ngIRCd GIT Updates

ngircd-commits@lists.barton.de

1 Teilnehmer
2443 Diskussionen

Alexander Barton : Merge branch 'ScrubCTCP'
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: 269310f04b7624675f0e609a18c645474d9e5c6f URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=269310f0… Author: Alexander Barton <alex(a)barton.de> Date: Sun Jun 26 15:38:53 2011 +0200 Merge branch 'ScrubCTCP' * ScrubCTCP: Add documentation for "ScrubCTCP" configuration option New option to scrub incoming CTCP commands ---

1 0

Alexander Barton : conf.c: code cleanup
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: 391cf4e2a11a1ca3969cb01db062037a9cd8caf3 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=391cf4e2… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 14:55:34 2011 +0200 conf.c: code cleanup --- src/ngircd/conf.c | 42 ++++++++++++++++++++++++------------------ 1 files changed, 24 insertions(+), 18 deletions(-) diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index b79715d..4da5b9e 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -302,12 +302,11 @@ Conf_Test( void ) config_valid = Validate_Config(true, false); /* Valid tty? */ - if( isatty( fileno( stdin )) && isatty( fileno( stdout ))) { - puts( "OK, press enter to see a dump of your service configuration ..." ); - getchar( ); - } else { - puts( "Ok, dump of your server configuration follows:\n" ); - } + if(isatty(fileno(stdin)) && isatty(fileno(stdout))) { + puts("OK, press enter to see a dump of your server configuration ..."); + getchar(); + } else + puts("Ok, dump of your server configuration follows:\n"); puts("[GLOBAL]"); printf(" Name = %s\n", Conf_ServerName); @@ -881,7 +880,9 @@ Read_Config( bool ngircd_starting ) continue; } - Config_Error( LOG_ERR, "%s, line %d: Unknown section \"%s\"!", NGIRCd_ConfFile, line, section ); + Config_Error(LOG_ERR, + "%s, line %d: Unknown section \"%s\"!", + NGIRCd_ConfFile, line, section); section[0] = 0x1; } if( section[0] == 0x1 ) continue; @@ -1050,8 +1051,8 @@ WarnPAM(int UNUSED Line) /** * Handle legacy "NoXXX" options in [GLOBAL] section. * - * TODO: This function and support for "NoXXX" should be removed starting - * with ngIRCd release 19! (One release after marking it "deprecated"). + * TODO: This function and support for "NoXXX" could be removed starting + * with ngIRCd release 19 (one release after marking it "deprecated"). * * @param Var Variable name. * @param Arg Argument string. @@ -1060,7 +1061,7 @@ WarnPAM(int UNUSED Line) static bool CheckLegacyNoOption(const char *Var, const char *Arg) { - if( strcasecmp( Var, "NoDNS" ) == 0 ) { + if(strcasecmp(Var, "NoDNS") == 0) { Conf_DNS = !Check_ArgIsTrue( Arg ); return true; } @@ -1168,9 +1169,9 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) size_t len; const char *section; - assert( Line > 0 ); - assert( Var != NULL ); - assert( Arg != NULL ); + assert(Line > 0); + assert(Var != NULL); + assert(Arg != NULL); if (strcasecmp(Var, "Name") == 0) { len = strlcpy(Conf_ServerName, Arg, sizeof(Conf_ServerName)); @@ -1232,12 +1233,13 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) if (len == 0) return; if (len >= LINE_LEN) { - Config_Error_TooLong( Line, Var ); + Config_Error_TooLong(Line, Var); return; } if (!array_copyb(&Conf_Motd, Arg, len + 1)) - Config_Error(LOG_WARNING, "%s, line %d: Could not append MotdPhrase: %s", - NGIRCd_ConfFile, Line, strerror(errno)); + Config_Error(LOG_WARNING, + "%s, line %d: Could not append MotdPhrase: %s", + NGIRCd_ConfFile, Line, strerror(errno)); Using_MotdFile = false; return; } @@ -1281,8 +1283,12 @@ Handle_GLOBAL( int Line, char *Var, char *Arg ) } if (CheckLegacyNoOption(Var, Arg)) { - Config_Error(LOG_WARNING, "%s, line %d: \"No\"-Prefix has been removed, use \"%s = %s\" in [FEATURES] section instead", - NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); + /* TODO: This function and support for "NoXXX" could be + * be removed starting with ngIRCd release 19 (one release + * after marking it "deprecated"). */ + Config_Error(LOG_WARNING, + "%s, line %d (section \"Global\"): \"No\"-Prefix is deprecated, use \"%s = %s\" in [Options] section!", + NGIRCd_ConfFile, Line, NoNo(Var), InvertArg(Arg)); if (strcasecmp(Var, "NoIdent") == 0) WarnIdent(Line); else if (strcasecmp(Var, "NoPam") == 0)

