* | Inspire Internet Relay Chat Daemon |
* +------------------------------------+
*
- * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev.
- * E-mail:
- * <brain@chatspike.net>
- * <Craig@chatspike.net>
- *
- * Written by Craig Edwards, Craig McLure, and others.
+ * InspIRCd: (C) 2002-2008 InspIRCd Development Team
+ * See: http://www.inspircd.org/wiki/index.php/Credits
+ *
* This program is free but copyrighted software; see
* the file COPYING for details.
*
*/
/* $ModDesc: Allows for MD5 encrypted oper passwords */
+/* $ModDep: transport.h */
-using namespace std;
-
-#include <stdio.h>
-#include "inspircd_config.h"
-#include "users.h"
-#include "channels.h"
-#include "modules.h"
#include "inspircd.h"
-#include "ssl_cert.h"
-#include "wildcard.h"
+#include "transport.h"
-class cmd_fingerprint : public command_t
+/** Handle /FINGERPRINT
+ */
+class CommandFingerprint : public Command
{
public:
- cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)
+ CommandFingerprint (InspIRCd* Instance) : Command(Instance,"FINGERPRINT", 0, 1)
{
this->source = "m_ssl_oper_cert.so";
syntax = "<nickname>";
- }
-
- void Handle (const char** parameters, int pcnt, userrec *user)
+ }
+
+ CmdResult Handle (const std::vector<std::string> ¶meters, User *user)
{
- userrec* target = ServerInstance->FindNick(parameters[0]);
+ User* target = ServerInstance->FindNick(parameters[0]);
if (target)
{
ssl_cert* cert;
if (target->GetExt("ssl_cert",cert))
{
if (cert->GetFingerprint().length())
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());
+ {
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick.c_str(),target->nick.c_str(),cert->GetFingerprint().c_str());
+ return CMD_SUCCESS;
+ }
else
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);
+ {
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(),target->nick.c_str());
+ return CMD_FAILURE;
+ }
}
else
{
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);
+ user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(), target->nick.c_str());
+ return CMD_FAILURE;
}
}
else
{
- user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);
+ user->WriteNumeric(401, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str());
+ return CMD_FAILURE;
}
}
};
{
ssl_cert* cert;
bool HasCert;
- cmd_fingerprint* mycommand;
+ CommandFingerprint* mycommand;
+ ConfigReader* cf;
public:
ModuleOperSSLCert(InspIRCd* Me)
- : Module::Module(Me)
+ : Module(Me)
{
-
- mycommand = new cmd_fingerprint(ServerInstance);
+ mycommand = new CommandFingerprint(ServerInstance);
ServerInstance->AddCommand(mycommand);
+ cf = new ConfigReader(ServerInstance);
+ Implementation eventlist[] = { I_OnPreCommand, I_OnRehash };
+ ServerInstance->Modules->Attach(eventlist, this, 2);
}
-
+
virtual ~ModuleOperSSLCert()
{
+ delete cf;
}
- void Implements(char* List)
+
+ virtual void OnRehash(User* user, const std::string ¶meter)
{
- List[I_OnPreCommand] = 1;
+ delete cf;
+ cf = new ConfigReader(ServerInstance);
}
-
bool OneOfMatches(const char* host, const char* ip, const char* hostlist)
{
std::stringstream hl(hostlist);
std::string xhost;
while (hl >> xhost)
{
- if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))
+ if (InspIRCd::Match(host, xhost, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(ip, xhost, ascii_case_insensitive_map))
{
return true;
}
return false;
}
-
- virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated)
+ virtual int OnPreCommand(std::string &command, std::vector<std::string> ¶meters, User *user, bool validated, const std::string &original_line)
{
irc::string cmd = command.c_str();
-
+
if ((cmd == "OPER") && (validated))
