Commit graph

604 commits

Author SHA1 Message Date
jess
40ecb85a1d
add ConfigFileEntry.oper_secure_only, to require TLS to oper up (#76) 2020-11-18 14:29:08 +00:00
Ed Kellett
6485005214 Get rid of hub_mask/leaf_mask 2020-11-14 18:22:08 +00:00
Ed Kellett
e5e814b3db Use opernames not servernames for remote opers 2020-11-13 23:30:04 +00:00
Doug Freed
99b8e2feea s_serv: refactor burst_modes_TS6 to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
e51d9a67be names: refactor to use multiline 2020-11-12 19:18:01 -05:00
Doug Freed
8efff56fdf send: add sendto_one_multiline_* API
Allows simplifying multiline wrapping for multiple usages, like CAP
LS/LIST, NAMES, and WHOIS channel listing
2020-11-12 19:18:01 -05:00
jesopo
f0356d2a6f iter lists backwards when sending BMASK 2020-11-12 21:34:21 +00:00
Ed Kellett
1596fc8ffd Forget the old drain reason when rehashing 2020-11-09 21:10:55 +00:00
Ed Kellett
63ab1dd609 Add general::stats_l_oper_only 2020-11-08 19:38:19 +00:00
jess
a922755512
make more snotes L_NETWIDE 2020-11-08 14:30:41 -05:00
Eric Mertens
d295a3986d
Stop using chm_nosuch as a sentinel value (#53)
Remove chmode compat modules

This removes the need for chm_nosuch as well. Unknown mode detection happens in mode parsing now.
2020-11-08 09:50:17 -08:00
Ed Kellett
6ac21a70e2 Add general::hidden_caps 2020-11-08 14:08:38 +00:00
Eric Mertens
8e1bdeda92
Resolve shfit/reduce conflict in timespec production (#54)
Resolve shfit/reduce conflict in timespec production (no operational change)
2020-11-07 19:54:25 -08:00
Eric Mertens
92c6e47b4a
Clean up duplication in ChannelModeFunc prototypes (#52) 2020-11-07 16:45:12 -08:00
Ed Kellett
047b56e70e chmode: Generate a canonical mode string
Primarily because I want to use it in tests, but it also means people
reading override snotes don't have as much mental overhead. I hope.
2020-11-08 00:26:27 +00:00
Ed Kellett
ea41b24fd4 chmode: Get elevated access for op-only queries 2020-11-08 00:26:27 +00:00
Ed Kellett
04952c32ad Rework channel mode handling
Incoming MODE processing is split into a parsing step and an execution
step, instead of a mode's effector function being involved in its own
parsing. Modes can no longer use custom logic to control their parsing,
and instead supply a combination of CHM_* flags to the parser. As a
result, we know before we try to effect any mode changes what all of
them will be.

The reauthorize hack for override is no longer necessary. A side effect
of its introduction was that `MODE #foo b x!y@z` no longer worked; in
removing it we restore that behaviour.

We gain the ability to reject various invalid inputs that:
- mutate or query unknown modes
- supply excess mode arguments
- query modes that can't be queried

In each case, whether we *should* reject it is an open question; for now
I'm rejecting the first one.
2020-11-08 00:26:27 +00:00
Ed Kellett
b5c8d52d82 chmode: Make mode table manageable 2020-11-08 00:26:27 +00:00
Ed Kellett
5409fbc0f7 Mark fake test clients, don't assert they're real 2020-11-01 04:33:30 +00:00
Ed Kellett
f57d88bc71 Remove shared blocks 2020-11-01 04:20:44 +00:00
Ed Kellett
c1f9603bba Add a comment explaining match_arrange_stars 2020-10-31 17:00:25 +00:00
Ed Kellett
7741039058 match: assert mask_match mask is not too long 2020-10-31 17:00:25 +00:00
Ed Kellett
57fbf05388 Fix a corner case of superset matching
The algorithm we're using gets stuck if it has a ? and can only see a *
to feed to it, even if it could skip over that * and consume a character
following it. Remedy this by rearranging the input so * always precedes
? in runs of wildcards, so when we're matching ? we know we can skip
things.
2020-10-31 17:00:25 +00:00
Ed Kellett
625cbb195b Refactor clear_out_address_conf* 2020-10-31 16:00:02 +00:00
Ed Kellett
35eccf4930 Rename UMODE_SSLCLIENT, IsSSLClient 2020-10-31 16:00:02 +00:00
Ed Kellett
1cf798beb1 Add secure{} blocks 2020-10-31 16:00:02 +00:00
Ed Kellett
bbdc439aa3 Replace IsInsecure with IsSecure 2020-10-31 16:00:02 +00:00
Ed Kellett
1a16d47edb authproc: Don't try to notice dead clients 2020-10-28 21:34:56 +00:00
Ed Kellett
71f10f833f Add a cap_change hook 2020-10-24 16:19:52 +01:00
Ed Kellett
738b5d291e Mint CLICAP_FLAGS_PRIORITY 2020-10-19 19:30:43 -04:00
Ed Kellett
e8a8d7a440 Refactor common channel iteration 2020-10-19 20:15:26 +01:00
Ed Kellett
5e413b1372 Use linear channel list comparisons 2020-10-19 20:15:26 +01:00
Ed Kellett
25365ce716 Keep client channel lists sorted 2020-10-19 20:15:26 +01:00
Ed Kellett
255233fce9 channel: tell extbans in +e they're exceptions 2020-10-19 01:07:16 +01:00
Ed Kellett
7c7065b07e Add class::max_autoconn configuration 2020-10-18 20:03:05 +01:00
Ed Kellett
94613c78b6 Implement the solanum.chat/identify-msg vendor cap 2020-10-16 21:47:38 +01:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
Ariadne Conill
f5d60bb5cd chmode: use NULL for priv argument when auspex:cmodes priv is not needed
Otherwise, sendto_channel_local_priv() will only distribute mode changes
to opers only.  This is because HasPrivilege(target_p, "") will evaluate
as false due to the target not being opered.

