+ if (prefix.empty())
+ prefix = ServerInstance->Config->Network;
+
+ if (!compatkey[1] || !compatkey[2] || !compatkey[3] || !compatkey[4] ||
+ compatkey[1] >= limit || compatkey[2] >= limit || compatkey[3] >= limit || compatkey[4] >= limit)
+ {
+ std::string detail;
+ if (!compatkey[1] || compatkey[1] >= limit)
+ detail = "<cloak:key1> is not valid, it may be set to a too high/low value, or it may not exist.";
+ else if (!compatkey[2] || compatkey[2] >= limit)
+ detail = "<cloak:key2> is not valid, it may be set to a too high/low value, or it may not exist.";
+ else if (!compatkey[3] || compatkey[3] >= limit)
+ detail = "<cloak:key3> is not valid, it may be set to a too high/low value, or it may not exist.";
+ else if (!compatkey[4] || compatkey[4] >= limit)
+ detail = "<cloak:key4> is not valid, it may be set to a too high/low value, or it may not exist.";
+
+ throw ModuleException("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED! - " + detail);
+ }
+ }
+ else
+ {
+ key = Conf.ReadFlag("cloak", "key", 0);
+ if (key.empty() || key == "secret")
+ throw ModuleException("You have not defined cloak keys for m_cloaking. Define <cloak:key> as a network-wide secret.");
+ }
+ }
+
+ void OnUserConnect(User* dest)
+ {
+ std::string* cloak = cu.ext.get(dest);
+ if (cloak)
+ return;
+
+ if (dest->host.find('.') == std::string::npos && dest->host.find(':') == std::string::npos)
+ return;
+
+ std::string ipstr = dest->GetIPString();
+ std::string chost;
+
+ switch (mode)
+ {
+ case MODE_COMPAT_HOST:
+ {
+ if (ipstr != dest->host)
+ {
+ std::string tail = LastTwoDomainParts(dest->host);
+
+ /** Reset the Hash module, and send it our IV and hex table */
+ HashRequestIV hash(this, HashProvider, compatkey, xtab[(dest->host[0]) % 4], dest->host);
+
+ /* Generate a cloak using specialized Hash */
+ chost = prefix + "-" + hash.result.substr(0,8) + tail;
+
+ /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes
+ * according to the DNS RFC) then they get cloaked as an IP.
+ */
+ if (chost.length() <= 64)
+ break;
+ }
+ // fall through to IP cloak
+ }
+ case MODE_COMPAT_IPONLY:
+ if (dest->client_sa.sa.sa_family == AF_INET6)
+ chost = CompatCloak6(ipstr.c_str());
+ else
+ chost = CompatCloak4(ipstr.c_str());
+ break;
+ case MODE_HALF_CLOAK:
+ {
+ std::string tail;
+ if (ipstr != dest->host)
+ tail = LastTwoDomainParts(dest->host);
+ if (tail.empty() || tail.length() > 50)
+ tail = ReversePartialIP(dest->client_sa);
+ chost = prefix + SegmentCloak(dest->host, 1) + tail;
+ break;
+ }
+ case MODE_OPAQUE:
+ default:
+ chost = prefix + SegmentIP(dest->client_sa);