1 0

Alexander Barton : Display configuration errors more prominent on " --configtest"
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: d41f4d6d20797c9dfdde272b8689f4cc7622fe38 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=d41f4d6d… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 14:56:27 2011 +0200 Display configuration errors more prominent on "--configtest" --- src/ngircd/conf.c | 9 +++++++-- 1 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 4da5b9e..9e3fe13 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -1933,8 +1933,13 @@ va_dcl vsnprintf( msg, MAX_LOG_MSG_LEN, Format, ap ); va_end( ap ); - if (Use_Log) Log( Level, "%s", msg ); - else puts( msg ); + if (!Use_Log) { + if (Level <= LOG_WARNING) + printf(" - %s\n", msg); + else + puts(msg); + } else + Log(Level, "%s", msg); } #ifdef DEBUG

1 0

Alexander Barton : Testsuite: update configuration files for new config file format
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: c438c227b554684f4fc92c1548f42731469696c7 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=c438c227… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 14:57:26 2011 +0200 Testsuite: update configuration files for new config file format --- src/testsuite/ngircd-test1.conf | 6 ++++-- src/testsuite/ngircd-test2.conf | 6 ++++-- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/testsuite/ngircd-test1.conf b/src/testsuite/ngircd-test1.conf index 43851f6..f65f706 100644 --- a/src/testsuite/ngircd-test1.conf +++ b/src/testsuite/ngircd-test1.conf @@ -7,11 +7,13 @@ Ports = 6789 MotdFile = ngircd-test1.motd AdminEMail = admin(a)irc.server + +[Limits] MaxConnectionsIP = 0 - OperCanUseMode = yes MaxJoins = 4 -[Features] +[Options] + OperCanUseMode = yes Ident = no PAM = no diff --git a/src/testsuite/ngircd-test2.conf b/src/testsuite/ngircd-test2.conf index 54c1232..5d2e28f 100644 --- a/src/testsuite/ngircd-test2.conf +++ b/src/testsuite/ngircd-test2.conf @@ -7,11 +7,13 @@ Ports = 6790 MotdFile = ngircd-test2.motd AdminEMail = admin(a)irc.server2 + +[Limits] MaxConnectionsIP = 0 - OperCanUseMode = yes MaxJoins = 4 -[Features] +[Options] + OperCanUseMode = yes Ident = no PAM = no

1 0

Alexander Barton : Update sample config file and manual page for new config structure
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: eba14d937d7d8980a1d178ca0066c577bf66c806 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=eba14d93… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 14:58:12 2011 +0200 Update sample config file and manual page for new config structure --- doc/sample-ngircd.conf.tmpl | 196 +++++++++++++------------ man/ngircd.conf.5.tmpl | 339 +++++++++++++++++++++++-------------------- 2 files changed, 282 insertions(+), 253 deletions(-) Diff: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commitdiff;h=eba1…

