From 13e2fa5fead2bce145d15c89dd9006f113367591 Mon Sep 17 00:00:00 2001 From: danieldg Date: Tue, 23 Mar 2010 03:10:49 +0000 Subject: Change 2.0 cloak function to use variable-length segments git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12656 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/m_cloaking.cpp | 70 ++++++++++++++++++++++++++-------------------- 1 file changed, 40 insertions(+), 30 deletions(-) (limited to 'src/modules/m_cloaking.cpp') diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 8f3f42a92..8021fcbd4 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -104,7 +104,7 @@ class ModuleCloaking : public Module dynamic_reference Hash; public: - ModuleCloaking() : cu(this), Hash(this, "hash/md5") + ModuleCloaking() : cu(this), mode(MODE_OPAQUE), Hash(this, "hash/md5") { } @@ -153,6 +153,32 @@ class ModuleCloaking : public Module return host.substr(splitdot); } + /** + * 2.0-style cloaking function + * @param item The item to cloak (part of an IP or hostname) + * @param id A unique ID for this type of item (to make it unique if the item matches) + * @param len The length of the output. Maximum for MD5 is 16 characters. + */ + std::string SegmentCloak(const std::string& item, char id, int len) + { + std::string input; + input.reserve(key.length() + 3 + item.length()); + input.append(1, id); + input.append(key); + input.append(1, 0); // null does not terminate a C++ string + input.append(item); + + std::string rv = Hash->sum(input).substr(0,len); + for(int i=0; i < len; i++) + { + // this discards 3 bits per byte. We have an + // overabundance of bits in the hash output, doesn't + // matter which ones we are discarding. + rv[i] = base32[rv[i] & 0x1F]; + } + return rv; + } + std::string CompatCloak4(const char* ip) { irc::sepstream seps(ip, '.'); @@ -214,6 +240,7 @@ class ModuleCloaking : public Module { std::string bindata; int hop1, hop2, hop3; + int len1, len2; std::string rv; if (ip.sa.sa_family == AF_INET6) { @@ -221,7 +248,9 @@ class ModuleCloaking : public Module hop1 = 8; hop2 = 6; hop3 = 4; - rv.reserve(prefix.length() + 37); + len1 = 6; + len2 = 4; + rv.reserve(prefix.length() + 29); } else { @@ -229,26 +258,27 @@ class ModuleCloaking : public Module hop1 = 3; hop2 = 0; hop3 = 2; - rv.reserve(prefix.length() + 30); + len1 = len2 = 3; + rv.reserve(prefix.length() + 18); } rv.append(prefix); - rv.append(SegmentCloak(bindata, 10)); + rv.append(SegmentCloak(bindata, 10, len1)); rv.append(1, '.'); bindata.erase(hop1); - rv.append(SegmentCloak(bindata, 11)); + rv.append(SegmentCloak(bindata, 11, len2)); if (hop2) { rv.append(1, '.'); bindata.erase(hop2); - rv.append(SegmentCloak(bindata, 12)); + rv.append(SegmentCloak(bindata, 12, len2)); } if (full) { rv.append(1, '.'); bindata.erase(hop3); - rv.append(SegmentCloak(bindata, 13)); + rv.append(SegmentCloak(bindata, 13, 6)); rv.append(".IP"); } else @@ -270,26 +300,6 @@ class ModuleCloaking : public Module return rv; } - std::string SegmentCloak(const std::string& item, char id) - { - std::string input; - input.reserve(key.length() + 3 + item.length()); - input.append(1, id); - input.append(key); - input.append(1, 0); // null does not terminate a C++ string - input.append(item); - - std::string rv = Hash->sum(input).substr(0,6); - for(int i=0; i < 6; i++) - { - // this discards 3 bits per byte. We have an - // overabundance of bits in the hash output, doesn't - // matter which ones we are discarding. - rv[i] = base32[rv[i] & 0x1F]; - } - return rv; - } - ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) { LocalUser* lu = IS_LOCAL(user); @@ -340,10 +350,10 @@ class ModuleCloaking : public Module testcloak = Hash->sumIV(compatkey, xtab[0], "*").substr(0,10); break; case MODE_HALF_CLOAK: - testcloak = prefix + SegmentCloak("*", 3); + testcloak = prefix + SegmentCloak("*", 3, 8); break; case MODE_OPAQUE: - testcloak = prefix + SegmentCloak("*", 4); + testcloak = prefix + SegmentCloak("*", 4, 8); } } return Version("Provides masking of user hostnames", VF_COMMON|VF_VENDOR, testcloak); @@ -463,7 +473,7 @@ class ModuleCloaking : public Module case MODE_HALF_CLOAK: { if (ipstr != dest->host) - chost = prefix + SegmentCloak(dest->host, 1) + LastTwoDomainParts(dest->host); + chost = prefix + SegmentCloak(dest->host, 1, 6) + LastTwoDomainParts(dest->host); if (chost.empty() || chost.length() > 50) chost = SegmentIP(dest->client_sa, false); break; -- cgit v1.2.3