GnStA5FYhiTH51TUkf style random nicks as random.
* This has not been tested extensively for false positives, but might be (very)
* helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
* Enabled by default.
*/
convert-to-lowercase yes;
/* FULLSTATUS-ON-LOAD:
* If enabled, then upon loading it will check all users that are currently
* connected and give a status report about who it would have killed.
* Note that it doesn't actually kill any currently connected users, it is for
* informative purposes only.
* This can be (very) useful if you use the module for the first time.
* But you probably want to disable it after a while, since once the module
* is actively dealing with randomly looking persons, it shouldn't report any
* users anymore on load and then this check only eats useless CPU on /REHASH.
* Enabled by default.
*/
fullstatus-on-load yes;
/* SHOW-FAILEDCONNECTS:
* This will send out a notice whenever a randomly looking user has been caught
* during connecting. This can be pretty noisy.
* This will send out a notice whenever a randomly looking user has been catched
* during connecting. Obviously this can be pretty noisy.
* Especially recommended to enable during the first few days you use this module.
*/
show-failedconnects yes;
/* EXCEPT:
* Don't do antirandom checks for these users.
/* EXCEPT-HOSTS:
* Hostmasks on this list are matched against the IP and hostname of the connecting
* user. If it matches then we do not check if the nick/ident/realname is random.
* NOTE: Use the REAL host or IP here, not any cloaked hosts!
*/
except {
/* Exempt WEBIRC gateways because these frequently
* cause false positives. So the default is yes.
*/
webirc yes;
except-hosts {
mask 192.168.*;
mask 127.*;
};
/* Exempt LAN users */
ip { 192.168.*; 127.*; }
// Or by hostname:
//mask { *.example.net; }
/* You can also exempt security groups: */
// security-group known-users;
/* For all options, see https://www.unrealircd.org/docs/Mask_item */
}
}
}
@endif
// This module will send a HTTP 301 redirect to any client which sends
// a HTTP request to us. This is commented out by default:
//loadmodule "webredir";
//set {
// webredir {
// url 'https://...';
// }
//}
// Load the webserver module, needed for websocket (see next)
loadmodule "webserver";
/* EXCEPT-WEBIRC:
* This will make antirandom not check connections from WEBIRC gateways.
* ( see https://www.unrealircd.org/docs/WebIRC_block )
* It seems WEBIRC connections frequently cause false positives so the
* default is 'yes'.
*/
except-webirc yes;
};
};
// This adds websocket support. For more information, see:
// https://www.unrealircd.org/docs/WebSocket_support
loadmodule "websocket";
// This module will detect and stop spam containing characters of
// This adds support for WHOX
// This is currently experimental!
loadmodule "m_whox";
// This module will detect and stop spam containing of characters of
// mixed "scripts", where (for example) some characters are in
// Latin script and other characters are in Cyrillic script.
loadmodule "antimixedutf8";
@if module-loaded("antimixedutf8")
set {
antimixedutf8 {
/* Take action at this 'score' (lower = more sensitive)
*
* A score of 2 or 3 will catch a lot but also
* catch innocent users who are not using a pure
* Latin script, such as Russian people who
* commonly use a mix of Latin and Cyrillic.
*
* A score of 8 is a safe default.
/* Take action at this 'score'.
* 10 is a good and safe default.
*/
score 8;
score 10;
/* Action to take, see:
* https://www.unrealircd.org/docs/Actions
@@ -172,78 +163,97 @@ set {
ban-action block;
/* Block/kill/ban reason (sent to user) */
ban-reason "Mixed character spam";
ban-reason "Possible mixed character spam";
/* Duration of ban (does not apply to block/kill) */
ban-time 4h; // For other types
};
};
/* Except these users - see
* https://www.unrealircd.org/docs/Mask_item for options.
// This provides an authentication prompt if a user is forced to
// authenticate due to a 'require authentication' block or for
// some other reason. It tells them to use SASL or type /AUTH user:pass
// See also the following article for more general information:
// https://www.unrealircd.org/docs/Authentication
// NOTE: This feature is currently experimental.
loadmodule "authprompt";
set {
authentication-prompt {
/* Enabled or not? */
enabled yes;
message "The server requires clients from this IP address to authenticate with a registered nickname and password.";
message "Please reconnect using SASL, or authenticate now by typing: /QUOTE AUTH nick:password";
/* As you can see you can have multiple 'message' items.
* It may be useful to refer to a webpage for more
* information and/or where users can register their nick.
*/
//commented out by default:
//except {
// security-group known-users;
// webirc yes;
//}
}
}
@endif
// This module will add support for /EXTJWT command,
// used for generating authorization tokens for external services.
// The feature is based on a specification described here:
// https://github.com/ircv3/ircv3-specifications/pull/341
// Please create your configuration block based on the example below.
// Do not uncomment the example.
//
// Supported JWT methods: NONE (not recommended), HS256, HS384, HS512,
// ES256, ES384, ES512, RS256, RS384, RS512
// Method NONE does not use any cryptography to sign the token. This
// is only useful for checking whether the service works when initially
// setting it up. HS* methods use a password that must be shared with
// the verification service. ES* and RS* methods use public-private key
// pairs, so the verification service, knowing your public key, can't
// generate own valid tokens.
//
// For methods requiring a key, place it in your "conf" directory.
//
// Use following shell commands to create keys if needed:
// To generate RS256, RS384 or RS512 private key (for UnrealIRCd):
// openssl genrsa -out privkey.pem 4096
// To generate matching public key (for the external service to verify
// the token):
// openssl rsa -in privkey.pem -pubout > pubkey.pem
//
// To generate ES256, ES384 or ES512 private key (for UnrealIRCd):
// openssl ecparam -genkey -name secp521r1 -noout -out privkey.pem
// To generate matching public key (for the external service to verify
// the token):
// openssl ec -in privkey.pem -pubout -out pubkey.pem
//
// In all cases, substitute your preferred file names for "pubkey.pem"
// and "privkey.pem".
//fail-message "Authentication failed";
/* Multiple fail-message lines are also supported */
};
};
// If you use the authprompt module then you may want to raise the
// timeout in which users must complete the handshake.
// By uncommenting the following, you can raise it from 30 to 60 seconds:
// set { handshake-timeout 60s; };
//loadmodule "extjwt";
//extjwt {
// /* The configuration below is used when no service name is
// * provided by the user command.
// */
// method "HS256"; /* described above */
// expire-after 30; /* seconds */
// secret "somepassword"; /* required for HS* methods */
// /* Optional service blocks for generating different tokens.
// * Add as many of these as you need.
// */
// service "service1" {
// method "ES512";
// //secret "anotherpassword"; /* required for HS* method */
// key "es512.pem"; /* required for ES* and RS* methods */
// //verify-url 'https://example.com/verify/?t=%s'; /* URL for your validation service - optional; use single quotes here! */
// expire-after 60; /* seconds, will be inherited from main if not given */
// };
// /* Another service block. */
// service "service2" {
// method "RS256";
// key "RS256.pem";
// };
//};
/*
* The following will configure connection throttling of "unknown users".
*
* When UnrealIRCd detects a high number of users connecting from IP addresses
* that have not been seen before, then connections from new IP's are rejected
* above the set rate. For example at 10:60 only 10 users per minute can connect
* that have not been seen before. Known IP addresses can always get in,
* regardless of the set rate. Same for users who login using SASL.
*
* See also https://www.unrealircd.org/docs/Connthrottle
* Or just keep reading the default configuration below:
*/
loadmodule "reputation";
loadmodule "connthrottle";
set {
connthrottle {
/* First we must configure what we call "known users".
* By default these are users on IP addresses that have
* a score of 24 or higher. A score of 24 means that the
* IP was connected to this network for at least 2 hours
* in the past month (or minimum 1 hour if registered).
* The sasl-bypass option is another setting. It means
* that users who authenticate to services via SASL
* are considered known users as well.
* Users in the "known-users" group (either by reputation
* or by SASL) are always allowed in by this module.
*/
known-users {
minimum-reputation-score 24;
sasl-bypass yes;
};
/* New users are all users that do not belong in the
* known-users group. They are considered "new" and in
* case of a high number of such new users connecting
* they are subject to connection rate limiting.
* By default the rate is 20 new local users per minute
* and 30 new global users per minute.
*/
new-users {
local-throttle 20:60;
global-throttle 30:60;
};
/* This configures when this module will NOT be active.
* The default settings will disable the module when:
* - The reputation module has been running for less than
* a week. If running less than 1 week then there is
* insufficient data to consider who is a "known user".
* - The server has just been booted up (first 3 minutes).
*/
disabled-when {
reputation-gathering 1w;
start-delay 3m;
};
};
};
doc/conf/modules.sources.list
-21
View File
@@ -1,21 +0,0 @@
#
# This file contains the list of repositories that are used
# by the './unrealircd module' command.
# Note that 3rd party modules are NOT written by the UnrealIRCd team.
# Use such modules at your own risk. In case of problems, contact
# the module author. For more information, see:
# https://www.unrealircd.org/docs/Module_manager
#
#
# This is the unrealircd-contrib repository which is added by default in
# UnrealIRCd to make it easy for users to install 3rd party modules.
# If you are a module coder and want to add your module to this repository
# as well, then read the rules and procedure at:
# https://www.unrealircd.org/docs/Rules_for_3rd_party_modules_in_unrealircd-contrib
#
https://modules.unrealircd.org/modules.list
# You can add more repositories here. However, do note that all
# URLs MUST start with https://
doc/conf/operclass.default.conf
+44 -48
View File
@@ -13,7 +13,7 @@
* Instead, if you want to change the permissions in an operclass block,
* you should copy the definition, or this entire file, to either your
* unrealircd.conf or some other file (eg: operclass.conf) that you
* will include from your unrealircd.conf.
* you will include from your unrealircd.conf.
* Then edit it, and while doing so don't forget to change the name
* of your custom operclass block(s), so operclass <name>.
*/
@@ -22,123 +22,119 @@
operclass locop {
permissions {
chat;
channel { operonly; override { flood; } }
client { see; }
channel { operonly; override { flood; }; };
client { see; };
immune;
self { getbaddcc; opermodes; set; }
server { opermotd; info; close; module; dns; rehash { local; } }
route { local; }
kill { local; }
self;
server { opermotd; info; close; module; dns; rehash; };
route { local; };
kill { local; };
server-ban {
kline;
zline { local; }
}
}
}
zline { local; };
};
};
};
/* Global IRC Operator */
operclass globop {
permissions {
chat;
channel { operonly; see; override { flood; } }
channel { operonly; see; override { flood; }; };
client;
immune;
self { getbaddcc; opermodes; set; }
self;
server { opermotd; info; close; module; dns; rehash;
remote; tsctl { view; } }
remote; tsctl { view; }; };
route;
kill;
server-ban { dccdeny; shun; zline; kline; gline; }
}
}
server-ban { dccdeny; shun; zline; kline; gline; };
};
};
/* Server administrator */
operclass admin {
permissions {
chat;
channel { operonly; see; override { flood; } }
channel { operonly; see; override { flood; }; };
client;
immune;
self { getbaddcc; opermodes; set; }
self;
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; } }
addomotd; tsctl { view; }; };
route;
kill;
server-ban;
}
}
};
};
/* Services Admin */
operclass services-admin {
permissions {
chat;
channel { operonly; see; override { flood; } }
channel { operonly; see; override { flood; }; };
client;
immune;
self { getbaddcc; opermodes; set; }
self;
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl { view; } }
addomotd; tsctl { view; }; };
route;
kill;
server-ban;
sacmd;
services;
}
}
};
};
/* Network Administrator */
operclass netadmin {
permissions {
chat;
channel { operonly; see; override { flood; } }
channel { operonly; see; override { flood; }; };
client;
immune;
self { getbaddcc; opermodes; set; }
self;
server { opermotd; info; close; module; dns; rehash;
remote; description; addmotd;
addomotd; tsctl; }
addomotd; tsctl; };
route;
kill;
server-ban;
sacmd;
services;
}
}
};
};
/* Same as 'globop' operclass, but with OperOverride capabilities added */
operclass globop-with-override {
parent globop;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
channel { operonly; see; override; };
};
};
/* Same as 'admin' operclass, but with OperOverride capabilities added */
operclass admin-with-override {
parent admin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
channel { operonly; see; override; };
};
};
/* Same as 'services-admin' operclass, but with OperOverride capabilities added */
operclass services-admin-with-override {
parent services-admin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
channel { operonly; see; override; };
};
};
/* Same as 'netadmin' operclass, but with OperOverride capabilities added */
operclass netadmin-with-override {
parent netadmin;
permissions {
channel { operonly; see; override; }
self { getbaddcc; opermodes; set; unkickablemode; }
}
}
channel { operonly; see; override; };
};
};
doc/conf/rpc-class.default.conf
-39
View File
@@ -1,39 +0,0 @@
/* This file defines a number of default rpc-class blocks which you can
* use in your rpc-user blocks (via rpc-user::rpc-class).
*
* This file is normally included via rpc.modules.default.conf, or you
* can do so from your unrealircd.conf through:
* include "rpc-class.default.conf";
*
* The rpc-class block is documented at:
* https://www.unrealircd.org/docs/Rpc-class_block
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to tweak rpc-class { } blocks, simply define your own
* and optionally use 'parent read-only' or the like if you want to inherit.