1 0

Alexander Barton : INSTALL: document changed location of configuration variables
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: 6aad5a6706f2487019ff92da01509abda1d09b33 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=6aad5a67… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 14:59:02 2011 +0200 INSTALL: document changed location of configuration variables --- INSTALL | 32 ++++++++++++++++++++++++++++++++ 1 files changed, 32 insertions(+), 0 deletions(-) diff --git a/INSTALL b/INSTALL index 8547efc..ea77bd9 100644 --- a/INSTALL +++ b/INSTALL @@ -17,6 +17,38 @@ Differences to version 17 - Support for ZeroConf/Bonjour/Rendezvous service registration has been removed. The configuration option "NoZeroconf" is no longer available. +- The structure of ngircd.conf has been cleaned up and two new configuration + sections have been introduced: [Limits] and [Options]. + Lots of configuration variables stored in the [Global] section are now + deprecated there and should be stored in one of these new sections (but + still work in [Global]): + "AllowRemoteOper" -> [Options] + "ChrootDir" -> [Options] + "ConnectIPv4" -> [Options] + "ConnectIPv6" -> [Options] + "ConnectRetry" -> [Limits] + "MaxConnections" -> [Limits] + "MaxConnectionsIP" -> [Limits] + "MaxJoins" -> [Limits] + "MaxNickLength" -> [Limits] + "NoDNS" -> [Options], and renamed to "DNS" + "NoIdent" -> [Options], and renamed to "Ident" + "NoPAM" -> [Options], and renamed to "PAM" + "OperCanUseMode" -> [Options] + "OperServerMode" -> [Options] + "PingTimeout" -> [Limits] + "PongTimeout" -> [Limits] + "PredefChannelsOnly" -> [Options] + "SSLCertFile" -> [Options] + "SSLDHFile" -> [Options] + "SSLKeyFile" -> [Options] + "SSLKeyFilePassword" -> [Options] + "SSLPorts" -> [Options] + "SyslogFacility" -> [Options] + "WebircPassword" -> [Options] + You should adjust your ngircd.conf and run "ngircd --configtest" to make + sure that your settings are correct and up to date! + Differences to version 16 - Changes to the "MotdFile" specified in ngircd.conf now require a ngircd

1 0

xor : New option to scrub incoming CTCP commands
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: f087c68a99951d12ba91c5f6e1e0e548c5a5d912 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=f087c68a… Author: xor <xorboy(a)gmail.com> Date: Fri Jun 10 21:39:01 2011 +0200 New option to scrub incoming CTCP commands This patch makes it possible to scrub incomming CTCP commands from other servers and clients alike. The ngircd oper can enable it from the config file, by adding "ScrubCTCP = yes" under [OPTIONS]. It is default off. CTCP can be used to profile IRC users (get user clients name and version, and also their IP addresses). This is not something we like to happen when user pseudonymity/secrecy is important. The server silently drops incomming CTCP requests from both other servers and from users. The server that scrubs CTCP will not forward the CTCP requests to other servers in the network either, which can spell trouble if not every oper knows about the CTCP-scrubbing. Scrubbing CTCP commands also means that it is not possible to send files between users. There is one exception to the CTCP scrubbing performed: ACTION ("/me commands") requests are not scrubbed. ACTION is not dangerous to users (unless they use OTR, which does not encrypt CTCP requests) and most users would be confused if they were just dropped. A CTCP request looks like this: ctcp_char, COMMAND, arg0, arg1, arg2, .. argN, ctcp_char ctcp_char is 0x01. (just like bold is 0x02 and color is 0x03.) They are sent as part of a message and can be delivered to channels and users alike. --- src/ngircd/conf.c | 6 ++++++ src/ngircd/conf.h | 3 +++ src/ngircd/parse.c | 45 ++++++++++++++++++++++++++++++++++++++++++--- 3 files changed, 51 insertions(+), 3 deletions(-) diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 9e3fe13..6bd224f 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -374,6 +374,7 @@ Conf_Test( void ) #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); #endif + printf(" ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP)); #ifdef SSL_SUPPORT printf(" SSLCertFile = %s\n", Conf_SSLOptions.CertFile); printf(" SSLDHFile = %s\n", Conf_SSLOptions.DHFile); @@ -687,6 +688,7 @@ Set_Defaults(bool InitServers) #endif Conf_PredefChannelsOnly = false; #ifdef SYSLOG + Conf_ScrubCTCP = false; #ifdef LOG_LOCAL5 Conf_SyslogFacility = LOG_LOCAL5; #else @@ -1459,6 +1461,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) return; } #endif + if (strcasecmp(Var, "ScrubCTCP") == 0) { + Conf_ScrubCTCP = Check_ArgIsTrue(Arg); + return; + } #ifdef SSL_SUPPORT if (strcasecmp(Var, "SSLCertFile") == 0) { assert(Conf_SSLOptions.CertFile == NULL); diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 80d1818..1f9bd12 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Disable all CTCP commands except for /me ? */ +GLOBAL bool Conf_ScrubCTCP; + /** Enable NOTICE AUTH messages on connect */ GLOBAL bool Conf_NoticeAuth; diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c index c260391..72e3430 100644 --- a/src/ngircd/parse.c +++ b/src/ngircd/parse.c @@ -47,6 +47,7 @@ #include "numeric.h" #include "exp.h" +#include "conf.h" struct _NUMERIC { int numeric; @@ -124,6 +125,8 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUEST *Req, bool *Closed )); static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req )); +static bool ScrubCTCP PARAMS((char *Request)); + /** * Return the pointer to the global "IRC command structure". * This structure, an array of type "COMMAND" describes all the IRC commands @@ -174,8 +177,10 @@ Parse_Request( CONN_ID Idx, char *Request ) /* remove leading & trailing whitespace */ ngt_TrimStr( Request ); - if( Request[0] == ':' ) - { + if (Conf_ScrubCTCP && ScrubCTCP(Request)) + return true; + + if (Request[0] == ':') { /* Prefix */ req.prefix = Request + 1; ptr = strchr( Request, ' ' ); @@ -459,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req) return IRC_WriteStrClientPrefix(target, prefix, "%s", str); } - static bool Handle_Request( CONN_ID Idx, REQUEST *Req ) { @@ -525,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req ) } /* Handle_Request */ +/** + * Check if incoming messages contains CTCP commands and should be dropped. + * + * @param Request NULL terminated incoming command. + * @returns true, when the message should be dropped. + */ +static bool +ScrubCTCP(char *Request) +{ + static const char me_cmd[] = "ACTION "; + static const char ctcp_char = 0x1; + bool dropCommand = false; + char *ptr = Request; + char *ptrEnd = strchr(Request, '\0'); + + if (Request[0] == ':' && ptrEnd > ptr) + ptr++; + + while (ptr != ptrEnd && *ptr != ':') + ptr++; + + if ((ptrEnd - ptr) > 1) { + ptr++; + if (*ptr == ctcp_char) { + dropCommand = true; + ptr++; + /* allow /me commands */ + if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd) + && !strncmp(ptr, me_cmd, strlen(me_cmd))) + dropCommand = false; + } + } + return dropCommand; +} + /* -eof- */

