/[svn]/ircd-hybrid-8/contrib/ip_cloaking.c
ViewVC logotype

Contents of /ircd-hybrid-8/contrib/ip_cloaking.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1575 - (show annotations)
Thu Oct 18 14:27:36 2012 UTC (7 years, 9 months ago) by michael
File MIME type: text/x-chdr
File size: 15174 byte(s)
- contrib/m_change.c,ip_cloaking.c: CHGHOST/CHGIDENT didn't update bancache. Fixed

1 /* MODULE CONFIGURATION FOLLOWS -- please read!! */
2
3 /* Change these numbers to something else. Please
4 * make sure that they match on ALL servers
5 * to avoid problems!
6 */
7 #define KEY 23857
8 #define KEY2 38447
9 #define KEY3 64709
10
11 /* END OF MODULE CONFIGURATION */
12
13 /*
14 * ircd-hybrid: an advanced Internet Relay Chat Daemon (ircd).
15 * ip_cloaking.c: Provides hostname (partial) cloaking for clients.
16 *
17 * Copyright (c) 2005 by the past and present ircd coders, and others.
18 *
19 * This program is free software; you can redistribute it and/or modify
20 * it under the terms of the GNU General Public License as published by
21 * the Free Software Foundation; either version 2 of the License, or
22 * (at you option) any later version.
23 *
24 * This program is distributed in the hope that it will be useful,
25 * but WITHOUT ANY WARRANTY; without even the implied warranty of
26 * MERCHANTABILILTY or FITNESS FOR A PARTICULAR PURPOSE. See the
27 * GNU General Public License for more details.
28 *
29 * You should have recieved a copy of the GNU General Public License
30 * along with this program; if not, write to the Free Software
31 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
32 * USA
33 *
34 * $Id$
35 */
36
37 /*
38 * Originally re-written from AustNet's VirtualWorld Code.
39 * Virtual World written by Roger 'RogerY' Yerramesetti <rogery@austnet.org>
40 *
41 * Re-written using the crc32 encryption implementation by //ylo based on the original
42 * implementation by Gary S. Brown.
43 *
44 * HiddenHost implementation based on the code from Unreal IRCd by
45 * RaYmAn, NiQuiL, narf, Griever (great thinking) eternal, bball, JK.@ roxnet.org
46 *
47 * Additional ideas and code by ShadowMaster, [-Th3Dud3-] (RageIRCd), Solaris @ Demonkarma.net,
48 * Alan 'knight-' LeVee of the ChatJunkies IRC Network and doughk_ff7.
49 */
50
51 #include "stdinc.h"
52 #include "whowas.h"
53 #include "channel_mode.h"
54 #include "client.h"
55 #include "hash.h"
56 #include "hook.h"
57 #include "irc_string.h"
58 #include "ircd.h"
59 #include "ircd_defs.h"
60 #include "numeric.h"
61 #include "s_serv.h"
62 #include "s_user.h"
63 #include "send.h"
64 #include "conf.h"
65 #include "modules.h"
66 #include "memory.h"
67 #include "log.h"
68 #include "sprintf_irc.h"
69 #include "userhost.h"
70
71 static unsigned int umode_vhost = 0;
72 static int vhost_ipv6_err;
73 static dlink_node *prev_enter_umode;
74 static dlink_node *prev_umode;
75 static void *reset_ipv6err_flag(va_list);
76 static void *h_set_user_mode(va_list);
77
78 /*
79 * The implementation originally comes from Gary S. Brown. The tables
80 * are a direct transplant of his original concept and have been
81 * changed for randomization purposes. Minor changes were also made
82 * to the crc32-function by //ylo.
83 *
84 * knight-
85 */
86
87 /* =============================================================
88 * COPYRIGHT (C) 1986 Gary S. Brown. You may use this program, or
89 * code or tables extracted from it, as desired without restriction.
90 *
91 * First, the polynomial itself and its stable of feedback terms. The
92 * polynomial is:
93 *
94 * X^32+X^26+X^23+X^22+X^16+X^12+X^11+X^10+X^8+X^7+X^5+X^4+X^2+X^1+X^0
95 *
96 * Note that we take it "backwards" and put the highest-order term in
97 * the lowest-order bit. The X^32 term is "implied"; the LSB is the
98 * X^31 term, etc. The X^0 term (usually shown as "+1") results in
99 * the MSB being 1.
