[solanum.git] / extensions / sasl_usercloak.c

#include "stdinc.h"
#include "modules.h"
#include "hook.h"
#include "client.h"
#include "hostmask.h"
#include "ircd.h"
#include "send.h"
#include "hash.h"
#include "s_conf.h"
#include "s_user.h"
#include "s_serv.h"
#include "numeric.h"

#include <stdint.h>

static const char sasl_usercloak_desc[] =
	"Insert the SASL account name into certain iline spoofed hosts";

static void check_new_user(void *data);
mapi_hfn_list_av1 sasl_usercloak_hfnlist[] = {
	{ "new_local_user", check_new_user },
	{ NULL, NULL }
};


unsigned int fnv_hash_string(char *str)
{
	unsigned int hash = 0x811c9dc5; // Magic value for 32-bit fnv1 hash initialisation.
	unsigned char *p = (unsigned char *)str;
	while (*p)
	{
		hash += (hash<<1) + (hash<<4) + (hash<<7) + (hash<<8) + (hash<<24);
		hash ^= *p++;
	}
	return hash;
}

static void
check_new_user(void *vdata)
{
	struct Client *source_p = vdata;

	if (!IsIPSpoof(source_p))
		return;

	if (EmptyString(source_p->user->suser))
		return;

	char *accountpart = strstr(source_p->orighost, "/account");
	if (!accountpart || accountpart[8] != '\0')
		return;

	accountpart += 1;

	char buf[HOSTLEN];
	memset(buf, 0, sizeof(buf));
	char *dst = buf;

	strncpy(buf, source_p->orighost, accountpart - source_p->orighost);
	dst += accountpart - source_p->orighost;

	int needhash = 0;

	for (char *src = source_p->user->suser; *src ; src++ )
	{
		if (dst >= buf + sizeof(buf))
		{
			/* Doesn't fit. Warn opers and bail. */
			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
					"Couldn't fit account name part %s in hostname for %s!%s@%s",
					source_p->user->suser, source_p->name, source_p->username, source_p->orighost);
			return;
		}

		char c = tolower(*src);

		if (IsHostChar(c))
			*dst++ = c;
		else
			needhash = 1;
	}

	if (needhash)
	{
		if (dst > buf + sizeof(buf) - 12) /* '/x-' plus eight digit hash plus null terminator */
		{
			/* Doesn't fit. Warn opers and bail. */
			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
					"Couldn't fit account name part %s in hostname for %s!%s@%s",
					source_p->user->suser, source_p->name, source_p->username, source_p->orighost);
			return;
		}

		*dst++ = '/';
		*dst++ = 'x';
		*dst++ = '-';

		unsigned int hashval = fnv_hash_string(source_p->user->suser);
		hashval %= 100000000; // eight digits only please.
		snprintf(dst, 9, "%08u", hashval);
	}

	/* just in case */
	buf[HOSTLEN-1] = '\0';

	/* If hostname has been changed already (probably by services cloak on SASL login), then
	 * leave it intact. If not, change it. In either case, update the original hostname.
	 */
	if (0 == irccmp(source_p->host, source_p->orighost))
		change_nick_user_host(source_p, source_p->name, source_p->username, buf, 0, "Changing host");
	strncpy(source_p->orighost, buf, HOSTLEN);

	{
		struct ConfItem *aconf = find_kline(source_p);

		if(aconf == NULL)
			return;

		if(IsExemptKline(source_p))
		{
			sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
						 "KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
						 get_client_name(source_p, HIDE_IP),
						 aconf->user, aconf->host);
			return;
		}

		sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
					 "KLINE active for %s",
					 get_client_name(source_p, HIDE_IP));

