X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/8aba962d4307746f8eca05d56c9ea34c370332b9..762cc38cf9536053ea31085206508922ba524eaa:/extensions/ip_cloaking.c diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index f960d0a..0f0932c 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -1,4 +1,4 @@ -/* $Id: ip_cloaking.c 2805 2006-12-05 12:45:43Z jilles $ */ +/* $Id: ip_cloaking.c 3522 2007-07-06 07:48:28Z nenolod $ */ #include "stdinc.h" #include "modules.h" @@ -42,7 +42,7 @@ mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { }; DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, "$Revision: 2805 $"); + ip_cloaking_hfnlist, "$Revision: 3522 $"); static void distribute_hostchange(struct Client *client) @@ -69,45 +69,82 @@ distribute_hostchange(struct Client *client) ClearDynSpoof(client); } +#define Nval 0x8c3a48ac +#define HOSTLEN 63 +#define INITDATA "98fwqefnoiqefv03f423t34gbv3vb89tg432t3b8" /* change this */ + +static inline unsigned int +get_string_entropy(const char *inbuf) +{ + unsigned int accum = 1; + + while(*inbuf != '\0') + accum += *inbuf++; + + return accum; +} + +/* calls get_string_entropy() and toasts it against INITDATA */ +static inline unsigned int +get_string_weighted_entropy(const char *inbuf) +{ + static int base_entropy = 0; + unsigned int accum = get_string_entropy(inbuf); + + /* initialize the algorithm if it is not yet ready */ + if (base_entropy == 0) + base_entropy = get_string_entropy(INITDATA); + + return (Nval * accum) ^ base_entropy; +} + static void -do_host_cloak(const char *inbuf, char *outbuf, int ipmask) +do_host_cloak_ip(const char *inbuf, char *outbuf) { - int cyc; - unsigned int hosthash = 1, hosthash2 = 1; - unsigned int maxcycle = strlen(inbuf); - int len1; - const char *rest, *next; - - for (cyc = 0; cyc < maxcycle - 2; cyc += 2) - hosthash *= (unsigned int) inbuf[cyc]; - - /* safety: decrement ourselves two steps back */ - for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2) - hosthash2 *= (unsigned int) inbuf[cyc]; - - /* lets do some bitshifting -- this pretty much destroys the IP - * sequence, while still providing a checksum. exactly what - * we're shooting for. --nenolod - */ - hosthash += (hosthash2 / KEY); - hosthash2 += (hosthash / KEY); + char *tptr; + unsigned int accum = get_string_weighted_entropy(inbuf); + char buf[HOSTLEN]; + + strncpy(buf, inbuf, HOSTLEN); + tptr = strrchr(buf, '.'); + *tptr++ = '\0'; - if (ipmask == 0) + snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); +} + +static void +do_host_cloak_host(const char *inbuf, char *outbuf) +{ + char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; + char *tptr; + unsigned int accum = get_string_weighted_entropy(inbuf); + + strncpy(outbuf, inbuf, HOSTLEN); + + /* pass 1: scramble first section of hostname using base26 + * alphabet toasted against the weighted entropy of the string. + * + * numbers are not changed at this time, only letters. + */ + for (tptr = outbuf; *tptr != '\0'; tptr++) { - ircsnprintf(outbuf, HOSTLEN, "%s-%X%X", - ServerInfo.network_name, hosthash2, hosthash); - len1 = strlen(outbuf); - rest = strchr(inbuf, '.'); - if (rest == NULL) - rest = "."; - /* try to avoid truncation -- jilles */ - while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL) - rest = next; - strlcat(outbuf, rest, HOSTLEN); + if (*tptr == '.') + break; + + if (isdigit(*tptr) || *tptr == '-') + continue; + + *tptr = b26_alphabet[(*tptr * accum) % 26]; } - else - ircsnprintf(outbuf, HOSTLEN, "%X%X.%s", - hosthash2, hosthash, ServerInfo.network_name); + + /* pass 2: scramble each number in the address */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (isdigit(*tptr)) + { + *tptr = 48 + ((*tptr * accum) % 10); + } + } } static void @@ -162,9 +199,9 @@ check_new_user(void *vdata) } source_p->localClient->mangledhost = MyMalloc(HOSTLEN); if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1); + do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0); + do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (IsDynSpoof(source_p)) source_p->umodes &= ~user_modes['h']; if (source_p->umodes & user_modes['h'])