-/* $Id: ip_cloaking.c 2805 2006-12-05 12:45:43Z jilles $ */
+/* $Id: ip_cloaking.c 3526 2007-07-06 07:56:14Z nenolod $ */
#include "stdinc.h"
#include "modules.h"
#include "client.h"
#include "ircd.h"
#include "send.h"
+#include "hash.h"
#include "s_conf.h"
#include "s_user.h"
#include "s_serv.h"
-#include "tools.h"
#include "numeric.h"
/* if you're modifying this module, you'll probably to change this */
_modinit(void)
{
/* add the usermode to the available slot */
- user_modes['h'] = find_umode_slot();
+ user_modes['x'] = find_umode_slot();
construct_umodebuf();
return 0;
_moddeinit(void)
{
/* disable the umode and remove it from the available list */
- user_modes['h'] = 0;
+ user_modes['x'] = 0;
construct_umodebuf();
}
};
DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL,
- ip_cloaking_hfnlist, "$Revision: 2805 $");
+ ip_cloaking_hfnlist, "$Revision: 3526 $");
static void
distribute_hostchange(struct Client *client)
sendto_server(NULL, NULL,
CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s",
use_id(&me), use_id(client), client->host);
- sendto_server(NULL, NULL,
- NOCAPS, CAP_TS6, ":%s ENCAP * CHGHOST %s :%s",
- me.name, client->name, client->host);
if (irccmp(client->host, client->orighost))
SetDynSpoof(client);
else
}
static void
-do_host_cloak(const char *inbuf, char *outbuf, int ipmask)
+do_host_cloak_ip(const char *inbuf, char *outbuf)
{
- int cyc;
- unsigned int hosthash = 1, hosthash2 = 1;
- unsigned int maxcycle = strlen(inbuf);
- int len1;
- const char *rest, *next;
-
- for (cyc = 0; cyc < maxcycle - 2; cyc += 2)
- hosthash *= (unsigned int) inbuf[cyc];
-
- /* safety: decrement ourselves two steps back */
- for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2)
- hosthash2 *= (unsigned int) inbuf[cyc];
-
- /* lets do some bitshifting -- this pretty much destroys the IP
- * sequence, while still providing a checksum. exactly what
- * we're shooting for. --nenolod
- */
- hosthash += (hosthash2 / KEY);
- hosthash2 += (hosthash / KEY);
+ /* None of the characters in this table can be valid in an IP */
+ char chartable[] = "ghijklmnopqrstuvwxyz";
+ char *tptr;
+ uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32);
+ int sepcount = 0;
+ int totalcount = 0;
+ int ipv6 = 0;
- if (ipmask == 0)
+ rb_strlcpy(outbuf, inbuf, HOSTLEN + 1);
+
+ if (strchr(outbuf, ':'))
{
- ircsnprintf(outbuf, HOSTLEN, "%s-%X%X",
- ServerInfo.network_name, hosthash2, hosthash);
- len1 = strlen(outbuf);
- rest = strchr(inbuf, '.');
- if (rest == NULL)
- rest = ".";
- /* try to avoid truncation -- jilles */
- while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL)
- rest = next;
- strlcat(outbuf, rest, HOSTLEN);
+ ipv6 = 1;
+
+ /* Damn you IPv6...
+ * We count the number of colons so we can calculate how much
+ * of the host to cloak. This is because some hostmasks may not
+ * have as many octets as we'd like.
+ *
+ * We have to do this ahead of time because doing this during
+ * the actual cloaking would get ugly
+ */
+ for (tptr = outbuf; *tptr != '\0'; tptr++)
+ if (*tptr == ':')
+ totalcount++;
}
- else
- ircsnprintf(outbuf, HOSTLEN, "%X%X.%s",
- hosthash2, hosthash, ServerInfo.network_name);
+ else if (!strchr(outbuf, '.'))
+ return;
+
+ for (tptr = outbuf; *tptr != '\0'; tptr++)
+ {
+ if (*tptr == ':' || *tptr == '.')
+ {
+ sepcount++;
+ continue;
+ }
+
+ if (ipv6 && sepcount < totalcount / 2)
+ continue;
+
+ if (!ipv6 && sepcount < 2)
+ continue;
+
+ *tptr = chartable[(*tptr + accum) % 20];
+ accum = (accum << 1) | (accum >> 31);
+ }
+}
+
+static void
+do_host_cloak_host(const char *inbuf, char *outbuf)
+{
+ char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz";
+ char *tptr;
+ uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32);
+
+ rb_strlcpy(outbuf, inbuf, HOSTLEN + 1);
+
+ /* pass 1: scramble first section of hostname using base26
+ * alphabet toasted against the FNV hash of the string.
+ *
+ * numbers are not changed at this time, only letters.
+ */
+ for (tptr = outbuf; *tptr != '\0'; tptr++)
+ {
+ if (*tptr == '.')
+ break;
+
+ if (isdigit(*tptr) || *tptr == '-')
+ continue;
+
+ *tptr = b26_alphabet[(*tptr + accum) % 26];
+
+ /* Rotate one bit to avoid all digits being turned odd or even */
+ accum = (accum << 1) | (accum >> 31);
+ }
+
+ /* pass 2: scramble each number in the address */
+ for (tptr = outbuf; *tptr != '\0'; tptr++)
+ {
+ if (isdigit(*tptr))
+ *tptr = '0' + (*tptr + accum) % 10;
+
+ accum = (accum << 1) | (accum >> 31);
+ }
}
static void
return;
/* didn't change +h umode, we don't need to do anything */
- if (!((data->oldumodes ^ source_p->umodes) & user_modes['h']))
+ if (!((data->oldumodes ^ source_p->umodes) & user_modes['x']))
return;
- if (source_p->umodes & user_modes['h'])
+ if (source_p->umodes & user_modes['x'])
{
if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost)))
{
- source_p->umodes &= ~user_modes['h'];
+ source_p->umodes &= ~user_modes['x'];
return;
}
if (strcmp(source_p->host, source_p->localClient->mangledhost))
{
- strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN);
+ rb_strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN + 1);
distribute_hostchange(source_p);
}
else /* not really nice, but we need to send this numeric here */
sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host",
source_p->host);
}
- else if (!(source_p->umodes & user_modes['h']))
+ else if (!(source_p->umodes & user_modes['x']))
{
if (source_p->localClient->mangledhost != NULL &&
!strcmp(source_p->host, source_p->localClient->mangledhost))
{
- strlcpy(source_p->host, source_p->orighost, HOSTLEN);
+ rb_strlcpy(source_p->host, source_p->orighost, HOSTLEN + 1);
distribute_hostchange(source_p);
}
}
if (IsIPSpoof(source_p))
{
- source_p->umodes &= ~user_modes['h'];
+ source_p->umodes &= ~user_modes['x'];
return;
}
- source_p->localClient->mangledhost = MyMalloc(HOSTLEN);
+ source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1);
if (!irccmp(source_p->orighost, source_p->sockhost))
- do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1);
+ do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost);
else
- do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0);
+ do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost);
if (IsDynSpoof(source_p))
- source_p->umodes &= ~user_modes['h'];
- if (source_p->umodes & user_modes['h'])
+ source_p->umodes &= ~user_modes['x'];
+ if (source_p->umodes & user_modes['x'])
{
- strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host));
+ rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host));
if (irccmp(source_p->host, source_p->orighost))
SetDynSpoof(source_p);
}
projects / irc / rqf / shadowircd.git / blobdiff