diff --git a/bin/psyconf b/bin/psyconf index 7f121d2..498692c 100755 --- a/bin/psyconf +++ b/bin/psyconf @@ -511,10 +511,10 @@ then git stash save 'changes stashed automatically by psyced -m' git merge -s resolve origin # restore local changes? -# git stash apply +# git stash pop echo "" echo "If you had local changes to your files you can now restore them using" - echo "${hi}git stash apply${lo}" + echo "${hi}git stash pop${lo}" exit fi diff --git a/world/default/de/plain.textdb b/world/default/de/plain.textdb index 0a98b5c..c35cf6e 100644 --- a/world/default/de/plain.textdb +++ b/world/default/de/plain.textdb @@ -4,6 +4,9 @@ _warning_server_shutdown_temporary |Serverneustart: [_reason] +_warning_missing_circuit_encryption +|Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen! + _status_circuit_encryption_cipher |Gratuliere! Deine Verbindung ist mit forward secrecy verschlüsselt ([_circuit_encryption_cipher]). diff --git a/world/default/en/plain.textdb b/world/default/en/plain.textdb index 8a7d1a3..1caf82d 100644 --- a/world/default/en/plain.textdb +++ b/world/default/en/plain.textdb @@ -1,6 +1,9 @@ ## vim:syntax=mail ## Check utf-8: Praise Atatürk! +_warning_missing_circuit_encryption +|Your connection is not encrypted. You are putting other people's privacy at risk! + _status_circuit_encryption_cipher |Congratulations. Your connection is encrypted with forward secrecy. diff --git a/world/default/it/plain.textdb b/world/default/it/plain.textdb index 58d4ffc..ffa871e 100644 --- a/world/default/it/plain.textdb +++ b/world/default/it/plain.textdb @@ -1,6 +1,9 @@ ## vim:syntax=mail ## tradotto al 30% ... cerca /TODO/ per continuare +_warning_missing_circuit_encryption +|La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone! + _status_circuit_encryption_cipher |Muy bueno! La tua connessione è crittata con forward secrecy. diff --git a/world/net/include/net.h b/world/net/include/net.h index b85c0fb..446c04d 100644 --- a/world/net/include/net.h +++ b/world/net/include/net.h @@ -276,4 +276,9 @@ # endif #endif +#define PRIVACY_SURVEILLED 0 +#define PRIVACY_UNKNOWN -1 +#define PRIVACY_MITMX509 23 +#define PRIVACY_REASONABLE 44 + #endif diff --git a/world/net/include/place.gen b/world/net/include/place.gen index 0f365c5..5f40354 100644 --- a/world/net/include/place.gen +++ b/world/net/include/place.gen @@ -487,8 +487,9 @@ enter(source, mc, data, vars) { } # endif # if defined(SECURE) -// let people in who are either connected via a SSL/TLS -// protocol or are coming from the localhost (probably SSH users). +// let people in who are either connected via an MITM-prone TLS +// protocol or are coming from the reasonably safe localhost +// (either SSH or Tor users). // // both cases are no absolute guarantee for safety.. it is still // in the hands of each user in the room to safeguard true secrecy @@ -497,27 +498,14 @@ enter(source, mc, data, vars) { // or belong to a certain group, so you have to use the respective // #defines to also ensure that, if that's what you want. // -// -lynX 2004 - - if (!((objectp(source) && - // should use trustworthy level 9 instead? if so.. how? - (query_ip_number(source) == "127.0.0.1" -# ifdef SECURE_IP_NUMBER - || SECURE_IP_NUMBER(query_ip_number(source)) -# endif - || query_ip_number(source) == __HOST_IP_NUMBER__ )) -# if __EFUN_DEFINED__(tls_query_connection_state) +// -lynX 2004, updated 2015 +// + int intimacy = probably_private(source); // psyc client.. may also one day be a psyc server, in that // case we have to hope the rest of the link is secured, too - || (objectp(vars["_INTERNAL_origin"]) - && interactive(vars["_INTERNAL_origin"]) - && tls_query_connection_state(vars["_INTERNAL_origin"])) - // tls connection, be it telnet irc jabber or https - // shouldn't this check happen before "_INTERNAL_origin"? -lynX - || (objectp(source) && interactive(source) - && tls_query_connection_state(source)) -# endif - )) { + if (intimacy == PRIVACY_UNKNOWN) + intimacy = probably_private(vars["_INTERNAL_origin"]); + if (intimacy <= PRIVACY_SURVEILLED) { sendmsg(source, "_error_place_enter_necessary_encryption", "[_nick_place] may only be accessed by clients with enabled encryption.", ([ "_nick_place" : qName() ]) ); diff --git a/world/net/library/tls.c b/world/net/library/tls.c index d78da17..f98cc22 100644 --- a/world/net/library/tls.c +++ b/world/net/library/tls.c @@ -186,3 +186,44 @@ string