trunk/modules/m_challenge.c

/*
 *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
 *
 *  Copyright (c) 2000-2014 ircd-hybrid development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */

/*! \file m_challenge.c
 * \brief Includes required functions for processing the CHALLENGE command.
 * \version $Id$
 */

#include "stdinc.h"
#include "client.h"
#include "ircd.h"
#include "modules.h"
#include "numeric.h"
#include "send.h"
#include "conf.h"
#include "rsa.h"
#include "parse.h"
#include "irc_string.h"
#include "log.h"
#include "s_user.h"
#include "memory.h"


#ifdef HAVE_LIBCRYPTO
/* failed_challenge_notice()
 *
 * inputs       - pointer to client doing /oper ...
 *              - pointer to nick they tried to oper as
 *              - pointer to reason they have failed
 * output       - nothing
 * side effects - notices all opers of the failed oper attempt if enabled
 */
static void
failed_challenge_notice(struct Client *source_p, const char *name,
                        const char *reason)
{
  if (ConfigFileEntry.failed_oper_notice)
    sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
                         "Failed CHALLENGE attempt as %s "
                         "by %s (%s@%s) - %s", name, source_p->name,
                         source_p->username, source_p->host, reason);

  ilog(LOG_TYPE_OPER, "Failed CHALLENGE attempt as %s "
       "by %s (%s@%s) - %s", name, source_p->name,
       source_p->username, source_p->host, reason);
}

/*! \brief CHALLENGE command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = operator to challenge for, or +response
 */
static int
m_challenge(struct Client *source_p, int parc, char *parv[])
{
  char *challenge = NULL;
  struct MaskItem *conf = NULL;

  if (*parv[1] == '+')
  {
    /* Ignore it if we aren't expecting this... -A1kmm */
    if (source_p->localClient->response == NULL)
      return 0;

    if (irccmp(source_p->localClient->response, ++parv[1]))
    {
      sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
      failed_challenge_notice(source_p, source_p->localClient->auth_oper,
                              "challenge failed");
      return 0;
    }
    
    conf = find_exact_name_conf(CONF_OPER, source_p,
                                source_p->localClient->auth_oper, NULL, NULL);
    if (conf == NULL)
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      conf = find_exact_name_conf(CONF_OPER, NULL, source_p->localClient->auth_oper, NULL, NULL);
      failed_challenge_notice(source_p, source_p->localClient->auth_oper, (conf != NULL) ?
                              "host mismatch" : "no oper {} block");
      return 0;
    }

    if (attach_conf(source_p, conf) != 0)
    {
      sendto_one_notice(source_p, &me, ":Can't attach conf!");   
      failed_challenge_notice(source_p, conf->name, "can't attach conf!");
      return 0;
    }

    oper_up(source_p);

    ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
         source_p->localClient->auth_oper, source_p->name, source_p->username,
         source_p->host);

    MyFree(source_p->localClient->response);
    MyFree(source_p->localClient->auth_oper);
    source_p->localClient->response  = NULL;
    source_p->localClient->auth_oper = NULL;
    return 0;
  }

  MyFree(source_p->localClient->response);
  MyFree(source_p->localClient->auth_oper);
  source_p->localClient->response  = NULL;
  source_p->localClient->auth_oper = NULL;

  conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);

  if (!conf)
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
    failed_challenge_notice(source_p, parv[1], (conf != NULL)
                            ? "host mismatch" : "no oper {} block");
    return 0;
  }

  if (conf->rsa_public_key == NULL)
  {
    sendto_one_notice(source_p, &me, ":I'm sorry, PK authentication "
                      "is not enabled for your oper{} block.");
    return 0;
  }

  if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    failed_challenge_notice(source_p, conf->name, "requires SSL/TLS");
    return 0;
  }

  if (!EmptyString(conf->certfp))
  {
    if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch");
      return 0;
    }
  }

  if (!generate_challenge(&challenge, &(source_p->localClient->response),
                          conf->rsa_public_key))
    sendto_one_numeric(source_p, &me, RPL_RSACHALLENGE, challenge);

  source_p->localClient->auth_oper = xstrdup(conf->name);
  MyFree(challenge);
  return 0;
}

