diff options
Diffstat (limited to 'src/modules/m_cloaking.cpp')
| -rw-r--r-- | src/modules/m_cloaking.cpp | 301 |
1 files changed, 80 insertions, 221 deletions
diff --git a/src/modules/m_cloaking.cpp b/src/modules/m_cloaking.cpp index f4cfdb54f..b9ff085c3 100644 --- a/src/modules/m_cloaking.cpp +++ b/src/modules/m_cloaking.cpp @@ -24,16 +24,10 @@ #include "inspircd.h" -#include "hash.h" - -/* $ModDesc: Provides masking of user hostnames */ +#include "modules/hash.h" enum CloakMode { - /** 1.2-compatible host-based cloak */ - MODE_COMPAT_HOST, - /** 1.2-compatible IP-only cloak */ - MODE_COMPAT_IPONLY, /** 2.0 cloak of "half" of the hostname plus the full IP hash */ MODE_HALF_CLOAK, /** 2.0 cloak of IP hash, split at 2 common CIDR range points */ @@ -48,19 +42,22 @@ static const char base32[] = "0123456789abcdefghijklmnopqrstuv"; class CloakUser : public ModeHandler { public: + bool active; LocalStringExt ext; - std::string debounce_uid; time_t debounce_ts; int debounce_count; CloakUser(Module* source) - : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER), - ext("cloaked_host", source), debounce_ts(0), debounce_count(0) + : ModeHandler(source, "cloak", 'x', PARAM_NONE, MODETYPE_USER) + , active(false) + , ext("cloaked_host", ExtensionItem::EXT_USER, source) + , debounce_ts(0) + , debounce_count(0) { } - ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE { LocalUser* user = IS_LOCAL(dest); @@ -70,7 +67,9 @@ class CloakUser : public ModeHandler */ if (!user) { - dest->SetMode('x',adding); + // Remote setters broadcast mode before host while local setters do the opposite, so this takes that into account + active = IS_LOCAL(source) ? adding : !adding; + dest->SetMode(this, adding); return MODEACTION_ALLOW; } @@ -87,7 +86,7 @@ class CloakUser : public ModeHandler debounce_ts = ServerInstance->Time(); } - if (adding == user->IsModeSet('x')) + if (adding == user->IsModeSet(this)) return MODEACTION_DENY; /* don't allow this user to spam modechanges */ @@ -97,7 +96,7 @@ class CloakUser : public ModeHandler if (adding) { // assume this is more correct - if (user->registered != REG_ALL && user->host != user->dhost) + if (user->registered != REG_ALL && user->GetRealHost() != user->GetDisplayedHost()) return MODEACTION_DENY; std::string* cloak = ext.get(user); @@ -110,8 +109,8 @@ class CloakUser : public ModeHandler } if (cloak) { - user->ChangeDisplayedHost(cloak->c_str()); - user->SetMode('x',true); + user->ChangeDisplayedHost(*cloak); + user->SetMode(this, true); return MODEACTION_ALLOW; } else @@ -122,12 +121,11 @@ class CloakUser : public ModeHandler /* User is removing the mode, so restore their real host * and make it match the displayed one. */ - user->SetMode('x',false); - user->ChangeDisplayedHost(user->host.c_str()); + user->SetMode(this, false); + user->ChangeDisplayedHost(user->GetRealHost().c_str()); return MODEACTION_ALLOW; } } - }; class CommandCloak : public Command @@ -139,7 +137,7 @@ class CommandCloak : public Command syntax = "<host>"; } - CmdResult Handle(const std::vector<std::string> ¶meters, User *user); + CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE; }; class ModuleCloaking : public Module @@ -151,24 +149,15 @@ class ModuleCloaking : public Module std::string prefix; std::string suffix; std::string key; - unsigned int compatkey[4]; - const char* xtab[4]; + unsigned int domainparts; dynamic_reference<HashProvider> Hash; - ModuleCloaking() : cu(this), mode(MODE_OPAQUE), ck(this), Hash(this, "hash/md5") - { - } - - void init() + ModuleCloaking() + : cu(this) + , mode(MODE_OPAQUE) + , ck(this) + , Hash(this, "hash/md5") { - OnRehash(NULL); - - ServerInstance->Modules->AddService(cu); - ServerInstance->Modules->AddService(ck); - ServerInstance->Modules->AddService(cu.ext); - - Implementation eventlist[] = { I_OnRehash, I_OnCheckBan, I_OnUserConnect, I_OnChangeHost }; - ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } /** This function takes a domain name