fix #1479

Give Tor clients who authenticate via SASL a unique cloak, so chanops can ban *!*@tor-network.onion and still allow authenticated Tor users
2024-11-11 06:29:29 +01:00 · 2021-01-12 08:40:13 -05:00 · 2021-01-12 08:40:13 -05:00 · d1f8317180
commit d1f8317180
parent f2a40b9e5d
2 changed files with 21 additions and 0 deletions
--- a/irc/getters.go
+++ b/irc/getters.go
@ -307,6 +307,13 @@ func (client *Client) setAccountName(name string) {
 	client.accountName = name
 }

+func (client *Client) setCloakedHostname(cloak string) {
+	client.stateMutex.Lock()
+	defer client.stateMutex.Unlock()
+	client.cloakedHostname = cloak
+	client.updateNickMaskNoMutex()
+}
+
 func (client *Client) historyCutoff() (cutoff time.Time) {
 	client.stateMutex.Lock()
 	if client.account != "" {
--- a/irc/handlers.go
+++ b/irc/handlers.go
@ -116,6 +116,20 @@ func sendSuccessfulAccountAuth(service *ircService, client *Client, rb *Response
 		client.server.sendLoginSnomask(details.nickMask, details.accountName)
 	}

+	// #1479: for Tor clients, replace the hostname with the always-on cloak here
+	// (for normal clients, this would discard the IP-based cloak, but with Tor
+	// there's no such concern)
+	if rb.session.isTor {
+		config := client.server.Config()
+		if config.Server.Cloaks.EnabledForAlwaysOn {
+			cloakedHostname := config.Server.Cloaks.ComputeAccountCloak(details.accountName)
+			client.setCloakedHostname(cloakedHostname)
+			if client.registered {
+				client.sendChghost(details.nickMask, client.Hostname())
+			}
+		}
+	}
+
 	client.server.logger.Info("accounts", "client", details.nick, "logged into account", details.accountName)
 }