Thanks to Devin Brown for bisecting this issue.
2020-09-09 12:10:11 -06:00
Aaron Jones
59cfd72e68
Merge pull request #355 from edk0/kline-cidr
Improve [kd]line handling of invalid IP-like masks
2020-08-06 09:17:00 +00:00
Ed Kellett
848df803df
Add usermode:servnotice priv 2020-08-04 22:58:31 +01:00
Ed Kellett
d3fd88a406
Send hidden mode changes to auspex:cmodes 2020-08-04 22:58:30 +01:00
Ed Kellett
076973363a
chmode: priv checks only for local clients 2020-08-04 22:58:30 +01:00
Ed Kellett
458c853869
Add auspex:hostname 2020-08-04 22:58:30 +01:00
Ed Kellett
74434cf81e
Add auspex:umodes 2020-08-04 22:58:30 +01:00
Ed Kellett
cc61cadade
Add auspex:cmodes 2020-08-04 22:58:30 +01:00
Ed Kellett
80303ab70e
chm_staff: use oper:cmodes, don't check op status 2020-08-04 22:58:30 +01:00
Ed Kellett
d4f7eb4ce6
Replace most checks for +o with oper:general
I'm preparing to PR a succession of privs changes with the ultimate goal
of severely limiting the scope of the binary oper/user dichotomy and
move conceptually distinct oper functions into their own privs.

Accomplishing this is a non-trivial task, and can wait, but it's
inconvenient now to have such functions enabled by the same mechanism
that grants any privs at all--so I'm moving all of them to a
transitional priv with the intention of eroding that later.
2020-08-04 22:58:30 +01:00
Ed Kellett
9ea60637cd
Add tests for parse_netmask 2020-07-26 22:03:20 +01:00
Ed Kellett
7d9e8e9d77
Add error handling to parse_netmask() 2020-07-26 22:03:06 +01:00
Ariadne Conill
8906ffd1b7 supported: make isupport_umode() public 2020-07-09 16:06:33 -06:00
Ariadne Conill
303e85c59e remove callerid definitions 2020-07-09 16:06:33 -06:00
Simon Arlott
ac09f70838
Merge remote-tracking branch 'ophion/upstream/dnsbl-rename' 2020-07-09 20:53:38 +01:00
Aaron Jones
860d2381cf
Merge pull request #345 from edk0/alias
m_alias: Preserve protocol framing characters
2020-07-07 09:16:38 +00:00
Aaron Jones
e241d7979c
Merge pull request #346 from edk0/opmod-as-statusmsg
Port opmod_send_cprivmsg from ircd-seven, sans naming mistake
2020-07-06 10:52:15 +00:00
Janik Kleinhoff
04e5ed6c57
Make 5614c9e6f0b (opmod as fake statusmsg) optional
This adds a channel { ... } option, opmod_send_statusmsg, disabled by
default for compatibility reasons.
2020-07-06 10:36:35 +01:00
Ariadne Conill
7f24f506e0 newconf: deprecate blacklist{} blocks, replace with dnsbl{} blocks. 2020-07-05 21:20:32 -06:00
Ariadne Conill
3321eef45a ircd: rename DNSBL entries from blacklist to dnsbl_entry. 2020-07-05 21:20:31 -06:00
Ed Kellett
fff4f76353
Add general::tls_ciphers_oper_only 2020-07-05 23:06:51 +01:00
Mike Quin
09bb659680
add @ prefix to op-moderated (+z) messages to distinguish them from regular channel traffic 2020-07-05 19:09:47 +01:00
Ed Kellett
4e14f9a413
m_alias: Preserve protocol framing characters 2020-07-05 01:15:03 +01:00
Aaron Jones
f598ba3857
ircd/modules.c: complain to foreground if unable to locate module
Without this a conftest user has no idea whether the module path
is correct or not.

