commit 269310f04b7624675f0e609a18c645474d9e5c6f from: Alexander Barton date: Sun Jun 26 13:38:53 2011 UTC Merge branch 'ScrubCTCP' * ScrubCTCP: Add documentation for "ScrubCTCP" configuration option New option to scrub incoming CTCP commands commit - 3282c1325e491f2fbc7ee388c557f40e1f9eaed6 commit + 269310f04b7624675f0e609a18c645474d9e5c6f blob - 0f2e7ee8c609ef1ea3e91e5785168e2bd42ca1dc blob + 900e695fbd8a45bcc9c4f356e489c9997e24ede1 --- doc/sample-ngircd.conf.tmpl +++ doc/sample-ngircd.conf.tmpl @@ -166,6 +166,9 @@ # "PONG" reply. ;RequireAuthPing = no + # Silently drop all incomming CTCP requests. + ;ScrubCTCP = no + # Syslog "facility" to which ngIRCd should send log messages. # Possible values are system dependent, but most probably auth, daemon, # user and local1 through local7 are possible values; see syslog(3). blob - 68b4080097797f6018595a5892213098e14d8359 blob + 13c5452b5887f90b556922618fca648b39fc89f3 --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -276,6 +276,16 @@ Default: no. \fBRequireAuthPing\fR (boolean) Let ngIRCd send an "authentication PING" when a new client connects, and register this client only after receiving the corresponding "PONG" reply. +Default: no. +.TP +\fBScrubCTCP\fR (boolean) +If set to true, ngIRCd will silently drop all CTCP requests sent to it from +both clients and servers. It will also not forward CTCP requests to any +other servers. CTCP requests can be used to query user clients about which +software they are using and which versions said softare is. CTCP can also be +used to reveal clients IP numbers. ACTION CTCP requests are not blocked, +this means that /me commands will not be dropped, but please note that +blocking CTCP will disable file sharing between users! Default: no. .TP \fBSyslogFacility\fR (string) blob - 92409409e76b93f51c040b8f5cd91718987b3cca blob + 3be4eba1895c1ab887fe4afb1ed50feec7d39f71 --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -379,6 +379,7 @@ Conf_Test( void ) #ifndef STRICT_RFC printf(" RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing)); #endif + printf(" ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP)); #ifdef SYSLOG printf(" SyslogFacility = %s\n", ngt_SyslogFacilityName(Conf_SyslogFacility)); @@ -698,6 +699,7 @@ Set_Defaults(bool InitServers) #endif Conf_PredefChannelsOnly = false; #ifdef SYSLOG + Conf_ScrubCTCP = false; #ifdef LOG_LOCAL5 Conf_SyslogFacility = LOG_LOCAL5; #else @@ -1485,6 +1487,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) return; } #endif + if (strcasecmp(Var, "ScrubCTCP") == 0) { + Conf_ScrubCTCP = Check_ArgIsTrue(Arg); + return; + } #ifdef SYSLOG if (strcasecmp(Var, "SyslogFacility") == 0) { Conf_SyslogFacility = ngt_SyslogFacilityID(Arg, blob - 80d18187db9c16932fb78a6df59c735d244e1195 blob + 1f9bd122d02faf311e64bcce5d527163147d8fe3 --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident; /** Enable all usage of PAM, even when compiled with support for it */ GLOBAL bool Conf_PAM; +/** Disable all CTCP commands except for /me ? */ +GLOBAL bool Conf_ScrubCTCP; + /** Enable NOTICE AUTH messages on connect */ GLOBAL bool Conf_NoticeAuth; blob - c2603918ff430643d045d8e5d95bdfcca43eec8f blob + 72e3430998b301d4011b9b55175e1a91d41875a6 --- src/ngircd/parse.c +++ src/ngircd/parse.c @@ -47,6 +47,7 @@ #include "numeric.h" #include "exp.h" +#include "conf.h" struct _NUMERIC { int numeric; @@ -124,6 +125,8 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUES static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req )); +static bool ScrubCTCP PARAMS((char *Request)); + /** * Return the pointer to the global "IRC command structure". * This structure, an array of type "COMMAND" describes all the IRC commands @@ -174,8 +177,10 @@ Parse_Request( CONN_ID Idx, char *Request ) /* remove leading & trailing whitespace */ ngt_TrimStr( Request ); - if( Request[0] == ':' ) - { + if (Conf_ScrubCTCP && ScrubCTCP(Request)) + return true; + + if (Request[0] == ':') { /* Prefix */ req.prefix = Request + 1; ptr = strchr( Request, ' ' ); @@ -459,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req) return IRC_WriteStrClientPrefix(target, prefix, "%s", str); } - static bool Handle_Request( CONN_ID Idx, REQUEST *Req ) { @@ -525,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req ) } /* Handle_Request */ +/** + * Check if incoming messages contains CTCP commands and should be dropped. + * + * @param Request NULL terminated incoming command. + * @returns true, when the message should be dropped. + */ +static bool +ScrubCTCP(char *Request) +{ + static const char me_cmd[] = "ACTION "; + static const char ctcp_char = 0x1; + bool dropCommand = false; + char *ptr = Request; + char *ptrEnd = strchr(Request, '\0'); + + if (Request[0] == ':' && ptrEnd > ptr) + ptr++; + + while (ptr != ptrEnd && *ptr != ':') + ptr++; + + if ((ptrEnd - ptr) > 1) { + ptr++; + if (*ptr == ctcp_char) { + dropCommand = true; + ptr++; + /* allow /me commands */ + if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd) + && !strncmp(ptr, me_cmd, strlen(me_cmd))) + dropCommand = false; + } + } + return dropCommand; +} + /* -eof- */