August 2012 - ngIRCd GIT Updates

Alexander Barton : configure.in: Use AC_CONFIG_HEADER instead of AM_CONFIG_HEADER
by alex＠arthur.barton.de 11 Aug '12

11 Aug '12

Module: ngircd.git Branch: master Commit: 0709a0f050044db2d76a3142f02f7efd86321898 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=0709a0f0… Author: Alexander Barton <alex(a)barton.de> Date: Sat Aug 11 16:29:14 2012 +0200 configure.in: Use AC_CONFIG_HEADER instead of AM_CONFIG_HEADER AM_CONFIG_HEADER is marked obsolete and will be removed in Automake 1.13. --- configure.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/configure.in b/configure.in index fb08778..52435fd 100644 --- a/configure.in +++ b/configure.in @@ -1,6 +1,6 @@ # # ngIRCd -- The Next Generation IRC Daemon -# Copyright (c)2001-2011 Alexander Barton (alex(a)barton.de) and Contributors +# Copyright (c)2001-2012 Alexander Barton (alex(a)barton.de) and Contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -18,7 +18,7 @@ AC_INIT(ngircd, VERSION_ID) AC_CONFIG_SRCDIR(src/ngircd/ngircd.c) AC_CANONICAL_TARGET AM_INIT_AUTOMAKE(1.6) -AM_CONFIG_HEADER(src/config.h) +AC_CONFIG_HEADER(src/config.h) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])

1 0

Alexander Barton : Fix compiler warning when not building with ZLIB support
by alex＠arthur.barton.de 06 Aug '12

06 Aug '12

Module: ngircd.git Branch: master Commit: cfd0bddc3014e87dead4db72ef206c6f61ee12c1 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=cfd0bddc… Author: Alexander Barton <alex(a)kfreebsd.barton.de> Date: Mon Aug 6 01:35:56 2012 +0200 Fix compiler warning when not building with ZLIB support This fixes: irc.c: In function ‘Option_String’: irc.c:333:9: error: variable ‘options’ set but not used --- src/ngircd/irc.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/src/ngircd/irc.c b/src/ngircd/irc.c index 9508ecc..efc34d4 100644 --- a/src/ngircd/irc.c +++ b/src/ngircd/irc.c @@ -327,12 +327,18 @@ IRC_HELP( CLIENT *Client, REQUEST *Req ) static char * -Option_String( CONN_ID Idx ) +#ifdef ZLIB +Option_String(CONN_ID Idx) +#else +Option_String(UNUSED CONN_ID Idx) +#endif { static char option_txt[8]; +#ifdef ZLIB UINT16 options; options = Conn_Options(Idx); +#endif strcpy(option_txt, "F"); /* No idea what this means, but the * original ircd sends it ... */

1 0

Alexander Barton : Update NEWS and ChangeLog files for hashed cloaked hostnames
by alex＠arthur.barton.de 04 Aug '12

04 Aug '12

Module: ngircd.git Branch: master Commit: b53b12aa5fd4189035c7473ee4d91eb89fcecb60 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=b53b12aa… Author: Alexander Barton <alex(a)barton.de> Date: Fri Aug 3 23:55:25 2012 +0200 Update NEWS and ChangeLog files for hashed cloaked hostnames --- ChangeLog | 9 +++++++++ NEWS | 9 +++++++++ 2 files changed, 18 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1745ea4..9e8d594 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,15 @@ -- ChangeLog -- +ngIRCd + + - Implemented hashed cloaked hostnames for both the "CloakHost" and + "CloakHostModeX" configuration options: now the admin can use the new + '%x' placeholder to insert a hashed version of the clients hostname, + and the new configuration option "CloakHostSalt" defines the salt for + the hash function. When "CloakHostSalt" is not set (the default), a + random salt will be generated after each server restart. + ngIRCd Release 19.2 (2012-06-19) - doc/Capabilities.txt: document "multi-prefix" capability diff --git a/NEWS b/NEWS index ab0ac19..46c8b09 100644 --- a/NEWS +++ b/NEWS @@ -9,6 +9,15 @@ -- NEWS -- +ngIRCd + + - Implemented hashed cloaked hostnames for both the "CloakHost" and + "CloakHostModeX" configuration options: now the admin can use the new + '%x' placeholder to insert a hashed version of the clients hostname, + and the new configuration option "CloakHostSalt" defines the salt for + the hash function. When "CloakHostSalt" is not set (the default), a + random salt will be generated after each server restart. + ngIRCd Release 19.2 (2012-06-19) ngIRCd 19.2~rc1 (2012-06-13)

1 0

Sebastian Köhler : Hashed hostnames for CloakHost
by alex＠arthur.barton.de 04 Aug '12

