Ircd isnt seeing me as being in the opers class upon connect

[Jedi]

I am using the latest RC2fix version of Unreal and im having the following issue:

I have my clients class set at 10 users (long story why but doesn’t really pertain to this problem). I have my opers class set to 7 since I only have seven opers.

I have my access.conf set up to look for my ident and identifies me as being in the opers class then its supposed to prompt for a password before it allows me to proceed. Ever since I upgraded from one of the previous beta versions (don’t remember the version but I think it was beta18) to this RC2 it doesn’t put me in the opers class nor does it care if I supply a password or not. It seems to see me as being in the clients class till im already connected and chatting then it puts me in the opers class.

If I do a stats Y and a stats I everything shows up just fine. Also if im already connected and the server reaches its max connections for clients (10) then it sees me as being in the oper class and allows one more to join (this just an example if I were the only one in the opers class connected at the time). So if I do a /map it will show 11 users connected and me being in the oper class. So it does work to that extent. It just appears that the only time this affects me is when the clients are at its max (10) and im trying to connect. If im already connected before it reaches its clients max it sees me as being in the oper class but still doesn’t prompt me for a password to continue on.

Any idea why its no longer allowing me to connect to the server when its full even though im using the supplied ident that I put in the access.conf file? All I get now is (server is full). I know I didn’t go mad and this did work before because I was really happy about the fact that I no longer had to worry about connecting if the server was full. I also had all my opers in a class of their own for security reasons. I liked the idea that opers idents had to match before they could oper up..but in order to get to that point the oper would have to have a password to even continue on with the server connection attempt. Just made things more secure.

So in a nutshell for some reason the ircd isnt seeing my ident as being in the opers class now upon connecting or even caring if im supplying a password or not when it did before the upgrade. Nothing was changed on my end as far as configs go.

Sorry if I seem repetitive above, I sometimes have a hard time explaining sometimes and I just wanted to make sure I was clear on the problem I also would have submitted this via the bug reporting site but when I tried to create my account all I got was mysql errors and never received my randomly generated password. I also tried to get help in the unreal-support channel but no one was on that could help and im on dial up. I wouldn’t mind being patient for an answer but I couldn’t possibly stay on long enough because of my connection.

Hope someone can help

[Ron2K]

It sounds to me like you're only placed into the oper class when you oper up. You need to set up your allow blocks to place you into the oper class when you connect. Here's a snippet from the manual:

The access control works like this: ip matches OR host matches, so "hostname *@*"; and "ip *@1.2.3.4" will mean it will always match. Also the allow blocks are read upside down, so you need specific host/ip allow blocks AFTER your general *@* allow blocks. Additionally, if you want to setup a block that only matches based on IP, then set the hostname to something invalid, such as "hostname NOBODY;", this will allow the block to only match based on IP.

Take note of the section in orange.

And here's the syntax:

Code: Select all

allow {
	ip <user@ip-connection-mask>;
	hostname <user@host-connection-mask>;
	class <connection-class>;
	password <connection-password> { <auth-type>; };
	maxperip <max-connections-per-ip>;
	redirect-server <server-to-forward-to>;
	redirect-port <port-to-forward-to>;
	options {
		<option>;
		<option>;
		...
	};
};

[Jedi]

Thats exactly how i have it set up :/ In the access.conf file i have my connection info listed last so its read before the clients part is read. I dont know whats going on here. :/

[Ron2K]

Hmm.... try sending me your unrealircd.conf and access.conf files to me: ron2k AT webmail DOT co DOT za. Remove all unencrypted passwords first! I'll see if I can fix it.

