are you human? do you care about privacy?

2015-01-30 15:05:52 +01:00 · 2015-01-30 15:05:52 +01:00 · b8506361f6
parent 5cf911c6ae
commit b8506361f6
9 changed files with 97 additions and 35 deletions
--- a/bin/psyconf
+++ b/bin/psyconf
@ -511,10 +511,10 @@ then
    git stash save 'changes stashed automatically by psyced -m'
    git merge -s resolve origin
    # restore local changes?
-#   git stash apply
+#   git stash pop
    echo ""
    echo "If you had local changes to your files you can now restore them using"
-    echo "${hi}git stash apply${lo}"
+    echo "${hi}git stash pop${lo}"
    exit
 fi
--- a/world/default/de/plain.textdb
+++ b/world/default/de/plain.textdb
@ -4,6 +4,9 @@
 _warning_server_shutdown_temporary
 |Serverneustart: [_reason]
 _warning_missing_circuit_encryption
 |Deine Verbindung ist nicht verschlüsselt. Du gefährdest die Privatsphäre anderer Personen!
 _status_circuit_encryption_cipher
 |Gratuliere! Deine Verbindung ist mit forward secrecy verschlüsselt ([_circuit_encryption_cipher]).
--- a/world/default/en/plain.textdb
+++ b/world/default/en/plain.textdb
@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## Check utf-8: Praise Atatürk!
 _warning_missing_circuit_encryption
 |Your connection is not encrypted. You are putting other people's privacy at risk!
 _status_circuit_encryption_cipher
 |Congratulations. Your connection is encrypted with forward secrecy.
--- a/world/default/it/plain.textdb
+++ b/world/default/it/plain.textdb
@ -1,6 +1,9 @@
 <PSYC:TEXTDB> ## vim:syntax=mail
 ## tradotto al 30% ... cerca /TODO/ per continuare
 _warning_missing_circuit_encryption
 |La tua connessione non è crittata. Stai mettendo a rischio la privacy di altre persone!
 _status_circuit_encryption_cipher
 |Muy bueno! La tua connessione è crittata con forward secrecy.
--- a/world/net/include/net.h
+++ b/world/net/include/net.h
@ -276,4 +276,9 @@
 # endif
 #endif
 #define PRIVACY_SURVEILLED	 0
 #define PRIVACY_UNKNOWN  	-1
 #define PRIVACY_MITMX509	23
 #define PRIVACY_REASONABLE	44
 #endif
--- a/world/net/include/place.gen
+++ b/world/net/include/place.gen
@ -487,8 +487,9 @@ enter(source, mc, data, vars) {
 	}
 # endif
 # if defined(SECURE)
-// let people in who are either connected via a SSL/TLS
+// let people in who are either connected via an MITM-prone TLS
-// protocol or are coming from the localhost (probably SSH users).
+// protocol or are coming from the reasonably safe localhost
 // (either SSH or Tor users).
 //
 // both cases are no absolute guarantee for safety.. it is still
 // in the hands of each user in the room to safeguard true secrecy
@ -497,27 +498,14 @@ enter(source, mc, data, vars) {
 // or belong to a certain group, so you have to use the respective
 // #defines to also ensure that, if that's what you want.
 //
-// -lynX 2004
+// -lynX 2004, updated 2015
-
+//
-	if (!((objectp(source) &&
+	int intimacy = probably_private(source);
 		// should use trustworthy level 9 instead? if so.. how?
 	       (query_ip_number(source) == "127.0.0.1"
 #  ifdef SECURE_IP_NUMBER
 	     || SECURE_IP_NUMBER(query_ip_number(source))
 #  endif
 	     || query_ip_number(source) == __HOST_IP_NUMBER__ ))
 #  if __EFUN_DEFINED__(tls_query_connection_state)
 		// psyc client.. may also one day be a psyc server, in that
 		// case we have to hope the rest of the link is secured, too
-	     || (objectp(vars["_INTERNAL_origin"]) 
+	if (intimacy == PRIVACY_UNKNOWN)
-		 && interactive(vars["_INTERNAL_origin"]) 
+	    intimacy = probably_private(vars["_INTERNAL_origin"]);
-		 && tls_query_connection_state(vars["_INTERNAL_origin"]))
+	if (intimacy <= PRIVACY_SURVEILLED) {
 		// tls connection, be it telnet irc jabber or https
 		// shouldn't this check happen before "_INTERNAL_origin"? -lynX
 	     || (objectp(source) && interactive(source)
 		 && tls_query_connection_state(source))
 #  endif
 	    )) {
 		sendmsg(source, "_error_place_enter_necessary_encryption",
 	"[_nick_place] may only be accessed by clients with enabled encryption.",
                    ([ "_nick_place" : qName() ]) );
--- a/world/net/library/tls.c
+++ b/world/net/library/tls.c
@ -186,3 +186,44 @@ string tls_bad_cipher(object sock, string scheme) {
    return 0;
 }
 // Do not use server technologies like psyced for strong
 // privacy or anonymity requirements. Get started using
 // distributed technologies instead. Check out:
 //	http://youbroketheinternet.org
 //	http://secushare.org
 // But if you're happy with half-baked security, here you
 // have it:
 //					-lynX 2015
 //
 int probably_private(object source) {
 	// object has no TCP to it. you have to ask its circuit.
 	unless (objectp(source) && interactive(source))
 	    return PRIVACY_UNKNOWN;
 	// should use trustworthy level 9 instead? if so.. how?
 	if (query_ip_number(source) == "127.0.0.1"
 		// query_ip_number() efun is faster than a local 
 		// LPC variable, so it is fine we call it often
             || query_ip_number(source) == __HOST_IP_NUMBER__
 #  ifdef SECURE_IP_NUMBER
             || SECURE_IP_NUMBER(query_ip_number(source))
 #  endif
 	// People coming from localhost have either made it
 	// through SSH's reasonable certificate pinning or
 	// Tor's public-key based addressing.. both provide
 	// reasonable protection from men in the middle, if
 	// only the server itself could be considered secure.
 	//
 	) return PRIVACY_REASONABLE;
 #  if __EFUN_DEFINED__(tls_query_connection_state)
 	// Alas, this person is using a TLS/SSL-enhanced
 	// access protocol which, unless the client implements
 	// certificate pinning, is susceptible to man in the
 	// middle attacks. Find out more on this topic on
 	// http://patrol.psyced.org
 	//
        if (tls_query_connection_state(source))
 	    return PRIVACY_MITMX509;
 #  endif
 	return PRIVACY_SURVEILLED;
 }
--- a/world/net/tn/server.c
+++ b/world/net/tn/server.c
@ -8,18 +8,27 @@
 qScheme() { return "tn"; }
-logon() {
+human(x) {
-	// first check limits and authlocal, then show banner
+	x = lower_case(x);
-	if (::logon()) {
+	unless (abbrev(x, "yes") || abbrev(x, "ja") || abbrev(x, "si") || abbrev(x, "zes")) {
-//		unless (nick) {
+		emit("\nSorry, no other species welcome currently.\n\n");
-			cat(TELNET_PATH "clear.vt");
+	}
-			cat("/local/banner.txt");
+		// now check limits
-//		}
+	else if (::logon()) {
 		// takes a little tweaking to use T() here
 		emit("Name: ");
 	}
 }
 logon() {
 	if (nick) return ::logon(); // authlocal
 	cat(TELNET_PATH "clear.vt");
 	cat("/local/banner.txt");
 	input_to(#'human, INPUT_IGNORE_BANG);
 	// takes a little tweaking to use T() here
 	emit("Are you human? ");
 }
 password(a) {
 	// send IAC + WONT + ECHO to go to echo-mode again
 #ifdef OLD_HACKS_WE_PROBABLY_NO_LONGER_NEED
@ -67,7 +76,7 @@ hello(ni) {
 //
 // only the PROMUVE will need this, as the freemuve isn't accepting "." and
 // ":" in nicknames anyways (PROMUVE converts those to "_").
-#ifdef PRO_PATH
+#if 0 //def PRO_PATH
 # if 0
 	{ int i1, i2, i3, i4, i5;
 	    if (strstr(ni, "://") > 0 ||
@ -83,7 +92,8 @@ hello(ni) {
 		return 1;
 	}
 # else
-	if (abbrev("GET ", ni) || abbrev("POST ", ni)
+	// we could simply disallow space in the name here...
 	if (abbrev("GET ", ni) || abbrev("POST ", ni) || abbrev("OPTIONS ", ni)
 			       || abbrev("CONNECT ", ni)) {
 		// hehe.. we could htredirect proxyscanners to our www port   ;)
 		emit("Dumbhead.\n<h1>Don't you have a telnet client?</h1>\n");
@ -95,7 +105,7 @@ hello(ni) {
 	return ::hello(ni);
 }
-#ifdef BRAIN
+#if 0 //def BRAIN
 morph() {
       if (user->isNewbie())
 	   emit("\nSorry, no unregistered users currently.\n\n");
--- a/world/net/user.c
+++ b/world/net/user.c
@ -1572,13 +1572,22 @@ logon() {
 	string evil;
 	if (tls_query_connection_state(ME) == 1) {
-	    if (evil = tls_bad_cipher(ME, t)) {
+	    // evil TLS ciphers are no problem if the connection is being
-		// i bet jabber users will love this
+	    // tunneled through SSH or Tor, so we shut up in that case.
 	    if (probably_private(ME) < PRIVACY_REASONABLE &&
 		    (evil = tls_bad_cipher(ME, t))) {
 		// Seems to affect only pidgin for linux prior to 2015
                w("_warning_circuit_encryption_cipher", 0, ([ "_circuit_encryption_cipher": evil ]));
 		//return remove_interactive(ME);
 	    } else {
                unless (beQuiet) w("_status_circuit_encryption_cipher");
 	    }
 	} else if (!probably_private(ME)) {
 	    w("_warning_missing_circuit_encryption"
 # ifdef _warning_missing_circuit_encryption
 	      , _warning_missing_circuit_encryption
 # endif
 	    );
 	}
 #endif
 	// cannot if (greeting) here this since jabber:iq:auth depends on this