X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_oper_cert.cpp;h=6746a4afa2ea26e81210ee0ea6f0df1232cfb2ad;hb=b950e46bfeef5643ff68c8c78530c1eff25d024e;hp=a838171634b2a8d4ca432cb58d661411d8050825;hpb=53afaa7cadcdf222dcf761441727305f79b4c557;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_oper_cert.cpp b/src/modules/extra/m_ssl_oper_cert.cpp index a83817163..6746a4afa 100644 --- a/src/modules/extra/m_ssl_oper_cert.cpp +++ b/src/modules/extra/m_ssl_oper_cert.cpp @@ -2,7 +2,7 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd: (C) 2002-2007 InspIRCd Development Team + * InspIRCd: (C) 2002-2008 InspIRCd Development Team * See: http://www.inspircd.org/wiki/index.php/Credits * * This program is free but copyrighted software; see @@ -20,7 +20,6 @@ #include "channels.h" #include "modules.h" #include "transport.h" -#include "wildcard.h" /** Handle /FINGERPRINT */ @@ -31,9 +30,9 @@ class cmd_fingerprint : public Command { this->source = "m_ssl_oper_cert.so"; syntax = ""; - } - - CmdResult Handle (const char** parameters, int pcnt, User *user) + } + + CmdResult Handle (const std::vector ¶meters, User *user) { User* target = ServerInstance->FindNick(parameters[0]); if (target) @@ -43,24 +42,24 @@ class cmd_fingerprint : public Command { if (cert->GetFingerprint().length()) { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str()); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick.c_str(),target->nick.c_str(),cert->GetFingerprint().c_str()); return CMD_SUCCESS; } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(),target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(), target->nick.c_str()); return CMD_FAILURE; } } else { - user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + user->WriteNumeric(401, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); return CMD_FAILURE; } } @@ -104,7 +103,7 @@ class ModuleOperSSLCert : public Module std::string xhost; while (hl >> xhost) { - if (match(host,xhost.c_str()) || match(ip,xhost.c_str(),true)) + if (InspIRCd::Match(host, xhost) || InspIRCd::MatchCIDR(ip, xhost)) { return true; } @@ -112,11 +111,10 @@ class ModuleOperSSLCert : public Module return false; } - - virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, User *user, bool validated, const std::string &original_line) + virtual int OnPreCommand(std::string &command, std::vector ¶meters, User *user, bool validated, const std::string &original_line) { irc::string cmd = command.c_str(); - + if ((cmd == "OPER") && (validated)) { char TheHost[MAXBUF]; @@ -125,12 +123,13 @@ class ModuleOperSSLCert : public Module std::string Password; std::string OperType; std::string HostName; + std::string HashType; std::string FingerPrint; bool SSLOnly; char* dummy; - snprintf(TheHost,MAXBUF,"%s@%s",user->ident,user->host); - snprintf(TheIP, MAXBUF,"%s@%s",user->ident,user->GetIPString()); + snprintf(TheHost,MAXBUF,"%s@%s",user->ident.c_str(),user->host.c_str()); + snprintf(TheIP, MAXBUF,"%s@%s",user->ident.c_str(),user->GetIPString()); HasCert = user->GetExt("ssl_cert",cert); @@ -140,37 +139,48 @@ class ModuleOperSSLCert : public Module Password = cf->ReadValue("oper", "password", i); OperType = cf->ReadValue("oper", "type", i); HostName = cf->ReadValue("oper", "host", i); + HashType = cf->ReadValue("oper", "hash", i); FingerPrint = cf->ReadValue("oper", "fingerprint", i); SSLOnly = cf->ReadFlag("oper", "sslonly", i); - if (SSLOnly || !FingerPrint.empty()) + if (FingerPrint.empty() && !SSLOnly) + continue; + + if (LoginName != parameters[0]) + continue; + + if (!OneOfMatches(TheHost, TheIP, HostName.c_str())) + continue; + + if (Password.length() && !ServerInstance->PassCompare(user, Password.c_str(),parameters[1].c_str(), HashType.c_str())) + continue; + + if (SSLOnly && !user->GetExt("ssl", dummy)) + { + user->WriteNumeric(491, "%s :This oper login name requires an SSL connection.", user->nick.c_str()); + return 1; + } + + /* + * No cert found or the fingerprint doesn't match + */ + if ((!cert) || (cert->GetFingerprint() != FingerPrint)) { - if ((!strcmp(LoginName.c_str(),parameters[0])) && (!ServerInstance->OperPassCompare(Password.c_str(),parameters[1],i)) && (OneOfMatches(TheHost,TheIP,HostName.c_str()))) - { - if (SSLOnly && !user->GetExt("ssl", dummy)) - { - user->WriteServ("491 %s :This oper login name requires an SSL connection.", user->nick); - return 1; - } - - /* This oper would match */ - if ((!cert) || (cert->GetFingerprint() != FingerPrint)) - { - user->WriteServ("491 %s :This oper login name requires a matching key fingerprint.",user->nick); - ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick); - ServerInstance->Log(DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.",user->nick,user->ident,user->host); - return 1; - } - } + user->WriteNumeric(491, "%s :This oper login name requires a matching key fingerprint.",user->nick.c_str()); + ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick.c_str()); + ServerInstance->Logs->Log("m_ssl_oper_cert",DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + return 1; } } } + + // Let core handle it for extra stuff return 0; } virtual Version GetVersion() { - return Version(1,1,0,0,VF_VENDOR,API_VERSION); + return Version("$Id$", VF_VENDOR, API_VERSION); } };