X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_cloaking.cpp;h=7a500c1b30695b01570cc6960c64f0de0beaa75d;hb=ce168051e23bf7a33410ad17a4b78f5da478dbbe;hp=c48ff7b9c7ce9ab5c21501edd083d3a0ccb09ef8;hpb=1383dba43e463f292aea094d01f62f355946049d;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index c48ff7b9c..7a500c1b3 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -2,422 +2,434 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev. - * E-mail: - * - * - * - * Written by Craig Edwards, Craig McLure, and others. + * InspIRCd: (C) 2002-2008 InspIRCd Development Team + * See: http://www.inspircd.org/wiki/index.php/Credits + * * This program is free but copyrighted software; see - * the file COPYING for details. + * the file COPYING for details. * * --------------------------------------------------- */ -using namespace std; - -// Hostname cloaking (+x mode) module for inspircd. -// version 1.0.0.1 by brain (C. J. Edwards) Mar 2004. -// -// When loaded this module will automatically set the -// +x mode on all connecting clients. -// -// Setting +x on a client causes the module to change the -// dhost entry (displayed host) for each user who has the -// mode, cloaking their host. Unlike unreal, the algorithm -// is non-reversible as uncloaked hosts are passed along -// the server->server link, and all encoding of hosts is -// done locally on the server by this module. - -#include -#include -#include -#include -#include "users.h" -#include "channels.h" -#include "modules.h" +#include "inspircd.h" +#include "wildcard.h" +#include "m_hash.h" /* $ModDesc: Provides masking of user hostnames */ +/* $ModDep: m_hash.h */ +/** Handles user mode +x + */ +class CloakUser : public ModeHandler +{ + public: + std::string prefix; + unsigned int key1; + unsigned int key2; + unsigned int key3; + unsigned int key4; + bool ipalways; + Module* Sender; + Module* HashProvider; + const char *xtab[4]; + + /** This function takes a domain name string and returns just the last two domain parts, + * or the last domain part if only two are available. Failing that it just returns what it was given. + * + * For example, if it is passed "svn.inspircd.org" it will return ".inspircd.org". + * If it is passed "brainbox.winbot.co.uk" it will return ".co.uk", + * and if it is passed "localhost.localdomain" it will return ".localdomain". + * + * This is used to ensure a significant part of the host is always cloaked (see Bug #216) + */ + std::string LastTwoDomainParts(const std::string &host) + { + int dots = 0; + std::string::size_type splitdot = host.length(); -/* The four core functions - F1 is optimized somewhat */ - -#define F1(x, y, z) (z ^ (x & (y ^ z))) -#define F2(x, y, z) F1(z, x, y) -#define F3(x, y, z) (x ^ y ^ z) -#define F4(x, y, z) (y ^ (x | ~z)) -#define MD5STEP(f,w,x,y,z,in,s) (w += f(x,y,z) + in, w = (w<>(32-s)) + x) + for (std::string::size_type x = host.length() - 1; x; --x) + { + if (host[x] == '.') + { + splitdot = x; + dots++; + } + if (dots >= 3) + break; + } -typedef unsigned long word32; -typedef unsigned char byte; + if (splitdot == host.length()) + return host; + else + return host.substr(splitdot); + } -struct xMD5Context { - word32 buf[4]; - word32 bytes[2]; - word32 in[16]; -}; + CloakUser(InspIRCd* Instance, Module* source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(source), HashProvider(Hash) + { + } -class ModuleCloaking : public Module -{ - private: + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding, bool) + { + if (source != dest) + return MODEACTION_DENY; + + /* For remote clients, we dont take any action, we just allow it. + * The local server where they are will set their cloak instead. + * This is fine, as we will recieve it later. + */ + if (!IS_LOCAL(dest)) + { + dest->SetMode('x',adding); + return MODEACTION_ALLOW; + } - Server *Srv; + /* don't allow this user to spam modechanges */ + dest->IncreasePenalty(5); - void byteSwap(word32 *buf, unsigned words) - { - byte *p = (byte *)buf; - - do + if (adding) { - *buf++ = (word32)((unsigned)p[3] << 8 | p[2]) << 16 | - ((unsigned)p[1] << 8 | p[0]); - p += 4; - } while (--words); + if(!dest->IsModeSet('x')) + { + /* The mode is being turned on - so attempt to + * allocate the user a cloaked host using a non-reversible + * algorithm (its simple, but its non-reversible so the + * simplicity doesnt really matter). This algorithm + * will not work if the user has only one level of domain + * naming in their hostname (e.g. if they are on a lan or + * are connecting via localhost) -- this doesnt matter much. + */ + + std::string* cloak; + + if (dest->GetExt("cloaked_host", cloak)) + { + /* Cloaked host has been set before on this user, don't bother to recalculate and waste cpu */ + dest->ChangeDisplayedHost(cloak->c_str()); + dest->SetMode('x',true); + return MODEACTION_ALLOW; + } + } + } + else + { + if (dest->IsModeSet('x')) + { + /* User is removing the mode, so just restore their real host + * and make it match the displayed one. + */ + dest->ChangeDisplayedHost(dest->host); + dest->SetMode('x',false); + return MODEACTION_ALLOW; + } + } + + return MODEACTION_DENY; } - void xMD5Init(struct xMD5Context *ctx) + std::string Cloak4(const char* ip) { - ctx->buf[0] = 0x67452301; - ctx->buf[1] = 0xefcdab89; - ctx->buf[2] = 0x98badcfe; - ctx->buf[3] = 0x10325476; + unsigned int iv[] = { key1, key2, key3, key4 }; + irc::sepstream seps(ip, '.'); + std::string ra[4];; + std::string octet[4]; + int i[4]; + + for (int j = 0; j < 4; j++) + { + seps.GetToken(octet[j]); + i[j] = atoi(octet[j].c_str()); + } + + octet[3] = octet[0] + "." + octet[1] + "." + octet[2] + "." + octet[3]; + octet[2] = octet[0] + "." + octet[1] + "." + octet[2]; + octet[1] = octet[0] + "." + octet[1]; + + /* Reset the Hash module and send it our IV */ + HashResetRequest(Sender, HashProvider).Send(); + HashKeyRequest(Sender, HashProvider, iv).Send(); - ctx->bytes[0] = 0; - ctx->bytes[1] = 0; + /* Send the Hash module a different hex table for each octet group's Hash sum */ + for (int k = 0; k < 4; k++) + { + HashHexRequest(Sender, HashProvider, xtab[(iv[k]+i[k]) % 4]).Send(); + ra[k] = std::string(HashSumRequest(Sender, HashProvider, octet[k]).Send()).substr(0,6); + } + /* Stick them all together */ + return std::string().append(ra[0]).append(".").append(ra[1]).append(".").append(ra[2]).append(".").append(ra[3]); } - void xMD5Update(struct xMD5Context *ctx, byte const *buf, int len) + std::string Cloak6(const char* ip) { - word32 t; + /* Theyre using 4in6 (YUCK). Translate as ipv4 cloak */ + if (!strncmp(ip, "0::ffff:", 8)) + return Cloak4(ip + 8); - /* Update byte count */ + /* If we get here, yes it really is an ipv6 ip */ + unsigned int iv[] = { key1, key2, key3, key4 }; + std::vector hashies; + std::string item; + int rounds = 0; - t = ctx->bytes[0]; - if ((ctx->bytes[0] = t + len) < t) - ctx->bytes[1]++; /* Carry from low to high */ + /* Reset the Hash module and send it our IV */ + HashResetRequest(Sender, HashProvider).Send(); + HashKeyRequest(Sender, HashProvider, iv).Send(); - t = 64 - (t & 0x3f); /* Space available in ctx->in (at least 1) */ - if ((unsigned)t > (unsigned)len) + for (const char* input = ip; *input; input++) + { + item += *input; + if (item.length() > 7) + { + /* Send the Hash module a different hex table for each octet group's Hash sum */ + HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send(); + hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8)); + item.clear(); + } + rounds++; + } + if (!item.empty()) + { + /* Send the Hash module a different hex table for each octet group's Hash sum */ + HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send(); + hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8)); + item.clear(); + } + /* Stick them all together */ + return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined(); + } + + void DoRehash() + { + ConfigReader Conf(ServerInstance); + bool lowercase; + + /* These are *not* using the need_positive parameter of ReadInteger - + * that will limit the valid values to only the positive values in a + * signed int. Instead, accept any value that fits into an int and + * cast it to an unsigned int. That will, a bit oddly, give us the full + * spectrum of an unsigned integer. - Special */ + key1 = key2 = key3 = key4 = 0; + key1 = (unsigned int) Conf.ReadInteger("cloak","key1",0,false); + key2 = (unsigned