X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/762cc38cf9536053ea31085206508922ba524eaa..f4db473ce839b948636097405f9421e3f9fa8d43:/extensions/ip_cloaking.c?ds=sidebyside diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index 0f0932c..1f807ad 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -1,4 +1,3 @@ -/* $Id: ip_cloaking.c 3522 2007-07-06 07:48:28Z nenolod $ */ #include "stdinc.h" #include "modules.h" @@ -6,10 +5,10 @@ #include "client.h" #include "ircd.h" #include "send.h" +#include "hash.h" #include "s_conf.h" #include "s_user.h" #include "s_serv.h" -#include "tools.h" #include "numeric.h" /* if you're modifying this module, you'll probably to change this */ @@ -19,7 +18,7 @@ static int _modinit(void) { /* add the usermode to the available slot */ - user_modes['h'] = find_umode_slot(); + user_modes['x'] = find_umode_slot(); construct_umodebuf(); return 0; @@ -29,7 +28,7 @@ static void _moddeinit(void) { /* disable the umode and remove it from the available list */ - user_modes['h'] = 0; + user_modes['x'] = 0; construct_umodebuf(); } @@ -42,7 +41,7 @@ mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { }; DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, "$Revision: 3522 $"); + ip_cloaking_hfnlist, "$Revision: 3526 $"); static void distribute_hostchange(struct Client *client) @@ -60,56 +59,61 @@ distribute_hostchange(struct Client *client) sendto_server(NULL, NULL, CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", use_id(&me), use_id(client), client->host); - sendto_server(NULL, NULL, - NOCAPS, CAP_TS6, ":%s ENCAP * CHGHOST %s :%s", - me.name, client->name, client->host); if (irccmp(client->host, client->orighost)) SetDynSpoof(client); else ClearDynSpoof(client); } -#define Nval 0x8c3a48ac -#define HOSTLEN 63 -#define INITDATA "98fwqefnoiqefv03f423t34gbv3vb89tg432t3b8" /* change this */ - -static inline unsigned int -get_string_entropy(const char *inbuf) +static void +do_host_cloak_ip(const char *inbuf, char *outbuf) { - unsigned int accum = 1; - - while(*inbuf != '\0') - accum += *inbuf++; - - return accum; -} + /* None of the characters in this table can be valid in an IP */ + char chartable[] = "ghijklmnopqrstuvwxyz"; + char *tptr; + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); + int sepcount = 0; + int totalcount = 0; + int ipv6 = 0; -/* calls get_string_entropy() and toasts it against INITDATA */ -static inline unsigned int -get_string_weighted_entropy(const char *inbuf) -{ - static int base_entropy = 0; - unsigned int accum = get_string_entropy(inbuf); + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); - /* initialize the algorithm if it is not yet ready */ - if (base_entropy == 0) - base_entropy = get_string_entropy(INITDATA); + if (strchr(outbuf, ':')) + { + ipv6 = 1; + + /* Damn you IPv6... + * We count the number of colons so we can calculate how much + * of the host to cloak. This is because some hostmasks may not + * have as many octets as we'd like. + * + * We have to do this ahead of time because doing this during + * the actual cloaking would get ugly + */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + if (*tptr == ':') + totalcount++; + } + else if (!strchr(outbuf, '.')) + return; - return (Nval * accum) ^ base_entropy; -} + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (*tptr == ':' || *tptr == '.') + { + sepcount++; + continue; + } -static void -do_host_cloak_ip(const char *inbuf, char *outbuf) -{ - char *tptr; - unsigned int accum = get_string_weighted_entropy(inbuf); - char buf[HOSTLEN]; + if (ipv6 && sepcount < totalcount / 2) + continue; - strncpy(buf, inbuf, HOSTLEN); - tptr = strrchr(buf, '.'); - *tptr++ = '\0'; + if (!ipv6 && sepcount < 2) + continue; - snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); + *tptr = chartable[(*tptr + accum) % 20]; + accum = (accum << 1) | (accum >> 31); + } } static void @@ -117,12 +121,12 @@ do_host_cloak_host(const char *inbuf, char *outbuf) { char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; char *tptr; - unsigned int accum = get_string_weighted_entropy(inbuf); + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); - strncpy(outbuf, inbuf, HOSTLEN); + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); /* pass 1: scramble first section of hostname using base26 - * alphabet toasted against the weighted entropy of the string. + * alphabet toasted against the FNV hash of the string. * * numbers are not changed at this time, only letters. */ @@ -134,16 +138,19 @@ do_host_cloak_host(const char *inbuf, char *outbuf) if (isdigit(*tptr) || *tptr == '-') continue; - *tptr = b26_alphabet[(*tptr * accum) % 26]; + *tptr = b26_alphabet[(*tptr + accum) % 26]; + + /* Rotate one bit to avoid all digits being turned odd or even */ + accum = (accum << 1) | (accum >> 31); } /* pass 2: scramble each number in the address */ for (tptr = outbuf; *tptr != '\0'; tptr++) { if (isdigit(*tptr)) - { - *tptr = 48 + ((*tptr * accum) % 10); - } + *tptr = '0' + (*tptr + accum) % 10; + + accum = (accum << 1) | (accum >> 31); } } @@ -157,31 +164,31 @@ check_umode_change(void *vdata) return; /* didn't change +h umode, we don't need to do anything */ - if (!((data->oldumodes ^ source_p->umodes) & user_modes['h'])) + if (!((data->oldumodes ^ source_p->umodes) & user_modes['x'])) return; - if (source_p->umodes & user_modes['h']) + if (source_p->umodes & user_modes['x']) { if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) { - source_p->umodes &= ~user_modes['h']; + source_p->umodes &= ~user_modes['x']; return; } if (strcmp(source_p->host, source_p->localClient->mangledhost)) { - strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN); + rb_strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN + 1); distribute_hostchange(source_p); } else /* not really nice, but we need to send this numeric here */ sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", source_p->host); } - else if (!(source_p->umodes & user_modes['h'])) + else if (!(source_p->umodes & user_modes['x'])) { if (source_p->localClient->mangledhost != NULL && !strcmp(source_p->host, source_p->localClient->mangledhost)) { - strlcpy(source_p->host, source_p->orighost, HOSTLEN); + rb_strlcpy(source_p->host, source_p->orighost, HOSTLEN + 1); distribute_hostchange(source_p); } } @@ -194,19 +201,19 @@ check_new_user(void *vdata) if (IsIPSpoof(source_p)) { - source_p->umodes &= ~user_modes['h']; + source_p->umodes &= ~user_modes['x']; return; } - source_p->localClient->mangledhost = MyMalloc(HOSTLEN); + source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1); if (!irccmp(source_p->orighost, source_p->sockhost)) do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (IsDynSpoof(source_p)) - source_p->umodes &= ~user_modes['h']; - if (source_p->umodes & user_modes['h']) + source_p->umodes &= ~user_modes['x']; + if (source_p->umodes & user_modes['x']) { - strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); + rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); if (irccmp(source_p->host, source_p->orighost)) SetDynSpoof(source_p); }