]>
Commit | Line | Data |
---|---|---|
89bfeb8f EM |
1 | /* |
2 | * Charybdis: an advanced ircd | |
3 | * ip_cloaking.c: provide user hostname cloaking | |
4 | * | |
5 | * Written originally by nenolod, altered to use FNV by Elizabeth in 2008 | |
6 | */ | |
4cbfc368 AC |
7 | |
8 | #include "stdinc.h" | |
9 | #include "modules.h" | |
10 | #include "hook.h" | |
11 | #include "client.h" | |
12 | #include "ircd.h" | |
13 | #include "send.h" | |
14 | #include "hash.h" | |
15 | #include "s_conf.h" | |
16 | #include "s_user.h" | |
17 | #include "s_serv.h" | |
18 | #include "numeric.h" | |
19 | ||
4cbfc368 AC |
20 | static int |
21 | _modinit(void) | |
22 | { | |
23 | /* add the usermode to the available slot */ | |
24 | user_modes['x'] = find_umode_slot(); | |
25 | construct_umodebuf(); | |
26 | ||
27 | return 0; | |
28 | } | |
29 | ||
30 | static void | |
31 | _moddeinit(void) | |
32 | { | |
33 | /* disable the umode and remove it from the available list */ | |
34 | user_modes['x'] = 0; | |
35 | construct_umodebuf(); | |
36 | } | |
37 | ||
38 | static void check_umode_change(void *data); | |
39 | static void check_new_user(void *data); | |
40 | mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { | |
41 | { "umode_changed", (hookfn) check_umode_change }, | |
42 | { "new_local_user", (hookfn) check_new_user }, | |
43 | { NULL, NULL } | |
44 | }; | |
45 | ||
46 | DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, | |
47 | ip_cloaking_hfnlist, "$Revision: 3526 $"); | |
48 | ||
49 | static void | |
50 | distribute_hostchange(struct Client *client) | |
51 | { | |
52 | if (irccmp(client->host, client->orighost)) | |
53 | sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :is now your hidden host", | |
54 | client->host); | |
55 | else | |
56 | sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :hostname reset", | |
57 | client->host); | |
58 | ||
59 | sendto_server(NULL, NULL, | |
60 | CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", | |
61 | use_id(&me), use_id(client), client->host); | |
62 | sendto_server(NULL, NULL, | |
63 | CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", | |
64 | use_id(&me), use_id(client), client->host); | |
65 | if (irccmp(client->host, client->orighost)) | |
66 | SetDynSpoof(client); | |
67 | else | |
68 | ClearDynSpoof(client); | |
69 | } | |
70 | ||
71 | static void | |
72 | do_host_cloak_ip(const char *inbuf, char *outbuf) | |
73 | { | |
74 | /* None of the characters in this table can be valid in an IP */ | |
75 | char chartable[] = "ghijklmnopqrstuvwxyz"; | |
76 | char *tptr; | |
77 | uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); | |
78 | int sepcount = 0; | |
79 | int totalcount = 0; | |
80 | int ipv6 = 0; | |
81 | ||
82 | rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); | |
83 | ||
84 | if (strchr(outbuf, ':')) | |
85 | { | |
86 | ipv6 = 1; | |
87 | ||
88 | /* Damn you IPv6... | |
89 | * We count the number of colons so we can calculate how much | |
90 | * of the host to cloak. This is because some hostmasks may not | |
91 | * have as many octets as we'd like. | |
92 | * | |
93 | * We have to do this ahead of time because doing this during | |
94 | * the actual cloaking would get ugly | |
95 | */ | |
96 | for (tptr = outbuf; *tptr != '\0'; tptr++) | |
97 | if (*tptr == ':') | |
98 | totalcount++; | |
99 | } | |
100 | else if (!strchr(outbuf, '.')) | |
101 | return; | |
102 | ||
103 | for (tptr = outbuf; *tptr != '\0'; tptr++) | |
104 | { | |
105 | if (*tptr == ':' || *tptr == '.') | |
106 | { | |
107 | sepcount++; | |
108 | continue; | |
109 | } | |
110 | ||
111 | if (ipv6 && sepcount < totalcount / 2) | |
112 | continue; | |
113 | ||
114 | if (!ipv6 && sepcount < 2) | |
