-/* +------------------------------------+\r * | Inspire Internet Relay Chat Daemon |\r * +------------------------------------+\r *\r * InspIRCd: (C) 2002-2007 InspIRCd Development Team\r * See: http://www.inspircd.org/wiki/index.php/Credits\r *\r * This program is free but copyrighted software; see\r * the file COPYING for details.\r *\r * ---------------------------------------------------\r */\r\r/* $ModDesc: Allows for MD5 encrypted oper passwords */\r/* $ModDep: transport.h */\r\r#include "inspircd.h"\r#include "inspircd_config.h"\r#include "users.h"\r#include "channels.h"\r#include "modules.h"\r#include "transport.h"\r#include "wildcard.h"\r\r/** Handle /FINGERPRINT\r */\rclass cmd_fingerprint : public command_t\r{\r public:\r cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)\r {\r this->source = "m_ssl_oper_cert.so";\r syntax = "<nickname>";\r } \r \r CmdResult Handle (const char** parameters, int pcnt, userrec *user)\r {\r userrec* target = ServerInstance->FindNick(parameters[0]);\r if (target)\r {\r ssl_cert* cert;\r if (target->GetExt("ssl_cert",cert))\r {\r if (cert->GetFingerprint().length())\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());\r return CMD_SUCCESS;\r }\r else\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);\r return CMD_FAILURE;\r }\r }\r else\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);\r return CMD_FAILURE;\r }\r }\r else\r {\r user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);\r return CMD_FAILURE;\r }\r }\r};\r\r\r\rclass ModuleOperSSLCert : public Module\r{\r ssl_cert* cert;\r bool HasCert;\r cmd_fingerprint* mycommand;\r ConfigReader* cf;\r public:\r\r ModuleOperSSLCert(InspIRCd* Me)\r : Module(Me)\r {\r mycommand = new cmd_fingerprint(ServerInstance);\r ServerInstance->AddCommand(mycommand);\r cf = new ConfigReader(ServerInstance);\r }\r\r virtual ~ModuleOperSSLCert()\r {\r delete cf;\r }\r\r void Implements(char* List)\r {\r List[I_OnPreCommand] = List[I_OnRehash] = 1;\r }\r\r virtual void OnRehash(userrec* user, const std::string ¶meter)\r {\r delete cf;\r cf = new ConfigReader(ServerInstance);\r }\r\r bool OneOfMatches(const char* host, const char* ip, const char* hostlist)\r {\r std::stringstream hl(hostlist);\r std::string xhost;\r while (hl >> xhost)\r {\r if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))\r {\r return true;\r }\r }\r return false;\r }\r\r\r virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line)\r {\r irc::string cmd = command.c_str();\r \r if ((cmd == "OPER") && (validated))\r {\r char TheHost[MAXBUF];\r char TheIP[MAXBUF];\r std::string LoginName;\r std::string Password;\r std::string OperType;\r std::string HostName;\r std::string FingerPrint;\r bool SSLOnly;\r char* dummy;\r\r snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);\r snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());\r\r HasCert = user->GetExt("ssl_cert",cert);\r\r for (int i = 0; i < cf->Enumerate("oper"); i++)\r {\r LoginName = cf->ReadValue("oper", "name", i);\r Password = cf->ReadValue("oper", "password", i);\r OperType = cf->ReadValue("oper", "type", i);\r HostName = cf->ReadValue("oper", "host", i);\r FingerPrint = cf->ReadValue("oper", "fingerprint", i);\r SSLOnly = cf->ReadFlag("oper", "sslonly", i);\r\r if (SSLOnly || !FingerPrint.empty())\r {\r if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str())))\r {\r if (SSLOnly && !user->GetExt("ssl", dummy))\r {\r user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick);\r return 1;\r }\r\r /* This oper would match */\r if ((!cert) || (cert->GetFingerprint() != FingerPrint))\r {\r user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);\r ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);\r ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);\r return 1;\r }\r }\r }\r }\r }\r return 0;\r }\r\r virtual Version GetVersion()\r {\r return Version(1,1,0,0,VF_VENDOR,API_VERSION);\r }\r};\r\rMODULE_INIT(ModuleOperSSLCert);\r\r
\ No newline at end of file
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd: (C) 2002-2008 InspIRCd Development Team
