Commit Diff
Diff:
b9e6cb3e556730f74464026a33d6904ffd340874
49385a98b2878ae6f19dd0925e0dc90fcc3d6372
Commit:
49385a98b2878ae6f19dd0925e0dc90fcc3d6372
Tree:
af8b4728b28d40bbdd306dde186dddc1dc354c49
Author:
Sebastian Köhler <sebkoehler@whoami.org.uk>
Committer:
Sebastian Köhler <sebkoehler@whoami.org.uk>
Date:
Fri Aug 3 02:09:37 2012 UTC
Message:
Implemented hashed cloaked hostnames for +x CloakHostModeX can now contain '%x'. It will be replace by the hash of the original client hostname. The new config option CloakHostModeXSalt defines the salt for the hash function. When CloakHostModeXSalt is not set a random salt will be generated after each server restart. Spelling fix in defines.h
blob - e8b2fb0df098088fa2ebfd082fbcae0525c0b4ef
blob + 8297a9bb24a8700b325895261b542e6367e3128c
--- doc/sample-ngircd.conf.tmpl
+++ doc/sample-ngircd.conf.tmpl
@@ -131,10 +131,12 @@
# Use this hostname for hostname cloaking on clients that have the
# user mode "+x" set, instead of the name of the server.
- # Please note: don't use the percentage sign ("%"), it is reserved for
- # future extensions!
+ # Use %x to add the hashed value of the original hostname
;CloakHostModeX = cloaked.user
+ # The Salt for cloaked hostname hashing
+ ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+
# Set every clients' user name to their nick name
;CloakUserToNick = yes
blob - 0473206046296e8d57abf2d37405aa8f67f0e30d
blob + 21a10475074d8218d712808a161b936a22ab52cf
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -223,14 +223,11 @@ Don't use the percentage sign ("%"), it is reserved fo
\fBCloakHostModeX\fR (string)
Use this hostname for hostname cloaking on clients that have the user mode
"+x" set, instead of the name of the server. Default: empty, use the name
-of the server.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+of the server. Use %x to add the hashed value of the original hostname
.TP
+\fBCloakHostModeXSalt\fR (string)
+The Salt for cloaked hostname hashing
+.TP
\fBCloakUserToNick\fR (boolean)
Set every clients' user name to their nick name and hide the one supplied
by the IRC client. Default: no.
blob - e203cdd0e79df243089066d09a80eedec5355a46
blob + cefbd3a3464617506cd4c9d2eb00fd87258de0fb
--- src/ngircd/client.c
+++ src/ngircd/client.c
@@ -817,17 +817,24 @@ GLOBAL char *
Client_MaskCloaked(CLIENT *Client)
{
static char Mask_Buffer[GETID_LEN];
+ char Cloak_Buffer[GETID_LEN];
assert (Client != NULL);
/* Is the client using cloaking at all? */
if (!Client_HasMode(Client, 'x'))
- return Client_Mask(Client);
+ return Client_Mask(Client);
+ if(*Conf_CloakHostModeX) {
+ snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
+ snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+ } else {
+ strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
+ }
+
snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
- Client->id, Client->user,
- *Conf_CloakHostModeX ? Conf_CloakHostModeX
- : Client_ID(Client->introducer));
+ Client->id, Client->user, Cloak_Buffer);
+
return Mask_Buffer;
} /* Client_MaskCloaked */
blob - 5f7b24fcfdced17a4681d260f6546f4980c7481f
blob + 36eff905ecce8b04b4cfd9e20371c78c72c52b4b
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -359,6 +359,7 @@ Conf_Test( void )
printf(" ChrootDir = %s\n", Conf_Chroot);
printf(" CloakHost = %s\n", Conf_CloakHost);
printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX);
+ printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
#ifdef WANT_IPV6
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -652,6 +653,7 @@ static void
Set_Defaults(bool InitServers)
{
int i;
+ char random[RANDOM_SALT_LEN];
/* Global */
strcpy(Conf_ServerName, "");
@@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
strcpy(Conf_CloakHost, "");
strcpy(Conf_CloakHostModeX, "");
+ strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
Conf_CloakUserToNick = false;
Conf_ConnectIPv4 = true;
#ifdef WANT_IPV6
@@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
Config_Error_TooLong(Line, Var);
return;
}
+ if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
+ len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
+ if (len >= sizeof(Conf_CloakHostModeX))
+ Config_Error_TooLong(Line, Var);
+ return;
+ }
if (strcasecmp(Var, "CloakUserToNick") == 0) {
Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
return;
blob - 86f00fe429b03a5ed99e68724f8b35b471bd83d0
blob + 964b37b75ac0050b9776b9aba01bd2cdd60816ac
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
/** Cloaked hostname for clients that did +x */
GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
+/** Salt for hostname hash for clients that did +x */
+GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+
/** Use nick name as user name? */
GLOBAL bool Conf_CloakUserToNick;
blob - 953eac33b5855e2166fd7d33478595b450133a35
blob + cd0a1666ae58a7696c27f7c5aeac40fcfeea565b
--- src/ngircd/defines.h
+++ src/ngircd/defines.h
@@ -44,10 +44,13 @@
/** Max. length of file name. */
#define FNAME_LEN 256
-/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */
+/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */
#define HOST_LEN 256
+/** Max. length of random salt */
+#define RANDOM_SALT_LEN 32
+
/* Size of structures */
/** Max. count of configurable servers. */
blob - ef3fb5d73467355782698aa0b5c78ac44b50bad1
blob + 31c6fb41fb9272f5b4abd5e6713b12d359fb5387
--- src/tool/tool.c
+++ src/tool/tool.c
@@ -20,7 +20,9 @@
#include <assert.h>
#include <ctype.h>
#include <stdio.h>
+#include <stdlib.h>
#include <string.h>
+#include <sys/time.h>
#include <netinet/in.h>
@@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
} /* ngt_TrimLastChr */
+/**
+ * Fill a String with random chars
+ */
+GLOBAL char *
+ngt_RandomStr( char *String, const size_t len)
+{
+ assert(String != NULL);
+
+ static const char chars[] =
+ "0123456789ABCDEFGHIJKLMNO"
+ "PQRSTUVWXYZabcdefghijklmn"
+ "opqrstuvwxyz!\"#$&'()*+,-"
+ "./:;<=>?@[\\]^_`";
+
+ struct timeval t;
+ gettimeofday(&t, NULL);
+ srand(t.tv_usec * t.tv_sec);
+
+ for (size_t i = 0; i < len; ++i) {
+ String[i] = chars[rand() % (sizeof(chars) - 1)];
+ }
+
+ String[len] = '\0';
+
+ return String;
+} /* ngt_RandomStr */
+
+
#ifdef SYSLOG
blob - 60a65379cb81fa464f774484870eb1e4bb83d946
blob + 9fa19e55ba987a31c70e187128e5cbc8b896c790
--- src/tool/tool.h
+++ src/tool/tool.h
@@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
GLOBAL char *ngt_UpperStr PARAMS((char *String ));
GLOBAL char *ngt_LowerStr PARAMS((char *String ));
+GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
+
#ifdef SYSLOG
GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));
IRCNow