Implemented hashed cloaked hostnames for +x

CloakHostModeX can now contain '%x'. It will be replace by the hash of
the original client hostname. The new config option CloakHostModeXSalt
defines the salt for the hash function. When CloakHostModeXSalt is not
set a random salt will be generated after each server restart.

Spelling fix in defines.h

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index e8b2fb0df098088fa2ebfd082fbcae0525c0b4ef..8297a9bb24a8700b325895261b542e6367e3128c 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -131,10 +131,12 @@
 
        # Use this hostname for hostname cloaking on clients that have the
        # user mode "+x" set, instead of the name of the server.
 
        # Use this hostname for hostname cloaking on clients that have the
        # user mode "+x" set, instead of the name of the server.

-       # Please note: don't use the percentage sign ("%"), it is reserved for
-       # future extensions!
+       # Use %x to add the hashed value of the original hostname

        ;CloakHostModeX = cloaked.user
 
        ;CloakHostModeX = cloaked.user
 

+       # The Salt for cloaked hostname hashing
+       ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+

        # Set every clients' user name to their nick name
        ;CloakUserToNick = yes
 
        # Set every clients' user name to their nick name
        ;CloakUserToNick = yes
 

diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 0473206046296e8d57abf2d37405aa8f67f0e30d..21a10475074d8218d712808a161b936a22ab52cf 100644 (file)
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -223,13 +223,10 @@ Don't use the percentage sign ("%"), it is reserved for future extensions!
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name

-of the server.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+of the server. Use %x to add the hashed value of the original hostname
+.TP
+\fBCloakHostModeXSalt\fR (string)
+The Salt for cloaked hostname hashing

 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied
 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied

diff --git a/src/ngircd/client.c b/src/ngircd/client.c
index e203cdd0e79df243089066d09a80eedec5355a46..cefbd3a3464617506cd4c9d2eb00fd87258de0fb 100644 (file)
--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@@ -817,17 +817,24 @@ GLOBAL char *
 Client_MaskCloaked(CLIENT *Client)
 {
        static char Mask_Buffer[GETID_LEN];
 Client_MaskCloaked(CLIENT *Client)
 {
        static char Mask_Buffer[GETID_LEN];

+       char Cloak_Buffer[GETID_LEN];

 
        assert (Client != NULL);
 
        /* Is the client using cloaking at all? */
        if (!Client_HasMode(Client, 'x'))
 
        assert (Client != NULL);
 
        /* Is the client using cloaking at all? */
        if (!Client_HasMode(Client, 'x'))

-           return Client_Mask(Client);
+               return Client_Mask(Client);
+
+       if(*Conf_CloakHostModeX) {
+               snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
+               snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+       } else {
+               strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
+       }

 
        snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",
 
        snprintf(Mask_Buffer, GETID_LEN, "%s!%s@%s",

-                Client->id, Client->user,
-                *Conf_CloakHostModeX ? Conf_CloakHostModeX
-                                     : Client_ID(Client->introducer));
+               Client->id, Client->user, Cloak_Buffer);
+

        return Mask_Buffer;
 } /* Client_MaskCloaked */
 
        return Mask_Buffer;
 } /* Client_MaskCloaked */
 

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 5f7b24fcfdced17a4681d260f6546f4980c7481f..36eff905ecce8b04b4cfd9e20371c78c72c52b4b 100644 (file)
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -359,6 +359,7 @@ Conf_Test( void )
        printf("  ChrootDir = %s\n", Conf_Chroot);
        printf("  CloakHost = %s\n", Conf_CloakHost);
        printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);
        printf("  ChrootDir = %s\n", Conf_Chroot);
        printf("  CloakHost = %s\n", Conf_CloakHost);
        printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);

+       printf("  CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);

        printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
        printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
        printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
        printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));


@@ -652,6 +653,7 @@ static void
 Set_Defaults(bool InitServers)
 {
        int i;
 Set_Defaults(bool InitServers)
 {
        int i;

+       char random[RANDOM_SALT_LEN];

 
        /* Global */
        strcpy(Conf_ServerName, "");
 
        /* Global */
        strcpy(Conf_ServerName, "");


@@ -686,6 +688,7 @@ Set_Defaults(bool InitServers)
        strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
        strcpy(Conf_CloakHost, "");
        strcpy(Conf_CloakHostModeX, "");
        strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
        strcpy(Conf_CloakHost, "");
        strcpy(Conf_CloakHostModeX, "");

+       strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));

        Conf_CloakUserToNick = false;
        Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6
        Conf_CloakUserToNick = false;
        Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6


