Kobi Shmueli [Sat, 27 Oct 2018 05:48:53 +0000 (08:48 +0300)]
Add NO_UTF8 xflag (XCF)
When enabled, messages that contain high ASCII codes will be blocked.
It doesn't have to be UTF8 really, Hebrew and Arabic characters will be blocked as well.
Kobi Shmueli [Mon, 22 Oct 2018 18:28:51 +0000 (21:28 +0300)]
Don't spam the network with the same channel topics
This patch changes m_topic() to ignore a new topic if the topic details (TS, topic and setter) are exactly the same.
It will prevent services from "flooding" the network with the same topics upon services restarts.
It won't affect users setting the same topic as the TS would be different.
Kobi Shmueli [Fri, 5 Oct 2018 05:01:51 +0000 (08:01 +0300)]
Add services join requests. (#51)
* Add services join requests.
This feature is disabled by default, however, when enabled (either for cmode +r channels or for all channels), servers will send join requests to services via the SJR command.
Once approved, services will send a join approval with the AJ command.
Alternatively, if the join request is denied, services will send the relevant error message to the user.
-Kobi.
* Change the services join request feature to use a new SJR channel extended flag rather than CMODE +r.
Kobi Shmueli [Thu, 4 Oct 2018 01:14:31 +0000 (04:14 +0300)]
Add more extended channel flags (XCF) (#67)
* Add nick!user@host to the spamfilter warnings
This will make it easier for our mass akill scripts.
-Kobi.
* Cosmetic changes to the spamfilter warning
The warning will now say if the spammer was blocked, akilled or blocked+akilled.
-Kobi.
* Add MAX_INVITES XCF
This will let us increase the maximum invite list for specific channels.
The use case is regional channels that want to +I their region/country's IPs and use it in combination with cmode +R.
* Add HIDE_MODE_LISTS XCF
This will let us hide /mode #channel +b/+I/+e lists from non-ops.
There are a few use cases for this (especially when the list limits are increased for channels that are being regularly flooded):
1. Prevent users from disconnecting themselves for "SendQ Exceeded".
2. Prevent abusers from flooding the server with it.
3. Prevent abusers from knowing our flood-control exemption lists.
* Add USER_VERBOSE XCF
When enabled, the server will alert #channel-relay about failed commands due to channel modes or xflags.
This feature was suggested by Sara_Ks.
* Add OPER_VERBOSE XCF
When enabled, the server will alert +f opers about failed commands due to channel modes or xflags.
Similar to USER_VERBOSE but will combine all "relay channels" to one place for opers and will show the user's real hostname even if they have user host-masking enabled.
* Add FLOODWARN module hook
CHOOK_FLOODWARN is called during flood warnings to opers.
Current m_rehash is now local_rehash.
The new m_rehash determines what to do with the rehash command it has
received, then either passes it to local_rehash or passes it on to the
target server.
To use remote rehash, the user on the local server must have access to
the rehash command on the server the user is on.
For the target server, the ircd.conf option "allow_remote_rehash" must
be enabled.
Ryan Smith [Thu, 20 Sep 2018 06:10:55 +0000 (02:10 -0400)]
Remove extraneous RSA, DSA, ECDSA, and EVP compatibility functions that are not used by bahamut and were causing compilation issues with older OpenSSL libraries. (#57)
Ryan Smith [Thu, 20 Sep 2018 06:10:41 +0000 (02:10 -0400)]
Spamfilter oper flags (#58)
* Remove extraneous RSA, DSA, ECDSA, and EVP compatibility functions that are not used by bahamut and were causing compilation issues with older OpenSSL libraries.
* DEFAULT_OPER_SPAMFILTER_DISABLED - default your opers to +P, which disables spamfilter checking. This is strongly recommended so that users can report potential spam.
* Fixes for masked opers as they're already masked anyway.
* Let's make sure m_quit() will only check real users.
Currently, QUIT from un-registered clients (before NICK & USER) can crash the server because we're checking sptr->user->channels and sptr->user doesn't exist.
Add support for eXtended Channel Flags (XCF). (#48)
Extended channel flags will be controlled by servics via the SVSXCF command.
