Greetings po||ux,
This is jrmu from IRC. So, I took a look at this issue:
https://github.com/ngircd/ngircd/issues/228
OK po||ux , it's confirmed, the reason why the hashes aren't working
is because ngircd hashes twice. Suppose I have 2 ngircd servers (X
and Y) set up connected to each other. The salt is
9UdVFZOQszoWpvLAIXSvqF. On server X I use telnet to connect to
127.0.0.1 port 6667. So the hostmask is 127.0.0.1, and the salt is
appended to get the string 127.0.0.19UdVFZOQszoWpvLAIXSvqF. This is
hashed to give fde34f9b on the other server, the hostmask is
fde34f9b. The salt 9UdVFZOQszoWpvLAIXSvqF is appended to give the
string fde34f9b9UdVFZOQszoWpvLAIXSvqF, this is then hashed to give
93973dfb. So on server X, the hostmask is fde34f9b, and on server Y
the hostmask is 93973dfb.
What needs to be done is server Y must not hash the hostmask a 2nd time, and just pass through as is. The question now is, when a new user connects to X, should server X broadcast the uncloaked IP address and let server Y cloak it again; or should server X broadcast the cloaked IP and server Y should *not* cloak?
I have a fix using the 2nd solution (server Y does not cloak):
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c line
340
I change the line to read:
if (Conf_CloakHost[0] && strchr(Client->host, '.')) {
That appears to solve the bug. I tested it and it seems to be
working on my side. If you want demo servers to verify, just PM me on
IRC. Now the hostmask renders properly before cloaking a host, the
server will check to see if there is a period in the hostname, if so
it has not yet been cloaked; if there is no ., it has already been
cloaked and there's no need to cloak a second time.
jrmu
Greetings po||ux,
This is jrmu from IRC. So, I took a look at this issue:
https://github.com/ngircd/ngircd/issues/228
OK po||ux , it's confirmed, the reason why the hashes aren't working
is because ngircd hashes twice. Suppose I have 2 ngircd servers (X
and Y) set up connected to each other. The salt is
9UdVFZOQszoWpvLAIXSvqF. On server X I use telnet to connect to
127.0.0.1 port 6667. So the hostmask is 127.0.0.1, and the salt is
appended to get the string 127.0.0.19UdVFZOQszoWpvLAIXSvqF. This is
hashed to give fde34f9b on the other server, the hostmask is
fde34f9b. The salt 9UdVFZOQszoWpvLAIXSvqF is appended to give the
string fde34f9b9UdVFZOQszoWpvLAIXSvqF, this is then hashed to give
93973dfb. So on server X, the hostmask is fde34f9b, and on server Y
the hostmask is 93973dfb.
What needs to be done is server Y must not hash the hostmask a 2nd time, and just pass through as is. The question now is, when a new user connects to X, should server X broadcast the uncloaked IP address and let server Y cloak it again; or should server X broadcast the cloaked IP and server Y should *not* cloak?
I have a fix using the 2nd solution (server Y does not cloak):
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c line 340
I change the line to read:
if (Conf_CloakHost[0] && strchr(Client->host, '.')) {
That appears to solve the bug. I tested it and it seems to be
working on my side. If you want demo servers to verify, just PM me on
IRC. Now the hostmask renders properly before cloaking a host, the
server will check to see if there is a period in the hostname, if so
it has not yet been cloaked; if there is no ., it has already been
cloaked and there's no need to cloak a second time.
jrmu
250 MHz R5200 MIPS CPU, 64 MB RAM, IDE harddisc …
# time ./configure
ngIRCd 25 has been configured with the following options:
Host: mipsel-unknown-netbsd8.0
Compiler: gcc
Compiler flags: -g -O2 -pipe -W -Wall -Wpointer-arith -Wstrict-prototypes -fstack-protector -DSYSCONFDIR='"$(sysconfdir)"' -DDOCDIR='"$(docdir)"'
Libraries: -lz
'ngircd' binary: /usr/local/sbin
Configuration file: /usr/local/etc
Manual pages: /usr/local/share/man
Documentation: /usr/local/share/doc/ngircd
Syslog support: yes Enable debug code: no
zlib compression: yes IRC sniffer: no
Use TCP Wrappers: no Strict RFC mode: no
IDENT support: no IRC+ protocol: yes
IPv6 protocol: no I/O backend: kqueue()
PAM support: no SSL support: no
libiconv support: no
372.42 real 219.75 user 119.73 sys
# uname -a
NetBSD galinastarowoitowa.3rz.de 8.0 NetBSD 8.0 (GENERIC) #0: Tue Jul 17 14:59:51 UTC 2018 mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/cobalt/compile/GENERIC cobalt
# gcc --version
gcc (nb2 20180327) 5.5.0
# time ./contrib/platformtest.sh
the executable works ("runs") as expected --+
tests run successfully ("make check") --+ |
ngIRCd compiles ("make") --+ | |
./configure works --+ | | |
| | | |
Platform Compiler ngIRCd Date Tester C M T R *
--------------------------- ------------ ---------- -------- -------- - - - - -
mipsel/unknown/netbsd8.0 gcc 5.5.0 25 19-08-09 root Y Y y Y 3
WARNING: Some tests have been skipped!
Please double check that the ngIRCd daemon starts up, runs and handles IRC
connections successfully!
385.38 real 240.10 user 129.03 sys
https://twitter.com/3rz_de/status/1159588288614850565
