From 372b2193ecde2d0e94e412c63bbc0010069ef0ff Mon Sep 17 00:00:00 2001
From: Jilles Tjoelker <jilles@stack.nl>
Date: Fri, 28 Dec 2007 01:31:56 +0100
Subject: [PATCH] More helpful ERROR server notices. - Do not use
 hide_error_messages for certain "safe" ERRORs. - If hide_error_messages hides
 an ERROR from a handshake,   send a server notice anyway, but without the
 message   text. - Send server notices about ERRORs from handshakes network  
 wide if it was a remote connect.

---
 doc/reference.conf     |  6 ++--
 modules/core/m_error.c | 71 ++++++++++++++++++++++++++++--------------
 2 files changed, 52 insertions(+), 25 deletions(-)

diff --git a/doc/reference.conf b/doc/reference.conf
index 76458a3..5848739 100755
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -765,11 +765,13 @@ alias "MS" {
  */
 general {
 	/* hide error messages: defines whether error messages from
-	 * servers are hidden or not.  These can sometimes contain IPs and
-	 * can have an adverse effect on server ip hiding.  Set to:
+	 * servers that are not deemed fully safe are hidden or not.
+	 * These can sometimes contain IPs and can have an adverse
+	 * effect on server ip hiding.  Set to:
 	 *   yes:   hide from opers and admin
 	 *   opers: hide from opers only
 	 *   no:    do not hide error messages
+	 * Admins on other servers count as opers.
 	 */
 	hide_error_messages = opers;
 
diff --git a/modules/core/m_error.c b/modules/core/m_error.c
index a58d1b1..0310eca 100644
--- a/modules/core/m_error.c
+++ b/modules/core/m_error.c
@@ -50,6 +50,36 @@ mapi_clist_av1 error_clist[] = {
 
 DECLARE_MODULE_AV1(error, NULL, NULL, error_clist, NULL, NULL, "$Revision: 494 $");
 
+/* Determine whether an ERROR message is safe to show (no IP address in it) */
+static int
+is_safe_error(const char *message)
+{
+	char prefix2[100];
+	const char *p;
+
+	if (!strncmp(message, "Closing Link: 127.0.0.1 (", 25))
+		return 1;
+	snprintf(prefix2, sizeof prefix2,
+			"Closing Link: 127.0.0.1 %s (", me.name);
+	if (!strncmp(message, prefix2, strlen(prefix2)))
+		return 1;
+	if (!strncmp(message, "Restart by ", 11))
+		return 1;
+	if (!strncmp(message, "Terminated by ", 14))
+		return 1;
+
+	if (!ircncmp(message, "Closing Link", 12))
+		return 0;
+	if (strchr(message, '['))
+		return 0;
+	p = strchr(message, '.');
+	if (p != NULL && p[1] != '\0')
+		return 0;
+	if (strchr(message, ':'))
+		return 0;
+
+	return 1;
+}
 
 /*
  * Note: At least at protocol level ERROR has only one parameter,
@@ -63,22 +93,25 @@ int
 m_error(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
 {
 	const char *para;
+	int hideit = ConfigFileEntry.hide_error_messages;
 
 	para = (parc > 1 && *parv[1] != '\0') ? parv[1] : "<>";
 
 	ilog(L_SERVER, "Received ERROR message from %s: %s",
 	     log_client_name(source_p, SHOW_IP), para);
 
-	if(IsAnyServer(client_p) && ConfigFileEntry.hide_error_messages < 2)
+	if(is_safe_error(para))
+		hideit = 0;
+	if(IsAnyServer(client_p))
 	{
-		sendto_realops_snomask(SNO_GENERAL, L_ADMIN,
-				     "ERROR :from %s -- %s",
-				     get_server_name(client_p, HIDE_IP), para);
-
-		if(!ConfigFileEntry.hide_error_messages)
-			sendto_realops_snomask(SNO_GENERAL, L_OPER,
-					     "ERROR :from %s -- %s",
-					     get_server_name(client_p, HIDE_IP), para);
+		if (hideit < 2)
+			sendto_realops_snomask(SNO_GENERAL, hideit ? L_ADMIN : (is_remote_connect(client_p) ? L_NETWIDE : L_ALL),
+					"ERROR :from %s -- %s",
+					get_server_name(client_p, HIDE_IP), para);
+		if (hideit > 0)
+			sendto_realops_snomask(SNO_GENERAL, (hideit == 1 ? L_OPER : L_ALL) | (is_remote_connect(client_p) ? L_NETWIDE : L_ALL),
+					"ERROR :from %s -- <hidden>",
+					get_server_name(client_p, HIDE_IP));
 	}
 
 	exit_client(client_p, source_p, source_p, "ERROR");
@@ -90,35 +123,27 @@ static int
 ms_error(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
 {
 	const char *para;
+	int hideit = ConfigFileEntry.hide_error_messages;
 
 	para = (parc > 1 && *parv[1] != '\0') ? parv[1] : "<>";
 
 	ilog(L_SERVER, "Received ERROR message from %s: %s",
 	     log_client_name(source_p, SHOW_IP), para);
 
-	if(ConfigFileEntry.hide_error_messages == 2)
+	if(is_safe_error(para))
+		hideit = 0;
+	if(hideit == 2)
 		return 0;
 
 	if(client_p == source_p)
 	{
-		sendto_realops_snomask(SNO_GENERAL, L_ADMIN, "ERROR :from %s -- %s",
+		sendto_realops_snomask(SNO_GENERAL, hideit ? L_ADMIN : L_ALL, "ERROR :from %s -- %s",
 				     get_server_name(client_p, HIDE_IP), para);
-
-		if(!ConfigFileEntry.hide_error_messages)
-			sendto_realops_snomask(SNO_GENERAL, L_OPER,
-					     "ERROR :from %s -- %s",
-					     get_server_name(client_p, HIDE_IP), para);
 	}
 	else
 	{
-		sendto_realops_snomask(SNO_GENERAL, L_ADMIN, "ERROR :from %s via %s -- %s",
+		sendto_realops_snomask(SNO_GENERAL, hideit ? L_ADMIN : L_ALL, "ERROR :from %s via %s -- %s",
 				     source_p->name, get_server_name(client_p, HIDE_IP), para);
-
-		if(!ConfigFileEntry.hide_error_messages)
-			sendto_realops_snomask(SNO_GENERAL, L_OPER,
-					     "ERROR :from %s via %s -- %s",
-					     source_p->name,
-					     get_server_name(client_p, HIDE_IP), para);
 	}
 
 	return 0;