Implemented hashed cloaked hostnames for +x

CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.

Spelling fix in defines.h
This commit is contained in:
Sebastian Köhler 2012-08-02 13:53:46 +02:00
parent b9e6cb3e55
commit 49385a98b2
8 changed files with 67 additions and 14 deletions

View File

@ -131,10 +131,12 @@
# Use this hostname for hostname cloaking on clients that have the # Use this hostname for hostname cloaking on clients that have the
# user mode "+x" set, instead of the name of the server. # user mode "+x" set, instead of the name of the server.
# Please note: don't use the percentage sign ("%"), it is reserved for # Use %x to add the hashed value of the original hostname
# future extensions!
;CloakHostModeX = cloaked.user ;CloakHostModeX = cloaked.user
# The Salt for cloaked hostname hashing
;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
# Set every clients' user name to their nick name # Set every clients' user name to their nick name
;CloakUserToNick = yes ;CloakUserToNick = yes

View File

@ -223,13 +223,10 @@ Don't use the percentage sign ("%"), it is reserved for future extensions!
\fBCloakHostModeX\fR (string) \fBCloakHostModeX\fR (string)
Use this hostname for hostname cloaking on clients that have the user mode Use this hostname for hostname cloaking on clients that have the user mode
"+x" set, instead of the name of the server. Default: empty, use the name "+x" set, instead of the name of the server. Default: empty, use the name
of the server. of the server. Use %x to add the hashed value of the original hostname
.PP .TP
.RS \fBCloakHostModeXSalt\fR (string)
.B Please note: The Salt for cloaked hostname hashing
.br
Don't use the percentage sign ("%"), it is reserved for future extensions!
.RE
.TP .TP
\fBCloakUserToNick\fR (boolean) \fBCloakUserToNick\fR (boolean)
Set every clients' user name to their nick name and hide the one supplied Set every clients' user name to their nick name and hide the one supplied

View File

@ -817,17 +817,24 @@ GLOBAL char *
Client_MaskCloaked(CLIENT *Client) Client_MaskCloaked(CLIENT *Client)
{ {
static char Mask_Buffer[GETID_LEN]; static char Mask_Buffer[GETID_LEN];
char Cloak_Buffer[GETID_LEN];
assert (Client != NULL); assert (Client != NULL);
/* Is the client using cloaking at all? */ /* Is the client using cloaking at all? */
if (!Client_HasMode(Client, 'x')) if (!Client_HasMode(Client, 'x'))
return Client_Mask(Client); return Client_Mask(Client);
if(*Conf_CloakHostModeX) {
snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
} else {
strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
}
snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s", snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
Client->id, Client->user, Client->id, Client->user, Cloak_Buffer);
*Conf_CloakHostModeX ? Conf_CloakHostModeX
: Client_ID(Client->introducer));
return Mask_Buffer; return Mask_Buffer;
} /* Client_MaskCloaked */ } /* Client_MaskCloaked */

View File

@ -359,6 +359,7 @@ Conf_Test( void )
printf(" ChrootDir = %s\n", Conf_Chroot); printf(" ChrootDir = %s\n", Conf_Chroot);
printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHost = %s\n", Conf_CloakHost);
printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX);
printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
#ifdef WANT_IPV6 #ifdef WANT_IPV6
printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@ -652,6 +653,7 @@ static void
Set_Defaults(bool InitServers) Set_Defaults(bool InitServers)
{ {
int i; int i;
char random[RANDOM_SALT_LEN];
/* Global */ /* Global */
strcpy(Conf_ServerName, ""); strcpy(Conf_ServerName, "");
@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHost, "");
strcpy(Conf_CloakHostModeX, ""); strcpy(Conf_CloakHostModeX, "");
strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
Conf_CloakUserToNick = false; Conf_CloakUserToNick = false;
Conf_ConnectIPv4 = true; Conf_ConnectIPv4 = true;
#ifdef WANT_IPV6 #ifdef WANT_IPV6
@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
Config_Error_TooLong(Line, Var); Config_Error_TooLong(Line, Var);
return; return;
} }
if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
if (len >= sizeof(Conf_CloakHostModeX))
Config_Error_TooLong(Line, Var);
return;
}
if (strcasecmp(Var, "CloakUserToNick") == 0) { if (strcasecmp(Var, "CloakUserToNick") == 0) {
Conf_CloakUserToNick = Check_ArgIsTrue(Arg); Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
return; return;

View File

@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
/** Cloaked hostname for clients that did +x */ /** Cloaked hostname for clients that did +x */
GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN]; GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
/** Salt for hostname hash for clients that did +x */
GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
/** Use nick name as user name? */ /** Use nick name as user name? */
GLOBAL bool Conf_CloakUserToNick; GLOBAL bool Conf_CloakUserToNick;

View File

@ -44,9 +44,12 @@
/** Max. length of file name. */ /** Max. length of file name. */
#define FNAME_LEN 256 #define FNAME_LEN 256
/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */ /** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */
#define HOST_LEN 256 #define HOST_LEN 256
/** Max. length of random salt */
#define RANDOM_SALT_LEN 32
/* Size of structures */ /* Size of structures */

View File

@ -20,7 +20,9 @@
#include <assert.h> #include <assert.h>
#include <ctype.h> #include <ctype.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h>
#include <string.h> #include <string.h>
#include <sys/time.h>
#include <netinet/in.h> #include <netinet/in.h>
@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
} /* ngt_TrimLastChr */ } /* ngt_TrimLastChr */
/**
* Fill a String with random chars
*/
GLOBAL char *
ngt_RandomStr( char *String, const size_t len)
{
assert(String != NULL);
static const char chars[] =
"0123456789ABCDEFGHIJKLMNO"
"PQRSTUVWXYZabcdefghijklmn"
"opqrstuvwxyz!\"#$&'()*+,-"
"./:;<=>?@[\\]^_`";
struct timeval t;
gettimeofday(&t, NULL);
srand(t.tv_usec * t.tv_sec);
for (size_t i = 0; i < len; ++i) {
String[i] = chars[rand() % (sizeof(chars) - 1)];
}
String[len] = '\0';
return String;
} /* ngt_RandomStr */
#ifdef SYSLOG #ifdef SYSLOG

View File

@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
GLOBAL char *ngt_UpperStr PARAMS((char *String )); GLOBAL char *ngt_UpperStr PARAMS((char *String ));
GLOBAL char *ngt_LowerStr PARAMS((char *String )); GLOBAL char *ngt_LowerStr PARAMS((char *String ));
GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
#ifdef SYSLOG #ifdef SYSLOG
GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility)); GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility)); GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));