* Do not edit the build-in rpc-classes from below ('full' and 'read-only').
*/
rpc-class full {
permissions {
all;
}
}
rpc-class read-only {
permissions {
rpc;
stats;
log;
user { list; get; }
whowas { get; }
server { list; get; }
channel { list; get; }
server_ban { list; get; }
server_ban_exception { list; get; }
spamfilter { list; get; }
name_ban { list; get; }
}
}
doc/conf/rpc.modules.default.conf
-65
View File
@@ -1,65 +0,0 @@
/* This file will load all UnrealIRCd modules needed for JSON-RPC,
* this allows remote (web) endpoints to query and control UnrealIRCd.
* To actually use it, you would also need one or more rpc-user blocks
* and one or more special listen blocks, see the documentation at
* https://www.unrealircd.org/docs/JSON-RPC.
*
* You can include this file from your unrealircd.conf, using:
* include "rpc.modules.default.conf";
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize the modules to load you have two options:
* 1) Keep the include for rpc.modules.default.conf as usual and make use
* of blacklist-module "xyz"; to selectively disable modules.
* See https://www.unrealircd.org/docs/Blacklist-module_directive
* 2) OR, make a copy of this file (eg: name it rpc.modules.custom.conf)
* and edit it. Then include that file from your unrealircd.conf
* instead of this one.
* The downside of option #2 is that you will need to track changes
* in the original rpc.modules.default.conf with each new UnrealIRCd
* release to make sure you don't miss any new functionality (as new
* important modules may be added you need to add them to your conf).
* You don't have this problem with option #1.
*/
/* The RPC modules are loaded in modules.default.conf nowadays,
* so we only need to load the web server and add the default
* local RPC UNIX socket socket.
*/
/* These are required for RPC to work */
loadmodule "webserver";
loadmodule "websocket_common";
/* And a RPC listen socket */
@if !defined($NO_DEFAULT_RPC_SOCKET)
listen {
file "rpc.socket";
options { rpc; }
}
@endif
/* And a memory log block */
@if !defined($NO_DEFAULT_LOG_MEMORY_BLOCK)
log {
source {
all;
!debug;
!join.LOCAL_CLIENT_JOIN;
!join.REMOTE_CLIENT_JOIN;
!part.LOCAL_CLIENT_PART;
!part.REMOTE_CLIENT_PART;
!kick.LOCAL_CLIENT_KICK;
!kick.REMOTE_CLIENT_KICK;
}
destination {
memory {
max-lines 1000;
max-time 7d;
}
}
}
@endif
/* Also load the default rpc-class { } blocks */
include "rpc-class.default.conf";
doc/conf/snomasks.default.conf
-270
View File
@@ -1,270 +0,0 @@
/* Default snomask configuration.
*
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
* If you want to customize it, make a copy of this file
* (eg: name it snomasks.custom.conf) and edit it.
* Then include that file from your unrealircd.conf instead of this one.
*/
/* Server bans snomask - 'b' */
log {
source {
tkl.BAN_REALNAME;
tkl.TKL_ADD;
tkl.TKL_DEL;
tkl.TKL_ADD_TEMPSHUN;
tkl.TKL_DEL_TEMPSHUN;
tkl.TKL_EXPIRE;
tkl.RMTKL_COMMAND;
}
destination {
snomask b;
}
}
/* Blacklist snomask: 'B' */
log {
source {
blacklist;
}
destination {
snomask B;
}
}
/* Local client connects snomask - 'c' */
log {
source {
connect.LOCAL_CLIENT_CONNECT;
connect.LOCAL_CLIENT_DISCONNECT;
}
destination {
snomask c;
}
}
/* Remote client connects snomask - 'C' */
log {
source {
connect.REMOTE_CLIENT_CONNECT;
connect.REMOTE_CLIENT_DISCONNECT;
}
destination {
snomask C;
}
}
/* DCC rejections snomask - 'd' */
log {
source {
dcc;
}
destination {
snomask d;
}
}
/* Debug snomask (not recommended) - 'D' */
log {
source {
debug;
}
destination {
snomask D;
}
}
/* Floods snomask - 'f' */
log {
source {
flood;
}
destination {
snomask f;
}
}
/* Join, parts, kicks - 'j' */
log {
source {
join.LOCAL_CLIENT_JOIN;
join.REMOTE_CLIENT_JOIN;
part.LOCAL_CLIENT_PART;
part.REMOTE_CLIENT_PART;
kick.LOCAL_CLIENT_KICK;
kick.REMOTE_CLIENT_KICK;
}
destination {
snomask j;
}
}
/* Kill snomask */
log {
source {
kill;
}
destination {
snomask k;
}
}
/* Local nick changes snomask - 'n' */
log {
source {
nick.LOCAL_NICK_CHANGE;
}
destination {
snomask n;
}
}
/* Remote nick changes snomask - 'N' */
log {
source {
nick.REMOTE_NICK_CHANGE;
}
destination {
snomask N;
}
}
/* Deny nick (QLINE) rejections snomask - 'q' */
log {
source {
nick.QLINE_NICK_LOCAL_ATTEMPT;
nick.QLINE_NICK_REMOTE;
}
destination {
snomask q;
}
}
/* Spamfilter hits snomask - 'S' */
log {
source {
tkl.SPAMFILTER_MATCH;
}
destination {
snomask S;
}
}
/* IRCOp overriding in channels (OperOverride) - 'o' */
log {
source {
operoverride;
}
destination {
snomask o;
}
}
/* IRCOp changing user properties or forcing users to do things - 'O' */
log {
source {
chgcmds;
sacmds;
}
destination {
snomask O;
}
}
/* VHOST usage - 'v' */
log {
source {
vhost;
}
destination {
snomask v;
}
}
/* JSON-RPC usage - 'R' */
log {
source {
rpc;
}
destination {
snomask R;
}
}
/* Spam reports - 'r' */
log {
source {
spamreport;
}
destination {
snomask r;
}
}
/* Connection-limit rejections (maxperip / connthrottle) - 'x' */
log {
source {
connthrottle.CONNTHROTTLE_IPV6_LIMIT;
maxperip.MAXPERIP_LIMIT;
}
destination {
snomask x;
}
}
/* Snomask s (server notices) - the "catch all" snomask for all other things */
log {
source {
link;
oper;
!debug;
nomatch;
}
destination {
snomask s;
}
}
/* These log sources are sent to all servers (globally).
* These are generally two categories:
* 1) Things that affect the network as a whole, eg linking
* 2) Things that otherwise cannot be logged by a remote server
* that may interest ircops. Eg: a spamfilter match,
* since that would otherwise not be propagated.
*/
log {
source {
/* All link messages affect the network so
* these should be global. Except for the
* link connecting... and timeout while
* connecting.. messages, which can be noisy.
*/
link;
!link.LINK_CONNECTING;
!link.LINK_CONNECT_TIMEOUT;
!link.SERVER_LINKED_REMOTE;
!link.SERVER_LINKED;
/* All oper up/downs */
oper;
/* Flood messages, important to keep an eye on, network-wide */
flood;
/* TEMPSHUN: these are otherwise missing for snomask 'b' */
tkl.TKL_ADD_TEMPSHUN;
tkl.TKL_DEL_TEMPSHUN;
/* Spamfilter matches: needed for snomask 'S' */
tkl.SPAMFILTER_MATCH;
/* Critical issue: */
tls.TLS_CERT_EXPIRING;
/* SAMODE: needed for snomask 'o' */
samode.SAMODE_COMMAND;
/* Blacklist hits */
blacklist;
/* Central blocklist hits and errors */
central-blocklist;
/* Never any debug messages */
!debug;
}
destination {
remote;
}
}
doc/conf/spamfilter.conf
+31 -31
View File
@@ -10,13 +10,13 @@
* https://www.unrealircd.org/docs/Spamfilter
*/
/* General notes:
* 1) We use match 'xyz' instead of match "xyz". When using single quotes
* you don't risk it being interpreted as an URL for remote includes.
* 2) If you want to use a \ in a spamfilter, or in fact anywhere in the
* configuration file, then you need to escape this to \\ instead.
/* General note:
* If you want to use a \ in a spamfilter, or in fact
* anywhere in the configuration file, then you need
* to escape this to \\ instead.
*/
/* First some spamfilters with match-type 'simple'.
* The only matchers available are * and ?
* PRO's: very fast, easy matching: everyone can do this.
@@ -25,36 +25,36 @@
spamfilter {
match-type simple;
match 'Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg';
match "Come watch me on my webcam and chat /w me :-) http://*:*/me.mpg";
target private;
action gline;
reason "Infected by fyle trojan: see http://www.sophos.com/virusinfo/analyses/trojfylexa.html";
}
};
/* This signature uses a \ which has to escaped to \\ in the configuration file */
spamfilter {
match-type simple;
match 'C:\\WINNT\\system32\\*.zip';
match "C:\\WINNT\\system32\\*.zip";
target dcc;
action block;
reason "Infected by Gaggle worm?";
}
};
spamfilter {
match-type simple;
match 'Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe';
match "Speed up your mIRC DCC Transfer by up to 75%*www.freewebs.com/mircupdate/mircspeedup.exe";
target private;
action gline;
reason "Infected by mirseed trojan: see http://www.sophos.com/virusinfo/analyses/trojmirseeda.html";
}
};
spamfilter {
match-type simple;
match 'STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R';
match "STOP SPAM, USE THIS COMMAND: //write nospam $decode(*) | .load -rs nospam | //mode $me +R";
target private;
action gline;
reason "Infected by nkie worm: see http://www.trojaninfo.com/nkie/nkie.htm";
}
};
/* Now spamfilters of type 'regex'.
@@ -68,22 +68,22 @@ spamfilter {
*/
spamfilter {
match-type regex;
match '\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}';
target { private; channel; }
match "\x01DCC (SEND|RESUME)[ ]+\"(.+ ){20}";
target { private; channel; };
action kill;
reason "mIRC 6.0-6.11 exploit attempt";
}
};
/* Similarly, this regex shows a pattern that matches
* against at least 225 characters in length.
*/
spamfilter {
match-type regex;
match '\x01DCC (SEND|RESUME).{225}';
target { private; channel; }
match "\x01DCC (SEND|RESUME).{225}";
target { private; channel; };
action kill;
reason "Possible mIRC 6.12 exploit attempt";
}
};
/* Earlier you saw an example of a $decode exploit which used
* match-type 'simple' and - indeed - the filter was quite simple.
@@ -96,48 +96,48 @@ spamfilter {
*/
spamfilter {
match-type regex;
match '^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$';
match "^Want To Be An IRCOp\? Try This New Bug Type: //write \$decode\(.+=.?,m\) \| \.load -rs \$decode\(.+=.?,m\)$";
target private;
action block;
reason "Spamming users with an mIRC trojan. Type '/unload -rs newb' to remove the trojan.";
}
};
spamfilter {
match-type regex;
match '^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!';
match "^http://www\.angelfire\.com/[a-z0-9]+/[a-z0-9]+/[a-z_]+\.jpg <- .*!";
target private;
action block;
reason "Infected by fagot worm: see http://www.f-secure.com/v-descs/fagot.shtml";
}
};
/* This shows a regex which specifically matches an entire line by
* the use of ^ and $
*/
spamfilter {
match-type regex;
match '^!login Wasszup!$';
match "^!login Wasszup!$";
target channel;
action gline;
reason "Attempting to login to a GTBot";
}
};
/* An example of how to match against an IP address in text (IPv4 only) */
spamfilter {
match-type regex;
match '^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}';
match "^!packet ([0-9]{1,3}\.){3}[0-9]{1,3} [0-9]{1,15}";
target channel;
action gline;
reason "Attempting to use a GTBot";
}
};
/* A slightly more complex example with a partial OR matcher (|) */
spamfilter {
match-type regex;
match '(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$';
match "(^wait a minute plz\. i am updating my site|.*my erotic video).*http://.+/erotic(a)?/myvideo\.exe$";
target private;
action gline;
reason "Infected by some trojan (erotica?)";
}
};
/* In regex a \ is special and needs to be escaped to \\
* However in this configuration file, \ is also special and
@@ -147,8 +147,8 @@ spamfilter {
*/
spamfilter {
match-type regex;
match 'C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip';
match "C:\\\\WINNT\\\\system32\\\\(notes|videos|xxx|ManualSeduccion|postal|hechizos|images|sex|avril)\.zip";
target dcc;
action dccblock;
reason "Infected by Gaggle worm";
}
};
doc/conf/tls/curl-ca-bundle.crt → doc/conf/ssl/curl-ca-bundle.crt
+1407 -1517
View File
File diff suppressed because it is too large Load Diff
doc/technical/005.txt
+4 -4
View File
@@ -18,14 +18,14 @@ by this server"
Currently UnrealIRCd supports several tokens that are included in numeric 005. A list of
all tokens, their respective value and a brief description are listed below.
UnrealIRCd attempts to follow the proposed ISupport standard as much as possible. UnrealIRCd
only ignores the standard in one regard, the TARGMAX token. This token is believed to be
Unreal attempts to follow the proposed ISupport standard as much as possible. Unreal only
ignores the standard in one regard, the TARGMAX token. This token is believed to be
impractical and technically impossible to correctly implement due to existing limitations
in the standard. Therefore, this token is not currently supported.
UnrealIRCd does additionally provide a few tokens which are not specified in the standard, these
Unreal does additionally provide a few tokens which are not specified in the standard, these
include: HCN, AWAYLEN, WATCH, SILENCE, EXTBAN, ELIST, CMDS, NAMESX, UHNAMES, and WATCHOPTS.
UnrealIRCd also maintains a few legacy tokens such as MAXCHANNELS and WALLCHOPS to ensure
Unreal also maintains a few legacy tokens such as MAXCHANNELS and WALLCHOPS to ensure
compatibility until the ISupport standard is more widely accepted by clients.
Token Value Default Value Description
doc/translations.txt
+1 -1
View File
@@ -1,6 +1,6 @@
==[ Translations ]===========================================================
In UnrealIRCd we support the following translations:
In UnrealIRCd 4 we support the following translations:
* on-line documentation at https://www.unrealircd.org/docs/ (wiki!)
* help.conf
* example.conf
doc/unrealircd_wiki.zim
BIN
View File
Binary file not shown.
extras/VStudioAnalyze.ruleset
-155
View File
@@ -1,155 +0,0 @@
<?xml version="1.0" encoding="utf-8"?>
<RuleSet Name="UnrealIRCd rules - based off Microsoft Native Minimum Rules" Description="These rules focus on the most critical problems in your native code, including potential security holes and application crashes. It is recommended to include this rule set in any custom rule set you create for your native projects." ToolsVersion="10.0">
<Localization ResourceAssembly="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.dll" ResourceBaseName="Microsoft.VisualStudio.CodeAnalysis.RuleSets.Strings.Localized">
<Name Resource="NativeMinimumRules_Name" />
<Description Resource="NativeMinimumRules_Description" />
</Localization>
<Rules AnalyzerId="Microsoft.Analyzers.NativeCodeAnalysis" RuleNamespace="Microsoft.Rules.Native">
<!-- Many false positives <Rule Id="C6001" Action="Warning" /> -->
<!-- Many false positives <Rule Id="C6011" Action="Warning" /> -->
<Rule Id="C6029" Action="Warning" />
<Rule Id="C6053" Action="Warning" />
<Rule Id="C6059" Action="Warning" />
<Rule Id="C6063" Action="Warning" />
<Rule Id="C6064" Action="Warning" />
<Rule Id="C6066" Action="Warning" />
<Rule Id="C6067" Action="Warning" />
<Rule Id="C6101" Action="Warning" />
<Rule Id="C6200" Action="Warning" />
<Rule Id="C6201" Action="Warning" />
<Rule Id="C6270" Action="Warning" />
<Rule Id="C6271" Action="Warning" />
<Rule Id="C6272" Action="Warning" />
<Rule Id="C6273" Action="Warning" />
<Rule Id="C6274" Action="Warning" />
<Rule Id="C6276" Action="Warning" />
<Rule Id="C6277" Action="Warning" />
<Rule Id="C6284" Action="Warning" />
<Rule Id="C6290" Action="Warning" />
<Rule Id="C6291" Action="Warning" />
<Rule Id="C6302" Action="Warning" />
<Rule Id="C6303" Action="Warning" />
<Rule Id="C6305" Action="Warning" />
<Rule Id="C6306" Action="Warning" />
<Rule Id="C6328" Action="Warning" />
<!-- <Rule Id="C6385" Action="Warning" /> more false positives -->
<!-- <Rule Id="C6386" Action="Warning" /> the analysis this one does - or lack thereof - is particularly dumb pffff -->
<!-- <Rule Id="C6387" Action="Warning" /> more null/0 false positives -->
<Rule Id="C6500" Action="Warning" />
<Rule Id="C6501" Action="Warning" />
<Rule Id="C6503" Action="Warning" />
<Rule Id="C6504" Action="Warning" />
<Rule Id="C6505" Action="Warning" />
<Rule Id="C6506" Action="Warning" />
<Rule Id="C6508" Action="Warning" />
<Rule Id="C6509" Action="Warning" />
<Rule Id="C6510" Action="Warning" />
<Rule Id="C6511" Action="Warning" />
<Rule Id="C6513" Action="Warning" />
<Rule Id="C6514" Action="Warning" />
<Rule Id="C6515" Action="Warning" />
<Rule Id="C6516" Action="Warning" />
<Rule Id="C6517" Action="Warning" />
<Rule Id="C6518" Action="Warning" />
<Rule Id="C6522" Action="Warning" />
<Rule Id="C6525" Action="Warning" />
<Rule Id="C6527" Action="Warning" />
<Rule Id="C6530" Action="Warning" />
<Rule Id="C6540" Action="Warning" />
<Rule Id="C6551" Action="Warning" />
<Rule Id="C6552" Action="Warning" />
<Rule Id="C6701" Action="Warning" />
<Rule Id="C6702" Action="Warning" />
<Rule Id="C6703" Action="Warning" />
<Rule Id="C6704" Action="Warning" />
<Rule Id="C6705" Action="Warning" />
<Rule Id="C6706" Action="Warning" />
<!-- CppCoreCheck -->
<!-- Span/View over temporary -->
<Rule Id="C26449" Action="Warning" />
<!-- Arithmetic overflow -->
<Rule Id="C26450" Action="Warning" />
<Rule Id="C26451" Action="Warning" />
<Rule Id="C26452" Action="Warning" />
<Rule Id="C26453" Action="Warning" />
<Rule Id="C26454" Action="Warning" />
<!-- Unitialized Member -->
<Rule Id="C26495" Action="Warning" />
<Rule Id="C28021" Action="Warning" />
<!-- <Rule Id="C28182" Action="Warning" /> false positives for dereferencing null ptr -->
<Rule Id="C28202" Action="Warning" />
<Rule Id="C28203" Action="Warning" />
<Rule Id="C28205" Action="Warning" />
<Rule Id="C28206" Action="Warning" />
<Rule Id="C28207" Action="Warning" />
<Rule Id="C28210" Action="Warning" />
<Rule Id="C28211" Action="Warning" />
<Rule Id="C28212" Action="Warning" />
<Rule Id="C28213" Action="Warning" />
<Rule Id="C28214" Action="Warning" />
<Rule Id="C28215" Action="Warning" />
<Rule Id="C28216" Action="Warning" />
<Rule Id="C28217" Action="Warning" />
<Rule Id="C28218" Action="Warning" />
<Rule Id="C28219" Action="Warning" />
<Rule Id="C28220" Action="Warning" />
<Rule Id="C28221" Action="Warning" />
<Rule Id="C28222" Action="Warning" />
<Rule Id="C28223" Action="Warning" />
<Rule Id="C28224" Action="Warning" />
<Rule Id="C28225" Action="Warning" />
<Rule Id="C28226" Action="Warning" />
<Rule Id="C28227" Action="Warning" />
<Rule Id="C28228" Action="Warning" />
<Rule Id="C28229" Action="Warning" />
<Rule Id="C28230" Action="Warning" />
<Rule Id="C28231" Action="Warning" />
<Rule Id="C28232" Action="Warning" />
<Rule Id="C28233" Action="Warning" />
<Rule Id="C28234" Action="Warning" />
<Rule Id="C28235" Action="Warning" />
<Rule Id="C28236" Action="Warning" />
<Rule Id="C28237" Action="Warning" />
<Rule Id="C28238" Action="Warning" />
<Rule Id="C28239" Action="Warning" />
<Rule Id="C28240" Action="Warning" />
<Rule Id="C28241" Action="Warning" />
<Rule Id="C28243" Action="Warning" />
<Rule Id="C28245" Action="Warning" />
<Rule Id="C28246" Action="Warning" />
<Rule Id="C28250" Action="Warning" />
<!-- <Rule Id="C28251" Action="Warning" /> this may be real but it's damn annoying: inconsistent annotation for function -->
<Rule Id="C28252" Action="Warning" />
<Rule Id="C28253" Action="Warning" />
<Rule Id="C28254" Action="Warning" />
<Rule Id="C28262" Action="Warning" />
<Rule Id="C28263" Action="Warning" />
<Rule Id="C28267" Action="Warning" />
<Rule Id="C28272" Action="Warning" />
<Rule Id="C28273" Action="Warning" />
<Rule Id="C28275" Action="Warning" />
<Rule Id="C28279" Action="Warning" />
<Rule Id="C28280" Action="Warning" />
<Rule Id="C28282" Action="Warning" />
<Rule Id="C28285" Action="Warning" />
<Rule Id="C28286" Action="Warning" />
<Rule Id="C28287" Action="Warning" />
<Rule Id="C28288" Action="Warning" />
<Rule Id="C28289" Action="Warning" />
<Rule Id="C28290" Action="Warning" />
<Rule Id="C28291" Action="Warning" />
<Rule Id="C28300" Action="Warning" />
<Rule Id="C28301" Action="Warning" />
<Rule Id="C28302" Action="Warning" />
<Rule Id="C28303" Action="Warning" />
<Rule Id="C28304" Action="Warning" />
<Rule Id="C28305" Action="Warning" />
<Rule Id="C28308" Action="Warning" />
<Rule Id="C28309" Action="Warning" />
<Rule Id="C28350" Action="Warning" />
<Rule Id="C28351" Action="Warning" />
</Rules>
</RuleSet>
extras/argon2-20181209.tar.gz
BIN
View File
Binary file not shown.
extras/argon2.tar.gz
BIN
View File
Binary file not shown.
extras/build-tests/nix/build
+25 -29
View File
@@ -10,41 +10,20 @@ if [ "$1" != "" ]; then
BUILDCONFIG="$*"
fi
if [[ "$OSTYPE" == "freebsd"* ]]; then
export MAKE="gmake -j4"
else
export MAKE="make -j4"
fi
# -DRAWCMDLOGGING was dropped, but can be useful for debugging
export CPPFLAGS="$CPPFLAGS -DFAKELAG_CONFIGURABLE -DNOREMOVETMP -DTESTSUITE"
# !! skipped for now: extras/build-tests/nix/select-config $BUILDCONFIG !!
# !! temporary use this:
cp extras/build-tests/nix/configs/default ./config.settings
if [ "$USE_SHIPPED_LIBS" = "1" ]; then
echo 'EXTRAPARA="--enable-werror --without-system-pcre2 --without-system-argon2 --without-system-sodium --without-system-cares --without-system-jansson"' >>config.settings
fi
# If SSLDIR is set the environment, this overrides config.settings
# Used for example in the openssl3 build tests.
if [ "$SSLDIR" != "" ]; then
echo 'SSLDIR="'"$SSLDIR"'"' >>config.settings
fi
export MAKE="make -j3"
export CPPFLAGS="-DFAKELAG_CONFIGURABLE"
extras/build-tests/nix/select-config $BUILDCONFIG
# Read config.settings, this makes a couple of variables available to us.
. ./config.settings
if [ "$SSLDIR" != "" ]; then
# In case we build local openssl/libressl
export LD_LIBRARY_PATH="$SSLDIR/lib"
fi
./Config -quick || (tail -n 5000 config.log; exit 1)
./Config -quick || (tail -n 5000 config.log; echo '*** now tre:'; tail -n 5000 extras/tre-0.8.0-git/config.log; echo '** end of tre config.log **'; exit 1)
$MAKE
(echo 'Y'; yes '')|./unrealircd mkcert
$MAKE || exit 1
$MAKE install || exit 1
./unrealircd module install third/dumpcmds || exit 1
yes ''|make pem
make install
set +x
echo ""
@@ -58,5 +37,22 @@ else
ldd ~/unrealircd/bin/unrealircd
fi
# This was only the 'building' part, so give a hint...
echo "You can now run extras/build-tests/nix/run-tests"
if [ "$BUILDCONFIG" = "local-curl" ]; then
# We broke the system significantly earlier that build tests
# won't work (eg: 'git' is uninstallable). Don't bother
# running the tests. I don't expect a 'local-curl' specific
# bug anyway.
exit 0
fi
if [[ "$OSTYPE" == "darwin"* ]]; then
# 'rake' doesn't work. have to figure that one out..
echo "Not running test on OS X for now"
exit 0
fi
echo ""
echo ""
#echo "Now running UnrealIRCd test framework..."
