X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_oper_cert.cpp;h=6746a4afa2ea26e81210ee0ea6f0df1232cfb2ad;hb=b950e46bfeef5643ff68c8c78530c1eff25d024e;hp=312ec874b13bf2f0c2d5fdfb13b4159613c40424;hpb=dd36852a52e8541306b76c5b88bce8ab9b36654c;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_oper_cert.cpp b/src/modules/extra/m_ssl_oper_cert.cpp index 312ec874b..6746a4afa 100644 --- a/src/modules/extra/m_ssl_oper_cert.cpp +++ b/src/modules/extra/m_ssl_oper_cert.cpp @@ -20,7 +20,6 @@ #include "channels.h" #include "modules.h" #include "transport.h" -#include "wildcard.h" /** Handle /FINGERPRINT */ @@ -31,9 +30,9 @@ class cmd_fingerprint : public Command { this->source = "m_ssl_oper_cert.so"; syntax = ""; - } - - CmdResult Handle (const char* const* parameters, int pcnt, User *user) + } + + CmdResult Handle (const std::vector ¶meters, User *user) { User* target = ServerInstance->FindNick(parameters[0]); if (target) @@ -43,24 +42,24 @@ class cmd_fingerprint : public Command { if (cert->GetFingerprint().length()) { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str()); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick.c_str(),target->nick.c_str(),cert->GetFingerprint().c_str()); return CMD_SUCCESS; } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(),target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(), target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + user->WriteNumeric(401, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); return CMD_FAILURE; } } @@ -104,7 +103,7 @@ class ModuleOperSSLCert : public Module std::string xhost; while (hl >> xhost) { - if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true)) + if (InspIRCd::Match(host, xhost) || InspIRCd::MatchCIDR(ip, xhost)) { return true; } @@ -112,10 +111,10 @@ class ModuleOperSSLCert : public Module return false; } - virtual int OnPreCommand(const std::string &command, const char* const* parameters, int pcnt, User *user, bool validated, const std::string &original_line) + virtual int OnPreCommand(std::string &command, std::vector ¶meters, User *user, bool validated, const std::string &original_line) { irc::string cmd = command.c_str(); - + if ((cmd == "OPER") && (validated)) { char TheHost[MAXBUF]; @@ -129,8 +128,8 @@ class ModuleOperSSLCert : public Module bool SSLOnly; char* dummy; - snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host); - snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString()); + snprintf(TheHost,MAXBUF,"%s@%s",user->ident.c_str(),user->host.c_str()); + snprintf(TheIP, MAXBUF,"%s@%s",user->ident.c_str(),user->GetIPString()); HasCert = user->GetExt("ssl_cert",cert); @@ -144,34 +143,44 @@ class ModuleOperSSLCert : public Module FingerPrint = cf->ReadValue("oper", "fingerprint", i); SSLOnly = cf->ReadFlag("oper", "sslonly", i); - if (SSLOnly || !FingerPrint.empty()) + if (FingerPrint.empty() && !SSLOnly) + continue; + + if (LoginName != parameters[0]) + continue; + + if (!OneOfMatches(TheHost, TheIP, HostName.c_str())) + continue; + + if (Password.length() && !ServerInstance->PassCompare(user, Password.c_str(),parameters[1].c_str(), HashType.c_str())) + continue; + + if (SSLOnly && !user->GetExt("ssl", dummy)) { - if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->PassCompare(user, Password.c_str(),parameters[1], HashType.c_str())) && (OneOfMatches(TheHost,TheIP,HostName.c_str()))) - { - if (SSLOnly && !user->GetExt("ssl", dummy)) - { - user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick); - return 1; - } - - /* This oper would match */ - if ((!cert) || (cert->GetFingerprint() != FingerPrint)) - { - user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick); - ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick); - ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host); - return 1; - } - } + user->WriteNumeric(491, "%s :This oper login name requires an SSL connection.", user->nick.c_str()); + return 1; + } + + /* + * No cert found or the fingerprint doesn't match + */ + if ((!cert) || (cert->GetFingerprint() != FingerPrint)) + { + user->WriteNumeric(491, "%s :This oper login name requires a matching key fingerprint.",user->nick.c_str()); + ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick.c_str()); + ServerInstance->Logs->Log("m_ssl_oper_cert",DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + return 1; } } } + + // Let core handle it for extra stuff return 0; } virtual Version GetVersion() { - return Version(1,1,0,0,VF_VENDOR,API_VERSION); + return Version("$Id$", VF_VENDOR, API_VERSION); } };