View Issue Details

IDProjectCategoryView StatusLast Update
0005742unrealircdpublic2023-02-08 09:06
Reportersyzop Assigned To 
PrioritynormalSeverityfeatureReproducibilityN/A
Status acknowledgedResolutionopen 
Summary0005742: ulines and set::services-server warning
Description1. Warn when anope or atheme link and do not match any ulines
2. Warn when an unrealircd server matches any ulines (basically the inverse of #1)
3. Consider a more elaborate error message when set::services-server is not set properly, such as set to an unrealircd server or a non-existing server, or only to ircops. Either on-link or when an alias / whatever is executed, or both.

This is all possible because nowadays we get the exact software package name and version for every UnrealIRCd server on the network via SINFO & PROTOCTL.
TagsNo tags attached.
3rd party modules

Activities

syzop

2020-08-18 10:18

administrator   ~0021695

Oh, seems I already did part of it, anyway:

if (find_uline(cptr->name))
{
        if (cptr->serv && cptr->serv->features.software && !strncmp(cptr->serv->features.software, "UnrealIRCd-", 11))
        {
                sendto_realops("\002WARNING:\002 Bad ulines! It seems your server is misconfigured: "
                               "your ulines { } block is matching an UnrealIRCd server (%s). "
                               "This is not correct and will cause security issues. "
                               "ULines should only be added for services! "
                               "See https://www.unrealircd.org/docs/FAQ#bad-ulines",
                               cptr->name);
        }

Note that this is for a direct connection only, not far, which should also be there (and avoid duplicate code plz)

syzop

2023-02-08 09:06

administrator   ~0022727

https://github.com/unrealircd/unrealircd/commit/dd830261dbd34418412bacfe2783f98bfbf1eeff

commit dd830261dbd34418412bacfe2783f98bfbf1eeff (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD)
Author: Bram Matthys <[email protected]>
Date: Wed Feb 8 08:57:43 2023 +0100

    Reject a link for anope or atheme if there is no ulines { } for it.
    This is checked for both local and remote services linking in.
    
    Naturally, the list can be expanded to include more services that
    really need ulines { }, and not statistical services or some other
    purpose non-unrealircd servers, which is the reason why cannot
    blindly assume all non-unrealircd servers require ulines.
    
    This should hopefully help users a lot with "mysterious" issues
    with services that we see too often in the support channel.
    Suggested in https://bugs.unrealircd.org/view.php?id=5742
    
    Note that this does require services to communicate their software
    version via EAUTH. Anope does this for years already, but atheme only
    does so since 10 days ago (git only, presumably not released yet)
    after Valware filed a PR.

Issue History

Date Modified Username Field Change
2020-08-18 07:30 syzop New Issue
2020-08-18 07:30 syzop Status new => acknowledged
2020-08-18 10:18 syzop Note Added: 0021695
2023-02-08 08:57 syzop View Status private => public
2023-02-08 09:06 syzop Note Added: 0022727