commit d0bb185cf55655fc68ad54508c84314c2520d54c from: Sebastian Köhler date: Fri Aug 03 02:10:11 2012 UTC Hashed hostnames for CloakHost Implemented support for hashed hostnames for CloakHost. The admin can use '%x' in both the CloakHost and CloakHostModeX setting. The config option CloakHostModeX was renamed to CloakHostSalt. This salt is used for both cloaking options. commit - 49385a98b2878ae6f19dd0925e0dc90fcc3d6372 commit + d0bb185cf55655fc68ad54508c84314c2520d54c blob - 8297a9bb24a8700b325895261b542e6367e3128c blob + 6d9d77098641ec4459375d56eb2a5a0d405dbd92 --- doc/sample-ngircd.conf.tmpl +++ doc/sample-ngircd.conf.tmpl @@ -125,17 +125,17 @@ ;ChrootDir = /var/empty # Set this hostname for every client instead of the real one. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! + # Use %x to add the hashed value of the original hostname. ;CloakHost = cloaked.host # Use this hostname for hostname cloaking on clients that have the # user mode "+x" set, instead of the name of the server. - # Use %x to add the hashed value of the original hostname + # Use %x to add the hashed value of the original hostname. ;CloakHostModeX = cloaked.user - # The Salt for cloaked hostname hashing - ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz + # The Salt for cloaked hostname hashing. When undefined a random + # hash is generated after each server start. + ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz # Set every clients' user name to their nick name ;CloakUserToNick = yes blob - 21a10475074d8218d712808a161b936a22ab52cf blob + 71f0007851e738222ed7064b71921d4bb09cd097 --- man/ngircd.conf.5.tmpl +++ man/ngircd.conf.5.tmpl @@ -212,21 +212,16 @@ For this to work the server must have been started wit .TP \fBCloakHost\fR (string) Set this hostname for every client instead of the real one. Default: empty, -don't change. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +don't change. Use %x to add the hashed value of the original hostname. .TP \fBCloakHostModeX\fR (string) Use this hostname for hostname cloaking on clients that have the user mode "+x" set, instead of the name of the server. Default: empty, use the name of the server. Use %x to add the hashed value of the original hostname .TP -\fBCloakHostModeXSalt\fR (string) -The Salt for cloaked hostname hashing +\fBCloakHostSalt\fR (string) +The Salt for cloaked hostname hashing. When undefined a random hash is +generated after each server start. .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied blob - cefbd3a3464617506cd4c9d2eb00fd87258de0fb blob + 49e273950ea6aeb955e909b1764021970b4fe982 --- src/ngircd/client.c +++ src/ngircd/client.c @@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostna assert(Hostname != NULL); if (strlen(Conf_CloakHost)) { + char cloak[GETID_LEN]; + + strlcpy(cloak, Hostname, GETID_LEN); + strlcat(cloak, Conf_CloakHostSalt, GETID_LEN); + snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak)); + LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", - Client_ID(Client), Client->host, Conf_CloakHost); - strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host)); + Client_ID(Client), Client->host, cloak); + strlcpy(Client->host, cloak, sizeof(Client->host)); } else { LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", Client_ID(Client), Client->host, Hostname); @@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client) return Client_Mask(Client); if(*Conf_CloakHostModeX) { - snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt); - snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer)); + strlcpy(Cloak_Buffer, Client->host, GETID_LEN); + strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN); + snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer)); } else { strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN); } blob - 36eff905ecce8b04b4cfd9e20371c78c72c52b4b blob + b09113730ef185dff831ca6a0392c4a8d757ddcf --- src/ngircd/conf.c +++ src/ngircd/conf.c @@ -359,7 +359,7 @@ Conf_Test( void ) printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); - printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt); + printf(" CloakHostSalt = %s\n", Conf_CloakHostSalt); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -688,7 +688,7 @@ Set_Defaults(bool InitServers) strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHostModeX, ""); - strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN)); + strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN)); Conf_CloakUserToNick = false; Conf_ConnectIPv4 = true; #ifdef WANT_IPV6 @@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "CloakHostModeXSalt") == 0) { - len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt)); - if (len >= sizeof(Conf_CloakHostModeX)) + if (strcasecmp(Var, "CloakHostSalt") == 0) { + len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt)); + if (len >= sizeof(Conf_CloakHostSalt)) Config_Error_TooLong(Line, Var); return; } blob - 964b37b75ac0050b9776b9aba01bd2cdd60816ac blob + 4e7e3796478d8f200b11661c4ade71488dcfbad3 --- src/ngircd/conf.h +++ src/ngircd/conf.h @@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN]; /** Cloaked hostname for clients that did +x */ GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN]; -/** Salt for hostname hash for clients that did +x */ -GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN]; +/** Salt for hostname hash for cloaked hostnames */ +GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN]; /** Use nick name as user name? */ GLOBAL bool Conf_CloakUserToNick;