{
- char LoginName[MAXBUF];
- char Password[MAXBUF];
- char OperType[MAXBUF];
- char HostName[MAXBUF];
char TheHost[MAXBUF];
char TheIP[MAXBUF];
- char FingerPrint[MAXBUF];
-
- snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);
- snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());
+ std::string LoginName;
+ std::string Password;
+ std::string OperType;
+ std::string HostName;
+ std::string HashType;
+ std::string FingerPrint;
+ bool SSLOnly;
+ char* dummy;
+
+ snprintf(TheHost,MAXBUF,"%s@%s",user->ident.c_str(),user->host.c_str());
+ snprintf(TheIP, MAXBUF,"%s@%s",user->ident.c_str(),user->GetIPString());
HasCert = user->GetExt("ssl_cert",cert);
- ServerInstance->Log(DEBUG,"HasCert=%d",HasCert);
- for (int i = 0; i < ServerInstance->Config->ConfValueEnum(ServerInstance->Config->config_data, "oper"); i++)
+
+ for (int i = 0; i < cf->Enumerate("oper"); i++)
{
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "name", i, LoginName, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "password", i, Password, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "type", i, OperType, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "host", i, HostName, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "fingerprint", i, FingerPrint, MAXBUF);
-
- if (*FingerPrint)
+ LoginName = cf->ReadValue("oper", "name", i);
+ Password = cf->ReadValue("oper", "password", i);
+ OperType = cf->ReadValue("oper", "type", i);
+ HostName = cf->ReadValue("oper", "host", i);
+ HashType = cf->ReadValue("oper", "hash", i);
+ FingerPrint = cf->ReadValue("oper", "fingerprint", i);
+ SSLOnly = cf->ReadFlag("oper", "sslonly", i);
+
+ if (FingerPrint.empty() && !SSLOnly)
+ continue;
+
+ if (LoginName != parameters[0])
+ continue;
+
+ if (!OneOfMatches(TheHost, TheIP, HostName.c_str()))
+ continue;
+
+ if (Password.length() && ServerInstance->PassCompare(user, Password.c_str(),parameters[1].c_str(), HashType.c_str()))
+ continue;
+
+ if (SSLOnly && !user->GetExt("ssl", dummy))
{
- if ((!strcmp(LoginName,parameters[0])) && (!ServerInstance->OperPassCompare(Password,parameters[1])) && (OneOfMatches(TheHost,TheIP,HostName)))
- {
- /* This oper would match */
- if (cert->GetFingerprint() != FingerPrint)
- {
- user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);
- ServerInstance->SNO->WriteToSnoMask('o',"OPER: '%s' cannot oper, does not match fingerprint", user->nick);
- ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);
- return 1;
- }
- }
+ user->WriteNumeric(491, "%s :This oper login name requires an SSL connection.", user->nick.c_str());
+ return 1;
+ }
+
+ /*
+ * No cert found or the fingerprint doesn't match
+ */
+ if ((!cert) || (cert->GetFingerprint() != FingerPrint))
+ {
+ user->WriteNumeric(491, "%s :This oper login name requires a matching key fingerprint.",user->nick.c_str());
+ ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick.c_str());
+ ServerInstance->Logs->Log("m_ssl_oper_cert",DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.", user->nick.c_str(), user->ident.c_str(), user->host.c_str());
+ return 1;
}
}
}
+
+ // Let core handle it for extra stuff
return 0;
}
virtual Version GetVersion()
{
- return Version(1,1,0,0,VF_VENDOR);
- }
-};
-
-class ModuleOperSSLCertFactory : public ModuleFactory
-{
- public:
- ModuleOperSSLCertFactory()
- {
+ return Version("$Id$", VF_VENDOR, API_VERSION);
}
-
- ~ModuleOperSSLCertFactory()
- {
- }
-
- virtual Module * CreateModule(InspIRCd* Me)
- {
- return new ModuleOperSSLCert(Me);
- }
-
};
+MODULE_INIT(ModuleOperSSLCert)
-extern "C" void * init_module( void )
-{
- return new ModuleOperSSLCertFactory;
-}