@@ -1485,6 +1488,12 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
                        Config_Error_TooLong(Line, Var);
                return;
        }
                        Config_Error_TooLong(Line, Var);
                return;
        }

+       if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
+               len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
+               if (len >= sizeof(Conf_CloakHostModeX))
+                       Config_Error_TooLong(Line, Var);
+               return;
+       }

        if (strcasecmp(Var, "CloakUserToNick") == 0) {
                Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
                return;
        if (strcasecmp(Var, "CloakUserToNick") == 0) {
                Conf_CloakUserToNick = Check_ArgIsTrue(Arg);
                return;

diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 86f00fe429b03a5ed99e68724f8b35b471bd83d0..964b37b75ac0050b9776b9aba01bd2cdd60816ac 100644 (file)
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -169,6 +169,9 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 

+/** Salt for hostname hash for clients that did +x */
+GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+

 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;
 
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;
 

diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h
index 953eac33b5855e2166fd7d33478595b450133a35..cd0a1666ae58a7696c27f7c5aeac40fcfeea565b 100644 (file)
--- a/src/ngircd/defines.h
+++ b/src/ngircd/defines.h
@@ -44,9 +44,12 @@
 /** Max. length of file name. */
 #define FNAME_LEN 256
 
 /** Max. length of file name. */
 #define FNAME_LEN 256
 

-/** Max. lenght of fully qualified host names (e. g. "abc.domain.tld"). */
+/** Max. length of fully qualified host names (e. g. "abc.domain.tld"). */

 #define HOST_LEN 256
 
 #define HOST_LEN 256
 

+/** Max. length of random salt */
+#define RANDOM_SALT_LEN 32
+

 
 /* Size of structures */
 
 
 /* Size of structures */
 

diff --git a/src/tool/tool.c b/src/tool/tool.c
index ef3fb5d73467355782698aa0b5c78ac44b50bad1..31c6fb41fb9272f5b4abd5e6713b12d359fb5387 100644 (file)
--- a/src/tool/tool.c
+++ b/src/tool/tool.c
@@ -20,7 +20,9 @@
 #include <assert.h>
 #include <ctype.h>
 #include <stdio.h>
 #include <assert.h>
 #include <ctype.h>
 #include <stdio.h>

+#include <stdlib.h>

 #include <string.h>
 #include <string.h>

+#include <sys/time.h>

 
 #include <netinet/in.h>
 
 
 #include <netinet/in.h>
 


@@ -129,6 +131,34 @@ ngt_TrimLastChr( char *String, const char Chr)
 } /* ngt_TrimLastChr */
 
 
 } /* ngt_TrimLastChr */
 
 

+/**
+ * Fill a String with random chars
+ */
+GLOBAL char *
+ngt_RandomStr( char *String, const size_t len)
+{
+       assert(String != NULL);
+
+       static const char chars[] = 
+               "0123456789ABCDEFGHIJKLMNO"
+               "PQRSTUVWXYZabcdefghijklmn"
+               "opqrstuvwxyz!\"#$&'()*+,-"
+               "./:;<=>?@[\\]^_`";
+
+       struct timeval t;
+       gettimeofday(&t, NULL);
+       srand(t.tv_usec * t.tv_sec);
+
+       for (size_t i = 0; i < len; ++i) {
+               String[i] = chars[rand() % (sizeof(chars) - 1)];
+       }
+
+       String[len] = '\0';
+
+       return String;
+} /* ngt_RandomStr */
+
+

 #ifdef SYSLOG
 
 
 #ifdef SYSLOG
 
 

diff --git a/src/tool/tool.h b/src/tool/tool.h
index 60a65379cb81fa464f774484870eb1e4bb83d946..9fa19e55ba987a31c70e187128e5cbc8b896c790 100644 (file)
--- a/src/tool/tool.h
+++ b/src/tool/tool.h
@@ -32,6 +32,8 @@ GLOBAL void ngt_TrimStr PARAMS((char *String ));
 GLOBAL char *ngt_UpperStr PARAMS((char *String ));
 GLOBAL char *ngt_LowerStr PARAMS((char *String ));
 
 GLOBAL char *ngt_UpperStr PARAMS((char *String ));
 GLOBAL char *ngt_LowerStr PARAMS((char *String ));
 

+GLOBAL char *ngt_RandomStr PARAMS((char *String, const size_t len));
+

 #ifdef SYSLOG
 GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
 GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));
 #ifdef SYSLOG
 GLOBAL const char *ngt_SyslogFacilityName PARAMS((int Facility));
 GLOBAL int ngt_SyslogFacilityID PARAMS((char *Name, int DefaultFacility));