04 Aug '12

Module: ngircd.git Branch: master Commit: d0bb185cf55655fc68ad54508c84314c2520d54c URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=d0bb185c… Author: Sebastian Köhler <sebkoehler(a)whoami.org.uk> Date: Thu Aug 2 19:44:40 2012 +0200 Hashed hostnames for CloakHost Implemented support for hashed hostnames for CloakHost. The admin can use '%x' in both the CloakHost and CloakHostModeX setting. The config option CloakHostModeX was renamed to CloakHostSalt. This salt is used for both cloaking options. --- doc/sample-ngircd.conf.tmpl | 10 +++++----- man/ngircd.conf.5.tmpl | 13 ++++--------- src/ngircd/client.c | 15 +++++++++++---- src/ngircd/conf.c | 10 +++++----- src/ngircd/conf.h | 4 ++-- 5 files changed, 27 insertions(+), 25 deletions(-) diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 8297a9b..6d9d770 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -125,17 +125,17 @@ ;ChrootDir = /var/empty # Set this hostname for every client instead of the real one. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! + # Use %x to add the hashed value of the original hostname. ;CloakHost = cloaked.host # Use this hostname for hostname cloaking on clients that have the # user mode "+x" set, instead of the name of the server. - # Use %x to add the hashed value of the original hostname + # Use %x to add the hashed value of the original hostname. ;CloakHostModeX = cloaked.user - # The Salt for cloaked hostname hashing - ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz + # The Salt for cloaked hostname hashing. When undefined a random + # hash is generated after each server start. + ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz # Set every clients' user name to their nick name ;CloakUserToNick = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 21a1047..71f0007 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -212,21 +212,16 @@ For this to work the server must have been started with root privileges! .TP \fBCloakHost\fR (string) Set this hostname for every client instead of the real one. Default: empty, -don't change. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +don't change. Use %x to add the hashed value of the original hostname. .TP \fBCloakHostModeX\fR (string) Use this hostname for hostname cloaking on clients that have the user mode "+x" set, instead of the name of the server. Default: empty, use the name of the server. Use %x to add the hashed value of the original hostname .TP -\fBCloakHostModeXSalt\fR (string) -The Salt for cloaked hostname hashing +\fBCloakHostSalt\fR (string) +The Salt for cloaked hostname hashing. When undefined a random hash is +generated after each server start. .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied diff --git a/src/ngircd/client.c b/src/ngircd/client.c index cefbd3a..49e2739 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostname ) assert(Hostname != NULL); if (strlen(Conf_CloakHost)) { + char cloak[GETID_LEN]; + + strlcpy(cloak, Hostname, GETID_LEN); + strlcat(cloak, Conf_CloakHostSalt, GETID_LEN); + snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak)); + LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", - Client_ID(Client), Client->host, Conf_CloakHost); - strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host)); + Client_ID(Client), Client->host, cloak); + strlcpy(Client->host, cloak, sizeof(Client->host)); } else { LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", Client_ID(Client), Client->host, Hostname); @@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client) return Client_Mask(Client); if(*Conf_CloakHostModeX) { - snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt); - snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer)); + strlcpy(Cloak_Buffer, Client->host, GETID_LEN); + strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN); + snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer)); } else { strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN); } diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 36eff90..b091137 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -359,7 +359,7 @@ Conf_Test( void ) printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); - printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt); + printf(" CloakHostSalt = %s\n", Conf_CloakHostSalt); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -688,7 +688,7 @@ Set_Defaults(bool InitServers) strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHostModeX, ""); - strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN)); + strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN)); Conf_CloakUserToNick = false; Conf_ConnectIPv4 = true; #ifdef WANT_IPV6 @@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "CloakHostModeXSalt") == 0) { - len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt)); - if (len >= sizeof(Conf_CloakHostModeX)) + if (strcasecmp(Var, "CloakHostSalt") == 0) { + len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt)); + if (len >= sizeof(Conf_CloakHostSalt)) Config_Error_TooLong(Line, Var); return; } diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 964b37b..4e7e379 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN]; /** Cloaked hostname for clients that did +x */ GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN]; -/** Salt for hostname hash for clients that did +x */ -GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN]; +/** Salt for hostname hash for cloaked hostnames */ +GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN]; /** Use nick name as user name? */ GLOBAL bool Conf_CloakUserToNick;

1 0

Sebastian Köhler : Implemented hashed cloaked hostnames for +x
by alex＠arthur.barton.de 04 Aug '12

