mirror of
https://github.com/matrix-construct/construct
synced 2024-12-30 17:34:04 +01:00
29c92cf95f
- Implemented changes suggested by Jilles - Remove some unused parameters in functions - Remove some unused ssl procs - 63-bit time_t support in TS deltas - const char * vs char * cleanup - struct alignment (void *) casts - signed vs unsigned fixes - bad memset() call - Bad LT_MAIN in libratbox - char -> unsigned char casts for isdigit/isspace/etc calls Thanks Jilles!
224 lines
5.6 KiB
C
224 lines
5.6 KiB
C
/*
|
|
* Charybdis: an advanced ircd
|
|
* ip_cloaking.c: provide user hostname cloaking
|
|
*
|
|
* Written originally by nenolod, altered to use FNV by Elizabeth in 2008
|
|
*/
|
|
|
|
#include "stdinc.h"
|
|
#include "modules.h"
|
|
#include "hook.h"
|
|
#include "client.h"
|
|
#include "ircd.h"
|
|
#include "send.h"
|
|
#include "hash.h"
|
|
#include "s_conf.h"
|
|
#include "s_user.h"
|
|
#include "s_serv.h"
|
|
#include "numeric.h"
|
|
|
|
static int
|
|
_modinit(void)
|
|
{
|
|
/* add the usermode to the available slot */
|
|
user_modes['h'] = find_umode_slot();
|
|
construct_umodebuf();
|
|
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
_moddeinit(void)
|
|
{
|
|
/* disable the umode and remove it from the available list */
|
|
user_modes['h'] = 0;
|
|
construct_umodebuf();
|
|
}
|
|
|
|
static void check_umode_change(void *data);
|
|
static void check_new_user(void *data);
|
|
mapi_hfn_list_av1 ip_cloaking_hfnlist[] = {
|
|
{ "umode_changed", (hookfn) check_umode_change },
|
|
{ "new_local_user", (hookfn) check_new_user },
|
|
{ NULL, NULL }
|
|
};
|
|
|
|
DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL,
|
|
ip_cloaking_hfnlist, "$Revision: 3526 $");
|
|
|
|
static void
|
|
distribute_hostchange(struct Client *client_p, char *newhost)
|
|
{
|
|
if (newhost != client_p->orighost)
|
|
sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host",
|
|
newhost);
|
|
else
|
|
sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset",
|
|
newhost);
|
|
|
|
sendto_server(NULL, NULL,
|
|
CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s",
|
|
use_id(&me), use_id(client_p), newhost);
|
|
sendto_server(NULL, NULL,
|
|
CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s",
|
|
use_id(&me), use_id(client_p), newhost);
|
|
|
|
change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host");
|
|
|
|
if (newhost != client_p->orighost)
|
|
SetDynSpoof(client_p);
|
|
else
|
|
ClearDynSpoof(client_p);
|
|
}
|
|
|
|
static void
|
|
do_host_cloak_ip(const char *inbuf, char *outbuf)
|
|
{
|
|
/* None of the characters in this table can be valid in an IP */
|
|
char chartable[] = "ghijklmnopqrstuvwxyz";
|
|
char *tptr;
|
|
uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32);
|
|
int sepcount = 0;
|
|
int totalcount = 0;
|
|
int ipv6 = 0;
|
|
|
|
rb_strlcpy(outbuf, inbuf, HOSTLEN + 1);
|
|
|
|
if (strchr(outbuf, ':'))
|
|
{
|
|
ipv6 = 1;
|
|
|
|
/* Damn you IPv6...
|
|
* We count the number of colons so we can calculate how much
|
|
* of the host to cloak. This is because some hostmasks may not
|
|
* have as many octets as we'd like.
|
|
*
|
|
* We have to do this ahead of time because doing this during
|
|
* the actual cloaking would get ugly
|
|
*/
|
|
for (tptr = outbuf; *tptr != '\0'; tptr++)
|
|
if (*tptr == ':')
|
|
totalcount++;
|
|
}
|
|
else if (!strchr(outbuf, '.'))
