From 762cc38cf9536053ea31085206508922ba524eaa Mon Sep 17 00:00:00 2001 From: nenolod Date: Fri, 6 Jul 2007 00:48:28 -0700 Subject: [PATCH] [svn] - new ip cloaking module --- ChangeLog | 14 +++ extensions/Makefile.in | 3 +- extensions/ip_cloaking.c | 109 +++++++++++++++------- extensions/ip_cloaking_old.c | 176 +++++++++++++++++++++++++++++++++++ include/serno.h | 2 +- 5 files changed, 266 insertions(+), 38 deletions(-) create mode 100644 extensions/ip_cloaking_old.c diff --git a/ChangeLog b/ChangeLog index 86887d0..3999c50 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,17 @@ +jilles 2007/06/30 22:15:35 UTC (20070630-3520) + Log: + monitor: send the same message buffer to all users + monitoring a certain nick; the target field of the + numeric becomes *, much like server notices + + + Changes: Modified: + +6 -0 trunk/doc/monitor.txt (File Modified) + +3 -0 trunk/include/send.h (File Modified) + +3 -15 trunk/src/monitor.c (File Modified) + +35 -0 trunk/src/send.c (File Modified) + + jilles 2007/06/22 21:59:09 UTC (20070622-3518) Log: Call add_to_hostname_hash() with correct (orig) hostname. diff --git a/extensions/Makefile.in b/extensions/Makefile.in index 20220cf..58a3630 100644 --- a/extensions/Makefile.in +++ b/extensions/Makefile.in @@ -1,7 +1,7 @@ # # Makefile.in for ircd/contrib # -# $Id: Makefile.in 3478 2007-05-24 15:10:06Z jilles $ +# $Id: Makefile.in 3522 2007-07-06 07:48:28Z nenolod $ # CC = @CC@ RM = @RM@ @@ -38,6 +38,7 @@ SRCS = \ extb_extgecos.c \ hurt.c \ ip_cloaking.c \ + ip_cloaking_old.c \ sno_farconnect.c \ sno_globalkline.c \ sno_globaloper.c \ diff --git a/extensions/ip_cloaking.c b/extensions/ip_cloaking.c index f960d0a..0f0932c 100644 --- a/extensions/ip_cloaking.c +++ b/extensions/ip_cloaking.c @@ -1,4 +1,4 @@ -/* $Id: ip_cloaking.c 2805 2006-12-05 12:45:43Z jilles $ */ +/* $Id: ip_cloaking.c 3522 2007-07-06 07:48:28Z nenolod $ */ #include "stdinc.h" #include "modules.h" @@ -42,7 +42,7 @@ mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { }; DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, - ip_cloaking_hfnlist, "$Revision: 2805 $"); + ip_cloaking_hfnlist, "$Revision: 3522 $"); static void distribute_hostchange(struct Client *client) @@ -69,45 +69,82 @@ distribute_hostchange(struct Client *client) ClearDynSpoof(client); } -static void -do_host_cloak(const char *inbuf, char *outbuf, int ipmask) +#define Nval 0x8c3a48ac +#define HOSTLEN 63 +#define INITDATA "98fwqefnoiqefv03f423t34gbv3vb89tg432t3b8" /* change this */ + +static inline unsigned int +get_string_entropy(const char *inbuf) { - int cyc; - unsigned int hosthash = 1, hosthash2 = 1; - unsigned int maxcycle = strlen(inbuf); - int len1; - const char *rest, *next; + unsigned int accum = 1; - for (cyc = 0; cyc < maxcycle - 2; cyc += 2) - hosthash *= (unsigned int) inbuf[cyc]; + while(*inbuf != '\0') + accum += *inbuf++; - /* safety: decrement ourselves two steps back */ - for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2) - hosthash2 *= (unsigned int) inbuf[cyc]; + return accum; +} - /* lets do some bitshifting -- this pretty much destroys the IP - * sequence, while still providing a checksum. exactly what - * we're shooting for. --nenolod +/* calls get_string_entropy() and toasts it against INITDATA */ +static inline unsigned int +get_string_weighted_entropy(const char *inbuf) +{ + static int base_entropy = 0; + unsigned int accum = get_string_entropy(inbuf); + + /* initialize the algorithm if it is not yet ready */ + if (base_entropy == 0) + base_entropy = get_string_entropy(INITDATA); + + return (Nval * accum) ^ base_entropy; +} + +static void +do_host_cloak_ip(const char *inbuf, char *outbuf) +{ + char *tptr; + unsigned int accum = get_string_weighted_entropy(inbuf); + char buf[HOSTLEN]; + + strncpy(buf, inbuf, HOSTLEN); + tptr = strrchr(buf, '.'); + *tptr++ = '\0'; + + snprintf(outbuf, HOSTLEN, "%s.