1. 13 Sep, 2020 1 commit
  2. 19 Apr, 2019 1 commit
    • Janik Kleinhoff's avatar
      masks.c: actually set last_matched on the proper mask(s) · 0846976c
      Janik Kleinhoff authored
      Fixes only the last mask processed being updated (whether or not it
      actually matched), instead updating all masks that do match (reported or
      not).
      
      We also no longer stop processing when handling an exempt mask since
      otherwise we'd update last_matched for all *previous* matching masks,
      which would be quite counterintuitive.
      0846976c
  3. 14 Mar, 2019 1 commit
  4. 04 Mar, 2019 1 commit
    • Janik Kleinhoff's avatar
      get_random_host_part: hash uid!user@host, rather than just uid · 71842e71
      Janik Kleinhoff authored
      This should significantly reduce the chance for the same x-part to be
      reused after an ircd restart (unless, of course, the user is the same).
      
      Alternatively, we could hash just user@host, but then it would no longer
      be "random"-type cloaking, plus there's already ident-type cloaking.
      71842e71
  5. 19 Feb, 2019 5 commits
  6. 13 Feb, 2019 1 commit
  7. 11 Feb, 2019 2 commits
  8. 25 Jan, 2019 1 commit
  9. 24 Jan, 2019 5 commits
    • Janik Kleinhoff's avatar
      facilities.c: properly restore session cloaks · 7e74385f
      Janik Kleinhoff authored
      0124 232639 -!- test (test) [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has joined #services
      
      Set a project cloak:
      0124 233021 -!- test [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has quit [Changing host]
      0124 233021 -!- test (test) [ilbelkyr@project/example] has joined #services
      
      Remove cloak:
      0124 233032 -!- test [ilbelkyr@project/example] has quit [Changing host]
      0124 233032 -!- test (test) [ilbelkyr@gateway/test/session] has joined #services
      0124 233032 -!- test [ilbelkyr@gateway/test/session] has quit [Changing host]
      0124 233032 -!- test (test) [ilbelkyr@gateway/test/x-wvgwoklegibimcqp] has joined #services
      
      This is still not perfect but a lot better than the previous behaviour,
      where the project cloak would be restored instead.
      
      We store the computed facility cloak in per-user metadata; user metadata
      is not actually written to disk, unlike myuser or mychan metadata. This
      is necessary due to the "random" cloaking type.
      7e74385f
    • Janik Kleinhoff's avatar
      facilities.c: add "account" cloaking type · 5f912fa1
      Janik Kleinhoff authored
      This is designed to work with sasl_usercloak-style auth spoofs,
      replacing the tor-sasl and PIA special cases. Fixes #4.
      
      Note that you must set account cloaking on the Tor and PIA facilities to
      make sure gateway cloaks will be properly enforced.
      5f912fa1
    • Janik Kleinhoff's avatar
      Merge branch 'ident-cloaking' · b3ab144d
      Janik Kleinhoff authored
      b3ab144d
    • Janik Kleinhoff's avatar
      help/addmask: give example of non-/ delimiters · d23d044b
      Janik Kleinhoff authored
      Being able to use e.g. # is quite useful if your mask includes /
      characters for whatever reason, so mention that it's possible.
      d23d044b
    • Janik Kleinhoff's avatar
      masks.c: add last matched timestamp for LISTMASK · 52267ba7
      Janik Kleinhoff authored
      Fixes #5.
      52267ba7
  10. 23 Jan, 2019 3 commits
  11. 20 Jan, 2019 2 commits
  12. 18 Jan, 2019 1 commit
    • Janik Kleinhoff's avatar
      facilities.c: use patricias instead of dictionaries · 654ccf45
      Janik Kleinhoff authored
      Per #2 I have no idea how mowgli dictionaries work, if at all, but
      atheme has moved to patricias anyway without issue, and this change
      makes things actually work.
      
      I'm not sure there's anything else using the current mowgli dictionary
      implementation. Atheme certainly doesn't, nor do libmowgli internals.
      654ccf45
  13. 18 Mar, 2018 1 commit
    • Janik Kleinhoff's avatar
      facilities: Add "ident" cloaking type · d0f72f63
      Janik Kleinhoff authored
      Fixes #6.
      
      <@syn> FACILITY ADD gateway/web/irccloud.com by ilbelkitty (ilbelkyr)
      <@syn> FACILITY SET cloaking->ident for gateway/web/irccloud.com by ilbelkitty (ilbelkyr)
      
      Test cases:
      
      Basic ident
      uid123456 -> gateway/web/irccloud.com/uid123456
      
      Maximum-length ident is handled properly
      maxlen1234 -> gateway/web/irccloud.com/maxlen1234
      
      Invalid/disallowed cloak characters in ident
      (test twice to ensure the x-part remains stable)
      test_me -> gateway/web/irccloud.com/testme/x-30596902
      
      Client-sent USER behaves as ident
      ~test_me -> gateway/web/irccloud.com/testme/x-30596902
      
      Starting digits removed to avoid CIDR lookalikes
      01test23 -> gateway/web/irccloud.com/test23/x-30027077
      
      Different idents generate different x-parts
      89test23 -> gateway/web/irccloud.com/test23/x-97047605
      
      Entire ident is invalid/disallowed in hostname as-is
      1000 -> gateway/web/irccloud.com//x-31162250
      
      The last of these is probably the most concerning, but similar is
      already possible with Tor/PIA cloaking right now as far as I can tell.
      d0f72f63
  14. 16 Mar, 2018 4 commits
  15. 10 May, 2016 3 commits
  16. 02 Jan, 2015 1 commit
  17. 29 Jun, 2014 2 commits
  18. 18 Jun, 2013 1 commit
  19. 10 Jun, 2013 1 commit
  20. 09 Jun, 2013 3 commits