repo: ngircd
action: commit
revision: 
path_from: 
revision_from: 269310f04b7624675f0e609a18c645474d9e5c6f:
path_to: 
revision_to:
git.thebackupbox.net
ngircd
git clone git://git.thebackupbox.net/ngircd
commit 269310f04b7624675f0e609a18c645474d9e5c6f
Merge: 3282c132 5410d967
Author: Alexander Barton 
Date:   Sun Jun 26 15:38:53 2011 +0200

    Merge branch 'ScrubCTCP'

    * ScrubCTCP:
      Add documentation for "ScrubCTCP" configuration option
      New option to scrub incoming CTCP commands

diff --cc doc/sample-ngircd.conf.tmpl
index 0f2e7ee8c609ef1ea3e91e5785168e2bd42ca1dc,02c8bee1387bf679c1fb789e3016ee7f9bcb1e73..900e695fbd8a45bcc9c4f356e489c9997e24ede1
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@@ -166,23 -165,9 +166,26 @@@
  	# "PONG" reply.
  	;RequireAuthPing = no

+ 	# Silently drop all incomming CTCP requests.
+ 	;ScrubCTCP = no
+ 
 +	# Syslog "facility" to which ngIRCd should send log messages.
 +	# Possible values are system dependent, but most probably auth, daemon,
 +	# user and local1 through local7 are possible values; see syslog(3).
 +	# Default is "local5" for historical reasons, you probably want to
 +	# change this to "daemon", for example.
 +	;SyslogFacility = local1
 +
 +	# Password required for using the WEBIRC command used by some
 +	# Web-to-IRC gateways. If not set/empty, the WEBIRC command can't
 +	# be used. (Default: not set)
 +	;WebircPassword = xyz
 +
 +;[SSL]
 +	# SSL-related configuration options. Please note that this section
 +	# is only available when ngIRCd is compiled with support for SSL!
 +	# So don't forget to remove the ";" above if this is the case ...
 +
  	# SSL Server Key Certificate
  	;SSLCertFile = :ETCDIR:/ssl/server-cert.pem

diff --cc man/ngircd.conf.5.tmpl
index 68b4080097797f6018595a5892213098e14d8359,09fd164dd9fa70381dedf4aa85448cd12eeeec4d..13c5452b5887f90b556922618fca648b39fc89f3
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@@ -278,23 -276,16 +278,33 @@@ Let ngIRCd send an "authentication PING
  register this client only after receiving the corresponding "PONG" reply.
  Default: no.
  .TP
+ \fBScrubCTCP\fR (boolean)
+ If set to true, ngIRCd will silently drop all CTCP requests sent to it from
+ both clients and servers. It will also not forward CTCP requests to any
+ other servers. CTCP requests can be used to query user clients about which
+ software they are using and which versions said softare is. CTCP can also be
+ used to reveal clients IP numbers. ACTION CTCP requests are not blocked,
+ this means that /me commands will not be dropped, but please note that
+ blocking CTCP will disable file sharing between users!
+ Default: no.
+ .TP
 +\fBSyslogFacility\fR (string)
 +Syslog "facility" to which ngIRCd should send log messages. Possible
 +values are system dependent, but most probably "auth", "daemon", "user"
 +and "local1" through "local7" are possible values; see syslog(3).
 +Default is "local5" for historical reasons, you probably want to
 +change this to "daemon", for example.
 +.TP
 +\fBWebircPassword\fR (string)
 +Password required for using the WEBIRC command used by some Web-to-IRC
 +gateways. If not set or empty, the WEBIRC command can't be used.
 +Default: not set.
 +.SH [SSL]
 +All SSL-related configuration variables are located in the
 +.I [SSL]
 +section. Please note that this whole section is only recognized by ngIRCd
 +when it is compiled with support for SSL using OpenSSL or GnuTLS!
 +.TP
  \fBSSLCertFile\fR (string)
  SSL Certificate file of the private server key.
  .TP
diff --cc src/ngircd/conf.c
index 92409409e76b93f51c040b8f5cd91718987b3cca,6bd224f3c11ea58189d081beb361d97783bf721f..3be4eba1895c1ab887fe4afb1ed50feec7d39f71
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@@ -379,6 -374,19 +379,7 @@@ Conf_Test( void 
  #ifndef STRICT_RFC
  	printf("  RequireAuthPing = %s\n", yesno_to_str(Conf_AuthPing));
  #endif
+ 	printf("  ScrubCTCP = %s\n", yesno_to_str(Conf_ScrubCTCP));
 -#ifdef SSL_SUPPORT
 -	printf("  SSLCertFile = %s\n", Conf_SSLOptions.CertFile);
 -	printf("  SSLDHFile = %s\n", Conf_SSLOptions.DHFile);
 -	printf("  SSLKeyFile = %s\n", Conf_SSLOptions.KeyFile);
 -	if (array_bytes(&Conf_SSLOptions.KeyFilePassword))
 -		puts("  SSLKeyFilePassword = ");
 -	else
 -		puts("  SSLKeyFilePassword = ");
 -	array_free_wipe(&Conf_SSLOptions.KeyFilePassword);
 -	printf("  SSLPorts = ");
 -	ports_puts(&Conf_SSLOptions.ListenPorts);
 -#endif
  #ifdef SYSLOG
  	printf("  SyslogFacility = %s\n",
  	       ngt_SyslogFacilityName(Conf_SyslogFacility));
@@@ -1485,40 -1461,12 +1487,44 @@@ Handle_OPTIONS(int Line, char *Var, cha
  		return;
  	}
  #endif
+ 	if (strcasecmp(Var, "ScrubCTCP") == 0) {
+ 		Conf_ScrubCTCP = Check_ArgIsTrue(Arg);
+ 		return;
+ 	}
 +#ifdef SYSLOG
 +	if (strcasecmp(Var, "SyslogFacility") == 0) {
 +		Conf_SyslogFacility = ngt_SyslogFacilityID(Arg,
 +							   Conf_SyslogFacility);
 +		return;
 +	}
 +#endif
 +	if (strcasecmp(Var, "WebircPassword") == 0) {
 +		len = strlcpy(Conf_WebircPwd, Arg, sizeof(Conf_WebircPwd));
 +		if (len >= sizeof(Conf_WebircPwd))
 +			Config_Error_TooLong(Line, Var);
 +		return;
 +	}
 +
 +	Config_Error_Section(Line, Var, "Options");
 +}
 +
  #ifdef SSL_SUPPORT
 -	if (strcasecmp(Var, "SSLCertFile") == 0) {
 +
 +/**
 + * Handle variable in [SSL] configuration section.
 + *
 + * @param Line	Line numer in configuration file.
 + * @param Var	Variable name.
 + * @param Arg	Variable argument.
 + */
 +static void
 +Handle_SSL(int Line, char *Var, char *Arg)
 +{
 +	assert(Line > 0);
 +	assert(Var != NULL);
 +	assert(Arg != NULL);
 +
 +	if (strcasecmp(Var, "CertFile") == 0) {
  		assert(Conf_SSLOptions.CertFile == NULL);
  		Conf_SSLOptions.CertFile = strdup_warn(Arg);
  		return;

-----END OF PAGE-----