#set -x
#extras/build-tests/nix/run-tests
extras/build-tests/nix/configs/default
+10 -11
View File
@@ -1,9 +1,3 @@
# These are the settings saved from running './Config'.
# Note that it is not recommended to edit config.settings by hand!
# Chances are you misunderstand what a variable does or what the
# supported values are. You better just re-run the ./Config script
# and answer appropriately there, to get a correct config.settings
# file.
#
BASEPATH=$HOME/unrealircd
BINDIR=$HOME/unrealircd/bin
@@ -14,17 +8,22 @@ LOGDIR=$HOME/unrealircd/logs
CACHEDIR=$HOME/unrealircd/cache
DOCDIR=$HOME/unrealircd/doc
TMPDIR=$HOME/unrealircd/tmp
PRIVATELIBDIR=$HOME/unrealircd/lib
MAXCONNECTIONS_REQUEST="auto"
LIBDIR=$HOME/unrealircd/lib
PREFIXAQ="1"
MAXSENDQLENGTH="3000000"
MAXCONNECTIONS="1024"
NICKNAMEHISTORYLENGTH="2000"
GEOIP="classic"
DEFPERM="0600"
SSLDIR=""
REMOTEINC=""
CURLDIR=""
SHOWLISTMODES="1"
TOPICNICKISNUH=""
SHUNNOTICES=""
NOOPEROVERRIDE=""
DISABLEUSERMOD=""
OPEROVERRIDEVERIFY=""
DISABLEEXTBANSTACKING=""
GENCERTIFICATE="0"
SANITIZER="asan"
EXTRAPARA="--enable-werror"
#EXTRAPARA="--enable-werror"
ADVANCED=""
extras/build-tests/nix/hardening-check.sh
-100
View File
@@ -1,100 +0,0 @@
#!/bin/bash
# hardening-check.sh <ircd_dir>
# Example: ./hardening-check.sh ~/unrealircd
# Exit codes: 0 = pass, 1 = fail
#
# This is used by BuildBot to make sure we use RELRO and CFI and such.
# Requirements: 'checksec' and 'readelf'
# It is AI-generated code (Claude Opus 4.6) but seems to work well,
# also verified to fail with a deliberately "bad" library.
# We only check libraries that we control, not system libs that are
# out of our control. Similarly, FreeBSD doesn't support CFI (CET)
# at the moment so we ignore it there, again.. out of our control.
if [ -z "$1" ]; then
echo "Usage: $0 <unrealircd-directory>"
exit 1
fi
IRCD_DIR="$1"
FAIL=0
# Collect all binaries to check
files=("$IRCD_DIR/bin/unrealircd")
while IFS= read -r f; do
files+=("$f")
done < <(find "$IRCD_DIR/lib" -name '*.so*' -type f)
# --- checksec: Full RELRO, Canary, NX, FORTIFY ---
for f in "${files[@]}"; do
out=$(checksec --format=csv --file="$f" 2>/dev/null)
name=$(basename "$f")
if ! echo "$out" | grep -qi "Full RELRO"; then
echo "FAIL: $name — missing Full RELRO"
FAIL=1
fi
if ! echo "$out" | grep -qi "Canary found"; then
echo "FAIL: $name — missing stack canary"
FAIL=1
fi
if ! echo "$out" | grep -qi "NX enabled"; then
echo "FAIL: $name — missing NX"
FAIL=1
fi
# FORTIFY column: check for "Yes" but not in other fields
fortify=$(echo "$out" | awk -F',' '{print $8}')
if [ "$fortify" != "Yes" ]; then
echo "WARN: $name — no FORTIFY (may be OK for small libs)"
fi
done
# --- CFI: CET on x86_64, BTI/PAC on aarch64 (Linux only) ---
if [ "$(uname -s)" = "Linux" ]; then
ARCH=$(uname -m)
if [ "$ARCH" = "x86_64" ]; then
for f in "${files[@]}"; do
name=$(basename "$f")
props=$(readelf -n "$f" 2>/dev/null | grep "x86 feature:")
if [ -z "$props" ]; then
echo "FAIL: $name — no CET property note"
FAIL=1
else
if ! echo "$props" | grep -q "IBT"; then
echo "FAIL: $name — missing IBT"
FAIL=1
fi
if ! echo "$props" | grep -q "SHSTK"; then
echo "FAIL: $name — missing SHSTK"
FAIL=1
fi
fi
done
elif [ "$ARCH" = "aarch64" ]; then
for f in "${files[@]}"; do
name=$(basename "$f")
props=$(readelf -n "$f" 2>/dev/null | grep "aarch64 feature:")
if [ -z "$props" ]; then
echo "FAIL: $name — no BTI/PAC property note"
FAIL=1
else
if ! echo "$props" | grep -q "BTI"; then
echo "FAIL: $name — missing BTI"
FAIL=1
fi
if ! echo "$props" | grep -q "PAC"; then
echo "FAIL: $name — missing PAC"
FAIL=1
fi
fi
done
fi
fi
if [ "$FAIL" -eq 1 ]; then
echo "HARDENING CHECK FAILED"
exit 1
else
echo "All hardening checks passed."
exit 0
fi
extras/build-tests/nix/run-tests
+49 -28
View File
@@ -9,35 +9,56 @@ set -e
# Verbose:
set -x
# Kill old instances
killall -9 unrealircd || true
# Install 'unrealircd-tests'
rm -rf unrealircd-tests/
git clone -q --branch unreal60 https://github.com/unrealircd/unrealircd-tests.git unrealircd-tests
cd unrealircd-tests
# FreeBSD has various issues with the tests from us and others,
# better set a flag to keep it simple:
if uname -a|grep -q FreeBSD; then
NOSERVICES=1
fi
# Run the test framework, testing both services:
if [ "$NOSERVICES" = 1 ]; then
./run -services none $RUNTESTFLAGS || exit 1
# Install packages
if [[ "$OSTYPE" == "darwin"* ]]; then
brew install git || true
brew install python || true
gem install bundler || true
gem install rake || true
gem install rspec || true
else
# Linux tests both with anope and atheme services:
./run -services anope $RUNTESTFLAGS || exit 1
./run -services atheme $RUNTESTFLAGS || exit 1
sudo apt-get install git python rake -y
gem install bundler -v "~>1.0"
fi
# Database writing/reading tests
## unencrypted:
./run -services none -boot tests/db/writing/* || exit 1
./run -services none -keepdbs -boot tests/db/reading/* || exit 1
## encrypted:
./run -services none -include db_crypted.conf -boot tests/db/writing/* || exit 1
./run -services none -include db_crypted.conf -keepdbs -boot tests/db/reading/* || exit 1
# Install 'ircfly'
git clone -q https://github.com/unrealircd/ircfly.git
cd ircfly
bundle install
bundle exec rake build
if [[ "$OSTYPE" == "darwin"* ]]; then
bundle exec rake install
else
sudo rake install
fi
cd ..
echo "If you also want to run the SSL/TLS tests, see extras/tests/tls/tls-tests"
# Install 'cipherscan'
git clone -q https://github.com/mozilla/cipherscan
# Install 'unrealircd-tests-old'
git clone -q https://github.com/unrealircd/unrealircd-tests-old.git
cd unrealircd-tests-old
bundle install
mv config.yaml.example config.yaml
# Start the IRC servers
cp ircdconfig/* ~/unrealircd/conf/
cd ~/unrealircd
bin/unrealircd -f hub.conf
bin/unrealircd -f irc1.conf
bin/unrealircd -f irc2.conf
cd -
# Do cipherscan test
sleep 2
cd ../extras/tests/tls
./tls-tests
cd -
# Back in unrealircd-tests-old, run the tests!
if [[ "$OSTYPE" == "darwin"* ]]; then
bundle exec rake
else
rake
fi
extras/build-tests/nix/run-tests.bbwrapper
-16
View File
@@ -1,16 +0,0 @@
#!/bin/bash
#
# This is a simple wrapper script that will run the tests
# When finished, either due to succes or failure,
# it will kill the ircd
#
# Also, it makes sure the job times out (is killed)
# in case it misbehaves
#
set +ex
timeout --kill-after=5 900 bash -c '
extras/build-tests/nix/run-tests
EX="$?"
killall -9 valgrind valgrind.bin memcheck memcheck-amd64-linux memcheck-x86-linux ircd unrealircd val 1>/dev/null 2>&1
exit $EX'
exit $?
extras/build-tests/nix/select-config
+1 -1
View File
@@ -25,7 +25,7 @@ function build_ssl {
}
if [ ! -d extras ]; then
echo "This tool is supposed to be run from the source root, so ~/unrealircd-5.0.x or similar"
echo "This tool is supposed to be run from the source root, so ~/unrealircd-4.2.x or similar"
exit 1
fi
extras/build-tests/windows/build.bat
+25 -89
View File
@@ -1,65 +1,42 @@
echo on
rem Temporarily hardcoded:
set TARGET=Visual Studio 2019
set SHORTNAME=vs2019
rem Build script for appveyor
rem Initialize Visual Studio variables
if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars64.bat"
if "%TARGET%" == "Visual Studio 2019" call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Auxiliary\Build\vcvars64.bat"
if "%TARGET%" == "Visual Studio 2017" call "C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Auxiliary\Build\vcvars32.bat"
rem Installing tools
rem only for appveyor:
rem cinst unrar -y
rem cinst unzip -y
rem cinst innosetup -y
cinst unrar -y
cinst unzip -y
cinst innosetup -y
curl -fsS -o dlltool.exe https://www.unrealircd.org/files/dev/win/dlltool.exe
rem Installing UnrealIRCd dependencies
cd \projects
mkdir unrealircd-6-libs
cd unrealircd-6-libs
curl -fsS -o unrealircd-libraries-6-devel.zip https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-6-devel.zip
unzip unrealircd-libraries-6-devel.zip
copy dlltool.exe \users\user\worker\unreal6-w10\build /y
mkdir unrealircd-deps
cd unrealircd-deps
curl -fsS -o SetACL.exe https://www.unrealircd.org/files/dev/win/SetACL.exe
curl -fsS -o unrealircd-libraries-devel.zip https://www.unrealircd.org/files/dev/win/libs/unrealircd-libraries-devel.zip
unzip unrealircd-libraries-devel.zip
rem for appveyor, use: cd \projects\unrealircd
cd \users\user\worker\unreal6-w10\build
rem Install 'unrealircd-tests'
cd ..
rd /q/s unrealircd-tests
git clone -q --branch unreal60 https://github.com/unrealircd/unrealircd-tests.git unrealircd-tests
if %ERRORLEVEL% NEQ 0 EXIT /B 1
cd build
cd \projects\unrealircd
rem Now the actual build
rem - First this, otherwise JOM will fail
IF NOT EXIST src\version.c nmake -f Makefile.windows CONF
rem - Then build most of UnrealIRCd.exe etc
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat UNREALSVC.EXE UnrealIRCd.exe unrealircdctl.exe
rem - It will fail due to missing symbolfile, which we create here..
rem it needs to run with SLOW=1 because JOM doesn't understand things otherwise..
SET SLOW=1
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat SYMBOLFILE
SET SLOW=0
rem - Then we finalize building UnrealIRCd.exe: should be no error
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat UNREALSVC.EXE UnrealIRCd.exe unrealircdctl.exe
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem - Build all the modules (DLL files): should be no error
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat MODULES
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
rem The above command will fail, due to missing symbol file
rem However the symbol file can only be generated after the above command
rem So... we create the symbolfile...
nmake -f makefile.win32 SYMBOLFILE
rem And we re-run the exact same command:
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem Compile dependencies for unrealircd-tests -- this doesn't belong here though..
copy ..\unrealircd-tests\serverconfig\unrealircd\modules\fakereputation.c src\modules\third /Y
call extras\build-tests\windows\compilecmd\%SHORTNAME%.bat CUSTOMMODULE MODULEFILE=fakereputation
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem Convert c:\dev to c:\projects\unrealircd-6-libs
rem Convert c:\dev to c:\projects\unrealircd-deps
rem TODO: should use environment variable in innosetup script?
sed -i "s/c:\\dev\\unrealircd-6-libs/c:\\projects\\unrealircd-6-libs/gi" src\windows\unrealinst.iss
sed -i "s/c:\\\\dev/c:\\\\projects\\\\unrealircd-deps/gi" src\win32\unrealinst.iss
rem Build installer file
"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\windows\unrealinst.iss
"c:\Program Files (x86)\Inno Setup 5\iscc.exe" /Q- src\win32\unrealinst.iss
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem Show some proof
@@ -67,47 +44,6 @@ ren mysetup.exe unrealircd-dev-build.exe
dir unrealircd-dev-build.exe
sha256sum unrealircd-dev-build.exe
rem Kill any old instances, just to be sure
taskkill -im unrealircd.exe -f
sleep 2
rem Just a safety measure so we don't end up testing
rem some old version...
del "C:\Program Files\UnrealIRCd 6\bin\unrealircd.exe"
echo Running installer...
