Commit graph

496 commits

Author SHA1 Message Date
Ariadne Conill
7f24f506e0 newconf: deprecate blacklist{} blocks, replace with dnsbl{} blocks. 2020-07-05 21:20:32 -06:00
Ariadne Conill
3321eef45a ircd: rename DNSBL entries from blacklist to dnsbl_entry. 2020-07-05 21:20:31 -06:00
Aaron Jones
f598ba3857
ircd/modules.c: complain to foreground if unable to locate module
Without this a conftest user has no idea whether the module path
is correct or not.

[ci skip]
2020-07-04 02:14:33 +00:00
Doug Freed
eed4099e07 Actually use modules' declared hook priorities 2020-07-01 19:43:48 +00:00
Ariadne Conill
968dee680f modularize usermode +R (registered users only) 2020-06-26 11:56:42 -06:00
Aaron Jones
54a7996604
Merge pull request #328 from edk0/capability-put-ownerdata
capability: accept new ownerdata for existing caps
2020-06-25 17:35:44 +00:00
Aaron Jones
17dc265c9d
Merge pull request #329 from edk0/reload-by-path
Reload modules by path
2020-06-25 17:32:58 +00:00
Aaron Jones
3ef1213be4
Merge pull request #335 from edk0/post-registration-delay
Import post_registration_delay from ircd-seven
2020-06-21 12:56:56 +00:00
Aaron Jones
03c167e03b
Merge pull request #330 from edk0/caps-before-init
modules: create caps before mapi_register()
2020-06-10 15:03:57 +00:00
Aaron Jones
64e6d3b9cd
Merge pull request #321 from edk0/hook-priorities
Simple hook priority system
2020-06-10 14:49:59 +00:00
Ed Kellett
4a8df5edc5
ircd_parser: free the ends of ranges after use 2020-06-07 23:33:59 +01:00
Stephen Bennett
b3a0099139
Rename connect_delay to post_registration_delay. This matches the ircd-ratbox feature, and better describes what it actually is. Also make sure to set localClient->firsttime on registration, so that the delay counts from the right time. 2020-06-07 19:22:36 +01:00
Stephen Bennett
2d6562846f
Initial attempt at the conndelay hack 2020-06-07 19:22:36 +01:00
Ed Kellett
33c0142671
modules: create caps before mapi_register() 2020-06-02 18:35:50 +01:00
Ed Kellett
df7e3dabce
Reload modules by path 2020-06-02 16:17:26 +01:00
Ed Kellett
1e221ac32e
capability: accept new ownerdata for existing caps 2020-06-02 16:14:27 +01:00
Ed Kellett
c6b2dacad4
hook: Use old insertion order for equal priority 2020-05-01 22:22:32 +01:00
Ed Kellett
c500b0bdb5
Add priorities to some hooks 2020-05-01 17:47:14 +01:00
Ed Kellett
91b1278224
Implement hook priorities 2020-05-01 17:44:15 +01:00
Ed Kellett
40e76ac76c
Handle kline_spoof_ip in check_one_kline 2020-04-20 11:10:39 +01:00
Ed Kellett
67e05d5b67
Add an iline flag to match klines by spoof only 2020-04-20 11:10:39 +01:00
Aaron Jones
2c11ccb99e
Merge pull request #313 from edk0/spoof-chban
Don't match iline-spoofed IPs for channel bans
2020-04-19 12:11:19 +00:00
Ed Kellett
485d245ec0
Add ipv4-in-ipv6 logic to check_one_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
9274c0f3f4
Align check_one_kline better with find_kline 2020-04-19 11:53:38 +01:00
Ed Kellett
de0673d7ad
Move ipv4-in-ipv6 handling to find_conf_by_address
This removes some inconsistencies: first of all it applies to both
CONF_KILL searches by IP in find_address_conf, and secondly it applies
to find_kline, which would have been an edge case before.
2020-04-19 11:53:38 +01:00
Ed Kellett
f53d2f45de
Refactor check_one_kline a tiny bit 2020-04-19 01:45:33 +01:00
Ed Kellett
55ed78dab1
Don't match iline-spoofed IPs for channel bans 2020-04-12 12:35:18 +01:00
Ed Kellett
a7d4a0ab81
Centralise banmask matching logic 2020-04-12 12:35:18 +01:00
Ed Kellett
6cd12661af
reject: reorder to avoid leaks 2020-01-03 17:07:25 +00:00
Ed Kellett
b9c43bc08a
reject: Don't reject for expired K-lines 2020-01-03 16:24:36 +00:00
Aaron Jones
28e12fad3c
Merge pull request #297 from bmwiedemann/date
Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
2020-01-02 20:29:13 +00:00
Aaron Jones
1a7927bb87
Merge pull request #303 from edk0/modreload-uaf
modules: fix use-after-free when reloading
2020-01-02 17:24:44 +00:00
Ed Kellett
6aa5c725ff
modules: fix use-after-free when reloading 2020-01-02 16:45:15 +00:00
Ed Kellett
0a7faba63d
Remove from the list of propagated bans on expiry
Fixes a use-after-free introduced in 548e31d3b, which fixed a related
use-after-free introduced in a9536f755.
2020-01-02 00:03:06 +00:00
Ed Kellett
548e31d3bd
Fix a place aconfs could be freed while referenced
(not a bug until a9536f755 since bans were not referenced before)
2020-01-01 08:51:53 +00:00
Aaron Jones
5eb10743f9
Merge pull request #299 from edk0/tkline-reason
Add config option to hide durations of temporary K/D-lines
2019-12-31 08:00:24 +00:00
Ed Kellett
9914c013b4
Add general::hide_tkdline_duration 2019-12-31 01:56:01 +00:00
Ed Kellett
a9536f755c
reject: Remember and send reasons for rejections
rejectcache entries can now use either a K-line aconf or a static
string as a reason. This will be sent in a 465 numeric before the usual
ERROR. In the case of K-lines, it resembles the 465 you would have been
sent without being rejected:

