/[svn]/ircd-hybrid-7.2/modules/m_challenge.c
ViewVC logotype

Contents of /ircd-hybrid-7.2/modules/m_challenge.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 817 - (show annotations)
Sun Sep 10 17:45:31 2006 UTC (13 years, 6 months ago) by michael
File MIME type: text/x-chdr
File size: 6283 byte(s)
- m_challenge(): fixed another challenge bug which would
  reject a client's challenge response if the user= line
  contains an IP.

1 /*
2 * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 * m_challenge.c: Allows an IRC Operator to securely authenticate.
4 *
5 * Copyright (C) 2002 by the past and present ircd coders, and others.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 * USA
21 *
22 * $Id$
23 */
24
25 #include "stdinc.h"
26 #include "handlers.h"
27 #include "client.h"
28 #include "ircd.h"
29 #include "modules.h"
30 #include "numeric.h"
31 #include "send.h"
32 #include "s_conf.h"
33 /* -lcrypto is implicit for building this module! */
34 #include "rsa.h"
35 #include "msg.h"
36 #include "parse.h"
37 #include "irc_string.h"
38 #include "s_log.h"
39 #include "s_user.h"
40
41 static void failed_challenge_notice(struct Client *, const char *,
42 const char *);
43 static void m_challenge(struct Client *, struct Client *, int, char **);
44
45 /* We have openssl support, so include /CHALLENGE */
46 struct Message challenge_msgtab = {
47 "CHALLENGE", 0, 0, 2, 0, MFLG_SLOW, 0,
48 { m_unregistered, m_challenge, m_ignore, m_ignore, m_challenge, m_ignore }
49 };
50
51 #ifndef STATIC_MODULES
52 void
53 _modinit(void)
54 {
55 mod_add_cmd(&challenge_msgtab);
56 }
57
58 void
59 _moddeinit(void)
60 {
61 mod_del_cmd(&challenge_msgtab);
62 }
63
64 const char *_version = "$Revision$";
65 #endif
66
67 /*
68 * m_challenge - generate RSA challenge for wouldbe oper
69 * parv[0] = sender prefix
70 * parv[1] = operator to challenge for, or +response
71 *
72 */
73 static void
74 m_challenge(struct Client *client_p, struct Client *source_p,
75 int parc, char *parv[])
76 {
77 char *challenge = NULL;
78 struct ConfItem *conf = NULL;
79 struct AccessItem *aconf = NULL;
80
81 /* if theyre an oper, reprint oper motd and ignore */
82 if (IsOper(source_p))
83 {
84 sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
85 send_message_file(source_p, &ConfigFileEntry.opermotd);
86 return;
87 }
88
89 if (*parv[1] == '+')
90 {
91 /* Ignore it if we aren't expecting this... -A1kmm */
92 if (source_p->localClient->response == NULL)
93 return;
94
95 if (irccmp(source_p->localClient->response, ++parv[1]))
96 {
97 sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
98 source_p->name);
99 failed_challenge_notice(source_p, source_p->localClient->auth_oper,
100 "challenge failed");
101 return;
102 }
103
104 conf = find_exact_name_conf(OPER_TYPE,
105 source_p->localClient->auth_oper,
106 source_p->username, source_p->host);
107 if (conf == NULL)
108 conf = find_exact_name_conf(OPER_TYPE,
109 source_p->localClient->auth_oper,
110 source_p->username, source_p->sockhost);
111 if (conf == NULL)
112 {
113 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
114 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
115 source_p->localClient->auth_oper);
116 return;
117 }
118
119 if (attach_conf(source_p, conf) != 0)
120 {
121 sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
122 me.name, source_p->name);
123 failed_challenge_notice(source_p, conf->name, "can't attach conf!");
124 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
125 source_p->localClient->auth_oper);
126 return;
127 }
128
129 oper_up(source_p);
130
131 ilog(L_TRACE, "OPER %s by %s!%s@%s",
132 source_p->localClient->auth_oper, source_p->name, source_p->username,
133 source_p->host);
134 log_oper_action(LOG_OPER_TYPE, source_p,
135 "%s\n", source_p->localClient->auth_oper);
136
137 MyFree(source_p->localClient->response);
138 MyFree(source_p->localClient->auth_oper);
139 source_p->localClient->response = NULL;
140 source_p->localClient->auth_oper = NULL;
141 return;
142 }
143
144 MyFree(source_p->localClient->response);
145 MyFree(source_p->localClient->auth_oper);
146 source_p->localClient->response = NULL;
147 source_p->localClient->auth_oper = NULL;
148
149 if ((conf = find_conf_exact(OPER_TYPE,
150 parv[1], source_p->username, source_p->host
151 )) != NULL)
152 aconf = map_to_conf(conf);
153 else if ((conf = find_conf_exact(OPER_TYPE,
154 parv[1], source_p->username,
155 source_p->sockhost)) != NULL)
156 aconf = map_to_conf(conf);
157
158 if (aconf == NULL)
159 {
160 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
161 conf = find_exact_name_conf(OPER_TYPE, parv[1], NULL, NULL);
162 failed_challenge_notice(source_p, parv[1], (conf != NULL)
163 ? "host mismatch" : "no oper {} block");
164 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", parv[1]);
165 return;
166 }
167
168 if (aconf->rsa_public_key == NULL)
169 {
170 sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
171 "is not enabled for your oper{} block.", me.name,
172 parv[0]);
173 return;
174 }
175
176 if (!generate_challenge(&challenge, &(source_p->localClient->response),
177 aconf->rsa_public_key))
178 sendto_one(source_p, form_str(RPL_RSACHALLENGE),
179 me.name, parv[0], challenge);
180
181 DupString(source_p->localClient->auth_oper, conf->name);
182 MyFree(challenge);
183 }
184
185 /* failed_challenge_notice()
186 *
187 * inputs - pointer to client doing /oper ...
188 * - pointer to nick they tried to oper as
189 * - pointer to reason they have failed
190 * output - nothing
191 * side effects - notices all opers of the failed oper attempt if enabled
192 */
193 static void
194 failed_challenge_notice(struct Client *source_p, const char *name,
195 const char *reason)
196 {
197 if (ConfigFileEntry.failed_oper_notice)
198 sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt as %s "
199 "by %s (%s@%s) - %s", name, source_p->name,
200 source_p->username, source_p->host, reason);
201 }

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.26