100 *
101 * Note that the usual hardware shift register implementation, which
102 * is what we're using (we're merely optimizing it by doing eight-bit
103 * chunks at a time) shifts bits into the lowest-order term. In our
104 * implementation, that means shifting towards the right. Why do we
105 * do it this way? Because the calculated CRC must be transmitted in
106 * order from highest-order term to lowest-order term. UARTs transmit
107 * characters in order from LSB to MSB. By storing the CRC this way,
108 * we and it to the UART in the order low-byte to high-byte; the UART
109 * sends each low-bit to high-bit; and the result is transmission bit
110 * by bit from highest-order to lowest-order term without requiring any
111 * bit shuffling on our part. Reception works similarly.
112 *
113 * The feedback term table consists of 256, 32-bit entries. Notes:
114 *
115 * The table can be generated at runtime if desired; code to do so
116 * is shown later. It might not be obvious, but the feedback terms
117 * simply represent the results of eight shift/xor operations for
118 * all combinations of data and CRC register values.
119 *
120 * The values must be right shifted by eight bits by the "updcrc"
121 * logic; the shift must be unsigned (bring in zeroes). On some hardware
122 * you could probably optimize the shift in assembler by using byte-swap
123 * instructions.
124 *
125 * polynomial $edb88320
126 *
127 * --------------------------------------------------------------------
128 */
129
130 static unsigned long crc32_tab[] = {
131 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L,
132 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L,
133 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L,
134 0x90bf1d91L, 0x1db71064L, 0x6ab020f2L, 0xf3b97148L, 0x84be41deL,
135 0x1adad47dL, 0x6ddde4ebL, 0xf4d4b551L, 0x83d385c7L, 0x136c9856L,
136 0x646ba8c0L, 0xfd62f97aL, 0x8a65c9ecL, 0x14015c4fL, 0x63066cd9L,
137 0xfa0f3d63L, 0x8d080df5L, 0x3b6e20c8L, 0x4c69105eL, 0xd56041e4L,
138 0xa2677172L, 0x3c03e4d1L, 0x4b04d447L, 0xd20d85fdL, 0xa50ab56bL,
139 0x35b5a8faL, 0x42b2986cL, 0xdbbbc9d6L, 0xacbcf940L, 0x32d86ce3L,
140 0x45df5c75L, 0xdcd60dcfL, 0xabd13d59L, 0x26d930acL, 0x51de003aL,
141 0xc8d75180L, 0xbfd06116L, 0x21b4f4b5L, 0x56b3c423L, 0xcfba9599L,
142 0xb8bda50fL, 0x2802b89eL, 0x5f058808L, 0xc60cd9b2L, 0xb10be924L,
143 0x2f6f7c87L, 0x58684c11L, 0xc1611dabL, 0xb6662d3dL, 0x76dc4190L,
144 0x01db7106L, 0x98d220bcL, 0xefd5102aL, 0x71b18589L, 0x06b6b51fL,
145 0x9fbfe4a5L, 0xe8b8d433L, 0x7807c9a2L, 0x0f00f934L, 0x9609a88eL,
146 0xe10e9818L, 0x7f6a0dbbL, 0x086d3d2dL, 0x91646c97L, 0xe6635c01L,
147 0x6b6b51f4L, 0x1c6c6162L, 0x856530d8L, 0xf262004eL, 0x6c0695edL,
148 0x1b01a57bL, 0x8208f4c1L, 0xf50fc457L, 0x65b0d9c6L, 0x12b7e950L,
149 0x8bbeb8eaL, 0xfcb9887cL, 0x62dd1ddfL, 0x15da2d49L, 0x8cd37cf3L,
