2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2017-2019 B00mX0r <b00mx0r@aureus.pw>
5 * Copyright (C) 2017 Sheogorath <sheogorath@shivering-isles.com>
6 * Copyright (C) 2016 Adam <Adam@anope.org>
7 * Copyright (C) 2014 Thomas Fargeix <t.fargeix@gmail.com>
8 * Copyright (C) 2013, 2018 Attila Molnar <attilamolnar@hush.com>
9 * Copyright (C) 2013, 2016-2019 Sadie Powell <sadie@witchery.services>
10 * Copyright (C) 2012 Robby <robby@chatbelgie.be>
11 * Copyright (C) 2011 jackmcbarn <jackmcbarn@inspircd.org>
12 * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
13 * Copyright (C) 2007-2009 Robin Burchell <robin+git@viroteck.net>
14 * Copyright (C) 2007-2008, 2010 Craig Edwards <brain@inspircd.org>
15 * Copyright (C) 2007-2008 Dennis Friis <peavey@inspircd.org>
16 * Copyright (C) 2006 Oliver Lupton <om@inspircd.org>
18 * This file is part of InspIRCd. InspIRCd is free software: you can
19 * redistribute it and/or modify it under the terms of the GNU General Public
20 * License as published by the Free Software Foundation, version 2.
22 * This program is distributed in the hope that it will be useful, but WITHOUT
23 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
24 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
27 * You should have received a copy of the GNU General Public License
28 * along with this program. If not, see <http://www.gnu.org/licenses/>.
33 #include "modules/hash.h"
37 /** 2.0 cloak of "half" of the hostname plus the full IP hash */
40 /** 2.0 cloak of IP hash, split at 2 common CIDR range points */
44 // lowercase-only encoding similar to base64, used for hash output
45 static const char base32[] = "0123456789abcdefghijklmnopqrstuv";
47 // The minimum length of a cloak key.
48 static const size_t minkeylen = 30;
52 // The method used for cloaking users.
55 // The number of parts of the hostname shown when using half cloaking.
56 unsigned int domainparts;
58 // Whether to ignore the case of a hostname when cloaking it.
61 // The secret used for generating cloaks.
64 // The prefix for cloaks (e.g. MyNet-).
67 // The suffix for IP cloaks (e.g. .IP).
70 CloakInfo(CloakMode Mode, const std::string& Key, const std::string& Prefix, const std::string& Suffix, bool IgnoreCase, unsigned int DomainParts = 0)
72 , domainparts(DomainParts)
73 , ignorecase(IgnoreCase)
81 typedef std::vector<std::string> CloakList;
83 /** Handles user mode +x
85 class CloakUser : public ModeHandler
89 SimpleExtItem<CloakList> ext;
90 std::string debounce_uid;
94 CloakUser(Module* source)
95 : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER)
97 , ext("cloaked_host", ExtensionItem::EXT_USER, source)
103 ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
105 LocalUser* user = IS_LOCAL(dest);
107 /* For remote clients, we don't take any action, we just allow it.
108 * The local server where they are will set their cloak instead.
109 * This is fine, as we will receive it later.
113 // Remote setters broadcast mode before host while local setters do the opposite, so this takes that into account
114 active = IS_LOCAL(source) ? adding : !adding;
115 dest->SetMode(this, adding);
116 return MODEACTION_ALLOW;
119 if (user->uuid == debounce_uid && debounce_ts == ServerInstance->Time())
121 // prevent spamming using /mode user +x-x+x-x+x-x
122 if (++debounce_count > 2)
123 return MODEACTION_DENY;
127 debounce_uid = user->uuid;
129 debounce_ts = ServerInstance->Time();
132 if (adding == user->IsModeSet(this))
133 return MODEACTION_DENY;
135 /* don't allow this user to spam modechanges */
137 user->CommandFloodPenalty += 5000;
141 // assume this is more correct
142 if (user->registered != REG_ALL && user->GetRealHost() != user->GetDisplayedHost())
143 return MODEACTION_DENY;
145 CloakList* cloaks = ext.get(user);
148 /* Force creation of missing cloak */
149 creator->OnUserConnect(user);
150 cloaks = ext.get(user);
153 // If we have a cloak then set the hostname.