tls_bad_cipher(object sock, string scheme) { return 0; } +// Do not use server technologies like psyced for strong +// privacy or anonymity requirements. Get started using +// distributed technologies instead. Check out: +// http://youbroketheinternet.org +// http://secushare.org +// But if you're happy with half-baked security, here you +// have it: +// -lynX 2015 +// +int probably_private(object source) { + // object has no TCP to it. you have to ask its circuit. + unless (objectp(source) && interactive(source)) + return PRIVACY_UNKNOWN; + // should use trustworthy level 9 instead? if so.. how? + if (query_ip_number(source) == "127.0.0.1" + // query_ip_number() efun is faster than a local + // LPC variable, so it is fine we call it often + || query_ip_number(source) == __HOST_IP_NUMBER__ +# ifdef SECURE_IP_NUMBER + || SECURE_IP_NUMBER(query_ip_number(source)) +# endif + // People coming from localhost have either made it + // through SSH's reasonable certificate pinning or + // Tor's public-key based addressing.. both provide + // reasonable protection from men in the middle, if + // only the server itself could be considered secure. + // + ) return PRIVACY_REASONABLE; +# if __EFUN_DEFINED__(tls_query_connection_state) + // Alas, this person is using a TLS/SSL-enhanced + // access protocol which, unless the client implements + // certificate pinning, is susceptible to man in the + // middle attacks. Find out more on this topic on + // http://patrol.psyced.org + // + if (tls_query_connection_state(source)) + return PRIVACY_MITMX509; +# endif + return PRIVACY_SURVEILLED; +} + diff --git a/world/net/tn/server.c b/world/net/tn/server.c index cf28362..71a772f 100644 --- a/world/net/tn/server.c +++ b/world/net/tn/server.c @@ -8,18 +8,27 @@ qScheme() { return "tn"; } -logon() { - // first check limits and authlocal, then show banner - if (::logon()) { -// unless (nick) { - cat(TELNET_PATH "clear.vt"); - cat("/local/banner.txt"); -// } +human(x) { + x = lower_case(x); + unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) { + emit("\nSorry, no other species welcome currently.\n\n"); + } + // now check limits + else if (::logon()) { // takes a little tweaking to use T() here emit("Name: "); } } +logon() { + if (nick) return ::logon(); // authlocal + cat(TELNET_PATH "clear.vt"); + cat("/local/banner.txt"); + input_to(#'human, INPUT_IGNORE_BANG); + // takes a little tweaking to use T() here + emit("Are you human? "); +} + password(a) { // send IAC + WONT + ECHO to go to echo-mode again #ifdef OLD_HACKS_WE_PROBABLY_NO_LONGER_NEED @@ -67,7 +76,7 @@ hello(ni) { // // only the PROMUVE will need this, as the freemuve isn't accepting "." and // ":" in nicknames anyways (PROMUVE converts those to "_"). -#ifdef PRO_PATH +#if 0 //def PRO_PATH # if 0 { int i1, i2, i3, i4, i5; if (strstr(ni, "://") > 0 || @@ -83,7 +92,8 @@ hello(ni) { return 1; } # else - if (abbrev("GET ", ni) || abbrev("POST ", ni) + // we could simply disallow space in the name here... + if (abbrev("GET ", ni) || abbrev("POST ", ni) || abbrev("OPTIONS ", ni) || abbrev("CONNECT ", ni)) { // hehe.. we could htredirect proxyscanners to our www port ;) emit("Dumbhead.\n

Don't you have a telnet client?

\n"); @@ -95,7 +105,7 @@ hello(ni) { return ::hello(ni); } -#ifdef BRAIN +#if 0 //def BRAIN morph() { if (user->isNewbie()) emit("\nSorry, no unregistered users currently.\n\n"); diff --git a/world/net/user.c b/world/net/user.c index 61a8b37..a66ba19 100644 --- a/world/net/user.c +++ b/world/net/user.c @@ -1572,13 +1572,22 @@ logon() { string evil; if (tls_query_connection_state(ME) == 1) { - if (evil = tls_bad_cipher(ME, t)) { - // i bet jabber users will love this + // evil TLS ciphers are no problem if the connection is being + // tunneled through SSH or Tor, so we shut up in that case. + if (probably_private(ME) < PRIVACY_REASONABLE && + (evil = tls_bad_cipher(ME, t))) { + // Seems to affect only pidgin for linux prior to 2015 w("_warning_circuit_encryption_cipher", 0, ([ "_circuit_encryption_cipher": evil ])); //return remove_interactive(ME); } else { unless (beQuiet) w("_status_circuit_encryption_cipher"); } + } else if (!probably_private(ME)) { + w("_warning_missing_circuit_encryption" +# ifdef _warning_missing_circuit_encryption + , _warning_missing_circuit_encryption +# endif + ); } #endif // cannot if (greeting) here this since jabber:iq:auth depends on this