start /WAIT unrealircd-dev-build.exe /VERYSILENT /LOG=setup.log
if %ERRORLEVEL% NEQ 0 goto installerfailed
rem Upload artifact
rem appveyor PushArtifact unrealircd-dev-build.exe
rem if %ERRORLEVEL% NEQ 0 EXIT /B 1
cd ..\unrealircd-tests
dir
rem All tests except db:
"C:\Program Files\Git\bin\bash.exe" ./runwin
appveyor PushArtifact unrealircd-dev-build.exe
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem Test unencrypted db's:
"C:\Program Files\Git\bin\bash.exe" ./runwin -boot tests/db/writing/*
if %ERRORLEVEL% NEQ 0 EXIT /B 1
"C:\Program Files\Git\bin\bash.exe" ./runwin -keepdbs -boot tests/db/reading/*
if %ERRORLEVEL% NEQ 0 EXIT /B 1
rem Test encrypted db's:
"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -boot tests/db/writing/*
if %ERRORLEVEL% NEQ 0 EXIT /B 1
"C:\Program Files\Git\bin\bash.exe" ./runwin -include db_crypted.conf -keepdbs -boot tests/db/reading/*
if %ERRORLEVEL% NEQ 0 EXIT /B 1
goto end
:installerfailed
type setup.log
echo INSTALLATION FAILED
EXIT /B 1
:end
extras/build-tests/windows/compilecmd/vs2017.bat
+21
View File
@@ -0,0 +1,21 @@
rem Build command for Visual Studio 2017
nmake -f makefile.win32 ^
LIBRESSL_INC_DIR="c:\projects\unrealircd-deps\libressl\include" ^
LIBRESSL_LIB_DIR="c:\projects\unrealircd-deps\libressl\lib" ^
SSLLIB="crypto-44.lib ssl-46.lib" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-deps\curl-ssl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-deps\curl-ssl\builds\libcurl-vc-x86-release-dll-ssl-dll-ipv6-sspi-obj-lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-deps\c-ares\msvc\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-deps\c-ares" ^
CARESLIB="cares.lib" ^
TRE_LIB_DIR="c:\projects\unrealircd-deps\tre\win32\release" ^
TRE_INC_DIR="c:\projects\unrealircd-deps\tre" ^
TRELIB="tre.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-deps\pcre2\include" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-deps\pcre2\lib" ^
PCRE2LIB="pcre2-8.lib" ^
ARGON2_LIB_DIR="c:\projects\unrealircd-deps\argon2\vs2015\build" ^
ARGON2_INC_DIR="c:\projects\unrealircd-deps\argon2\include" ^
ARGON2LIB="Argon2RefDll.lib" %*
extras/build-tests/windows/compilecmd/vs2019.bat
-40
View File
@@ -1,40 +0,0 @@
rem Build command for Visual Studio 2019
rem Default to quick parallel builds
SET BUILDCOMMAND="jom"
SET BUILDARGS="/j32"
IF NOT %SLOW%. == 1. goto cont
rem In case of SET SLOW=1 we use slow nmake
SET BUILDCOMMAND="nmake"
SET BUILDARGS=""
:cont
echo BUILDCOMMAND IS: %BUILDCOMMAND%
echo BUILDARGS IS: %BUILDARGS%
%BUILDCOMMAND% %BUILDARGS% -f makefile.windows ^
SSL_INC_DIR="c:\projects\unrealircd-6-libs\openssl\include" ^
SSL_LIB_DIR="c:\projects\unrealircd-6-libs\openssl\lib" ^
SSLLIB="libcrypto.lib libssl.lib" ^
USE_REMOTEINC=1 ^
LIBCURL_INC_DIR="c:\projects\unrealircd-6-libs\curl\include" ^
LIBCURL_LIB_DIR="c:\projects\unrealircd-6-libs\curl\lib" ^
CARES_LIB_DIR="c:\projects\unrealircd-6-libs\c-ares\msvc\cares\dll-release" ^
CARES_INC_DIR="c:\projects\unrealircd-6-libs\c-ares\include" ^
CARESLIB="cares.lib" ^
PCRE2_INC_DIR="c:\projects\unrealircd-6-libs\pcre2\include" ^
PCRE2_LIB_DIR="c:\projects\unrealircd-6-libs\pcre2\lib" ^
PCRE2LIB="pcre2-8.lib" ^
ARGON2_LIB_DIR="c:\projects\unrealircd-6-libs\argon2\vs2015\build" ^
ARGON2_INC_DIR="c:\projects\unrealircd-6-libs\argon2\include" ^
ARGON2LIB="Argon2RefDll.lib" ^
SODIUM_LIB_DIR="c:\projects\unrealircd-6-libs\libsodium\bin\x64\Release\v142\dynamic" ^
SODIUM_INC_DIR="c:\projects\unrealircd-6-libs\libsodium\src\libsodium\include" ^
SODIUMLIB="libsodium.lib" ^
JANSSON_LIB_DIR="c:\projects\unrealircd-6-libs\jansson\lib" ^
JANSSON_INC_DIR="c:\projects\unrealircd-6-libs\jansson\include" ^
JANSSONLIB="jansson.lib" ^
GEOIPCLASSIC_LIB_DIR="c:\projects\unrealircd-6-libs\GeoIP\libGeoIP" ^
GEOIPCLASSIC_INC_DIR="c:\projects\unrealircd-6-libs\GeoIP\libGeoIP" ^
GEOIPCLASSICLIB="GeoIP.lib" %*
extras/c-ares.tar.gz
BIN
View File
Binary file not shown.
extras/curlinstall
Executable
+98
View File
@@ -0,0 +1,98 @@
#!/bin/sh
URL="https://www.unrealircd.org/files/curl-latest.tar.gz"
OUTF="curl-latest.tar.gz"
OUTD="curl-latest"
ARESPATH="`pwd`/extras/c-ares"
UNREALDIR="`pwd`"
CARESVERSION="1.15.0"
LIBDIR="$1"
if [ "x$1" = "x" ]; then
echo "You should (no longer) run this program directly."
echo "It will be invoked by ./Config"
exit 1
fi
if [ ! -f src/parse.c ]; then
if [ -f ../src/parse.c ]; then
cd ..
else
echo "Please run this program from your UnrealIRCd directory"
echo "(usually $HOME/unrealircd-4.2.X or something like that)"
exit 1
fi
fi
wget --version 1>/dev/null 2>&1
if [ "$?" = 0 ]; then
FETCHER="wget"
else
fetch --version 1>/dev/null 2>&1
if [ "$?" = 0 ]; then
FETCHER="fetch"
else
lynx --version 1>/dev/null 2>&1
if [ "$?" = 0 ]; then
FETCHER="lynx"
else
echo "ERROR: unable to find wget/fetch/lynx, please install at least one of these programs"
exit 1
fi
fi
fi
if [ ! -d tmp ]; then
mkdir tmp || exit 1
fi
cd tmp || exit 1
rm -f "$OUTF"
if [ "$FETCHER" = "wget" ]; then
wget -O "$OUTF" "$URL"
elif [ "$FETCHER" = "lynx" ]; then
lynx -dump "$URL" >"$OUTF"
elif [ "$FETCHER" = "fetch" ]; then
cd tmp #todo: find out the cmd line parameter ;)
fetch "$URL"
fi
if [ "$?" != 0 ]; then
echo "ERROR: Something went wrong while trying to download $URL"
exit 1
fi
rm -rf "$OUTD" # remove old directory prior to extracting
tar xzf "$OUTF" || exit 1
if [ "`eval echo -n 'a'`" = "-n a" ] ; then
c="\c"
else
n="-n"
fi
if [ ! -d "$ARESPATH/lib" ]; then
echo "c-ares has not been build yet, let's do that now..."
cd ../extras/
tar xzf c-ares.tar.gz || exit 1
cd c-ares-$CARESVERSION || exit 1
./configure --prefix=$ARESPATH || exit 1
(make && make install) || exit 1
cd ../../tmp/
echo "c-ares built."
echo ""
fi
# We assume curl has been packaged in a way it will extract to "$OUTD"/
cd "$OUTD" || exit 1
echo "Building and installing libcurl"
CPPFLAGS="-I$ARESPATH/include" ./configure --prefix=$UNREALDIR/extras/curl --libdir=$LIBDIR --enable-shared \
--disable-thread --enable-ares=$ARESPATH --disable-ipv6
cp -R $ARESPATH/lib ares
make && make install
#cp $ARESPATH/lib/libcares.a $HOME/curl/lib
# that isn't needed anymore as the lib is already in unreal...
extras/doxygen/Developers.md
-18
View File
@@ -1,18 +0,0 @@
Welcome to the doxygen-generated documentation for the UnrealIRCd 6.x API.
This is intended **for developers only!**
If you are creating a 3rd party module for UnrealIRCd or are interested
in contributing to UnrealIRCd then this is the right place.
Here you should be able to find a lot of information on the data structures
and functions available to you when coding for UnrealIRCd.
## Wiki documentation ##
* Be sure to check the [Module API](https://www.unrealircd.org/docs/Dev:Module_API) article on the wiki
as well, which provides a better *overview* of the module API
## Doxygen docs ##
* [Functions and structs ordered by purpose](modules.html) - **this contains most of the module API!**
* [The most common structs](group__CommonStructs.html) - like Client, User, Server, Channel, etc.
* [All structs](classes.html) - in a simple alphabetical index
* [Browse by source file](dir_68267d1309a1af8e8297ef4c3efbcdba.html) - see all src/*.c files and their (documented) functions.
extras/doxygen/Doxyfile
-2494
View File
File diff suppressed because it is too large Load Diff
extras/doxygen/doxygen_custom.css
-4
View File
@@ -1,4 +0,0 @@
code {
border: 1px solid #C4CFE5;
background-color: #FBFCFD;
}
extras/doxygen/header.html
-56
View File
@@ -1,56 +0,0 @@
<!-- HTML header for doxygen 1.8.13-->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/xhtml;charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=9"/>
<meta name="generator" content="Doxygen $doxygenversion"/>
<meta name="viewport" content="width=device-width, initial-scale=1"/>
<!--BEGIN PROJECT_NAME--><title>$projectname Module API: $title</title><!--END PROJECT_NAME-->
<!--BEGIN !PROJECT_NAME--><title>$title</title><!--END !PROJECT_NAME-->
<link href="$relpath^tabs.css" rel="stylesheet" type="text/css"/>
<script type="text/javascript" src="$relpath^jquery.js"></script>
<script type="text/javascript" src="$relpath^dynsections.js"></script>
$treeview
$search
$mathjax
<link href="$relpath^$stylesheet" rel="stylesheet" type="text/css" />
$extrastylesheet
</head>
<body>
<div id="top"><!-- do not remove this div, it is closed by doxygen! -->
<!--BEGIN TITLEAREA-->
<div id="titlearea">
<table cellspacing="0" cellpadding="0">
<tbody>
<tr style="height: 56px;">
<!--BEGIN PROJECT_LOGO-->
<td id="projectlogo"><img alt="Logo" src="$relpath^$projectlogo"/></td>
<!--END PROJECT_LOGO-->
<!--BEGIN PROJECT_NAME-->
<td id="projectalign" style="padding-left: 0.5em;">
<div id="projectname">$projectname
<!--BEGIN PROJECT_NUMBER-->&#160;<span id="projectnumber">Module API $projectnumber</span><!--END PROJECT_NUMBER-->
</div>
<!--BEGIN PROJECT_BRIEF--><div id="projectbrief">$projectbrief</div><!--END PROJECT_BRIEF-->
</td>
<!--END PROJECT_NAME-->
<!--BEGIN !PROJECT_NAME-->
<!--BEGIN PROJECT_BRIEF-->
<td style="padding-left: 0.5em;">
<div id="projectbrief">$projectbrief</div>
</td>
<!--END PROJECT_BRIEF-->
<!--END !PROJECT_NAME-->
<!--BEGIN DISABLE_INDEX-->
<!--BEGIN SEARCHENGINE-->
<td>$searchbox</td>
<!--END SEARCHENGINE-->
<!--END DISABLE_INDEX-->
</tr>
</tbody>
</table>
</div>
<!--END TITLEAREA-->
<!-- end header part -->
extras/geoip-classic.tar.gz
BIN
View File
Binary file not shown.
extras/jansson.tar.gz
BIN
View File
Binary file not shown.
extras/libsodium.tar.gz
BIN
View File
Binary file not shown.
extras/pcre2.tar.gz
BIN
View File
Binary file not shown.
extras/regex/Makefile.in
+98
View File
@@ -0,0 +1,98 @@
# Makefile for regex.
#
# Copyright (C) 1992, 1993 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
version = 0.12
# You can define CPPFLAGS on the command line. Aside from system-specific
# flags, you can define:
# -DREGEX_MALLOC to use malloc/realloc/free instead of alloca.
# -DDEBUG to enable the compiled pattern disassembler and execution
# tracing; code runs substantially slower.
# -DEXTRACT_MACROS to use the macros EXTRACT_* (as opposed to
# the corresponding C procedures). If not -DDEBUG, the macros
# are used.
CPPFLAGS =
# Likewise, you can override CFLAGS to optimize, use -Wall, etc.
CFLAGS = -g
# Ditto for LDFLAGS and LOADLIBES.
LDFLAGS =
LOADLIBES =
srcdir = @srcdir@
VPATH = @srcdir@
CC = @CC@
DEFS = @DEFS@
SHELL = /bin/sh
subdirs = moo
default all:: regex.o
.PHONY: default all
regex.o: regex.c regex.h
$(CC) $(CFLAGS) $(CPPFLAGS) $(DEFS) -I. -I$(srcdir) -c $<
clean mostlyclean::
rm -f *.o
distclean:: clean
rm -f Makefile config.status
extraclean:: distclean
rm -f patch* *~* *\#* *.orig *.rej *.bak core a.out
configure: configure.in
autoconf
config.status: configure
sh configure --no-create
Makefile: Makefile.in config.status
sh config.status
makeargs = $(MFLAGS) CPPFLAGS='$(CPPFLAGS)' CFLAGS='$(CFLAGS)' CC='$(CC)' \
DEFS='$(DEFS)' LDFLAGS='$(LDFLAGS)' LOADLIBES='$(LOADLIBES)'
default all install \
mostlyclean clean distclean extraclean realclean \
TAGS check::
for d in $(subdirs); do (cd $$d; $(MAKE) $(makeargs) $@); done
.PHONY: install mostlyclean clean distclean extraclean realclean TAGS check
# Prevent GNU make 3 from overflowing arg limit on system V.
.NOEXPORT:
distfiles = AUTHORS ChangeLog COPYING INSTALL NEWS README \
*.in configure regex.c regex.h
distdir = regex-$(version)
distargs = version=$(version) distdir=../$(distdir)/$$d
dist: TAGS configure
@echo "Version numbers in: Makefile.in, ChangeLog, NEWS,"
@echo " regex.c, regex.h,"
@echo " and doc/xregex.texi (if modified)."
rm -rf $(distdir)
mkdir $(distdir)
ln $(distfiles) $(distdir)
for d in $(subdirs); do (cd $$d; $(MAKE) $(distargs) dist); done
tar czhf $(distdir).tar.Z $(distdir)
rm -rf $(distdir)
.PHONY: dist
extras/regex/README
+60
View File
@@ -0,0 +1,60 @@
This directory contains the GNU regex library. It is compliant with
POSIX.2, except for internationalization features.