1 0

xor : New configuration opion "MorePrivacy" to "censor" some user information
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: b80e115f3947eae39aba39d1647f0a81f3d95fa3 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b80e115f… Author: xor <xorboy(a)gmail.com> Date: Sun Jun 19 06:08:33 2011 +0200 New configuration opion "MorePrivacy" to "censor" some user information this patch contains: * Fix for Conf_CloakUserToNick to make it conceal user details * Adds MorePrivacy-feature MorePrivacy censors some user information from being reported by the server. Signon time and idle time is censored. Part and quit messages are made to look the same. WHOWAS requests are silently dropped. All of this is useful if one wish to conceal users that access the ngircd servers from TOR or I2P. --- doc/sample-ngircd.conf.tmpl | 4 ++++ man/ngircd.conf.5.tmpl | 9 +++++++++ src/ngircd/channel.c | 9 +++++++++ src/ngircd/client.c | 15 ++++++++++----- src/ngircd/conf.c | 6 ++++++ src/ngircd/conf.h | 3 +++ src/ngircd/irc-info.c | 10 +++++++++- 7 files changed, 50 insertions(+), 6 deletions(-) diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index b4a498d..f5d7c8a 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -141,6 +141,10 @@ # Do IDENT lookups if ngIRCd has been compiled with support for it. ;Ident = yes + # Enhance user privacy slightly (useful for IRC server on TOR or I2P) + # by censoring some information like idle time, logon time, etc. + ;MorePrivacy = no + # Normally ngIRCd doesn't send any messages to a client until it is # registered. Enable this option to let the daemon send "NOTICE AUTH" # messages to clients while connecting. diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index e8efab1..8198c92 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -244,6 +244,15 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT lookups at run time. Default: yes. .TP +\fBMorePrivacy\fR (boolean) +This will cause ngIRCd to censor user idle time, logon time as well as the +part/quit messages (that are sometimes used to inform everyone about which +client software is being used). WHOWAS requests are also silently ignored. +This option is most useful when ngIRCd is being used together with +anonymizing software such as TOR or I2P and one does not wish to make it +too easy to collect statistics on the users. +Default: no. +.TP \fBNoticeAuth\fR (boolean) Normally ngIRCd doesn't send any messages to a client until it is registered. Enable this option to let the daemon send "NOTICE AUTH" messages to clients diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c index 6e8851b..a36131c 100644 --- a/src/ngircd/channel.c +++ b/src/ngircd/channel.c @@ -263,6 +263,9 @@ Channel_Part(CLIENT * Client, CLIENT * Origin, const char *Name, const char *Rea return false; } + if (Conf_MorePrivacy) + Reason = ""; + /* Part client from channel */ if (!Remove_Client(REMOVE_PART, chan, Client, Origin, Reason, true)) return false; @@ -331,6 +334,9 @@ Channel_Quit( CLIENT *Client, const char *Reason ) assert( Client != NULL ); assert( Reason != NULL ); + if (Conf_MorePrivacy) + Reason = ""; + IRC_WriteStrRelatedPrefix( Client, Client, false, "QUIT :%s", Reason ); c = My_Channels; @@ -961,6 +967,9 @@ Remove_Client( int Type, CHANNEL *Chan, CLIENT *Client, CLIENT *Origin, const ch Client_Mask( Client ), c->name, Client_ID(Origin), Reason); break; default: /* PART */ + if (Conf_MorePrivacy) + Reason = ""; + if (InformServer) IRC_WriteStrServersPrefix(Origin, Client, "PART %s :%s", c->name, Reason); diff --git a/src/ngircd/client.c b/src/ngircd/client.c index e01c424..d038fd2 