3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 13:29:27 +01:00
Give Tor clients who authenticate via SASL a unique cloak, so chanops
can ban *!*@tor-network.onion and still allow authenticated Tor users
This commit is contained in:
Shivaram Lingamneni 2021-01-12 08:40:13 -05:00
parent f2a40b9e5d
commit d1f8317180
2 changed files with 21 additions and 0 deletions

View File

@ -307,6 +307,13 @@ func (client *Client) setAccountName(name string) {
client.accountName = name
}
func (client *Client) setCloakedHostname(cloak string) {
client.stateMutex.Lock()
defer client.stateMutex.Unlock()
client.cloakedHostname = cloak
client.updateNickMaskNoMutex()
}
func (client *Client) historyCutoff() (cutoff time.Time) {
client.stateMutex.Lock()
if client.account != "" {

View File

@ -116,6 +116,20 @@ func sendSuccessfulAccountAuth(service *ircService, client *Client, rb *Response
client.server.sendLoginSnomask(details.nickMask, details.accountName)
}
// #1479: for Tor clients, replace the hostname with the always-on cloak here
// (for normal clients, this would discard the IP-based cloak, but with Tor
// there's no such concern)
if rb.session.isTor {
config := client.server.Config()
if config.Server.Cloaks.EnabledForAlwaysOn {
cloakedHostname := config.Server.Cloaks.ComputeAccountCloak(details.accountName)
client.setCloakedHostname(cloakedHostname)
if client.registered {
client.sendChghost(details.nickMask, client.Hostname())
}
}
}
client.server.logger.Info("accounts", "client", details.nick, "logged into account", details.accountName)
}