See the file NEWS for a list of major changes in the current release.
See the file INSTALL for compilation instructions. (The only thing
installed is the documentation; regex.c is compiled into regex.o, but
not installed anywhere.)
The subdirectory `doc' contains a (programmers') manual for the library.
It's probably out-of-date. Improvements are welcome.
The subdirectory `test' contains the various tests we've written.
We know this code is not as fast as it might be. If you have specific
suggestions, profiling results, or other such useful information to
report, please do.
Emacs 18 is not going use this revised regex (but Emacs 19 will). If
you want to try it with Emacs 18, apply the patch at the end of this
file first.
Mail bug reports to bug-gnu-utils@prep.ai.mit.edu.
Please include an actual regular expression that fails (and the syntax
used to compile it); without that, there's no way to reproduce the bug,
so there's no way we can fix it. Even if you include a patch, also
include the regular expression in error; otherwise, we can't know for
sure what you're trying to fix.
Here is the patch to make this version of regex work with Emacs 18.
*** ORIG/search.c Tue Jan 8 13:04:55 1991
--- search.c Sun Jan 5 10:57:00 1992
***************
*** 25,26 ****
--- 25,28 ----
#include "commands.h"
+
+ #include <sys/types.h>
#include "regex.h"
***************
*** 477,479 ****
/* really needed. */
! && *(searchbuf.buffer) == (char) exactn /* first item is "exact match" */
&& searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
--- 479,482 ----
/* really needed. */
! /* first item is "exact match" */
! && *(searchbuf.buffer) == (char) RE_EXACTN_VALUE
&& searchbuf.buffer[1] + 2 == searchbuf.used) /*first is ONLY item */
***************
*** 1273,1275 ****
searchbuf.allocated = 100;
! searchbuf.buffer = (char *) malloc (searchbuf.allocated);
searchbuf.fastmap = search_fastmap;
--- 1276,1278 ----
searchbuf.allocated = 100;
! searchbuf.buffer = (unsigned char *) malloc (searchbuf.allocated);
searchbuf.fastmap = search_fastmap;
extras/regex/configure
Vendored Executable
+462
View File
@@ -0,0 +1,462 @@
#!/bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated automatically using autoconf.
# Copyright (C) 1991, 1992, 1993 Free Software Foundation, Inc.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
# Usage: configure [--srcdir=DIR] [--host=HOST] [--gas] [--nfp] [--no-create]
# [--prefix=PREFIX] [--exec-prefix=PREFIX] [--with-PACKAGE] [TARGET]
# Ignores all args except --srcdir, --prefix, --exec-prefix, --no-create, and
# --with-PACKAGE unless this script has special code to handle it.
for arg
do
# Handle --exec-prefix with a space before the argument.
if test x$next_exec_prefix = xyes; then exec_prefix=$arg; next_exec_prefix=
# Handle --host with a space before the argument.
elif test x$next_host = xyes; then next_host=
# Handle --prefix with a space before the argument.
elif test x$next_prefix = xyes; then prefix=$arg; next_prefix=
# Handle --srcdir with a space before the argument.
elif test x$next_srcdir = xyes; then srcdir=$arg; next_srcdir=
else
case $arg in
# For backward compatibility, also recognize exact --exec_prefix.
-exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* | --exec=* | --exe=* | --ex=* | --e=*)
exec_prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- | --exec | --exe | --ex | --e)
next_exec_prefix=yes ;;
-gas | --gas | --ga | --g) ;;
-host=* | --host=* | --hos=* | --ho=* | --h=*) ;;
-host | --host | --hos | --ho | --h)
next_host=yes ;;
-nfp | --nfp | --nf) ;;
-no-create | --no-create | --no-creat | --no-crea | --no-cre | --no-cr | --no-c | --no- | --no)
no_create=1 ;;
-prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*)
prefix=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-prefix | --prefix | --prefi | --pref | --pre | --pr | --p)
next_prefix=yes ;;
-srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=* | --s=*)
srcdir=`echo $arg | sed 's/[-a-z_]*=//'` ;;
-srcdir | --srcdir | --srcdi | --srcd | --src | --sr | --s)
next_srcdir=yes ;;
-with-* | --with-*)
package=`echo $arg|sed 's/-*with-//'`
# Delete all the valid chars; see if any are left.
if test -n "`echo $package|sed 's/[-a-zA-Z0-9_]*//g'`"; then
echo "configure: $package: invalid package name" >&2; exit 1
fi
eval "with_`echo $package|sed s/-/_/g`=1" ;;
*) ;;
esac
fi
done
trap 'rm -f conftest* core; exit 1' 1 3 15
rm -f conftest*
compile='${CC-cc} $CFLAGS $DEFS conftest.c -o conftest $LIBS >/dev/null 2>&1'
# A filename unique to this package, relative to the directory that
# configure is in, which we can look for to find out if srcdir is correct.
unique_file=regex.c
# Find the source files, if location was not specified.
if test -z "$srcdir"; then
srcdirdefaulted=yes
# Try the directory containing this script, then `..'.
prog=$0
confdir=`echo $prog|sed 's%/[^/][^/]*$%%'`
test "X$confdir" = "X$prog" && confdir=.
srcdir=$confdir
if test ! -r $srcdir/$unique_file; then
srcdir=..
fi
fi
if test ! -r $srcdir/$unique_file; then
if test x$srcdirdefaulted = xyes; then
echo "configure: Can not find sources in \`${confdir}' or \`..'." 1>&2
else
echo "configure: Can not find sources in \`${srcdir}'." 1>&2
fi
exit 1
fi
# Preserve a srcdir of `.' to avoid automounter screwups with pwd.
# But we can't avoid them for `..', to make subdirectories work.
case $srcdir in
.|/*|~*) ;;
*) srcdir=`cd $srcdir; pwd` ;; # Make relative path absolute.
esac
if test -z "$CC"; then
echo checking for gcc
saveifs="$IFS"; IFS="${IFS}:"
for dir in $PATH; do
test -z "$dir" && dir=.
if test -f $dir/gcc; then
CC="gcc"
break
fi
done
IFS="$saveifs"
fi
test -z "$CC" && CC="cc"
# Find out if we are using GNU C, under whatever name.
cat > conftest.c <<EOF
#ifdef __GNUC__
yes
#endif
EOF
${CC-cc} -E conftest.c > conftest.out 2>&1
if egrep yes conftest.out >/dev/null 2>&1; then
GCC=1 # For later tests.
fi
rm -f conftest*
# Make sure to not get the incompatible SysV /etc/install and
# /usr/sbin/install, which might be in PATH before a BSD-like install,
# or the SunOS /usr/etc/install directory, or the AIX /bin/install,
# or the AFS install, which mishandles nonexistent args. (Sigh.)
if test -z "$INSTALL"; then
echo checking for install
saveifs="$IFS"; IFS="${IFS}:"
for dir in $PATH; do
test -z "$dir" && dir=.
case $dir in
/etc|/usr/sbin|/usr/etc|/usr/afsws/bin) ;;
*)
if test -f $dir/install; then
if grep dspmsg $dir/install >/dev/null 2>&1; then
: # AIX
else
INSTALL="$dir/install -c"
INSTALL_PROGRAM='$(INSTALL)'
INSTALL_DATA='$(INSTALL) -m 644'
break
fi
fi
;;
esac
done
IFS="$saveifs"
fi
INSTALL=${INSTALL-cp}
INSTALL_PROGRAM=${INSTALL_PROGRAM-'$(INSTALL)'}
INSTALL_DATA=${INSTALL_DATA-'$(INSTALL)'}
echo checking for AIX
echo checking how to run the C preprocessor
if test -z "$CPP"; then
CPP='${CC-cc} -E'
cat > conftest.c <<EOF
#include <stdio.h>
EOF
err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
if test -z "$err"; then
:
else
CPP=/lib/cpp
fi
rm -f conftest*
fi
cat > conftest.c <<EOF
#ifdef _AIX
yes
#endif
EOF
eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
if egrep "yes" conftest.out >/dev/null 2>&1; then
DEFS="$DEFS -D_ALL_SOURCE=1"
fi
rm -f conftest*
echo checking for DYNIX/ptx libseq
cat > conftest.c <<EOF
#if defined(_SEQUENT_)
yes
#endif
EOF
eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
if egrep "yes" conftest.out >/dev/null 2>&1; then
SEQUENT=1
fi
rm -f conftest*
test -n "$SEQUENT" && test -f /usr/lib/libseq.a &&
LIBS="$LIBS -lseq"
echo checking for POSIXized ISC
if test -d /etc/conf/kconfig.d &&
grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1
then
ISC=1 # If later tests want to check for ISC.
DEFS="$DEFS -D_POSIX_SOURCE=1"
if test -n "$GCC"; then
CC="$CC -posix"
else
CC="$CC -Xp"
fi
fi
echo checking for minix/config.h
cat > conftest.c <<EOF
#include <minix/config.h>
EOF
err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
if test -z "$err"; then
MINIX=1
fi
rm -f conftest*
# The Minix shell can't assign to the same variable on the same line!
if test -n "$MINIX"; then
DEFS="$DEFS -D_POSIX_SOURCE=1"
DEFS="$DEFS -D_POSIX_1_SOURCE=2"
DEFS="$DEFS -D_MINIX=1"
fi
echo checking for ANSI C header files
cat > conftest.c <<EOF
#include <stdlib.h>
#include <stdarg.h>
#include <string.h>
#include <float.h>
EOF
err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
if test -z "$err"; then
# SunOS string.h does not declare mem*, contrary to ANSI.
echo '#include <string.h>' > conftest.c
eval "$CPP $DEFS conftest.c > conftest.out 2>&1"
if egrep "memchr" conftest.out >/dev/null 2>&1; then
# SGI's /bin/cc from Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi.
cat > conftest.c <<EOF
#include <ctype.h>
#define ISLOWER(c) ('a' <= (c) && (c) <= 'z')
#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c))
#define XOR(e,f) (((e) && !(f)) || (!(e) && (f)))
int main () { int i; for (i = 0; i < 256; i++)
if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2);
exit (0); }
EOF
eval $compile
if test -s conftest && (./conftest; exit) 2>/dev/null; then
DEFS="$DEFS -DSTDC_HEADERS=1"
fi
rm -f conftest*
fi
rm -f conftest*
fi
rm -f conftest*
for hdr in string.h
do
trhdr=HAVE_`echo $hdr | tr '[a-z]./' '[A-Z]__'`
echo checking for ${hdr}
cat > conftest.c <<EOF
#include <${hdr}>
EOF
err=`eval "$CPP $DEFS conftest.c 2>&1 >/dev/null"`
if test -z "$err"; then
DEFS="$DEFS -D${trhdr}=1"
fi
rm -f conftest*
done
# The Ultrix 4.2 mips builtin alloca declared by alloca.h only works
# for constant arguments. Useless!
echo checking for working alloca.h
cat > conftest.c <<EOF
#include <alloca.h>
main() { exit(0); }
t() { char *p = alloca(2 * sizeof(int)); }
EOF
if eval $compile; then
DEFS="$DEFS -DHAVE_ALLOCA_H=1"
fi
rm -f conftest*
decl="#ifdef __GNUC__
#define alloca __builtin_alloca
#else
#if HAVE_ALLOCA_H
#include <alloca.h>
#else
#ifdef _AIX
#pragma alloca
#else
char *alloca ();
#endif
#endif
#endif
"
echo checking for alloca
cat > conftest.c <<EOF
$decl
main() { exit(0); }
t() { char *p = (char *) alloca(1); }
EOF
if eval $compile; then
:
else
alloca_missing=1
fi
rm -f conftest*
if test -n "$alloca_missing"; then
# The SVR3 libPW and SVR4 libucb both contain incompatible functions
# that cause trouble. Some versions do not even contain alloca or
# contain a buggy version. If you still want to use their alloca,
# use ar to extract alloca.o from them instead of compiling alloca.c.
ALLOCA=alloca.o
fi
prog='/* Ultrix mips cc rejects this. */
typedef int charset[2]; const charset x;
/* SunOS 4.1.1 cc rejects this. */
char const *const *p;
char **p2;
/* HPUX 7.0 cc rejects these. */
++p;
p2 = (char const* const*) p;'
echo checking for working const
cat > conftest.c <<EOF
main() { exit(0); }
t() { $prog }
EOF
if eval $compile; then
:
else
DEFS="$DEFS -Dconst="
fi
rm -f conftest*
if test -z "$prefix"
then
echo checking for gcc to derive installation directory prefix
saveifs="$IFS"; IFS="$IFS:"
for dir in $PATH; do
test -z "$dir" && dir=.