154 if (cloaks && !cloaks->empty())
156 user->ChangeDisplayedHost(cloaks->front());
157 user->SetMode(this, true);
158 return MODEACTION_ALLOW;
161 return MODEACTION_DENY;
165 /* User is removing the mode, so restore their real host
166 * and make it match the displayed one.
168 user->SetMode(this, false);
169 user->ChangeDisplayedHost(user->GetRealHost().c_str());
170 return MODEACTION_ALLOW;
175 class CommandCloak : public Command
178 CommandCloak(Module* Creator) : Command(Creator, "CLOAK", 1)
184 CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE;
187 class ModuleCloaking : public Module
192 std::vector<CloakInfo> cloaks;
193 dynamic_reference<HashProvider> Hash;
198 , Hash(this, "hash/md5")
202 /** Takes a domain name and retrieves the subdomain which should be visible.
203 * This is usually the last \p domainparts labels but if not enough are
204 * present then all but the most specific label are used. If the domain name
205 * consists of one label only then none are used.
207 * Here are some examples for how domain names will be shortened assuming
208 * \p domainparts is set to the default of 3.
210 * "this.is.an.example.com" => ".an.example.com"
211 * "an.example.com" => ".example.com"
212 * "example.com" => ".com"
215 * @param host The hostname to cloak.
216 * @param domainparts The number of domain labels that should be visible.
217 * @return The visible segment of the hostname.
219 std::string VisibleDomainParts(const std::string& host, unsigned int domainparts)
221 // The position at which we found the last dot.
222 std::string::const_reverse_iterator dotpos;
224 // The number of dots we have seen so far.
225 unsigned int seendots = 0;
227 for (std::string::const_reverse_iterator iter = host.rbegin(); iter != host.rend(); ++iter)
232 // We have found a dot!
236 // Do we have enough segments to stop?
237 if (seendots >= domainparts)
241 // We only returns a domain part if more than one label is
242 // present. See above for a full explanation.
245 return std::string(dotpos.base() - 1, host.end());
249 * 2.0-style cloaking function
250 * @param item The item to cloak (part of an IP or hostname)
251 * @param id A unique ID for this type of item (to make it unique if the item matches)
252 * @param len The length of the output. Maximum for MD5 is 16 characters.
254 std::string SegmentCloak(const CloakInfo& info, const std::string& item, char id, size_t len)
257 input.reserve(info.key.length() + 3 + item.length());
259 input.append(info.key);
260 input.append(1, '\0'); // null does not terminate a C++ string
262 std::transform(item.begin(), item.end(), std::back_inserter(input), ::tolower);
266 std::string rv = Hash->GenerateRaw(input).substr(0,len);
267 for(size_t i = 0; i < len; i++)
269 // this discards 3 bits per byte. We have an
270 // overabundance of bits in the hash output, doesn't
271 // matter which ones we are discarding.
