X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fextra%2Fm_ssl_oper_cert.cpp;h=c99dfa2e20a0331a211d093d461fc0460f49edf8;hb=813bc55a8496875cef52e6da42d608e4d2fa35da;hp=0d1ab045c3a0c38e7645643e19deb79c434e8a59;hpb=547ee1342e8b07bcdf46bc81343d1a1f7a2998e5;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/extra/m_ssl_oper_cert.cpp b/src/modules/extra/m_ssl_oper_cert.cpp index 0d1ab045c..c99dfa2e2 100644 --- a/src/modules/extra/m_ssl_oper_cert.cpp +++ b/src/modules/extra/m_ssl_oper_cert.cpp @@ -2,12 +2,9 @@ * | Inspire Internet Relay Chat Daemon | * +------------------------------------+ * - * InspIRCd is copyright (C) 2002-2006 ChatSpike-Dev. - * E-mail: - * - * - * - * Written by Craig Edwards, Craig McLure, and others. + * InspIRCd: (C) 2002-2008 InspIRCd Development Team + * See: http://www.inspircd.org/wiki/index.php/Credits + * * This program is free but copyrighted software; see * the file COPYING for details. * @@ -15,138 +12,178 @@ */ /* $ModDesc: Allows for MD5 encrypted oper passwords */ +/* $ModDep: transport.h */ -using namespace std; - -#include +#include "inspircd.h" #include "inspircd_config.h" #include "users.h" #include "channels.h" #include "modules.h" -#include "inspircd.h" -#include "ssl_cert.h" +#include "transport.h" +#include "wildcard.h" -class cmd_fingerprint : public command_t +/** Handle /FINGERPRINT + */ +class cmd_fingerprint : public Command { public: - cmd_fingerprint (InspIRCd* Instance) : command_t(Instance,"FINGERPRINT", 0, 1) + cmd_fingerprint (InspIRCd* Instance) : Command(Instance,"FINGERPRINT", 0, 1) { this->source = "m_ssl_oper_cert.so"; syntax = ""; } - void Handle (const char** parameters, int pcnt, userrec *user) + CmdResult Handle (const std::vector ¶meters, User *user) { - userrec* target = ServerInstance->FindNick(parameters[0]); + User* target = ServerInstance->FindNick(parameters[0]); if (target) { ssl_cert* cert; if (target->GetExt("ssl_cert",cert)) { if (cert->GetFingerprint().length()) - user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick,target->nick,cert->GetFingerprint().c_str()); + { + user->WriteServ("NOTICE %s :Certificate fingerprint for %s is %s",user->nick.c_str(),target->nick.c_str(),cert->GetFingerprint().c_str()); + return CMD_SUCCESS; + } else - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick,target->nick); + { + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(),target->nick.c_str()); + return CMD_FAILURE; + } } else { - user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick, target->nick); + user->WriteServ("NOTICE %s :Certificate fingerprint for %s does not exist!", user->nick.c_str(), target->nick.c_str()); + return CMD_FAILURE; } } else { - user->WriteServ("401 %s %s :No such nickname", user->nick, parameters[0]); + user->WriteNumeric(401, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); + return CMD_FAILURE; } } }; + class ModuleOperSSLCert : public Module { ssl_cert* cert; bool HasCert; cmd_fingerprint* mycommand; + ConfigReader* cf; public: ModuleOperSSLCert(InspIRCd* Me) - : Module::Module(Me) + : Module(Me) { - mycommand = new cmd_fingerprint(ServerInstance); ServerInstance->AddCommand(mycommand); + cf = new ConfigReader(ServerInstance); + Implementation eventlist[] = { I_OnPreCommand, I_OnRehash }; + ServerInstance->Modules->Attach(eventlist, this, 2); } - + virtual ~ModuleOperSSLCert() { + delete cf; } - void Implements(char* List) + + virtual void OnRehash(User* user, const std::string ¶meter) { - List[I_OnOperCompare] = List[I_OnPreCommand] = 1; + delete cf; + cf = new ConfigReader(ServerInstance); } - virtual int OnOperCompare(const std::string &data, const std::string &input) + bool OneOfMatches(const char* host, const char* ip, const char* hostlist) { - ServerInstance->Log(DEBUG,"HasCert=%d, data='%s' input='%s'",HasCert,data.c_str(), input.c_str()); - if (((data.length()) && (data.length() == cert->GetFingerprint().length()))) + std::stringstream hl(hostlist); + std::string xhost; + while (hl >> xhost) { - ServerInstance->Log(DEBUG,"Lengths match, cert='%s'",cert->GetFingerprint().c_str()); - if (data == cert->GetFingerprint()) + if (match(host, xhost) || match(ip, xhost, true)) { - ServerInstance->Log(DEBUG,"Return 1"); - return 1; + return true; } - else - { - ServerInstance->Log(DEBUG,"'%s' != '%s'",data.c_str(), cert->GetFingerprint().c_str()); - return 0; - } - } - else - { - ServerInstance->Log(DEBUG,"Lengths dont match"); - return 0; } + return false; } - virtual int OnPreCommand(const std::string &command, const char** parameters, int pcnt, userrec *user, bool validated) + virtual int OnPreCommand(const std::string &command, const std::vector ¶meters, User *user, bool validated, const std::string &original_line) { irc::string cmd = command.c_str(); - if ((cmd == "OPER") && (validated == 1)) + if ((cmd == "OPER") && (validated)) { + char TheHost[MAXBUF]; + char TheIP[MAXBUF]; + std::string LoginName; + std::string Password; + std::string OperType; + std::string HostName; + std::string HashType; + std::string FingerPrint; + bool SSLOnly; + char* dummy; + + snprintf(TheHost,MAXBUF,"%s@%s",user->ident.c_str(),user->host.c_str()); + snprintf(TheIP, MAXBUF,"%s@%s",user->ident.c_str(),user->GetIPString()); + HasCert = user->GetExt("ssl_cert",cert); - ServerInstance->Log(DEBUG,"HasCert=%d",HasCert); + + for (int i = 0; i < cf->Enumerate("oper"); i++) + { + LoginName = cf->ReadValue("oper", "name", i); + Password = cf->ReadValue("oper", "password", i); + OperType = cf->ReadValue("oper", "type", i); + HostName = cf->ReadValue("oper", "host", i); + HashType = cf->ReadValue("oper", "hash", i); + FingerPrint = cf->ReadValue("oper", "fingerprint", i); + SSLOnly = cf->ReadFlag("oper", "sslonly", i); + + if (FingerPrint.empty() && !SSLOnly) + continue; + + if (LoginName != parameters[0]) + continue; + + if (!OneOfMatches(TheHost, TheIP, HostName.c_str())) + continue; + + if (Password.length() && !ServerInstance->PassCompare(user, Password.c_str(),parameters[1].c_str(), HashType.c_str())) + continue; + + if (SSLOnly && !user->GetExt("ssl", dummy)) + { + user->WriteNumeric(491, "%s :This oper login name requires an SSL connection.", user->nick.c_str()); + return 1; + } + + /* + * No cert found or the fingerprint doesn't match + */ + if ((!cert) || (cert->GetFingerprint() != FingerPrint)) + { + user->WriteNumeric(491, "%s :This oper login name requires a matching key fingerprint.",user->nick.c_str()); + ServerInstance->SNO->WriteToSnoMask('o',"'%s' cannot oper, does not match fingerprint", user->nick.c_str()); + ServerInstance->Logs->Log("m_ssl_oper_cert",DEFAULT,"OPER: Failed oper attempt by %s!%s@%s: credentials valid, but wrong fingerprint.", user->nick.c_str(), user->ident.c_str(), user->host.c_str()); + return 1; + } + } } + + // Let core handle it for extra stuff return 0; } virtual Version GetVersion() { - return Version(1,1,0,0,VF_VENDOR); + return Version(1,2,0,0,VF_VENDOR,API_VERSION); } }; -class ModuleOperSSLCertFactory : public ModuleFactory -{ - public: - ModuleOperSSLCertFactory() - { - } - - ~ModuleOperSSLCertFactory() - { - } - - virtual Module * CreateModule(InspIRCd* Me) - { - return new ModuleOperSSLCert(Me); - } - -}; +MODULE_INIT(ModuleOperSSLCert) - -extern "C" void * init_module( void ) -{ - return new ModuleOperSSLCertFactory; -}