The "cgiirc" Module

Description

This module adds the ability for IRC gateways to forward the real IP address of users connecting through them.

Configuration

To load this module use the following <module> tag:

<module name="cgiirc">

<cgiirc>

The <cgiirc> tag defines settings about how the cgiirc module should behave. This tag can only be defined once.

Name Type Default Value Description
opernotice Boolean Yes Whether to send a notice to snomask w (local) and snomask W (remote) when a gateway tries to change an IP address.
Example Usage
<cgiirc opernotice="yes">

<cgihost>

The <cgihost> tag defines a specific IRC gateway. This tag can be defined as many times as required.

Name Type Default Value Description
fingerprint Text None Required for the webirc type if password is not set! The TLS (SSL) client certificate fingerprint that the WebIRC gateway will authenticate with.
mask Text None Required! The IP address or hostname of the gateway.
newident Text gateway If the ident type is used then the value to replace usernames (idents) that contain hexadecimal-encoded IPv4 addresses.
type Text None Required! The type of authentication that the gateway uses.
password Text None Required for the webirc type if fingerprint is not set! The password that the WebIRC gateway will authenticate with.
hash Text None If the webirc type is used the algorithm that the password is hashed with.

The hash field is currently optional but will be required in the next major version of InspIRCd when using password authentication.

The following hashing modules are included with InspIRCd:

Algorithm Module(s) Description
bcrypt bcrypt Hashes using the bcrypt algorithm.
hmac-md5 password_hash, md5 Hashes using the MD5 and HMAC algorithms.
hmac-sha1 password_hash, sha1 Hashes using the SHA-1 and HMAC algorithms.
hmac-sha256 password_hash, sha256 Hashes using the SHA-256 and HMAC algorithms.
md5 md5 Hashes using the MD5 algorithm.
pbkdf2-hmac-md5 pbkdf2, md5 Hashes using the MD5 and PBKDF2 algorithms.
pbkdf2-hmac-sha1 pbkdf2, sha1 Hashes using the SHA-1 and PBKDF2 algorithms.
pbkdf2-hmac-sha256 pbkdf2, sha256 Hashes using the SHA-256 and PBKDF2 algorithms.
sha256 sha256 Hashes using the SHA-256 algorithm.
sha1 sha1 Hashes using the SHA-1 algorithm.

The type field should be set to one of the following values:

Value Description
ident The IP address of the user will be sent in the username (ident) field in hexadecimal (IPv4 only).
webirc The IP address of the user will be sent using the /WEBIRC command (recommended).
Example Usage

Tells the cgiirc module that the *.ident.gateway.example.com gateway will encode the IPv4 address of users into their username (ident).

<cgihost type="ident"
         mask="*.ident.gateway.example.com"
         newident="wobble">

Tells the cgiirc module that gateways with an IP matching 192.0.2.0/24 will send the IP address of users with the /WEBIRC command using TLS (SSL) client certificate fingerprint authentication:

<cgihost type="webirc"
         fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
         mask="192.0.2.0/24">

Tells the cgiirc module that gateways with a hostname matching *.webirc.gateway.example.com will send the IP address of users with the /WEBIRC command using password authentication:

<cgihost type="webirc"
         password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
         hash="bcrypt"
         mask="*.webirc.gateway.example.com">

Commands

Name Parameter Count Syntax Description
WEBIRC 4-5 <password> <gateway> <hostname> <address> [<flags>] Allows gateways to specify the hostname and IP address of users.

More information about the /WEBIRC command is available on the IRCv3 website.

Server Notice Masks

Character Description
w Notifications about gateways changing IP addresses on the local server.
W Notifications about gateways changing IP addresses on a remote server.

Special Notes

The /WEBIRC command should generally not be executed by users. It is intended to be an entirely internal feature which is executed automatically by gateways.