string and returns just the last two domain parts, @@ -182,7 +171,7 @@ class ModuleCloaking : public Module */ std::string LastTwoDomainParts(const std::string &host) { - int dots = 0; + unsigned int dots = 0; std::string::size_type splitdot = host.length(); for (std::string::size_type x = host.length() - 1; x; --x) @@ -192,7 +181,7 @@ class ModuleCloaking : public Module splitdot = x; dots++; } - if (dots >= 3) + if (dots >= domainparts) break; } @@ -208,7 +197,7 @@ class ModuleCloaking : public Module * @param id A unique ID for this type of item (to make it unique if the item matches) * @param len The length of the output. Maximum for MD5 is 16 characters. */ - std::string SegmentCloak(const std::string& item, char id, int len) + std::string SegmentCloak(const std::string& item, char id, size_t len) { std::string input; input.reserve(key.length() + 3 + item.length()); @@ -217,8 +206,8 @@ class ModuleCloaking : public Module input.append(1, '\0'); // null does not terminate a C++ string input.append(item); - std::string rv = Hash->sum(input).substr(0,len); - for(int i=0; i < len; i++) + std::string rv = Hash->GenerateRaw(input).substr(0,len); + for(size_t i = 0; i < len; i++) { // this discards 3 bits per byte. We have an // overabundance of bits in the hash output, doesn't @@ -228,70 +217,13 @@ class ModuleCloaking : public Module return rv; } - std::string CompatCloak4(const char* ip) - { - irc::sepstream seps(ip, '.'); - std::string octet[4]; - int i[4]; - - for (int j = 0; j < 4; j++) - { - seps.GetToken(octet[j]); - i[j] = atoi(octet[j].c_str()); - } - - octet[3] = octet[0] + "." + octet[1] + "." + octet[2] + "." + octet[3]; - octet[2] = octet[0] + "." + octet[1] + "." + octet[2]; - octet[1] = octet[0] + "." + octet[1]; - - /* Reset the Hash module and send it our IV */ - - std::string rv; - - /* Send the Hash module a different hex table for each octet group's Hash sum */ - for (int k = 0; k < 4; k++) - { - rv.append(Hash->sumIV(compatkey, xtab[(compatkey[k]+i[k]) % 4], octet[k]).substr(0,6)); - if (k < 3) - rv.append("."); - } - /* Stick them all together */ - return rv; - } - - std::string CompatCloak6(const char* ip) - { - std::vector<std::string> hashies; - std::string item; - int rounds = 0; - - /* Reset the Hash module and send it our IV */ - - for (const char* input = ip; *input; input++) - { - item += *input; - if (item.length() > 7) - { - hashies.push_back(Hash->sumIV(compatkey, xtab[(compatkey[0]+rounds) % 4], item).substr(0,8)); - item.clear(); - } - rounds++; - } - if (!item.empty()) - { - hashies.push_back(Hash->sumIV(compatkey, xtab[(compatkey[0]+rounds) % 4], item).substr(0,8)); - } - /* Stick them all together */ - return irc::stringjoiner(":", hashies, 0, hashies.size() - 1).GetJoined(); - } - std::string SegmentIP(const irc::sockets::sockaddrs& ip, bool full) { std::string bindata; - int hop1, hop2, hop3; - int len1, len2; + size_t hop1, hop2, hop3; + size_t len1, len2; std::string rv; - if (ip.sa.sa_family == AF_INET6) + if (ip.family() == AF_INET6) { bindata = std::string((const char*)ip.in6.sin6_addr.s6_addr, 16); hop1 = 8; @@ -335,24 +267,22 @@ class ModuleCloaking : public Module } else { - char buf[50]; - if (ip.sa.sa_family == AF_INET6) + if (ip.family() == AF_INET6) { - snprintf(buf, 50, ".%02x%02x.%02x%02x%s", + rv.append(InspIRCd::Format(".%02x%02x.%02x%02x%s", ip.in6.sin6_addr.s6_addr[2], ip.in6.sin6_addr.s6_addr[3], - ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str()); + ip.in6.sin6_addr.s6_addr[0], ip.in6.sin6_addr.s6_addr[1], suffix.c_str())); } else { const unsigned char* ip4 = (const unsigned char*)&ip.in4.sin_addr; - snprintf(buf, 50, ".%d.%d%s", ip4[1], ip4[0], suffix.c_str()); + rv.append(InspIRCd::Format(".%d.