if test $dir != . && test -f $dir/gcc; then
# Not all systems have dirname.
prefix=`echo $dir|sed 's%/[^/][^/]*$%%'`
break
fi
done
IFS="$saveifs"
fi
if test -n "$prefix"; then
test -z "$exec_prefix" && exec_prefix='${prefix}'
prsub="s%^prefix\\([ ]*\\)=\\([ ]*\\).*$%prefix\\1=\\2$prefix%"
fi
if test -n "$exec_prefix"; then
prsub="$prsub
s%^exec_prefix\\([ ]*\\)=\\([ ]*\\).*$%\
exec_prefix\\1=\\2$exec_prefix%"
fi
trap 'rm -f config.status; exit 1' 1 3 15
echo creating config.status
rm -f config.status
cat > config.status <<EOF
#!/bin/sh
# Generated automatically by configure.
# Run this file to recreate the current configuration.
# This directory was configured as follows,
# on host `(hostname || uname -n) 2>/dev/null`:
#
# $0 $*
for arg
do
case "\$arg" in
-recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r)
exec /bin/sh $0 $* ;;
*) echo "Usage: config.status --recheck" 2>&1; exit 1 ;;
esac
done
trap 'rm -f Makefile; exit 1' 1 3 15
CC='$CC'
INSTALL='$INSTALL'
INSTALL_PROGRAM='$INSTALL_PROGRAM'
INSTALL_DATA='$INSTALL_DATA'
CPP='$CPP'
ALLOCA='$ALLOCA'
LIBS='$LIBS'
srcdir='$srcdir'
DEFS='$DEFS'
prefix='$prefix'
exec_prefix='$exec_prefix'
prsub='$prsub'
EOF
cat >> config.status <<\EOF
top_srcdir=$srcdir
for file in .. Makefile; do if [ "x$file" != "x.." ]; then
srcdir=$top_srcdir
# Remove last slash and all that follows it. Not all systems have dirname.
dir=`echo $file|sed 's%/[^/][^/]*$%%'`
if test "$dir" != "$file"; then
test "$top_srcdir" != . && srcdir=$top_srcdir/$dir
test ! -d $dir && mkdir $dir
fi
echo creating $file
rm -f $file
echo "# Generated automatically from `echo $file|sed 's|.*/||'`.in by configure." > $file
sed -e "
$prsub
s%@CC@%$CC%g
s%@INSTALL@%$INSTALL%g
s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g
s%@INSTALL_DATA@%$INSTALL_DATA%g
s%@CPP@%$CPP%g
s%@ALLOCA@%$ALLOCA%g
s%@LIBS@%$LIBS%g
s%@srcdir@%$srcdir%g
s%@DEFS@%$DEFS%
" $top_srcdir/${file}.in >> $file
fi; done
exit 0
EOF
chmod +x config.status
test -n "$no_create" || ./config.status
extras/regex/configure.in
+23
View File
@@ -0,0 +1,23 @@
dnl Process this file with autoconf to produce a configure script.
AC_INIT(regex.c)
AC_PROG_CC
AC_PROG_INSTALL
dnl I'm not sure if AC_AIX and AC_DYNIX_SEQ are really necessary. The
dnl Autoconf documentation isn't specific about which BSD functions they
dnl provide.
AC_AIX
AC_DYNIX_SEQ
AC_ISC_POSIX
AC_MINIX
AC_STDC_HEADERS
AC_HAVE_HEADERS(string.h)
AC_ALLOCA
AC_CONST
AC_PREFIX(gcc)
AC_OUTPUT(Makefile doc/Makefile test/Makefile)
extras/regex/moo/Makefile
+4
View File
@@ -0,0 +1,4 @@
clean:
default:
all:
echo "."
extras/regex/regex.c
+4940
View File
File diff suppressed because it is too large Load Diff
extras/regex/regex.h
+490
View File
@@ -0,0 +1,490 @@
/* Definitions for data structures and routines for the regular
expression library, version 0.12.
Copyright (C) 1985, 1989, 1990, 1991, 1992, 1993 Free Software Foundation, Inc.
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2, or (at your option)
any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */
#ifndef __REGEXP_LIBRARY_H__
#define __REGEXP_LIBRARY_H__
/* POSIX says that <sys/types.h> must be included (by the caller) before
<regex.h>. */
#ifdef VMS
/* VMS doesn't have `size_t' in <sys/types.h>, even though POSIX says it
should be there. */
#include <stddef.h>
#endif
/* The following bits are used to determine the regexp syntax we
recognize. The set/not-set meanings are chosen so that Emacs syntax
remains the value 0. The bits are given in alphabetical order, and
the definitions shifted by one from the previous bit; thus, when we
add or remove a bit, only one other definition need change. */
typedef unsigned reg_syntax_t;
/* If this bit is not set, then \ inside a bracket expression is literal.
If set, then such a \ quotes the following character. */
#define RE_BACKSLASH_ESCAPE_IN_LISTS (1)
/* If this bit is not set, then + and ? are operators, and \+ and \? are
literals.
If set, then \+ and \? are operators and + and ? are literals. */
#define RE_BK_PLUS_QM (RE_BACKSLASH_ESCAPE_IN_LISTS << 1)
/* If this bit is set, then character classes are supported. They are:
[:alpha:], [:upper:], [:lower:], [:digit:], [:alnum:], [:xdigit:],
[:space:], [:print:], [:punct:], [:graph:], and [:cntrl:].
If not set, then character classes are not supported. */
#define RE_CHAR_CLASSES (RE_BK_PLUS_QM << 1)
/* If this bit is set, then ^ and $ are always anchors (outside bracket
expressions, of course).
If this bit is not set, then it depends:
^ is an anchor if it is at the beginning of a regular
expression or after an open-group or an alternation operator;
$ is an anchor if it is at the end of a regular expression, or
before a close-group or an alternation operator.
This bit could be (re)combined with RE_CONTEXT_INDEP_OPS, because
POSIX draft 11.2 says that * etc. in leading positions is undefined.
We already implemented a previous draft which made those constructs
invalid, though, so we haven't changed the code back. */
#define RE_CONTEXT_INDEP_ANCHORS (RE_CHAR_CLASSES << 1)
/* If this bit is set, then special characters are always special
regardless of where they are in the pattern.
If this bit is not set, then special characters are special only in
some contexts; otherwise they are ordinary. Specifically,
* + ? and intervals are only special when not after the beginning,
open-group, or alternation operator. */
#define RE_CONTEXT_INDEP_OPS (RE_CONTEXT_INDEP_ANCHORS << 1)
/* If this bit is set, then *, +, ?, and { cannot be first in an re or
immediately after an alternation or begin-group operator. */
#define RE_CONTEXT_INVALID_OPS (RE_CONTEXT_INDEP_OPS << 1)
/* If this bit is set, then . matches newline.
If not set, then it doesn't. */
#define RE_DOT_NEWLINE (RE_CONTEXT_INVALID_OPS << 1)
/* If this bit is set, then . doesn't match NUL.
If not set, then it does. */
#define RE_DOT_NOT_NULL (RE_DOT_NEWLINE << 1)
/* If this bit is set, nonmatching lists [^...] do not match newline.
If not set, they do. */
#define RE_HAT_LISTS_NOT_NEWLINE (RE_DOT_NOT_NULL << 1)
/* If this bit is set, either \{...\} or {...} defines an
interval, depending on RE_NO_BK_BRACES.
If not set, \{, \}, {, and } are literals. */
#define RE_INTERVALS (RE_HAT_LISTS_NOT_NEWLINE << 1)
/* If this bit is set, +, ? and | aren't recognized as operators.
If not set, they are. */
#define RE_LIMITED_OPS (RE_INTERVALS << 1)
/* If this bit is set, newline is an alternation operator.
If not set, newline is literal. */
#define RE_NEWLINE_ALT (RE_LIMITED_OPS << 1)
/* If this bit is set, then `{...}' defines an interval, and \{ and \}
are literals.
If not set, then `\{...\}' defines an interval. */
#define RE_NO_BK_BRACES (RE_NEWLINE_ALT << 1)
/* If this bit is set, (...) defines a group, and \( and \) are literals.
If not set, \(...\) defines a group, and ( and ) are literals. */
#define RE_NO_BK_PARENS (RE_NO_BK_BRACES << 1)
/* If this bit is set, then \<digit> matches <digit>.
If not set, then \<digit> is a back-reference. */
#define RE_NO_BK_REFS (RE_NO_BK_PARENS << 1)
/* If this bit is set, then | is an alternation operator, and \| is literal.
If not set, then \| is an alternation operator, and | is literal. */
#define RE_NO_BK_VBAR (RE_NO_BK_REFS << 1)
/* If this bit is set, then an ending range point collating higher
than the starting range point, as in [z-a], is invalid.
If not set, then when ending range point collates higher than the
starting range point, the range is ignored. */
#define RE_NO_EMPTY_RANGES (RE_NO_BK_VBAR << 1)
/* If this bit is set, then an unmatched ) is ordinary.
If not set, then an unmatched ) is invalid. */
#define RE_UNMATCHED_RIGHT_PAREN_ORD (RE_NO_EMPTY_RANGES << 1)
/* This global variable defines the particular regexp syntax to use (for
some interfaces). When a regexp is compiled, the syntax used is
stored in the pattern buffer, so changing this does not affect
already-compiled regexps. */
extern reg_syntax_t re_syntax_options;
/* Define combinations of the above bits for the standard possibilities.
(The [[[ comments delimit what gets put into the Texinfo file, so
don't delete them!) */
/* [[[begin syntaxes]]] */
#define RE_SYNTAX_EMACS 0
#define RE_SYNTAX_AWK \
(RE_BACKSLASH_ESCAPE_IN_LISTS | RE_DOT_NOT_NULL \
| RE_NO_BK_PARENS | RE_NO_BK_REFS \
| RE_NO_BK_VBAR | RE_NO_EMPTY_RANGES \
| RE_UNMATCHED_RIGHT_PAREN_ORD)
#define RE_SYNTAX_POSIX_AWK \
(RE_SYNTAX_POSIX_EXTENDED | RE_BACKSLASH_ESCAPE_IN_LISTS)
#define RE_SYNTAX_GREP \
(RE_BK_PLUS_QM | RE_CHAR_CLASSES \
| RE_HAT_LISTS_NOT_NEWLINE | RE_INTERVALS \
| RE_NEWLINE_ALT)
#define RE_SYNTAX_EGREP \
(RE_CHAR_CLASSES | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INDEP_OPS | RE_HAT_LISTS_NOT_NEWLINE \
| RE_NEWLINE_ALT | RE_NO_BK_PARENS \
| RE_NO_BK_VBAR)
#define RE_SYNTAX_POSIX_EGREP \
(RE_SYNTAX_EGREP | RE_INTERVALS | RE_NO_BK_BRACES)
/* P1003.2/D11.2, section 4.20.7.1, lines 5078ff. */
#define RE_SYNTAX_ED RE_SYNTAX_POSIX_BASIC
#define RE_SYNTAX_SED RE_SYNTAX_POSIX_BASIC
/* Syntax bits common to both basic and extended POSIX regex syntax. */
#define _RE_SYNTAX_POSIX_COMMON \
(RE_CHAR_CLASSES | RE_DOT_NEWLINE | RE_DOT_NOT_NULL \
| RE_INTERVALS | RE_NO_EMPTY_RANGES)
#define RE_SYNTAX_POSIX_BASIC \
(_RE_SYNTAX_POSIX_COMMON | RE_BK_PLUS_QM)
/* Differs from ..._POSIX_BASIC only in that RE_BK_PLUS_QM becomes
RE_LIMITED_OPS, i.e., \? \+ \| are not recognized. Actually, this
isn't minimal, since other operators, such as \`, aren't disabled. */
#define RE_SYNTAX_POSIX_MINIMAL_BASIC \
(_RE_SYNTAX_POSIX_COMMON | RE_LIMITED_OPS)
#define RE_SYNTAX_POSIX_EXTENDED \
(_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INDEP_OPS | RE_NO_BK_BRACES \
| RE_NO_BK_PARENS | RE_NO_BK_VBAR \
| RE_UNMATCHED_RIGHT_PAREN_ORD)
/* Differs from ..._POSIX_EXTENDED in that RE_CONTEXT_INVALID_OPS
replaces RE_CONTEXT_INDEP_OPS and RE_NO_BK_REFS is added. */
#define RE_SYNTAX_POSIX_MINIMAL_EXTENDED \
(_RE_SYNTAX_POSIX_COMMON | RE_CONTEXT_INDEP_ANCHORS \
| RE_CONTEXT_INVALID_OPS | RE_NO_BK_BRACES \
| RE_NO_BK_PARENS | RE_NO_BK_REFS \
| RE_NO_BK_VBAR | RE_UNMATCHED_RIGHT_PAREN_ORD)
/* [[[end syntaxes]]] */
/* Maximum number of duplicates an interval can allow. Some systems
(erroneously) define this in other header files, but we want our
value, so remove any previous define. */
#ifdef RE_DUP_MAX
#undef RE_DUP_MAX
#endif
#define RE_DUP_MAX ((1 << 15) - 1)
/* POSIX `cflags' bits (i.e., information for `regcomp'). */
/* If this bit is set, then use extended regular expression syntax.
