#include "inspircd.h"
#include "modules/hash.h"
-/* $ModDesc: Provides masking of user hostnames */
-
enum CloakMode
{
/** 2.0 cloak of "half" of the hostname plus the full IP hash */
class CloakUser : public ModeHandler
{
public:
+ bool active;
LocalStringExt ext;
std::string debounce_uid;
time_t debounce_ts;
int debounce_count;
CloakUser(Module* source)
- : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER),
- ext("cloaked_host", source), debounce_ts(0), debounce_count(0)
+ : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER)
+ , active(false)
+ , ext("cloaked_host", ExtensionItem::EXT_USER, source)
+ , debounce_ts(0)
+ , debounce_count(0)
{
}
- ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding)
+ ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
{
LocalUser* user = IS_LOCAL(dest);
*/
if (!user)
{
+ // Remote setters broadcast mode before host while local setters do the opposite, so this takes that into account
+ active = IS_LOCAL(source) ? adding : !adding;
dest->SetMode(this, adding);
return MODEACTION_ALLOW;
}
if (adding)
{
+ // assume this is more correct
+ if (user->registered != REG_ALL && user->GetRealHost() != user->GetDisplayedHost())
+ return MODEACTION_DENY;
+
std::string* cloak = ext.get(user);
if (!cloak)
}
if (cloak)
{
- user->ChangeDisplayedHost(cloak->c_str());
+ user->ChangeDisplayedHost(*cloak);
user->SetMode(this, true);
return MODEACTION_ALLOW;
}
* and make it match the displayed one.
*/
user->SetMode(this, false);
- user->ChangeDisplayedHost(user->host.c_str());
+ user->ChangeDisplayedHost(user->GetRealHost().c_str());
return MODEACTION_ALLOW;
}
}
syntax = "<host>";
}
- CmdResult Handle(const std::vector<std::string> ¶meters, User *user);
+ CmdResult Handle(const std::vector<std::string>& parameters, User* user) CXX11_OVERRIDE;
};
class ModuleCloaking : public Module
std::string prefix;
std::string suffix;
std::string key;
- const char* xtab[4];
+ unsigned int domainparts;
dynamic_reference<HashProvider> Hash;
- ModuleCloaking() : cu(this), mode(MODE_OPAQUE), ck(this), Hash(this, "hash/md5")
+ ModuleCloaking()
+ : cu(this)
+ , mode(MODE_OPAQUE)
+ , ck(this)
+ , Hash(this, "hash/md5")
{
}
- void init() CXX11_OVERRIDE
- {
- OnRehash(NULL);
-
- ServerInstance->Modules->AddService(cu);
- ServerInstance->Modules->AddService(ck);
- ServerInstance->Modules->AddService(cu.ext);
-
- Implementation eventlist[] = { I_OnRehash, I_OnCheckBan, I_OnUserConnect, I_OnChangeHost };
- ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
- }
-
/** This function takes a domain name string and returns just the last two domain parts,
* or the last domain part if only two are available. Failing that it just returns what it was given.
*
*/
std::string LastTwoDomainParts(const std::string &host)
{
- int dots = 0;
+ unsigned int dots = 0;
std::string::size_type splitdot = host.length();
for (std::string::size_type x = host.length() - 1; x; --x)
splitdot = x;
dots++;
}
- if (dots >= 3)
+ if (dots >= domainparts)
break;
}
* @param id A unique ID for this type of item (to make it unique if the item matches)
* @param len The length of the output. Maximum for MD5 is 16 characters.
