]> git.netwichtig.de Git - user/henk/code/inspircd.git/blob - src/modules/extra/m_ssl_oper_cert.cpp
projects / user / henk / code / inspircd.git / blob
? search:


7b1c9086841ade510fb28c5c3150028b4237e7e8
[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_oper_cert.cpp
1 /*       +------------------------------------+\r *       | Inspire Internet Relay Chat Daemon |\r *       +------------------------------------+\r *\r *  InspIRCd: (C) 2002-2007 InspIRCd Development Team\r * See: http://www.inspircd.org/wiki/index.php/Credits\r *\r * This program is free but copyrighted software; see\r *            the file COPYING for details.\r *\r * ---------------------------------------------------\r */\r\r/* $ModDesc: Allows for MD5 encrypted oper passwords */\r/* $ModDep: transport.h */\r\r#include "inspircd.h"\r#include "inspircd_config.h"\r#include "users.h"\r#include "channels.h"\r#include "modules.h"\r#include "transport.h"\r#include "wildcard.h"\r\r/** Handle /FINGERPRINT\r */\rclass cmd_fingerprint : public command_t\r{\r public:\r cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)\r {\r              this->source = "m_ssl_oper_cert.so";\r           syntax = "<nickname>";\r }       \r                 \r     CmdResult Handle (const char** parameters, int pcnt, userrec *user)\r    {\r              userrec* target = ServerInstance->FindNick(parameters[0]);\r             if (target)\r            {\r                      ssl_cert* cert;\r                        if (target->GetExt("ssl_cert",cert))\r                   {\r                              if (cert->GetFingerprint().length())\r                           {\r                                      user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());\r                                     return CMD_SUCCESS;\r                            }\r                              else\r                           {\r                                      user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);\r                                 return CMD_FAILURE;\r                            }\r                      }\r                      else\r                   {\r                              user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);\r                                return CMD_FAILURE;\r                    }\r              }\r              else\r           {\r                      user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);\r                     return CMD_FAILURE;\r            }\r      }\r};\r\r\r\rclass ModuleOperSSLCert : public Module\r{\r      ssl_cert* cert;\r        bool HasCert;\r  cmd_fingerprint* mycommand;\r    ConfigReader* cf;\r public:\r\r    ModuleOperSSLCert(InspIRCd* Me)\r                : Module(Me)\r   {\r              mycommand = new cmd_fingerprint(ServerInstance);\r               ServerInstance->AddCommand(mycommand);\r         cf = new ConfigReader(ServerInstance);\r }\r\r     virtual ~ModuleOperSSLCert()\r   {\r              delete cf;\r     }\r\r     void Implements(char* List)\r    {\r              List[I_OnPreCommand] = List[I_OnRehash] = 1;\r   }\r\r     virtual void OnRehash(userrec* user, const std::string &parameter)\r     {\r              delete cf;\r             cf = new ConfigReader(ServerInstance);\r }\r\r     bool OneOfMatches(const char* host, const char* ip, const char* hostlist)\r      {\r              std::stringstream hl(hostlist);\r                std::string xhost;\r             while (hl >> xhost)\r            {\r                      if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))\r                 {\r                              return true;\r                   }\r              }\r              return false;\r  }\r\r\r    virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line)\r       {\r              irc::string cmd = command.c_str();\r             \r               if ((cmd == "OPER") && (validated))\r            {\r                      char TheHost[MAXBUF];\r                  char TheIP[MAXBUF];\r                    std::string LoginName;\r                 std::string Password;\r                  std::string OperType;\r                  std::string HostName;\r                  std::string FingerPrint;\r                       bool SSLOnly;\r                  char* dummy;\r\r                  snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);\r                       snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());\r\r                      HasCert = user->GetExt("ssl_cert",cert);\r\r                      for (int i = 0; i < cf->Enumerate("oper"); i++)\r                        {\r                              LoginName = cf->ReadValue("oper", "name", i);\r                          Password = cf->ReadValue("oper", "password", i);\r                               OperType = cf->ReadValue("oper", "type", i);\r                           HostName = cf->ReadValue("oper", "host", i);\r                           FingerPrint = cf->ReadValue("oper", "fingerprint", i);\r                         SSLOnly = cf->ReadFlag("oper", "sslonly", i);\r\r                         if (SSLOnly || !FingerPrint.empty())\r                           {\r                                      if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str())))\r                                      {\r                                              if (SSLOnly && !user->GetExt("ssl", dummy))\r                                            {\r                                                      user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick);\r                                                       return 1;\r                                              }\r\r                                             /* This oper would match */\r                                            if ((!cert) || (cert->GetFingerprint() != FingerPrint))\r                                                {\r                                                      user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);\r                                                       ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);\r                                                   ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);\r                                                     return 1;\r                                              }\r                                      }\r                              }\r                      }\r              }\r              return 0;\r      }\r\r     virtual Version GetVersion()\r   {\r              return Version(1,1,0,0,VF_VENDOR,API_VERSION);\r }\r};\r\rMODULE_INIT(ModuleOperSSLCert);\r\r