if (adding)
{
+ // assume this is more correct
+ if (user->registered != REG_ALL && user->host != user->dhost)
+ return MODEACTION_DENY;
+
std::string* cloak = ext.get(user);
if (!cloak)
std::string prefix;
std::string suffix;
std::string key;
- const char* xtab[4];
+ unsigned int domainparts;
dynamic_reference<HashProvider> Hash;
ModuleCloaking() : cu(this), mode(MODE_OPAQUE), ck(this), Hash(this, "hash/md5")
*/
std::string LastTwoDomainParts(const std::string &host)
{
- int dots = 0;
+ unsigned int dots = 0;
std::string::size_type splitdot = host.length();
for (std::string::size_type x = host.length() - 1; x; --x)
splitdot = x;
dots++;
}
- if (dots >= 3)
+ if (dots >= domainparts)
break;
}
return MOD_RES_PASSTHRU;
}
- void Prioritize()
+ void Prioritize() CXX11_OVERRIDE
{
/* Needs to be after m_banexception etc. */
ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST);
switch (mode)
{
case MODE_HALF_CLOAK:
- testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ // Use old cloaking verification to stay compatible with 2.0
+ // But verify domainparts when use 3.0-only features
+ if (domainparts == 3)
+ testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ else
+ {
+ irc::sockets::sockaddrs sa;
+ testcloak = GenCloak(sa, "", testcloak + ConvToStr(domainparts));
+ }
break;
case MODE_OPAQUE:
testcloak = prefix + SegmentCloak("*", 4, 8) + suffix;
std::string modestr = tag->getString("mode");
if (modestr == "half")
+ {
mode = MODE_HALF_CLOAK;
+ domainparts = tag->getInt("domainparts", 3, 1, 10);
+ }
else if (modestr == "full")
mode = MODE_OPAQUE;
else
{
std::string chost;
+ irc::sockets::sockaddrs hostip;
+ bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
+
switch (mode)
{
case MODE_HALF_CLOAK:
{
- if (ipstr != host)
+ if (!host_is_ip)
chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host);
if (chost.empty() || chost.length() > 50)
chost = SegmentIP(ip, false);