X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_cloaking.cpp;h=d45c920ce2b54302dc36444bd07d393c0aeb4995;hb=77954a2e31213ce355e9e319229c767dfbd698a4;hp=8a3a4e482fbbea7d3d2a04193b88f83461940a98;hpb=b8ddf2f3c825581e3af6dbfa5b0815ccf08faa0f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index 8a3a4e482..d45c920ce 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -6,7 +6,7 @@ * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see - * the file COPYING for details. + * the file COPYING for details. * * --------------------------------------------------- */ @@ -21,6 +21,7 @@ */ class CloakUser : public ModeHandler { + public: std::string prefix; unsigned int key1; unsigned int key2; @@ -37,7 +38,7 @@ class CloakUser : public ModeHandler * For example, if it is passed "svn.inspircd.org" it will return ".inspircd.org". * If it is passed "brainbox.winbot.co.uk" it will return ".co.uk", * and if it is passed "localhost.localdomain" it will return ".localdomain". - * + * * This is used to ensure a significant part of the host is always cloaked (see Bug #216) */ std::string LastTwoDomainParts(const std::string &host) @@ -61,9 +62,8 @@ class CloakUser : public ModeHandler else return host.substr(splitdot); } - - public: - CloakUser(InspIRCd* Instance, Module* Source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(Source), HashProvider(Hash) + + CloakUser(InspIRCd* Instance, Module* source, Module* Hash) : ModeHandler(Instance, 'x', 0, 0, false, MODETYPE_USER, false), Sender(source), HashProvider(Hash) { } @@ -77,7 +77,10 @@ class CloakUser : public ModeHandler * This is fine, as we will recieve it later. */ if (!IS_LOCAL(dest)) + { + dest->SetMode('x',adding); return MODEACTION_ALLOW; + } /* don't allow this user to spam modechanges */ dest->IncreasePenalty(5); @@ -95,86 +98,25 @@ class CloakUser : public ModeHandler * are connecting via localhost) -- this doesnt matter much. */ - char* n1 = strchr(dest->host,'.'); - char* n2 = strchr(dest->host,':'); - - if (n1 || n2) - { - unsigned int iv[] = { key1, key2, key3, key4 }; - std::string a = LastTwoDomainParts(dest->host); - std::string b; - - /* InspIRCd users have two hostnames; A displayed - * hostname which can be modified by modules (e.g. - * to create vhosts, implement chghost, etc) and a - * 'real' hostname which you shouldnt write to. - */ - - /* 2008/08/18: add which always cloaks - * the IP, for anonymity. --nenolod - */ - if (!ipalways) - { - /** Reset the Hash module, and send it our IV and hex table */ - HashResetRequest(Sender, HashProvider).Send(); - HashKeyRequest(Sender, HashProvider, iv).Send(); - HashHexRequest(Sender, HashProvider, xtab[(*dest->host) % 4]); - - /* Generate a cloak using specialized Hash */ - std::string hostcloak = prefix + "-" + std::string(HashSumRequest(Sender, HashProvider, dest->host).Send()).substr(0,8) + a; - - /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes - * according to the DNS RFC) then tough titty, they get cloaked as an IP. - * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie - * vhost. - */ -#ifdef IPV6 - in6_addr testaddr; - in_addr testaddr2; - if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv6 address, and ipv6 user (resolved host) */ - b = hostcloak; - else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host,&testaddr2) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; - else - /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ - b = ((!strchr(dest->host,':')) ? Cloak4(dest->host) : Cloak6(dest->host)); -#else - in_addr testaddr; - if ((inet_aton(dest->host,&testaddr) < 1) && (hostcloak.length() <= 64)) - /* Invalid ipv4 address, and ipv4 user (resolved host) */ - b = hostcloak; - else - /* Valid ipv4 address (not resolved) ipv4 user */ - b = Cloak4(dest->host); -#endif - } - else - { -#ifdef IPV6 - if (dest->GetProtocolFamily() == AF_INET6) - b = Cloak6(dest->GetIPString()); -#endif - if (dest->GetProtocolFamily() == AF_INET) - b = Cloak4(dest->GetIPString()); - } + std::string* cloak; - dest->ChangeDisplayedHost(b.c_str()); + if (dest->GetExt("cloaked_host", cloak)) + { + /* Cloaked host has been set before on this user, don't bother to recalculate and waste cpu */ + dest->ChangeDisplayedHost(cloak->c_str()); + dest->SetMode('x',true); + return MODEACTION_ALLOW; } - - dest->SetMode('x',true); - return MODEACTION_ALLOW; } } else - { + { if (dest->IsModeSet('x')) { - /* User is removing the mode, so just restore their real host - * and make it match the displayed one. + /* User is removing the mode, so just restore their real host + * and make it match the displayed one. */ - dest->ChangeDisplayedHost(dest->host); + dest->ChangeDisplayedHost(dest->host.c_str()); dest->SetMode('x',false); return MODEACTION_ALLOW; } @@ -253,13 +195,13 @@ class CloakUser : public ModeHandler /* Stick them all together */ return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined(); } - + void DoRehash() { ConfigReader Conf(ServerInstance); bool lowercase; - - /* These are *not* using the need_positive parameter of ReadInteger - + + /* These are *not* using the need_positive parameter of ReadInteger - * that will limit the valid values to only the positive values in a * signed int. Instead, accept