Merge branch 'ScrubCTCP'

* ScrubCTCP:
  Add documentation for "ScrubCTCP" configuration option
  New option to scrub incoming CTCP commands
This commit is contained in:
Alexander Barton 2011-06-26 15:38:53 +02:00
commit 269310f04b
5 changed files with 64 additions and 3 deletions

View File

@ -166,6 +166,9 @@
# "PONG" reply. # "PONG" reply.
;RequireAuthPing = no ;RequireAuthPing = no
# Silently drop all incomming CTCP requests.
;ScrubCTCP = no
# Syslog "facility" to which ngIRCd should send log messages. # Syslog "facility" to which ngIRCd should send log messages.
# Possible values are system dependent, but most probably auth, daemon, # Possible values are system dependent, but most probably auth, daemon,
# user and local1 through local7 are possible values; see syslog(3). # user and local1 through local7 are possible values; see syslog(3).

View File

@ -278,6 +278,16 @@ Let ngIRCd send an "authentication PING" when a new client connects, and
register this client only after receiving the corresponding "PONG" reply. register this client only after receiving the corresponding "PONG" reply.
Default: no. Default: no.
.TP .TP
\fBScrubCTCP\fR (boolean)
If set to true, ngIRCd will silently drop all CTCP requests sent to it from
both clients and servers. It will also not forward CTCP requests to any
other servers. CTCP requests can be used to query user clients about which
software they are using and which versions said softare is. CTCP can also be
used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
this means that /me commands will not be dropped, but please note that
blocking CTCP will disable file sharing between users!
Default: no.
.TP
\fBSyslogFacility\fR (string) \fBSyslogFacility\fR (string)
Syslog "facility" to which ngIRCd should send log messages. Possible Syslog "facility" to which ngIRCd should send log messages. Possible
values are system dependent, but most probably "auth", "daemon", "user" values are system dependent, but most probably "auth", "daemon", "user"

View File

@ -379,6 +379,7 @@ Conf_Test( void )
#ifndef STRICT_RFC #ifndef STRICT_RFC
printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
#endif #endif
printf(" ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP));
#ifdef SYSLOG #ifdef SYSLOG
printf(" SyslogFacility = %s\n", printf(" SyslogFacility = %s\n",
ngt_SyslogFacilityName(Conf_SyslogFacility)); ngt_SyslogFacilityName(Conf_SyslogFacility));
@ -698,6 +699,7 @@ Set_Defaults(bool InitServers)
#endif #endif
Conf_PredefChannelsOnly = false; Conf_PredefChannelsOnly = false;
#ifdef SYSLOG #ifdef SYSLOG
Conf_ScrubCTCP = false;
#ifdef LOG_LOCAL5 #ifdef LOG_LOCAL5
Conf_SyslogFacility = LOG_LOCAL5; Conf_SyslogFacility = LOG_LOCAL5;
#else #else
@ -1485,6 +1487,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
return; return;
} }
#endif #endif
if (strcasecmp(Var, "ScrubCTCP") == 0) {
Conf_ScrubCTCP = Check_ArgIsTrue(Arg);
return;
}
#ifdef SYSLOG #ifdef SYSLOG
if (strcasecmp(Var, "SyslogFacility") == 0) { if (strcasecmp(Var, "SyslogFacility") == 0) {
Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, Conf_SyslogFacility = ngt_SyslogFacilityID(Arg,

View File

@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident;
/** Enable all usage of PAM, even when compiled with support for it */ /** Enable all usage of PAM, even when compiled with support for it */
GLOBAL bool Conf_PAM; GLOBAL bool Conf_PAM;
/** Disable all CTCP commands except for /me ? */
GLOBAL bool Conf_ScrubCTCP;
/** Enable NOTICE AUTH messages on connect */ /** Enable NOTICE AUTH messages on connect */
GLOBAL bool Conf_NoticeAuth; GLOBAL bool Conf_NoticeAuth;

View File

@ -47,6 +47,7 @@
#include "numeric.h" #include "numeric.h"
#include "exp.h" #include "exp.h"
#include "conf.h"
struct _NUMERIC { struct _NUMERIC {
int numeric; int numeric;
@ -124,6 +125,8 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUEST *Req, bool *Closed ));
static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req )); static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req ));
static bool ScrubCTCP PARAMS((char *Request));
/** /**
* Return the pointer to the global "IRC command structure". * Return the pointer to the global "IRC command structure".
* This structure, an array of type "COMMAND" describes all the IRC commands * This structure, an array of type "COMMAND" describes all the IRC commands
@ -174,8 +177,10 @@ Parse_Request( CONN_ID Idx, char *Request )
/* remove leading & trailing whitespace */ /* remove leading & trailing whitespace */
ngt_TrimStr( Request ); ngt_TrimStr( Request );
if( Request[0] == ':' ) if (Conf_ScrubCTCP && ScrubCTCP(Request))
{ return true;
if (Request[0] == ':') {
/* Prefix */ /* Prefix */
req.prefix = Request + 1; req.prefix = Request + 1;
ptr = strchr( Request, ' ' ); ptr = strchr( Request, ' ' );
@ -459,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req)
return IRC_WriteStrClientPrefix(target, prefix, "%s", str); return IRC_WriteStrClientPrefix(target, prefix, "%s", str);
} }
static bool static bool
Handle_Request( CONN_ID Idx, REQUEST *Req ) Handle_Request( CONN_ID Idx, REQUEST *Req )
{ {
@ -525,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
} /* Handle_Request */ } /* Handle_Request */
/**
* Check if incoming messages contains CTCP commands and should be dropped.
*
* @param Request NULL terminated incoming command.
* @returns true, when the message should be dropped.
*/
static bool
ScrubCTCP(char *Request)
{
static const char me_cmd[] = "ACTION ";
static const char ctcp_char = 0x1;
bool dropCommand = false;
char *ptr = Request;
char *ptrEnd = strchr(Request, '\0');
if (Request[0] == ':' && ptrEnd > ptr)
ptr++;
while (ptr != ptrEnd && *ptr != ':')
ptr++;
if ((ptrEnd - ptr) > 1) {
ptr++;
if (*ptr == ctcp_char) {
dropCommand = true;
ptr++;
/* allow /me commands */
if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd)
&& !strncmp(ptr, me_cmd, strlen(me_cmd)))
dropCommand = false;
}
}
return dropCommand;
}
/* -eof- */ /* -eof- */