commit 49385a98b2878ae6f19dd0925e0dc90fcc3d6372
from: Sebastian Köhler <sebkoehler@whoami.org.uk>
date: Fri Aug 03 02:09:37 2012 UTC

Implemented hashed cloaked hostnames for +x

CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.

Spelling fix in defines.h

commit - b9e6cb3e556730f74464026a33d6904ffd340874
commit + 49385a98b2878ae6f19dd0925e0dc90fcc3d6372
blob - e8b2fb0df098088fa2ebfd082fbcae0525c0b4ef
blob + 8297a9bb24a8700b325895261b542e6367e3128c
--- doc/sample-ngircd.conf.tmpl
+++ doc/sample-ngircd.conf.tmpl
@@ -131,10 +131,12 @@
 
 	# Use this hostname for hostname cloaking on clients that have the
 	# user mode "+x" set, instead of the name of the server.
-	# Please note: don't use the percentage sign ("%"), it is reserved for
-	# future extensions!
+	# Use %x to add the hashed value of the original hostname
 	;CloakHostModeX = cloaked.user
 
+	# The Salt for cloaked hostname hashing
+	;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+
 	# Set every clients' user name to their nick name
 	;CloakUserToNick = yes
 
blob - 0473206046296e8d57abf2d37405aa8f67f0e30d
blob + 21a10475074d8218d712808a161b936a22ab52cf
--- man/ngircd.conf.5.tmpl
+++ man/ngircd.conf.5.tmpl
@@ -223,14 +223,11 @@ Don't use the percentage sign ("%"), it is reserved fo
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
-of the server.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+of the server. Use %x to add the hashed value of the original hostname
 .TP
+\fBCloakHostModeXSalt\fR (string)
+The Salt for cloaked hostname hashing
+.TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied
 by the IRC client. Default: no.
blob - e203cdd0e79df243089066d09a80eedec5355a46
blob + cefbd3a3464617506cd4c9d2eb00fd87258de0fb
--- src/ngircd/client.c
+++ src/ngircd/client.c
@@ -817,17 +817,24 @@ GLOBAL char *
 Client_MaskCloaked(CLIENT *Client)
 {
 	static char Mask_Buffer[GETID_LEN];
+	char Cloak_Buffer[GETID_LEN];
 
 	assert (Client != NULL);
 
 	/* Is the client using cloaking at all? */
 	if (!Client_HasMode(Client, 'x'))
-	    return Client_Mask(Client);
+		return Client_Mask(Client);
 
+	if(*Conf_CloakHostModeX) {
+		snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
+		snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+	} else {
+		strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
+	}
+
 	snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
-		 Client->id, Client->user,
-		 *Conf_CloakHostModeX ? Conf_CloakHostModeX
-				      : Client_ID(Client->introducer));
+		Client->id, Client->user, Cloak_Buffer);
+
 	return Mask_Buffer;
 } /* Client_MaskCloaked */
 
blob - 5f7b24fcfdced17a4681d260f6546f4980c7481f
blob + 36eff905ecce8b04b4cfd9e20371c78c72c52b4b
--- src/ngircd/conf.c
+++ src/ngircd/conf.c
@@ -359,6 +359,7 @@ Conf_Test( void )
 	printf("  ChrootDir = %s\n", Conf_Chroot);
 	printf("  CloakHost = %s\n", Conf_CloakHost);
 	printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);
+	printf("  CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
 	printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -652,6 +653,7 @@ static void
 Set_Defaults(bool InitServers)
 {
 	int i;
+	char random[RANDOM_SALT_LEN];
 
 	/* Global */
 	strcpy(Conf_ServerName, "");
@@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
 	strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
 	strcpy(Conf_CloakHost, "");
 	strcpy(Conf_CloakHostModeX, "");
+	strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
 	Conf_CloakUserToNick = false;
 	Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6
@@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
 			Config_Error_TooLong(Line, Var);
 		return;
 	}
+	if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
+		len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
+		if (len >= sizeof(Conf_CloakHostModeX))
+			Config_Error_TooLong(Line, Var);
+		return;
+	}
 	if (strcasecmp(Var, "CloakUserToNick") == 0) {
 		Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
 		return;
blob - 86f00fe429b03a5ed99e68724f8b35b471bd83d0
blob + 964b37b75ac0050b9776b9aba01bd2cdd60816ac
--- src/ngircd/conf.h
+++ src/ngircd/conf.h
@@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 
+/** Salt for hostname hash for clients that did +x */
+GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;
 
blob - 953eac33b5855e2166fd7d33478595b450133a35
blob + cd0a1666ae58a7696c27f7c5aeac40fcfeea565b
--- src/ngircd/defines.h
+++ src/ngircd/defines.h
@@ -44,10 +44,13 @@
 /** Max. length of file name. */
 #define FNAME_LEN 256
 
-/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */
+/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */
 #define HOST_LEN 256
 
+/** Max. length of random salt */
+#define RANDOM_SALT_LEN 32
 
+
 /* Size of structures */
 
 /** Max. count of configurable servers. */
blob - ef3fb5d73467355782698aa0b5c78ac44b50bad1
blob + 31c6fb41fb9272f5b4abd5e6713b12d359fb5387
--- src/tool/tool.c
+++ src/tool/tool.c
@@ -20,7 +20,9 @@
 #include <assert.h>
 #include <ctype.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <sys/time.h>
 
 #include <netinet/in.h>
 
@@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
 } /* ngt_TrimLastChr */
 
 
+/**
+ * Fill a String with random chars
+ */
+GLOBAL char *
+ngt_RandomStr( char *String, const size_t len)
+{
+	assert(String != NULL);
+
+	static const char chars[] = 
+		"0123456789ABCDEFGHIJKLMNO"
+		"PQRSTUVWXYZabcdefghijklmn"
+		"opqrstuvwxyz!\"#$&'()*+,-"
+		"./:;<=>?@[\\]^_`";
+
+	struct timeval t;
+	gettimeofday(&t, NULL);
+	srand(t.tv_usec * t.tv_sec);
+
+	for (size_t i = 0; i < len; ++i) {
+		String[i] = chars[rand() % (sizeof(chars) - 1)];
+	}
+
+	String[len] = '\0';
+
+	return String;
+} /* ngt_RandomStr */
+
+
 #ifdef SYSLOG
 
 
blob - 60a65379cb81fa464f774484870eb1e4bb83d946
blob + 9fa19e55ba987a31c70e187128e5cbc8b896c790
--- src/tool/tool.h
+++ src/tool/tool.h
@@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
 GLOBAL char *ngt_UpperStr PARAMS((char *String ));
 GLOBAL char *ngt_LowerStr PARAMS((char *String ));
 
+GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
+
 #ifdef SYSLOG
 GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
 GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));