115 | continue; | |
116 | ||
117 | *tptr = chartable[(*tptr + accum) % 20]; | |
118 | accum = (accum << 1) | (accum >> 31); | |
119 | } | |
120 | } | |
121 | ||
122 | static void | |
123 | do_host_cloak_host(const char *inbuf, char *outbuf) | |
124 | { | |
125 | char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; | |
126 | char *tptr; | |
127 | uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); | |
128 | ||
129 | rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); | |
130 | ||
131 | /* pass 1: scramble first section of hostname using base26 | |
132 | * alphabet toasted against the FNV hash of the string. | |
133 | * | |
134 | * numbers are not changed at this time, only letters. | |
135 | */ | |
136 | for (tptr = outbuf; *tptr != '\0'; tptr++) | |
137 | { | |
138 | if (*tptr == '.') | |
139 | break; | |
140 | ||
141 | if (isdigit(*tptr) || *tptr == '-') | |
142 | continue; | |
143 | ||
144 | *tptr = b26_alphabet[(*tptr + accum) % 26]; | |
145 | ||
146 | /* Rotate one bit to avoid all digits being turned odd or even */ | |
147 | accum = (accum << 1) | (accum >> 31); | |
148 | } | |
149 | ||
150 | /* pass 2: scramble each number in the address */ | |
151 | for (tptr = outbuf; *tptr != '\0'; tptr++) | |
152 | { | |
153 | if (isdigit(*tptr)) | |
154 | *tptr = '0' + (*tptr + accum) % 10; | |
155 | ||
156 | accum = (accum << 1) | (accum >> 31); | |
157 | } | |
158 | } | |
159 | ||
160 | static void | |
161 | check_umode_change(void *vdata) | |
162 | { | |
163 | hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; | |
164 | struct Client *source_p = data->client; | |
165 | ||
166 | if (!MyClient(source_p)) | |
167 | return; | |
168 | ||
169 | /* didn't change +h umode, we don't need to do anything */ | |
170 | if (!((data->oldumodes ^ source_p->umodes) & user_modes['x'])) | |
171 | return; | |
172 | ||
173 | if (source_p->umodes & user_modes['x']) | |
174 | { | |
175 | if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) | |
176 | { | |
177 | source_p->umodes &= ~user_modes['x']; | |
178 | return; | |
179 | } | |
180 | if (strcmp(source_p->host, source_p->localClient->mangledhost)) | |
181 | { | |
182 | rb_strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN + 1); | |
183 | distribute_hostchange(source_p); | |
184 | } | |
185 | else /* not really nice, but we need to send this numeric here */ | |
186 | sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", | |
187 | source_p->host); | |
188 | } | |
189 | else if (!(source_p->umodes & user_modes['x'])) | |
190 | { | |
191 | if (source_p->localClient->mangledhost != NULL && | |
192 | !strcmp(source_p->host, source_p->localClient->mangledhost)) | |
193 | { | |
194 | rb_strlcpy(source_p->host, source_p->orighost, HOSTLEN + 1); | |
195 | distribute_hostchange(source_p); | |
196 | } | |
197 | } | |
198 | } | |
199 | ||
200 | static void | |
201 | check_new_user(void *vdata) | |
202 | { | |
203 | struct Client *source_p = (void *)vdata; | |
204 | ||
205 | if (IsIPSpoof(source_p)) | |
206 | { | |
207 | source_p->umodes &= ~user_modes['x']; | |
208 | return; | |
209 | } | |
210 | source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1); | |
211 | if (!irccmp(source_p->orighost, source_p->sockhost)) | |
212 | do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); | |
213 | else | |
214 | do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); | |
215 | if (IsDynSpoof(source_p)) | |
216 | source_p->umodes &= ~user_modes['x']; | |
217 | if (source_p->umodes & user_modes['x']) | |
218 | { | |
219 | rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); | |
220 | if (irccmp(source_p->host, source_p->orighost)) | |
221 | SetDynSpoof(source_p); | |
222 | } | |
223 | } | |
89bfeb8f | 224 |