int) Conf.ReadInteger("cloak","key2",0,false); + key3 = (unsigned int) Conf.ReadInteger("cloak","key3",0,false); + key4 = (unsigned int) Conf.ReadInteger("cloak","key4",0,false); + prefix = Conf.ReadValue("cloak","prefix",0); + ipalways = Conf.ReadFlag("cloak", "ipalways", 0); + lowercase = Conf.ReadFlag("cloak", "lowercase", 0); + + if (!lowercase) { - memcpy((byte *)ctx->in + 64 - (unsigned)t, buf, len); - return; + xtab[0] = "F92E45D871BCA630"; + xtab[1] = "A1B9D80C72E653F4"; + xtab[2] = "1ABC078934DEF562"; + xtab[3] = "ABCDEF5678901234"; } - /* First chunk is an odd size */ - memcpy((byte *)ctx->in + 64 - (unsigned)t, buf, (unsigned)t); - byteSwap(ctx->in, 16); - xMD5Transform(ctx->buf, ctx->in); - buf += (unsigned)t; - len -= (unsigned)t; - - /* Process data in 64-byte chunks */ - while (len >= 64) + else { - memcpy(ctx->in, buf, 64); - byteSwap(ctx->in, 16); - xMD5Transform(ctx->buf, ctx->in); - buf += 64; - len -= 64; + xtab[0] = "f92e45d871bca630"; + xtab[1] = "a1b9d80c72e653f4"; + xtab[2] = "1abc078934def562"; + xtab[3] = "abcdef5678901234"; } - /* Handle any remaining bytes of data. */ - memcpy(ctx->in, buf, len); + if (prefix.empty()) + prefix = ServerInstance->Config->Network; + + if (!key1 || !key2 || !key3 || !key4) + { + std::string detail; + if (!key1) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key2) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key3) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key4) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + + throw ModuleException("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED! - " + detail); + } } +}; + - void xMD5Final(byte digest[16], struct xMD5Context *ctx) +class ModuleCloaking : public Module +{ + private: + + CloakUser* cu; + Module* HashModule; + + public: + ModuleCloaking(InspIRCd* Me) + : Module(Me) { - int count = (int)(ctx->bytes[0] & 0x3f); /* Bytes in ctx->in */ - byte *p = (byte *)ctx->in + count; /* First unused byte */ - - /* Set the first char of padding to 0x80. There is always room. */ - *p++ = 0x80; - - /* Bytes of padding needed to make 56 bytes (-8..55) */ - count = 56 - 1 - count; - - if (count < 0) - { /* Padding forces an extra block */ - memset(p, 0, count+8); - byteSwap(ctx->in, 16); - xMD5Transform(ctx->buf, ctx->in); - p = (byte *)ctx->in; - count = 56; + /* Attempt to locate the md5 service provider, bail if we can't find it */ + HashModule = ServerInstance->Modules->Find("m_md5.so"); + if (!HashModule) + throw ModuleException("Can't find m_md5.so. Please load m_md5.so before m_cloaking.so."); + + cu = new CloakUser(ServerInstance, this, HashModule); + + try + { + OnRehash(NULL,""); + } + catch (ModuleException &e) + { + delete cu; + throw e; } - memset(p, 0, count+8); - byteSwap(ctx->in, 14); - /* Append length in bits and transform */ - ctx->in[14] = ctx->bytes[0] << 3; - ctx->in[15] = ctx->bytes[1] << 3 | ctx->bytes[0] >> 29; - xMD5Transform(ctx->buf, ctx->in); + /* Register it with the core */ + if (!ServerInstance->Modes->AddMode(cu)) + { + delete cu; + throw ModuleException("Could not add new modes!"); + } - byteSwap(ctx->buf, 4); - memcpy(digest, ctx->buf, 16); - memset(ctx, 0, sizeof(ctx)); + ServerInstance->Modules->UseInterface("HashRequest"); + + Implementation eventlist[] = { I_OnRehash, I_OnUserDisconnect, I_OnCleanup, I_OnCheckBan, I_OnUserConnect, I_OnSyncUserMetaData }; + ServerInstance->Modules->Attach(eventlist, this, 6); } - void xMD5Transform(word32 buf[4], word32 const in[16]) + void OnSyncUserMetaData(User* user, Module* proto,void* opaque, const std::string &extname, bool displayable) { - register word32 a, b, c, d; - - a = buf[0]; - b = buf[1]; - c = buf[2]; - d = buf[3]; - - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); - - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); - - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); - - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); - - buf[0] += a; - buf[1] += b; - buf[2] += c; - buf[3] += d; + if ((displayable) && (extname == "cloaked_host")) + { + std::string* cloak; + if (user->GetExt("cloaked_host", cloak)) + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, *cloak); + } } - void MyMD5(void *dest, void *orig, int len) + virtual int OnCheckBan(User* user, Channel* chan) { - struct xMD5Context context; - - xMD5Init(&context); - xMD5Update(&context, (const unsigned char*)orig, len); - xMD5Final((unsigned char*)dest, &context); + char mask[MAXBUF]; + std::string* tofree; + /* Check if they have a cloaked host, but are not using it */ + if (user->GetExt("cloaked_host", tofree) && *tofree != user->dhost) + { + snprintf(mask, MAXBUF, "%s!