-/* +------------------------------------+
- * | Inspire Internet Relay Chat Daemon |
- * +------------------------------------+
- *
- * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev.
- * E-mail:
- * <brain@chatspike.net>
- * <Craig@chatspike.net>
- *
- * Written by Craig Edwards, Craig McLure, and others.
- * This program is free but copyrighted software; see
- * the file COPYING for details.
- *
- * ---------------------------------------------------
- */
-
-/* $ModDesc: Allows for MD5 encrypted oper passwords */
-/* $ModDep: ssl_cert.h */
-
-using namespace std;
-
-#include <stdio.h>
-#include "inspircd_config.h"
-#include "users.h"
-#include "channels.h"
-#include "modules.h"
-#include "inspircd.h"
-#include "ssl_cert.h"
-#include "wildcard.h"
-
-/** Handle /FINGERPRINT
- */
-class cmd_fingerprint : public command_t
-{
- public:
- cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)
- {
- this->source = "m_ssl_oper_cert.so";
- syntax = "<nickname>";
- }
-
- CmdResult Handle (const char** parameters, int pcnt, userrec *user)
- {
- userrec* target = ServerInstance->FindNick(parameters[0]);
- if (target)
- {
- ssl_cert* cert;
- if (target->GetExt("ssl_cert",cert))
- {
- if (cert->GetFingerprint().length())
- {
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());
- return CMD_SUCCESS;
- }
- else
- {
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);
- return CMD_FAILURE;
- }
- }
- else
- {
- user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);
- return CMD_FAILURE;
- }
- }
- else
- {
- user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);
- return CMD_FAILURE;
- }
- }
-};
-
-
-
-class ModuleOperSSLCert : public Module
-{
- ssl_cert* cert;
- bool HasCert;
- cmd_fingerprint* mycommand;
- public:
-
- ModuleOperSSLCert(InspIRCd* Me)
- : Module::Module(Me)
- {
-
- mycommand = new cmd_fingerprint(ServerInstance);
- ServerInstance->AddCommand(mycommand);
- }
-
- virtual ~ModuleOperSSLCert()
- {
- }
-
- void Implements(char* List)
- {
- List[I_OnPreCommand] = 1;
- }
-
-
- bool OneOfMatches(const char* host, const char* ip, const char* hostlist)
- {
- std::stringstream hl(hostlist);
- std::string xhost;
- while (hl >> xhost)
- {
- if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))
- {
- return true;
- }
- }
- return false;
- }
-
-
- virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line)
- {
- irc::string cmd = command.c_str();
-
- if ((cmd == "OPER") && (validated))
- {
- char LoginName[MAXBUF];
- char Password[MAXBUF];
- char OperType[MAXBUF];
- char HostName[MAXBUF];
- char TheHost[MAXBUF];
- char TheIP[MAXBUF];
- char FingerPrint[MAXBUF];
-
- snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);
- snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());
-
- HasCert = user->GetExt("ssl_cert",cert);
- ServerInstance->Log(DEBUG,"HasCert=%d",HasCert);
- for (int i = 0; i < ServerInstance->Config->ConfValueEnum(ServerInstance->Config->config_data, "oper"); i++)
- {
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "name", i, LoginName, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "password", i, Password, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "type", i, OperType, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "host", i, HostName, MAXBUF);
- ServerInstance->Config->ConfValue(ServerInstance->Config->config_data, "oper", "fingerprint", i, FingerPrint, MAXBUF);
-
- if (*FingerPrint)
- {
- if ((!strcmp(LoginName,parameters[0])) && (!ServerInstance->OperPassCompare(Password,parameters[1], i)) && (OneOfMatches(TheHost,TheIP,HostName)))
- {
- /* This oper would match */
- if ((!cert) || (cert->GetFingerprint() != FingerPrint))
- {
- user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);
- ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);
- ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);
- return 1;
- }
- }
- }
- }
- }
- return 0;
- }
-
- virtual Version GetVersion()
- {
- return Version(1,1,0,0,VF_VENDOR,API_VERSION);
- }
-};
-
-class ModuleOperSSLCertFactory : public ModuleFactory
-{
- public:
- ModuleOperSSLCertFactory()
- {
- }
-
- ~ModuleOperSSLCertFactory()
- {
- }
-
- virtual Module * CreateModule(InspIRCd* Me)
