* ---------------------------------------------------
*/
-#include "inspircd_config.h"
-#include "configreader.h"
#include "inspircd.h"
#include "users.h"
#include "channels.h"
#include "modules.h"
-
#include "m_hash.h"
/* $ModDesc: Provides masking of user hostnames */
unsigned int key4;
Module* Sender;
Module* HashProvider;
+
+ /** This function takes a domain name string and returns just the last two domain parts,
+ * or the last domain part if only two are available. Failing that it just returns what it was given.
+ *
+ * For example, if it is passed "svn.inspircd.org" it will return ".inspircd.org".
+ * If it is passed "brainbox.winbot.co.uk" it will return ".co.uk",
+ * and if it is passed "localhost.localdomain" it will return ".localdomain".
+ *
+ * This is used to ensure a significant part of the host is always cloaked (see Bug #216)
+ */
+ std::string LastTwoDomainParts(const std::string &host)
+ {
+ int dots = 0;
+ std::string::size_type splitdot = host.length();
+
+ for (std::string::size_type x = host.length() - 1; x; --x)
+ {
+ if (host[x] == '.')
+ {
+ splitdot = x;
+ dots++;
+ }
+ if (dots >= 3)
+ break;
+ }
+
+ if (splitdot == host.length())
+ return host;
+ else
+ return host.substr(splitdot);
+ }
public:
CloakUser(InspIRCd* Instance, Module* Source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(Source), HashProvider(Hash)
ModeAction OnModeChange(userrec* source, userrec* dest, chanrec* channel, std::string ¶meter, bool adding)
{
- /* Only opers can change other users modes */
- if ((source != dest) && (!*source->oper))
+ if (source != dest)
return MODEACTION_DENY;
/* For remote clients, we dont take any action, we just allow it.
*/
unsigned int iv[] = { key1, key2, key3, key4 };
- std::string a = (n1 ? n1 : n2);
+ std::string a = LastTwoDomainParts(dest->host);
std::string b;
/** Reset the Hash module, and send it our IV and hex table */
/* If we get here, yes it really is an ipv6 ip */
unsigned int iv[] = { key1, key2, key3, key4 };
std::vector<std::string> hashies;
- std::string item = "";
+ std::string item;
int rounds = 0;
/* Reset the Hash module and send it our IV */
for (const char* input = ip; *input; input++)
{
item += *input;
- if (item.length() > 5)
+ if (item.length() > 7)
{
/* Send the Hash module a different hex table for each octet group's Hash sum */
HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send();
- hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,10));
- item = "";
+ hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8));
+ item.clear();
}
rounds++;
}
{
/* Send the Hash module a different hex table for each octet group's Hash sum */
HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send();
- hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,10));
- item = "";
+ hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8));
+ item.clear();
}
/* Stick them all together */
return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined();
public:
ModuleCloaking(InspIRCd* Me)
- : Module::Module(Me)
+ : Module(Me)
{
ServerInstance->UseInterface("HashRequest");
};
-extern "C" void * init_module( void )
+extern "C" DllExport void * init_module( void )
{
return new ModuleCloakingFactory;
}