Allow setting a different hostparts option for UNIX sockets.

This defaults to 1 as it doesn't really make sense to expose more than just this.
2025-03-09 10:39:02 -04:00 · 2023-01-18 14:14:51 +00:00 · 2023-01-18 14:14:51 +00:00 · 88a0ef203e
commit 88a0ef203e
parent ca8a576c74
2 changed files with 16 additions and 9 deletions
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@ -591,9 +591,11 @@
 #  case      - The case of the cloak table. Can be set to "upper" or  #
 #              "lower". Defaults to "lower".                          #
 #                                                                     #
-#  hostparts - The maximum number of hostname labels or UNIX socket   #
-#              path segments that should be visible on the end of a   #
-#              host. Defaults to 3.                                   #
+#  hostparts - The maximum number of hostname labels that should be   #
+#              visible on the end of a host. Defaults to 3.           #
+#                                                                     #
+#  pathparts - The maximum number of UNIX socket path segments that   #
+#              should be visible on the end of a host. Defaults to 1. #
 #                                                                     #
 #  psl       - If non-empty then the path to a Mozilla Public Suffix  #
 #              List database to use for finding the visible part of a #
@ -613,6 +615,7 @@
 #       suffix="ip"
 #       case="lower"
 #       hostparts="3"
+#       pathparts="1"
 #       psl="system">
 #
 #<cloak mode="hmac-sha256-ip"
@ -620,7 +623,7 @@
 #       prefix="MyNet"
 #       suffix="ip"
 #       case="lower"
-#       hostparts="3">
+#       pathparts="1">

 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Codepage module: Allows using a custom 8-bit codepage for nicknames
--- a/src/modules/m_cloak_sha256.cpp
+++ b/src/modules/m_cloak_sha256.cpp
@ -61,6 +61,9 @@ private:
 	// The secret used for generating cloaks.
 	const std::string key;

+	// The number of parts of the UNIX socket path shown.
+	const unsigned long pathparts;
+
 	// The prefix for cloaks (e.g. MyNet).
 	const std::string prefix;

@ -87,7 +90,7 @@ private:
 			case AF_INET6:
 				return CloakIPv6(sa.in6.sin6_addr.s6_addr);
 			case AF_UNIX:
-				return CloakHost(sa.un.sun_path, '/');
+				return CloakHost(sa.un.sun_path, '/', pathparts);
 		}

 		// Should never be reached.
@ -137,7 +140,7 @@ private:
 		return Wrap(InspIRCd::Format("%s:%s:%s", alpha.c_str(), beta.c_str(), gamma.c_str()), suffix, ':');
 	}

-	std::string CloakHost(const std::string& host, char separator)
+	std::string CloakHost(const std::string& host, char separator, unsigned long parts)
 	{
 		// Attempt to divine the public part of the hostname.
 		std::string visiblepart;
@ -153,7 +156,7 @@ private:

 		// If libpsl failed to find a suffix or wasn't available fall back.
 		if (visiblepart.empty())
-			visiblepart = Cloak::VisiblePart(host, hostparts, separator);
+			visiblepart = Cloak::VisiblePart(host, parts, separator);

 		// Convert the host to lowercase to avoid ban evasion.
 		std::string lowerhost(host.length(), '\0');
@ -187,6 +190,7 @@ public:
 		, cloakhost(ch)
 		, hostparts(tag->getUInt("hostparts", 3, 1, UINT_MAX))
 		, key(k)
+		, pathparts(tag->getUInt("pathparts", 1, 1, ServerInstance->Config->Limits.MaxHost / 2))
 		, prefix(tag->getString("prefix"))
 #ifdef HAS_LIBPSL
 		, psl(p)
@ -217,7 +221,7 @@ public:
 		if (!cloakhost || (sa.from(user->GetRealHost()) && sa.addr() == user->client_sa.addr()))
 			return CloakAddress(user->client_sa);

-		return CloakHost(user->GetRealHost(), '.');
+		return CloakHost(user->GetRealHost(), '.', hostparts);
 	}

 	std::string Generate(const std::string& hostip) override
@ -230,7 +234,7 @@ public:
 			return CloakAddress(sa);

 		if (cloakhost)
-			return CloakHost(hostip, '.');
+			return CloakHost(hostip, '.', hostparts);

 		return {}; // Only reachable on hmac-sha256-ip.
 	}