9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #347 from edk0/hide-tls-info

Browse source 
Add general::tls_ciphers_oper_only
This commit is contained in:
Aaron Jones 2020-07-06 08:31:47 +00:00 committed by GitHub
commit eb2103bb0e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
7 changed files with 15 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/ircd.conf.example
View file

@ -625,6 +625,7 @@ general {
away_interval = 30; away_interval = 30;
certfp_method = spki_sha256; certfp_method = spki_sha256;
hide_opers_in_whois = no; hide_opers_in_whois = no;
tls_ciphers_oper_only = no;
}; };
modules { modules {

3
doc/reference.conf
View file

@ -1436,6 +1436,9 @@ general {
/* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */ /* hide_opers_in_whois: if set to YES, then oper status will be hidden in /WHOIS output. */
hide_opers_in_whois = no; hide_opers_in_whois = no;
/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
tls_ciphers_oper_only = no;
}; };
modules { modules {

1
include/s_conf.h
View file

@ -232,6 +232,7 @@ struct config_file_entry
int use_propagated_bans; int use_propagated_bans;
int max_ratelimit_tokens; int max_ratelimit_tokens;
int away_interval; int away_interval;
int tls_ciphers_oper_only;
int client_flood_max_lines; int client_flood_max_lines;
int client_flood_burst_rate; int client_flood_burst_rate;

1
ircd/newconf.c
View file

@ -2802,6 +2802,7 @@ static struct ConfEntry conf_general_table[] =
{ "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers }, { "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers },
{ "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL }, { "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL },
{ "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason }, { "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason },
{ "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only },
{ "\0", 0, NULL, 0, NULL } { "\0", 0, NULL, 0, NULL }
}; };

1
ircd/s_conf.c
View file

@ -772,6 +772,7 @@ set_default_conf(void)
ConfigFileEntry.use_propagated_bans = true; ConfigFileEntry.use_propagated_bans = true;
ConfigFileEntry.max_ratelimit_tokens = 30; ConfigFileEntry.max_ratelimit_tokens = 30;
ConfigFileEntry.away_interval = 30; ConfigFileEntry.away_interval = 30;
ConfigFileEntry.tls_ciphers_oper_only = false;
#ifdef HAVE_LIBZ #ifdef HAVE_LIBZ
ConfigFileEntry.compression_level = 4; ConfigFileEntry.compression_level = 4;

6
modules/m_info.c
View file

@ -524,6 +524,12 @@ static struct InfoStruct info_table[] = {
&ConfigFileEntry.away_interval, &ConfigFileEntry.away_interval,
"The minimum time between aways", "The minimum time between aways",
}, },
{
"tls_ciphers_oper_only",
OUTPUT_BOOLEAN_YN,
&ConfigFileEntry.tls_ciphers_oper_only,
"TLS cipher strings are hidden in whois for non-opers",
},
{ {
"default_split_server_count", "default_split_server_count",
OUTPUT_DECIMAL, OUTPUT_DECIMAL,

3
modules/m_whois.c
View file

@ -334,7 +334,8 @@ single_whois(struct Client *source_p, struct Client *target_p, int operspy)
{ {
char cbuf[256] = "is using a secure connection"; char cbuf[256] = "is using a secure connection";
if (MyClient(target_p) && target_p->localClient->cipher_string != NULL) if (MyClient(target_p) && target_p->localClient->cipher_string != NULL &&
(!ConfigFileEntry.tls_ciphers_oper_only || source_p == target_p || IsOper(source_p)))
rb_snprintf_append(cbuf, sizeof(cbuf), " [%s]", target_p->localClient->cipher_string); rb_snprintf_append(cbuf, sizeof(cbuf), " [%s]", target_p->localClient->cipher_string);
sendto_one_numeric(source_p, RPL_WHOISSECURE, form_str(RPL_WHOISSECURE), sendto_one_numeric(source_p, RPL_WHOISSECURE, form_str(RPL_WHOISSECURE),