#include "inspircd.h"
#include "modules/hash.h"
-/* $ModDesc: Provides masking of user hostnames */
-
enum CloakMode
{
/** 2.0 cloak of "half" of the hostname plus the full IP hash */
CloakUser(Module* source)
: ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER),
- ext("cloaked_host", source), debounce_ts(0), debounce_count(0)
+ ext("cloaked_host", ExtensionItem::EXT_USER, source), debounce_ts(0), debounce_count(0)
{
}
*/
if (!user)
{
- dest->SetMode('x',adding);
+ dest->SetMode(this, adding);
return MODEACTION_ALLOW;
}
debounce_ts = ServerInstance->Time();
}
- if (adding == user->IsModeSet('x'))
+ if (adding == user->IsModeSet(this))
return MODEACTION_DENY;
/* don't allow this user to spam modechanges */
if (adding)
{
+ // assume this is more correct
+ if (user->registered != REG_ALL && user->GetRealHost() != user->GetDisplayedHost())
+ return MODEACTION_DENY;
+
std::string* cloak = ext.get(user);
if (!cloak)
}
if (cloak)
{
- user->ChangeDisplayedHost(cloak->c_str());
- user->SetMode('x',true);
+ user->ChangeDisplayedHost(*cloak);
+ user->SetMode(this, true);
return MODEACTION_ALLOW;
}
else
/* User is removing the mode, so restore their real host
* and make it match the displayed one.
*/
- user->SetMode('x',false);
- user->ChangeDisplayedHost(user->host.c_str());
+ user->SetMode(this, false);
+ user->ChangeDisplayedHost(user->GetRealHost().c_str());
return MODEACTION_ALLOW;
}
}
std::string prefix;
std::string suffix;
std::string key;
- const char* xtab[4];
+ unsigned int domainparts;
dynamic_reference<HashProvider> Hash;
ModuleCloaking() : cu(this), mode(MODE_OPAQUE), ck(this), Hash(this, "hash/md5")
{
}
- void init()
- {
- OnRehash(NULL);
-
- ServerInstance->Modules->AddService(cu);
- ServerInstance->Modules->AddService(ck);
- ServerInstance->Modules->AddService(cu.ext);
-
- Implementation eventlist[] = { I_OnRehash, I_OnCheckBan, I_OnUserConnect, I_OnChangeHost };
- ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
- }
-
/** This function takes a domain name string and returns just the last two domain parts,
* or the last domain part if only two are available. Failing that it just returns what it was given.
*
*/
std::string LastTwoDomainParts(const std::string &host)
{
- int dots = 0;
+ unsigned int dots = 0;
std::string::size_type splitdot = host.length();
for (std::string::size_type x = host.length() - 1; x; --x)
splitdot = x;
dots++;
}
- if (dots >= 3)
+ if (dots >= domainparts)
break;
}
* @param id A unique ID for this type of item (to make it unique if the item matches)
* @param len The length of the output. Maximum for MD5 is 16 characters.