		notify_banned_client(source_p, aconf, K_LINED);
	}
}

DECLARE_MODULE_AV2(sasl_usercloak, NULL, NULL, NULL, NULL, sasl_usercloak_hfnlist, NULL, NULL, sasl_usercloak_desc);
Commit	Line	Data
721410d5 SB	1	#include "stdinc.h"
	2	#include "modules.h"
	3	#include "hook.h"
	4	#include "client.h"
5958d6b9	5	#include "hostmask.h"
721410d5 SB	6	#include "ircd.h"
	7	#include "send.h"
	8	#include "hash.h"
	9	#include "s_conf.h"
	10	#include "s_user.h"
	11	#include "s_serv.h"
	12	#include "numeric.h"
	13
	14	#include <stdint.h>
	15
5d5603b6 EK	16	static const char sasl_usercloak_desc[] =
	17	"Insert the SASL account name into certain iline spoofed hosts";
	18
721410d5 SB	19	static void check_new_user(void *data);
721410d5 SB	20	mapi_hfn_list_av1 sasl_usercloak_hfnlist[] = {
5d5603b6	21	{ "new_local_user", check_new_user },
721410d5 SB	22	{ NULL, NULL }
	23	};
	24
5958d6b9	25
721410d5 SB	26	unsigned int fnv_hash_string(char *str)
	27	{
	28	unsigned int hash = 0x811c9dc5; // Magic value for 32-bit fnv1 hash initialisation.
	29	unsigned char p = (unsigned char )str;
	30	while (*p)
	31	{
	32	hash += (hash<<1) + (hash<<4) + (hash<<7) + (hash<<8) + (hash<<24);
	33	hash ^= *p++;
	34	}
	35	return hash;
	36	}
	37
	38	static void
	39	check_new_user(void *vdata)
	40	{
5d5603b6	41	struct Client *source_p = vdata;
721410d5 SB	42
	43	if (!IsIPSpoof(source_p))
	44	return;
	45
	46	if (EmptyString(source_p->user->suser))
	47	return;
	48
cdeca37e EK	49	char *accountpart = strstr(source_p->orighost, "/account");
cdeca37e EK	50	if (!accountpart \|\| accountpart[8] != '\0')
721410d5 SB	51	return;
721410d5 SB	52
cdeca37e EK	53	accountpart += 1;
cdeca37e EK	54
721410d5	55	char buf[HOSTLEN];
271ddd99	56	memset(buf, 0, sizeof(buf));
721410d5 SB	57	char *dst = buf;
721410d5 SB	58
dae6f5db SB	59	strncpy(buf, source_p->orighost, accountpart - source_p->orighost);
dae6f5db SB	60	dst += accountpart - source_p->orighost;
721410d5 SB	61
	62	int needhash = 0;
	63
	64	for (char src = source_p->user->suser; src ; src++ )
	65	{
5958d6b9	66	if (dst >= buf + sizeof(buf))
721410d5 SB	67	{
	68	/* Doesn't fit. Warn opers and bail. */
	69	sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
	70	"Couldn't fit account name part %s in hostname for %s!%s@%s",
dae6f5db	71	source_p->user->suser, source_p->name, source_p->username, source_p->orighost);
721410d5 SB	72	return;
	73	}
	74
5d5603b6	75	char c = tolower(*src);
721410d5 SB	76
	77	if (IsHostChar(c))
	78	*dst++ = c;
	79	else
	80	needhash = 1;
	81	}
	82
	83	if (needhash)
	84	{
	85	if (dst > buf + sizeof(buf) - 12) /* '/x-' plus eight digit hash plus null terminator */
	86	{
	87	/* Doesn't fit. Warn opers and bail. */
	88	sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
	89	"Couldn't fit account name part %s in hostname for %s!%s@%s",
dae6f5db	90	source_p->user->suser, source_p->name, source_p->username, source_p->orighost);
721410d5 SB	91	return;
	92	}
	93
	94	*dst++ = '/';
	95	*dst++ = 'x';
	96	*dst++ = '-';
	97
	98	unsigned int hashval = fnv_hash_string(source_p->user->suser);
	99	hashval %= 100000000; // eight digits only please.
b44f6669	100	snprintf(dst, 9, "%08u", hashval);
721410d5 SB	101	}
	102
	103	/* just in case */
	104	buf[HOSTLEN-1] = '\0';
	105
dae6f5db SB	106	/* If hostname has been changed already (probably by services cloak on SASL login), then
	107	* leave it intact. If not, change it. In either case, update the original hostname.
	108	*/
	109	if (0 == irccmp(source_p->host, source_p->orighost))
	110	change_nick_user_host(source_p, source_p->name, source_p->username, buf, 0, "Changing host");
	111	strncpy(source_p->orighost, buf, HOSTLEN);
5958d6b9 EK	112
	113	{
	114	struct ConfItem *aconf = find_kline(source_p);
	115
	116	if(aconf == NULL)
	117	return;
	118
	119	if(IsExemptKline(source_p))
	120	{
	121	sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
	122	"KLINE over-ruled for %s, client is kline_exempt [%s@%s]",
	123	get_client_name(source_p, HIDE_IP),
	124	aconf->user, aconf->host);
	125	return;
	126	}
	127
a9227555	128	sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
5958d6b9 EK	129	"KLINE active for %s",
	130	get_client_name(source_p, HIDE_IP));
	131
	132	notify_banned_client(source_p, aconf, K_LINED);
	133	}
721410d5	134	}
5d5603b6 EK	135
5d5603b6 EK	136	DECLARE_MODULE_AV2(sasl_usercloak, NULL, NULL, NULL, NULL, sasl_usercloak_hfnlist, NULL, NULL, sasl_usercloak_desc);