150 0xfbd44c65L, 0x4db26158L, 0x3ab551ceL, 0xa3bc0074L, 0xd4bb30e2L,
151 0x4adfa541L, 0x3dd895d7L, 0xa4d1c46dL, 0xd3d6f4fbL, 0x4369e96aL,
152 0x346ed9fcL, 0xad678846L, 0xda60b8d0L, 0x44042d73L, 0x33031de5L,
153 0xaa0a4c5fL, 0xdd0d7cc9L, 0x5005713cL, 0x270241aaL, 0xbe0b1010L,
154 0xc90c2086L, 0x5768b525L, 0x206f85b3L, 0xb966d409L, 0xce61e49fL,
155 0x5edef90eL, 0x29d9c998L, 0xb0d09822L, 0xc7d7a8b4L, 0x59b33d17L,
156 0x2eb40d81L, 0xb7bd5c3bL, 0xc0ba6cadL, 0xedb88320L, 0x9abfb3b6L,
157 0x03b6e20cL, 0x74b1d29aL, 0xead54739L, 0x9dd277afL, 0x04db2615L,
158 0x73dc1683L, 0xe3630b12L, 0x94643b84L, 0x0d6d6a3eL, 0x7a6a5aa8L,
159 0xe40ecf0bL, 0x9309ff9dL, 0x0a00ae27L, 0x7d079eb1L, 0xf00f9344L,
160 0x8708a3d2L, 0x1e01f268L, 0x6906c2feL, 0xf762575dL, 0x806567cbL,
161 0x196c3671L, 0x6e6b06e7L, 0xfed41b76L, 0x89d32be0L, 0x10da7a5aL,
162 0x67dd4accL, 0xf9b9df6fL, 0x8ebeeff9L, 0x17b7be43L, 0x60b08ed5L,
163 0xd6d6a3e8L, 0xa1d1937eL, 0x38d8c2c4L, 0x4fdff252L, 0xd1bb67f1L,
164 0xa6bc5767L, 0x3fb506ddL, 0x48b2364bL, 0xd80d2bdaL, 0xaf0a1b4cL,
165 0x36034af6L, 0x41047a60L, 0xdf60efc3L, 0xa867df55L, 0x316e8eefL,
166 0x4669be79L, 0xcb61b38cL, 0xbc66831aL, 0x256fd2a0L, 0x5268e236L,
167 0xcc0c7795L, 0xbb0b4703L, 0x220216b9L, 0x5505262fL, 0xc5ba3bbeL,
168 0xb2bd0b28L, 0x2bb45a92L, 0x5cb36a04L, 0xc2d7ffa7L, 0xb5d0cf31L,
169 0x2cd99e8bL, 0x5bdeae1dL, 0x9b64c2b0L, 0xec63f226L, 0x756aa39cL,
170 0x026d930aL, 0x9c0906a9L, 0xeb0e363fL, 0x72076785L, 0x05005713L,
171 0x95bf4a82L, 0xe2b87a14L, 0x7bb12baeL, 0x0cb61b38L, 0x92d28e9bL,
172 0xe5d5be0dL, 0x7cdcefb7L, 0x0bdbdf21L, 0x86d3d2d4L, 0xf1d4e242L,
173 0x68ddb3f8L, 0x1fda836eL, 0x81be16cdL, 0xf6b9265bL, 0x6fb077e1L,
174 0x18b74777L, 0x88085ae6L, 0xff0f6a70L, 0x66063bcaL, 0x11010b5cL,
175 0x8f659effL, 0xf862ae69L, 0x616bffd3L, 0x166ccf45L, 0xa00ae278L,
176 0xd70dd2eeL, 0x4e048354L, 0x3903b3c2L, 0xa7672661L, 0xd06016f7L,
177 0x4969474dL, 0x3e6e77dbL, 0xaed16a4aL, 0xd9d65adcL, 0x40df0b66L,
178 0x37d83bf0L, 0xa9bcae53L, 0xdebb9ec5L, 0x47b2cf7fL, 0x30b5ffe9L,
179 0xbdbdf21cL, 0xcabac28aL, 0x53b39330L, 0x24b4a3a6L, 0xbad03605L,
180 0xcdd70693L, 0x54de5729L, 0x23d967bfL, 0xb3667a2eL, 0xc4614ab8L,
181 0x5d681b02L, 0x2a6f2b94L, 0xb40bbe37L, 0xc30c8ea1L, 0x5a05df1bL,
182 0x2d02ef8dL
183 };
184
185 static unsigned long
186 crc32(const char *s, unsigned int len)
187 {
188 unsigned int i;
189 unsigned long crc32val = 0;
190
191 for (i = 0; i < len; i++)
192 crc32val = crc32_tab[(crc32val ^ s[i]) & 0xff] ^ (crc32val >> 8);
193
194 return crc32val;
195 }
196
197 /*
198 * str2arr()
199 *
200 * converts IPv4 address segments into arrays
201 * for encryption
202 *
203 * inputs - address parvs, strings and deliminator
204 * outputs - array
205 * side effects - not IPv6 friendly
206 */
207 static int
208 str2arr(char **pparv, char *string, const char *delim)
