Hashed hostnames for CloakHost

Implemented support for hashed hostnames for CloakHost. The admin can
use '%x' in both the CloakHost and CloakHostModeX setting. The config
option CloakHostModeX was renamed to CloakHostSalt. This salt is used
for both cloaking options.

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 8297a9bb24a8700b325895261b542e6367e3128c..6d9d77098641ec4459375d56eb2a5a0d405dbd92 100644 (file)
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -125,17 +125,17 @@
        ;ChrootDir = /var/empty
 
        # Set this hostname for every client instead of the real one.
        ;ChrootDir = /var/empty
 
        # Set this hostname for every client instead of the real one.

-       # Please note: don't use the percentage sign ("%"), it is reserved for
-       # future extensions!
+       # Use %x to add the hashed value of the original hostname.

        ;CloakHost = cloaked.host
 
        # Use this hostname for hostname cloaking on clients that have the
        # user mode "+x" set, instead of the name of the server.
        ;CloakHost = cloaked.host
 
        # Use this hostname for hostname cloaking on clients that have the
        # user mode "+x" set, instead of the name of the server.

-       # Use %x to add the hashed value of the original hostname
+       # Use %x to add the hashed value of the original hostname.

        ;CloakHostModeX = cloaked.user
 
        ;CloakHostModeX = cloaked.user
 

-       # The Salt for cloaked hostname hashing
-       ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz
+       # The Salt for cloaked hostname hashing. When undefined a random
+       # hash is generated after each server start.
+       ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz

 
        # Set every clients' user name to their nick name
        ;CloakUserToNick = yes
 
        # Set every clients' user name to their nick name
        ;CloakUserToNick = yes

diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl
index 21a10475074d8218d712808a161b936a22ab52cf..71f0007851e738222ed7064b71921d4bb09cd097 100644 (file)
--- a/man/ngircd.conf.5.tmpl
+++ b/man/ngircd.conf.5.tmpl
@@ -212,21 +212,16 @@ For this to work the server must have been started with root privileges!
 .TP
 \fBCloakHost\fR (string)
 Set this hostname for every client instead of the real one. Default: empty,
 .TP
 \fBCloakHost\fR (string)
 Set this hostname for every client instead of the real one. Default: empty,

-don't change.
-.PP
-.RS
-.B Please note:
-.br
-Don't use the percentage sign ("%"), it is reserved for future extensions!
-.RE
+don't change. Use %x to add the hashed value of the original hostname.

 .TP
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
 of the server. Use %x to add the hashed value of the original hostname
 .TP
 .TP
 \fBCloakHostModeX\fR (string)
 Use this hostname for hostname cloaking on clients that have the user mode
 "+x" set, instead of the name of the server. Default: empty, use the name
 of the server. Use %x to add the hashed value of the original hostname
 .TP

-\fBCloakHostModeXSalt\fR (string)
-The Salt for cloaked hostname hashing
+\fBCloakHostSalt\fR (string)
+The Salt for cloaked hostname hashing. When undefined a random hash is
+generated after each server start.

 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied
 .TP
 \fBCloakUserToNick\fR (boolean)
 Set every clients' user name to their nick name and hide the one supplied

diff --git a/src/ngircd/client.c b/src/ngircd/client.c
index cefbd3a3464617506cd4c9d2eb00fd87258de0fb..49e273950ea6aeb955e909b1764021970b4fe982 100644 (file)
--- a/src/ngircd/client.c
+++ b/src/ngircd/client.c
@@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostname )
        assert(Hostname != NULL);
 
        if (strlen(Conf_CloakHost)) {
        assert(Hostname != NULL);
 
        if (strlen(Conf_CloakHost)) {

+               char cloak[GETID_LEN];
+
+               strlcpy(cloak, Hostname, GETID_LEN);
+               strlcat(cloak, Conf_CloakHostSalt, GETID_LEN);
+               snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak));
+

                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",
                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",

-                        Client_ID(Client), Client->host, Conf_CloakHost);
-               strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host));
+                       Client_ID(Client), Client->host, cloak);
+               strlcpy(Client->host, cloak, sizeof(Client->host));

        } else {
                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",
                         Client_ID(Client), Client->host, Hostname);
        } else {
                LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"",
                         Client_ID(Client), Client->host, Hostname);


@@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client)
                return Client_Mask(Client);
 
        if(*Conf_CloakHostModeX) {
                return Client_Mask(Client);
 
        if(*Conf_CloakHostModeX) {

-               snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt);
-               snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer));
+               strlcpy(Cloak_Buffer, Client->host, GETID_LEN);
+               strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN);
+               snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer));

        } else {
                strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
        }
        } else {
                strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN);
        }

diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c
index 36eff905ecce8b04b4cfd9e20371c78c72c52b4b..b09113730ef185dff831ca6a0392c4a8d757ddcf 100644 (file)
--- a/src/ngircd/conf.c
+++ b/src/ngircd/conf.c
@@ -359,7 +359,7 @@ Conf_Test( void )
        printf("  ChrootDir = %s\n", Conf_Chroot);
        printf("  CloakHost = %s\n", Conf_CloakHost);
        printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);
        printf("  ChrootDir = %s\n", Conf_Chroot);
        printf("  CloakHost = %s\n", Conf_CloakHost);
        printf("  CloakHostModeX = %s\n", Conf_CloakHostModeX);

-       printf("  CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt);
+       printf("  CloakHostSalt = %s\n", Conf_CloakHostSalt);

        printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
        printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));
        printf("  CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick));
 #ifdef WANT_IPV6
        printf("  ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6));


@@ -688,7 +688,7 @@ Set_Defaults(bool InitServers)
        strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
        strcpy(Conf_CloakHost, "");
        strcpy(Conf_CloakHostModeX, "");
        strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot));
        strcpy(Conf_CloakHost, "");
        strcpy(Conf_CloakHostModeX, "");

-       strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN));
+       strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN));

        Conf_CloakUserToNick = false;
        Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6
        Conf_CloakUserToNick = false;
        Conf_ConnectIPv4 = true;
 #ifdef WANT_IPV6


@@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg)
                        Config_Error_TooLong(Line, Var);
                return;
        }
                        Config_Error_TooLong(Line, Var);
                return;
        }

-       if (strcasecmp(Var, "CloakHostModeXSalt") == 0) {
-               len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt));
-               if (len >= sizeof(Conf_CloakHostModeX))
+       if (strcasecmp(Var, "CloakHostSalt") == 0) {
+               len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt));
+               if (len >= sizeof(Conf_CloakHostSalt))

                        Config_Error_TooLong(Line, Var);
                return;
        }
                        Config_Error_TooLong(Line, Var);
                return;
        }

diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h
index 964b37b75ac0050b9776b9aba01bd2cdd60816ac..4e7e3796478d8f200b11661c4ade71488dcfbad3 100644 (file)
--- a/src/ngircd/conf.h
+++ b/src/ngircd/conf.h
@@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN];
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 
 /** Cloaked hostname for clients that did +x */
 GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN];
 

-/** Salt for hostname hash for clients that did +x */
-GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN];
+/** Salt for hostname hash for cloaked hostnames */
+GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN];

 
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;
 
 /** Use nick name as user name? */
 GLOBAL bool Conf_CloakUserToNick;