%s@%s", user->nick, user->ident, tofree->c_str()); + for (BanList::iterator i = chan->bans.begin(); i != chan->bans.end(); i++) + { + if (match(mask,i->data)) + return -1; + } + } + return 0; } + void Prioritize() + { + /* Needs to be after m_banexception etc. */ + ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIO_LAST); + } - void GenHash(char* src, char* dest) + virtual void OnUserDisconnect(User* user) { - // purposefully lossy md5 - only gives them the most significant 4 bits - // of every md5 output byte. - int i = 0; - unsigned char bytes[16]; - char hash[MAXBUF]; - *hash = 0; - MyMD5((char*)bytes,src,strlen(src)); - for (i = 0; i < 16; i++) - { - const char* xtab = "F92E45D871BCA630"; - unsigned char hi = xtab[bytes[i] / 16]; - char hx[2]; - hx[0] = hi; - hx[1] = '\0'; - strlcat(hash,hx,MAXBUF); - } - strlcpy(dest,hash,MAXBUF); + std::string* tofree; + if (user->GetExt("cloaked_host", tofree)) + delete tofree; } - - public: - ModuleCloaking(Server* Me) - : Module::Module(Me) + + virtual void OnCleanup(int target_type, void* item) { - // We must take a copy of the Server class to work with - Srv = Me; - - // we must create a new mode. Set the parameters so the - // mode doesn't require oper, and is a client usermode - // with no parameters (actually, you cant have params for a umode!) - if (!Srv->AddExtendedMode('x',MT_CLIENT,false,0,0)) - { - // we couldn't claim mode x... possibly anther module has it, - // this might become likely to happen if there are a lot of 3rd - // party modules around in the future -- any 3rd party modules - // SHOULD implement a system of configurable mode letters (e.g. - // from a config file) - Srv->Log(DEFAULT,"*** m_cloaking: ERROR, failed to allocate user mode +x!"); - printf("Could not claim usermode +x for this module!"); - return; - } + if (target_type == TYPE_USER) + OnUserDisconnect((User*)item); } virtual ~ModuleCloaking() { + ServerInstance->Modes->DelMode(cu); + delete cu; + ServerInstance->Modules->DoneWithInterface("HashRequest"); } virtual Version GetVersion() { // returns the version number of the module to be // listed in /MODULES - return Version(1,0,0,1,VF_STATIC|VF_VENDOR); + return Version(1,2,0,2,VF_COMMON|VF_VENDOR,API_VERSION); } - void Implements(char* List) + virtual void OnRehash(User* user, const std::string ¶meter) { - List[I_OnExtendedMode] = List[I_OnUserConnect] = 1; + cu->DoRehash(); } - - virtual int OnExtendedMode(userrec* user, void* target, char modechar, int type, bool mode_on, string_list ¶ms) + + virtual void OnUserConnect(User* dest) { - // this method is called for any extended mode character. - // all module modes for all modules pass through here - // (unless another module further up the chain claims them) - // so we must be VERY careful to only act upon modes which - // we have claimed ourselves. This is a feature to allow - // modules to 'spy' on extended mode activity if they so wish. - if ((modechar == 'x') && (type == MT_CLIENT)) - { - // OnExtendedMode gives us a void* as the target, we must cast - // it into a userrec* or a chanrec* depending on the value of - // the 'type' parameter (MT_CLIENT or MT_CHANNEL) - userrec* dest = (userrec*)target; - - // we've now determined that this is our mode character... - // is the user adding the mode to their list or removing it? - if (mode_on) + char* n1 = strchr(dest->host,'.'); + char* n2 = strchr(dest->host,':'); + + if (n1 || n2) + { + unsigned int iv[] = { cu->key1, cu->key2, cu->key3, cu->key4 }; + std::string a = cu->LastTwoDomainParts(dest->host); + std::string b; + + /* InspIRCd users have two hostnames; A displayed + * hostname which can be modified by modules (e.g. + * to create vhosts, implement chghost, etc) and a + * 'real' hostname