%d%s", ip4[1], ip4[0], suffix.c_str())); } - rv.append(buf); } return rv; } - ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) + ModResult OnCheckBan(User* user, Channel* chan, const std::string& mask) CXX11_OVERRIDE { LocalUser* lu = IS_LOCAL(user); if (!lu) @@ -361,17 +291,16 @@ class ModuleCloaking : public Module OnUserConnect(lu); std::string* cloak = cu.ext.get(user); /* Check if they have a cloaked host, but are not using it */ - if (cloak && *cloak != user->dhost) + if (cloak && *cloak != user->GetDisplayedHost()) { - char cmask[MAXBUF]; - snprintf(cmask, MAXBUF, "%s!%s@%s", user->nick.c_str(), user->ident.c_str(), cloak->c_str()); - if (InspIRCd::Match(cmask,mask)) + const std::string cloakMask = user->nick + "!" + user->ident + "@" + *cloak; + if (InspIRCd::Match(cloakMask, mask)) return MOD_RES_DENY; } return MOD_RES_PASSTHRU; } - void Prioritize() + void Prioritize() CXX11_OVERRIDE { /* Needs to be after m_banexception etc. */ ServerInstance->Modules->SetPriority(this, I_OnCheckBan, PRIORITY_LAST); @@ -379,34 +308,39 @@ class ModuleCloaking : public Module // this unsets umode +x on every host change. If we are actually doing a +x // mode change, we will call SetMode back to true AFTER the host change is done. - void OnChangeHost(User* u, const std::string& host) + void OnChangeHost(User* u, const std::string& host) CXX11_OVERRIDE { - if(u->IsModeSet('x')) + if (u->IsModeSet(cu) && !cu.active) { - u->SetMode('x', false); - u->WriteServ("MODE %s -x", u->nick.c_str()); + u->SetMode(cu, false); + + if (!IS_LOCAL(u)) + return; + Modes::ChangeList modechangelist; + modechangelist.push_remove(&cu); + ClientProtocol::Events::Mode modeevent(ServerInstance->FakeClient, NULL, u, modechangelist); + static_cast<LocalUser*>(u)->Send(modeevent); } + cu.active = false; } - ~ModuleCloaking() - { - } - - Version GetVersion() + Version GetVersion() CXX11_OVERRIDE { std::string testcloak = "broken"; if (Hash) { switch (mode) { - case MODE_COMPAT_HOST: - testcloak = prefix + "-" + Hash->sumIV(compatkey, xtab[0], "*").substr(0,10); - break; - case MODE_COMPAT_IPONLY: - testcloak = Hash->sumIV(compatkey, xtab[0], "*").substr(0,10); - break; case MODE_HALF_CLOAK: - testcloak = prefix + SegmentCloak("*", 3, 8) + suffix; + // Use old cloaking verification to stay compatible with 2.0 + // But verify domainparts when use 3.0-only features + if (domainparts == 3) + testcloak = prefix + SegmentCloak("*", 3, 8) + suffix; + else + { + irc::sockets::sockaddrs sa; + testcloak = GenCloak(sa, "", testcloak + ConvToStr(domainparts)); + } break; case MODE_OPAQUE: testcloak = prefix + SegmentCloak("*", 4, 8) + suffix; @@ -415,82 +349,26 @@ class ModuleCloaking : public Module return Version("Provides masking of user hostnames", VF_COMMON|VF_VENDOR, testcloak); } - void OnRehash(User* user) + void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { ConfigTag* tag = ServerInstance->Config->ConfValue("cloak"); prefix = tag->getString("prefix"); suffix = tag->getString("suffix", ".IP"); std::string modestr = tag->getString("mode"); - if (modestr == "compat-host") - mode = MODE_COMPAT_HOST; - else if (modestr == "compat-ip") - mode = MODE_COMPAT_IPONLY; - else if (modestr == "half") + if (stdalgo::string::equalsci(modestr, "half")) + { mode = MODE_HALF_CLOAK; - else if (modestr == "full") + domainparts = tag->getUInt("domainparts", 3, 1, 10); + } + else if (stdalgo::string::equalsci(modestr, "full")) mode = MODE_OPAQUE; else - throw ModuleException("Bad value for <cloak:mode>; must be one of compat-host, compat-ip, half, full"); - - if (mode == MODE_COMPAT_HOST || mode == MODE_COMPAT_IPONLY) - { - bool lowercase = tag->getBool("lowercase"); - - /* These are *not* using the need_positive parameter of ReadInteger - - * that will limit the valid values to only the positive values in a - * signed int. Instead, accept any value that fits into an int and - * cast it to an unsigned int. That will, a bit oddly, give us the full - * spectrum of an unsigned integer. - Special - * - * We must limit the keys or else we get different results on - * amd64/x86 boxes. - psychon */ - const unsigned int limit = 0x80000000; - compatkey[0] = (unsigned