- {
- return new ModuleOperSSLCert(Me);
- }
-
-};
-
-
-extern "C" void * init_module( void )
-{
- return new ModuleOperSSLCertFactory;
-}
+/* +------------------------------------+\r * | Inspire Internet Relay Chat Daemon |\r * +------------------------------------+\r *\r * InspIRCd: (C) 2002-2007 InspIRCd Development Team\r * See: http://www.inspircd.org/wiki/index.php/Credits\r *\r * This program is free but copyrighted software; see\r * the file COPYING for details.\r *\r * ---------------------------------------------------\r */\r\r/* $ModDesc: Allows for MD5 encrypted oper passwords */\r/* $ModDep: transport.h */\r\r#include "inspircd.h"\r#include "inspircd_config.h"\r#include "users.h"\r#include "channels.h"\r#include "modules.h"\r#include "transport.h"\r#include "wildcard.h"\r\r/** Handle /FINGERPRINT\r */\rclass cmd_fingerprint : public command_t\r{\r public:\r cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1)\r {\r this->source = "m_ssl_oper_cert.so";\r syntax = "<nickname>";\r } \r \r CmdResult Handle (const char** parameters, int pcnt, userrec *user)\r {\r userrec* target = ServerInstance->FindNick(parameters[0]);\r if (target)\r {\r ssl_cert* cert;\r if (target->GetExt("ssl_cert",cert))\r {\r if (cert->GetFingerprint().length())\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str());\r return CMD_SUCCESS;\r }\r else\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick);\r return CMD_FAILURE;\r }\r }\r else\r {\r user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick);\r return CMD_FAILURE;\r }\r }\r else\r {\r user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]);\r return CMD_FAILURE;\r }\r }\r};\r\r\r\rclass ModuleOperSSLCert : public Module\r{\r ssl_cert* cert;\r bool HasCert;\r cmd_fingerprint* mycommand;\r ConfigReader* cf;\r public:\r\r ModuleOperSSLCert(InspIRCd* Me)\r : Module(Me)\r {\r mycommand = new cmd_fingerprint(ServerInstance);\r ServerInstance->AddCommand(mycommand);\r cf = new ConfigReader(ServerInstance);\r }\r\r virtual ~ModuleOperSSLCert()\r {\r delete cf;\r }\r\r void Implements(char* List)\r {\r List[I_OnPreCommand] = List[I_OnRehash] = 1;\r }\r\r virtual void OnRehash(userrec* user, const std::string ¶meter)\r {\r delete cf;\r cf = new ConfigReader(ServerInstance);\r }\r\r bool OneOfMatches(const char* host, const char* ip, const char* hostlist)\r {\r std::stringstream hl(hostlist);\r std::string xhost;\r while (hl >> xhost)\r {\r if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true))\r {\r return true;\r }\r }\r return false;\r }\r\r\r virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line)\r {\r irc::string cmd = command.c_str();\r \r if ((cmd == "OPER") && (validated))\r {\r char TheHost[MAXBUF];\r char TheIP[MAXBUF];\r std::string LoginName;\r std::string Password;\r std::string OperType;\r std::string HostName;\r std::string FingerPrint;\r bool SSLOnly;\r char* dummy;\r\r snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host);\r snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString());\r\r HasCert = user->GetExt("ssl_cert",cert);\r\r for (int i = 0; i < cf->Enumerate("oper"); i++)\r {\r LoginName = cf->ReadValue("oper", "name", i);\r Password = cf->ReadValue("oper", "password", i);\r OperType = cf->ReadValue("oper", "type", i);\r HostName = cf->ReadValue("oper", "host", i);\r FingerPrint = cf->ReadValue("oper", "fingerprint", i);\r SSLOnly = cf->ReadFlag("oper", "sslonly", i);\r\r if (SSLOnly || !FingerPrint.empty())\r {\r if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str())))\r {\r if (SSLOnly && !user->GetExt("ssl", dummy))\r {\r user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick);\r return 1;\r }\r\r /* This oper would match */\r if ((!cert) || (cert->GetFingerprint() != FingerPrint))\r {\r user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick);\r ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick);\r ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host);\r return 1;\r }\r }\r }\r }\r }\r return 0;\r }\r\r virtual Version GetVersion()\r {\r return Version(1,1,0,0,VF_VENDOR,API_VERSION);\r }\r};\r\rMODULE_INIT(ModuleOperSSLCert);\r\r
\ No newline at end of file