From: Sebastian Köhler Date: Thu, 2 Aug 2012 17:44:40 +0000 (+0200) Subject: Hashed hostnames for CloakHost X-Git-Tag: rel-20-rc1~118 X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=commitdiff_plain;h=d0bb185cf55655fc68ad54508c84314c2520d54c;hp=49385a98b2878ae6f19dd0925e0dc90fcc3d6372 Hashed hostnames for CloakHost Implemented support for hashed hostnames for CloakHost. The admin can use '%x' in both the CloakHost and CloakHostModeX setting. The config option CloakHostModeX was renamed to CloakHostSalt. This salt is used for both cloaking options. --- diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 8297a9bb..6d9d7709 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -125,17 +125,17 @@ ;ChrootDir = /var/empty # Set this hostname for every client instead of the real one. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! + # Use %x to add the hashed value of the original hostname. ;CloakHost = cloaked.host # Use this hostname for hostname cloaking on clients that have the # user mode "+x" set, instead of the name of the server. - # Use %x to add the hashed value of the original hostname + # Use %x to add the hashed value of the original hostname. ;CloakHostModeX = cloaked.user - # The Salt for cloaked hostname hashing - ;CloakHostModeXSalt = abcdefghijklmnopqrstuvwxyz + # The Salt for cloaked hostname hashing. When undefined a random + # hash is generated after each server start. + ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz # Set every clients' user name to their nick name ;CloakUserToNick = yes diff --git a/man/ngircd.conf.5.tmpl b/man/ngircd.conf.5.tmpl index 21a10475..71f00078 100644 --- a/man/ngircd.conf.5.tmpl +++ b/man/ngircd.conf.5.tmpl @@ -212,21 +212,16 @@ For this to work the server must have been started with root privileges! .TP \fBCloakHost\fR (string) Set this hostname for every client instead of the real one. Default: empty, -don't change. -.PP -.RS -.B Please note: -.br -Don't use the percentage sign ("%"), it is reserved for future extensions! -.RE +don't change. Use %x to add the hashed value of the original hostname. .TP \fBCloakHostModeX\fR (string) Use this hostname for hostname cloaking on clients that have the user mode "+x" set, instead of the name of the server. Default: empty, use the name of the server. Use %x to add the hashed value of the original hostname .TP -\fBCloakHostModeXSalt\fR (string) -The Salt for cloaked hostname hashing +\fBCloakHostSalt\fR (string) +The Salt for cloaked hostname hashing. When undefined a random hash is +generated after each server start. .TP \fBCloakUserToNick\fR (boolean) Set every clients' user name to their nick name and hide the one supplied diff --git a/src/ngircd/client.c b/src/ngircd/client.c index cefbd3a3..49e27395 100644 --- a/src/ngircd/client.c +++ b/src/ngircd/client.c @@ -331,9 +331,15 @@ Client_SetHostname( CLIENT *Client, const char *Hostname ) assert(Hostname != NULL); if (strlen(Conf_CloakHost)) { + char cloak[GETID_LEN]; + + strlcpy(cloak, Hostname, GETID_LEN); + strlcat(cloak, Conf_CloakHostSalt, GETID_LEN); + snprintf(cloak, GETID_LEN, Conf_CloakHost, Hash(cloak)); + LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", - Client_ID(Client), Client->host, Conf_CloakHost); - strlcpy(Client->host, Conf_CloakHost, sizeof(Client->host)); + Client_ID(Client), Client->host, cloak); + strlcpy(Client->host, cloak, sizeof(Client->host)); } else { LogDebug("Updating hostname of \"%s\": \"%s\" -> \"%s\"", Client_ID(Client), Client->host, Hostname); @@ -826,8 +832,9 @@ Client_MaskCloaked(CLIENT *Client) return Client_Mask(Client); if(*Conf_CloakHostModeX) { - snprintf(Mask_Buffer, GETID_LEN, "%s%s", Client->host, Conf_CloakHostModeXSalt); - snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Mask_Buffer)); + strlcpy(Cloak_Buffer, Client->host, GETID_LEN); + strlcat(Cloak_Buffer, Conf_CloakHostSalt, GETID_LEN); + snprintf(Cloak_Buffer, GETID_LEN, Conf_CloakHostModeX, Hash(Cloak_Buffer)); } else { strncpy(Cloak_Buffer, Client_ID(Client->introducer), GETID_LEN); } diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 36eff905..b0911373 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -359,7 +359,7 @@ Conf_Test( void ) printf(" ChrootDir = %s\n", Conf_Chroot); printf(" CloakHost = %s\n", Conf_CloakHost); printf(" CloakHostModeX = %s\n", Conf_CloakHostModeX); - printf(" CloakHostModeXSalt = %s\n", Conf_CloakHostModeXSalt); + printf(" CloakHostSalt = %s\n", Conf_CloakHostSalt); printf(" CloakUserToNick = %s\n", yesno_to_str(Conf_CloakUserToNick)); #ifdef WANT_IPV6 printf(" ConnectIPv4 = %s\n", yesno_to_str(Conf_ConnectIPv6)); @@ -688,7 +688,7 @@ Set_Defaults(bool InitServers) strlcpy(Conf_Chroot, CHROOT_DIR, sizeof(Conf_Chroot)); strcpy(Conf_CloakHost, ""); strcpy(Conf_CloakHostModeX, ""); - strcpy(Conf_CloakHostModeXSalt,ngt_RandomStr(random,RANDOM_SALT_LEN)); + strcpy(Conf_CloakHostSalt, ngt_RandomStr(random, RANDOM_SALT_LEN)); Conf_CloakUserToNick = false; Conf_ConnectIPv4 = true; #ifdef WANT_IPV6 @@ -1488,9 +1488,9 @@ Handle_OPTIONS(int Line, char *Var, char *Arg) Config_Error_TooLong(Line, Var); return; } - if (strcasecmp(Var, "CloakHostModeXSalt") == 0) { - len = strlcpy(Conf_CloakHostModeXSalt, Arg, sizeof(Conf_CloakHostModeXSalt)); - if (len >= sizeof(Conf_CloakHostModeX)) + if (strcasecmp(Var, "CloakHostSalt") == 0) { + len = strlcpy(Conf_CloakHostSalt, Arg, sizeof(Conf_CloakHostSalt)); + if (len >= sizeof(Conf_CloakHostSalt)) Config_Error_TooLong(Line, Var); return; } diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 964b37b7..4e7e3796 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -169,8 +169,8 @@ GLOBAL char Conf_CloakHost[CLIENT_ID_LEN]; /** Cloaked hostname for clients that did +x */ GLOBAL char Conf_CloakHostModeX[CLIENT_ID_LEN]; -/** Salt for hostname hash for clients that did +x */ -GLOBAL char Conf_CloakHostModeXSalt[CLIENT_ID_LEN]; +/** Salt for hostname hash for cloaked hostnames */ +GLOBAL char Conf_CloakHostSalt[CLIENT_ID_LEN]; /** Use nick name as user name? */ GLOBAL bool Conf_CloakUserToNick;