Merge branch 'ScrubCTCP'

* ScrubCTCP:
  Add documentation for "ScrubCTCP" configuration option
  New option to scrub incoming CTCP commands

5 files changed, 64 insertions, 3 deletions

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 0f2e7ee8..900e695f 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -166,6 +166,9 @@
 	# "PONG" reply.
 	;RequireAuthPing = no
 
+	# Silently drop all incomming CTCP requests.
+	;ScrubCTCP = no
+
 	# Syslog "facility" to which ngIRCd should send log messages.
 	# Possible values are system dependent, but most probably auth, daemon,
 	# user and local1 through local7 are possible values; see syslog(3).
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 68b40800..13c5452b 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -278,6 +278,16 @@ Let ngIRCd send an "authentication PING" when a new client connects, and
 register this client only after receiving the corresponding "PONG" reply.
 Default: no.
 .TP
+\fBScrubCTCP\fR (boolean)
+If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+both clients and servers. It will also not forward CTCP requests to any
+other servers. CTCP requests can be used to query user clients about which
+software they are using and which versions said softare is. CTCP can also be
+used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+this means that /me commands will not be dropped, but please note that
+blocking CTCP will disable file sharing between users!
+Default: no.
+.TP
 \fBSyslogFacility\fR (string)
 Syslog "facility" to which ngIRCd should send log messages. Possible
 values are system dependent, but most probably "auth", "daemon", "user"
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 92409409..3be4eba1 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -379,6 +379,7 @@ Conf_Test( void )
 #ifndef STRICT_RFC
 	printf("  RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
 #endif
+	printf("  ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP));
 #ifdef SYSLOG
 	printf("  SyslogFacility = %s\n",
 	       ngt_SyslogFacilityName(Conf_SyslogFacility));
@@ -698,6 +699,7 @@ Set_Defaults(bool InitServers)
 #endif
 	Conf_PredefChannelsOnly = false;
 #ifdef SYSLOG
+	Conf_ScrubCTCP = false;
 #ifdef LOG_LOCAL5
 	Conf_SyslogFacility = LOG_LOCAL5;
 #else
@@ -1485,6 +1487,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
 		return;
 	}
 #endif
+	if (strcasecmp(Var, "ScrubCTCP") == 0) {
+		Conf_ScrubCTCP = Check_ArgIsTrue(Arg);
+		return;
+	}
 #ifdef SYSLOG
 	if (strcasecmp(Var, "SyslogFacility") == 0) {
 		Conf_SyslogFacility = ngt_SyslogFacilityID(Arg,
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 80d18187..1f9bd122 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident;
 /** Enable all usage of PAM, even when compiled with support for it */
 GLOBAL bool Conf_PAM;
 
+/** Disable all CTCP commands except for /me ? */
+GLOBAL bool Conf_ScrubCTCP;
+
 /** Enable NOTICE AUTH messages on connect */
 GLOBAL bool Conf_NoticeAuth;
 
diff --git a/src/ngircd/parse.c b/src/ngircd/parse.c
index c2603918..72e34309 100644
--- a/src/ngircd/parse.c
+++ b/src/ngircd/parse.c
@@ -47,6 +47,7 @@
 #include "numeric.h"
 
 #include "exp.h"
+#include "conf.h"
 
 struct _NUMERIC {
 	int numeric;
@@ -124,6 +125,8 @@ static bool Validate_Args PARAMS(( CONN_ID Idx, REQUEST *Req, bool *Closed ));
 
 static bool Handle_Request PARAMS(( CONN_ID Idx, REQUEST *Req ));
 
+static bool ScrubCTCP PARAMS((char *Request));
+
 /**
  * Return the pointer to the global "IRC command structure".
  * This structure, an array of type "COMMAND" describes all the IRC commands
@@ -174,8 +177,10 @@ Parse_Request( CONN_ID Idx, char *Request )
 	/* remove leading & trailing whitespace */
 	ngt_TrimStr( Request );
 
-	if( Request[0] == ':' )
-	{
+	if (Conf_ScrubCTCP && ScrubCTCP(Request))
+		return true;
+
+	if (Request[0] == ':') {
 		/* Prefix */
 		req.prefix = Request + 1;
 		ptr = strchr( Request, ' ' );
@@ -459,7 +464,6 @@ Handle_Numeric(CLIENT *client, REQUEST *Req)
 	return IRC_WriteStrClientPrefix(target, prefix, "%s", str);
 }
 
-
 static bool
 Handle_Request( CONN_ID Idx, REQUEST *Req )
 {
@@ -525,4 +529,39 @@ Handle_Request( CONN_ID Idx, REQUEST *Req )
 } /* Handle_Request */
 
 
+/**
+ * Check if incoming messages contains CTCP commands and should be dropped.
+ *
+ * @param Request NULL terminated incoming command.
+ * @returns true, when the message should be dropped.
+ */
+static bool
+ScrubCTCP(char *Request)
+{
+	static const char me_cmd[] = "ACTION ";
+	static const char ctcp_char = 0x1;
+	bool dropCommand = false;
+	char *ptr = Request;
+	char *ptrEnd = strchr(Request, '\0');
+
+	if (Request[0] == ':' && ptrEnd > ptr)
+		ptr++;
+
+	while (ptr != ptrEnd && *ptr != ':')
+		ptr++;
+
+	if ((ptrEnd - ptr) > 1) {
+		ptr++;
+		if (*ptr == ctcp_char) {
+			dropCommand = true;
+			ptr++;
+			/* allow /me commands */
+			if ((size_t)(ptrEnd - ptr) >= strlen(me_cmd)
+			    && !strncmp(ptr, me_cmd, strlen(me_cmd)))
+				dropCommand = false;
+		}
+	}
+	return dropCommand;
+}
+
 /* -eof- */