/* tircproxy.h
**
** This file defines what features get compiled into your proxy. The
** default is everything - you can then disable features you don't like at
** runtime.
**
** Features that aren't available get disabled by autoconf (I hope).
**
** Check the end of this file for some interesting messages you might
** want to redefine.
**
**************************************************************************/
/* Define this if you want to be able to request debugging info.
*/
#define TIRC_DEBUG 1
/* Define this if you prefer "udb" style shared memory over filesystem
** communication with other processes (e.g. oidentd). This method is
** recommended (CDIR et al are depreciated).
**
** If this is available, and used, then both the IP_TO_UID_PREFIX and CDIR
** definitions are completely ignored.
*/
#define USE_UDB 1
/* This is the prefix to the file to look for when changing uid/gid. If
** this is defined, and the specified file is found (the default is
** /var/run/user-<ipaddress>), the proxy server will attempt to change
** uid/gid to the username found in the file.
*/
#define IP_TO_UID_PREFIX "/var/run/user-"
/* Set the location of the broadcast & MOTD files. Undef these to disable
** the broadcasting feature.
*/
#define BROADCAST_FILE "/usr/local/etc/tircproxy/ircbroadcast"
#define IRC_MOTD_FILE "/usr/local/etc/tircproxy/motd.irc"
/* Enable this if you want to use the IPF code for tranparency.
*/
#define IPF 1
/* Enable this if you want to use the Linux code for tranparency.
*/
#define LINUX 0
/* Enable this if you want to ask proxy users for passwords.
*/
#define QUIZ_MODE 1
/* Listening ports for DCC proxy-ing are chosen at random from a pool
** of this size, ranging from port 1025 to port 1025+PPOOL.
*/
#define PPOOL 50445
/* Some messages you might want to redefine.
*/
#define QUIZ_NICK "tIRCproxy"
#define QUIZ_PASSWD_WAIT "Waiting for a valid username and password."
#define QUIZ_PASSWD_BAD "Wrong! Type '/msg tIRCproxy username password' to try again."
#define QUIZ_ANSWER_BAD "Wrong!"
#define QUIZ_PASSWD_OK "Correct. Welcome to IRC!"
/* This is the maximum (in bytes) amount of stuff we will store for the
** user while waiting for him to authenticate himself. If the user sends
** more data than this, then we drop the connection. Default is 20k.
*/
#define QUIZ_MEMORY_HOG 20*1024
/* Kludge to make DCC work with mIRC - some recent versions of mIRC have
** really stupid ideas about what IP address to send in DCC requests.. :-/
**
** This should always be a safe kludge though, unless you are connecting to
** tircproxy through *another* proxy which doesn't know about DCC. But that
** would be silly, wouldn't it?
*/
#define MIRC_DCC_KLUDGE 1
/* Log to syslog when the user changes nicks.
*/
#define NICK_LOG 1
/* This makes the server exit if it cannot find a valid user-id for the
** connection (when running in transparent mode, as root). If not enabled
** the server will continue to operate with full privaleges (which could be
** a tad dangerous if I made any mistakes coding this thing).
**
** PARANOID implies MIRC_DCC_KLUDGE and NICK_LOG.
*/
#define PARANOID 1
/* This makes the proxy use the libwrap library (hosts.allow & hosts.deny)
** for access control..
**
** The following tokens are recognized in hosts.allow and hosts.deny:
**
** tircproxy Who can(not) use the proxy. The username
** is not fetched from identd, but from the
** /var/run/user-<ipaddr> file.
** tircproxy_dcc_in Internal user@hosts who can(not) use DCC.
** tircproxy_dcc_out External user@hosts who can(not) initiate DCC.
** tircproxy_dcc_files Filenames to accept/block (replace usernames)
**
** Note that tircproxy_dcc_out is less strict than tircproxy_dcc_in - even
** if a host is banned from **initiating* connections by a tircproxy_dcc_out
** directive, an internal client may still request a DCC connection to the
** it, and the proxy will allow the connection. Maybe this doesn't make sense..
*/
#define TCP_WRAPPERS 1
/* Cooperate with oidentd-1.4+cdir (depraciated)
**
** This makes tircproxy check for a user-<ip> file in the CDIR directory
** instead of checking for the IP_TO_UID_PREFIX file, and adds information
** to /var/oidentd/ident:<port>-<ip>:<port> for each active connection.
**
** This means the proxy does NOT need to run as root for ident responses to
** be correct. This method is now obsolete - use UDB if at all possible!
#define CDIR "/var/oidentd/"
#define CDIR_IDENT "ident"
#define CDIR_MAP "user"
*/
/* The following table defines a list of filenames that are not
** to be handled transparently by the DCC code.. if replace points to
** a valid string the filename is overwritten by it (the file names must
** be of equal length!). If replace is NULL the DCC request is silently
** dropped.
*/
struct dcc_mangle_struct {
char *offered;
char *replace;
};
/* See http://www.irchelp.org/irchelp/security/ for more info.
** It's a Good Idea (tm) to keep this list up-to-date!
*/
static struct dcc_mangle_struct dcc_mangle[] = {
{"script.ini", NULL}, /* Trojan. */
{"dmsetup.exe", NULL}, /* Trojan. */
{"dmsetup2.exe", NULL}, /* Trojan. */
{"winhelper.exe", NULL}, /* Trojan. */
{"mschv32.exe", NULL}, /* Trojan. */
{"LOVE-LETTER-FOR-YOU.HTM", NULL}, /* Trojan. */
{"mirc.ini", "mirc.in-"}, /* Mangle mirc.ini */
{NULL, NULL} /* End of table marker */
};
/* This is what the victim sees if some sends him a DCC request which you
** have banned or mangled! All of the messages are optional - if any are
** undefed, then the connections will be dropped silently.
**
** Note: For security reasons, it's important to use %.Ns instead of %s -
** where N is a relatively small integer.
*/
#define MANGLE_DCC_SEND "Trojan (DCC %.25s %.25s) from me blocked, see http://bre.klaki.net/programs/tircproxy/trojans.html for information."
#define DISALLOW_DCC_SEND "oOoOo Paranoia turned 'DCC %.25s %.25s' into a turnip! oOoOo"
#define DISALLOW_DCC_CHAT "oOoOo Paranoia turned 'DCC %.25s %.25s' into a turnip! oOoOo"
#define DISALLOW_DCC_FUNK "oOoOo Paranoia turned 'DCC %.25s %.25s' into a turnip! oOoOo"
/* When running in anonymizing mode, USERINFO, CLIENTINFO, VERSION and FINGER
** replies from our client are replaced by this string:
*/
#define CTCP_NOT_ALLOWED "ERROR Hey, I'm anonymous. Cut it out."
/* IRCNAME string for anonymous users, and formula for generating a userID.
*/
#define ANON_IRCNAME "Anonymous IRC user"
#define ANON_USERID ((clients_ip ^ anon_notval) + visible_ip_o + (clients_ip >> 15)) & 0x0FFFFFF;
syntax highlighted by Code2HTML, v. 0.9.1