Module: ngircd.git Branch: master Commit: d0bb185cf55655fc68ad54508c84314c2520d54c URL: http://ngircd.barton.de/cgi-bin/gitweb.cgi?p=ngircd.git&a=commit;h=d0bb1...
Author: Sebastian Köhler sebkoehler@whoami.org.uk Date: Thu Aug 2 19:44:40 2012 +0200
Hashed hostnames for CloakHost
Implemented support for hashed hostnames for CloakHost. The admin can use '%x' in both the CloakHost and CloakHostModeX setting. The config option CloakHostModeX was renamed to CloakHostSalt. This salt is used for both cloaking options.
---
doc/sample-ngircd.conf.tmpl | 10 +++++----- man/ngircd.conf.5.tmpl | 13 ++++--------- src/ngircd/client.c | 15 +++++++++++---- src/ngircd/conf.c | 10 +++++----- src/ngircd/conf.h | 4 ++-- 5 files changed, 27 insertions(+), 25 deletions(-)
diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 8297a9b..6d9d770 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -125,17 +125,17 @@ ;ChrootDir = /var/empty
# Set this hostname for every client instead of the real one. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! + # Use %x to add the hashed value of the original hostname. ;CloakHost = cloaked.host
# Use this hostname for hostname cloaking on clients that have the # user mode "+x" set, instead of the name of the server. - # Use %x to add the hashed value of the original hostname + # Use %x to add the hashed value of the original hostname. ;CloakHostModeX = cloaked.user
- # The Salt for cloaked hostname hashing - ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz + # The Salt for cloaked hostname hashing. When undefined a random + # hash is generated after each server start. + ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz
# Set every clients' user name to their nick name ;CloakUserToNick = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 21a1047..71f0007 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -212,21 +212,16 @@ For this to work the server must have been started with root privileges! .TP \fBCloakHost\fR (string) Set this hostname for every client instead of the real one. Default: empty, -don't change. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +don't change. Use %x to add the hashed value of the original hostname. .TP \fBCloakHostModeX\fR (string) Use this hostname for hostname cloaking on clients that have the user mode "+x" set, instead of the name of the server. Default: empty, use the name of the server. Use %x to add the hashed value of the original hostname .TP -\fBCloakHostModeXSalt\fR (string) -The Salt for cloaked hostname hashing +\fBCloakHostSalt\fR (string) +The Salt for cloaked hostname hashing. When undefined a random hash is +generated after each server start. .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied diff --git a/src/ngircd/client.c b/src/ngircd/client.c index cefbd3a..49e2739 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostname ) assert(Hostname != NULL);
if (strlen(Conf_CloakHost)) { + char cloak[GETID_LEN]; + + strlcpy(cloak, Hostname, GETID_LEN); + strlcat(cloak, Conf_CloakHostSalt, GETID_LEN); + snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak)); + LogDebug("Updating hostname of "%s": "%s" -> "%s"", - Client_ID(Client), Client->host, Conf_CloakHost); - strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host)); + Client_ID(Client), Client->host, cloak); + strlcpy(Client->host, cloak, sizeof(Client->host)); } else { LogDebug("Updating hostname of "%s": "%s" -> "%s"", Client_ID(Client), Client->host, Hostname); @@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client) return Client_Mask(Client);
if(*Conf_CloakHostModeX) { - snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt); - snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer)); + strlcpy(Cloak_Buffer, Client->host, GETID_LEN); + strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN); + snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer)); } else { strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN); } diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 36eff90..b091137 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -359,7 +359,7 @@ Conf_Test( void ) printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); - printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt); + printf(" CloakHostSalt = %s\n", Conf_CloakHostSalt); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -688,7 +688,7 @@ Set_Defaults(bool InitServers) strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHostModeX, ""); - strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN)); + strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN)); Conf_CloakUserToNick = false; Conf_ConnectIPv4 = true; #ifdef WANT_IPV6 @@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "CloakHostModeXSalt") == 0) { - len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt)); - if (len >= sizeof(Conf_CloakHostModeX)) + if (strcasecmp(Var, "CloakHostSalt") == 0) { + len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt)); + if (len >= sizeof(Conf_CloakHostSalt)) Config_Error_TooLong(Line, Var); return; } diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 964b37b..4e7e379 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN]; /** Cloaked hostname for clients that did +x */ GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
-/** Salt for hostname hash for clients that did +x */ -GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN]; +/** Salt for hostname hash for cloaked hostnames */ +GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN];
/** Use nick name as user name? */ GLOBAL bool Conf_CloakUserToNick;
ngircd-commits@lists.barton.de