New configuration opion "MorePrivacy" to "censor" some user information

this patch contains:

  * Fix for Conf_CloakUserToNick to make it conceal user details
  * Adds MorePrivacy-feature

MorePrivacy censors some user information from being reported by the
server. Signon time and idle time is censored. Part and quit messages
are made to look the same. WHOWAS requests are silently dropped. All
of this is useful if one wish to conceal users that access the ngircd
servers from TOR or I2P.
This commit is contained in:
xor 2011-06-19 06:08:33 +02:00 committed by Alexander Barton
parent 6aad5a6706
commit b80e115f39
7 changed files with 50 additions and 6 deletions

View File

@ -141,6 +141,10 @@
# Do IDENT lookups if ngIRCd has been compiled with support for it.
;Ident = yes
# Enhance user privacy slightly (useful for IRC server on TOR or I2P)
# by censoring some information like idle time, logon time, etc.
;MorePrivacy = no
# Normally ngIRCd doesn't send any messages to a client until it is
# registered. Enable this option to let the daemon send "NOTICE AUTH"
# messages to clients while connecting.

View File

@ -244,6 +244,15 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT
lookups at run time.
Default: yes.
.TP
\fBMorePrivacy\fR (boolean)
This will cause ngIRCd to censor user idle time, logon time as well as the
part/quit messages (that are sometimes used to inform everyone about which
client software is being used). WHOWAS requests are also silently ignored.
This option is most useful when ngIRCd is being used together with
anonymizing software such as TOR or I2P and one does not wish to make it
too easy to collect statistics on the users.
Default: no.
.TP
\fBNoticeAuth\fR (boolean)
Normally ngIRCd doesn't send any messages to a client until it is registered.
Enable this option to let the daemon send "NOTICE AUTH" messages to clients

View File

@ -263,6 +263,9 @@ Channel_Part(CLIENT * Client, CLIENT * Origin, const char *Name, const char *Rea
return false;
}
if (Conf_MorePrivacy)
Reason = "";
/* Part client from channel */
if (!Remove_Client(REMOVE_PART, chan, Client, Origin, Reason, true))
return false;
@ -331,6 +334,9 @@ Channel_Quit( CLIENT *Client, const char *Reason )
assert( Client != NULL );
assert( Reason != NULL );
if (Conf_MorePrivacy)
Reason = "";
IRC_WriteStrRelatedPrefix( Client, Client, false, "QUIT :%s", Reason );
c = My_Channels;
@ -961,6 +967,9 @@ Remove_Client( int Type, CHANNEL *Chan, CLIENT *Client, CLIENT *Origin, const ch
Client_Mask( Client ), c->name, Client_ID(Origin), Reason);
break;
default: /* PART */
if (Conf_MorePrivacy)
Reason = "";
if (InformServer)
IRC_WriteStrServersPrefix(Origin, Client, "PART %s :%s", c->name, Reason);

View File

@ -335,8 +335,10 @@ Client_SetID( CLIENT *Client, const char *ID )
strlcpy( Client->id, ID, sizeof( Client->id ));
if (Conf_CloakUserToNick)
if (Conf_CloakUserToNick) {
strlcpy( Client->user, ID, sizeof( Client->user ));
strlcpy( Client->info, ID, sizeof( Client->info ));
}
/* Hash */
Client->hash = Hash( Client->id );
@ -351,9 +353,9 @@ Client_SetUser( CLIENT *Client, const char *User, bool Idented )
assert( Client != NULL );
assert( User != NULL );
if (Conf_CloakUserToNick) return;
if (Idented) {
if (Conf_CloakUserToNick) {
strlcpy(Client->user, Client->id, sizeof(Client->user));
} else if (Idented) {
strlcpy(Client->user, User, sizeof(Client->user));
} else {
Client->user[0] = '~';
@ -390,7 +392,10 @@ Client_SetInfo( CLIENT *Client, const char *Info )
assert( Client != NULL );
assert( Info != NULL );
strlcpy(Client->info, Info, sizeof(Client->info));
if (Conf_CloakUserToNick)
strlcpy(Client->info, Client->id, sizeof(Client->info));
else
strlcpy(Client->info, Info, sizeof(Client->info));
} /* Client_SetInfo */

View File

@ -364,6 +364,7 @@ Conf_Test( void )
#ifdef IDENT
printf(" Ident = %s\n", yesno_to_str(Conf_Ident));
#endif
printf(" MorePrivacy = %s\n", yesno_to_str(Conf_MorePrivacy));
printf(" NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth));
printf(" OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode));
printf(" OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode));
@ -677,6 +678,7 @@ Set_Defaults(bool InitServers)
#else
Conf_Ident = false;
#endif
Conf_MorePrivacy = false;
Conf_NoticeAuth = false;
Conf_OperCanMode = false;
Conf_OperServerMode = false;
@ -1432,6 +1434,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
WarnIdent(Line);
return;
}
if (strcasecmp(Var, "MorePrivacy") == 0) {
Conf_MorePrivacy = Check_ArgIsTrue(Arg);
return;
}
if (strcasecmp(Var, "NoticeAuth") == 0) {
Conf_NoticeAuth = Check_ArgIsTrue(Arg);
return;

View File

@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident;
/** Enable all usage of PAM, even when compiled with support for it */
GLOBAL bool Conf_PAM;
/** Enable "more privacy" mode and "censor" some user-related information */
GLOBAL bool Conf_MorePrivacy;
/** Enable NOTICE AUTH messages on connect */
GLOBAL bool Conf_NoticeAuth;

View File

@ -999,7 +999,7 @@ IRC_WHOIS_SendReply(CLIENT *Client, CLIENT *from, CLIENT *c)
return DISCONNECTED;
/* Idle and signon time (local clients only!) */
if (Client_Conn(c) > NONE &&
if (!Conf_MorePrivacy && Client_Conn(c) > NONE &&
!IRC_WriteStrClient(from, RPL_WHOISIDLE_MSG,
Client_ID(from), Client_ID(c),
(unsigned long)Conn_GetIdle(Client_Conn(c)),
@ -1163,6 +1163,10 @@ IRC_WHOWAS( CLIENT *Client, REQUEST *Req )
assert( Client != NULL );
assert( Req != NULL );
/* Do not reveal any info on disconnected users? */
if (Conf_MorePrivacy)
return CONNECTED;
/* Wrong number of parameters? */
if (Req->argc > 3)
return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
@ -1389,6 +1393,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
if( Channel_IsMemberOf( Chan, Client )) is_member = true;
else is_member = false;
/* Do not print info on channel memberships to anyone that is not member? */
if (Conf_MorePrivacy && !is_member)
return CONNECTED;
/* Secret channel? */
if( ! is_member && strchr( Channel_Modes( Chan ), 's' )) return CONNECTED;