Implemented hashed cloaked hostnames for +x

CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.

Spelling fix in defines.h

doc/sample-ngircd.conf.tmpl

@@ -131,10 +131,12 @@
 
 	# Use this hostname for hostname cloaking on clients that have the
 	# user mode "+x" set, instead of the name of the server.
-	# Please note: don't use the percentage sign ("%"), it is reserved for
+	# Use %x to add the hashed value of the original hostname
-	# future extensions!
 	;CloakHostModeX = cloaked.user
 
+	# The Salt for cloaked hostname hashing
+	;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+
 	# Set every clients' user name to their nick name
 	;CloakUserToNick = yes
 

man/ngircd.conf.5.tmpl

@@ -223,13 +223,10 @@ Don't use the percentage sign ("%"), it is reserved for future extensions!
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
-of the server.
+of the server. Use %x to add the hashed value of the original hostname
-.PP
+.TP
-.RS
+\fBCloakHostModeXSalt\fR (string)
-.B Please note:
+The Salt for cloaked hostname hashing
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied

src/ngircd/client.c

@@ -817,6 +817,7 @@ GLOBAL char *
 Client_MaskCloaked(CLIENT *Client)
 {
 	static char Mask_Buffer[GETID_LEN];
+	char Cloak_Buffer[GETID_LEN];
 
 	assert (Client != NULL);
 
@@ -824,10 +825,16 @@ Client_MaskCloaked(CLIENT *Client)
 	if (!Client_HasMode(Client, 'x'))
 		return Client_Mask(Client);
 
+	if(*Conf_CloakHostModeX) {
+		snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
+		snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+	} else {
+		strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
+	}
+
 	snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
-		 Client->id, Client->user,
+		Client->id, Client->user, Cloak_Buffer);
-		 *Conf_CloakHostModeX ? Conf_CloakHostModeX
+
-				      : Client_ID(Client->introducer));
 	return Mask_Buffer;
 } /* Client_MaskCloaked */
 

src/ngircd/conf.c

@@ -359,6 +359,7 @@ Conf_Test( void )
 	printf("  ChrootDir = %s\n", Conf_Chroot);
 	printf("  CloakHost = %s\n", Conf_CloakHost);
 	printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);
+	printf("  CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
 	printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
 	printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -652,6 +653,7 @@ static void
 Set_Defaults(bool InitServers)
 {
 	int i;
+	char random[RANDOM_SALT_LEN];
 
 	/* Global */
 	strcpy(Conf_ServerName, "");
@@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
 	strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
 	strcpy(Conf_CloakHost, "");
 	strcpy(Conf_CloakHostModeX, "");
+	strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
 	Conf_CloakUserToNick = false;
 	Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6
@@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
 			Config_Error_TooLong(Line, Var);
 		return;
 	}
+	if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
+		len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
+		if (len >= sizeof(Conf_CloakHostModeX))
+			Config_Error_TooLong(Line, Var);
+		return;
+	}
 	if (strcasecmp(Var, "CloakUserToNick") == 0) {
 		Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
 		return;

src/ngircd/conf.h

@@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 
+/** Salt for hostname hash for clients that did +x */
+GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;
 

src/ngircd/defines.h

@@ -44,9 +44,12 @@
 /** Max. length of file name. */
 #define FNAME_LEN 256
 
-/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */
+/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */
 #define HOST_LEN 256
 
+/** Max. length of random salt */
+#define RANDOM_SALT_LEN 32
+
 
 /* Size of structures */
 

src/tool/tool.c

@@ -20,7 +20,9 @@
 #include <assert.h>
 #include <ctype.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
+#include <sys/time.h>
 
 #include <netinet/in.h>
 
@@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
 } /* ngt_TrimLastChr */
 
 
+/**
+ * Fill a String with random chars
+ */
+GLOBAL char *
+ngt_RandomStr( char *String, const size_t len)
+{
+	assert(String != NULL);
+
+	static const char chars[] = 
+		"0123456789ABCDEFGHIJKLMNO"
+		"PQRSTUVWXYZabcdefghijklmn"
+		"opqrstuvwxyz!\"#$&'()*+,-"
+		"./:;<=>?@[\\]^_`";
+
+	struct timeval t;
+	gettimeofday(&t, NULL);
+	srand(t.tv_usec * t.tv_sec);
+
+	for (size_t i = 0; i < len; ++i) {
+		String[i] = chars[rand() % (sizeof(chars) - 1)];
+	}
+
+	String[len] = '\0';
+
+	return String;
+} /* ngt_RandomStr */
+
+
 #ifdef SYSLOG
 
 

src/tool/tool.h

@@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
 GLOBAL char *ngt_UpperStr PARAMS((char *String ));
 GLOBAL char *ngt_LowerStr PARAMS((char *String ));
 
+GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
+
 #ifdef SYSLOG
 GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
 GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));