272 rv[i] = base32[rv[i] & 0x1F];
277 std::string SegmentIP(const CloakInfo& info, const irc::sockets::sockaddrs& ip, bool full)
280 size_t hop1, hop2, hop3;
283 if (ip.family() == AF_INET6)
285 bindata = std::string((const char*)ip.in6.sin6_addr.s6_addr, 16);
291 // pfx s1.s2.s3. (xxxx.xxxx or s4) sfx
293 rv.reserve(info.prefix.length() + 26 + info.suffix.length());
297 bindata = std::string((const char*)&ip.in4.sin_addr, 4);
302 // pfx s1.s2. (xxx.xxx or s3) sfx
303 rv.reserve(info.prefix.length() + 15 + info.suffix.length());
306 rv.append(info.prefix);
307 rv.append(SegmentCloak(info, bindata, 10, len1));
310 rv.append(SegmentCloak(info, bindata, 11, len2));
315 rv.append(SegmentCloak(info, bindata, 12, len2));
322 rv.append(SegmentCloak(info, bindata, 13, 6));
323 rv.append(info.suffix);
327 if (ip.family() == AF_INET6)
329 rv.append(InspIRCd::Format(".%02x%02x.%02x%02x%s",
330 ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
331 ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], info.suffix.c_str()));
335 const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
336 rv.append(InspIRCd::Format(".%d.%d%s", ip4[1], ip4[0], info.suffix.c_str()));
342 ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) CXX11_OVERRIDE
344 LocalUser* lu = IS_LOCAL(user);
346 return MOD_RES_PASSTHRU;
348 // Force the creation of cloaks if not already set.
351 // If the user has no cloaks (i.e. UNIX socket) then we do nothing here.
352 CloakList* cloaklist = cu.ext.get(user);
353 if (!cloaklist || cloaklist->empty())
354 return MOD_RES_PASSTHRU;
356 // Check if they have a cloaked host but are not using it.
357 for (CloakList::const_iterator iter = cloaklist->begin(); iter != cloaklist->end(); ++iter)
359 const std::string& cloak = *iter;
360 if (cloak != user->GetDisplayedHost())
362 const std::string cloakMask = user->nick + "!" + user->ident + "@" + cloak;
363 if (InspIRCd::Match(cloakMask, mask))
367 return MOD_RES_PASSTHRU;
370 void Prioritize() CXX11_OVERRIDE
372 /* Needs to be after m_banexception etc. */
373 ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST);
376 // this unsets umode +x on every host change. If we are actually doing a +x
377 // mode change, we will call SetMode back to true AFTER the host change is done.
378 void OnChangeHost(User* u, const std::string& host) CXX11_OVERRIDE
380 if (u->IsModeSet(cu) && !cu.active)
382 u->SetMode(cu, false);
384 LocalUser* luser = IS_LOCAL(u);
388 Modes::ChangeList modechangelist;
389 modechangelist.push_remove(&cu);
390 ClientProtocol::Events::Mode modeevent(ServerInstance->FakeClient, NULL, u, modechangelist);
391 luser->Send(modeevent);
396 Version GetVersion() CXX11_OVERRIDE
398 std::string testcloak = "broken";
399 if (Hash && !cloaks.empty())
401 const CloakInfo& info = cloaks.front();
404 case MODE_HALF_CLOAK:
405 // Use old cloaking verification to stay compatible with 2.0
406 // But verify domainparts and ignorecase when use 3.0-only features
407 if (info.domainparts == 3 && !info.ignorecase)
408 testcloak = info.prefix + SegmentCloak(info, "*", 3, 8) + info.suffix;
411 irc::sockets::sockaddrs sa;
412 testcloak = GenCloak(info, sa, "", testcloak + ConvToStr(info.domainparts)) + (info.ignorecase ? "-ci" : "");
416 testcloak = info.prefix + SegmentCloak(info, "*", 4, 8) + info.suffix + (info.ignorecase ? "-ci" : "");
419 return Version("Adds user mode x (cloak) which allows user hostnames to be hidden.", VF_COMMON|VF_VENDOR, testcloak);
422 void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
424 ConfigTagList tags = ServerInstance->Config->ConfTags("cloak");
425 if (tags.first == tags.second)
426 throw ModuleException("You have loaded the cloaking module but not configured any <cloak> tags!");
428 std::vector<CloakInfo> newcloaks;
429 for (ConfigIter i = tags.first; i != tags.second; ++i)
431 ConfigTag* tag = i->second;
433 // Ensure that we have the <cloak:key> parameter.