If not set, then use basic regular expression syntax. */
#define REG_EXTENDED 1
/* If this bit is set, then ignore case when matching.
If not set, then case is significant. */
#define REG_ICASE (REG_EXTENDED << 1)
/* If this bit is set, then anchors do not match at newline
characters in the string.
If not set, then anchors do match at newlines. */
#define REG_NEWLINE (REG_ICASE << 1)
/* If this bit is set, then report only success or fail in regexec.
If not set, then returns differ between not matching and errors. */
#define REG_NOSUB (REG_NEWLINE << 1)
/* POSIX `eflags' bits (i.e., information for regexec). */
/* If this bit is set, then the beginning-of-line operator doesn't match
the beginning of the string (presumably because it's not the
beginning of a line).
If not set, then the beginning-of-line operator does match the
beginning of the string. */
#define REG_NOTBOL 1
/* Like REG_NOTBOL, except for the end-of-line. */
#define REG_NOTEOL (1 << 1)
/* If any error codes are removed, changed, or added, update the
`re_error_msg' table in regex.c. */
typedef enum
{
REG_NOERROR = 0, /* Success. */
REG_NOMATCH, /* Didn't find a match (for regexec). */
/* POSIX regcomp return error codes. (In the order listed in the
standard.) */
REG_BADPAT, /* Invalid pattern. */
REG_ECOLLATE, /* Not implemented. */
REG_ECTYPE, /* Invalid character class name. */
REG_EESCAPE, /* Trailing backslash. */
REG_ESUBREG, /* Invalid back reference. */
REG_EBRACK, /* Unmatched left bracket. */
REG_EPAREN, /* Parenthesis imbalance. */
REG_EBRACE, /* Unmatched \{. */
REG_BADBR, /* Invalid contents of \{\}. */
REG_ERANGE, /* Invalid range end. */
REG_ESPACE, /* Ran out of memory. */
REG_BADRPT, /* No preceding re for repetition op. */
/* Error codes we've added. */
REG_EEND, /* Premature end. */
REG_ESIZE, /* Compiled pattern bigger than 2^16 bytes. */
REG_ERPAREN /* Unmatched ) or \); not returned from regcomp. */
} reg_errcode_t;
/* This data structure represents a compiled pattern. Before calling
the pattern compiler, the fields `buffer', `allocated', `fastmap',
`translate', and `no_sub' can be set. After the pattern has been
compiled, the `re_nsub' field is available. All other fields are
private to the regex routines. */
struct re_pattern_buffer
{
/* [[[begin pattern_buffer]]] */
/* Space that holds the compiled pattern. It is declared as
`unsigned char *' because its elements are
sometimes used as array indexes. */
unsigned char *buffer;
/* Number of bytes to which `buffer' points. */
unsigned long allocated;
/* Number of bytes actually used in `buffer'. */
unsigned long used;
/* Syntax setting with which the pattern was compiled. */
reg_syntax_t syntax;
/* Pointer to a fastmap, if any, otherwise zero. re_search uses
the fastmap, if there is one, to skip over impossible
starting points for matches. */
char *fastmap;
/* Either a translate table to apply to all characters before
comparing them, or zero for no translation. The translation
is applied to a pattern when it is compiled and to a string
when it is matched. */
char *translate;
/* Number of subexpressions found by the compiler. */
size_t re_nsub;
/* Zero if this pattern cannot match the empty string, one else.
Well, in truth it's used only in `re_search_2', to see
whether or not we should use the fastmap, so we don't set
this absolutely perfectly; see `re_compile_fastmap' (the
`duplicate' case). */
unsigned can_be_null : 1;
/* If REGS_UNALLOCATED, allocate space in the `regs' structure
for `max (RE_NREGS, re_nsub + 1)' groups.
If REGS_REALLOCATE, reallocate space if necessary.
If REGS_FIXED, use what's there. */
#define REGS_UNALLOCATED 0
#define REGS_REALLOCATE 1
#define REGS_FIXED 2
unsigned regs_allocated : 2;
/* Set to zero when `regex_compile' compiles a pattern; set to one
by `re_compile_fastmap' if it updates the fastmap. */
unsigned fastmap_accurate : 1;
/* If set, `re_match_2' does not return information about
subexpressions. */
unsigned no_sub : 1;
/* If set, a beginning-of-line anchor doesn't match at the
beginning of the string. */
unsigned not_bol : 1;
/* Similarly for an end-of-line anchor. */
unsigned not_eol : 1;
/* If true, an anchor at a newline matches. */
unsigned newline_anchor : 1;
/* [[[end pattern_buffer]]] */
};
typedef struct re_pattern_buffer regex_t;
/* search.c (search_buffer) in Emacs needs this one opcode value. It is
defined both in `regex.c' and here. */
#define RE_EXACTN_VALUE 1
/* Type for byte offsets within the string. POSIX mandates this. */
typedef int regoff_t;
/* This is the structure we store register match data in. See
regex.texinfo for a full description of what registers match. */
struct re_registers
{
unsigned num_regs;
regoff_t *start;
regoff_t *end;
};
/* If `regs_allocated' is REGS_UNALLOCATED in the pattern buffer,
`re_match_2' returns information about at least this many registers
the first time a `regs' structure is passed. */
#ifndef RE_NREGS
#define RE_NREGS 30
#endif
/* POSIX specification for registers. Aside from the different names than
`re_registers', POSIX uses an array of structures, instead of a
structure of arrays. */
typedef struct
{
regoff_t rm_so; /* Byte offset from string's start to substring's start. */
regoff_t rm_eo; /* Byte offset from string's start to substring's end. */
} regmatch_t;
/* Declarations for routines. */
/* To avoid duplicating every routine declaration -- once with a
prototype (if we are ANSI), and once without (if we aren't) -- we
use the following macro to declare argument types. This
unfortunately clutters up the declarations a bit, but I think it's
worth it. */
#if __STDC__
#define _RE_ARGS(args) args
#else /* not __STDC__ */
#define _RE_ARGS(args) ()
#endif /* not __STDC__ */
/* Sets the current default syntax to SYNTAX, and return the old syntax.
You can also simply assign to the `re_syntax_options' variable. */
extern reg_syntax_t re_set_syntax _RE_ARGS ((reg_syntax_t syntax));
/* Compile the regular expression PATTERN, with length LENGTH
and syntax given by the global `re_syntax_options', into the buffer
BUFFER. Return NULL if successful, and an error string if not. */
extern const char *re_compile_pattern
_RE_ARGS ((const char *pattern, int length,
struct re_pattern_buffer *buffer));
/* Compile a fastmap for the compiled pattern in BUFFER; used to
accelerate searches. Return 0 if successful and -2 if was an
internal error. */
extern int re_compile_fastmap _RE_ARGS ((struct re_pattern_buffer *buffer));
/* Search in the string STRING (with length LENGTH) for the pattern
compiled into BUFFER. Start searching at position START, for RANGE
characters. Return the starting position of the match, -1 for no
match, or -2 for an internal error. Also return register
information in REGS (if REGS and BUFFER->no_sub are nonzero). */
extern int re_search
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
int length, int start, int range, struct re_registers *regs));
/* Like `re_search', but search in the concatenation of STRING1 and
STRING2. Also, stop searching at index START + STOP. */
extern int re_search_2
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
int length1, const char *string2, int length2,
int start, int range, struct re_registers *regs, int stop));
/* Like `re_search', but return how many characters in STRING the regexp
in BUFFER matched, starting at position START. */
extern int re_match
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string,
int length, int start, struct re_registers *regs));
/* Relates to `re_match' as `re_search_2' relates to `re_search'. */
extern int re_match_2
_RE_ARGS ((struct re_pattern_buffer *buffer, const char *string1,
int length1, const char *string2, int length2,
int start, struct re_registers *regs, int stop));
/* Set REGS to hold NUM_REGS registers, storing them in STARTS and
ENDS. Subsequent matches using BUFFER and REGS will use this memory
for recording register information. STARTS and ENDS must be
allocated with malloc, and must each be at least `NUM_REGS * sizeof
(regoff_t)' bytes long.
If NUM_REGS == 0, then subsequent matches should allocate their own
register data.
Unless this function is called, the first search or match using
PATTERN_BUFFER will allocate its own register data, without
freeing the old data. */
extern void re_set_registers
_RE_ARGS ((struct re_pattern_buffer *buffer, struct re_registers *regs,
unsigned num_regs, regoff_t *starts, regoff_t *ends));
/* 4.2 bsd compatibility. */
extern char *re_comp _RE_ARGS ((const char *));
extern int re_exec _RE_ARGS ((const char *));
/* POSIX compatibility. */
extern int regcomp _RE_ARGS ((regex_t *preg, const char *pattern, int cflags));
extern int regexec
_RE_ARGS ((const regex_t *preg, const char *string, size_t nmatch,
regmatch_t pmatch[], int eflags));
extern size_t regerror
_RE_ARGS ((int errcode, const regex_t *preg, char *errbuf,
size_t errbuf_size));
extern void regfree _RE_ARGS ((regex_t *preg));
#endif /* not __REGEXP_LIBRARY_H__ */
/*
Local variables:
make-backup-files: t
version-control: t
trim-versions-without-asking: nil
End:
*/
extras/security/apparmor/unrealircd
+4 -3
View File
@@ -1,9 +1,9 @@
# AppArmor profile for UnrealIRCd 6
# AppArmor profile for UnrealIRCd 4.0.16+
#
# Note that you may still see some DENIED warnings in logs with
# operation="chmod". These are harmless and can be safely ignored.
#
# Tested on Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS
# Tested on Ubuntu 16.04 LTS and Ubuntu 18.04 LTS
#
# IMPORTANT: you will have to modify the path to executable below
# if it's not /home/ircd/unrealircd/bin/unrealircd !
@@ -17,7 +17,8 @@
@{HOME}/unrealircd/conf/ r,
@{HOME}/unrealircd/conf/** r,
@{HOME}/unrealircd/data/** rw,
@{HOME}/unrealircd/data/ircd.tune rw,
@{HOME}/unrealircd/data/unrealircd.pid rw,
@{HOME}/unrealircd/lib/*.so* mr,
@{HOME}/unrealircd/logs/* rw,
@{HOME}/unrealircd/modules/**.so r,
extras/startup/unrealircd.service
-41
View File
@@ -1,41 +0,0 @@
# Systemd service for UnrealIRCd
# To use this:
# 1) Adjust user/group/paths under [Service] if needed.
# 2) Then run the following commands as root:
# cp -av unrealircd.service /etc/systemd/system/
# systemctl daemon-reload
# systemctl enable unrealircd.service
# systemctl start unrealircd.service
[Unit]
Description=UnrealIRCd
Documentation=https://www.unrealircd.org/
Description=UnrealIRCd IRC Server
After=network-online.target
Wants=network-online.target
[Service]
# If needed, change 'ircd' to your unrealircd user and adjust paths:
User=ircd
Group=ircd
ExecStart=/home/ircd/unrealircd/bin/unrealircd -F
# These settings should be fine for everyone
Type=simple
Restart=on-failure
RestartSec=5s
LimitNOFILE=65536
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
NoNewPrivileges=true
PrivateTmp=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
LockPersonality=true
MemoryDenyWriteExecute=true
RestrictRealtime=true
ProtectSystem=strict
[Install]
WantedBy=default.target
extras/startup/unrealircd_user.service
-37
View File
@@ -1,37 +0,0 @@
# Systemd service for UnrealIRCd (user service)
#
# This is the USER service. You can use this if you don't have root
# on the machine (otherwise, people usually use the other
# unrealircd.service system unit instead).
#
# To install:
# 1) Adjust the ExecStart= line below, if your unrealircd isn't
# installed in ~/unrealircd/
# 2) Then run the following commands (as a regular user):
# loginctl enable-linger
# mkdir -p ~/.config/systemd/user
# cp unrealircd_user.service ~/.config/systemd/user/unrealircd.service
# systemctl --user daemon-reload
# systemctl --user enable unrealircd.service
# systemctl --user start unrealircd.service
[Unit]
Description=UnrealIRCd
Documentation=https://www.unrealircd.org/
Description=UnrealIRCd IRC Server (user service)
After=network-online.target
Wants=network-online.target
[Service]
# Adjust this if unrealircd is installed somewhere else:
ExecStart=%h/unrealircd/bin/unrealircd -F
Type=simple
Restart=on-failure
RestartSec=5s
LimitNOFILE=65536
ExecReload=/bin/kill -HUP $MAINPID
ExecStop=/bin/kill -TERM $MAINPID
[Install]
WantedBy=default.target
extras/tests/functional-tests
Submodule
+1
Submodule extras/tests/functional-tests added at 700403adcf
extras/tests/ircfly
Submodule
+1
Submodule extras/tests/ircfly added at 3a0301d13f

Some files were not shown because too many files have changed in this diff Show More