[ci skip]
2020-07-04 02:14:33 +00:00
Doug Freed
eed4099e07 Actually use modules' declared hook priorities 2020-07-01 19:43:48 +00:00
Ariadne Conill
968dee680f modularize usermode +R (registered users only) 2020-06-26 11:56:42 -06:00
Aaron Jones
54a7996604
Merge pull request #328 from edk0/capability-put-ownerdata
capability: accept new ownerdata for existing caps
2020-06-25 17:35:44 +00:00
Aaron Jones
17dc265c9d
Merge pull request #329 from edk0/reload-by-path
Reload modules by path
2020-06-25 17:32:58 +00:00
Aaron Jones
3ef1213be4
Merge pull request #335 from edk0/post-registration-delay
Import post_registration_delay from ircd-seven
2020-06-21 12:56:56 +00:00
Aaron Jones
03c167e03b
Merge pull request #330 from edk0/caps-before-init
modules: create caps before mapi_register()
2020-06-10 15:03:57 +00:00
Aaron Jones
64e6d3b9cd
Merge pull request #321 from edk0/hook-priorities
Simple hook priority system
2020-06-10 14:49:59 +00:00
Ed Kellett
4a8df5edc5
ircd_parser: free the ends of ranges after use 2020-06-07 23:33:59 +01:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time. 2020-06-07 19:22:36 +01:00
Stephen Bennett
2d6562846f
Initial attempt at the conndelay hack 2020-06-07 19:22:36 +01:00
Ed Kellett
33c0142671
modules: create caps before mapi_register() 2020-06-02 18:35:50 +01:00
Ed Kellett
df7e3dabce
Reload modules by path 2020-06-02 16:17:26 +01:00
Ed Kellett
1e221ac32e
capability: accept new ownerdata for existing caps 2020-06-02 16:14:27 +01:00
Ed Kellett
c6b2dacad4
hook: Use old insertion order for equal priority 2020-05-01 22:22:32 +01:00
Ed Kellett
c500b0bdb5
Add priorities to some hooks 2020-05-01 17:47:14 +01:00
Ed Kellett
91b1278224
Implement hook priorities 2020-05-01 17:44:15 +01:00
Ed Kellett
40e76ac76c
Handle kline_spoof_ip in check_one_kline 2020-04-20 11:10:39 +01:00
Ed Kellett
67e05d5b67
Add an iline flag to match klines by spoof only 2020-04-20 11:10:39 +01:00
Aaron Jones
2c11ccb99e
Merge pull request #313 from edk0/spoof-chban
Don't match iline-spoofed IPs for channel bans
2020-04-19 12:11:19 +00:00
Ed Kellett
485d245ec0
Add ipv4-in-ipv6 logic to check_one_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
9274c0f3f4
Align check_one_kline better with find_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
de0673d7ad
Move ipv4-in-ipv6 handling to find_conf_by_address
This removes some inconsistencies: first of all it applies to both
CONF_KILL searches by IP in find_address_conf, and secondly it applies
to find_kline, which would have been an edge case before.
2020-04-19 11:53:38 +01:00
Ed Kellett
f53d2f45de
Refactor check_one_kline a tiny bit 2020-04-19 01:45:33 +01:00
Ed Kellett
55ed78dab1
Don't match iline-spoofed IPs for channel bans 2020-04-12 12:35:18 +01:00
Ed Kellett
a7d4a0ab81
Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
Ed Kellett
6cd12661af
reject: reorder to avoid leaks 2020-01-03 17:07:25 +00:00
Ed Kellett
b9c43bc08a
reject: Don't reject for expired K-lines 2020-01-03 16:24:36 +00:00
Aaron Jones
28e12fad3c
Merge pull request #297 from bmwiedemann/date
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
2020-01-02 20:29:13 +00:00
Aaron Jones
1a7927bb87
Merge pull request #303 from edk0/modreload-uaf
modules: fix use-after-free when reloading
2020-01-02 17:24:44 +00:00
Ed Kellett
6aa5c725ff
modules: fix use-after-free when reloading 2020-01-02 16:45:15 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
to make the package build reproducible by default without
everyone having to discover the custom variable.

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00