X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_cloaking.cpp;h=7a500c1b30695b01570cc6960c64f0de0beaa75d;hb=ce168051e23bf7a33410ad17a4b78f5da478dbbe;hp=d9f5be30212b861c8200416937b933a9a1839323;hpb=e4acbc95b8b6cd5b28d38a2242c02e8ff4991e4a;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index d9f5be302..7a500c1b3 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -6,12 +6,13 @@ * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see - * the file COPYING for details. + * the file COPYING for details. * * --------------------------------------------------- */ #include "inspircd.h" +#include "wildcard.h" #include "m_hash.h" /* $ModDesc: Provides masking of user hostnames */ @@ -21,6 +22,7 @@ */ class CloakUser : public ModeHandler { + public: std::string prefix; unsigned int key1; unsigned int key2; @@ -61,22 +63,25 @@ class CloakUser : public ModeHandler else return host.substr(splitdot); } - - public: - CloakUser(InspIRCd* Instance, Module* Source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(Source), HashProvider(Hash) + + CloakUser(InspIRCd* Instance, Module* source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(source), HashProvider(Hash) { } - ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding, bool) { if (source != dest) return MODEACTION_DENY; /* For remote clients, we dont take any action, we just allow it. * The local server where they are will set their cloak instead. + * This is fine, as we will recieve it later. */ if (!IS_LOCAL(dest)) + { + dest->SetMode('x',adding); return MODEACTION_ALLOW; + } /* don't allow this user to spam modechanges */ dest->IncreasePenalty(5); @@ -94,76 +99,15 @@ class CloakUser : public ModeHandler * are connecting via localhost) -- this doesnt matter much. */ - char* n1 = strchr(dest->host,'.'); - char* n2 = strchr(dest->host,':'); - - if (n1 || n2) - { - unsigned int iv[] = { key1, key2, key3, key4 }; - std::string a = LastTwoDomainParts(dest->host); - std::string b; - - /* InspIRCd users have two hostnames; A displayed - * hostname which can be modified by modules (e.g. - * to create vhosts, implement chghost, etc) and a - * 'real' hostname which you shouldnt write to. - */ - - /* 2008/08/18: add which always cloaks - * the IP, for anonymity. --nenolod - */ - if (!ipalways) - { - /** Reset the Hash module, and send it our IV and hex table */ - HashResetRequest(Sender, HashProvider).Send(); - HashKeyRequest(Sender, HashProvider, iv).Send(); - HashHexRequest(Sender, HashProvider, xtab[(*dest->host) % 4]); - - /* Generate a cloak using specialized Hash */ - std::string hostcloak = prefix + "-" + std::string(HashSumRequest(Sender, HashProvider, dest->host).Send()).substr(0,8) + a; - - /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes - * according to the DNS RFC) then tough titty, they get cloaked as an IP. - * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie - * vhost. - */ -#ifdef IPV6 - in6_addr testaddr; - in_addr testaddr2; - if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv6 address, and ipv6 user (resolved host) */ - b = hostcloak; - else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; - else - /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ - b = ((!strchr(dest->host,':')) ? Cloak4(dest->host) : Cloak6(dest->host)); -#else - in_addr testaddr; - if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; - else - /* Valid ipv4 address (not resolved) ipv4 user */ - b = Cloak4(dest->host); -#endif - } - else - { -#ifdef IPV6 - if (dest->GetProtocolFamily() == AF_INET6) - b = Cloak6(dest->GetIPString()); -#endif - if (dest->GetProtocolFamily() == AF_INET) - b = Cloak4(dest->GetIPString()); - } + std::string* cloak; - dest->ChangeDisplayedHost(b.c_str()); + if (dest->GetExt("cloaked_host", cloak)) + { + /* Cloaked host has been set before on this user, don't bother to recalculate and waste cpu */ + dest->ChangeDisplayedHost(cloak->c_str()); + dest->SetMode('x',true); + return MODEACTION_ALLOW; } - - dest->SetMode('x',true); - return MODEACTION_ALLOW; } } else @@ -330,14 +274,14 @@ class ModuleCloaking : public Module { OnRehash(NULL,""); } - catch (CoreException &e) + catch (ModuleException &e) { delete cu; throw