Commit Diff

Commit:
269310f04b7624675f0e609a18c645474d9e5c6f
From:
Alexander Barton <alex@barton.de>
Date:
Message:
Merge branch 'ScrubCTCP' * ScrubCTCP: Add documentation for "ScrubCTCP" configuration option New option to scrub incoming CTCP commands
Actions:
Patch | Tree
commit - 3282c1325e491f2fbc7ee388c557f40e1f9eaed6
commit + 269310f04b7624675f0e609a18c645474d9e5c6f
blob - 0f2e7ee8c609ef1ea3e91e5785168e2bd42ca1dc
blob + 900e695fbd8a45bcc9c4f356e489c9997e24ede1
--- doc/sample-ngircd.conf.tmpl
+++ doc/sample-ngircd.conf.tmpl
@@ -166,6 +166,9 @@
 	# "PONG" reply.
 	;RequireAuthPing = no
 
+	# Silently drop all incomming CTCP requests.
+	;ScrubCTCP = no
+
 	# Syslog "facility" to which ngIRCd should send log messages.
 	# Possible values are system dependent, but most probably auth, daemon,
 	# user and local1 through local7 are possible values; see syslog(3).
blob - 68b4080097797f6018595a5892213098e14d8359
blob + 13c5452b5887f90b556922618fca648b39fc89f3
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -276,6 +276,16 @@ Default: no.
 \fBRequireAuthPing\fR (boolean)
 Let ngIRCd send an "authentication PING" when a new client connects, and
 register this client only after receiving the corresponding "PONG" reply.
+Default: no.
+.TP
+\fBScrubCTCP\fR (boolean)
+If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+both clients and servers. It will also not forward CTCP requests to any
+other servers. CTCP requests can be used to query user clients about which
+software they are using and which versions said softare is. CTCP can also be
+used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+this means that /me commands will not be dropped, but please note that
+blocking CTCP will disable file sharing between users!
 Default: no.
 .TP
 \fBSyslogFacility\fR (string)
blob - 92409409e76b93f51c040b8f5cd91718987b3cca
blob + 3be4eba1895c1ab887fe4afb1ed50feec7d39f71
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -379,6 +379,7 @@ Conf_Test( void )
 #ifndef STRICT_RFC
 	printf("  RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
 #endif
+	printf("  ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP));
 #ifdef SYSLOG
 	printf("  SyslogFacility = %s\n",
 	       ngt_SyslogFacilityName(Conf_SyslogFacility));
@@ -698,6 +699,7 @@ Set_Defaults(bool InitServers)
 #endif
 	Conf_PredefChannelsOnly = false;
 #ifdef SYSLOG
+	Conf_ScrubCTCP = false;
 #ifdef LOG_LOCAL5
 	Conf_SyslogFacility = LOG_LOCAL5;
 #else
@@ -1485,6 +1487,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
 		return;
 	}
 #endif
+	if (strcasecmp(Var, "ScrubCTCP") == 0) {
+		Conf_ScrubCTCP = Check_ArgIsTrue(Arg);
+		return;
+	}
 #ifdef SYSLOG
 	if (strcasecmp(Var, "SyslogFacility") == 0) {
 		Conf_SyslogFacility = ngt_SyslogFacilityID(Arg,
blob - 80d18187db9c16932fb78a6df59c735d244e1195
blob + 1f9bd122d02faf311e64bcce5d527163147d8fe3
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident;
 /** Enable all usage of PAM, even when compiled with support for it */
 GLOBAL bool Conf_PAM;
 
+/** Disable all CTCP commands except for /me ? */
+GLOBAL bool Conf_ScrubCTCP;
+
 /** Enable NOTICE AUTH messages on connect */
 GLOBAL bool Conf_NoticeAuth;
 
blob - c2603918ff430643d045d8e5d95bdfcca43eec8f
blob + 72e3430998b301d4011b9b55175e1a91d41875a6
--- src/ngircd/parse.c
+++ src/ngircd/parse.c
@@ -47,6 +47,7 @@
 #include "numeric.h"
 
 #include "exp.h"
+#include "conf.h"
 
 struct _NUMERIC {
 	int numeric;
@@ -124,6 +125,8 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUES
 
 static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req ));
 
+static bool ScrubCTCP PARAMS((char *Request));
+
 /**
  * Return the pointer to the global "IRC command structure".
  * This structure, an array of type "COMMAND" describes all the IRC commands
@@ -174,8 +177,10 @@ Parse_Request( CONN_ID Idx, char *Request )
 	/* remove leading & trailing whitespace */
 	ngt_TrimStr( Request );
 
-	if( Request[0] == ':' )
-	{
+	if (Conf_ScrubCTCP && ScrubCTCP(Request))
+		return true;
+
+	if (Request[0] == ':') {
 		/* Prefix */
 		req.prefix = Request + 1;
 		ptr = strchr( Request, ' ' );
@@ -459,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req)
 	return IRC_WriteStrClientPrefix(target, prefix, "%s", str);
 }
 
-
 static bool
 Handle_Request( CONN_ID Idx, REQUEST *Req )
 {
@@ -525,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 } /* Handle_Request */
 
 
+/**
+ * Check if incoming messages contains CTCP commands and should be dropped.
+ *
+ * @param Request NULL terminated incoming command.
+ * @returns true, when the message should be dropped.
+ */
+static bool
+ScrubCTCP(char *Request)
+{
+	static const char me_cmd[] = "ACTION ";
+	static const char ctcp_char = 0x1;
+	bool dropCommand = false;
+	char *ptr = Request;
+	char *ptrEnd = strchr(Request, '\0');
+
+	if (Request[0] == ':' && ptrEnd > ptr)
+		ptr++;
+
+	while (ptr != ptrEnd && *ptr != ':')
+		ptr++;
+
+	if ((ptrEnd - ptr) > 1) {
+		ptr++;
+		if (*ptr == ctcp_char) {
+			dropCommand = true;
+			ptr++;
+			/* allow /me commands */
+			if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd)
+			    && !strncmp(ptr, me_cmd, strlen(me_cmd)))
+				dropCommand = false;
+		}
+	}
+	return dropCommand;
+}
+
 /* -eof- */