*/
- std::string SegmentCloak(const std::string& item, char id, int len)
+ std::string SegmentCloak(const std::string& item, char id, size_t len)
{
std::string input;
input.reserve(key.length() + 3 + item.length());
input.append(1, '\0'); // null does not terminate a C++ string
input.append(item);
- std::string rv = Hash->sum(input).substr(0,len);
- for(int i=0; i < len; i++)
+ std::string rv = Hash->GenerateRaw(input).substr(0,len);
+ for(size_t i = 0; i < len; i++)
{
// this discards 3 bits per byte. We have an
// overabundance of bits in the hash output, doesn't
std::string SegmentIP(const irc::sockets::sockaddrs& ip, bool full)
{
std::string bindata;
- int hop1, hop2, hop3;
- int len1, len2;
+ size_t hop1, hop2, hop3;
+ size_t len1, len2;
std::string rv;
- if (ip.sa.sa_family == AF_INET6)
+ if (ip.family() == AF_INET6)
{
bindata = std::string((const char*)ip.in6.sin6_addr.s6_addr, 16);
hop1 = 8;
}
else
{
- char buf[50];
- if (ip.sa.sa_family == AF_INET6)
+ if (ip.family() == AF_INET6)
{
- snprintf(buf, 50, ".%02x%02x.%02x%02x%s",
+ rv.append(InspIRCd::Format(".%02x%02x.%02x%02x%s",
ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
- ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str());
+ ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str()));
}
else
{
const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
- snprintf(buf, 50, ".%d.%d%s", ip4[1], ip4[0], suffix.c_str());
+ rv.append(InspIRCd::Format(".%d.%d%s", ip4[1], ip4[0], suffix.c_str()));
}
- rv.append(buf);
}
return rv;
}
OnUserConnect(lu);
std::string* cloak = cu.ext.get(user);
/* Check if they have a cloaked host, but are not using it */
- if (cloak && *cloak != user->dhost)
+ if (cloak && *cloak != user->GetDisplayedHost())
{
const std::string cloakMask = user->nick + "!" + user->ident + "@" + *cloak;
if (InspIRCd::Match(cloakMask, mask))
return MOD_RES_PASSTHRU;
}
- void Prioritize()
+ void Prioritize() CXX11_OVERRIDE
{
/* Needs to be after m_banexception etc. */
ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST);
// mode change, we will call SetMode back to true AFTER the host change is done.
void OnChangeHost(User* u, const std::string& host) CXX11_OVERRIDE
{
- if (u->IsModeSet(cu))
+ if (u->IsModeSet(cu) && !cu.active)
{
u->SetMode(cu, false);
- u->WriteServ("MODE %s -%c", u->nick.c_str(), cu.GetModeChar());
+ u->WriteCommand("MODE", "-" + ConvToStr(cu.GetModeChar()));
}
+ cu.active = false;
}
Version GetVersion() CXX11_OVERRIDE
switch (mode)
{
case MODE_HALF_CLOAK:
- testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ // Use old cloaking verification to stay compatible with 2.0
+ // But verify domainparts when use 3.0-only features
+ if (domainparts == 3)
+ testcloak = prefix + SegmentCloak("*", 3, 8) + suffix;
+ else
+ {
+ irc::sockets::sockaddrs sa;
+ testcloak = GenCloak(sa, "", testcloak + ConvToStr(domainparts));
+ }
break;
case MODE_OPAQUE:
testcloak = prefix + SegmentCloak("*", 4, 8) + suffix;
return Version("Provides masking of user hostnames", VF_COMMON|VF_VENDOR, testcloak);
}
- void OnRehash(User* user) CXX11_OVERRIDE
+ void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
{
ConfigTag* tag = ServerInstance->Config->ConfValue("cloak");
prefix = tag->getString("prefix");
std::string modestr = tag->getString("mode");
if (modestr == "half")
+ {
mode = MODE_HALF_CLOAK;
+ domainparts = tag->getUInt("domainparts", 3, 1, 10);
+ }
else if (modestr == "full")
mode = MODE_OPAQUE;
else
{
std::string chost;
+ irc::sockets::sockaddrs hostip;
+ bool host_is_ip = irc::sockets::aptosa(host, ip.port(), hostip) && hostip == ip;
+
switch (mode)
{
case MODE_HALF_CLOAK:
{
- if (ipstr != host)
+ if (!host_is_ip)
chost = prefix + SegmentCloak(host, 1, 6) + LastTwoDomainParts(host);
if (chost.empty() || chost.length() > 50)
chost = SegmentIP(ip, false);
if (cloak)
return;
- cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->host));
+ cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->GetRealHost()));
}
};
projects / user / henk / code / inspircd.git / blobdiff