04 Aug '12

Module: ngircd.git Branch: master Commit: 49385a98b2878ae6f19dd0925e0dc90fcc3d6372 URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=49385a98… Author: Sebastian Köhler <sebkoehler(a)whoami.org.uk> Date: Thu Aug 2 13:53:46 2012 +0200 Implemented hashed cloaked hostnames for +x CloakHostModeX can now contain '%x'. It will be replace by the hash of the original client hostname. The new config option CloakHostModeXSalt defines the salt for the hash function. When CloakHostModeXSalt is not set a random salt will be generated after each server restart. Spelling fix in defines.h --- doc/sample-ngircd.conf.tmpl | 6 ++++-- man/ngircd.conf.5.tmpl | 11 ++++------- src/ngircd/client.c | 15 +++++++++++---- src/ngircd/conf.c | 9 +++++++++ src/ngircd/conf.h | 3 +++ src/ngircd/defines.h | 5 ++++- src/tool/tool.c | 30 ++++++++++++++++++++++++++++++ src/tool/tool.h | 2 ++ 8 files changed, 67 insertions(+), 14 deletions(-) diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index e8b2fb0..8297a9b 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -131,10 +131,12 @@ # Use this hostname for hostname cloaking on clients that have the # user mode "+x" set, instead of the name of the server. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! + # Use %x to add the hashed value of the original hostname ;CloakHostModeX = cloaked.user + # The Salt for cloaked hostname hashing + ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz + # Set every clients' user name to their nick name ;CloakUserToNick = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 0473206..21a1047 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -223,13 +223,10 @@ Don't use the percentage sign ("%"), it is reserved for future extensions! \fBCloakHostModeX\fR (string) Use this hostname for hostname cloaking on clients that have the user mode "+x" set, instead of the name of the server. Default: empty, use the name -of the server. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +of the server. Use %x to add the hashed value of the original hostname +.TP +\fBCloakHostModeXSalt\fR (string) +The Salt for cloaked hostname hashing .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied diff --git a/src/ngircd/client.c b/src/ngircd/client.c index e203cdd..cefbd3a 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -817,17 +817,24 @@ GLOBAL char * Client_MaskCloaked(CLIENT *Client) { static char Mask_Buffer[GETID_LEN]; + char Cloak_Buffer[GETID_LEN]; assert (Client != NULL); /* Is the client using cloaking at all? */ if (!Client_HasMode(Client, 'x')) - return Client_Mask(Client); + return Client_Mask(Client); + + if(*Conf_CloakHostModeX) { + snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt); + snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer)); + } else { + strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN); + } snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s", - Client->id, Client->user, - *Conf_CloakHostModeX ? Conf_CloakHostModeX - : Client_ID(Client->introducer)); + Client->id, Client->user, Cloak_Buffer); + return Mask_Buffer; } /* Client_MaskCloaked */ diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 5f7b24f..36eff90 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -359,6 +359,7 @@ Conf_Test( void ) printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); + printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -652,6 +653,7 @@ static void Set_Defaults(bool InitServers) { int i; + char random[RANDOM_SALT_LEN]; /* Global */ strcpy(Conf_ServerName, ""); @@ -686,6 +688,7 @@ Set_Defaults(bool InitServers) strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHostModeX, ""); + strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN)); Conf_CloakUserToNick = false; Conf_ConnectIPv4 = true; #ifdef WANT_IPV6 @@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) Config_Error_TooLong(Line, Var); return; } + if (strcasecmp(Var, "CloakHostModeXSalt") == 0) { + len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt)); + if (len >= sizeof(Conf_CloakHostModeX)) + Config_Error_TooLong(Line, Var); + return; + } if (strcasecmp(Var, "CloakUserToNick") == 0) { Conf_CloakUserToNick = Check_ArgIsTrue(Arg); return; diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 86f00fe..964b37b 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN]; /** Cloaked hostname for clients that did +x */ GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN]; +/** Salt for hostname hash for clients that did +x */ +GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN]; + /** Use nick name as user name? */ GLOBAL bool Conf_CloakUserToNick; diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h index 953eac3..cd0a166 100644 --- a/src/ngircd/defines.h +++ b/src/ngircd/defines.h @@ -44,9 +44,12 @@ /** Max. length of file name. */ #define FNAME_LEN 256 -/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */ +/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */ #define HOST_LEN 256 +/** Max. length of random salt */ +#define RANDOM_SALT_LEN 32 + /* Size of structures */ diff --git a/src/tool/tool.c b/src/tool/tool.c index ef3fb5d..31c6fb4 100644 --- a/src/tool/tool.c +++ b/src/tool/tool.c @@ -20,7 +20,9 @@ #include <assert.h> #include <ctype.h> #include <stdio.h> +#include <stdlib.h> #include <string.h> +#include <sys/time.h> #include <netinet/in.h> @@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr) } /* ngt_TrimLastChr */ +/** + * Fill a String with random chars + */ +GLOBAL char * +ngt_RandomStr( char *String, const size_t len) +{ + assert(String != NULL); + + static const char chars[] = + "0123456789ABCDEFGHIJKLMNO" + "PQRSTUVWXYZabcdefghijklmn" + "opqrstuvwxyz!\"#$&'()*+,-" + "./:;<=>?@[\\]^_`"; + + struct timeval t; + gettimeofday(&t, NULL); + srand(t.tv_usec * t.tv_sec); + + for (size_t i = 0; i < len; ++i) { + String[i] = chars[rand() % (sizeof(chars) - 1)]; + } + + String[len] = '\0'; + + return String; +} /* ngt_RandomStr */ + + #ifdef SYSLOG diff --git a/src/tool/tool.h b/src/tool/tool.h index 60a6537..9fa19e5 100644 --- a/src/tool/tool.h +++ b/src/tool/tool.h @@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String )); GLOBAL char *ngt_UpperStr PARAMS((char *String )); GLOBAL char *ngt_LowerStr PARAMS((char *String )); +GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len)); + #ifdef SYSLOG GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility)); GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));

1 0