2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
5 * Copyright (C) 2006-2008 Robin Burchell <robin+git@viroteck.net>
6 * Copyright (C) 2008 Pippijn van Steenhoven <pip88nl@gmail.com>
7 * Copyright (C) 2003-2008 Craig Edwards <craigedwards@brainbox.cc>
8 * Copyright (C) 2007 John Brooks <john.brooks@dereferenced.net>
9 * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
10 * Copyright (C) 2006 Oliver Lupton <oliverlupton@gmail.com>
12 * This file is part of InspIRCd. InspIRCd is free software: you can
13 * redistribute it and/or modify it under the terms of the GNU General Public
14 * License as published by the Free Software Foundation, version 2.
16 * This program is distributed in the hope that it will be useful, but WITHOUT
17 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
18 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
21 * You should have received a copy of the GNU General Public License
22 * along with this program. If not, see <http://www.gnu.org/licenses/>.
27 #include "modules/hash.h"
31 /** 2.0 cloak of "half" of the hostname plus the full IP hash */
34 /** 2.0 cloak of IP hash, split at 2 common CIDR range points */
38 // lowercase-only encoding similar to base64, used for hash output
39 static const char base32[] = "0123456789abcdefghijklmnopqrstuv";
41 // The minimum length of a cloak key.
42 static const size_t minkeylen = 30;
46 // The method used for cloaking users.
49 // The number of parts of the hostname shown when using half cloaking.
50 unsigned int domainparts;
52 // Whether to ignore the case of a hostname when cloaking it.
55 // The secret used for generating cloaks.
58 // The prefix for cloaks (e.g. MyNet-).
61 // The suffix for IP cloaks (e.g. .IP).
64 CloakInfo(CloakMode Mode, const std::string& Key, const std::string& Prefix, const std::string& Suffix, bool IgnoreCase, unsigned int DomainParts = 0)
66 , domainparts(DomainParts)
67 , ignorecase(IgnoreCase)
75 typedef std::vector<std::string> CloakList;
77 /** Handles user mode +x
79 class CloakUser : public ModeHandler
83 SimpleExtItem<CloakList> ext;
84 std::string debounce_uid;
88 CloakUser(Module* source)
89 : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER)
91 , ext("cloaked_host", ExtensionItem::EXT_USER, source)
97 ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
99 LocalUser* user = IS_LOCAL(dest);
101 /* For remote clients, we don't take any action, we just allow it.
102 * The local server where they are will set their cloak instead.
103 * This is fine, as we will receive it later.
107 // Remote setters broadcast mode before host while local setters do the opposite, so this takes that into account
108 active = IS_LOCAL(source) ? adding : !adding;
109 dest->SetMode(this, adding);
110 return MODEACTION_ALLOW;
113 if (user->uuid == debounce_uid && debounce_ts == ServerInstance->Time())
115 // prevent spamming using /mode user +x-x+x-x+x-x
116 if (++debounce_count > 2)
117 return MODEACTION_DENY;
121 debounce_uid = user->uuid;
123 debounce_ts = ServerInstance->Time();
126 if (adding == user->IsModeSet(this))
127 return MODEACTION_DENY;
129 /* don't allow this user to spam modechanges */
131 user->CommandFloodPenalty += 5000;
135 // assume this is more correct
136 if (user->registered != REG_ALL && user->GetRealHost() != user->GetDisplayedHost())
137 return MODEACTION_DENY;
139 CloakList* cloaks = ext.get(user);
142 /* Force creation of missing cloak */
143 creator->OnUserConnect(user);
144 cloaks = ext.get(user);
147 // If we have a cloak then set the hostname.
148 if (cloaks && !cloaks->empty())
150 user->ChangeDisplayedHost(cloaks->front());
151 user->SetMode(this, true);
152 return MODEACTION_ALLOW;
155 return MODEACTION_DENY;
159 /* User is removing the mode, so restore their real host
160 * and make it match the displayed one.
162 user->SetMode(this, false);
163 user->ChangeDisplayedHost(user->GetRealHost().c_str());
164 return MODEACTION_ALLOW;
169 class CommandCloak : public Command
172 CommandCloak(Module* Creator) : Command(Creator, "CLOAK", 1)
178 CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE;
181 class ModuleCloaking : public Module
186 std::vector<CloakInfo> cloaks;
187 dynamic_reference<HashProvider> Hash;
192 , Hash(this, "hash/md5")
196 /** Takes a domain name and retrieves the subdomain which should be visible.
197 * This is usually the last \p domainparts labels but if not enough are
198 * present then all but the most specific label are used. If the domain name
199 * consists of one label only then none are used.
201 * Here are some examples for how domain names will be shortened assuming
202 * \p domainparts is set to the default of 3.
204 * "this.is.an.example.com" => ".an.example.com"
205 * "an.example.com" => ".example.com"
206 * "example.com" => ".com"
209 * @param host The hostname to cloak.
210 * @param domainparts The number of domain labels that should be visible.