+ * See: http://www.inspircd.org/wiki/index.php/Credits
+ *
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+/* $ModDesc: Allows for MD5 encrypted oper passwords */
+/* $ModDep: transport.h */
+
+#include "inspircd.h"
+#include "inspircd_config.h"
+#include "users.h"
+#include "channels.h"
+#include "modules.h"
+#include "transport.h"
+#include "wildcard.h"
+
+/** Handle /FINGERPRINT
+ */
+class cmd_fingerprint : public Command
+{
+ public:
+ cmd_fingerprint (InspIRCd* Instance) : Command(Instance,"FINGERPRINT", 0, 1)
+ {
+ this->source = "m_ssl_oper_cert.so";
+ syntax = "<nickname>";
+ }
+
+ CmdResult Handle (const char* const* parameters, int pcnt, User *user)
+ {
+ User* target = ServerInstance->FindNick(parameters[0]);
+ if (target)
+ {
+ ssl_cert* cert;
+ if (target->GetExt("ssl_cert",cert))
+ {
+ if (cert->GetFingerprint().length())
+ {
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());
+ return CMD_SUCCESS;
+ }
+ else
+ {
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);
+ return CMD_FAILURE;
+ }
+ }
+ else
+ {
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);
+ return CMD_FAILURE;
+ }
+ }
+ else
+ {
+ user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);
+ return CMD_FAILURE;
+ }
+ }
+};
+
+
+
+class ModuleOperSSLCert : public Module
+{
+ ssl_cert* cert;
+ bool HasCert;
+ cmd_fingerprint* mycommand;
+ ConfigReader* cf;
+ public:
+
+ ModuleOperSSLCert(InspIRCd* Me)
+ : Module(Me)
+ {
+ mycommand = new cmd_fingerprint(ServerInstance);
+ ServerInstance->AddCommand(mycommand);
+ cf = new ConfigReader(ServerInstance);
+ Implementation eventlist[] = { I_OnPreCommand, I_OnRehash };
+ ServerInstance->Modules->Attach(eventlist, this, 2);
+ }
+
+ virtual ~ModuleOperSSLCert()
+ {
+ delete cf;
+ }
+
+
+ virtual void OnRehash(User* user, const std::string ¶meter)
+ {
+ delete cf;
+ cf = new ConfigReader(ServerInstance);
+ }
+
+ bool OneOfMatches(const char* host, const char* ip, const char* hostlist)
+ {
+ std::stringstream hl(hostlist);
+ std::string xhost;
+ while (hl >> xhost)
+ {
+ if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ virtual int OnPreCommand(const std::string &command, const char* const* parameters, int pcnt, User *user, bool validated, const std::string &original_line)
+ {
+ irc::string cmd = command.c_str();
+
+ if ((cmd == "OPER") && (validated))
+ {
+ char TheHost[MAXBUF];
+ char TheIP[MAXBUF];
+ std::string LoginName;
+ std::string Password;
+ std::string OperType;
+ std::string HostName;
+ std::string HashType;
+ std::string FingerPrint;
+ bool SSLOnly;
+ char* dummy;
+
+ snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);
+ snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());
+
+ HasCert = user->GetExt("ssl_cert",cert);
+
+ for (int i = 0; i < cf->Enumerate("oper"); i++)
+ {
+ LoginName = cf->ReadValue("oper", "name", i);
+ Password = cf->ReadValue("oper", "password", i);
+ OperType = cf->ReadValue("oper", "type", i);
+ HostName = cf->ReadValue("oper", "host", i);
+ HashType = cf->ReadValue("oper", "hash", i);
+ FingerPrint = cf->ReadValue("oper", "fingerprint", i);
+ SSLOnly = cf->ReadFlag("oper", "sslonly", i);
+
+ if (SSLOnly || !FingerPrint.empty())
+ {
+ if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->PassCompare(user, Password.c_str(),parameters[1], HashType.c_str())) && (OneOfMatches(TheHost,TheIP,HostName.c_str())))
+ {
+ if (SSLOnly && !user->GetExt("ssl", dummy))
+ {
+ user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick);
+ return 1;
+ }
+
+ /* This oper would match */
+ if ((!cert) || (cert->GetFingerprint() != FingerPrint))
+ {
+ user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);
+ ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);
+ ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);
+ return 1;
+ }
+ }
+ }
+ }
+ }
+ return 0;
+ }
+
+ virtual Version GetVersion()
+ {
+ return Version(1,1,0,0,VF_VENDOR,API_VERSION);
+ }
+};
+
+MODULE_INIT(ModuleOperSSLCert)
+
projects / user / henk / code / inspircd.git / blobdiff