X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_cloaking.cpp;h=8422abd43792d519fc70623427c6181b6268a3c2;hb=f51d9ad5ab7015f78a29039ca7ed169b281ff6bb;hp=b5f8373fc75400cb6372f5666a771f3ff9339cb9;hpb=76d7e8a0684b38a82e6c05ebd7538b69660e1bef;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index b5f8373fc..8422abd43 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -2,7 +2,7 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * InspIRCd: (C) 2002-2008 InspIRCd Development Team * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see @@ -12,29 +12,24 @@ */ #include "inspircd.h" -#include "users.h" -#include "channels.h" -#include "modules.h" #include "m_hash.h" /* $ModDesc: Provides masking of user hostnames */ /* $ModDep: m_hash.h */ -/* Used to vary the output a little more depending on the cloak keys */ -static const char* xtab[] = {"F92E45D871BCA630", "A1B9D80C72E653F4", "1ABC078934DEF562", "ABCDEF5678901234"}; - /** Handles user mode +x */ class CloakUser : public ModeHandler { - std::string prefix; unsigned int key1; unsigned int key2; unsigned int key3; unsigned int key4; + bool ipalways; Module* Sender; Module* HashProvider; + const char *xtab[4]; /** This function takes a domain name string and returns just the last two domain parts, * or the last domain part if only two are available. Failing that it just returns what it was given. @@ -72,7 +67,7 @@ class CloakUser : public ModeHandler { } - ModeAction OnModeChange(userrec* source, userrec* dest, chanrec* channel, std::string ¶meter, bool adding) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) { if (source != dest) return MODEACTION_DENY; @@ -83,6 +78,9 @@ class CloakUser : public ModeHandler if (!IS_LOCAL(dest)) return MODEACTION_ALLOW; + /* don't allow this user to spam modechanges */ + dest->IncreasePenalty(5); + if (adding) { if(!dest->IsModeSet('x')) @@ -101,50 +99,65 @@ class CloakUser : public ModeHandler if (n1 || n2) { + unsigned int iv[] = { key1, key2, key3, key4 }; + std::string a = LastTwoDomainParts(dest->host); + std::string b; + /* InspIRCd users have two hostnames; A displayed * hostname which can be modified by modules (e.g. * to create vhosts, implement chghost, etc) and a * 'real' hostname which you shouldnt write to. */ - unsigned int iv[] = { key1, key2, key3, key4 }; - std::string a = LastTwoDomainParts(dest->host); - std::string b; - - /** Reset the Hash module, and send it our IV and hex table */ - HashResetRequest(Sender, HashProvider).Send(); - HashKeyRequest(Sender, HashProvider, iv).Send(); - HashHexRequest(Sender, HashProvider, xtab[(*dest->host) % 4]); - - /* Generate a cloak using specialized Hash */ - std::string hostcloak = prefix + "-" + std::string(HashSumRequest(Sender, HashProvider, dest->host).Send()).substr(0,8) + a; - - /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes - * according to the DNS RFC) then tough titty, they get cloaked as an IP. - * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie - * vhost. + /* 2008/08/18: add which always cloaks + * the IP, for anonymity. --nenolod */ + if (!ipalways) + { + /** Reset the Hash module, and send it our IV and hex table */ + HashResetRequest(Sender, HashProvider).Send(); + HashKeyRequest(Sender, HashProvider, iv).Send(); + HashHexRequest(Sender, HashProvider, xtab[(*dest->host) % 4]); + + /* Generate a cloak using specialized Hash */ + std::string hostcloak = prefix + "-" + std::string(HashSumRequest(Sender, HashProvider, dest->host).Send()).substr(0,8) + a; + + /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes + * according to the DNS RFC) then tough titty, they get cloaked as an IP. + * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie + * vhost. + */ #ifdef IPV6 - in6_addr testaddr; - in_addr testaddr2; - if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv6 address, and ipv6 user (resolved host) */ - b = hostcloak; - else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; - else - /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ - b = ((!strchr(dest->host,':')) ? Cloak4(dest->host) : Cloak6(dest->host)); + in6_addr testaddr; + in_addr testaddr2; + if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv6 address, and ipv6 user (resolved host) */ + b = hostcloak; + else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ + b = ((!strchr(dest->host,':')) ? Cloak4(dest->host) : Cloak6(dest->host)); #else - in_addr testaddr; - if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; + in_addr testaddr; + if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv4 address (not resolved) ipv4 user */ + b = Cloak4(dest->host); +#endif + } else - /* Valid ipv4 address (not resolved) ipv4 user */ - b = Cloak4(dest->host); + { +#ifdef IPV6 + if (dest->GetProtocolFamily() == AF_INET6) + b = Cloak6(dest->GetIPString()); #endif + if (dest->GetProtocolFamily() == AF_INET) + b = Cloak4(dest->GetIPString()); + } dest->ChangeDisplayedHost(b.c_str()); } @@ -179,7 +192,7 @@ class CloakUser : public ModeHandler for (int j = 0; j < 4; j++) { - octet[j] = seps.GetToken(); + seps.GetToken(octet[j]); i[j] = atoi(octet[j].c_str()); } @@ -210,7 +223,7 @@ class CloakUser : public ModeHandler /* If we get here, yes it really is an ipv6 ip */ unsigned int iv[] = { key1, key2, key3, key4 }; std::vector hashies; - std::string item = ""; + std::string item; int rounds = 0; /* Reset the Hash module and send it our IV */ @@ -225,7 +238,7 @@ class CloakUser : public ModeHandler /* Send the Hash module a different hex table for each octet group's Hash sum */ HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send(); hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8)); - item = ""; + item.clear(); } rounds++; } @@ -234,7 +247,7 @@ class CloakUser : public ModeHandler /* Send the Hash module a different hex table for each octet group's Hash sum */ HashHexRequest(Sender, HashProvider, xtab[(key1+rounds) % 4]).Send(); hashies.push_back(std::string(HashSumRequest(Sender, HashProvider, item).Send()).substr(0,8)); - item = ""; + item.clear(); } /* Stick them all together */ return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined(); @@ -243,18 +256,54 @@ class CloakUser : public ModeHandler void DoRehash() { ConfigReader Conf(ServerInstance); + bool lowercase; + + /* These are *not* using the need_positive parameter of ReadInteger - + * that will limit the valid values to only the positive values in a + * signed int. Instead, accept any value that fits into an int and + * cast it to an unsigned int. That will, a bit oddly, give us the full + * spectrum of an unsigned integer. - Special */ key1 = key2 = key3 = key4 = 0; - key1 = Conf.ReadInteger("cloak","key1",0,true); - key2 = Conf.ReadInteger("cloak","key2",0,true); - key3 = Conf.ReadInteger("cloak","key3",0,true); - key4 = Conf.ReadInteger("cloak","key4",0,true); + key1 = (unsigned int) Conf.ReadInteger("cloak","key1",0,false); + key2 = (unsigned int) Conf.ReadInteger("cloak","key2",0,false); + key3 = (unsigned int) Conf.ReadInteger("cloak","key3",0,false); + key4 = (unsigned int) Conf.ReadInteger("cloak","key4",0,false); prefix = Conf.ReadValue("cloak","prefix",0); + ipalways = Conf.ReadFlag("cloak", "ipalways", 0); + lowercase = Conf.ReadFlag("cloak", "lowercase", 0); + + if (!lowercase) + { + xtab[0] = "F92E45D871BCA630"; + xtab[1] = "A1B9D80C72E653F4"; + xtab[2] = "1ABC078934DEF562"; + xtab[3] = "ABCDEF5678901234"; + } + else + { + xtab[0] = "f92e45d871bca630"; + xtab[1] = "a1b9d80c72e653f4"; + xtab[2] = "1abc078934def562"; + xtab[3] = "abcdef5678901234"; + } if (prefix.empty()) prefix = ServerInstance->Config->Network; - if (!key1 && !key2 && !key3 && !key4) - throw ModuleException("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED!"); + if (!key1 || !key2 || !key3 || !key4) + { + std::string detail; + if (!key1) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key2) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key3) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + else if (!key4) + detail = " is not valid, it may be set to a too high/low value, or it may not exist."; + + throw ModuleException("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED! - " + detail); + } } }; @@ -270,28 +319,41 @@ class ModuleCloaking : public Module ModuleCloaking(InspIRCd* Me) : Module(Me) { - ServerInstance->UseInterface("HashRequest"); - /* Attempt to locate the md5 service provider, bail if we can't find it */ - HashModule = ServerInstance->FindModule("m_md5.so"); + HashModule = ServerInstance->Modules->Find("m_md5.so"); if (!HashModule) throw ModuleException("Can't find m_md5.so. Please load m_md5.so before m_cloaking.so."); - /* Create new mode handler object */ cu = new CloakUser(ServerInstance, this, HashModule); - /* Register it with the core */ - if (!ServerInstance->AddMode(cu, 'x')) + try + { + OnRehash(NULL,""); + } + catch (CoreException &e) + { + delete cu; + throw e; + } + + /* Register it with the core */ + if (!ServerInstance->Modes->AddMode(cu)) + { + delete cu; throw ModuleException("Could not add new modes!"); + } + + ServerInstance->Modules->UseInterface("HashRequest"); - OnRehash(NULL,""); + Implementation eventlist[] = { I_OnRehash }; + ServerInstance->Modules->Attach(eventlist, this, 1); } virtual ~ModuleCloaking() { ServerInstance->Modes->DelMode(cu); - DELETE(cu); - ServerInstance->DoneWithInterface("HashRequest"); + delete cu; + ServerInstance->Modules->DoneWithInterface("HashRequest"); } virtual Version GetVersion() @@ -301,39 +363,11 @@ class ModuleCloaking : public Module return Version(1,1,0,2,VF_COMMON|VF_VENDOR,API_VERSION); } - virtual void OnRehash(userrec* user, const std::string ¶meter) + virtual void OnRehash(User* user, const std::string ¶meter) { cu->DoRehash(); } - void Implements(char* List) - { - List[I_OnRehash] = 1; - } }; -// stuff down here is the module-factory stuff. For basic modules you can ignore this. - -class ModuleCloakingFactory : public ModuleFactory -{ - public: - ModuleCloakingFactory() - { - } - - ~ModuleCloakingFactory() - { - } - - virtual Module * CreateModule(InspIRCd* Me) - { - return new ModuleCloaking(Me); - } - -}; - - -extern "C" DllExport void * init_module( void ) -{ - return new ModuleCloakingFactory; -} +MODULE_INIT(ModuleCloaking)