ViewVC Help
View File | Revision Log | Show Annotations | View Changeset | Root Listing
root/svn/ircd-hybrid/modules/m_challenge.c
Revision: 30
Committed: Sun Oct 2 20:03:27 2005 UTC (18 years, 5 months ago) by adx
Content type: text/x-csrc
File size: 6158 byte(s)
Log Message:
- imported sources
- can be moved later according to the directory/branching scheme,
  but we need the svn up

File Contents

# Content
1 /*
2 * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3 * m_challenge.c: Allows an IRC Operator to securely authenticate.
4 *
5 * Copyright (C) 2002 by the past and present ircd coders, and others.
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20 * USA
21 *
22 * $Id: m_challenge.c,v 1.59 2005/09/05 14:16:58 db Exp $
23 */
24
25 #include "stdinc.h"
26 #include "handlers.h"
27 #include "client.h"
28 #include "ircd.h"
29 #include "modules.h"
30 #include "numeric.h"
31 #include "send.h"
32 #include "s_conf.h"
33 /* -lcrypto is implicit for building this module! */
34 #include "rsa.h"
35 #include "msg.h"
36 #include "parse.h"
37 #include "irc_string.h"
38 #include "s_log.h"
39 #include "s_user.h"
40
41 static void failed_challenge_notice(struct Client *, const char *,
42 const char *);
43 static void m_challenge(struct Client *, struct Client *, int, char **);
44
45 /* We have openssl support, so include /CHALLENGE */
46 struct Message challenge_msgtab = {
47 "CHALLENGE", 0, 0, 2, 0, MFLG_SLOW, 0,
48 { m_unregistered, m_challenge, m_ignore, m_ignore, m_challenge, m_ignore }
49 };
50
51 #ifndef STATIC_MODULES
52 void
53 _modinit(void)
54 {
55 mod_add_cmd(&challenge_msgtab);
56 }
57
58 void
59 _moddeinit(void)
60 {
61 mod_del_cmd(&challenge_msgtab);
62 }
63
64 const char *_version = "$Revision: 1.59 $";
65 #endif
66
67 /*
68 * m_challenge - generate RSA challenge for wouldbe oper
69 * parv[0] = sender prefix
70 * parv[1] = operator to challenge for, or +response
71 *
72 */
73 static void
74 m_challenge(struct Client *client_p, struct Client *source_p,
75 int parc, char *parv[])
76 {
77 char *challenge;
78 struct ConfItem *conf=NULL;
79 struct AccessItem *aconf=NULL;
80
81 assert(source_p->localClient);
82
83 /* if theyre an oper, reprint oper motd and ignore */
84 if (IsOper(source_p))
85 {
86 sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
87 send_message_file(source_p, &ConfigFileEntry.opermotd);
88 return;
89 }
90
91 if (*parv[1] == '+')
92 {
93 /* Ignore it if we aren't expecting this... -A1kmm */
94 if (!source_p->localClient->response)
95 return;
96
97 if (irccmp(source_p->localClient->response, ++parv[1]))
98 {
99 sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
100 source_p->name);
101 failed_challenge_notice(source_p, source_p->localClient->auth_oper,
102 "challenge failed");
103 return;
104 }
105
106 if ((conf = find_exact_name_conf(OPER_TYPE,
107 source_p->localClient->auth_oper,
108 source_p->username, source_p->host
109 )) == NULL)
110 {
111 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
112 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
113 source_p->localClient->auth_oper);
114 return;
115 }
116
117 if (attach_conf(source_p, conf) != 0)
118 {
119 sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
120 me.name, source_p->name);
121 failed_challenge_notice(source_p, conf->name, "can't attach conf!");
122 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n",
123 source_p->localClient->auth_oper);
124 return;
125 }
126
127 oper_up(source_p);
128
129 ilog(L_TRACE, "OPER %s by %s!%s@%s",
130 source_p->localClient->auth_oper, source_p->name, source_p->username,
131 source_p->host);
132 log_oper_action(LOG_OPER_TYPE, source_p,
133 "%s\n", source_p->localClient->auth_oper);
134
135 MyFree(source_p->localClient->response);
136 MyFree(source_p->localClient->auth_oper);
137 source_p->localClient->response = NULL;
138 source_p->localClient->auth_oper = NULL;
139 return;
140 }
141
142 MyFree(source_p->localClient->response);
143 MyFree(source_p->localClient->auth_oper);
144 source_p->localClient->response = NULL;
145 source_p->localClient->auth_oper = NULL;
146
147 if ((conf = find_conf_exact(OPER_TYPE,
148 parv[1], source_p->username, source_p->host
149 )) != NULL)
150 {
151 aconf = (struct AccessItem *)map_to_conf(conf);
152 }
153 else if ((conf = find_conf_exact(OPER_TYPE,
154 parv[1], source_p->username,
155 source_p->sockhost)) != NULL)
156 {
157 aconf = (struct AccessItem *)map_to_conf(conf);
158 }
159
160 if(aconf == NULL)
161 {
162 sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
163 conf = find_exact_name_conf(OPER_TYPE, parv[1], NULL, NULL);
164 failed_challenge_notice(source_p, parv[1], (conf != NULL)
165 ? "host mismatch" : "no oper {} block");
166 log_oper_action(LOG_FAILED_OPER_TYPE, source_p, "%s\n", parv[1]);
167 return;
168 }
169
170 if (aconf->rsa_public_key == NULL)
171 {
172 sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
173 "is not enabled for your oper{} block.", me.name,
174 parv[0]);
175 return;
176 }
177
178 if (!generate_challenge(&challenge, &(source_p->localClient->response),
179 aconf->rsa_public_key))
180 sendto_one(source_p, form_str(RPL_RSACHALLENGE),
181 me.name, parv[0], challenge);
182
183 DupString(source_p->localClient->auth_oper, conf->name);
184 MyFree(challenge);
185 }
186
187 /* failed_challenge_notice()
188 *
189 * inputs - pointer to client doing /oper ...
190 * - pointer to nick they tried to oper as
191 * - pointer to reason they have failed
192 * output - nothing
193 * side effects - notices all opers of the failed oper attempt if enabled
194 */
195 static void
196 failed_challenge_notice(struct Client *source_p, const char *name,
197 const char *reason)
198 {
199 if (ConfigFileEntry.failed_oper_notice)
200 sendto_realops_flags(UMODE_ALL, L_ALL, "Failed CHALLENGE attempt as %s "
201 "by %s (%s@%s) - %s", name, source_p->name,
202 source_p->username, source_p->host, reason);
203 }

Properties

Name Value
svn:eol-style native
svn:keywords "Id Revision"