#!/bin/sh PID_FILE="@PIDFILE@" PID_BACKUP="@PIDFILE@.bak" BINDIR="@BINDIR@" UNREALIRCDCTL="$BINDIR/unrealircdctl" IRCD="$BINDIR/unrealircd" BUILDDIR="@BUILDDIR@" CONFDIR="@CONFDIR@" TMPDIR="@TMPDIR@" SCRIPTDIR="@SCRIPTDIR@" MODULESDIR="@MODULESDIR@" DOCDIR="@DOCDIR@" OPENSSLPATH="@OPENSSLPATH@" # When built with --with-asan, ASan does not dump core by default because # older gcc/clang might dump a 16TB core file. We explicitly enable it here. export ASAN_OPTIONS="abort_on_error=1:disable_coredump=0:unmap_shadow_on_exit=1:log_path=$TMPDIR/unrealircd_asan:detect_leaks=0" if [ "$1" != "mkcert" ] && [ ! -f $IRCD ]; then echo "ERROR: Could not find the IRCd binary ($IRCD)" echo "This could mean two things:" echo "1) You forgot to run 'make install' after running 'make'" echo "2) You answered a ./Config question incorrectly" exit fi if [ ! -d "$TMPDIR" ]; then mkdir "$TMPDIR" fi # First a check if running through systemd or similar: if [ "$1" = "start" -o "$1" = "stop" -o "$1" = "restart" ]; then if [ ! -r "$PID_FILE" ] ; then if $UNREALIRCDCTL status 1>/dev/null 2>&1; then echo "UnrealIRCd is running but does not have a PID File." echo "Is UnrealIRCd running through systemd? Then you should not use the ./unrealircd [start|stop|restart] commands!" if systemctl --user status unrealircd.service 1>/dev/null 2>&1; then echo "Instead, run: systemctl --user [start|stop|restart] unrealircd" else echo "Instead, run (as root or via sudo): systemctl [start|stop|restart] unrealircd" fi exit 1 fi fi fi if [ "$1" = "start" ] ; then if [ -r "$PID_FILE" ] ; then if kill -CHLD `cat "$PID_FILE"` 1>/dev/null 2>&1; then if $UNREALIRCDCTL status 1>/dev/null 2>&1; then echo "UnrealIRCd is already running (PID `cat "$PID_FILE"`)." echo "To restart UnrealIRCd, use: $0 restart" exit 1 fi fi fi if [ -r "$PID_FILE" ] ; then mv -f "$PID_FILE" "$PID_BACKUP" fi # Check if ~/Unrealxxx/unrealircd.conf exists but the file # ~/unrealircd/conf/unrealircd.conf does not. # If so, then assume a user-build and give the user a nice hint... if [ ! -f $CONFDIR/unrealircd.conf -a -f $BUILDDIR/unrealircd.conf ]; then echo "" echo "There is no unrealircd.conf in $CONFDIR" echo "However I did find an unrealircd.conf in $BUILDDIR" echo "With UnrealIRCd 4 you should no longer run the IRCd from $BUILDDIR." echo "You should 'cd $SCRIPTDIR' and work from there." echo "See https://www.unrealircd.org/docs/UnrealIRCd_files_and_directories" exit 1 fi if [ ! -f $CONFDIR/unrealircd.conf ]; then echo "" echo "The configuration file does not exist ($CONFDIR/unrealircd.conf)." echo "Create one using the example configuration file, see the documentation:" echo "https://www.unrealircd.org/docs/Installing_from_source#Creating_a_configuration_file" exit 1 fi echo "Starting UnrealIRCd" $IRCD if [ $? -ne 0 ] ; then if [ -r "$PID_BACKUP" ] ; then mv -f "$PID_BACKUP" "$PID_FILE" fi # Try to be helpful... if ldd $IRCD 2>&1|grep -qF '=> not found'; then echo "========================================================" echo "UnrealIRCd failed to start due to missing libraries." echo "Maybe you need to recompile UnrealIRCd? See" echo "https://www.unrealircd.org/docs/FAQ#shared-library-error" echo "========================================================" else echo "=====================================================" echo "UnrealIRCd failed to start. Check above for possible errors." echo "If you don't understand the problem, then have a look at our:" echo "* FAQ (Frequently Asked Questions): https://www.unrealircd.org/docs/FAQ" echo "* Documentation: https://www.unrealircd.org/docs/" echo "=====================================================" fi exit 1 fi # Now check if we need to create a crash report. $IRCD -R elif [ "$1" = "stop" ] ; then echo -n "Stopping UnrealIRCd" if [ ! -r "$PID_FILE" ] ; then echo echo "ERROR: UnrealIRCd is not running" exit 1 fi kill -15 `cat "$PID_FILE"` if [ "$?" != 0 ]; then echo echo "ERROR: UnrealIRCd is not running" rm -f "$PID_FILE" exit 1 fi # Wait for UnrealIRCd to terminate, but wait 10 seconds max n="0" while [ "$n" -lt 10 ] do echo -n "." if [ ! -r "$PID_FILE" ] ; then break fi if ! kill -0 `cat "$PID_FILE"`; then break fi n=`expr $n + 1` sleep 1 done echo # In case it is still running, kill it for good. if [ -r "$PID_FILE" ] ; then kill -9 `cat "$PID_FILE"` 1>/dev/null 2>&1 fi elif [ "$1" = "rehash" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "status" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "module-status" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "reloadtls" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "restart" ] ; then echo "Validating configuration..." TMPF="$TMPDIR/configtest.txt" if ! $0 configtest 1>$TMPF 2>&1; then cat $TMPF rm -f $TMPF echo "" echo "Configuration test failed. Server is NOT restarted." exit 1 fi echo "Configuration test OK." $0 stop $0 start elif [ "$1" = "croncheck" ] ; then if [ -r "$PID_FILE" ] ; then kill -CHLD `cat "$PID_FILE"` 1>/dev/null 2>&1 if [ "$?" = 0 ]; then # IRCd is running, bail out silently. exit 0 fi fi # PID file not found or found but stale echo "UnrealIRCd is not running. Starting now..." $0 start elif [ "$1" = "configtest" ] ; then $IRCD -c elif [ "$1" = "module" ] ; then shift $IRCD -m $* elif [ "$1" = "mkpasswd" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "version" ] ; then $IRCD -v elif [ "$1" = "gencloak" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "backtrace" ] ; then cd $TMPDIR # Find the corefile echo "Core files available:" n="0" for i in `echo *core*` do ls -l $i n=`expr $n + 1` done if [ "$n" -gt 1 ]; then echo "Type the name of the core file you want to research:" read corefile elif [ "$i" = "*core*" -o "$n" -eq 0 ]; then echo 'No core files found... Nothing to do' echo '' echo 'If you are sure UnrealIRCd crashed, then verify that unreal' echo 'has permission to dump core (type "ulimit -c unlimited" and see' echo 'if you get permission denied errors). Also verify that you did' echo 'not run out of quota.' echo 'If all that is ok, then it might be that UnrealIRCd did not crash but' echo 'got killed by the OS (eg: cpu/mem resource limits), the syadmin,' echo 'or an automated process.' exit 1 else corefile="$i" fi if [ ! -f "$corefile" ]; then echo "Core file '$corefile' not found" fi if [ ! -s "$corefile" ]; then echo 'Seems the corefile is 0 bytes' echo 'This usually means you need to relax the core file resource limit' echo '(type "ulimit -c unlimited"), or you might have ran out of quota.' exit 1 fi # This is needed for the script below and is probably also helpful for the # bug report since you usually want to paste this to the development team. export LANG=C export LC_ALL=C # The tmp/*.so files are often already deleted. Here we have some # (ugly) scripting to recreate the tmp/*.so links to the modules *.so files... echo 'info sharedlibrary'|gdb $IRCD $corefile 2>/dev/null|\ grep No|grep tmp/|awk '{ print $2 }'|\ awk -F '.' "{ system(\"[ -f $MODULESDIR/\" \$2 \"/\" \$3 \".so ] && ln -s $MODULESDIR/\" \$2 \"/\" \$3 \".so \" \$0 \" || ln -s $MODULESDIR/\" \$2 \".so \" \$0) }" echo "" echo "=================== START HERE ======================" echo "BACKTRACE:" cat >$TMPDIR/gdb.commands << __EOF__ bt echo \n frame echo \n x/s backupbuf echo \n bt 3 full quit __EOF__ gdb -batch -x $TMPDIR/gdb.commands $IRCD $corefile rm -f $TMPDIR/gdb.commands echo "GCC: `gcc -v 2>&1|tail -n 1`" echo "UNAME: `uname -a`" echo "UNREAL: `$0 version`" echo "CORE: `ls -al $corefile`" echo "=================== STOP HERE ======================" echo "" echo "Copy the parts between the START HERE and STOP HERE marker" echo "and report it on https://bugs.unrealircd.org/" echo "" echo 'But before you do, note the following:' echo '1. We do not support modifications of any unrealircd code' echo ' (except for config.h changes).' echo '2. If you are using 3rd party modules we might request you' echo ' to run without them and verify you still crash. This is' echo ' to eleminate any loss of time due to bugs made by others' echo '3. Use a reasonably recent UnrealIRCd version. We fix (crash)bugs' echo ' all the time so your bug might as well be fixed already.' echo "" echo "Thanks!" elif [ "$1" = "spki" -o "$1" = "spkifp" ] ; then $UNREALIRCDCTL $* elif [ "$1" = "mkcert" ] ; then TLSDIR="$CONFDIR/tls" KEY="$TLSDIR/server.key.pem" CERT="$TLSDIR/server.cert.pem" # Locate the OpenSSL configuration template. After 'make install' it # lives in the TLS directory. During initial setup (./Config), before # 'make install' has run, we use the copy in the source directory. if [ -f "$TLSDIR/tls.cnf" ]; then CNF="$TLSDIR/tls.cnf" elif [ -f "$BUILDDIR/doc/conf/tls/tls.cnf" ]; then CNF="$BUILDDIR/doc/conf/tls/tls.cnf" else echo "ERROR: Could not find the OpenSSL template tls.cnf" echo "(Neither $TLSDIR/tls.cnf nor $BUILDDIR/doc/conf/tls/tls.cnf exists)" exit 1 fi if [ ! -d "$TLSDIR" ]; then mkdir -p "$TLSDIR" || exit 1 chmod 0700 "$TLSDIR" fi REPLACED=0 if [ -f "$CERT" ] || [ -f "$KEY" ]; then echo "This command will replace your existing server certificate and key." echo "(in $TLSDIR)" echo -n "Do you wish to proceed? [Y|N] " read answer case "$answer" in [Yy]*) ;; *) echo "Aborted." exit 1 ;; esac REPLACED=1 fi # Keep a backup of the previous certificate and key, so it can be # restored if the newly generated one turns out to be unsuitable. if [ "$REPLACED" = 1 ]; then for f in "$KEY" "$CERT"; do if [ -f "$f" ]; then cp -p "$f" "$f.old" fi done fi # Make sure the private key is not briefly world/group readable while # it is being generated. umask 077 echo "Generating server key..." "$OPENSSLPATH" ecparam -out "$KEY" -name secp384r1 -genkey || exit 1 echo "Generating self-signed certificate..." "$OPENSSLPATH" req -new -x509 -key "$KEY" -config "$CNF" -days 3650 -sha256 -out "$CERT" || exit 1 echo "Setting permissions on server.*.pem files..." chmod o-rwx "$KEY" "$CERT" chmod g-rwx "$KEY" "$CERT" echo "" echo "A new self-signed certificate and key have been generated in $TLSDIR" if [ "$REPLACED" = 1 ]; then echo "Your previous certificate and key were backed up with a .old suffix." fi echo "Note: the SPKI fingerprint has changed. If other servers link to you and" echo " verify a fingerprint, you need to update the link { } block on their side." echo "If UnrealIRCd is currently running, load the new certificate with:" echo " $0 reloadtls" elif [ "$1" = "hot-patch" -o "$1" = "cold-patch" ] ; then if [ ! -d "$BUILDDIR" ]; then echo "UnrealIRCd source not found. Sorry, it is not possible to patch." exit 1 fi if [ "$2" = "" ]; then echo "Argument required: ./unrealircd " exit 1 fi if ! wget --help 1>/dev/null 2>&1; then echo "The tool 'wget' is missing, which is used by this script." echo "On Linux consider running 'apt install wget' or a similar command." exit 1 fi cd "$BUILDDIR" || exit 1 # Weird way to get version, but ok. UNREALVER="`./configure --version|head -n1|awk '{ print $3 }'`" wget -O patch "https://www.unrealircd.org/patch?type=$1&patch=$2&version=$UNREALVER" || exit 1 # A patch file of 0 bytes means the patch is not needed if [ -f patch -a ! -s patch ]; then echo "This UnrealIRCd version does not require that patch" exit 1 fi wget -O patch.asc "https://www.unrealircd.org/patch?type=$1&patch=$2&version=$UNREALVER&sig=1" || exit 1 # GPG verification - if available if gpg --version 1>/dev/null 2>&1; then if [ -f "$DOCDIR/KEYS" ]; then gpg --import "$DOCDIR/KEYS" echo if gpg --batch --exit-on-status-write-error --verify patch.asc patch; then echo "GPG: Verification succeeded. Patch file is genuine." export NOGPG=0 else echo "" echo "[!!!] WARNING: GPG/PGP verification of patch file failed. This could be a security issue." echo "Check https://www.unrealircd.org/docs/FAQ#upgrade-verify-failed !" echo "Type 'IGNORE' in uppercase to continue if you think it is safe." echo "Type anything else to abort." read answer if [ "$answer" != "IGNORE" ]; then exit 1 fi export NOGPG=1 fi else echo "" echo "WARNING: Unable to check integrity of patch file with GPG/PGP. Missing $DOCDIR/KEYS file." echo "This is for your information only. It is possible to continue." echo "Press ENTER to continue, or CTRL+C to abort." echo "If in doubt, see https://www.unrealircd.org/docs/FAQ#upgrade-verify-failed" export NOGPG=1 fi else echo "WARNING: The GnuPG (GPG/PGP) verification tool 'gpg' is not installed." echo "Consider running 'sudo apt install gpg' or 'yum install gnupg2' on Linux," echo "or 'sudo pkg install gnupg' on FreeBSD." echo "When 'gpg' is installed then the UnrealIRCd patch script can" echo "verify the digital signature of the download file." export NOGPG=1 fi echo "" echo "" if patch --dry-run -p1 -R /dev/null 2>&1; then echo "Patch already applied. Nothing to do." exit 1 fi if ! patch --dry-run -p1 -N /dev/null 2>&1; then echo "Patch failed to apply (no files changed)" exit 1 fi if ! patch -p1