434 const std::string key = tag->getString("key");
436 throw ModuleException("You have not defined a cloaking key. Define <cloak:key> as a " + ConvToStr(minkeylen) + "+ character network-wide secret, at " + tag->getTagLocation());
438 // If we are the first cloak method then mandate a strong key.
439 if (i == tags.first && key.length() < minkeylen)
440 throw ModuleException("Your cloaking key is not secure. It should be at least " + ConvToStr(minkeylen) + " characters long, at " + tag->getTagLocation());
442 const bool ignorecase = tag->getBool("ignorecase");
443 const std::string mode = tag->getString("mode");
444 const std::string prefix = tag->getString("prefix");
445 const std::string suffix = tag->getString("suffix", ".IP");
446 if (stdalgo::string::equalsci(mode, "half"))
448 unsigned int domainparts = tag->getUInt("domainparts", 3, 1, 10);
449 newcloaks.push_back(CloakInfo(MODE_HALF_CLOAK, key, prefix, suffix, ignorecase, domainparts));
451 else if (stdalgo::string::equalsci(mode, "full"))
452 newcloaks.push_back(CloakInfo(MODE_OPAQUE, key, prefix, suffix, ignorecase));
454 throw ModuleException(mode + " is an invalid value for <cloak:mode>; acceptable values are 'half' and 'full', at " + tag->getTagLocation());
457 // The cloak configuration was valid so we can apply it.
458 cloaks.swap(newcloaks);
461 std::string GenCloak(const CloakInfo& info, const irc::sockets::sockaddrs& ip, const std::string& ipstr, const std::string& host)
465 irc::sockets::sockaddrs hostip;
466 bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
470 case MODE_HALF_CLOAK:
473 chost = info.prefix + SegmentCloak(info, host, 1, 6) + VisibleDomainParts(host, info.domainparts);
474 if (chost.empty() || chost.length() > 50)
475 chost = SegmentIP(info, ip, false);
480 chost = SegmentIP(info, ip, true);
485 void OnSetUserIP(LocalUser* user) CXX11_OVERRIDE
487 // Connecting users are handled in OnUserConnect not here.
488 if (user->registered != REG_ALL)
491 // Remove the cloaks and generate new ones.
495 // If a user is using a cloak then update it.
496 if (user->IsModeSet(cu))
498 CloakList* cloaklist = cu.ext.get(user);
499 user->ChangeDisplayedHost(cloaklist->front());
503 void OnUserConnect(LocalUser* dest) CXX11_OVERRIDE
505 if (cu.ext.get(dest))
508 // TODO: decide how we are going to cloak AF_UNIX hostnames.
509 if (dest->client_sa.family() != AF_INET && dest->client_sa.family() != AF_INET6)
513 for (std::vector<CloakInfo>::const_iterator iter = cloaks.begin(); iter != cloaks.end(); ++iter)
514 cloaklist.push_back(GenCloak(*iter, dest->client_sa, dest->GetIPString(), dest->GetRealHost()));
515 cu.ext.set(dest, cloaklist);
519 CmdResult CommandCloak::Handle(User* user, const Params& parameters)
521 ModuleCloaking* mod = (ModuleCloaking*)(Module*)creator;
523 // If we're cloaking an IP address we pass it in the IP field too.
524 irc::sockets::sockaddrs sa;
525 const char* ipaddr = irc::sockets::aptosa(parameters[0], 0, sa) ? parameters[0].c_str() : "";
528 for (std::vector<CloakInfo>::const_iterator iter = mod->cloaks.begin(); iter != mod->cloaks.end(); ++iter)
530 const std::string cloak = mod->GenCloak(*iter, sa, ipaddr, parameters[0]);
531 user->WriteNotice(InspIRCd::Format("*** Cloak #%u for %s is %s", ++id, parameters[0].c_str(), cloak.c_str()));
536 MODULE_INIT(ModuleCloaking)