Greetings po||ux, Here is the patch. Sorry it is a bit messy. I was not able to figure out how to edit the autoconf files so I just edited the makefile directly to add the libpcre library: Only in ngircd/src/ngircd: censor.c /* Copyright (C) 2019 by jrmu <jrmu@lecturify.com> Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted. This software is offered as-is, without any warranty. */ #include <stdio.h> #include <string.h> #include <stdlib.h> #include <pcre.h> #define OVECCOUNT 30 /* should be a multiple of 3 */ /** * Indicates whether a message matches a list of regular expressions. * * @param msg The message to test * @param msg_len The length of msg * @param re An array of compiled regular expressions * @param re_len The length of re * @param out The matched string to return or NULL * @return Boolean for whether the message should be censored. */ bool censor(char *msg, size_t msg_len, pcre **re, size_t re_len, char *match) { int rc; int ovector[OVECCOUNT]; /* actual length needed because pcre_exec scans past \0 */ int len = strnlen(msg, msg_len); for (unsigned int i = 0; i < re_len && re[i]; i++) { rc = pcre_exec(re[i], NULL, msg, len, 0, 0, ovector, OVECCOUNT); if (rc >= 0) { strlcpy(match, msg+ovector[0], ovector[1]-ovector[0]+1); return true; } } return false; } diff -ru ngircd-barton/src/ngircd/client.c ngircd/src/ngircd/client.c --- ngircd-barton/src/ngircd/client.c Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/client.c Mon Sep 16 07:57:43 2019 @@ -337,7 +337,9 @@ assert(Client != NULL); assert(Hostname != NULL); - if (Conf_CloakHost[0]) { + /* Only cloak the hostmask if it has not yet been cloaked (the period + * indicates it's still an IP address). */ + if (Conf_CloakHost[0] && strchr(Client->host, '.')) { char cloak[GETID_LEN]; strlcpy(cloak, Hostname, GETID_LEN); diff -ru ngircd-barton/src/ngircd/client.h ngircd/src/ngircd/client.h --- ngircd-barton/src/ngircd/client.h Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/client.h Mon Sep 16 07:57:43 2019 @@ -27,7 +27,7 @@ #define CLIENT_UNKNOWNSERVER 0x0080 /* unregistered server connection */ #define CLIENT_GOTPASS_2813 0x0100 /* client did send PASS, RFC 2813 style */ #ifndef STRICT_RFC -# define CLIENT_WAITAUTHPING 0x0200 /* waiting for AUTH PONG from client */ +#define CLIENT_WAITAUTHPING 0x0200 /* waiting for AUTH PONG from client */ #endif #define CLIENT_WAITCAPEND 0x0400 /* waiting for "CAP END" command */ #define CLIENT_ANY 0xFFFF diff -ru ngircd-barton/src/ngircd/conf.c ngircd/src/ngircd/conf.c --- ngircd-barton/src/ngircd/conf.c Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/conf.c Mon Sep 16 12:22:32 2019 @@ -68,6 +68,8 @@ char *Var, char *Arg )); static void Handle_CHANNEL PARAMS((const char *File, int Line, char *Var, char *Arg )); +static void Handle_CENSOR PARAMS((const char *File, int Line, + char *Var, char *Arg )); static void Config_Error PARAMS((const int Level, const char *Format, ...)); @@ -332,6 +334,8 @@ bool config_valid; size_t predef_channel_count; struct Conf_Channel *predef_chan; + size_t predef_censor_count; + struct Conf_Censor *predef_censor; Use_Log = false; @@ -388,7 +392,7 @@ printf(" MaxConnectionsIP = %d\n", Conf_MaxConnectionsIP); printf(" MaxJoins = %d\n", Conf_MaxJoins > 0 ? Conf_MaxJoins : -1); printf(" MaxNickLength = %u\n", Conf_MaxNickLength - 1); - printf(" MaxPenaltyTime = %ld\n", Conf_MaxPenaltyTime); + printf(" MaxPenaltyTime = %lld\n", Conf_MaxPenaltyTime); printf(" MaxListSize = %d\n", Conf_MaxListSize); printf(" PingTimeout = %d\n", Conf_PingTimeout); printf(" PongTimeout = %d\n", Conf_PongTimeout); @@ -490,6 +494,17 @@ printf(" KeyFile = %s\n\n", predef_chan->keyfile); } + predef_censor_count = array_length(&Conf_Censors, sizeof(*predef_censor)); + predef_censor = array_start(&Conf_Censors); + + for (i = 0; i < predef_censor_count; i++, predef_censor++) { + if (!predef_censor->file) + continue; + puts( "[CENSOR]" ); + printf(" File = %s\n\n", predef_censor->file); + } + /* "Censor" section */ + return (config_valid ? 0 : 1); } @@ -757,7 +772,7 @@ strlcat(Conf_HelpFile, HELP_FILE, sizeof(Conf_HelpFile)); strcpy(Conf_ServerPwd, ""); strlcpy(Conf_PidFile, PID_FILE, sizeof(Conf_PidFile)); - Conf_UID = Conf_GID = 0; + Conf_UID = Conf_GID = 703; /* Limits */ Conf_ConnectRetry = 60; @@ -818,7 +833,6 @@ Conf_SyslogFacility = 0; #endif #endif - /* Initialize server configuration structures */ if (InitServers) { for (i = 0; i < MAX_SERVERS; @@ -901,6 +915,12 @@ int i, n; FILE *fd; DIR *dh; + size_t predef_censor_count; + struct Conf_Censor *predef_censor; + const char *error; + int line = 0; + char filters[LINE_LEN][LINE_LEN]; + int erroffset; Log(LOG_INFO, "Using configuration file \"%s\" ...", NGIRCd_ConfFile); @@ -1049,6 +1069,41 @@ Conf_SSLOptions.CipherList = strdup_warn(DEFAULT_CIPHERS); #endif + /* Load censor files */ + predef_censor_count = array_length(&Conf_Censors, sizeof(*predef_censor)); + predef_censor = array_start(&Conf_Censors); + + for (unsigned int i = 0; i < predef_censor_count; i++, predef_censor++) { +// LogDebug("\n\nCensor file: %s\n", predef_censor->file); + if (predef_censor->file) { + fd = fopen(predef_censor->file, "r"); + if (fd) { + while (fgets(filters[line], LINE_LEN, fd)) { + ngt_TrimLastChr(filters[line], '\n'); + line++; + } + fclose(fd); + pcre **re = calloc(sizeof(pcre *), line); + if (!re) { + Config_Error(LOG_ERR, "Can't allocate memory for censor rules"); + break; + } + for (int i = 0; i < line; i++) { + re[i] = pcre_compile(filters[i], PCRE_CASELESS, &error, &erroffset, NULL); + if (!re[i]) { + Config_Error(LOG_ERR, "Can't compile censor rules"); + break; + } + LogDebug("Line: %d, Filter: %s, Re: %p", i, filters[i], re[i]); + } + predef_censor->re = re; + predef_censor->len = line; + } else { + Config_Error(LOG_ERR, "Can't read %s", predef_censor->file); + } + } + } + /* Censor filters */ return true; } @@ -1150,6 +1205,18 @@ continue; } + if (strcasecmp(section, "[CENSOR]") == 0) { + count = array_length(&Conf_Censors, + sizeof(struct Conf_Censor)); + if (!array_alloc(&Conf_Censors, + sizeof(struct Conf_Censor), count)) { + Config_Error(LOG_ERR, + "Could not allocate memory for new censor (line %d)", + line); + } + continue; + } + Config_Error(LOG_ERR, "%s, line %d: Unknown section \"%s\"!", File, line, section); @@ -1187,6 +1254,8 @@ Handle_SERVER(File, line, var, arg); else if (strcasecmp(section, "[CHANNEL]") == 0) Handle_CHANNEL(File, line, var, arg); + else if (strcasecmp(section, "[CENSOR]") == 0) + Handle_CENSOR(File, line, var, arg); else Config_Error(LOG_ERR, "%s, line %d: Variable \"%s\" outside section!", @@ -1646,7 +1715,7 @@ return; } if (strcasecmp(Var, "MaxPenaltyTime") == 0) { - Conf_MaxPenaltyTime = atol(Arg); + Conf_MaxPenaltyTime = atoll(Arg); if (Conf_MaxPenaltyTime < -1) Conf_MaxPenaltyTime = -1; /* "unlimited" */ return; @@ -2193,6 +2262,40 @@ } /** + * Handle variable in [CENSOR] configuration section. + * + * @param Line Line number in configuration file. + * @param Var Variable name. + * @param Arg Variable argument. + */ +static void +Handle_CENSOR(const char *File, int Line, char *Var, char *Arg) +{ + size_t len; + struct Conf_Censor *censor; + + assert( File != NULL ); + assert( Line > 0 ); + assert( Var != NULL ); + assert( Arg != NULL ); + + censor = array_get(&Conf_Censors, sizeof(*censor), + array_length(&Conf_Censors, sizeof(*censor)) - 1); + if (!censor) + return; + + if (strcasecmp(Var, "File") == 0) { + /* Censor file */ + len = strlcpy(censor->file, Arg, sizeof(censor->file)); + if (len >= sizeof(censor->file)) + Config_Error_TooLong(File, Line, Var); + return; + } + + Config_Error_Section(File, Line, Var, "Censor"); +} + +/** * Validate server configuration. * * Please note that this function uses exit(1) on fatal errors and therefore @@ -2280,8 +2383,8 @@ if (Conf_MaxPenaltyTime != -1) Config_Error(LOG_WARNING, - "Maximum penalty increase ('MaxPenaltyTime') is set to %ld, this is not recommended!", - Conf_MaxPenaltyTime); + "Maximum penalty increase ('MaxPenaltyTime') is set to %lld, this is not recommended!", + (long long)Conf_MaxPenaltyTime); #ifdef DEBUG servers = servers_once = 0; diff -ru ngircd-barton/src/ngircd/conf.h ngircd/src/ngircd/conf.h --- ngircd-barton/src/ngircd/conf.h Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/conf.h Mon Sep 16 07:57:43 2019 @@ -27,6 +27,8 @@ #include "proc.h" #include "conf-ssl.h" +#include <pcre.h> + /** * Configured IRC operator. * Please note that the name of the IRC operaor and his nick have nothing to @@ -101,7 +103,7 @@ /** Server info text */ GLOBAL char Conf_ServerInfo[CLIENT_INFO_LEN]; -/** Global server passwort */ +/** Global server password */ GLOBAL char Conf_ServerPwd[CLIENT_PASS_LEN]; /** Administrative information */ @@ -283,8 +285,16 @@ GLOBAL void Conf_DebugDump PARAMS((void)); #endif +/** Censorship rules, one per file */ +struct Conf_Censor { + char file[FNAME_LEN]; /** File path */ + pcre **re; /** Patterns to match against */ + size_t len; /** length of regex patterns array */ +}; -#endif +/** Array of censorship rules */ +GLOBAL array Conf_Censors; +#endif /* -eof- */ diff -ru ngircd-barton/src/ngircd/irc.c ngircd/src/ngircd/irc.c --- ngircd-barton/src/ngircd/irc.c Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/irc.c Mon Sep 16 11:27:55 2019 @@ -38,6 +38,7 @@ #include "op.h" #include "irc.h" +#include "censor.c" static char *Option_String PARAMS((CONN_ID Idx)); static bool Send_Message PARAMS((CLIENT *Client, REQUEST *Req, int ForceType, @@ -511,6 +512,7 @@ #endif } /* Option_String */ + /** * Send a message to target(s). * @@ -534,6 +536,12 @@ char *message = NULL; char *targets[MAX_HNDL_TARGETS]; int i, target_nr = 0; + size_t predef_censor_count; + struct Conf_Censor *predef_censor; + char match[COMMAND_LEN]; + char msg[COMMAND_LEN]; + pcre **re; + int