/*! \brief CHALLENGE command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = operator to challenge for, or +response
 */
static int
mo_challenge(struct Client *source_p, int parc, char *parv[])
{
  sendto_one_numeric(source_p, &me, RPL_YOUREOPER);
  return 0;
}

static struct Message challenge_msgtab =
{
  "CHALLENGE", 0, 0, 2, MAXPARA, MFLG_SLOW, 0,
  { m_unregistered, m_challenge, m_ignore, m_ignore, mo_challenge, m_ignore }
};

static void
module_init(void)
{
  mod_add_cmd(&challenge_msgtab);
}

static void
module_exit(void)
{
  mod_del_cmd(&challenge_msgtab);
}

#else

static void
module_init(void)
{
}

static void
module_exit(void)
{
}
#endif

struct module module_entry =
{
  .node    = { NULL, NULL, NULL },
  .name    = NULL,
  .version = "$Revision$",
  .handle  = NULL,
  .modinit = module_init,
  .modexit = module_exit,
  .flags   = 0
};
Revision:	3300
Committed:	Sat Apr 12 18:26:22 2014 UTC (11 years, 4 months ago) by michael
Content type:	text/x-csrc
File size:	7102 byte(s)
Log Message:	- doxygen
#	User	Rev	Content
1	adx	30	/*
2	michael	2820	* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3	adx	30	*
4	michael	2820	* Copyright (c) 2000-2014 ircd-hybrid development team
5	adx	30	*
6			* This program is free software; you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation; either version 2 of the License, or
9			* (at your option) any later version.
10			*
11			* This program is distributed in the hope that it will be useful,
12			* but WITHOUT ANY WARRANTY; without even the implied warranty of
13			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14			* GNU General Public License for more details.
15			*
16			* You should have received a copy of the GNU General Public License
17			* along with this program; if not, write to the Free Software
18			* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19			* USA
20			*/
21
22	michael	2820	/*! \file m_challenge.c
23			* \brief Includes required functions for processing the CHALLENGE command.
24			* \version $Id$
25			*/
26
27	adx	30	#include "stdinc.h"
28			#include "client.h"
29			#include "ircd.h"
30			#include "modules.h"
31			#include "numeric.h"
32			#include "send.h"
33	michael	1309	#include "conf.h"
34	adx	30	#include "rsa.h"
35			#include "parse.h"
36			#include "irc_string.h"
37	michael	1309	#include "log.h"
38	adx	30	#include "s_user.h"
39	michael	1666	#include "memory.h"
40	adx	30
41
42	michael	1415	#ifdef HAVE_LIBCRYPTO
43	michael	1230	/* failed_challenge_notice()
44			*
45			* inputs - pointer to client doing /oper ...
46			* - pointer to nick they tried to oper as
47			* - pointer to reason they have failed
48			* output - nothing
49			* side effects - notices all opers of the failed oper attempt if enabled
50			*/
51			static void
52			failed_challenge_notice(struct Client source_p, const char name,
53			const char *reason)
54	adx	30	{
55	michael	1230	if (ConfigFileEntry.failed_oper_notice)
56	michael	1618	sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
57			"Failed CHALLENGE attempt as %s "
58	michael	1230	"by %s (%s@%s) - %s", name, source_p->name,
59			source_p->username, source_p->host, reason);
60	michael	1247
61			ilog(LOG_TYPE_OPER, "Failed CHALLENGE attempt as %s "
62			"by %s (%s@%s) - %s", name, source_p->name,
63			source_p->username, source_p->host, reason);
64	adx	30	}
65
66	michael	3300	/*! \brief CHALLENGE command handler
67	adx	30	*
68	michael	3300	* \param source_p Pointer to allocated Client struct from which the message
69			* originally comes from. This can be a local or remote client.
70			* \param parc Integer holding the number of supplied arguments.
71			* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
72			* pointers.
73			* \note Valid arguments for this command are:
74			* - parv[0] = command
75			* - parv[1] = operator to challenge for, or +response
76	adx	30	*/
77	michael	2820	static int
78	michael	3156	m_challenge(struct Client source_p, int parc, char parv[])
79	adx	30	{
80	michael	817	char *challenge = NULL;
81	michael	1632	struct MaskItem *conf = NULL;
82	adx	30
83			if (*parv[1] == '+')
84			{
85			/* Ignore it if we aren't expecting this... -A1kmm */
86	michael	817	if (source_p->localClient->response == NULL)
87	michael	2820	return 0;
88	adx	30
89			if (irccmp(source_p->localClient->response, ++parv[1]))
90			{
91	michael	3109	sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
92	adx	30	failed_challenge_notice(source_p, source_p->localClient->auth_oper,
93	michael	1121	"challenge failed");
94	michael	2820	return 0;
95	adx	30	}
96	michael	817
97	michael	1632	conf = find_exact_name_conf(CONF_OPER, source_p,
98	michael	1285	source_p->localClient->auth_oper, NULL, NULL);
