Преглед на файлове

Add set 'fish-paranoid' (#23)

Bryan Drewery преди 14 години
родител
ревизия
8698831656
променени са 4 файла, в които са добавени 8 реда и са изтрити 2 реда
  1. 1 0
      doc/UPDATES
  2. 4 1
      doc/help.txt
  3. 2 0
      src/set.c
  4. 1 1
      src/set.h

+ 1 - 0
doc/UPDATES

@@ -12,6 +12,7 @@
   * FiSH message support added.
   * FiSH support for DH1080 key-exchange. 'keyx' command added to start from bot, and responds to key-exchanges.
   * Auto FiSH key-exchange when accepting users via callerid (controllable with set 'fish-auto-keyx')
+  * Automatic re-key exchange after every message to avoid replay attacks (controllable with set 'fish-paranoid')
   * When 'mdop' protection is on, re-op all previously opped clients automatically.
   * When 'mop' protection is on, deop all previously regular clients automatically.
   * Add './wraith -V' which will display the packconfig that the bot is using.

+ 4 - 1
doc/help.txt

@@ -1686,7 +1686,10 @@ See also: reload, backup
                            known users. Note that this will break msg-ident.
 [B]  $bfish-auto-keyx$b  Whether to automatically do a DH1010 FiSH Key exchange when
                            accepting users. This is only supported if using callerid.
- 
+
+[B]  $bfish-paranoid$b   Whether to automatically re-keyexchange after every message. This
+                           mitigates replay attacks.
+
 [S]  $baltchars$b        Define string of characters to cycle when generating alternative
                           nicks when nick is taken. Ie: _-`[].
 [S]  $bjupenick$b        The bot will attempt to jupe this nick. It will never use a variation

+ 2 - 0
src/set.c

@@ -75,6 +75,7 @@ bool manop_warn;
 char homechan[51] = "";
 char usermode[15] = "";
 bool fish_auto_keyx = 0;
+bool fish_paranoid = 0;
 
 ////// THIS MUST REMAIN SORTED: !LC_ALL=C sort
 // VAR("bad-process",	&badprocess,		VAR_INT|VAR_DETECTED,				0, 4, "ignore"),
@@ -94,6 +95,7 @@ static variable_t vars[] = {
  VAR("deaf",		&use_deaf,		VAR_INT|VAR_BOOL|VAR_NOLHUB,			0, 1, "1"),
  VAR("fight-threshold",	&fight_threshold,	VAR_INT|VAR_NOLOC,				0, 0, "0"),
  VAR("fish-auto-keyx",	&fish_auto_keyx,	VAR_INT|VAR_BOOL|VAR_NOLHUB,			0, 1, "1"),
+ VAR("fish-paranoid",	&fish_paranoid,		VAR_INT|VAR_BOOL|VAR_NOLHUB,			0, 1, "0"),
  VAR("flood-callerid",	&flood_callerid,	VAR_RATE|VAR_NOLHUB,				0, 0, "6:2"),
  VAR("flood-ctcp",	&flood_ctcp,		VAR_RATE|VAR_NOLHUB,				0, 0, "3:60"),
  VAR("flood-msg",	&flood_msg,		VAR_RATE|VAR_NOLHUB,				0, 0, "5:60"),

+ 1 - 1
src/set.h

@@ -70,7 +70,7 @@ typedef struct rate_b {
 extern char		auth_key[], auth_prefix[2], motd[], alias[], rbl_servers[1024], groups[1024],
 			msgident[], msginvite[], msgop[], msgpass[], msgrelease[],
                         homechan[], altchars[];
-extern bool		dccauth, auth_obscure, manop_warn, auth_chan, oidentd, ident_botnick, irc_autoaway, link_cleartext, use_deaf, use_callerid, fish_auto_keyx;
+extern bool		dccauth, auth_obscure, manop_warn, auth_chan, oidentd, ident_botnick, irc_autoaway, link_cleartext, use_deaf, use_callerid, fish_auto_keyx, fish_paranoid;
 extern int		cloak_script, fight_threshold, fork_interval, in_bots, set_noshare, dcc_autoaway,
 			kill_threshold, lag_threshold, op_bots, hijack, login, promisc, trace,
                         ison_time, msgrate, msgburst;