209 {
210 char *tok;
211 int pparc = 0;
212
213 /* Diane had suggested to use this method rather than while() -- knight */
214 for (tok = strtok(string, delim); tok != NULL; tok = strtok(NULL, delim))
215 {
216 pparv[pparc++] = tok;
217 }
218
219 return pparc;
220 }
221
222 /*
223 * make_virthost()
224 *
225 * curr = current hostname/ip
226 * host = current host socket
227 * new = encrypted hostname/ip
228 */
229 static void
230 make_virthost(char *curr, char *host, char *new)
231 {
232 char mask[HOSTLEN + 1];
233 char *parv[HOSTLEN + 1], *parv2[HOSTLEN + 1], s[HOSTLEN + 1], s2[HOSTLEN + 1];
234 int parc = 0, parc2 = 0, len = 0;
235 unsigned long hash[8];
236
237 strlcpy(s2, curr, HOSTLEN + 1);
238 strlcpy(s, host, HOSTLEN + 1);
239
240 parc = str2arr(parv, s, ".");
241 parc2 = str2arr(parv2, s2, ".");
242
243 if (!parc2)
244 return;
245
246 hash[0] = ((crc32 (parv[3], strlen (parv[3])) + KEY) ^ KEY2) ^ KEY3;
247 hash[1] = ((KEY2 ^ crc32 (parv[2], strlen (parv[2]))) + KEY3) ^ KEY;
248 hash[2] = ((crc32 (parv[1], strlen (parv[1])) + KEY3) ^ KEY) ^ KEY2;
249 hash[3] = ((KEY3 ^ crc32 (parv[0], strlen (parv[0]))) + KEY2) ^ KEY;
250
251 hash[0] <<= 2;
252 hash[0] >>= 2;
253 hash[0] &= 0x3FFFFFFF;
254 hash[0] &= 0xFFFFFFFF;
255 hash[1] <<= 2;
256 hash[1] >>= 2;
257 hash[1] &= 0x7FFFFFFF;
258 hash[1] &= 0x3FFFFFFF;
259 hash[2] <<= 2;
260 hash[2] >>= 2;
261 hash[2] &= 0x7FFFFFFF;
262 hash[2] &= 0xFFFFFFFF;
263 hash[3] <<= 2;
264 hash[3] >>= 2;
265 hash[3] &= 0x3FFFFFFF;
266 hash[3] &= 0x7FFFFFFF;
267
268 /* IPv4 */
269 if (parc2 == 4 || parc2 < 2)
270 {
271 len = strlen (parv2[3]);
272
273 if (strchr("0123456789", parv2[3][len - 1]) || parc2 < 2)
274 {
275 ircsprintf(mask, "%s.%s.%s.%lx",
276 parv2[parc2 - 4], parv2[parc2 - 3],
277 parv2[parc2 - 2], hash[3]);
278 }
279 else
280 {
281 /* isp.tld */
282 ircsprintf(mask, "%lx-%lx.%s.%s",
283 hash[0], hash[3], parv2[parc2 - 2], parv2[parc2 - 1]);
284 }
285 }
286 else
287 {
288 if (parc2 >= 4)
289 {
290 /* isp.sub.tld or district.isp.tld */
291 ircsprintf(mask, "%lx-%lx.%s.%s.%s",
292 hash[3], hash[1], parv2[parc2 - 3], parv2[parc2 - 2],
293 parv2[parc2 - 1]);
294 }
295 else
296 {
297 /* isp.tld */
298 ircsprintf(mask, "%lx-%lx.%s.%s",
299 hash[0], hash[3], parv2[parc2 - 2], parv2[parc2 - 1]);
300 }
301
302 if (parc2 >= 5)
303 {
304 /* zone.district.isp.tld or district.isp.sub.tld */
305 ircsprintf(mask, "%lx-%lx.%s.%s.%s.%s",
306 hash[1], hash[0], parv2[parc2 - 4], parv2[parc2 - 3],
307 parv2[parc2 - 2], parv2[parc2 - 1]);
308 }
309 else
310 {
311 /* isp.tld */
312 ircsprintf(mask, "%lx-%lx.%s.%s",
313 hash[0], hash[3], parv2[parc2 - 2], parv2[parc2 - 1]);
314 }
315 }
316
317 strlcpy(new, mask, HOSTLEN + 1);
318 }
319
320 /*
321 * set_vhost()
322 *
323 * inputs - pointer to given client to set IP cloak.
