diff options
Diffstat (limited to 'src/modules/m_cloaking.cpp')
-rw-r--r-- | src/modules/m_cloaking.cpp | 72 |
1 files changed, 30 insertions, 42 deletions
diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index b4cb90aa2..95b54b522 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -26,6 +26,7 @@ /* $ModDesc: Provides masking of user hostnames */ /* $ModDep: m_md5.h */ +/* Used to vary the output a little more depending on the cloak keys */ static const char* xtab[] = {"F92E45D871BCA630", "A1B9D80C72E653F4", "1ABC078934DEF562", "ABCDEF5678901234"}; /** Handles user mode +x @@ -79,6 +80,7 @@ class CloakUser : public ModeHandler * 'real' hostname which you shouldnt write to. */ + unsigned int iv[] = { key1, key2, key3, key4 }; char* n = strstr(dest->host,"."); if (!n) n = strstr(dest->host,":"); @@ -87,8 +89,15 @@ class CloakUser : public ModeHandler std::string b; insp_inaddr testaddr; + + /** Reset the MD5 module, and send it our IV and hex table */ + MD5ResetRequest(Sender, MD5Provider).Send(); + MD5KeyRequest(Sender, MD5Provider, iv).Send(); + MD5HexRequest(Sender, MD5Provider, xtab[0]); + + /* Generate a cloak using specialized MD5 */ std::string hostcloak = prefix + "-" + MD5SumRequest(Sender, MD5Provider, dest->host).Send() + a; - + /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes * according to the DNS RFC) then tough titty, they get cloaked as an IP. * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie @@ -104,7 +113,6 @@ class CloakUser : public ModeHandler { b = ((b.find(':') == std::string::npos) ? Cloak4(dest->host) : Cloak6(dest->host)); } - ServerInstance->Log(DEBUG,"cloak: allocated "+b); dest->ChangeDisplayedHost(b.c_str()); } @@ -133,22 +141,24 @@ class CloakUser : public ModeHandler unsigned int iv[] = { key1, key2, key3, key4 }; irc::sepstream seps(ip, '.'); std::string ra1, ra2, ra3, ra4; - int i1, i2, i3, i4; std::string octet1 = seps.GetToken(); std::string octet2 = seps.GetToken(); std::string octet3 = seps.GetToken(); std::string octet4 = seps.GetToken(); - i1 = atoi(octet1.c_str()); - i2 = atoi(octet2.c_str()); - i3 = atoi(octet3.c_str()); - i4 = atoi(octet4.c_str()); + int i1 = atoi(octet1.c_str()); + int i2 = atoi(octet2.c_str()); + int i3 = atoi(octet3.c_str()); + int i4 = atoi(octet4.c_str()); + octet4 = octet1 + "." + octet2 + "." + octet3 + "." + octet4; octet3 = octet1 + "." + octet2 + "." + octet3; octet2 = octet1 + "." + octet2; + /* Reset the MD5 module and send it our IV */ MD5ResetRequest(Sender, MD5Provider).Send(); MD5KeyRequest(Sender, MD5Provider, iv).Send(); + /* Send the MD5 module a different hex table for each octet group's MD5 sum */ MD5HexRequest(Sender, MD5Provider, xtab[(key1+i1) % 4]).Send(); ra1 = std::string(MD5SumRequest(Sender, MD5Provider, octet1).Send()).substr(0,6); @@ -161,7 +171,7 @@ class CloakUser : public ModeHandler MD5HexRequest(Sender, MD5Provider, xtab[(key4+i4) % 4]).Send(); ra4 = std::string(MD5SumRequest(Sender, MD5Provider, octet4).Send()).substr(0,6); - /* This is safe as we know the length generated by our genhash is always 16 */ + /* Stick them all together */ return std::string().append(ra1).append(".").append(ra2).append(".").append(ra3).append(".").append(ra4); } @@ -172,6 +182,7 @@ class CloakUser : public ModeHandler std::string item = ""; int rounds = 0; + /* Reset the MD5 module and send it our IV */ MD5ResetRequest(Sender, MD5Provider).Send(); MD5KeyRequest(Sender, MD5Provider, iv).Send(); @@ -180,6 +191,7 @@ class CloakUser : public ModeHandler item += *input; if (item.length() > 5) { + /* Send the MD5 module a different hex table for each octet group's MD5 sum */ MD5HexRequest(Sender, MD5Provider, xtab[(key1+rounds) % 4]).Send(); hashies.push_back(std::string(MD5SumRequest(Sender, MD5Provider, item).Send()).substr(0,10)); item = ""; @@ -188,53 +200,28 @@ class CloakUser : public ModeHandler } if (!item.empty()) { + /* Send the MD5 module a different hex table for each octet group's MD5 sum */ MD5HexRequest(Sender, MD5Provider, xtab[(key1+rounds) % 4]).Send(); hashies.push_back(std::string(MD5SumRequest(Sender, MD5Provider, item).Send()).substr(0,10)); item = ""; } + /* Stick them all together */ return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined(); } - - /* XXX: Uncomment and call to use the test suite - void TestSuite() - { - printf("%s %s\n", "192.168.1.1", Cloak4("192.168.1.1").c_str()); - printf("%s %s\n", "192.168.1.2", Cloak4("192.168.1.2").c_str()); - printf("%s %s\n", "192.168.10.1", Cloak4("192.168.10.1").c_str()); - printf("%s %s\n", "192.168.10.1", Cloak4("192.168.10.2").c_str()); - printf("%s %s\n", "192.169.1.1", Cloak4("192.169.1.1").c_str()); - printf("%s %s\n", "192.169.2.1", Cloak4("192.169.2.1").c_str()); - printf("%s %s\n", "200.168.1.1", Cloak4("200.168.1.1").c_str()); - printf("%s %s\n", "200.168.1.3", Cloak4("200.168.1.3").c_str()); - printf("%s %s\n", "200.168.3.3", Cloak4("200.168.3.3").c_str()); - printf("%s %s\n", "200.169.4.3", Cloak4("200.169.4.3").c_str()); - printf("---\n"); - printf("%s %s\n", "9a05:2f00:3f11::5f12::1", Cloak6("9a05:2f00:3f11::5f12::1").c_str()); - printf("%s %s\n", "9a05:2f00:3f11::5f12::2", Cloak6("9a05:2f00:3f11::5f12::2").c_str()); - printf("%s %s\n", "9a05:2f00:3f11::5a12::1", Cloak6("9a05:2f00:3f11::5a12::1").c_str()); - printf("%s %s\n", "9a05:2f00:3f11::5a12::2", Cloak6("9a05:2f00:3f11::5a12::2").c_str()); - printf("%s %s\n", "9a05:3f01:3f11::5f12::1", Cloak6("9a05:3f01:3f11::5f12::1").c_str()); - printf("%s %s\n", "9a05:4f00:3f11::5f13::2", Cloak6("9a05:4f00:3f11::5f13::2").c_str()); - printf("%s %s\n", "ffff:2f00:3f11::5f12::1", Cloak6("ffff:2f00:3f11::5f12::1").c_str()); - printf("%s %s\n", "ffff:2f00:3f11::5f13::2", Cloak6("ffff:2f00:3f11::5f13::2").c_str()); - exit(0); - } - */ void DoRehash() { ConfigReader Conf(ServerInstance); key1 = key2 = key3 = key4 = 0; - key1 = Conf.ReadInteger("cloak","key1",0,false); - key2 = Conf.ReadInteger("cloak","key2",0,false); - key3 = Conf.ReadInteger("cloak","key3",0,false); - key4 = Conf.ReadInteger("cloak","key4",0,false); - + key1 = Conf.ReadInteger("cloak","key1",0,true); + key2 = Conf.ReadInteger("cloak","key2",0,true); + key3 = Conf.ReadInteger("cloak","key3",0,true); + key4 = Conf.ReadInteger("cloak","key4",0,true); prefix = Conf.ReadValue("cloak","prefix",0); - if (prefix == "") - { + + if (prefix.empty()) prefix = ServerInstance->Config->Network; - } + if (!key1 && !key2 && !key3 && !key4) { ModuleException ex("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED!"); @@ -255,6 +242,7 @@ class ModuleCloaking : public Module ModuleCloaking(InspIRCd* Me) : Module::Module(Me) { + /* Attempt to locate the MD5 service provider, bail if we can't find it */ MD5Module = ServerInstance->FindModule("m_md5.so"); if (!MD5Module) throw ModuleException("Can't find m_md5.so. Please load m_md5.so before m_cloaking.so."); |