}
/* don't allow this user to spam modechanges */
- dest->IncreasePenalty(5);
+ IS_LOCAL(dest)->CommandFloodPenalty += 5000;
if (adding)
{
std::string* cloak = ext.get(dest);
- if (!cloak)
+ if (!cloak && IS_LOCAL(dest))
{
/* Force creation of missing cloak */
- creator->OnUserConnect(dest);
+ creator->OnUserConnect(IS_LOCAL(dest));
cloak = ext.get(dest);
}
if (cloak)
std::string key;
unsigned int compatkey[4];
const char* xtab[4];
- Module* HashProvider;
+ dynamic_reference<HashProvider> Hash;
public:
- ModuleCloaking() : cu(this)
+ ModuleCloaking() : cu(this), Hash(this, "hash/md5")
{
- /* Attempt to locate the md5 service provider, bail if we can't find it */
- HashProvider = ServerInstance->Modules->Find("m_md5.so");
- if (!HashProvider)
- throw ModuleException("Can't find m_md5.so. Please load m_md5.so before m_cloaking.so.");
-
OnRehash(NULL);
/* Register it with the core */
if (!ServerInstance->Modes->AddMode(&cu))
throw ModuleException("Could not add new modes!");
- ServerInstance->Modules->UseInterface("HashRequest");
ServerInstance->Extensions.Register(&cu.ext);
Implementation eventlist[] = { I_OnRehash, I_OnCheckBan, I_OnUserConnect };
ServerInstance->Modules->Attach(eventlist, this, 3);
-
- CloakExistingUsers();
}
/** This function takes a domain name string and returns just the last two domain parts,
/* Send the Hash module a different hex table for each octet group's Hash sum */
for (int k = 0; k < 4; k++)
{
- HashRequestIV hash(this, HashProvider, compatkey, xtab[(compatkey[k]+i[k]) % 4], octet[k]);
- rv.append(hash.result.substr(0,6));
+ rv.append(Hash->sumIV(compatkey, xtab[(compatkey[k]+i[k]) % 4], octet[k]).substr(0,6));
if (k < 3)
rv.append(".");
}
item += *input;
if (item.length() > 7)
{
- HashRequestIV hash(this, HashProvider, compatkey, xtab[(compatkey[1]+rounds) % 4], item);
- hashies.push_back(hash.result.substr(0,8));
+ hashies.push_back(Hash->sumIV(compatkey, xtab[(compatkey[1]+rounds) % 4], item).substr(0,8));
item.clear();
}
rounds++;
}
if (!item.empty())
{
- HashRequestIV hash(this, HashProvider, compatkey, xtab[(compatkey[1]+rounds) % 4], item);
- hashies.push_back(hash.result.substr(0,8));
+ hashies.push_back(Hash->sumIV(compatkey, xtab[(compatkey[1]+rounds) % 4], item).substr(0,8));
}
/* Stick them all together */
return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined();
}
- std::string ReversePartialIP(const irc::sockets::sockaddrs& ip)
- {
- char rv[50];
- if (ip.sa.sa_family == AF_INET6)
- {
- snprintf(rv, 50, ".%02x%02x.%02x%02x.%02x%02x.IP",
- ip.in6.sin6_addr.s6_addr[4], ip.in6.sin6_addr.s6_addr[5],
- ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
- ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1]);
- }
- else
- {
- const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
- snprintf(rv, 50, ".%d.%d.IP", ip4[1], ip4[0]);
- }
- return rv;
- }
-
- std::string SegmentIP(const irc::sockets::sockaddrs& ip)
+ std::string SegmentIP(const irc::sockets::sockaddrs& ip, bool full)
{
std::string bindata;
- int hop1, hop2;
+ int hop1, hop2, hop3;
+ std::string rv;
if (ip.sa.sa_family == AF_INET6)
{
bindata = std::string((const char*)ip.in6.sin6_addr.s6_addr, 16);
hop1 = 8;
hop2 = 6;
+ hop3 = 4;
+ rv.reserve(prefix.length() + 37);
}
else
{
bindata = std::string((const char*)&ip.in4.sin_addr, 4);
hop1 = 3;
- hop2 = 2;
+ hop2 = 0;
+ hop3 = 2;
+ rv.reserve(prefix.length() + 30);
}
- std::string rv;