; nc -s 127.6.6.6 127.0.0.1 5000
:staberinde.local 465 * :You are banned from this server- Temporary
    K-line 4320 min. - abc123 (2019/12/31 01.07)
ERROR :Closing Link: (*** Banned (cache))
; nc -s 127.128.0.0 127.0.0.1 5000
:staberinde.local 465 * :You are not authorised to use this server.
ERROR :Closing Link: (*** Banned (cache))
2019-12-31 01:35:31 +00:00
Bernhard M. Wiedemann
1b0319448c Set EXTERNAL_BUILD_TIMESTAMP from SOURCE_DATE_EPOCH
to make the package build reproducible by default without
everyone having to discover the custom variable.

See https://reproducible-builds.org/ for why this is good
and https://reproducible-builds.org/specs/source-date-epoch/
for the definition of this variable.

This code assigns the plain integer to keep the code simple.
Otherwise we would have to deal with differences between GNU date
and BSD date or include extra build deps like perl or python.
2019-12-06 18:32:46 +01:00
Ed Kellett
7b6410135b
m_modules: make modreload work like restart
/modrestart used to be implemented as a normal command and could crash
when used remotely because it would reload m_encap, which was on the
call stack at the time. This was fixed in 41390bfe5f. However,
/modreload has exactly the same problem, so I'm giving it the
same treatment.

Incidentally: This bug was first discovered in ircd-seven, where the
`/mod*` commands themselves live in the core, so m_encap was the only way
the crash could happen (and it didn't most of the time, because m_encap
would only be moved if you got unlucky). But `/mod*` are in modules in
charybdis, so /modrestart would have unloaded the code it was in the
middle of executing. With that in mind, I'm not sure how it ever
appeared to work.
2019-11-17 18:01:51 +00:00
Aaron Jones
a52d84f723
Merge pull request #293 from edk0/webirc
m_webirc: improve TLS handling
2019-10-22 16:17:33 +00:00
Ed Kellett
d6c813780f
m_webirc: respect ircv3's secure option 2019-10-20 18:17:34 +01:00
Ed Kellett
c4e6888ef7
Recheck umodes for opers after rehash 2019-10-06 21:56:13 +01:00
Simon Arlott
e52893db93
Fix GCC 8 compiler warnings 2019-09-15 10:57:53 +01:00
Simon Arlott
b3a987ed15
ircd: Use a larger buffer for ilog() buf2 2019-09-15 10:41:33 +01:00
Simon Arlott
e89a399f94
ircd: Zero out the global_client_list
Otherwise we unconditionally add "me" to it twice in some unit tests,
which results in a loop in the list.
2019-09-15 10:22:26 +01:00
Ed Kellett
b674a619eb
Add extensions/drain
This takes the simplest possible approach: load the module and you're in
drain mode.
2019-09-14 21:13:11 +01:00
Ed Kellett
ed3ca2ff16
Propagate OPER
Move opername and privset storage to struct User, so it can exist for
remote opers.

On /oper and when bursting opers, send:

    :foo OPER opername privset

which sets foo's opername and privset. The contents of the privset on
remote servers come from the remote server's config, so the potential
for confusion exists if these do not match.

If an oper's privset does not exist on a server that sees it, it will
complain, but create a placeholder privset. If the privset is created by
a rehash, this will be reflected properly.

/privs is udpated to take an optional argument, the server to query, and
is now local by default:

    /privs [[nick_or_server] nick]
2019-09-13 10:08:27 +01:00
Ed Kellett
1123eefcb0
Rework oper hiding
As it stands, oper hiding is rather messy and inconsistent. Add
SeesOper(target, source), which is true iff target should appear as an
oper to source. If I haven't missed something, all commands that reveal
oper status now use the same logic.

general::hide_opers_in_whois is a special case, and affects /whois only.

general::hide_opers is introduced, and has the same effect as giving
everyone oper:hidden. All commands that reveal oper status respect both.
2019-09-12 23:14:15 +01:00
Ed Kellett
28cc8bb924
Deferred capability notifications from modules
Reloading modules sends CAP DEL followed by an immediate CAP NEW:

    :staberinde.local CAP * DEL :account-tag
    :staberinde.local CAP * NEW :account-tag

This isn't very nice. /modrestart is particularly bad. In order to avoid
doing this, we remember the capability set at the beginning of module
operations, compare that with the set afterwards, and report only the
differences with CAP {DEL,NEW}.
2019-09-07 14:59:33 +01:00