int) tag->getInt("key1"); - compatkey[1] = (unsigned int) tag->getInt("key2"); - compatkey[2] = (unsigned int) tag->getInt("key3"); - compatkey[3] = (unsigned int) tag->getInt("key4"); - - if (!lowercase) - { - xtab[0] = "F92E45D871BCA630"; - xtab[1] = "A1B9D80C72E653F4"; - xtab[2] = "1ABC078934DEF562"; - xtab[3] = "ABCDEF5678901234"; - } - else - { - xtab[0] = "f92e45d871bca630"; - xtab[1] = "a1b9d80c72e653f4"; - xtab[2] = "1abc078934def562"; - xtab[3] = "abcdef5678901234"; - } + throw ModuleException("Bad value for <cloak:mode>; must be half or full"); - if (prefix.empty()) - prefix = ServerInstance->Config->Network; - - if (!compatkey[0] || !compatkey[1] || !compatkey[2] || !compatkey[3] || - compatkey[0] >= limit || compatkey[1] >= limit || compatkey[2] >= limit || compatkey[3] >= limit) - { - std::string detail; - if (!compatkey[0] || compatkey[0] >= limit) - detail = "<cloak:key1> is not valid, it may be set to a too high/low value, or it may not exist."; - else if (!compatkey[1] || compatkey[1] >= limit) - detail = "<cloak:key2> is not valid, it may be set to a too high/low value, or it may not exist."; - else if (!compatkey[2] || compatkey[2] >= limit) - detail = "<cloak:key3> is not valid, it may be set to a too high/low value, or it may not exist."; - else if (!compatkey[3] || compatkey[3] >= limit) - detail = "<cloak:key4> is not valid, it may be set to a too high/low value, or it may not exist."; - - throw ModuleException("You have not defined cloak keys for m_cloaking!!! THIS IS INSECURE AND SHOULD BE CHECKED! - " + detail); - } - } - else - { - key = tag->getString("key"); - if (key.empty() || key == "secret") - throw ModuleException("You have not defined cloak keys for m_cloaking. Define <cloak:key> as a network-wide secret."); - } + key = tag->getString("key"); + if (key.empty() || key == "secret") + throw ModuleException("You have not defined cloak keys for m_cloaking. Define <cloak:key> as a network-wide secret."); } std::string GenCloak(const irc::sockets::sockaddrs& ip, const std::string& ipstr, const std::string& host) @@ -502,29 +380,6 @@ class ModuleCloaking : public Module switch (mode) { - case MODE_COMPAT_HOST: - { - if (!host_is_ip) - { - std::string tail = LastTwoDomainParts(host); - - // xtab is not used here due to a bug in 1.2 cloaking - chost = prefix + "-" + Hash->sumIV(compatkey, "0123456789abcdef", host).substr(0,8) + tail; - - /* Fix by brain - if the cloaked host is > the max length of a host (64 bytes - * according to the DNS RFC) then they get cloaked as an IP. - */ - if (chost.length() <= 64) - break; - } - // fall through to IP cloak - } - case MODE_COMPAT_IPONLY: - if (ip.sa.sa_family == AF_INET6) - chost = CompatCloak6(ipstr.c_str()); - else - chost = CompatCloak4(ipstr.c_str()); - break; case MODE_HALF_CLOAK: { if (!host_is_ip) @@ -540,17 +395,21 @@ class ModuleCloaking : public Module return chost; } - void OnUserConnect(LocalUser* dest) + void OnUserConnect(LocalUser* dest) CXX11_OVERRIDE { std::string* cloak = cu.ext.get(dest); if (cloak) return; - cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->host)); + // TODO: decide how we are going to cloak AF_UNIX hostnames. + if (dest->client_sa.family() != AF_INET && dest->client_sa.family() != AF_INET6) + return; + + cu.ext.set(dest, GenCloak(dest->client_sa, dest->GetIPString(), dest->GetRealHost())); } }; -CmdResult CommandCloak::Handle(const std::vector<std::string> ¶meters, User *user) +CmdResult CommandCloak::Handle(User* user, const Params& parameters) { ModuleCloaking* mod = (ModuleCloaking*)(Module*)creator; irc::sockets::sockaddrs sa; @@ -561,7 +420,7 @@ CmdResult CommandCloak::Handle(const std::vector<std::string> ¶meters, User else cloak = mod->GenCloak(sa, "", parameters[0]); - user->WriteServ("NOTICE %s :*** Cloak for %s is %s", user->nick.c_str(), parameters[0].c_str(), cloak.c_str()); + user->WriteNotice("*** Cloak for " + parameters[0] + " is " + cloak); return CMD_SUCCESS; } |