Commit Diff
Diff:
b9e6cb3e556730f74464026a33d6904ffd340874
49385a98b2878ae6f19dd0925e0dc90fcc3d6372
49385a98b2878ae6f19dd0925e0dc90fcc3d6372
Commit:
49385a98b2878ae6f19dd0925e0dc90fcc3d6372
Tree:
af8b4728b28d40bbdd306dde186dddc1dc354c49
Committer:
Sebastian Köhler <sebkoehler@whoami.org.uk>
Date:
Fri Aug 3 02:09:37 2012
UTC
Message:
Implemented hashed cloaked hostnames for +x
CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.
Spelling fix in defines.h
--- doc/sample-ngircd.conf.tmpl
+++ doc/sample-ngircd.conf.tmpl
@@ -131,10 +131,12 @@
# Use this hostname for hostname cloaking on clients that have the
# user mode "+x" set, instead of the name of the server.
- # Please note: don't use the percentage sign ("%"), it is reserved for
- # future extensions!
+ # Use %x to add the hashed value of the original hostname
;CloakHostModeX = cloaked.user
+ # The Salt for cloaked hostname hashing
+ ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+
# Set every clients' user name to their nick name
;CloakUserToNick = yes
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -223,14 +223,11 @@ Don't use the percentage sign ("%"), it is reserved fo
\fBCloakHostModeX\fR (string)
Use this hostname for hostname cloaking on clients that have the user mode
"+x" set, instead of the name of the server. Default: empty, use the name
-of the server.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+of the server. Use %x to add the hashed value of the original hostname
.TP
+\fBCloakHostModeXSalt\fR (string)
+The Salt for cloaked hostname hashing
+.TP
\fBCloakUserToNick\fR (boolean)
Set every clients' user name to their nick name and hide the one supplied
by the IRC client. Default: no.
--- src/ngircd/client.c
+++ src/ngircd/client.c
@@ -817,17 +817,24 @@ GLOBAL char *
Client_MaskCloaked(CLIENT *Client)
{
static char Mask_Buffer[GETID_LEN];
+ char Cloak_Buffer[GETID_LEN];
assert (Client != NULL);
/* Is the client using cloaking at all? */
if (!Client_HasMode(Client, 'x'))
- return Client_Mask(Client);
+ return Client_Mask(Client);
+ if(*Conf_CloakHostModeX) {
+ snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
+ snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+ } else {
+ strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
+ }
+
snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
- Client->id, Client->user,
- *Conf_CloakHostModeX ? Conf_CloakHostModeX
- : Client_ID(Client->introducer));
+ Client->id, Client->user, Cloak_Buffer);
+
return Mask_Buffer;
} /* Client_MaskCloaked */
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -359,6 +359,7 @@ Conf_Test( void )
printf(" ChrootDir = %s\n", Conf_Chroot);
printf(" CloakHost = %s\n", Conf_CloakHost);
printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX);
+ printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
#ifdef WANT_IPV6
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -652,6 +653,7 @@ static void
Set_Defaults(bool InitServers)
{
int i;
+ char random[RANDOM_SALT_LEN];
/* Global */
strcpy(Conf_ServerName, "");
@@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
strcpy(Conf_CloakHost, "");
strcpy(Conf_CloakHostModeX, "");
+ strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
Conf_CloakUserToNick = false;
Conf_ConnectIPv4 = true;
#ifdef WANT_IPV6
@@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
Config_Error_TooLong(Line, Var);
return;
}
+ if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
+ len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
+ if (len >= sizeof(Conf_CloakHostModeX))
+ Config_Error_TooLong(Line, Var);
+ return;
+ }
if (strcasecmp(Var, "CloakUserToNick") == 0) {
Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
return;
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
/** Cloaked hostname for clients that did +x */
GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
+/** Salt for hostname hash for clients that did +x */
+GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+
/** Use nick name as user name? */
GLOBAL bool Conf_CloakUserToNick;
--- src/ngircd/defines.h
+++ src/ngircd/defines.h
@@ -44,10 +44,13 @@
/** Max. length of file name. */
#define FNAME_LEN 256
-/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */
+/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */
#define HOST_LEN 256
+/** Max. length of random salt */
+#define RANDOM_SALT_LEN 32
+
/* Size of structures */
/** Max. count of configurable servers. */
--- src/tool/tool.c
+++ src/tool/tool.c
@@ -20,7 +20,9 @@
#include <assert.h>
#include <ctype.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
+#include <sys/time.h>
#include <netinet/in.h>
@@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
} /* ngt_TrimLastChr */
+/**
+ * Fill a String with random chars
+ */
+GLOBAL char *
+ngt_RandomStr( char *String, const size_t len)
+{
+ assert(String != NULL);
+
+ static const char chars[] =
+ "0123456789ABCDEFGHIJKLMNO"
+ "PQRSTUVWXYZabcdefghijklmn"
+ "opqrstuvwxyz!\"#$&'()*+,-"
+ "./:;<=>?@[\\]^_`";
+
+ struct timeval t;
+ gettimeofday(&t, NULL);
+ srand(t.tv_usec * t.tv_sec);
+
+ for (size_t i = 0; i < len; ++i) {
+ String[i] = chars[rand() % (sizeof(chars) - 1)];
+ }
+
+ String[len] = '\0';
+
+ return String;
+} /* ngt_RandomStr */
+
+
#ifdef SYSLOG
--- src/tool/tool.h
+++ src/tool/tool.h
@@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
GLOBAL char *ngt_UpperStr PARAMS((char *String ));
GLOBAL char *ngt_LowerStr PARAMS((char *String ));
+GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
+
#ifdef SYSLOG
GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));