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -335,8 +335,10 @@ Client_SetID( CLIENT *Client, const char *ID ) strlcpy( Client->id, ID, sizeof( Client->id )); - if (Conf_CloakUserToNick) + if (Conf_CloakUserToNick) { strlcpy( Client->user, ID, sizeof( Client->user )); + strlcpy( Client->info, ID, sizeof( Client->info )); + } /* Hash */ Client->hash = Hash( Client->id ); @@ -351,9 +353,9 @@ Client_SetUser( CLIENT *Client, const char *User, bool Idented ) assert( Client != NULL ); assert( User != NULL ); - if (Conf_CloakUserToNick) return; - - if (Idented) { + if (Conf_CloakUserToNick) { + strlcpy(Client->user, Client->id, sizeof(Client->user)); + } else if (Idented) { strlcpy(Client->user, User, sizeof(Client->user)); } else { Client->user[0] = '~'; @@ -390,7 +392,10 @@ Client_SetInfo( CLIENT *Client, const char *Info ) assert( Client != NULL ); assert( Info != NULL ); - strlcpy(Client->info, Info, sizeof(Client->info)); + if (Conf_CloakUserToNick) + strlcpy(Client->info, Client->id, sizeof(Client->info)); + else + strlcpy(Client->info, Info, sizeof(Client->info)); } /* Client_SetInfo */ diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 9e3fe13..c947997 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -364,6 +364,7 @@ Conf_Test( void ) #ifdef IDENT printf(" Ident = %s\n", yesno_to_str(Conf_Ident)); #endif + printf(" MorePrivacy = %s\n", yesno_to_str(Conf_MorePrivacy)); printf(" NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth)); printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode)); printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode)); @@ -677,6 +678,7 @@ Set_Defaults(bool InitServers) #else Conf_Ident = false; #endif + Conf_MorePrivacy = false; Conf_NoticeAuth = false; Conf_OperCanMode = false; Conf_OperServerMode = false; @@ -1432,6 +1434,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) WarnIdent(Line); return; } + if (strcasecmp(Var, "MorePrivacy") == 0) { + Conf_MorePrivacy = Check_ArgIsTrue(Arg); + return; + } if (strcasecmp(Var, "NoticeAuth") == 0) { Conf_NoticeAuth = Check_ArgIsTrue(Arg); return; diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 80d1818..c2af692 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Enable "more privacy" mode and "censor" some user-related information */ +GLOBAL bool Conf_MorePrivacy; + /** Enable NOTICE AUTH messages on connect */ GLOBAL bool Conf_NoticeAuth; diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c index 22c65aa..301da53 100644 --- a/src/ngircd/irc-info.c +++ b/src/ngircd/irc-info.c @@ -999,7 +999,7 @@ IRC_WHOIS_SendReply(CLIENT *Client, CLIENT *from, CLIENT *c) return DISCONNECTED; /* Idle and signon time (local clients only!) */ - if (Client_Conn(c) > NONE && + if (!Conf_MorePrivacy && Client_Conn(c) > NONE && !IRC_WriteStrClient(from, RPL_WHOISIDLE_MSG, Client_ID(from), Client_ID(c), (unsigned long)Conn_GetIdle(Client_Conn(c)), @@ -1163,6 +1163,10 @@ IRC_WHOWAS( CLIENT *Client, REQUEST *Req ) assert( Client != NULL ); assert( Req != NULL ); + /* Do not reveal any info on disconnected users? */ + if (Conf_MorePrivacy) + return CONNECTED; + /* Wrong number of parameters? */ if (Req->argc > 3) return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG, @@ -1389,6 +1393,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan ) if( Channel_IsMemberOf( Chan, Client )) is_member = true; else is_member = false; + /* Do not print info on channel memberships to anyone that is not member? */ + if (Conf_MorePrivacy && !is_member) + return CONNECTED; + /* Secret channel? */ if( ! is_member && strchr( Channel_Modes( Chan ), 's' )) return CONNECTED;

