diff --git a/extensions/Makefile.am b/extensions/Makefile.am index 4a1c53750..dec11f301 100644 --- a/extensions/Makefile.am +++ b/extensions/Makefile.am @@ -57,9 +57,6 @@ force_user_invis_la_SOURCES = force_user_invis.cc helpops_la_SOURCES = helpops.cc hurt_la_SOURCES = hurt.cc ip_cloaking_la_SOURCES = ip_cloaking.cc -ip_cloaking_old_la_SOURCES = ip_cloaking_old.cc -ip_cloaking_3_0_la_SOURCES = ip_cloaking_3.0.cc -ip_cloaking_4_0_la_SOURCES = ip_cloaking_4.0.cc override_la_SOURCES = override.cc restrict_unauthenticated_la_SOURCES = restrict-unauthenticated.cc sno_channelcreate_la_SOURCES = sno_channelcreate.cc @@ -127,9 +124,6 @@ extension_LTLIBRARIES = \ helpops.la \ hurt.la \ ip_cloaking.la \ - ip_cloaking_old.la \ - ip_cloaking_3.0.la \ - ip_cloaking_4.0.la \ override.la \ restrict-unauthenticated.la \ sno_channelcreate.la \ diff --git a/extensions/ip_cloaking.cc b/extensions/ip_cloaking.cc index 8a852ed52..75aea823c 100644 --- a/extensions/ip_cloaking.cc +++ b/extensions/ip_cloaking.cc @@ -7,13 +7,13 @@ using namespace ircd; -static const char ip_cloaking_desc[] = "IP cloaking module that uses user mode +h"; +static const char ip_cloaking_desc[] = "New IP cloaking module that uses user mode +x instead of +h"; static int _modinit(void) { /* add the usermode to the available slot */ - user_modes['h'] = find_umode_slot(); + user_modes['x'] = find_umode_slot(); construct_umodebuf(); return 0; @@ -23,7 +23,7 @@ static void _moddeinit(void) { /* disable the umode and remove it from the available list */ - user_modes['h'] = 0; + user_modes['x'] = 0; construct_umodebuf(); } @@ -162,14 +162,14 @@ check_umode_change(void *vdata) return; /* didn't change +h umode, we don't need to do anything */ - if (!((data->oldumodes ^ source_p->mode) & user_modes['h'])) + if (!((data->oldumodes ^ source_p->mode) & user_modes['x'])) return; - if (source_p->mode & user_modes['h']) + if (source_p->mode & user_modes['x']) { if (is_ip_spoof(*source_p) || source_p->localClient->mangledhost == NULL || (is_dyn_spoof(*source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) { - source_p->mode &= umode(~user_modes['h']); + source_p->mode &= umode(~user_modes['x']); return; } if (strcmp(source_p->host, source_p->localClient->mangledhost)) @@ -180,7 +180,7 @@ check_umode_change(void *vdata) sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", source_p->host); } - else if (!(source_p->mode & user_modes['h'])) + else if (!(source_p->mode & user_modes['x'])) { if (source_p->localClient->mangledhost != NULL && !strcmp(source_p->host, source_p->localClient->mangledhost)) @@ -197,7 +197,7 @@ check_new_user(void *vdata) if (is_ip_spoof(*source_p)) { - source_p->mode &= umode(~user_modes['h']); + source_p->mode &= umode(~user_modes['x']); return; } source_p->localClient->mangledhost = (char *)rb_malloc(HOSTLEN + 1); @@ -206,11 +206,12 @@ check_new_user(void *vdata) else do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (is_dyn_spoof(*source_p)) - source_p->mode &= umode(~user_modes['h']); - if (source_p->mode & user_modes['h']) + source_p->mode &= umode(~user_modes['x']); + if (source_p->mode & user_modes['x']) { rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); if (irccmp(source_p->host, source_p->orighost)) set_dyn_spoof(*source_p); } } + diff --git a/extensions/ip_cloaking_3.0.cc b/extensions/ip_cloaking_3.0.cc deleted file mode 100644 index efccba7fd..000000000 --- a/extensions/ip_cloaking_3.0.cc +++ /dev/null @@ -1,222 +0,0 @@ -using namespace ircd; - -static const char ip_cloaking_desc[] = "The old IP cloaking mechanism version 3.0"; - -/* if you're modifying this module, you'll probably want to change this */ -#define KEY 0x13748cfa - -static int -_modinit(void) -{ - /* add the usermode to the available slot */ - user_modes['h'] = find_umode_slot(); - construct_umodebuf(); - - return 0; -} - -static void -_moddeinit(void) -{ - /* disable the umode and remove it from the available list */ - user_modes['h'] = 0; - construct_umodebuf(); -} - -static void check_umode_change(void *data); -static void check_new_user(void *data); -mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { - { "umode_changed", (hookfn) check_umode_change }, - { "new_local_user", (hookfn) check_new_user }, - { NULL, NULL } -}; - -DECLARE_MODULE_AV2(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, NULL, NULL, ip_cloaking_desc); - -static void -distribute_hostchange(client::client *client_p, char *newhost) -{ - if (newhost != client_p->orighost) - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - newhost); - else - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset", - newhost); - - sendto_server(NULL, NULL, - CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - sendto_server(NULL, NULL, - CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - - change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host"); - - if (newhost != client_p->orighost) - set_dyn_spoof(*client_p); - else - clear_dyn_spoof(*client_p); -} - -#define Nval 0x8c3a48ac -#define HOSTLEN 63 -#define INITDATA "98fwqefnoiqefv03f423t34gbv3vb89tg432t3b8" /* change this */ - -static inline unsigned int -get_string_entropy(const char *inbuf) -{ - unsigned int accum = 1; - - while(*inbuf != '\0') - accum += *inbuf++; - - return accum; -} - -/* calls get_string_entropy() and toasts it against INITDATA */ -static inline unsigned int -get_string_weighted_entropy(const char *inbuf) -{ - static int base_entropy = 0; - unsigned int accum = get_string_entropy(inbuf); - - /* initialize the algorithm if it is not yet ready */ - if (base_entropy == 0) - base_entropy = get_string_entropy(INITDATA); - - return (Nval * accum) ^ base_entropy; -} - -static void -do_host_cloak_ip(const char *inbuf, char *outbuf) -{ - char *tptr; - unsigned int accum = get_string_weighted_entropy(inbuf); - char buf[HOSTLEN]; - int ipv6 = 0; - - strncpy(buf, inbuf, HOSTLEN); - tptr = strrchr(buf, '.'); - - if (tptr == NULL) - { - tptr = strrchr(buf, ':'); - ipv6 = 1; - } - - if (tptr == NULL) - { - strncpy(outbuf, inbuf, HOSTLEN); - return; - } - - *tptr++ = '\0'; - - if(ipv6) - { - snprintf(outbuf, HOSTLEN, "%s:%x", buf, accum); - } - else - { - snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); - } -} - -static void -do_host_cloak_host(const char *inbuf, char *outbuf) -{ - char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; - char *tptr; - unsigned int accum = get_string_weighted_entropy(inbuf); - - strncpy(outbuf, inbuf, HOSTLEN); - - /* pass 1: scramble first section of hostname using base26 - * alphabet toasted against the weighted entropy of the string. - * - * numbers are not changed at this time, only letters. - */ - for (tptr = outbuf; *tptr != '\0'; tptr++) - { - if (*tptr == '.') - break; - - if (isdigit((unsigned char)*tptr) || *tptr == '-') - continue; - - *tptr = b26_alphabet[(*tptr * accum) % 26]; - } - - /* pass 2: scramble each number in the address */ - for (tptr = outbuf; *tptr != '\0'; tptr++) - { - if (isdigit((unsigned char)*tptr)) - { - *tptr = 48 + ((*tptr * accum) % 10); - } - } -} - -static void -check_umode_change(void *vdata) -{ - hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; - client::client *source_p = data->client; - - if (!my(*source_p)) - return; - - /* didn't change +h umode, we don't need to do anything */ - if (!((data->oldumodes ^ source_p->mode) & user_modes['h'])) - return; - - if (source_p->mode & user_modes['h']) - { - if (is_ip_spoof(*source_p) || source_p->localClient->mangledhost == NULL || (is_dyn_spoof(*source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) - { - source_p->mode &= umode(~user_modes['h']); - return; - } - if (strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->localClient->mangledhost); - } - else /* not really nice, but we need to send this numeric here */ - sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - source_p->host); - } - else if (!(source_p->mode & user_modes['h'])) - { - if (source_p->localClient->mangledhost != NULL && - !strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->orighost); - } - } -} - -static void -check_new_user(void *vdata) -{ - client::client *source_p = (client::client *)vdata; - - if (is_ip_spoof(*source_p)) - { - source_p->mode &= umode(~user_modes['h']); - return; - } - source_p->localClient->mangledhost = (char *)rb_malloc(HOSTLEN); - if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); - else - do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); - if (is_dyn_spoof(*source_p)) - source_p->mode &= umode(~user_modes['h']); - if (source_p->mode & user_modes['h']) - { - rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); - if (irccmp(source_p->host, source_p->orighost)) - set_dyn_spoof(*source_p); - } -} diff --git a/extensions/ip_cloaking_4.0.cc b/extensions/ip_cloaking_4.0.cc deleted file mode 100644 index 75aea823c..000000000 --- a/extensions/ip_cloaking_4.0.cc +++ /dev/null @@ -1,217 +0,0 @@ -/* - * Charybdis: an advanced ircd - * ip_cloaking.c: provide user hostname cloaking - * - * Written originally by nenolod, altered to use FNV by Elizabeth in 2008 - */ - -using namespace ircd; - -static const char ip_cloaking_desc[] = "New IP cloaking module that uses user mode +x instead of +h"; - -static int -_modinit(void) -{ - /* add the usermode to the available slot */ - user_modes['x'] = find_umode_slot(); - construct_umodebuf(); - - return 0; -} - -static void -_moddeinit(void) -{ - /* disable the umode and remove it from the available list */ - user_modes['x'] = 0; - construct_umodebuf(); -} - -static void check_umode_change(void *data); -static void check_new_user(void *data); -mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { - { "umode_changed", (hookfn) check_umode_change }, - { "new_local_user", (hookfn) check_new_user }, - { NULL, NULL } -}; - -DECLARE_MODULE_AV2(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, NULL, NULL, ip_cloaking_desc); - -static void -distribute_hostchange(client::client *client_p, char *newhost) -{ - if (newhost != client_p->orighost) - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - newhost); - else - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset", - newhost); - - sendto_server(NULL, NULL, - CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - sendto_server(NULL, NULL, - CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - - change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host"); - - if (newhost != client_p->orighost) - set_dyn_spoof(*client_p); - else - clear_dyn_spoof(*client_p); -} - -static void -do_host_cloak_ip(const char *inbuf, char *outbuf) -{ - /* None of the characters in this table can be valid in an IP */ - char chartable[] = "ghijklmnopqrstuvwxyz"; - char *tptr; - uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); - int sepcount = 0; - int totalcount = 0; - int ipv6 = 0; - - rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); - - if (strchr(outbuf, ':')) - { - ipv6 = 1; - - /* Damn you IPv6... - * We count the number of colons so we can calculate how much - * of the host to cloak. This is because some hostmasks may not - * have as many octets as we'd like. - * - * We have to do this ahead of time because doing this during - * the actual cloaking would get ugly - */ - for (tptr = outbuf; *tptr != '\0'; tptr++) - if (*tptr == ':') - totalcount++; - } - else if (!strchr(outbuf, '.')) - return; - - for (tptr = outbuf; *tptr != '\0'; tptr++) - { - if (*tptr == ':' || *tptr == '.') - { - sepcount++; - continue; - } - - if (ipv6 && sepcount < totalcount / 2) - continue; - - if (!ipv6 && sepcount < 2) - continue; - - *tptr = chartable[(*tptr + accum) % 20]; - accum = (accum << 1) | (accum >> 31); - } -} - -static void -do_host_cloak_host(const char *inbuf, char *outbuf) -{ - char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; - char *tptr; - uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); - - rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); - - /* pass 1: scramble first section of hostname using base26 - * alphabet toasted against the FNV hash of the string. - * - * numbers are not changed at this time, only letters. - */ - for (tptr = outbuf; *tptr != '\0'; tptr++) - { - if (*tptr == '.') - break; - - if (isdigit((unsigned char)*tptr) || *tptr == '-') - continue; - - *tptr = b26_alphabet[(*tptr + accum) % 26]; - - /* Rotate one bit to avoid all digits being turned odd or even */ - accum = (accum << 1) | (accum >> 31); - } - - /* pass 2: scramble each number in the address */ - for (tptr = outbuf; *tptr != '\0'; tptr++) - { - if (isdigit((unsigned char)*tptr)) - *tptr = '0' + (*tptr + accum) % 10; - - accum = (accum << 1) | (accum >> 31); - } -} - -static void -check_umode_change(void *vdata) -{ - hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; - client::client *source_p = data->client; - - if (!my(*source_p)) - return; - - /* didn't change +h umode, we don't need to do anything */ - if (!((data->oldumodes ^ source_p->mode) & user_modes['x'])) - return; - - if (source_p->mode & user_modes['x']) - { - if (is_ip_spoof(*source_p) || source_p->localClient->mangledhost == NULL || (is_dyn_spoof(*source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) - { - source_p->mode &= umode(~user_modes['x']); - return; - } - if (strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->localClient->mangledhost); - } - else /* not really nice, but we need to send this numeric here */ - sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - source_p->host); - } - else if (!(source_p->mode & user_modes['x'])) - { - if (source_p->localClient->mangledhost != NULL && - !strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->orighost); - } - } -} - -static void -check_new_user(void *vdata) -{ - client::client *source_p = (client::client *)vdata; - - if (is_ip_spoof(*source_p)) - { - source_p->mode &= umode(~user_modes['x']); - return; - } - source_p->localClient->mangledhost = (char *)rb_malloc(HOSTLEN + 1); - if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); - else - do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); - if (is_dyn_spoof(*source_p)) - source_p->mode &= umode(~user_modes['x']); - if (source_p->mode & user_modes['x']) - { - rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); - if (irccmp(source_p->host, source_p->orighost)) - set_dyn_spoof(*source_p); - } -} - diff --git a/extensions/ip_cloaking_old.cc b/extensions/ip_cloaking_old.cc deleted file mode 100644 index 7cb3f944c..000000000 --- a/extensions/ip_cloaking_old.cc +++ /dev/null @@ -1,164 +0,0 @@ -using namespace ircd; - -static const char ip_cloaking_desc[] = "Very old IP cloaking mechanism"; - -/* if you're modifying this module, you'll probably want to change this */ -#define KEY 0x13748cfa - -static int -_modinit(void) -{ - /* add the usermode to the available slot */ - user_modes['h'] = find_umode_slot(); - construct_umodebuf(); - - return 0; -} - -static void -_moddeinit(void) -{ - /* disable the umode and remove it from the available list */ - user_modes['h'] = 0; - construct_umodebuf(); -} - -static void check_umode_change(void *data); -static void check_new_user(void *data); -mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { - { "umode_changed", (hookfn) check_umode_change }, - { "new_local_user", (hookfn) check_new_user }, - { NULL, NULL } -}; - -DECLARE_MODULE_AV2(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, NULL, NULL, ip_cloaking_desc); - -static void -distribute_hostchange(client::client *client_p, char *newhost) -{ - if (newhost != client_p->orighost) - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - newhost); - else - sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset", - newhost); - - sendto_server(NULL, NULL, - CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - sendto_server(NULL, NULL, - CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", - use_id(&me), use_id(client_p), newhost); - - change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host"); - - if (newhost != client_p->orighost) - set_dyn_spoof(*client_p); - else - clear_dyn_spoof(*client_p); -} - -static void -do_host_cloak(const char *inbuf, char *outbuf, int ipmask) -{ - unsigned int cyc; - unsigned int hosthash = 1, hosthash2 = 1; - unsigned int maxcycle = strlen(inbuf); - int len1; - const char *rest, *next; - - for (cyc = 0; cyc < maxcycle - 2; cyc += 2) - hosthash *= (unsigned int) inbuf[cyc]; - - /* safety: decrement ourselves two steps back */ - for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2) - hosthash2 *= (unsigned int) inbuf[cyc]; - - /* lets do some bitshifting -- this pretty much destroys the IP - * sequence, while still providing a checksum. exactly what - * we're shooting for. --nenolod - */ - hosthash += (hosthash2 / KEY); - hosthash2 += (hosthash / KEY); - - if (ipmask == 0) - { - snprintf(outbuf, HOSTLEN, "%s-%X%X", - ServerInfo.network_name, hosthash2, hosthash); - len1 = strlen(outbuf); - rest = strchr(inbuf, '.'); - if (rest == NULL) - rest = "."; - /* try to avoid truncation -- jilles */ - while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL) - rest = next; - rb_strlcat(outbuf, rest, HOSTLEN); - } - else - snprintf(outbuf, HOSTLEN, "%X%X.%s", - hosthash2, hosthash, ServerInfo.network_name); -} - -static void -check_umode_change(void *vdata) -{ - hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; - client::client *source_p = data->client; - - if (!my(*source_p)) - return; - - /* didn't change +h umode, we don't need to do anything */ - if (!((data->oldumodes ^ source_p->mode) & user_modes['h'])) - return; - - if (source_p->mode & user_modes['h']) - { - if (is_ip_spoof(*source_p) || source_p->localClient->mangledhost == NULL || (is_dyn_spoof(*source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) - { - source_p->mode &= umode(~user_modes['h']); - return; - } - if (strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->localClient->mangledhost); - } - else /* not really nice, but we need to send this numeric here */ - sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", - source_p->host); - } - else if (!(source_p->mode & user_modes['h'])) - { - if (source_p->localClient->mangledhost != NULL && - !strcmp(source_p->host, source_p->localClient->mangledhost)) - { - distribute_hostchange(source_p, source_p->orighost); - } - } -} - -static void -check_new_user(void *vdata) -{ - client::client *source_p = (client::client *)vdata; - - if (is_ip_spoof(*source_p)) - { - source_p->mode &= umode(~user_modes['h']); - return; - } - source_p->localClient->mangledhost = (char *)rb_malloc(HOSTLEN); - if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1); - else - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0); - if (is_dyn_spoof(*source_p)) - source_p->mode &= umode(~user_modes['h']); - if (source_p->mode & user_modes['h']) - { - rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); - if (irccmp(source_p->host, source_p->orighost)) - set_dyn_spoof(*source_p); - } -}