re_len; assert(Client != NULL); assert(Req != NULL); @@ -572,6 +580,26 @@ #endif message = Req->argv[1]; + /* Check censorship rules */ + + predef_censor_count = array_length(&Conf_Censors, sizeof(*predef_censor)); + predef_censor = array_start(&Conf_Censors); + + if (strlcpy(msg, message, COMMAND_LEN) >= COMMAND_LEN) { + LogDebug("Error copying message!"); + } else { + for (unsigned int i = 0; i < predef_censor_count; i++, predef_censor++) { + re = predef_censor->re; + re_len = predef_censor->len; + if (re && censor(msg, COMMAND_LEN, re, re_len, match)) { + LogDebug("Message: %s, match: %s", msg, match); + snprintf(msg, COMMAND_LEN, "Your message to %s was dropped because it contains profanity or spam: %s. If this is an error, please report it in #help.", currentTarget, match); + currentTarget = Client_ID(Client); + message = msg; + break; + } + } + } /* handle msgtarget = msgto *("," msgto) */ currentTarget = strtok_r(currentTarget, ",", &strtok_last); ngt_UpperStr(Req->command); diff -ru ngircd-barton/src/ngircd/ngircd.c ngircd/src/ngircd/ngircd.c --- ngircd-barton/src/ngircd/ngircd.c Wed Sep 4 00:28:34 2019 +++ ngircd/src/ngircd/ngircd.c Mon Sep 16 07:57:43 2019 @@ -560,7 +560,7 @@ #if !defined(SINGLE_USER_OS) /** - * Get user and group ID of unprivileged "nobody" user. + * Get user and group ID of unprivileged "_ngircd" user. * * @param uid User ID * @param gid Group ID @@ -584,7 +584,7 @@ } #endif - pwd = getpwnam("nobody"); + pwd = getpwnam("_ngircd"); if (!pwd) return false; @@ -700,11 +700,11 @@ if (Conf_UID == 0) { pwd = getpwuid(0); Log(LOG_INFO, - "ServerUID must not be %s(0), using \"nobody\" instead.", + "ServerUID must not be %s(0), using \"_ngircd\" instead.", pwd ? pwd->pw_name : "?"); if (!NGIRCd_getNobodyID(&Conf_UID, &Conf_GID)) { Log(LOG_WARNING, - "Could not get user/group ID of user \"nobody\": %s", + "Could not get user/group ID of user \"_ngircd\": %s", errno ? strerror(errno) : "not found" ); goto out; } Only in /etc/ngircd: profanity \b(smart|fat|dumb|big)?(ass|arse)(hol|whol)?e?s?\b bastard \bbdsm\b bitch blow\s?job bollock \bboners?\b \bboo+b(ies|s)?\b \bbugger(ed|ing)?s?\b butt(w?hole|plug) \bcirclejerk \bclit(s)?\b \bcock(s|suck.*)?\b \bcrap(py|ped|ping|per|tastic)?\b \b[ck]um(mer|ming|shot)?s?\b [ck]un+il+ingus \b[c|k]unt(s|lick.*)?\b \b(god-?)?damn \bdick (tele)?dildo \bdykes?\b eja[ck]ulat.* \b(dumb|nazi)?fag+(ot)?(it+)?s?\b \bfap(ping|pening|ed)?s?\b fellat(e|io) \bfook(er)?s?\b \b(m[ou]ther|m[ou]tha|father|sister|goat|cyber|finger|fist)?fuc?k+ fuc?k+(a|er|in|ing|ed|wad|head|off|whit)?s?\b \bfcuk(er|ing)?\b fudge\s*packers? \bfux(or)?s?\b gang\s*bang gay\s*(slave|lords?|sex) g[eo]t(ting|ten)? laid (phone|hot|core|\banal|\boral)\s*sex \bhorn(y|iest) (jack|jerk)\-*\s*off \bjizz jizz\b \bkock(suck.*)?s?\b \blady\s*boys? lmf?ao\b mast[eu]rbat \bmofos?\b \bnigg(er|a)(s|z)?\b nutsacks? \bphu(ck|q)(ed|ing|ked)?s?\b \bpiss(ed|ing|in|es|er|ers|off)?\b \bpuss(e|y|ys|ies)\b \bretard(ed)?s?\b \brim(ming|job)?s?\b \bscrewing\b \bshag(ging)?\b \bshe\-*males? \bshit|shit\b \bskank(y|s)?\b \bslut(ty|ting|s)?\b \btit+(s|y|ies|wank|ywank)\b \btwat(head|ty)?\b \bturds?\b \bwank(y|er)?s?\b \b(cam)?whor(e|ing)?(house)?s?\b \bwtf\b shibboleth /etc/ngircd/ngircd.conf: [Censor] File = /etc/ngircd/profanity jrmu