Commit cf00784b authored by Johannes Schilling's avatar Johannes Schilling
Browse files

remove domain guessing

not even all freenode hosts have a reverse dns ending in .freenode.net,
some (quakenet..) often have none at all, so our heuristic is pretty
much useless
parent 03670d78
......@@ -3,10 +3,9 @@ pcidentd
A *P*rivacy *C*onserving Ident Daemon.
Uses HMAC with uid and requesting server domain (without subdomains) to generate
a per-domain unique ident response. If no reverse DNS is available for a
requesting server, no domain is part of ident response generation; i.e. for all
such servers the response will be the same for a specific user.
Uses HMAC with uid to generate a unique ident response which cannot be linked to
the original user name. A single user can however be pseudonymously tracked
across different IRC networks.
USAGE
-----
......
......@@ -38,7 +38,6 @@ import (
"os"
"regexp"
"strconv"
"strings"
)
const (
......@@ -139,23 +138,10 @@ func handleIdentRequest(c net.Conn, hmacSecret []byte) error {
return err
}
// idea: have the same ident accross multiple servers of the same network
// (e.g. foo.freenode.net, bar.freenode.net, ..), so we make the domain
// without subdomains part of the hmac sum.
guessedDomain, err := guessRemoteAddrDomain(rIPstr)
if err != nil {
log.Printf("reverse lookup failed for %v: %v", rIPstr, err)
// if reverse dns fails for our peer, we must use a stable identifier.
// this makes the ident string for one user for all hosts without
// reverse dns the same, but can't be helped really
guessedDomain = ""
}
// use hmac, because plain hash would allow local users to brute force ident
// response (i.e. reverse lookup)
mac := hmac.New(sha256.New, hmacSecret)
fmt.Fprintln(mac, uid)
fmt.Fprintln(mac, guessedDomain)
macB64 := base64.StdEncoding.EncodeToString(mac.Sum(nil))
_, err = fmt.Fprintf(c, "%d,%d:USERID:OTHER:%s\n",
......@@ -167,22 +153,6 @@ func handleIdentRequest(c net.Conn, hmacSecret []byte) error {
return nil
}
func guessRemoteAddrDomain(rIPstr string) (string, error) {
hostnames, err := net.LookupAddr(rIPstr)
if err != nil {
return "", err
}
parts := strings.Split(hostnames[0], ".")
n := len(parts)
// just tld?
if n < 3 {
return hostnames[0], nil
}
return strings.Join(parts[n-3:], "."), nil
}
func parsePort(in string) (int, error) {
p, err := strconv.ParseUint(in, 10, 16)
return int(p), err
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment