egghelp/eggheads community

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-08-23T19:23:40-04:00

... and about telling people to learn to do it yourself then why the [censored] does this forum exist ...

These forums exist as a learning and information tool. There is an expectation that a poster will make some effort in solving his/her own problem with assistance (if any) provided.

Things to do before posting..

Statistics: Posted by Alchera — Thu Aug 23, 2007 7:23 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-08-23T08:21:40-04:00

You started to talk about illegal issues in this thread.

Statistics: Posted by sKy — Thu Aug 23, 2007 8:21 am

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-07-21T17:39:26-04:00

diff not working on patching...

Code:

$ patch -p0 < schat.diffcan't find file to patch at input line 1Perhaps you used the wrong -p or --strip option?File to patch:

i dont understand why people get really hitchy when talking about securing bots... every time people jump to the conclusion that one wants to secure a bot because he/she is doing something illegal, [censored] ya!... and about telling people to learn to do it yourself then why the [censored] does this forum exist if you dont want to help about issues like this one.. securing a bot should of been the main feature in the eggdrop in the first place, then rest should of had followed/.

Statistics: Posted by BoaR — Sat Jul 21, 2007 5:39 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-07-04T18:48:00-04:00

If the server supports ssl then using it is fine. Same for bouncer. This is a nice little security bonus you should catch if you can.

But the irc server (also ircops) could still read your messages thought if you don`t use an end to end encryption.

Statistics: Posted by sKy — Wed Jul 04, 2007 6:48 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-07-04T10:46:37-04:00

Some bouncers support SSL encryption between bouncer and client.
I routinely use SSL for my psyBNC with my kvirc and mIRC clients.

Having worked for certain government organizations, I prefer to have most of my private communications encrypted.

Statistics: Posted by DragnLord — Wed Jul 04, 2007 10:46 am

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-07-03T21:23:52-04:00

I also think now eggdrop <--ssl--> bouncer is not very effective. Only helpful if you run the bouncer on your own machine and this wouldn`t be much point. Because otherwise it would be still bouncer<--unencrypted--> your client.

Better would be end to end encryption, eggdrop <--ssl--> client. I also think ssl isn`t made for that and it`s to complicated to implement it correctly between this two points. Ssl works normally with a web of trust, or you would need to use a self singed certificate. You would also need to check the integrity of this certificate. There is a tclssl implementation but I think for eggdrop <--> user a symmetric encryptions would be fine enough, everything else would be overkill. But I am not a cryptography expert. Don`t think any crypto freaks nor many normal users are interested in that.

Statistics: Posted by sKy — Tue Jul 03, 2007 9:23 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-06-28T10:19:31-04:00

A globalspace variable named ctcp-client-ssl. Intended to be used similar to the module in the first post.

Did'nt bother repeating that, as I expected ppl to read through all posts, aswell as the comment below my code also showing a hint.
Mainly an illustration on how you could write that module in tcl (for those who don't like compiling additional modules).

Statistics: Posted by nml375 — Thu Jun 28, 2007 10:19 am

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-06-28T08:49:52-04:00

What is $::ctcp-client-ssl?

Statistics: Posted by sKy — Thu Jun 28, 2007 8:49 am

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-06-20T16:05:38-04:00

Actually, would'nt be much to recompile, since it's a single module, and no other files with dependancies on it. As long as you've got the buildtree lying around somewhere, it'd be a swift make..

Ofcourse, it could be implemented as a tcl-script aswell:

Code:

bind ctcp - "SCHAT" ctcp:schatproc ctcp:schat {nick host hand dest key text} { if {[matchattr +xp| $hand] || ([matchattr +o $hand] && !$::require-p)} {  if {[passwdok $hand ""]} {   putserv "NOTICE $nick :\001ERROR no password set\001"   return 0  }  putserv "PRIVMSG $nick :\001DCC CHAT chat [myip] $::ctcp-client-ssl\001 }}

Could probably be improved with a check wether ctcp-client-ssl is actually set or not, aswell with possible use of nat-ip setting...

Statistics: Posted by nml375 — Wed Jun 20, 2007 4:05 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-06-20T14:23:32-04:00

Of course you are right.

