Nicole Kleinhoff [Tue, 12 Jan 2021 08:16:13 +0000 (08:16 +0000)]
Add IRCCloud cloaking type
This cloaking type is entirely specific to the IRCCloud service. It
operates in a fashion similar to to the ident cloaking type, however the
assigned gateway cloak will not include the 'u' or 's', only the
letters "id" and the subscriber ID itself.
Both uid1234 and sid1234 will thus result in a gateway/.../id1234 cloak.
masks.c: actually set last_matched on the proper mask(s)
Fixes only the last mask processed being updated (whether or not it
actually matched), instead updating all masks that do match (reported or
not).
We also no longer stop processing when handling an exempt mask since
otherwise we'd update last_matched for all *previous* matching masks,
which would be quite counterintuitive.
Janik Kleinhoff [Tue, 19 Feb 2019 01:50:26 +0000 (01:50 +0000)]
Make "random" cloaking deterministic
This uses SipHash and adds a prf_key config option.
auxiliary/siphash.c is the unmodified SipHash reference implementation,
taken from https://github.com/veorq/SipHash
Set syn::prf_key to a string of 32 random hex digits in the
configuration to use this feature.
Janik Kleinhoff [Fri, 25 Jan 2019 00:25:22 +0000 (00:25 +0000)]
facilities.c: store a cloak for all facility users
This avoids failing to apply a gateway cloak on users who (via SASL)
connected with a project cloak, then had it removed (or changed to
unaffiliated) mid-session.
Janik Kleinhoff [Thu, 24 Jan 2019 23:31:34 +0000 (23:31 +0000)]
facilities.c: properly restore session cloaks
0124 232639 -!- test (test) [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has joined #services
Set a project cloak:
0124 233021 -!- test [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has quit [Changing host]
0124 233021 -!- test (test) [ilbelkyr@project/example] has joined #services
Remove cloak:
0124 233032 -!- test [ilbelkyr@project/example] has quit [Changing host]
0124 233032 -!- test (test) [ilbelkyr@gateway/test/session] has joined #services
0124 233032 -!- test [ilbelkyr@gateway/test/session] has quit [Changing host]
0124 233032 -!- test (test) [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has joined #services
This is still not perfect but a lot better than the previous behaviour,
where the project cloak would be restored instead.
We store the computed facility cloak in per-user metadata; user metadata
is not actually written to disk, unlike myuser or mychan metadata. This
is necessary due to the "random" cloaking type.
Janik Kleinhoff [Wed, 23 Jan 2019 04:56:36 +0000 (04:56 +0000)]
facilities.c: add subcommand help
This is a mess because (1) it'd be much nicer to read this from a file
but we can't do that via the Atheme help system if we also need to
handle subcommands, and (2) syn's sourceinfos have a
command_success_nodata that doesn't split on \n
At least "/msg syn help facility add" now does what it should.
Janik Kleinhoff [Fri, 18 Jan 2019 04:09:33 +0000 (04:09 +0000)]
facilities.c: use patricias instead of dictionaries
Per #2 I have no idea how mowgli dictionaries work, if at all, but
atheme has moved to patricias anyway without issue, and this change
makes things actually work.
I'm not sure there's anything else using the current mowgli dictionary
implementation. Atheme certainly doesn't, nor do libmowgli internals.
Janik Kleinhoff [Sun, 18 Mar 2018 01:53:27 +0000 (01:53 +0000)]
facilities: Add "ident" cloaking type
Fixes #6.
<@syn> FACILITY ADD gateway/web/irccloud.com by ilbelkitty (ilbelkyr)
<@syn> FACILITY SET cloaking->ident for gateway/web/irccloud.com by ilbelkitty (ilbelkyr)
Stephen Bennett [Fri, 8 Oct 2010 22:24:50 +0000 (23:24 +0100)]
Reject an incoming host change if it resets a gateway user's host to his real host. This happens when an unaffiliated cloak is removed on an account, and nickserv resets all logged in sessions to their real hostnames, overwriting any gateway session cloak that might be present.
Stephen Bennett [Thu, 1 Apr 2010 07:48:48 +0000 (08:48 +0100)]
Drop the check to avoid sending out duplicate klines -- seven doesn't leak memory the way hyperion did, and it solves the case where one server didn't pick up a kline properly
Stephen Bennett [Wed, 3 Feb 2010 00:24:39 +0000 (00:24 +0000)]
Add special case for tor-sasl users: reset their visible hostname to the original (account name substituted) host if SASL auth set an unaffiliated cloak. This effectively brings tor-sasl into line with other facilities, where project cloak overrides gateway cloak overrides unaffiliated cloak.
Stephen Bennett [Sun, 2 Aug 2009 20:44:50 +0000 (21:44 +0100)]
Add the nasty hack to override unaffiliated cloaks with gateway cloaks, and to work around the race condition when services and syn both rehost a user on connect