any value that fits into an int and * cast it to an unsigned int. That will, a bit oddly, give us the full @@ -272,7 +214,7 @@ class CloakUser : public ModeHandler prefix = Conf.ReadValue("cloak","prefix",0); ipalways = Conf.ReadFlag("cloak", "ipalways", 0); lowercase = Conf.ReadFlag("cloak", "lowercase", 0); - + if (!lowercase) { xtab[0] = "F92E45D871BCA630"; @@ -312,7 +254,7 @@ class CloakUser : public ModeHandler class ModuleCloaking : public Module { private: - + CloakUser* cu; Module* HashModule; @@ -331,7 +273,7 @@ class ModuleCloaking : public Module { OnRehash(NULL,""); } - catch (CoreException &e) + catch (ModuleException &e) { delete cu; throw e; @@ -346,22 +288,69 @@ class ModuleCloaking : public Module ServerInstance->Modules->UseInterface("HashRequest"); - Implementation eventlist[] = { I_OnRehash }; - ServerInstance->Modules->Attach(eventlist, this, 1); + Implementation eventlist[] = { I_OnRehash, I_OnUserDisconnect, I_OnCleanup, I_OnCheckBan, I_OnUserConnect, I_OnSyncUserMetaData }; + ServerInstance->Modules->Attach(eventlist, this, 6); } - + + void OnSyncUserMetaData(User* user, Module* proto,void* opaque, const std::string &extname, bool displayable) + { + if ((displayable) && (extname == "cloaked_host")) + { + std::string* cloak; + if (user->GetExt("cloaked_host", cloak)) + proto->ProtoSendMetaData(opaque, TYPE_USER, user, extname, *cloak); + } + } + + + virtual int OnCheckBan(User* user, Channel* chan) + { + char mask[MAXBUF]; + std::string* tofree; + /* Check if they have a cloaked host, but are not using it */ + if (user->GetExt("cloaked_host", tofree) && *tofree != user->dhost) + { + snprintf(mask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), tofree->c_str()); + for (BanList::iterator i = chan->bans.begin(); i != chan->bans.end(); i++) + { + if (InspIRCd::Match(mask,i->data)) + return -1; + } + } + return 0; + } + + void Prioritize() + { + /* Needs to be after m_banexception etc. */ + ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIO_LAST); + } + + virtual void OnUserDisconnect(User* user) + { + std::string* tofree; + if (user->GetExt("cloaked_host", tofree)) + delete tofree; + } + + virtual void OnCleanup(int target_type, void* item) + { + if (target_type == TYPE_USER) + OnUserDisconnect((User*)item); + } + virtual ~ModuleCloaking() { ServerInstance->Modes->DelMode(cu); delete cu; ServerInstance->Modules->DoneWithInterface("HashRequest"); } - + virtual Version GetVersion() { // returns the version number of the module to be // listed in /MODULES - return Version(1,2,0,2,VF_COMMON|VF_VENDOR,API_VERSION); + return Version("$Id$", VF_COMMON|VF_VENDOR,API_VERSION); } virtual void OnRehash(User* user, const std::string ¶meter) @@ -369,6 +358,74 @@ class ModuleCloaking : public Module cu->DoRehash(); } + virtual void OnUserConnect(User* dest) + { + if (dest->host.find('.') != std::string::npos || dest->host.find(':') != std::string::npos) + { + unsigned int iv[] = { cu->key1, cu->key2, cu->key3, cu->key4 }; + std::string a = cu->LastTwoDomainParts(dest->host); + std::string b; + + /* InspIRCd users have two hostnames; A displayed + * hostname which can be modified by modules (e.g. + * to create vhosts, implement chghost, etc) and a + * 'real' hostname which you shouldnt write to. + */ + + /* 2008/08/18: add which always cloaks + * the IP, for anonymity. --nenolod + */ + if (!cu->ipalways) + { + /** Reset the Hash module, and send it our IV and hex table */ + HashResetRequest(this, cu->HashProvider).Send(); + HashKeyRequest(this, cu->HashProvider, iv).Send(); + HashHexRequest(this, cu->HashProvider, cu->xtab[(dest->host[0]) % 4]); + + /* Generate a cloak using specialized Hash */ + std::string hostcloak = cu->prefix + "-" + std::string(HashSumRequest(this, cu->HashProvider, dest->host.c_str()).Send()).substr(0,8) + a; + + /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes + * according to the DNS RFC) then tough titty, they get cloaked as an IP. + * Their ISP shouldnt go to town on subdomains, or they shouldnt have a kiddie + * vhost. + */ +#ifdef IPV6 + in6_addr testaddr; + in_addr testaddr2; + if ((dest->GetProtocolFamily() == AF_INET6) && (inet_pton(AF_INET6,dest->host.c_str(),&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv6 address, and ipv6 user (resolved host) */ + b = hostcloak; + else if ((dest->GetProtocolFamily() == AF_INET) && (inet_aton(dest->host.c_str(),&testaddr2) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv6 or ipv4 address (not resolved) ipv4 or ipv6 user */ + b = ((!strchr(dest->host.c_str(),':')) ? cu->Cloak4(dest->host.c_str()) : cu->Cloak6(dest->host.c_str())); +#else + in_addr testaddr; + if ((inet_aton(dest->host.c_str(),&testaddr) < 1) && (hostcloak.length() <= 64)) + /* Invalid ipv4 address, and ipv4 user (resolved host) */ + b = hostcloak; + else + /* Valid ipv4 address (not resolved) ipv4 user */ + b = cu->Cloak4(dest->host.c_str()); +#endif + } + else + { +#ifdef IPV6 + if (dest->GetProtocolFamily() == AF_INET6) + b = cu->Cloak6(dest->GetIPString()); +#endif + if (dest->GetProtocolFamily() == AF_INET) + b = cu->Cloak4(dest->GetIPString()); + } + + dest->Extend("cloaked_host", new std::string(b)); + } + } + }; MODULE_INIT(ModuleCloaking)