99	michael	817	if (conf == NULL)
100	adx	30	{
101	michael	3109	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
102	michael	3007	conf = find_exact_name_conf(CONF_OPER, NULL, source_p->localClient->auth_oper, NULL, NULL);
103			failed_challenge_notice(source_p, source_p->localClient->auth_oper, (conf != NULL) ?
104			"host mismatch" : "no oper {} block");
105	michael	2820	return 0;
106	adx	30	}
107
108			if (attach_conf(source_p, conf) != 0)
109			{
110	michael	3110	sendto_one_notice(source_p, &me, ":Can't attach conf!");
111	adx	30	failed_challenge_notice(source_p, conf->name, "can't attach conf!");
112	michael	2820	return 0;
113	adx	30	}
114
115			oper_up(source_p);
116
117	michael	1247	ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
118	michael	2224	source_p->localClient->auth_oper, source_p->name, source_p->username,
119			source_p->host);
120	adx	30
121			MyFree(source_p->localClient->response);
122			MyFree(source_p->localClient->auth_oper);
123			source_p->localClient->response = NULL;
124			source_p->localClient->auth_oper = NULL;
125	michael	2820	return 0;
126	adx	30	}
127
128			MyFree(source_p->localClient->response);
129			MyFree(source_p->localClient->auth_oper);
130			source_p->localClient->response = NULL;
131			source_p->localClient->auth_oper = NULL;
132
133	michael	1636	conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);
134	adx	30
135	michael	1632	if (!conf)
136	adx	30	{
137	michael	3109	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
138	michael	1632	conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
139	adx	30	failed_challenge_notice(source_p, parv[1], (conf != NULL)
140			? "host mismatch" : "no oper {} block");
141	michael	2820	return 0;
142	adx	30	}
143
144	michael	1632	if (conf->rsa_public_key == NULL)
145	adx	30	{
146	michael	3110	sendto_one_notice(source_p, &me, ":I'm sorry, PK authentication "
147			"is not enabled for your oper{} block.");
148	michael	2820	return 0;
149	adx	30	}
150
151	michael	2248	if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
152			{
153	michael	3109	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
154	michael	2248	failed_challenge_notice(source_p, conf->name, "requires SSL/TLS");
155	michael	2820	return 0;
156	michael	2248	}
157
158	michael	2232	if (!EmptyString(conf->certfp))
159			{
160			if (EmptyString(source_p->certfp) \|\| strcasecmp(source_p->certfp, conf->certfp))
161			{
162	michael	3109	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
163	michael	2232	failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch");
164	michael	2820	return 0;
165	michael	2232	}
166			}
167
168	adx	30	if (!generate_challenge(&challenge, &(source_p->localClient->response),
169	michael	1632	conf->rsa_public_key))
170	michael	3109	sendto_one_numeric(source_p, &me, RPL_RSACHALLENGE, challenge);
171	adx	30
172	michael	1646	source_p->localClient->auth_oper = xstrdup(conf->name);
173	adx	30	MyFree(challenge);
174	michael	2820	return 0;
175	adx	30	}
176
177	michael	3300	/*! \brief CHALLENGE command handler
178			*
179			* \param source_p Pointer to allocated Client struct from which the message
180			* originally comes from. This can be a local or remote client.
181			* \param parc Integer holding the number of supplied arguments.
182			* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
183			* pointers.
184			* \note Valid arguments for this command are:
185			* - parv[0] = command
186			* - parv[1] = operator to challenge for, or +response
187			*/
188	michael	2820	static int
189	michael	3156	mo_challenge(struct Client source_p, int parc, char parv[])
190	michael	1467	{
191	michael	3109	sendto_one_numeric(source_p, &me, RPL_YOUREOPER);
192	michael	2820	return 0;
193	michael	1467	}
194
195	michael	2820	static struct Message challenge_msgtab =
196			{
197	michael	1230	"CHALLENGE", 0, 0, 2, MAXPARA, MFLG_SLOW, 0,
198	michael	1467	{ m_unregistered, m_challenge, m_ignore, m_ignore, mo_challenge, m_ignore }
199	michael	1230	};
200
201	adx	30	static void
202	michael	1230	module_init(void)
203	adx	30	{
204	michael	1230	mod_add_cmd(&challenge_msgtab);
205	adx	30	}
206	michael	1230
207			static void
208			module_exit(void)
209			{
210			mod_del_cmd(&challenge_msgtab);
211			}
212
213	michael	1415	#else
214
215			static void
216			module_init(void)
217			{
218			}
219
220			static void
221			module_exit(void)
222			{
223			}
224			#endif
225
226	michael	2820	struct module module_entry =
227			{
228	michael	1230	.node = { NULL, NULL, NULL },
229			.name = NULL,
230			.version = "$Revision$",
231			.handle = NULL,
232			.modinit = module_init,
233			.modexit = module_exit,
234			.flags = 0
235			};