/[svn]/ircd-hybrid-7.2/modules/m_challenge.c
ViewVC logotype

Contents of /ircd-hybrid-7.2/modules/m_challenge.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 912 - (show annotations)
Wed Nov 7 22:47:44 2007 UTC (12 years, 8 months ago) by michael
File MIME type: text/x-chdr
File size: 6313 byte(s)
- Implemented libtool-ltdl. Only shared modules are supported currently
- Several build fixes and cleanups. ircd now builds and runs without any problems
- Added back all files to SVN that are needed to built the daemon
  I really don't want to force other people that want to test the snapshots
  or svn versions to install yyacc, lex, automake, autoconf and libtool...
  No problem having required files in svn
- Removed some automake maintainer stuff which is kinda useless for us

1 /*
2 * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 * m_challenge.c: Allows an IRC Operator to securely authenticate.
4 *
5 * Copyright (C) 2002 by the past and present ircd coders, and others.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 * USA
21 *
22 * $Id$
23 */
24
25 #include "stdinc.h"
26 #ifdef HAVE_LIBCRYPTO
27
28 #include "handlers.h"
29 #include "client.h"
30 #include "ircd.h"
31 #include "modules.h"
32 #include "numeric.h"
33 #include "send.h"
34 #include "s_conf.h"
35 /* -lcrypto is implicit for building this module! */
36 #include "rsa.h"
37 #include "msg.h"
38 #include "parse.h"
39 #include "irc_string.h"
40 #include "s_log.h"
41 #include "s_user.h"
42
43 static void failed_challenge_notice(struct Client *, const char *,
44 const char *);
45 static void m_challenge(struct Client *, struct Client *, int, char **);
46
47 /* We have openssl support, so include /CHALLENGE */
48 struct Message challenge_msgtab = {
49 "CHALLENGE", 0, 0, 2, 0, MFLG_SLOW, 0,
50 { m_unregistered, m_challenge, m_ignore, m_ignore, m_challenge, m_ignore }
51 };
52
53 #ifndef STATIC_MODULES
54 void
55 _modinit(void)
56 {
57 mod_add_cmd(&challenge_msgtab);
58 }
59
60 void
61 _moddeinit(void)
62 {
63 mod_del_cmd(&challenge_msgtab);
64 }
65
66 const char *_version = "$Revision$";
67 #endif
68
69 /*
70 * m_challenge - generate RSA challenge for wouldbe oper
71 * parv[0] = sender prefix
72 * parv[1] = operator to challenge for, or +response
73 *
74 */
75 static void
76 m_challenge(struct Client *client_p, struct Client *source_p,
77 int parc, char *parv[])
78 {
79 char *challenge = NULL;
80 struct ConfItem *conf = NULL;
81 struct AccessItem *aconf = NULL;
82
83 /* if theyre an oper, reprint oper motd and ignore */
84 if (IsOper(source_p))
85 {
86 sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
87 send_message_file(source_p, &ConfigFileEntry.opermotd);
88 return;
89 }
90
91 if (*parv[1] == '+')
92 {
93 /* Ignore it if we aren't expecting this... -A1kmm */
94 if (source_p->localClient->response == NULL)
95 return;
96
97 if (irccmp(source_p->localClient->response, ++parv[1]))
98 {
99 sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
100 source_p->name);
101 failed_challenge_notice(source_p, source_p->localClient->auth_oper,
102 "challenge failed");
103 return;
104 }
105
106 conf = find_exact_name_conf(OPER_TYPE,
107 source_p->localClient->auth_oper,
108 source_p->username, source_p->host);
109 if (conf == NULL)
110 conf = find_exact_name_conf(OPER_TYPE,
111 source_p->localClient->auth_oper,
112 source_p->username, source_p->sockhost);
113 if (conf == NULL)
114 {
115 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
116 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
117 source_p->localClient->auth_oper);
118 return;
119 }
120
121 if (attach_conf(source_p, conf) != 0)
122 {
123 sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
124 me.name, source_p->name);
125 failed_challenge_notice(source_p, conf->name, "can't attach conf!");
126 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
127 source_p->localClient->auth_oper);
128 return;
129 }
130
131 oper_up(source_p);
132
133 ilog(L_TRACE, "OPER %s by %s!%s@%s",
134 source_p->localClient->auth_oper, source_p->name, source_p->username,
135 source_p->host);
136 log_oper_action(LOG_OPER_TYPE, source_p,
137 "%s\n", source_p->localClient->auth_oper);
138
139 MyFree(source_p->localClient->response);
140 MyFree(source_p->localClient->auth_oper);
141 source_p->localClient->response = NULL;
142 source_p->localClient->auth_oper = NULL;
143 return;
144 }
145
146 MyFree(source_p->localClient->response);
147 MyFree(source_p->localClient->auth_oper);
148 source_p->localClient->response = NULL;
149 source_p->localClient->auth_oper = NULL;
150
151 if ((conf = find_conf_exact(OPER_TYPE,
152 parv[1], source_p->username, source_p->host
153 )) != NULL)
154 aconf = map_to_conf(conf);
155 else if ((conf = find_conf_exact(OPER_TYPE,
156 parv[1], source_p->username,
157 source_p->sockhost)) != NULL)
158 aconf = map_to_conf(conf);
159
160 if (aconf == NULL)
161 {
162 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
163 conf = find_exact_name_conf(OPER_TYPE, parv[1], NULL, NULL);
164 failed_challenge_notice(source_p, parv[1], (conf != NULL)
165 ? "host mismatch" : "no oper {} block");
166 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", parv[1]);
167 return;
168 }
169
170 if (aconf->rsa_public_key == NULL)
171 {
172 sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
173 "is not enabled for your oper{} block.", me.name,
174 parv[0]);
175 return;
176 }
177
178 if (!generate_challenge(&challenge, &(source_p->localClient->response),
179 aconf->rsa_public_key))
180 sendto_one(source_p, form_str(RPL_RSACHALLENGE),
181 me.name, parv[0], challenge);
182
183 DupString(source_p->localClient->auth_oper, conf->name);
184 MyFree(challenge);
185 }
186
187 /* failed_challenge_notice()
188 *
189 * inputs - pointer to client doing /oper ...
190 * - pointer to nick they tried to oper as
191 * - pointer to reason they have failed
192 * output - nothing
193 * side effects - notices all opers of the failed oper attempt if enabled
194 */
195 static void
196 failed_challenge_notice(struct Client *source_p, const char *name,
197 const char *reason)
198 {
199 if (ConfigFileEntry.failed_oper_notice)
200 sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt as %s "
201 "by %s (%s@%s) - %s", name, source_p->name,
202 source_p->username, source_p->host, reason);
203 }
204 #endif

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.28