From: Alexander Barton <alex@barton.de>
Date: Sun, 26 Jun 2011 13:38:53 +0000 (+0200)
Subject: Merge branch 'ScrubCTCP'
X-Git-Tag: rel-18-rc1~7
X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git;a=commitdiff_plain;h=269310f04b7624675f0e609a18c645474d9e5c6f

Merge branch 'ScrubCTCP'

* ScrubCTCP:
  Add documentation for "ScrubCTCP" configuration option
  New option to scrub incoming CTCP commands
---

269310f04b7624675f0e609a18c645474d9e5c6f
diff --cc doc/sample-ngircd.conf.tmpl
index 0f2e7ee8,02c8bee1..900e695f
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@@ -166,23 -165,9 +166,26 @@@
  	# "PONG" reply.
  	;RequireAuthPing = no
  
+ 	# Silently drop all incomming CTCP requests.
+ 	;ScrubCTCP = no
+ 
 +	# Syslog "facility" to which ngIRCd should send log messages.
 +	# Possible values are system dependent, but most probably auth, daemon,
 +	# user and local1 through local7 are possible values; see syslog(3).
 +	# Default is "local5" for historical reasons, you probably want to
 +	# change this to "daemon", for example.
 +	;SyslogFacility = local1
 +
 +	# Password required for using the WEBIRC command used by some
 +	# Web-to-IRC gateways. If not set/empty, the WEBIRC command can't
 +	# be used. (Default: not set)
 +	;WebircPassword = xyz
 +
 +;[SSL]
 +	# SSL-related configuration options. Please note that this section
 +	# is only available when ngIRCd is compiled with support for SSL!
 +	# So don't forget to remove the ";" above if this is the case ...
 +
  	# SSL Server Key Certificate
  	;SSLCertFile = :ETCDIR:/ssl/server-cert.pem
  
diff --cc man/ngircd.conf.5.tmpl
index 68b40800,09fd164d..13c5452b
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@@ -278,23 -276,16 +278,33 @@@ Let ngIRCd send an "authentication PING
  register this client only after receiving the corresponding "PONG" reply.
  Default: no.
  .TP
+ \fBScrubCTCP\fR (boolean)
+ If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+ both clients and servers. It will also not forward CTCP requests to any
+ other servers. CTCP requests can be used to query user clients about which
+ software they are using and which versions said softare is. CTCP can also be
+ used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+ this means that /me commands will not be dropped, but please note that
+ blocking CTCP will disable file sharing between users!
+ Default: no.
+ .TP
 +\fBSyslogFacility\fR (string)
 +Syslog "facility" to which ngIRCd should send log messages. Possible
 +values are system dependent, but most probably "auth", "daemon", "user"
 +and "local1" through "local7" are possible values; see syslog(3).
 +Default is "local5" for historical reasons, you probably want to
 +change this to "daemon", for example.
 +.TP
 +\fBWebircPassword\fR (string)
 +Password required for using the WEBIRC command used by some Web-to-IRC
 +gateways. If not set or empty, the WEBIRC command can't be used.
 +Default: not set.
 +.SH [SSL]
 +All SSL-related configuration variables are located in the
 +.I [SSL]
 +section. Please note that this whole section is only recognized by ngIRCd
 +when it is compiled with support for SSL using OpenSSL or GnuTLS!
 +.TP
  \fBSSLCertFile\fR (string)
  SSL Certificate file of the private server key.
  .TP
diff --cc src/ngircd/conf.c
index 92409409,6bd224f3..3be4eba1
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@@ -379,6 -374,19 +379,7 @@@ Conf_Test( void 
  #ifndef STRICT_RFC
  	printf("  RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
  #endif
+ 	printf("  ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP));
 -#ifdef SSL_SUPPORT
 -	printf("  SSLCertFile = %s\n", Conf_SSLOptions.CertFile);
 -	printf("  SSLDHFile = %s\n", Conf_SSLOptions.DHFile);
 -	printf("  SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile);
 -	if (array_bytes(&Conf_SSLOptions.KeyFilePassword))
 -		puts("  SSLKeyFilePassword = <secret>");
 -	else
 -		puts("  SSLKeyFilePassword = ");
 -	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 -	printf("  SSLPorts = ");
 -	ports_puts(&Conf_SSLOptions.ListenPorts);
 -#endif
  #ifdef SYSLOG
  	printf("  SyslogFacility = %s\n",
  	       ngt_SyslogFacilityName(Conf_SyslogFacility));
@@@ -1485,40 -1461,12 +1487,44 @@@ Handle_OPTIONS(int Line, char *Var, cha
  		return;
  	}
  #endif
+ 	if (strcasecmp(Var, "ScrubCTCP") == 0) {
+ 		Conf_ScrubCTCP = Check_ArgIsTrue(Arg);
+ 		return;
+ 	}
 +#ifdef SYSLOG
 +	if (strcasecmp(Var, "SyslogFacility") == 0) {
 +		Conf_SyslogFacility = ngt_SyslogFacilityID(Arg,
 +							   Conf_SyslogFacility);
 +		return;
 +	}
 +#endif
 +	if (strcasecmp(Var, "WebircPassword") == 0) {
 +		len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd));
 +		if (len >= sizeof(Conf_WebircPwd))
 +			Config_Error_TooLong(Line, Var);
 +		return;
 +	}
 +
 +	Config_Error_Section(Line, Var, "Options");
 +}
 +
  #ifdef SSL_SUPPORT
 -	if (strcasecmp(Var, "SSLCertFile") == 0) {
 +
 +/**
 + * Handle variable in [SSL] configuration section.
 + *
 + * @param Line	Line numer in configuration file.
 + * @param Var	Variable name.
 + * @param Arg	Variable argument.
 + */
 +static void
 +Handle_SSL(int Line, char *Var, char *Arg)
 +{
 +	assert(Line > 0);
 +	assert(Var != NULL);
 +	assert(Arg != NULL);
 +
 +	if (strcasecmp(Var, "CertFile") == 0) {
  		assert(Conf_SSLOptions.CertFile == NULL);
  		Conf_SSLOptions.CertFile = strdup_warn(Arg);
  		return;