Merge branch 'main' into amdj/invite-notify-configurable-notice

CREDITS

@@ -3,12 +3,12 @@ Solanum is based on Charybdis, which was based on ircd-ratbox.
 Development is led by a group of representatives from Libera Chat
 and OFTC:
 
+amdj, Aaron Jones <[email protected]>
 dwfreed, Doug Freed <[email protected]>
-edk, Ed Kellett <[email protected]>
-glguy, Eric Mertens <[email protected]>
 ilbelkyr, Nicole Kleinhoff <[email protected]>
 mcintosh, Richie McIntosh <[email protected]>
 Myon, Christoph Berg <[email protected]>
+spb, Stephen Bennet <[email protected]>
 tomaw, Tom Wesley <[email protected]>
 
 The Charybdis team was:

README.md

@@ -46,7 +46,7 @@ These are known issues and workarounds for various platforms.
 # building
 
 ```bash
-sudo apt install build-essential pkg-config libsqlite3-dev # or equivalent for your distribution
+sudo apt install build-essential pkg-config automake libtool libsqlite3-dev # or equivalent for your distribution
 ./autogen.sh
 ./configure --prefix=/path/to/installation
 make

doc/connecting-servers.rst

@@ -112,7 +112,7 @@ hostname.
 
 For example, with atheme::
 
-   loadmodule "modules/protocol/charybdis";
+   loadmodule "modules/protocol/solanum";
 
    uplink "a.example.org" {
            host = "localhost";

doc/features/filter.txt

@@ -0,0 +1,59 @@
+extensions/filter module documentation
+--------------------------------------
+
+The filter extension implements message content filtering using 
+solanum's hook framework and Intel's Hyperscan regular expression
+matching library.
+
+It requires an x86_64 processor with SSSE3 extensions.
+
+To operate, the filter requires a database of regular expessions
+that have been compiled using the Hyperscan library's 
+hs_compile_multi() or hs_compile_ext_multi() functions. 
+
+The command SETFILTER is used to manage operation of the filter and to
+load compiled Hyperscan databases.
+
+General documenation of SETFILTER is available using the 'HELP SETFILTER'
+command.
+
+For each expression in the database, the three least significant bits 
+of the expression ID are used to indicate which action the ircd should
+take in the event of a match:
+
+001 (1) DROP   - The message will be dropped and the client will be sent
+                 an ERR_CANNOTSENDTOCHAN message.
+010 (2) KILL   - The connection from which the message was recevied will
+                 be closed.
+100 (4) ALARM  - A Server Notice will be generated indicating that an
+                 expression was matched. The nick, user, hostname and
+                 IP address will be reported. For privacy, the expression
+                 that has been matched will not be disclosed.
+
+Messages are passed to the filter module in a format similar to an
+IRC messages:
+
+0:nick!user@host#1 PRIVMSG #help :hello!
+
+The number at the start of the line indicates the scanning pass:
+Messages are scanned twice, once as they were received (0), and once
+with any formatting or unprintable characters stripped (1).
+
+By default, 'nick', 'user' and 'host' will contain *. This behaviour
+can be changed at build time if filtering on these fields is required.
+
+The number after the # will be 0 or 1 depending on whether the sending
+client was identified to a NickServ account.
+
+The process for loading filters is as follows:
+
+1. The Hyperscan database is serialized using hs_serialize_database().
+2. A 'SETFILTER NEW' command is sent.
+3. The serialized data is split into chunks and base64 encoded. 
+   The chunk size needs to be chosen to ensure that the resuliting
+   strings are short enough to fit into a 510 byte IRC line, taking 
+   into account space needed for the 'SETFILTER +' command, check field, 
+   server mask, and base64 overhead.
+4. The encoded chunks are sent using 'SETFILTER +' commands
+5. Once the entire database has been sent, a 'SETFILTER APPLY' command
+   is sent to commit it.

doc/reference.conf

@@ -479,6 +479,7 @@ privset "local_op" {
 	 * usermode:helpops      allows setting +h (from extensions/helpops)
 	 * auspex:usertimes:
 	 *   allows viewing user idle/connect times even when +I is set (from extensions/umode_hide_idle_time)
+	 * oper:shedding:	allows the SHEDDING command (from extensions/m_shedding)
 	 */
 	privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, oper:message,
 		usermode:servnotice, auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
@@ -1319,6 +1320,13 @@ general {
 	 */
 	ping_cookie = no;
 
+	/* ping warn time: how long to wait after pinging a server before starting
+	 * to complain it is unresponsive. Note that the ping check interval is 30 
+	 * seconds, so the first complaint will come at the next check after this 
+	 * time has passed.