211 * @return The visible segment of the hostname.
213 std::string VisibleDomainParts(const std::string& host, unsigned int domainparts)
215 // The position at which we found the last dot.
216 std::string::const_reverse_iterator dotpos;
218 // The number of dots we have seen so far.
219 unsigned int seendots = 0;
221 for (std::string::const_reverse_iterator iter = host.rbegin(); iter != host.rend(); ++iter)
226 // We have found a dot!
230 // Do we have enough segments to stop?
231 if (seendots >= domainparts)
235 // We only returns a domain part if more than one label is
236 // present. See above for a full explanation.
239 return std::string(dotpos.base() - 1, host.end());
243 * 2.0-style cloaking function
244 * @param item The item to cloak (part of an IP or hostname)
245 * @param id A unique ID for this type of item (to make it unique if the item matches)
246 * @param len The length of the output. Maximum for MD5 is 16 characters.
248 std::string SegmentCloak(const CloakInfo& info, const std::string& item, char id, size_t len)
251 input.reserve(info.key.length() + 3 + item.length());
253 input.append(info.key);
254 input.append(1, '\0'); // null does not terminate a C++ string
256 std::transform(item.begin(), item.end(), std::back_inserter(input), ::tolower);
260 std::string rv = Hash->GenerateRaw(input).substr(0,len);
261 for(size_t i = 0; i < len; i++)
263 // this discards 3 bits per byte. We have an
264 // overabundance of bits in the hash output, doesn't
265 // matter which ones we are discarding.
266 rv[i] = base32[rv[i] & 0x1F];
271 std::string SegmentIP(const CloakInfo& info, const irc::sockets::sockaddrs& ip, bool full)
274 size_t hop1, hop2, hop3;
277 if (ip.family() == AF_INET6)
279 bindata = std::string((const char*)ip.in6.sin6_addr.s6_addr, 16);
285 // pfx s1.s2.s3. (xxxx.xxxx or s4) sfx
287 rv.reserve(info.prefix.length() + 26 + info.suffix.length());
291 bindata = std::string((const char*)&ip.in4.sin_addr, 4);
296 // pfx s1.s2. (xxx.xxx or s3) sfx
297 rv.reserve(info.prefix.length() + 15 + info.suffix.length());
300 rv.append(info.prefix);
301 rv.append(SegmentCloak(info, bindata, 10, len1));
304 rv.append(SegmentCloak(info, bindata, 11, len2));
309 rv.append(SegmentCloak(info, bindata, 12, len2));
316 rv.append(SegmentCloak(info, bindata, 13, 6));
317 rv.append(info.suffix);
321 if (ip.family() == AF_INET6)
323 rv.append(InspIRCd::Format(".%02x%02x.%02x%02x%s",
324 ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
325 ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], info.suffix.c_str()));
329 const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
330 rv.append(InspIRCd::Format(".%d.%d%s", ip4[1], ip4[0], info.suffix.c_str()));
336 ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) CXX11_OVERRIDE
338 LocalUser* lu = IS_LOCAL(user);
340 return MOD_RES_PASSTHRU;
342 // Force the creation of cloaks if not already set.
345 // If the user has no cloaks (i.e. UNIX socket) then we do nothing here.
346 CloakList* cloaklist = cu.ext.get(user);
347 if (!cloaklist || cloaklist->empty())
348 return MOD_RES_PASSTHRU;
350 // Check if they have a cloaked host but are not using it.
351 for (CloakList::const_iterator iter = cloaklist->begin(); iter != cloaklist->end(); ++iter)
353 const std::string& cloak = *iter;
354 if (cloak != user->GetDisplayedHost())
356 const std::string cloakMask = user->nick + "!" + user->ident + "@" + cloak;
357 if (InspIRCd::Match(cloakMask, mask))
361 return MOD_RES_PASSTHRU;
364 void Prioritize() CXX11_OVERRIDE
366 /* Needs to be after m_banexception etc. */
367 ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST);
370 // this unsets umode +x on every host change. If we are actually doing a +x
371 // mode change, we will call SetMode back to true AFTER the host change is done.
