/* * Charybdis: an advanced ircd * ip_cloaking.c: provide user hostname cloaking * * Written originally by nenolod, altered to use FNV by Elizabeth in 2008 */ using namespace ircd; static const char ip_cloaking_desc[] = "New IP cloaking module that uses user mode +x instead of +h"; static int _modinit(void) { /* add the usermode to the available slot */ user_modes['x'] = find_umode_slot(); construct_umodebuf(); return 0; } static void _moddeinit(void) { /* disable the umode and remove it from the available list */ user_modes['x'] = 0; construct_umodebuf(); } static void check_umode_change(void *data); static void check_new_user(void *data); mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { { "umode_changed", (hookfn) check_umode_change }, { "new_local_user", (hookfn) check_new_user }, { NULL, NULL } }; DECLARE_MODULE_AV2(ip_cloaking, _modinit, _moddeinit, NULL, NULL, ip_cloaking_hfnlist, NULL, NULL, ip_cloaking_desc); static void distribute_hostchange(client::client *client_p, char *newhost) { if (newhost != client_p->orighost) sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", newhost); else sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset", newhost); sendto_server(NULL, NULL, CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", use_id(&me), use_id(client_p), newhost); sendto_server(NULL, NULL, CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", use_id(&me), use_id(client_p), newhost); change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host"); if (newhost != client_p->orighost) set_dyn_spoof(*client_p); else clear_dyn_spoof(*client_p); } static void do_host_cloak_ip(const char *inbuf, char *outbuf) { /* None of the characters in this table can be valid in an IP */ char chartable[] = "ghijklmnopqrstuvwxyz"; char *tptr; uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); int sepcount = 0; int totalcount = 0; int ipv6 = 0; rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); if (strchr(outbuf, ':')) { ipv6 = 1; /* Damn you IPv6... * We count the number of colons so we can calculate how much * of the host to cloak. This is because some hostmasks may not * have as many octets as we'd like. * * We have to do this ahead of time because doing this during * the actual cloaking would get ugly */ for (tptr = outbuf; *tptr != '\0'; tptr++) if (*tptr == ':') totalcount++; } else if (!strchr(outbuf, '.')) return; for (tptr = outbuf; *tptr != '\0'; tptr++) { if (*tptr == ':' || *tptr == '.') { sepcount++; continue; } if (ipv6 && sepcount < totalcount / 2) continue; if (!ipv6 && sepcount < 2) continue; *tptr = chartable[(*tptr + accum) % 20]; accum = (accum << 1) | (accum >> 31); } } static void do_host_cloak_host(const char *inbuf, char *outbuf) { char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; char *tptr; uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); /* pass 1: scramble first section of hostname using base26 * alphabet toasted against the FNV hash of the string. * * numbers are not changed at this time, only letters. */ for (tptr = outbuf; *tptr != '\0'; tptr++) { if (*tptr == '.') break; if (isdigit((unsigned char)*tptr) || *tptr == '-') continue; *tptr = b26_alphabet[(*tptr + accum) % 26]; /* Rotate one bit to avoid all digits being turned odd or even */ accum = (accum << 1) | (accum >> 31); } /* pass 2: scramble each number in the address */ for (tptr = outbuf; *tptr != '\0'; tptr++) { if (isdigit((unsigned char)*tptr)) *tptr = '0' + (*tptr + accum) % 10; accum = (accum << 1) | (accum >> 31); } } static void check_umode_change(void *vdata) { hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; client::client *source_p = data->client; if (!my(*source_p)) return; /* didn't change +h umode, we don't need to do anything */ if (!((data->oldumodes ^ source_p->mode) & user_modes['x'])) return; if (source_p->mode & user_modes['x']) { if (is_ip_spoof(*source_p) || source_p->localClient->mangledhost == NULL || (is_dyn_spoof(*source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) { source_p->mode &= umode(~user_modes['x']); return; } if (strcmp(source_p->host, source_p->localClient->mangledhost)) { distribute_hostchange(source_p, source_p->localClient->mangledhost); } else /* not really nice, but we need to send this numeric here */ sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", source_p->host); } else if (!(source_p->mode & user_modes['x'])) { if (source_p->localClient->mangledhost != NULL && !strcmp(source_p->host, source_p->localClient->mangledhost)) { distribute_hostchange(source_p, source_p->orighost); } } } static void check_new_user(void *vdata) { client::client *source_p = (client::client *)vdata; if (is_ip_spoof(*source_p)) { source_p->mode &= umode(~user_modes['x']); return; } source_p->localClient->mangledhost = (char *)rb_malloc(HOSTLEN + 1); if (!irccmp(source_p->orighost, source_p->sockhost)) do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (is_dyn_spoof(*source_p)) source_p->mode &= umode(~user_modes['x']); if (source_p->mode & user_modes['x']) { rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); if (irccmp(source_p->host, source_p->orighost)) set_dyn_spoof(*source_p); } }