- rv.reserve(prefix.length() + 30);
rv.append(prefix);
- rv.append(SegmentCloak(bindata, 2));
+ rv.append(SegmentCloak(bindata, 10));
rv.append(1, '.');
bindata.erase(hop1);
- rv.append(SegmentCloak(bindata, 3));
- rv.append(1, '.');
- bindata.erase(hop2);
- rv.append(SegmentCloak(bindata, 4));
- rv.append(".IP");
+ rv.append(SegmentCloak(bindata, 11));
+ if (hop2)
+ {
+ rv.append(1, '.');
+ bindata.erase(hop2);
+ rv.append(SegmentCloak(bindata, 12));
+ }
+
+ if (full)
+ {
+ rv.append(1, '.');
+ bindata.erase(hop3);
+ rv.append(SegmentCloak(bindata, 13));
+ rv.append(".IP");
+ }
+ else
+ {
+ char buf[50];
+ if (ip.sa.sa_family == AF_INET6)
+ {
+ snprintf(buf, 50, ".%02x%02x.%02x%02x.IP",
+ ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3],
+ ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1]);
+ }
+ else
+ {
+ const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr;
+ snprintf(buf, 50, ".%d.%d.IP", ip4[1], ip4[0]);
+ }
+ rv.append(buf);
+ }
return rv;
}
input.append(1, 0); // null does not terminate a C++ string
input.append(item);
- HashRequest hash(this, HashProvider, input);
- std::string rv = hash.binresult.substr(0,6);
+ std::string rv = Hash->sum(input).substr(0,6);
for(int i=0; i < 6; i++)
{
// this discards 3 bits per byte. We have an
return rv;
}
- void CloakExistingUsers()
- {
- std::string* cloak;
- for (std::vector<LocalUser*>::iterator u = ServerInstance->Users->local_users.begin(); u != ServerInstance->Users->local_users.end(); u++)
- {
- cloak = cu.ext.get(*u);
- if (!cloak)
- {
- OnUserConnect(*u);
- }
- }
- }
-
ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask)
{
- char cmask[MAXBUF];
+ LocalUser* lu = IS_LOCAL(user);
+ if (!lu)
+ return MOD_RES_PASSTHRU;
+
+ OnUserConnect(lu);
std::string* cloak = cu.ext.get(user);
/* Check if they have a cloaked host, but are not using it */
if (cloak && *cloak != user->dhost)
{
+ char cmask[MAXBUF];
snprintf(cmask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), cloak->c_str());
if (InspIRCd::Match(cmask,mask))
return MOD_RES_DENY;
~ModuleCloaking()
{
- ServerInstance->Modules->DoneWithInterface("HashRequest");
}
Version GetVersion()
}
}
- void OnUserConnect(User* dest)
+ void OnUserConnect(LocalUser* dest)
{
std::string* cloak = cu.ext.get(dest);
if (cloak)
{
std::string tail = LastTwoDomainParts(dest->host);
- /** Reset the Hash module, and send it our IV and hex table */
- HashRequestIV hash(this, HashProvider, compatkey, xtab[(dest->host[0]) % 4], dest->host);
-
/* Generate a cloak using specialized Hash */
- chost = prefix + "-" + hash.result.substr(0,8) + tail;
+ chost = prefix + "-" + Hash->sumIV(compatkey, xtab[(dest->host[0]) % 4], dest->host).substr(0,8) + tail;
/* Fix by brain - if the cloaked host is > the max length of a host (64 bytes
* according to the DNS RFC) then they get cloaked as an IP.
break;
case MODE_HALF_CLOAK:
{
- std::string tail;
if (ipstr != dest->host)
- tail = LastTwoDomainParts(dest->host);
- if (tail.empty() || tail.length() > 50)
- tail = ReversePartialIP(dest->client_sa);
- chost = prefix + SegmentCloak(dest->host, 1) + tail;
+ chost = prefix + SegmentCloak(dest->host, 1) + LastTwoDomainParts(dest->host);
+ if (chost.empty() || chost.length() > 50)
+ chost = SegmentIP(dest->client_sa, false);
break;
}
case MODE_OPAQUE:
default:
- chost = prefix + SegmentIP(dest->client_sa);
+ chost = SegmentIP(dest->client_sa, true);
}
cu.ext.set(dest,chost);
}