*/
- std::string SegmentCloak(const std::string& item, char id, int len)
+ std::string SegmentCloak(const std::string& item, char id, size_t len)
{
std::string input;
input.reserve(key.length() + 3 + item.length());
input.append(1, '\0'); // null does not terminate a C++ string
input.append(item);
- std::string rv = Hash->sum(input).substr(0,len);
- for(int i=0; i < len; i++)
+ std::string rv = Hash->GenerateRaw(input).substr(0,len);
+ for(size_t i = 0; i < len; i++)
{
// this discards 3 bits per byte. We have an
// overabundance of bits in the hash output, doesn't
std::string SegmentIP(const irc::sockets::sockaddrs& ip, bool full)
{
std::string bindata;
- int hop1, hop2, hop3;
- int len1, len2;
+ size_t hop1, hop2, hop3;
+ size_t len1, len2;
std::string rv;
if (ip.sa.sa_family == AF_INET6)
{
}
else
{
- char buf[50];
if (ip.sa.sa_family == AF_INET6)
{
- snprintf(buf, 50, ".%02x%02x.%02x%02x%s",
+ rv.append(InspIRCd::Format(".%02x%02x.%02x%02x%s",
ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
- ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str());
+ ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str()));
}
else
{
const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
- snprintf(buf, 50, ".%d.%d%s", ip4[1], ip4[0], suffix.c_str());
+ rv.append(InspIRCd::Format(".%d.%d%s", ip4[1], ip4[0], suffix.c_str()));
}
- rv.append(buf);
}
return rv;
}
- ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask)
+ ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) CXX11_OVERRIDE
{
LocalUser* lu = IS_LOCAL(user);
if (!lu)
OnUserConnect(lu);
std::string* cloak = cu.ext.get(user);
/* Check if they have a cloaked host, but are not using it */
- if (cloak && *cloak != user->dhost)
+ if (cloak && *cloak != user->GetDisplayedHost())
{
- char cmask[MAXBUF];
- snprintf(cmask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), cloak->c_str());
- if (InspIRCd::Match(cmask,mask))
+ const std::string cloakMask = user->nick + "!" + user->ident + "@" + *cloak;
+ if (InspIRCd::Match(cloakMask, mask))
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
}
- void Prioritize()
+ void Prioritize() CXX11_OVERRIDE
{
/* Needs to be after m_banexception etc. */
ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST);
// this unsets umode +x on every host change. If we are actually doing a +x
// mode change, we will call SetMode back to true AFTER the host change is done.
- void OnChangeHost(User* u, const std::string& host)
+ void OnChangeHost(User* u, const std::string& host) CXX11_OVERRIDE
{
- if(u->IsModeSet('x'))
+ if (u->IsModeSet(cu))
{
- u->SetMode('x', false);
- u->WriteServ("MODE %s -x", u->nick.c_str());
+ u->SetMode(cu, false);
+ u->WriteCommand("MODE", "-" + ConvToStr(cu.GetModeChar()));
}
}
- Version GetVersion()
+ Version GetVersion() CXX11_OVERRIDE
{
std::string testcloak = "broken";
if (Hash)
switch (mode)
{
case MODE_HALF_CLOAK:
- testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ // Use old cloaking verification to stay compatible with 2.0
+ // But verify domainparts when use 3.0-only features
+ if (domainparts == 3)
+ testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ else
+ {
+ irc::sockets::sockaddrs sa;
+ testcloak = GenCloak(sa, "", testcloak + ConvToStr(domainparts));
+ }
break;
case MODE_OPAQUE:
testcloak = prefix + SegmentCloak("*", 4, 8) + suffix;
return Version("Provides masking of user hostnames", VF_COMMON|VF_VENDOR, testcloak);
}
- void OnRehash(User* user)
+ void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
{
ConfigTag* tag = ServerInstance->Config->ConfValue("cloak");
prefix = tag->getString("prefix");
std::string modestr = tag->getString("mode");
if (modestr == "half")
+ {
mode = MODE_HALF_CLOAK;
+ domainparts = tag->getInt("domainparts", 3, 1, 10);
+ }
else if (modestr == "full")
mode = MODE_OPAQUE;
else
{
std::string chost;
+ irc::sockets::sockaddrs hostip;
+ bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
+
switch (mode)
{
case MODE_HALF_CLOAK:
{
- if (ipstr != host)
+ if (!host_is_ip)
chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host);
if (chost.empty() || chost.length() > 50)
chost = SegmentIP(ip, false);
return chost;
}
- void OnUserConnect(LocalUser* dest)
+ void OnUserConnect(LocalUser* dest) CXX11_OVERRIDE
{
std::string* cloak = cu.ext.get(dest);
if (cloak)
return;
- cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->host));
+ cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->GetRealHost()));
}
};
else
cloak = mod->GenCloak(sa, "", parameters[0]);
- user->WriteServ("NOTICE %s :*** Cloak for %s is %s", user->nick.c_str(), parameters[0].c_str(), cloak.c_str());
+ user->WriteNotice("*** Cloak for " + parameters[0] + " is " + cloak);
return CMD_SUCCESS;
}
projects / user / henk / code / inspircd.git / blobdiff