Settings:
JOIN_CONNECT_TIME - Number of seconds the user must be online to be able to join
TALK_CONNECT_TIME - Number of seconds the user must be online to be able to talk on the channel
TALK_JOIN_TIME - Number of seconds the user must be on the channel to be able to tlak on the channel
MAX_BANS - Will let us increase the ban limit for specific channels
1/0 (on/off) options:
NO_NOTICE - no notices can be sent to the channel (on/off)
NO_CTCP - no ctcps can be sent to the channel (on/off)
NO_PART_MSG - no /part messages (on/off)
NO_QUIT_MSG - no /quit messages (on/off)
EXEMPT_OPPED - exempt opped users (on/off)
EXEMPT_VOICED - exempt voiced users (on/off)
EXEMPT_IDENTD - exempt users with identd (on/off)
EXEMPT_REGISTERED - exempt users with umode +r (on/off)
EXEMPT_INVITES - exempt users who are +I'ed (on/off)
Special option:
GREETMSG - A message that will be sent when a user joins the channel
DEFAULT - Reset the channel flags back to the default values
Ryan Smith [Tue, 11 Sep 2018 16:06:38 +0000 (12:06 -0400)]
SSL certificate chain fixes and HUP rehash sanity checks (#54)
* Fix modern compiler warnings and possible buffer overflows
* Need to load the full certificate chain for validation to work properly
* Allow kill -HUP to refresh SSL certificates; add more sanity checking to rehashing SSL to ensure the certificate files still exist on disk and that the certificate belongs to the private key; do not actually swap out the SSL CTX unless all checks pass
crigler [Tue, 28 Aug 2018 02:06:49 +0000 (19:06 -0700)]
Resend the nicklist to a client in auditorium mode. (#50)
When auditorium mode is set and someone is opped or voiced, their client
will start to see messages from previously hidden clients and could get
confused about which window those messages should go to.
Fix this by sending a set of fake KICK/JOIN/NAMES messages to the newly
opped/voiced client to update the client's idea of who is in the
channel.
* Added USER_HOSTMASKING definition to include/config.h.
* Added UMODE +H.
When enabled, the user's host will be masked.
This umode is enabled by default if user host-masking support is defined.
-Kobi.
* Added the foundation for user host-masking support.
* Added user host-masking support to WHOIS (opers can still see the real host/ip).
* Added user host-masking support to USERHOST.
Notes:
- Users can see their own real hosts (to prevent DCC issues on some clients).
- Opers can see real hosts for everyone.
-Kobi.
* Added user host-masking support to WHOWAS (opers can still see the real host/IP).
* Changed SVSHOST to use mhost and propgate it on server connects.
* Added user host-masking support to channel bans/invites/exempts.
* Added user host-masking support to STATS l & p.
* Added user host-masking support to WHO.
* Added user host-masking support to WATCH.
* Added user host-masking support for a few src/send.c functions:
- prefix_buffer()
- send_quit_to_common_channels()
- send_part_to_common_channels()
- sendto_prefix_one()
- vsendto_prefix_one()
-Kobi.
* typo fix!
* Made WATCH L respect umode +H and mask the user's host if needed.
* Made KILL respect umode +H and mask the user's host if needed.
* Made DCCALLOW LIST respect umode +H and mask the user's host if needed.
* Added module hook for WHOIS.
* Added SVSUHM command to let services control what user host-masking type we are using.
* A few user host-masking related changes:
- Added module hook for masking hosts.
- Made mask_host() call the maskhost hook.
- Made mask_host() use uhm_type.
- Changed do_user() to only set & allow UMODE_H if uhm_type is defined.
- Changed m_umode() to only allow umode +H if uhm_type is defined.
* Added WHO +R to let opers choose if they want to see real hosts or not.
* Don't let non-opers see the real hosts/IPs for masked users with TRACE.
* Changed check_dccsend() to show the masked host/IP for umode +H users.
* Added USER_HOSTMASKING define checks to src/channel.c.
* Added USER_HOSTMASKING define checks to src/s_user.c.
* Added USER_HOSTMASKING define check to src/m_stats.c.
* Oops, typo fix.
* Added skill to version.c.SH.
* Let's only mask the host if the masking module returned 1 (Success).
-Kobi.
* Changed call_hooks()'s logic when handling hostmasking modules.
Possible results by the module:
1 = Success, the host has been masked (so don't try other modules).
0 = Failure, the host wasn't masked but try other modules (maybe they will mask the host).
-2 (FLUSH_BUFFER) = Failure, the host wasn't masked but *don't* try other modules.
-Kobi.
* Added defines for the user host-masking module's hooking results.
Ryan Smith [Thu, 22 Feb 2018 03:30:10 +0000 (22:30 -0500)]
Allow bahamut to be compiled against OpenSSL versions >= 1.1.0
while maininting backwards compatability with the 1.0.x series by using the recommended OpenSSL Compatability Layer: https://wiki.openssl.org/index.php/OpenSSL_1.1.0_Changes