New configuration opion "MorePrivacy" to "censor" some user information

this patch contains:

  * Fix for Conf_CloakUserToNick to make it conceal user details
  * Adds MorePrivacy-feature

MorePrivacy censors some user information from being reported by the
server. Signon time and idle time is censored. Part and quit messages
are made to look the same. WHOWAS requests are silently dropped. All
of this is useful if one wish to conceal users that access the ngircd
servers from TOR or I2P.

7 files changed, 50 insertions, 6 deletions

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index b4a498d4..f5d7c8a6 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -141,6 +141,10 @@
 	# Do IDENT lookups if ngIRCd has been compiled with support for it.
 	;Ident = yes
 
+	# Enhance user privacy slightly (useful for IRC server on TOR or I2P)
+	# by censoring some information like idle time, logon time, etc.
+	;MorePrivacy = no
+
 	# Normally ngIRCd doesn't send any messages to a client until it is
 	# registered. Enable this option to let the daemon send "NOTICE AUTH"
 	# messages to clients while connecting.
diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index e8efab1f..8198c92b 100644
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -244,6 +244,15 @@ If ngIRCd is compiled with IDENT support this can be used to disable IDENT
 lookups at run time.
 Default: yes.
 .TP
+\fBMorePrivacy\fR (boolean)
+This will cause ngIRCd to censor user idle time, logon time as well as the
+part/quit messages (that are sometimes used to inform everyone about which
+client software is being used). WHOWAS requests are also silently ignored.
+This option is most useful when ngIRCd is being used together with
+anonymizing software such as TOR or I2P and one does not wish to make it
+too easy to collect statistics on the users.
+Default: no.
+.TP
 \fBNoticeAuth\fR (boolean)
 Normally ngIRCd doesn't send any messages to a client until it is registered.
 Enable this option to let the daemon send "NOTICE AUTH" messages to clients
diff --git a/src/ngircd/channel.c b/src/ngircd/channel.c
index 6e8851b6..a36131c0 100644
--- a/src/ngircd/channel.c
+++ b/src/ngircd/channel.c
@@ -263,6 +263,9 @@ Channel_Part(CLIENT * Client, CLIENT * Origin, const char *Name, const char *Rea
 		return false;
 	}
 
+	if (Conf_MorePrivacy)
+		Reason = "";
+
 	/* Part client from channel */
 	if (!Remove_Client(REMOVE_PART, chan, Client, Origin, Reason, true))
 		return false;
@@ -331,6 +334,9 @@ Channel_Quit( CLIENT *Client, const char *Reason )
 	assert( Client != NULL );
 	assert( Reason != NULL );
 
+	if (Conf_MorePrivacy)
+		Reason = "";
+
 	IRC_WriteStrRelatedPrefix( Client, Client, false, "QUIT :%s", Reason );
 
 	c = My_Channels;
@@ -961,6 +967,9 @@ Remove_Client( int Type, CHANNEL *Chan, CLIENT *Client, CLIENT *Origin, const ch
 				Client_Mask( Client ), c->name, Client_ID(Origin), Reason);
 			break;
 		default: /* PART */
+			if (Conf_MorePrivacy)
+				Reason = "";
+
 			if (InformServer)
 				IRC_WriteStrServersPrefix(Origin, Client, "PART %s :%s", c->name, Reason);
 
diff --git a/src/ngircd/client.c b/src/ngircd/client.c
index e01c4240..d038fd24 100644
--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@@ -335,8 +335,10 @@ Client_SetID( CLIENT *Client, const char *ID )
 	
 	strlcpy( Client->id, ID, sizeof( Client->id ));
 
-	if (Conf_CloakUserToNick)
+	if (Conf_CloakUserToNick) {
 		strlcpy( Client->user, ID, sizeof( Client->user ));
+		strlcpy( Client->info, ID, sizeof( Client->info ));
+	}
 
 	/* Hash */
 	Client->hash = Hash( Client->id );
@@ -351,9 +353,9 @@ Client_SetUser( CLIENT *Client, const char *User, bool Idented )
 	assert( Client != NULL );
 	assert( User != NULL );
 
