X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fmodules%2Fextra%2Fm_ssl_oper_cert.cpp;h=817854fa82f841e016e6dc8749af23976edea3fd;hb=58f4306bb6e1f91076fccf30a3b43a40b3d1915a;hp=068c01845436f788de5824b4bc70ed0e7f8267ed;hpb=76d7e8a0684b38a82e6c05ebd7538b69660e1bef;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_oper_cert.cpp b/src/modules/extra/m_ssl_oper_cert.cpp index 068c01845..817854fa8 100644 --- a/src/modules/extra/m_ssl_oper_cert.cpp +++ b/src/modules/extra/m_ssl_oper_cert.cpp @@ -2,7 +2,7 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * InspIRCd: (C) 2002-2008 InspIRCd Development Team * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see @@ -24,18 +24,18 @@ /** Handle /FINGERPRINT */ -class cmd_fingerprint : public command_t +class cmd_fingerprint : public Command { public: - cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1) + cmd_fingerprint (InspIRCd* Instance) : Command(Instance,"FINGERPRINT", 0, 1) { this->source = "m_ssl_oper_cert.so"; syntax = ""; - } - - CmdResult Handle (const char** parameters, int pcnt, userrec *user) + } + + CmdResult Handle (const std::vector ¶meters, User *user) { - userrec* target = ServerInstance->FindNick(parameters[0]); + User* target = ServerInstance->FindNick(parameters[0]); if (target) { ssl_cert* cert; @@ -43,24 +43,24 @@ class cmd_fingerprint : public command_t { if (cert->GetFingerprint().length()) { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str()); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick.c_str(),target->nick.c_str(),cert->GetFingerprint().c_str()); return CMD_SUCCESS; } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(),target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(), target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + user->WriteNumeric(401, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); return CMD_FAILURE; } } @@ -77,11 +77,13 @@ class ModuleOperSSLCert : public Module public: ModuleOperSSLCert(InspIRCd* Me) - : Module::Module(Me) + : Module(Me) { mycommand = new cmd_fingerprint(ServerInstance); ServerInstance->AddCommand(mycommand); cf = new ConfigReader(ServerInstance); + Implementation eventlist[] = { I_OnPreCommand, I_OnRehash }; + ServerInstance->Modules->Attach(eventlist, this, 2); } virtual ~ModuleOperSSLCert() @@ -89,12 +91,8 @@ class ModuleOperSSLCert : public Module delete cf; } - void Implements(char* List) - { - List[I_OnPreCommand] = List[I_OnRehash] = 1; - } - virtual void OnRehash(userrec* user, const std::string ¶meter) + virtual void OnRehash(User* user, const std::string ¶meter) { delete cf; cf = new ConfigReader(ServerInstance); @@ -106,7 +104,7 @@ class ModuleOperSSLCert : public Module std::string xhost; while (hl >> xhost) { - if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true)) + if (match(host, xhost) || match(ip, xhost, true)) { return true; } @@ -114,11 +112,10 @@ class ModuleOperSSLCert : public Module return false; } - - virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated, const std::string &original_line) + virtual int OnPreCommand(std::string &command, std::vector ¶meters, User *user, bool validated, const std::string &original_line) { irc::string cmd = command.c_str(); - + if ((cmd == "OPER") && (validated)) { char TheHost[MAXBUF]; @@ -127,12 +124,13 @@ class ModuleOperSSLCert : public Module std::string Password; std::string OperType; std::string HostName; + std::string HashType; std::string FingerPrint; bool SSLOnly; char* dummy; - snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host); - snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString()); + snprintf(TheHost,MAXBUF,"%s@%s",user->ident.c_str(),user->host.c_str()); + snprintf(TheIP, MAXBUF,"%s@%s",user->ident.c_str(),user->GetIPString()); HasCert = user->GetExt("ssl_cert",cert); @@ -142,60 +140,50 @@ class ModuleOperSSLCert : public Module Password = cf->ReadValue("oper", "password", i); OperType = cf->ReadValue("oper", "type", i); HostName = cf->ReadValue("oper", "host", i); + HashType = cf->ReadValue("oper", "hash", i); FingerPrint = cf->ReadValue("oper", "fingerprint", i); SSLOnly = cf->ReadFlag("oper", "sslonly", i); - if (SSLOnly || !FingerPrint.empty()) + if (FingerPrint.empty() && !SSLOnly) + continue; + + if (LoginName != parameters[0]) + continue; + + if (!OneOfMatches(TheHost, TheIP, HostName.c_str())) + continue; + + if (Password.length() && !ServerInstance->PassCompare(user, Password.c_str(),parameters[1].c_str(), HashType.c_str())) + continue; + + if (SSLOnly && !user->GetExt("ssl", dummy)) + { + user->WriteNumeric(491, "%s :This oper login name requires an SSL connection.", user->nick.c_str()); + return 1; + } + + /* + * No cert found or the fingerprint doesn't match + */ + if ((!cert) || (cert->GetFingerprint() != FingerPrint)) { - if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str()))) - { - if (SSLOnly && !user->GetExt("ssl", dummy)) - { - user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick); - return 1; - } - - /* This oper would match */ - if ((!cert) || (cert->GetFingerprint() != FingerPrint)) - { - user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick); - ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick); - ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host); - return 1; - } - } + user->WriteNumeric(491, "%s :This oper login name requires a matching key fingerprint.",user->nick.c_str()); + ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick.c_str()); + ServerInstance->Logs->Log("m_ssl_oper_cert",DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + return 1; } } } + + // Let core handle it for extra stuff return 0; } virtual Version GetVersion() { - return Version(1,1,0,0,VF_VENDOR,API_VERSION); - } -}; - -class ModuleOperSSLCertFactory : public ModuleFactory -{ - public: - ModuleOperSSLCertFactory() - { - } - - ~ModuleOperSSLCertFactory() - { + return Version(1,2,0,0,VF_VENDOR,API_VERSION); } - - virtual Module * CreateModule(InspIRCd* Me) - { - return new ModuleOperSSLCert(Me); - } - }; +MODULE_INIT(ModuleOperSSLCert) -extern "C" void * init_module( void ) -{ - return new ModuleOperSSLCertFactory; -}