X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/212380e3f42f585dc1ea927402252eb943f91f7b..bd0d352f12ee12bbe14b43c4eed9fbc74c51ac00:/extensions/ip_cloaking.c diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index f960d0a9..69a01d1c 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -1,4 +1,9 @@ -/* $Id: ip_cloaking.c 2805 2006-12-05 12:45:43Z jilles $ */ +/* + * Charybdis: an advanced ircd + * ip_cloaking.c: provide user hostname cloaking + * + * Written originally by nenolod, altered to use FNV by Elizabeth in 2008 + */ #include "stdinc.h" #include "modules.h" @@ -6,15 +11,12 @@ #include "client.h" #include "ircd.h" #include "send.h" +#include "hash.h" #include "s_conf.h" #include "s_user.h" #include "s_serv.h" -#include "tools.h" #include "numeric.h" -/* if you're modifying this module, you'll probably to change this */ -#define KEY 0x13748cfa - static int _modinit(void) { @@ -42,72 +44,120 @@ mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { }; DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, "$Revision: 2805 $"); + ip_cloaking_hfnlist, "$Revision: 3526 $"); static void -distribute_hostchange(struct Client *client) +distribute_hostchange(struct Client *client_p, char *newhost) { - if (irccmp(client->host, client->orighost)) - sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :is now your hidden host", - client->host); + if (newhost != client_p->orighost) + sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", + newhost); else - sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :hostname reset", - client->host); + sendto_one_numeric(client_p, RPL_HOSTHIDDEN, "%s :hostname reset", + newhost); sendto_server(NULL, NULL, CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", - use_id(&me), use_id(client), client->host); + use_id(&me), use_id(client_p), newhost); sendto_server(NULL, NULL, CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", - use_id(&me), use_id(client), client->host); - sendto_server(NULL, NULL, - NOCAPS, CAP_TS6, ":%s ENCAP * CHGHOST %s :%s", - me.name, client->name, client->host); - if (irccmp(client->host, client->orighost)) - SetDynSpoof(client); + use_id(&me), use_id(client_p), newhost); + + change_nick_user_host(client_p, client_p->name, client_p->username, newhost, 0, "Changing host"); + + if (newhost != client_p->orighost) + SetDynSpoof(client_p); else - ClearDynSpoof(client); + ClearDynSpoof(client_p); } static void -do_host_cloak(const char *inbuf, char *outbuf, int ipmask) +do_host_cloak_ip(const char *inbuf, char *outbuf) { - int cyc; - unsigned int hosthash = 1, hosthash2 = 1; - unsigned int maxcycle = strlen(inbuf); - int len1; - const char *rest, *next; - - for (cyc = 0; cyc < maxcycle - 2; cyc += 2) - hosthash *= (unsigned int) inbuf[cyc]; - - /* safety: decrement ourselves two steps back */ - for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2) - hosthash2 *= (unsigned int) inbuf[cyc]; - - /* lets do some bitshifting -- this pretty much destroys the IP - * sequence, while still providing a checksum. exactly what - * we're shooting for. --nenolod - */ - hosthash += (hosthash2 / KEY); - hosthash2 += (hosthash / KEY); + /* None of the characters in this table can be valid in an IP */ + char chartable[] = "ghijklmnopqrstuvwxyz"; + char *tptr; + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); + int sepcount = 0; + int totalcount = 0; + int ipv6 = 0; + + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); - if (ipmask == 0) + if (strchr(outbuf, ':')) { - ircsnprintf(outbuf, HOSTLEN, "%s-%X%X", - ServerInfo.network_name, hosthash2, hosthash); - len1 = strlen(outbuf); - rest = strchr(inbuf, '.'); - if (rest == NULL) - rest = "."; - /* try to avoid truncation -- jilles */ - while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL) - rest = next; - strlcat(outbuf, rest, HOSTLEN); + ipv6 = 1; + + /* Damn you IPv6... + * We count the number of colons so we can calculate how much + * of the host to cloak. This is because some hostmasks may not + * have as many octets as we'd like. + * + * We have to do this ahead of time because doing this during + * the actual cloaking would get ugly + */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + if (*tptr == ':') + totalcount++; } - else - ircsnprintf(outbuf, HOSTLEN, "%X%X.%s", - hosthash2, hosthash, ServerInfo.network_name); + else if (!strchr(outbuf, '.')) + return; + + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (*tptr == ':' || *tptr == '.') + { + sepcount++; + continue; + } + + if (ipv6 && sepcount < totalcount / 2) + continue; + + if (!ipv6 && sepcount < 2) + continue; + + *tptr = chartable[(*tptr + accum) % 20]; + accum = (accum << 1) | (accum >> 31); + } +} + +static void +do_host_cloak_host(const char *inbuf, char *outbuf) +{ + char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; + char *tptr; + uint32_t accum = fnv_hash((const unsigned char*) inbuf, 32); + + rb_strlcpy(outbuf, inbuf, HOSTLEN + 1); + + /* pass 1: scramble first section of hostname using base26 + * alphabet toasted against the FNV hash of the string. + * + * numbers are not changed at this time, only letters. + */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (*tptr == '.') + break; + + if (isdigit(*tptr) || *tptr == '-') + continue; + + *tptr = b26_alphabet[(*tptr + accum) % 26]; + + /* Rotate one bit to avoid all digits being turned odd or even */ + accum = (accum << 1) | (accum >> 31); + } + + /* pass 2: scramble each number in the address */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (isdigit(*tptr)) + *tptr = '0' + (*tptr + accum) % 10; + + accum = (accum << 1) | (accum >> 31); + } } static void @@ -132,8 +182,7 @@ check_umode_change(void *vdata) } if (strcmp(source_p->host, source_p->localClient->mangledhost)) { - strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN); - distribute_hostchange(source_p); + distribute_hostchange(source_p, source_p->localClient->mangledhost); } else /* not really nice, but we need to send this numeric here */ sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", @@ -144,8 +193,7 @@ check_umode_change(void *vdata) if (source_p->localClient->mangledhost != NULL && !strcmp(source_p->host, source_p->localClient->mangledhost)) { - strlcpy(source_p->host, source_p->orighost, HOSTLEN); - distribute_hostchange(source_p); + distribute_hostchange(source_p, source_p->orighost); } } } @@ -160,16 +208,16 @@ check_new_user(void *vdata) source_p->umodes &= ~user_modes['h']; return; } - source_p->localClient->mangledhost = MyMalloc(HOSTLEN); + source_p->localClient->mangledhost = rb_malloc(HOSTLEN + 1); if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1); + do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0); + do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (IsDynSpoof(source_p)) source_p->umodes &= ~user_modes['h']; if (source_p->umodes & user_modes['h']) { - strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); + rb_strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); if (irccmp(source_p->host, source_p->orighost)) SetDynSpoof(source_p); }