-	if (Conf_CloakUserToNick) return;
-
-	if (Idented) {
+	if (Conf_CloakUserToNick) {
+		strlcpy(Client->user, Client->id, sizeof(Client->user));
+	} else if (Idented) {
 		strlcpy(Client->user, User, sizeof(Client->user));
 	} else {
 		Client->user[0] = '~';
@@ -390,7 +392,10 @@ Client_SetInfo( CLIENT *Client, const char *Info )
 	assert( Client != NULL );
 	assert( Info != NULL );
 
-	strlcpy(Client->info, Info, sizeof(Client->info));
+	if (Conf_CloakUserToNick)
+		strlcpy(Client->info, Client->id, sizeof(Client->info));
+	else
+		strlcpy(Client->info, Info, sizeof(Client->info));
 } /* Client_SetInfo */
 
 
diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 9e3fe13d..c9479972 100644
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -364,6 +364,7 @@ Conf_Test( void )
 #ifdef IDENT
 	printf("  Ident = %s\n", yesno_to_str(Conf_Ident));
 #endif
+	printf("  MorePrivacy = %s\n", yesno_to_str(Conf_MorePrivacy));
 	printf("  NoticeAuth = %s\n", yesno_to_str(Conf_NoticeAuth));
 	printf("  OperCanUseMode = %s\n", yesno_to_str(Conf_OperCanMode));
 	printf("  OperServerMode = %s\n", yesno_to_str(Conf_OperServerMode));
@@ -677,6 +678,7 @@ Set_Defaults(bool InitServers)
 #else
 	Conf_Ident = false;
 #endif
+	Conf_MorePrivacy = false;
 	Conf_NoticeAuth = false;
 	Conf_OperCanMode = false;
 	Conf_OperServerMode = false;
@@ -1432,6 +1434,10 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
 		WarnIdent(Line);
 		return;
 	}
+	if (strcasecmp(Var, "MorePrivacy") == 0) {
+		Conf_MorePrivacy = Check_ArgIsTrue(Arg);
+		return;
+	}
 	if (strcasecmp(Var, "NoticeAuth") == 0) {
 		Conf_NoticeAuth = Check_ArgIsTrue(Arg);
 		return;
diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 80d18187..c2af692a 100644
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -178,6 +178,9 @@ GLOBAL bool Conf_Ident;
 /** Enable all usage of PAM, even when compiled with support for it */
 GLOBAL bool Conf_PAM;
 
+/** Enable "more privacy" mode and "censor" some user-related information */
+GLOBAL bool Conf_MorePrivacy;
+
 /** Enable NOTICE AUTH messages on connect */
 GLOBAL bool Conf_NoticeAuth;
 
diff --git a/src/ngircd/irc-info.c b/src/ngircd/irc-info.c
index 22c65aa2..301da533 100644
--- a/src/ngircd/irc-info.c
+++ b/src/ngircd/irc-info.c
@@ -999,7 +999,7 @@ IRC_WHOIS_SendReply(CLIENT *Client, CLIENT *from, CLIENT *c)
 			return DISCONNECTED;
 
 	/* Idle and signon time (local clients only!) */
-	if (Client_Conn(c) > NONE &&
+	if (!Conf_MorePrivacy && Client_Conn(c) > NONE &&
 		!IRC_WriteStrClient(from, RPL_WHOISIDLE_MSG,
 				    Client_ID(from), Client_ID(c),
 				    (unsigned long)Conn_GetIdle(Client_Conn(c)),
@@ -1163,6 +1163,10 @@ IRC_WHOWAS( CLIENT *Client, REQUEST *Req )
 	assert( Client != NULL );
 	assert( Req != NULL );
 
+	/* Do not reveal any info on disconnected users? */
+	if (Conf_MorePrivacy)
+		return CONNECTED;
+
 	/* Wrong number of parameters? */
 	if (Req->argc > 3)
 		return IRC_WriteStrClient(Client, ERR_NEEDMOREPARAMS_MSG,
@@ -1389,6 +1393,10 @@ IRC_Send_NAMES( CLIENT *Client, CHANNEL *Chan )
 	if( Channel_IsMemberOf( Chan, Client )) is_member = true;
 	else is_member = false;
 
+	/* Do not print info on channel memberships to anyone that is not member? */
+	if (Conf_MorePrivacy && !is_member)
+		return CONNECTED;
+
 	/* Secret channel? */
 	if( ! is_member && strchr( Channel_Modes( Chan ), 's' )) return CONNECTED;