372 void OnChangeHost(User* u, const std::string& host) CXX11_OVERRIDE
374 if (u->IsModeSet(cu) && !cu.active)
376 u->SetMode(cu, false);
378 LocalUser* luser = IS_LOCAL(u);
382 Modes::ChangeList modechangelist;
383 modechangelist.push_remove(&cu);
384 ClientProtocol::Events::Mode modeevent(ServerInstance->FakeClient, NULL, u, modechangelist);
385 luser->Send(modeevent);
390 Version GetVersion() CXX11_OVERRIDE
392 std::string testcloak = "broken";
393 if (Hash && !cloaks.empty())
395 const CloakInfo& info = cloaks.front();
398 case MODE_HALF_CLOAK:
399 // Use old cloaking verification to stay compatible with 2.0
400 // But verify domainparts and ignorecase when use 3.0-only features
401 if (info.domainparts == 3 && !info.ignorecase)
402 testcloak = info.prefix + SegmentCloak(info, "*", 3, 8) + info.suffix;
405 irc::sockets::sockaddrs sa;
406 testcloak = GenCloak(info, sa, "", testcloak + ConvToStr(info.domainparts)) + (info.ignorecase ? "-ci" : "");
410 testcloak = info.prefix + SegmentCloak(info, "*", 4, 8) + info.suffix + (info.ignorecase ? "-ci" : "");
413 return Version("Provides masking of user hostnames", VF_COMMON|VF_VENDOR, testcloak);
416 void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
418 ConfigTagList tags = ServerInstance->Config->ConfTags("cloak");
419 if (tags.first == tags.second)
420 throw ModuleException("You have loaded the cloaking module but not configured any <cloak> tags!");
422 std::vector<CloakInfo> newcloaks;
423 for (ConfigIter i = tags.first; i != tags.second; ++i)
425 ConfigTag* tag = i->second;
427 // Ensure that we have the <cloak:key> parameter.
428 const std::string key = tag->getString("key");
430 throw ModuleException("You have not defined a cloaking key. Define <cloak:key> as a " + ConvToStr(minkeylen) + "+ character network-wide secret, at " + tag->getTagLocation());
432 // If we are the first cloak method then mandate a strong key.
433 if (i == tags.first && key.length() < minkeylen)
434 throw ModuleException("Your cloaking key is not secure. It should be at least " + ConvToStr(minkeylen) + " characters long, at " + tag->getTagLocation());
436 const bool ignorecase = tag->getBool("ignorecase");
437 const std::string mode = tag->getString("mode");
438 const std::string prefix = tag->getString("prefix");
439 const std::string suffix = tag->getString("suffix", ".IP");
440 if (stdalgo::string::equalsci(mode, "half"))
442 unsigned int domainparts = tag->getUInt("domainparts", 3, 1, 10);
443 newcloaks.push_back(CloakInfo(MODE_HALF_CLOAK, key, prefix, suffix, ignorecase, domainparts));
445 else if (stdalgo::string::equalsci(mode, "full"))
446 newcloaks.push_back(CloakInfo(MODE_OPAQUE, key, prefix, suffix, ignorecase));
448 throw ModuleException(mode + " is an invalid value for <cloak:mode>; acceptable values are 'half' and 'full', at " + tag->getTagLocation());
451 // The cloak configuration was valid so we can apply it.
452 cloaks.swap(newcloaks);
455 std::string GenCloak(const CloakInfo& info, const irc::sockets::sockaddrs& ip, const std::string& ipstr, const std::string& host)
459 irc::sockets::sockaddrs hostip;
460 bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
464 case MODE_HALF_CLOAK:
467 chost = info.prefix + SegmentCloak(info, host, 1, 6) + VisibleDomainParts(host, info.domainparts);
468 if (chost.empty() || chost.length() > 50)
469 chost = SegmentIP(info, ip, false);
474 chost = SegmentIP(info, ip, true);
479 void OnSetUserIP(LocalUser* user) CXX11_OVERRIDE
481 // Connecting users are handled in OnUserConnect not here.
482 if (user->registered != REG_ALL)
485 // Remove the cloaks and generate new ones.
489 // If a user is using a cloak then update it.
490 if (user->IsModeSet(cu))
492 CloakList* cloaklist = cu.ext.get(user);
493 user->ChangeDisplayedHost(cloaklist->front());
497 void OnUserConnect(LocalUser* dest) CXX11_OVERRIDE
499 if (cu.ext.get(dest))
502 // TODO: decide how we are going to cloak AF_UNIX hostnames.
503 if (dest->client_sa.family() != AF_INET && dest->client_sa.family() != AF_INET6)
507 for (std::vector<CloakInfo>::const_iterator iter = cloaks.begin(); iter != cloaks.end(); ++iter)
508 cloaklist.push_back(GenCloak(*iter, dest->client_sa, dest->GetIPString(), dest->GetRealHost()));
509 cu.ext.set(dest, cloaklist);
513 CmdResult CommandCloak::Handle(User* user, const Params& parameters)
515 ModuleCloaking* mod = (ModuleCloaking*)(Module*)creator;
517 // If we're cloaking an IP address we pass it in the IP field too.
518 irc::sockets::sockaddrs sa;
519 const char* ipaddr = irc::sockets::aptosa(parameters[0], 0, sa) ? parameters[0].c_str() : "";
522 for (std::vector<CloakInfo>::const_iterator iter = mod->cloaks.begin(); iter != mod->cloaks.end(); ++iter)
524 const std::string cloak = mod->GenCloak(*iter, sa, ipaddr, parameters[0]);
525 user->WriteNotice(InspIRCd::Format("*** Cloak #%u for %s is %s", ++id, parameters[0].c_str(), cloak.c_str()));
530 MODULE_INIT(ModuleCloaking)