[AngryWolf]

Yeah, I also think this isn't a documentation problem, and I'm trying to figure out whether you've found a bug or not. I have the following configuration:

Code: Select all

class clients
{
        pingfreq        90;
        maxclients      10;
        sendq           100000;
        recvq           8000;
};

class opers
{
        pingfreq        90;
        maxclients      7;
        sendq           400000;
        recvq           15000;
};

allow
{
        ip              *@*;
        hostname        *@*;
        class           clients;
        maxperip        3;
};

allow
{
        ip              *angrywolf@*;
        hostname        *angrywolf@*;
        password        "test";
        class           opers;
        maxperip        5;
        options         { nopasscont; };
};

If I connect to my server with telnet and type:

Code: Select all

pass test
user angrywolf * * angrywolf
nick angrywolf

the result is:

Code: Select all

*** Notice -- Client connecting on port 6667: angrywolf (~angrywolf@localhost)
    [clients]

Thought it should put me in the opers class. The same works with *@* specified in both allow::ip and allow::hostname. Probably I'm missing something. Additonal details:

Code: Select all

/trace
204 S:[server1.test.co] OPER [wolf
205 User Class[clients] ==> angrywolf [localhost] 3
209 Class opers Entries linked: 1
209 Class clients Entries linked: 1
209 Class default Entries linked: 0
/lusers
(...)
265 Current Local Users: 2  Max: 3
266 Current Global Users: 2  Max: 2

[AngryWolf]

To simplify the issue, I think the problem is with user and ident names.

[Jedi]

Here is how i have my classes.conf file:

Code: Select all

class           clients
{
        pingfreq 90;
        maxclients 10;
        sendq 100000;
};

class           servers
{
        pingfreq 90;
        maxclients 10;          /* Max servers we can have linked at a time */
        sendq 1000000;
        connfreq 100; /* How many seconds between each connection attempt */
};

class           opers
{       
        pingfreq 90;
        maxclients 10;
        sendq 100000;
};

Then of course i have in my access.conf file my opers listed with passwords and in the opers class starting with opers listed at the bottom ending with clients at the top.
Example:

Code: Select all

allow {
        ip             *Jedi@*;
        hostname       *Jedi@*.*;
        password        "test";
        class           opers;
        maxperip 3;

};

Before this worked perfectly...now with RC2 it doesnt.

Also in my unrealircd.conf file i have:
include "classes.conf";
include "access.conf";

listed in the includes section. So it should be working but for some reason it is not. :/

[Jedi]

Hmm.... try sending me your unrealircd.conf and access.conf files to me: ron2k AT webmail DOT co DOT za. Remove all unencrypted passwords first! I'll see if I can fix it.

Would you still want me to send my unrealircd.conf file to you after what i posted above? If so i will I would need to include my access.conf file and my classes.conf file i would assume since the only thing i have in my unrealircd.conf file is just the includes for the two files.

thank you all for the help

[Ron2K]

Code: Select all

allow { 
ip *Jedi@*; 
hostname *Jedi@*.*; 
password "test"; 
class opers; 
maxperip 3; 

}; 

Try this:

Code: Select all

allow { 
ip *@127.0.0.1; <--- CHANGE TO YOUR REAL IP OR IP'S (ie 127.0.0.*)
hostname *Jedi@*; 
password "test"; 
class opers; 
maxperip 3; 

}; 

If you still want to send me those conf files, it's up to you. Especially if what I've just mentioned doesn't help.

[Jedi]

I would add my ip address but i have a dynamic ip that sometimes i get a quest.net ip and sometimes its a uu.net ip. Im an msn dialup customer :/

However all this did work before with just using my ident. I dont know why it wouldnt work now. :/

[Ron2K]

Try ip *@* then.

[Jedi]

i changed the ip section to *@* and it worked!! Any idea why i had to change this? Was there a bug before that allowed the ip section to be set at ident@*.* or is it a bug now that it wont allow it to be set that way.

It seems to make more sense setup this way..so im thinking maybe it was an error before.

Thanks for the help

[AngryWolf]

To Jedi: I suppose this is a bug, perhaps you should try and report it at http://bugs.unrealircd.org.

To Ron2k: of course, a "workaround", changing the value of allow::ip to *@127.0.0.1 or *@* solves the problem, but it's not the best solution, I think. The allow block should work well with user/ident names.

[AngryWolf]

I think I found the bug. From the Changes file:

- Made allow::options::noident work correctly (#0001416) reported by Zifnab

This change makes it so (client-specified) usernames are only used in allow blocks if the allow::options::noident option is present in your allow configuration block. That means, if I'm right, ident and user names don't work together anymore.

[Jedi]

i was going to originally submit this to the bug report list but upon trying to register all i get is mysql errors when it gets to the part where its supposed to be sending me my randomly generated password. :/