I was kind of stupid when I've written this because I just need to answer with

Code:

dprintf(DP_SERVER, "PRIVMSG %s :\001DCC CHAT chat %lu %u\001\n",                 nick, iptolong(natip[0] ? (IP) inet_addr(natip) : getmyip()),                 port);

and I think this is writable in TCL too. But I won't recode this completely now.

Statistics: Posted by naaina — Wed Jun 20, 2007 2:23 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-06-20T13:56:15-04:00

Interesting!

But I don`t really like the way to recompile my bot since this is quite complicated and takes a while.

What about implementing this on another way? The eggdrop plugin as normal script in pure tcl + a client written in some platform independent language (tcl or C++).

Statistics: Posted by sKy — Wed Jun 20, 2007 1:56 pm

Extension for SSL DCC Chat between Eggdrop & psyBNC

2007-04-17T18:20:59-04:00

Hi guys,

I don't know if someone is interested in such a thing, but I needed to encrypt the communication between IRC bouncer and Bot partyline, but in an easy and fast way. Instead of integrating a complex method of accepting and handling SSL-connections, I decided for stunnel, a SSL-wrapper for TCP protocols (http://www.stunnel.org).

I have extended the CTCP module of the eggdrop by a handler for CTCP "SCHAT", which will just return another connection port, which is handled by stunnel. I attached the patch for the ctcp.c (eggdrop version 1.6.18). Patch your eggdrop version with it and then you have to setup the parameter 'ctcp-client-ssl' in your eggdrop configuration:

Code:

loadmodule ctcpset ctcp-client-ssl [accept-port-of-stunnel]

The stunnel configuration should be like this:

Code:

; Service-level configuration[botname]accept = [accept-port-of-stunnel]connect = [listening-port-of-your-eggdrop]

You have to have pending DCCs enabled in your psyBNC (/DCCENABLE 1)

This results in the following way to build up a SSL DCC-Chat connection:

1. Client sends a CTCP "SCHAT" to the bot (/CTCP YourBot SCHAT)

2. Since the psyBNC has pendings DCCs enabled, it accepts the CTCP reply from the bot and offers the Client to answer the DCC request:

Code:

   -> [YourBot] SCHAT<-psyBNC> YourBot sent a DCC Chat Request. Use /DCCANSWER YourBot or /DCCANSWER S=YourBot (SSL) to establish the connection ([Bot-IP]/[accept-port-of-stunnel]).

As you can see, the CTCP reply does not include the telnet port of the eggdrop - it includes the port configured by 'ctcp-client-ssl'

3. Client answers with /DCCANSWER S=YourBot and the connection is built up!

Congratulations!

Have fun with this!

naaina

And now the diff:

Code:

35,36d34< static int client_ssl = -1;<177,210d174< static int ctcp_CHATSSL(char *nick, char *uhost, char *handle, char *object,<                      char *keyword, char *text)< {<   struct userrec *u = get_user_by_handle(userlist, handle);<   int atr = u ? u->flags : 0, i;<<   if ((atr & (USER_PARTY | USER_XFER)) || ((atr & USER_OP) && !require_p)) {<<     if (u_pass_match(u, "-")) {<       simple_sprintf(ctcp_reply, "%s\001ERROR no password set\001",<                      ctcp_reply);<       return 1;<     }<<     for (i = 0; i < dcc_total; i++) {<       if ((dcc[i].type->flags & DCT_LISTEN) &&<           (!strcmp(dcc[i].nick, "(telnet)") ||<            !strcmp(dcc[i].nick, "(users)"))) {<         /* Do me a favour and don't change this back to a CTCP reply,<          * CTCP replies are NOTICE's this has to be a PRIVMSG<          * -poptix 5/1/1997 */<       int port = client_ssl;<       if(port == -1) port = dcc[i].port;<         dprintf(DP_SERVER, "PRIVMSG %s :\001DCC CHAT chat %lu %u\001\n",<                 nick, iptolong(natip[0] ? (IP) inet_addr(natip) : getmyip()),<                 port);<         return 1;<       }<     }<     simple_sprintf(ctcp_reply, "%s\001ERROR no telnet port\001", ctcp_reply);<   }<   return 1;< }<221d184<   {"SCHAT",      "",   ctcp_CHATSSL,    NULL},234d196<   {"ctcp-client-ssl", &client_ssl},

Statistics: Posted by naaina — Tue Apr 17, 2007 6:20 pm