+	 */
+	ping_warn_time = 15 seconds;
+
 	/* connect timeout: sets how long we should wait for a connection
 	 * request to succeed
 	 */
@@ -1459,6 +1467,9 @@ general {
 
 	/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
 	hide_opers_in_whois = no;
+
+	/* hide_opers: Hide all opers from unprivileged users */
+	hide_opers = no;
 
 	/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
 	tls_ciphers_oper_only = no;

extensions/Makefile.am

@@ -19,6 +19,7 @@ extension_LTLIBRARIES =		\
   extb_account.la		\
   extb_canjoin.la		\
   extb_channel.la		\
+	extb_guest.la		\
   extb_hostmask.la		\
   extb_oper.la			\
   extb_server.la		\
@@ -55,6 +56,7 @@ extension_LTLIBRARIES =		\
   m_omode.la			\
   m_opme.la			\
   m_sendbans.la			\
+  m_shedding.la			\
   m_webirc.la			\
   m_remove.la			\
   hide_uncommon_channels.la	\

extensions/README

@@ -79,6 +79,7 @@ extb_account.so  - Account bans (+b $a[:mask])
 extb_canjoin.so  - Banned from another channel (+b $j:mask)
 extb_channel.so  - Other-channel bans (+b $c:mask)
 extb_extgecos.so - Extended ban (+b $x:mask)
+extb_guest.so    - Unidentified bans (+b $g:mask)
 extb_oper.so     - Oper bans (+b $o)
 extb_realname.so - Realname (gecos) bans (+b $r:mask)
 extb_server.so   - Server bans (+b $s:mask)

extensions/extb_account.c

@@ -7,6 +7,7 @@
 #include "modules.h"
 #include "client.h"
 #include "ircd.h"
+#include "supported.h"
 
 static const char extb_desc[] = "Account ($a) extban type";
 
@@ -20,6 +21,7 @@ static int
 _modinit(void)
 {
 	extban_table['a'] = eb_account;
+	add_isupport("ACCOUNTEXTBAN", isupport_string, "a");
 
 	return 0;
 }
@@ -28,6 +30,7 @@ static void
 _moddeinit(void)
 {
 	extban_table['a'] = NULL;
+	delete_isupport("ACCOUNTEXTBAN");
 }
 
 static int eb_account(const char *data, struct Client *client_p,

extensions/extb_extgecos.c

@@ -34,15 +34,42 @@ _moddeinit(void)
 static int eb_extended(const char *data, struct Client *client_p,
 		struct Channel *chptr, long mode_type)
 {
-	char buf[BUFSIZE];
-
 	(void)chptr;
 
 	if (data == NULL)
 		return EXTBAN_INVALID;
 
-	snprintf(buf, sizeof buf, "%s!%s@%s#%s",
-		client_p->name, client_p->username, client_p->host, client_p->info);
+	const char *idx = strchr(data, '#');
+
+	if (idx != NULL && idx[1] == '\0')
+		/* Users cannot have empty realnames,
+		 * so don't let a ban be set matching one
+		 */
+		return EXTBAN_INVALID;
+
+	char buf[BUFSIZE];
+
+	if (idx != NULL)
+	{
+		// Copy the nick!user@host part of the ban
+		memcpy(buf, data, (idx - data));
+		buf[(idx - data)] = '\0';
+
+		// Advance to the realname part of the ban
+		idx++;
+
+		if (client_matches_mask(client_p, buf) && match(idx, client_p->info))
+			return EXTBAN_MATCH;
+	}
+	else
+	{
+		// Treat data as a pattern to match against the full nick!user@host#gecos.
+		snprintf(buf, sizeof buf, "%s!%s@%s#%s",
+			client_p->name, client_p->username, client_p->host, client_p->info);
+
+		if (match(data, buf))
+			return EXTBAN_MATCH;
+	}
 
-	return match(data, buf) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
+	return EXTBAN_NOMATCH;
 }

extensions/extb_guest.c

@@ -0,0 +1,73 @@
+/*
+ * Guest extban type: bans unidentified users matching nick!user@host.
+ * -- TheDaemoness
+ */
+
+#include "stdinc.h"
+#include "modules.h"
+#include "client.h"
+#include "ircd.h"
+
+static const char extb_desc[] = "Guest ($g) extban type - bans unidentified users matching nick!user@host";
+
+static int _modinit(void);
+static void _moddeinit(void);
+static int eb_guest(const char *data, struct Client *client_p, struct Channel *chptr, long mode_type);
+
+DECLARE_MODULE_AV2(extb_guest, _modinit, _moddeinit, NULL, NULL, NULL, NULL, NULL, extb_desc);
+
+static int
+_modinit(void)
+{
+	extban_table['g'] = eb_guest;
+
+	return 0;
+}
+
+static void
+_moddeinit(void)
+{
+	extban_table['g'] = NULL;
+}
+
+static int eb_guest(const char *data, struct Client *client_p,
+		struct Channel *chptr, long mode_type)
+{
+	(void)chptr;
+
+	if (data == NULL)
+		return EXTBAN_INVALID;
+
+	const char *idx = strchr(data, '#');
+
+	if (idx != NULL && idx[1] == '\0')
+		/* Users cannot have empty realnames,
+		 * so don't let a ban be set matching one
+		 */
+		return EXTBAN_INVALID;
+
+	if (!EmptyString(client_p->user->suser))
+		return EXTBAN_NOMATCH;
+
+	if (idx != NULL)
+	{
+		char buf[BUFSIZE];
+
+		// Copy the nick!user@host part of the ban
+		memcpy(buf, data, (idx - data));
+		buf[(idx - data)] = '\0';
+
+		// Advance to the realname part of the ban
+		idx++;
+
+		if (client_matches_mask(client_p, buf) && match(idx, client_p->info))
+			return EXTBAN_MATCH;
+
+		return EXTBAN_NOMATCH;
+	}
+
+	if (client_matches_mask(client_p, data))
+		return EXTBAN_MATCH;
+
+	return EXTBAN_NOMATCH;
+}