Greetings po||ux,
This is jrmu from IRC. So, I took a look at this issue:
https://github.com/ngircd/ngircd/issues/228
OK po||ux , it's confirmed, the reason why the hashes aren't working is because ngircd hashes twice. Suppose I have 2 ngircd servers (X and Y) set up connected to each other. The salt is 9UdVFZOQszoWpvLAIXSvqF. On server X I use telnet to connect to 127.0.0.1 port 6667. So the hostmask is 127.0.0.1, and the salt is appended to get the string 127.0.0.19UdVFZOQszoWpvLAIXSvqF. This is hashed to give fde34f9b on the other server, the hostmask is fde34f9b. The salt 9UdVFZOQszoWpvLAIXSvqF is appended to give the string fde34f9b9UdVFZOQszoWpvLAIXSvqF, this is then hashed to give 93973dfb. So on server X, the hostmask is fde34f9b, and on server Y the hostmask is 93973dfb.
What needs to be done is server Y must not hash the hostmask a 2nd time, and just pass through as is. The question now is, when a new user connects to X, should server X broadcast the uncloaked IP address and let server Y cloak it again; or should server X broadcast the cloaked IP and server Y should *not* cloak?
I have a fix using the 2nd solution (server Y does not cloak):
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c line 340
I change the line to read:
if (Conf_CloakHost[0] && strchr(Client->host, '.')) {
That appears to solve the bug. I tested it and it seems to be working on my side. If you want demo servers to verify, just PM me on IRC. Now the hostmask renders properly before cloaking a host, the server will check to see if there is a period in the hostname, if so it has not yet been cloaked; if there is no ., it has already been cloaked and there's no need to cloak a second time.
jrmu
Hi!
Am 30.08.2019 15:10, schrieb jrmu:
Greetings po||ux,
This is jrmu from IRC. So, I took a look at this issue:
https://github.com/ngircd/ngircd/issues/228
OK po||ux , it's confirmed, the reason why the hashes aren't working is because ngircd hashes twice. Suppose I have 2 ngircd servers (X and Y) set up connected to each other. The salt is 9UdVFZOQszoWpvLAIXSvqF. On server X I use telnet to connect to 127.0.0.1 port 6667. So the hostmask is 127.0.0.1, and the salt is appended to get the string 127.0.0.19UdVFZOQszoWpvLAIXSvqF. This is hashed to give fde34f9b on the other server, the hostmask is fde34f9b. The salt 9UdVFZOQszoWpvLAIXSvqF is appended to give the string fde34f9b9UdVFZOQszoWpvLAIXSvqF, this is then hashed to give 93973dfb. So on server X, the hostmask is fde34f9b, and on server Y the hostmask is 93973dfb.
What needs to be done is server Y must not hash the hostmask a 2nd time, and just pass through as is. The question now is, when a new user connects to X, should server X broadcast the uncloaked IP address and let server Y cloak it again; or should server X broadcast the cloaked IP and server Y should *not* cloak?
I have a fix using the 2nd solution (server Y does not cloak):
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c line 340
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c#L340
I change the line to read:
if (Conf_CloakHost[0] && strchr(Client->host, '.')) {
Makes sense to me. And yes, not cloaking twice on "server Y" is the better approach: so "server X" doesn't leak the information in the first place.
BTW: this is _not_ only about IP addresses; it is about "host masks" in general.
That appears to solve the bug. I tested it and it seems to be working on my side. If you want demo servers to verify, just PM me on IRC. Now the hostmask renders properly before cloaking a host, the server will check to see if there is a period in the hostname, if so it has not yet been cloaked; if there is no ., it has already been cloaked and there's no need to cloak a second time.
Cool!
Can you send a patch, including a short description like above? I can apply and attribute it to you. Or even better, add a pull request to the issue on GitHub?
Thanks! Alex
Greetings po||ux,
Sorry I am not able to use github. But here is the diff -c:
*** ngircd/src/ngircd/client.c Mon Sep 2 21:45:13 2019 --- ngircd-barton/src/ngircd/client.c Wed Sep 4 00:28:34 2019 *************** *** 337,343 **** assert(Client != NULL); assert(Hostname != NULL);
! if (Conf_CloakHost[0] && strchr(Client->host, '.')) { char cloak[GETID_LEN];
strlcpy(cloak, Hostname, GETID_LEN); --- 337,343 ---- assert(Client != NULL); assert(Hostname != NULL);
! if (Conf_CloakHost[0]) { char cloak[GETID_LEN];
strlcpy(cloak, Hostname, GETID_LEN);
Description: Fixes hostmask cloaking bug. Previously, each server would cloak every user's hostmask. The problem is that if a network has more than one server, then a user's hostmask would get cloaked twice. This patch ensures that a server only cloaks the hostmask if it has not yet been cloaked (the period indicates it's still an IP address).
Let me know if you need anything else.
On Tue, Sep 03, 2019 at 11:17:26AM +0200, Alexander Barton wrote:
Hi!
Am 30.08.2019 15:10, schrieb jrmu:
Greetings po||ux,
This is jrmu from IRC. So, I took a look at this issue:
https://github.com/ngircd/ngircd/issues/228
OK po||ux , it's confirmed, the reason why the hashes aren't working is because ngircd hashes twice. Suppose I have 2 ngircd servers (X and Y) set up connected to each other. The salt is 9UdVFZOQszoWpvLAIXSvqF. On server X I use telnet to connect to 127.0.0.1 port 6667. So the hostmask is 127.0.0.1, and the salt is appended to get the string 127.0.0.19UdVFZOQszoWpvLAIXSvqF. This is hashed to give fde34f9b on the other server, the hostmask is fde34f9b. The salt 9UdVFZOQszoWpvLAIXSvqF is appended to give the string fde34f9b9UdVFZOQszoWpvLAIXSvqF, this is then hashed to give 93973dfb. So on server X, the hostmask is fde34f9b, and on server Y the hostmask is 93973dfb.
What needs to be done is server Y must not hash the hostmask a 2nd time, and just pass through as is. The question now is, when a new user connects to X, should server X broadcast the uncloaked IP address and let server Y cloak it again; or should server X broadcast the cloaked IP and server Y should *not* cloak?
I have a fix using the 2nd solution (server Y does not cloak):
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c line 340
https://github.com/ngircd/ngircd/blob/master/src/ngircd/client.c#L340
I change the line to read:
if (Conf_CloakHost[0] && strchr(Client->host, '.')) {
Makes sense to me. And yes, not cloaking twice on "server Y" is the better approach: so "server X" doesn't leak the information in the first place.
BTW: this is _not_ only about IP addresses; it is about "host masks" in general.
That appears to solve the bug. I tested it and it seems to be working on my side. If you want demo servers to verify, just PM me on IRC. Now the hostmask renders properly before cloaking a host, the server will check to see if there is a period in the hostname, if so it has not yet been cloaked; if there is no ., it has already been cloaked and there's no need to cloak a second time.
Cool!
Can you send a patch, including a short description like above? I can apply and attribute it to you. Or even better, add a pull request to the issue on GitHub?
Thanks! Alex