which you shouldnt write to. + */ + + /* 2008/08/18: add which always cloaks + * the IP, for anonymity. --nenolod + */ + if (!cu->ipalways) { - // the mode is being turned on - so attempt to - // allocate the user a cloaked host using a non-reversible - // algorithm (its simple, but its non-reversible so the - // simplicity doesnt really matter). This algorithm - // will not work if the user has only one level of domain - // naming in their hostname (e.g. if they are on a lan or - // are connecting via localhost) -- this doesnt matter much. - if (strchr(dest->host,'.')) - { - // in inspircd users have two hostnames. A displayed - // hostname which can be modified by modules (e.g. - // to create vhosts, implement chghost, etc) and a - // 'real' hostname which you shouldnt write to. - std::string a = strstr(dest->host,"."); - char ra[64]; - this->GenHash(dest->host,ra); - std::string b = ""; - in_addr testaddr; - if (!inet_aton(dest->host,&testaddr)) - { - // if they have a hostname, make something appropriate - b = Srv->GetNetworkName() + "-" + std::string(ra) + a; - } - else - { - // else, they have an ip - b = std::string(ra) + "." + Srv->GetNetworkName() + ".cloak"; - } - Srv->Log(DEBUG,"cloak: allocated "+b); - Srv->ChangeHost(dest,b); - } + /** Reset the Hash module, and send it our IV and hex table */ + HashResetRequest(this, cu->HashProvider).Send(); + HashKeyRequest(this, cu->HashProvider, iv).Send(); + HashHexRequest(this, cu->HashProvider, cu->xtab[(*dest->host) % 4]); + + /* Generate a cloak using specialized Hash */ + std::string hostcloak = cu->prefix + "-" + std::string(HashSumRequest(this, cu->HashProvider, dest->host).Send()).substr(0,8) + a; + + /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes + * according to the DNS RFC) then tough titty, they get cloaked as an IP. + * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie + * vhost. + */ +#ifdef IPV6 + in6_addr testaddr; + in_addr testaddr2; + if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv6 address, and ipv6 user (resolved host) */ + b = hostcloak; + else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ + b = ((!strchr(dest->host,':')) ? cu->Cloak4(dest->host) : cu->Cloak6(dest->host)); +#else + in_addr testaddr; + if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv4 address (not resolved) ipv4 user */ + b = cu->Cloak4(dest->host); +#endif } else - { - // user is removing the mode, so just restore their real host - // and make it match the displayed one. - Srv->ChangeHost(dest,dest->host); + { +#ifdef IPV6 + if (dest->GetProtocolFamily() == AF_INET6) + b = cu->Cloak6(dest->GetIPString()); +#endif + if (dest->GetProtocolFamily() == AF_INET) + b = cu->Cloak4(dest->GetIPString()); } - // this mode IS ours, and we have handled it. If we chose not to handle it, - // for example the user cannot cloak as they have a vhost or such, then - // we could return 0 here instead of 1 and the core would not send the mode - // change to the user. - return 1; - } - else - { - // this mode isn't ours, we have to bail and return 0 to not handle it. - return 0; - } - } - virtual void OnUserConnect(userrec* user) - { - // Heres the weird bit. When a user connects we must set +x on them, so - // we're going to use the SendMode method of the Server class to send - // the mode to the client. This is basically the same as sending an - // SAMODE in unreal. Note that to the user it will appear as if they set - // the mode on themselves. - - char* modes[2]; // only two parameters - modes[0] = user->nick; // first parameter is the nick - modes[1] = "+x"; // second parameter is the mode - Srv->SendMode(modes,2,user); // send these, forming the command "MODE +x" + dest->Extend("cloaked_host", new std::string(b)); + } } }; -// stuff down here is the module-factory stuff. For basic modules you can ignore this. - -class ModuleCloakingFactory : public ModuleFactory -{ - public: - ModuleCloakingFactory() - { - } - - ~ModuleCloakingFactory() - { - } - - virtual Module * CreateModule(Server* Me) - { - return new ModuleCloaking(Me); - } - -}; - - -extern "C" void * init_module( void ) -{ - return new ModuleCloakingFactory; -} - +MODULE_INIT(ModuleCloaking)