1 /* +------------------------------------+
\r * | Inspire Internet Relay Chat Daemon |
\r * +------------------------------------+
\r *
\r * InspIRCd: (C) 2002-2007 InspIRCd Development Team
\r * See: http://www.inspircd.org/wiki/index.php/Credits
\r *
\r * This program is free but copyrighted software; see
\r * the file COPYING for details.
\r *
\r * ---------------------------------------------------
\r */
\r\r/* $ModDesc: Allows for MD5 encrypted oper passwords */
\r/* $ModDep: transport.h */
\r\r#include "inspircd.h"
\r#include "inspircd_config.h"
\r#include "users.h"
\r#include "channels.h"
\r#include "modules.h"
\r#include "transport.h"
\r#include "wildcard.h"
\r\r/** Handle /FINGERPRINT
\r */
\rclass cmd_fingerprint : public command_t
\r{
\r public:
\r cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)
\r {
\r this->source = "m_ssl_oper_cert.so";
\r syntax = "<nickname>";
\r }
\r \r CmdResult Handle (const char** parameters, int pcnt, userrec *user)
\r {
\r userrec* target = ServerInstance->FindNick(parameters[0]);
\r if (target)
\r {
\r ssl_cert* cert;
\r if (target->GetExt("ssl_cert",cert))
\r {
\r if (cert->GetFingerprint().length())
\r {
\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());
\r return CMD_SUCCESS;
\r }
\r else
\r {
\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);
\r return CMD_FAILURE;
\r }
\r }
\r else
\r {
\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);
\r return CMD_FAILURE;
\r }
\r }
\r else
\r {
\r user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);
\r return CMD_FAILURE;
\r }
\r }
\r};
\r\r\r\rclass ModuleOperSSLCert : public Module
\r{
\r ssl_cert* cert;
\r bool HasCert;
\r cmd_fingerprint* mycommand;
\r ConfigReader* cf;
\r public:
\r\r ModuleOperSSLCert(InspIRCd* Me)
\r : Module(Me)
\r {
\r mycommand = new cmd_fingerprint(ServerInstance);
\r ServerInstance->AddCommand(mycommand);
\r cf = new ConfigReader(ServerInstance);
\r }
\r\r virtual ~ModuleOperSSLCert()
\r {
\r delete cf;
\r }
\r\r void Implements(char* List)
\r {
\r List[I_OnPreCommand] = List[I_OnRehash] = 1;
\r }
\r\r virtual void OnRehash(userrec* user, const std::string ¶meter)
\r {
\r delete cf;
\r cf = new ConfigReader(ServerInstance);
\r }
\r\r bool OneOfMatches(const char* host, const char* ip, const char* hostlist)
\r {
\r std::stringstream hl(hostlist);
\r std::string xhost;
\r while (hl >> xhost)
\r {
\r if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))
\r {
\r return true;
\r }
\r }
\r return false;
\r }
\r\r\r virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line)
\r {
\r irc::string cmd = command.c_str();
\r \r if ((cmd == "OPER") && (validated))
\r {
\r char TheHost[MAXBUF];
\r char TheIP[MAXBUF];
\r std::string LoginName;
\r std::string Password;
\r std::string OperType;
\r std::string HostName;
\r std::string FingerPrint;
\r bool SSLOnly;
\r char* dummy;
\r\r snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);
\r snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());
\r\r HasCert = user->GetExt("ssl_cert",cert);
\r\r for (int i = 0; i < cf->Enumerate("oper"); i++)
\r {
\r LoginName = cf->ReadValue("oper", "name", i);
\r Password = cf->ReadValue("oper", "password", i);
\r OperType = cf->ReadValue("oper", "type", i);
\r HostName = cf->ReadValue("oper", "host", i);
\r FingerPrint = cf->ReadValue("oper", "fingerprint", i);
\r SSLOnly = cf->ReadFlag("oper", "sslonly", i);
\r\r if (SSLOnly || !FingerPrint.empty())
\r {
\r if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str())))
\r {
\r if (SSLOnly && !user->GetExt("ssl", dummy))
\r {
\r user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick);
\r return 1;
\r }
\r\r /* This oper would match */
\r if ((!cert) || (cert->GetFingerprint() != FingerPrint))
\r {
\r user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);
\r ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);
\r ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);
\r return 1;
\r }
\r }
\r }
\r }
\r }
\r return 0;
\r }
\r\r virtual Version GetVersion()
\r {
\r return Version(1,1,0,0,VF_VENDOR,API_VERSION);
\r }
\r};
\r\rMODULE_INIT(ModuleOperSSLCert);
\r\r