1 0

xor : Add documentation for "ScrubCTCP" configuration option
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: 5410d96748bbc93fa9479ddaad0fffc51d816f92 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=5410d967… Author: xor <xorboy(a)gmail.com> Date: Sat Jun 19 06:08:33 2010 +0200 Add documentation for "ScrubCTCP" configuration option --- doc/sample-ngircd.conf.tmpl | 3 +++ man/ngircd.conf.5.tmpl | 10 ++++++++++ 2 files changed, 13 insertions(+), 0 deletions(-) diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index b4a498d..02c8bee 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -165,6 +165,9 @@ # "PONG" reply. ;RequireAuthPing = no + # Silently drop all incomming CTCP requests. + ;ScrubCTCP = no + # SSL Server Key Certificate ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index e8efab1..09fd164 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -276,6 +276,16 @@ Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. Default: no. .TP +\fBScrubCTCP\fR (boolean) +If set to true, ngIRCd will silently drop all CTCP requests sent to it from +both clients and servers. It will also not forward CTCP requests to any +other servers. CTCP requests can be used to query user clients about which +software they are using and which versions said softare is. CTCP can also be +used to reveal clients IP numbers. ACTION CTCP requests are not blocked, +this means that /me commands will not be dropped, but please note that +blocking CTCP will disable file sharing between users! +Default: no. +.TP \fBSSLCertFile\fR (string) SSL Certificate file of the private server key. .TP

1 0

Alexander Barton : Really remove [Features] in our manual pages
by alex＠arthur.barton.de 26 Jun '11

26 Jun '11

Module: ngircd.git Branch: master Commit: 9dfde13f0cd6f960565ea2da5734e5b91b497e7a URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=9dfde13f… Author: Alexander Barton <alex(a)barton.de> Date: Sat Jun 25 23:54:41 2011 +0200 Really remove [Features] in our manual pages --- man/ngircd.conf.5.tmpl | 4 ---- 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index e8efab1..41cc08e 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -325,10 +325,6 @@ Password of the IRC operator. \fBMask\fR (string) Mask that is to be checked before an /OPER for this account is accepted. Example: nick!ident(a)*.example.com -.SH [FEATURES] -An optional section that can be used to disable features at -run-time. A feature is enabled by default if if ngircd was built with -support for it. .SH [SERVER] Other servers are configured in .I [Server]

1 0

Springe zur Seite:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

ngIRCd GIT Updates