|
|
return;
|
|
|
|
for (tptr = outbuf; *tptr != '\0'; tptr++)
|
|
{
|
|
if (*tptr == ':' || *tptr == '.')
|
|
{
|
|
sepcount++;
|
|
continue;
|
|
}
|
|
|
|
if (ipv6 && sepcount < totalcount / 2)
|
|
continue;
|
|
|
|
if (!ipv6 && sepcount < 2)
|
|
continue;
|
|
|
|
*tptr = chartable[(*tptr + accum) % 20];
|
|
accum = (accum << 1) | (accum >> 31);
|
|
}
|
|
}
|
|
|
|
static void
|
|
do_host_cloak_host(const char *inbuf, char *outbuf)
|
|
{
|
|
char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz";
|
|
char *tptr;
|
|
uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32);
|
|
|
|
rb_strlcpy(outbuf, inbuf, HOSTLEN + 1);
|
|
|
|
/* pass 1: scramble first section of hostname using base26
|
|
* alphabet toasted against the FNV hash of the string.
|
|
*
|
|
* numbers are not changed at this time, only letters.
|
|
*/
|
|
for (tptr = outbuf; *tptr != '\0'; tptr++)
|
|
{
|
|
if (*tptr == '.')
|
|
break;
|
|
|
|
if (isdigit((unsigned char)*tptr) || *tptr == '-')
|
|
continue;
|
|
|
|
*tptr = b26_alphabet[(*tptr + accum) % 26];
|
|
|
|
/* Rotate one bit to avoid all digits being turned odd or even */
|
|
accum = (accum << 1) | (accum >> 31);
|
|
}
|
|
|
|
/* pass 2: scramble each number in the address */
|
|
for (tptr = outbuf; *tptr != '\0'; tptr++)
|
|
{
|
|
if (isdigit((unsigned char)*tptr))
|
|
*tptr = '0' + (*tptr + accum) % 10;
|
|
|
|
accum = (accum << 1) | (accum >> 31);
|
|
}
|
|
}
|
|
|
|
static void
|
|
check_umode_change(void *vdata)
|
|
{
|
|
hook_data_umode_changed *data = (hook_data_umode_changed *)vdata;
|
|
struct Client *source_p = data->client;
|
|
|
|
if (!MyClient(source_p))
|
|
return;
|
|
|
|
/* didn't change +h umode, we don't need to do anything */
|
|
if (!((data->oldumodes ^ source_p->umodes) & user_modes['h']))
|
|
return;
|
|
|
|
if (source_p->umodes & user_modes['h'])
|
|
{
|
|
if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost)))
|
|
{
|
|
source_p->umodes &= ~user_modes['h'];
|
|
return;
|
|
}
|
|
if (strcmp(source_p->host, source_p->localClient->mangledhost))
|
|
{
|
|
distribute_hostchange(source_p, source_p->localClient->mangledhost);
|
|
}
|
|
else /* not really nice, but we need to send this numeric here */
|
|
sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host",
|
|
source_p->host);
|
|
}
|
|
else if (!(source_p->umodes & user_modes['h']))
|
|
{
|
|
if (source_p->localClient->mangledhost != NULL &&
|
|
!strcmp(source_p->host, source_p->localClient->mangledhost))
|
|
{
|
|
distribute_hostchange(source_p, source_p->orighost);
|
|
}
|
|
}
|
|
}
|
|
|
|
static void
|
|
check_new_user(void *vdata)
|
|
{
|
|
struct Client *source_p = (void *)vdata;
|
|
|
|
if (IsIPSpoof(source_p))
|
|
{
|
|
source_p->umodes &= ~user_modes['h'];
|
|
return;
|
|
}
|
|
source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1);
|
|
if (!irccmp(source_p->orighost, source_p->sockhost))
|
|
do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost);
|
|
else
|
|
do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost);
|
|
if (IsDynSpoof(source_p))
|
|
source_p->umodes &= ~user_modes['h'];
|
|
if (source_p->umodes & user_modes['h'])
|
|
{
|
|
rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host));
|
|
if (irccmp(source_p->host, source_p->orighost))
|
|
SetDynSpoof(source_p);
|
|
}
|
|
}
|