%x", buf, accum); +} + +static void +do_host_cloak_host(const char *inbuf, char *outbuf) +{ + char b26_alphabet[] = "abcdefghijklmnopqrstuvwxyz"; + char *tptr; + unsigned int accum = get_string_weighted_entropy(inbuf); + + strncpy(outbuf, inbuf, HOSTLEN); + + /* pass 1: scramble first section of hostname using base26 + * alphabet toasted against the weighted entropy of the string. + * + * numbers are not changed at this time, only letters. */ - hosthash += (hosthash2 / KEY); - hosthash2 += (hosthash / KEY); - - if (ipmask == 0) + for (tptr = outbuf; *tptr != '\0'; tptr++) { - ircsnprintf(outbuf, HOSTLEN, "%s-%X%X", - ServerInfo.network_name, hosthash2, hosthash); - len1 = strlen(outbuf); - rest = strchr(inbuf, '.'); - if (rest == NULL) - rest = "."; - /* try to avoid truncation -- jilles */ - while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL) - rest = next; - strlcat(outbuf, rest, HOSTLEN); + if (*tptr == '.') + break; + + if (isdigit(*tptr) || *tptr == '-') + continue; + + *tptr = b26_alphabet[(*tptr * accum) % 26]; } - else - ircsnprintf(outbuf, HOSTLEN, "%X%X.%s", - hosthash2, hosthash, ServerInfo.network_name); + + /* pass 2: scramble each number in the address */ + for (tptr = outbuf; *tptr != '\0'; tptr++) + { + if (isdigit(*tptr)) + { + *tptr = 48 + ((*tptr * accum) % 10); + } + } } static void @@ -162,9 +199,9 @@ check_new_user(void *vdata) } source_p->localClient->mangledhost = MyMalloc(HOSTLEN); if (!irccmp(source_p->orighost, source_p->sockhost)) - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1); + do_host_cloak_ip(source_p->orighost, source_p->localClient->mangledhost); else - do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0); + do_host_cloak_host(source_p->orighost, source_p->localClient->mangledhost); if (IsDynSpoof(source_p)) source_p->umodes &= ~user_modes['h']; if (source_p->umodes & user_modes['h']) diff --git a/extensions/ip_cloaking_old.c b/extensions/ip_cloaking_old.c new file mode 100644 index 0000000..54e13c9 --- /dev/null +++ b/extensions/ip_cloaking_old.c @@ -0,0 +1,176 @@ +/* $Id: ip_cloaking_old.c 3522 2007-07-06 07:48:28Z nenolod $ */ + +#include "stdinc.h" +#include "modules.h" +#include "hook.h" +#include "client.h" +#include "ircd.h" +#include "send.h" +#include "s_conf.h" +#include "s_user.h" +#include "s_serv.h" +#include "tools.h" +#include "numeric.h" + +/* if you're modifying this module, you'll probably to change this */ +#define KEY 0x13748cfa + +static int +_modinit(void) +{ + /* add the usermode to the available slot */ + user_modes['h'] = find_umode_slot(); + construct_umodebuf(); + + return 0; +} + +static void +_moddeinit(void) +{ + /* disable the umode and remove it from the available list */ + user_modes['h'] = 0; + construct_umodebuf(); +} + +static void check_umode_change(void *data); +static void check_new_user(void *data); +mapi_hfn_list_av1 ip_cloaking_hfnlist[] = { + { "umode_changed", (hookfn) check_umode_change }, + { "new_local_user", (hookfn) check_new_user }, + { NULL, NULL } +}; + +DECLARE_MODULE_AV1(ip_cloaking, _modinit, _moddeinit, NULL, NULL, + ip_cloaking_hfnlist, "$Revision: 3522 $"); + +static void +distribute_hostchange(struct Client *client) +{ + if (irccmp(client->host, client->orighost)) + sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :is now your hidden host", + client->host); + else + sendto_one_numeric(client, RPL_HOSTHIDDEN, "%s :hostname reset", + client->host); + + sendto_server(NULL, NULL, + CAP_EUID | CAP_TS6, NOCAPS, ":%s CHGHOST %s :%s", + use_id(&me), use_id(client), client->host); + sendto_server(NULL, NULL, + CAP_TS6, CAP_EUID, ":%s ENCAP * CHGHOST %s :%s", + use_id(&me), use_id(client), client->host); + sendto_server(NULL, NULL, + NOCAPS, CAP_TS6, ":%s ENCAP * CHGHOST %s :%s", + me.name, client->name, client->host); + if (irccmp(client->host, client->orighost)) + SetDynSpoof(client); + else + ClearDynSpoof(client); +} + +static void +do_host_cloak(const char *inbuf, char *outbuf, int ipmask) +{ + int cyc; + unsigned int hosthash = 1, hosthash2 = 1; + unsigned int maxcycle = strlen(inbuf); + int len1; + const char *rest, *next; + + for (cyc = 0; cyc < maxcycle - 2; cyc += 2) + hosthash *= (unsigned int) inbuf[cyc]; + + /* safety: decrement ourselves two steps back */ + for (cyc = maxcycle - 1; cyc >= 1; cyc -= 2) + hosthash2 *= (unsigned int) inbuf[cyc]; + + /* lets do some bitshifting -- this pretty much destroys the IP + * sequence, while still providing a checksum. exactly what + * we're shooting for. --nenolod + */ + hosthash += (hosthash2 / KEY); + hosthash2 += (hosthash / KEY); + + if (ipmask == 0) + { + ircsnprintf(outbuf, HOSTLEN, "%s-%X%X", + ServerInfo.network_name, hosthash2, hosthash); + len1 = strlen(outbuf); + rest = strchr(inbuf, '.'); + if (rest == NULL) + rest = "."; + /* try to avoid truncation -- jilles */ + while (len1 + strlen(rest) >= HOSTLEN && (next = strchr(rest + 1, '.')) != NULL) + rest = next; + strlcat(outbuf, rest, HOSTLEN); + } + else + ircsnprintf(outbuf, HOSTLEN, "%X%X.%s", + hosthash2, hosthash, ServerInfo.network_name); +} + +static void +check_umode_change(void *vdata) +{ + hook_data_umode_changed *data = (hook_data_umode_changed *)vdata; + struct Client *source_p = data->client; + + if (!MyClient(source_p)) + return; + + /* didn't change +h umode, we don't need to do anything */ + if (!((data->oldumodes ^ source_p->umodes) & user_modes['h'])) + return; + + if (source_p->umodes & user_modes['h']) + { + if (IsIPSpoof(source_p) || source_p->localClient->mangledhost == NULL || (IsDynSpoof(source_p) && strcmp(source_p->host, source_p->localClient->mangledhost))) + { + source_p->umodes &= ~user_modes['h']; + return; + } + if (strcmp(source_p->host, source_p->localClient->mangledhost)) + { + strlcpy(source_p->host, source_p->localClient->mangledhost, HOSTLEN); + distribute_hostchange(source_p); + } + else /* not really nice, but we need to send this numeric here */ + sendto_one_numeric(source_p, RPL_HOSTHIDDEN, "%s :is now your hidden host", + source_p->host); + } + else if (!(source_p->umodes & user_modes['h'])) + { + if (source_p->localClient->mangledhost != NULL && + !strcmp(source_p->host, source_p->localClient->mangledhost)) + { + strlcpy(source_p->host, source_p->orighost, HOSTLEN); + distribute_hostchange(source_p); + } + } +} + +static void +check_new_user(void *vdata) +{ + struct Client *source_p = (void *)vdata; + + if (IsIPSpoof(source_p)) + { + source_p->umodes &= ~user_modes['h']; + return; + } + source_p->localClient->mangledhost = MyMalloc(HOSTLEN); + if (!irccmp(source_p->orighost, source_p->sockhost)) + do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 1); + else + do_host_cloak(source_p->orighost, source_p->localClient->mangledhost, 0); + if (IsDynSpoof(source_p)) + source_p->umodes &= ~user_modes['h']; + if (source_p->umodes & user_modes['h']) + { + strlcpy(source_p->host, source_p->localClient->mangledhost, sizeof(source_p->host)); + if (irccmp(source_p->host, source_p->orighost)) + SetDynSpoof(source_p); + } +} diff --git a/include/serno.h b/include/serno.h index 8112dea..9da9fb4 100644 --- a/include/serno.h +++ b/include/serno.h @@ -1 +1 @@ -#define SERNO "20070622-3518" +#define SERNO "20070630-3520"