324 * outputs - NONE
325 * side effects - NONE
326 */
327 static void
328 set_vhost(struct Client *client_p, struct Client *source_p,
329 struct Client *target_p)
330 {
331 target_p->umodes |= umode_vhost;
332
333 if (IsUserHostIp(target_p))
334 delete_user_host(target_p->username, target_p->host, !MyConnect(target_p));
335
336 SetIPSpoof(target_p);
337 make_virthost(target_p->host, target_p->sockhost, target_p->host);
338
339 add_user_host(target_p->username, target_p->host, !MyConnect(target_p));
340 SetUserHost(target_p);
341
342 clear_ban_cache_client(target_p);
343
344 if (IsClient(target_p))
345 sendto_server(client_p, CAP_ENCAP, NOCAPS,
346 ":%s ENCAP * CHGHOST %s %s",
347 me.name, target_p->name, target_p->host);
348
349 sendto_one(target_p, form_str(RPL_HOSTHIDDEN),
350 me.name, target_p->name, target_p->host);
351 }
352
353 static void *
354 reset_ipv6err_flag(va_list args)
355 {
356 struct Client *client_p = va_arg(args, struct Client *);
357 struct Client *source_p = va_arg(args, struct Client *);
358
359 vhost_ipv6_err = 0;
360
361 return pass_callback(prev_enter_umode, client_p, source_p);
362 }
363
364 static void *
365 h_set_user_mode(va_list args)
366 {
367 struct Client *client_p = va_arg(args, struct Client *);
368 struct Client *target_p = va_arg(args, struct Client *);
369 int what = va_arg(args, int);
370 unsigned int flag = va_arg(args, unsigned int);
371
372 if (flag == umode_vhost)
373 {
374 if (what == MODE_ADD)
375 {
376 /* Automatically break if any of these conditions are met. -- knight- */
377 if (!MyConnect(target_p))
378 return NULL;
379
380 if (IsIPSpoof(target_p))
381 return NULL;
382
383 /*
384 * IPv6 could potentially core the server if a user connected via IPv6 sets +h
385 * so we need to check and break before that happens. -- knight-
386 */
387 #ifdef IPV6
388 if (target_p->localClient->aftype == AF_INET6)
389 {
390 if (!vhost_ipv6_err)
391 {
392 sendto_one(target_p, ":%s NOTICE %s :*** Sorry, IP cloaking "
393 "does not support IPv6 users!", me.name, target_p->name);
394 vhost_ipv6_err = 1;
395 }
396 }
397 else
398 #endif
399 set_vhost(client_p, target_p, target_p);
400 }
401
402 return NULL;
403 }
404
405 return pass_callback(prev_umode, client_p, target_p, what, flag);
406 }
407
408 static void
409 module_init(void)
410 {
411 if (!user_modes['h'])
412 {
413 unsigned int all_umodes = 0, i;
414
415 for (i = 0; i < 128; i++)
416 all_umodes |= user_modes[i];
417
418 for (umode_vhost = 1; umode_vhost && (all_umodes & umode_vhost);
419 umode_vhost <<= 1);
420
421 if (!umode_vhost)
422 {
423 ilog(LOG_TYPE_IRCD, "You have more than 32 usermodes, "
424 "IP cloaking not installed");
425 sendto_realops_flags(UMODE_ALL, L_ALL, "You have more than "
426 "32 usermodes, IP cloaking not installed");
427 return;
428 }
429
430 user_modes['h'] = umode_vhost;
431 assemble_umode_buffer();
432 }
433 else
434 {
435 ilog(LOG_TYPE_IRCD, "Usermode +h already in use, IP cloaking not installed");
436 sendto_realops_flags(UMODE_ALL, L_ALL, "Usermode +h already in use, "
437 "IP cloaking not installed");
438 return;
439 }
440
441 prev_enter_umode = install_hook(entering_umode_cb, reset_ipv6err_flag);
442 prev_umode = install_hook(umode_cb, h_set_user_mode);
443 }
444
445 static void
446 module_exit(void)
447 {
448 if (umode_vhost)
449 {
450 dlink_node *ptr;
451
452 DLINK_FOREACH(ptr, local_client_list.head)
453 {
454 struct Client *cptr = ptr->data;
455 cptr->umodes &= ~umode_vhost;
456 }
457
458 user_modes['h'] = 0;
459 assemble_umode_buffer();
460
461 uninstall_hook(entering_umode_cb, reset_ipv6err_flag);
462 uninstall_hook(umode_cb, h_set_user_mode);
463 }
464 }
465
466 struct module module_entry = {
467 .node = { NULL, NULL, NULL },
468 .name = NULL,
469 .version = "$Revision$",
470 .handle = NULL,
471 .modinit = module_init,
472 .modexit = module_exit,
473 .flags = 0
474 };

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28