Hashed hostnames for CloakHost

Implemented support for hashed hostnames for CloakHost. The admin can
use '%x' in both the CloakHost and CloakHostModeX setting. The config
option CloakHostModeX was renamed to CloakHostSalt. This salt is used
for both cloaking options.

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 8297a9bb24a8700b325895261b542e6367e3128c..6d9d77098641ec4459375d56eb2a5a0d405dbd92 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -125,17 +125,17 @@
        ;ChrootDir = /var/empty
 
        # Set this hostname for every client instead of the real one.
-       # Please note: don't use the percentage sign ("%"), it is reserved for
-       # future extensions!
+       # Use %x to add the hashed value of the original hostname.
        ;CloakHost = cloaked.host
 
        # Use this hostname for hostname cloaking on clients that have the
        # user mode "+x" set, instead of the name of the server.
-       # Use %x to add the hashed value of the original hostname
+       # Use %x to add the hashed value of the original hostname.
        ;CloakHostModeX = cloaked.user
 
-       # The Salt for cloaked hostname hashing
-       ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+       # The Salt for cloaked hostname hashing. When undefined a random
+       # hash is generated after each server start.
+       ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz
 
        # Set every clients' user name to their nick name
        ;CloakUserToNick = yes

diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 21a10475074d8218d712808a161b936a22ab52cf..71f0007851e738222ed7064b71921d4bb09cd097 100644 (file)
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -212,21 +212,16 @@ For this to work the server must have been started with root privileges!
 .TP
 \fBCloakHost\fR (string)
 Set this hostname for every client instead of the real one. Default: empty,
-don't change.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+don't change. Use %x to add the hashed value of the original hostname.
 .TP
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
 of the server. Use %x to add the hashed value of the original hostname
 .TP
-\fBCloakHostModeXSalt\fR (string)
-The Salt for cloaked hostname hashing
+\fBCloakHostSalt\fR (string)
+The Salt for cloaked hostname hashing. When undefined a random hash is
+generated after each server start.
 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied

diff --git a/src/ngircd/client.c b/src/ngircd/client.c
index cefbd3a3464617506cd4c9d2eb00fd87258de0fb..49e273950ea6aeb955e909b1764021970b4fe982 100644 (file)
--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostname )
        assert(Hostname != NULL);
 
        if (strlen(Conf_CloakHost)) {
+               char cloak[GETID_LEN];
+
+               strlcpy(cloak, Hostname, GETID_LEN);
+               strlcat(cloak, Conf_CloakHostSalt, GETID_LEN);
+               snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak));
+
                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",
-                        Client_ID(Client), Client->host, Conf_CloakHost);
-               strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host));
+                       Client_ID(Client), Client->host, cloak);
+               strlcpy(Client->host, cloak, sizeof(Client->host));
        } else {
                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",
                         Client_ID(Client), Client->host, Hostname);
@@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client)
                return Client_Mask(Client);
 
        if(*Conf_CloakHostModeX) {
-               snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
-               snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+               strlcpy(Cloak_Buffer, Client->host, GETID_LEN);
+               strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN);
+               snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer));
        } else {
                strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
        }

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 36eff905ecce8b04b4cfd9e20371c78c72c52b4b..b09113730ef185dff831ca6a0392c4a8d757ddcf 100644 (file)
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -359,7 +359,7 @@ Conf_Test( void )
        printf("  ChrootDir = %s\n", Conf_Chroot);
        printf("  CloakHost = %s\n", Conf_CloakHost);
        printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);
-       printf("  CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
+       printf("  CloakHostSalt = %s\n", Conf_CloakHostSalt);
        printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
        printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
@@ -688,7 +688,7 @@ Set_Defaults(bool InitServers)
        strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
        strcpy(Conf_CloakHost, "");
        strcpy(Conf_CloakHostModeX, "");
-       strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
+       strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN));
        Conf_CloakUserToNick = false;
        Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6
@@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
                        Config_Error_TooLong(Line, Var);
                return;
        }
-       if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
-               len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
-               if (len >= sizeof(Conf_CloakHostModeX))
+       if (strcasecmp(Var, "CloakHostSalt") == 0) {
+               len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt));
+               if (len >= sizeof(Conf_CloakHostSalt))
                        Config_Error_TooLong(Line, Var);
                return;
        }

diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 964b37b75ac0050b9776b9aba01bd2cdd60816ac..4e7e3796478d8f200b11661c4ade71488dcfbad3 100644 (file)
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 
-/** Salt for hostname hash for clients that did +x */
-GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+/** Salt for hostname hash for cloaked hostnames */
+GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN];
 
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;