e; } /* Register it with the core */ - if (!ServerInstance->AddMode(cu)) + if (!ServerInstance->Modes->AddMode(cu)) { delete cu; throw ModuleException("Could not add new modes!"); @@ -345,8 +289,55 @@ class ModuleCloaking : public Module ServerInstance->Modules->UseInterface("HashRequest"); - Implementation eventlist[] = { I_OnRehash }; - ServerInstance->Modules->Attach(eventlist, this, 1); + Implementation eventlist[] = { I_OnRehash, I_OnUserDisconnect, I_OnCleanup, I_OnCheckBan, I_OnUserConnect, I_OnSyncUserMetaData }; + ServerInstance->Modules->Attach(eventlist, this, 6); + } + + void OnSyncUserMetaData(User* user, Module* proto,void* opaque, const std::string &extname, bool displayable) + { + if ((displayable) && (extname == "cloaked_host")) + { + std::string* cloak; + if (user->GetExt("cloaked_host", cloak)) + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, *cloak); + } + } + + + virtual int OnCheckBan(User* user, Channel* chan) + { + char mask[MAXBUF]; + std::string* tofree; + /* Check if they have a cloaked host, but are not using it */ + if (user->GetExt("cloaked_host", tofree) && *tofree != user->dhost) + { + snprintf(mask, MAXBUF, "%s!%s@%s", user->nick, user->ident, tofree->c_str()); + for (BanList::iterator i = chan->bans.begin(); i != chan->bans.end(); i++) + { + if (match(mask,i->data)) + return -1; + } + } + return 0; + } + + void Prioritize() + { + /* Needs to be after m_banexception etc. */ + ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIO_LAST); + } + + virtual void OnUserDisconnect(User* user) + { + std::string* tofree; + if (user->GetExt("cloaked_host", tofree)) + delete tofree; + } + + virtual void OnCleanup(int target_type, void* item) + { + if (target_type == TYPE_USER) + OnUserDisconnect((User*)item); } virtual ~ModuleCloaking() @@ -360,7 +351,7 @@ class ModuleCloaking : public Module { // returns the version number of the module to be // listed in /MODULES - return Version(1,1,0,2,VF_COMMON|VF_VENDOR,API_VERSION); + return Version(1,2,0,2,VF_COMMON|VF_VENDOR,API_VERSION); } virtual void OnRehash(User* user, const std::string ¶meter) @@ -368,6 +359,77 @@ class ModuleCloaking : public Module cu->DoRehash(); } + virtual void OnUserConnect(User* dest) + { + char* n1 = strchr(dest->host,'.'); + char* n2 = strchr(dest->host,':'); + + if (n1 || n2) + { + unsigned int iv[] = { cu->key1, cu->key2, cu->key3, cu->key4 }; + std::string a = cu->LastTwoDomainParts(dest->host); + std::string b; + + /* InspIRCd users have two hostnames; A displayed + * hostname which can be modified by modules (e.g. + * to create vhosts, implement chghost, etc) and a + * 'real' hostname which you shouldnt write to. + */ + + /* 2008/08/18: add which always cloaks + * the IP, for anonymity. --nenolod + */ + if (!cu->ipalways) + { + /** Reset the Hash module, and send it our IV and hex table */ + HashResetRequest(this, cu->HashProvider).Send(); + HashKeyRequest(this, cu->HashProvider, iv).Send(); + HashHexRequest(this, cu->HashProvider, cu->xtab[(*dest->host) % 4]); + + /* Generate a cloak using specialized Hash */ + std::string hostcloak = cu->prefix + "-" + std::string(HashSumRequest(this, cu->HashProvider, dest->host).Send()).substr(0,8) + a; + + /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes + * according to the DNS RFC) then tough titty, they get cloaked as an IP. + * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie + * vhost. + */ +#ifdef IPV6 + in6_addr testaddr; + in_addr testaddr2; + if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv6 address, and ipv6 user (resolved host) */ + b = hostcloak; + else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ + b = ((!strchr(dest->host,':')) ? cu->Cloak4(dest->host) : cu->Cloak6(dest->host)); +#else + in_addr testaddr; + if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv4 address (not resolved) ipv4 user */ + b = cu->Cloak4(dest->host); +#endif + } + else + { +#ifdef IPV6 + if (dest->GetProtocolFamily() == AF_INET6) + b = cu->Cloak6(dest->GetIPString()); +#endif + if (dest->GetProtocolFamily() == AF_INET) + b = cu->Cloak4(dest->GetIPString()); + } + + dest->Extend("cloaked_host", new std::string(b)); + } + } + }; MODULE_INIT(ModuleCloaking)