trunk/modules/m_challenge.c

/*
 *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
 *
 *  Copyright (c) 2000-2014 ircd-hybrid development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */

/*! \file m_challenge.c
 * \brief Includes required functions for processing the CHALLENGE command.
 * \version $Id$
 */

#include "stdinc.h"
#include "client.h"
#include "ircd.h"
#include "modules.h"
#include "numeric.h"
#include "send.h"
#include "conf.h"
#include "rsa.h"
#include "parse.h"
#include "irc_string.h"
#include "log.h"
#include "user.h"
#include "memory.h"


#ifdef HAVE_LIBCRYPTO
/*! \brief Notices all opers of the failed challenge attempt if enabled
 *
 * \param source_p Client doing /challenge ...
 * \param name     The nick they tried to oper as
 * \param reason   The reason why they have failed
 */
static void
failed_challenge_notice(struct Client *source_p, const char *name,
                        const char *reason)
{
  if (ConfigFileEntry.failed_oper_notice)
    sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
                         "Failed CHALLENGE attempt as %s "
                         "by %s (%s@%s) - %s", name, source_p->name,
                         source_p->username, source_p->host, reason);

  ilog(LOG_TYPE_OPER, "Failed CHALLENGE attempt as %s "
       "by %s (%s@%s) - %s", name, source_p->name,
       source_p->username, source_p->host, reason);
}

/*! \brief CHALLENGE command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = operator to challenge for, or +response
 */
static int
m_challenge(struct Client *source_p, int parc, char *parv[])
{
  char *challenge = NULL;
  struct MaskItem *conf = NULL;

  if (*parv[1] == '+')
  {
    /* Ignore it if we aren't expecting this... -A1kmm */
    if (source_p->localClient->response == NULL)
      return 0;

    if (irccmp(source_p->localClient->response, ++parv[1]))
    {
      sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
      failed_challenge_notice(source_p, source_p->localClient->auth_oper,
                              "challenge failed");
      return 0;
    }

    conf = find_exact_name_conf(CONF_OPER, source_p,
                                source_p->localClient->auth_oper, NULL, NULL);
    if (conf == NULL)
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      conf = find_exact_name_conf(CONF_OPER, NULL, source_p->localClient->auth_oper, NULL, NULL);
      failed_challenge_notice(source_p, source_p->localClient->auth_oper, (conf != NULL) ?
                              "host mismatch" : "no oper {} block");
      return 0;
    }

    if (attach_conf(source_p, conf) != 0)
    {
      sendto_one_notice(source_p, &me, ":Can't attach conf!");
      failed_challenge_notice(source_p, conf->name, "can't attach conf!");
      return 0;
    }

    oper_up(source_p);

    ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
         source_p->localClient->auth_oper, source_p->name, source_p->username,
         source_p->host);

    MyFree(source_p->localClient->response);
    MyFree(source_p->localClient->auth_oper);
    source_p->localClient->response  = NULL;
    source_p->localClient->auth_oper = NULL;
    return 0;
  }

  MyFree(source_p->localClient->response);
  MyFree(source_p->localClient->auth_oper);
  source_p->localClient->response  = NULL;
  source_p->localClient->auth_oper = NULL;

  conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);

  if (!conf)
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
    failed_challenge_notice(source_p, parv[1], (conf != NULL)
                            ? "host mismatch" : "no oper {} block");
    return 0;
  }

  if (conf->rsa_public_key == NULL)
  {
    sendto_one_notice(source_p, &me, ":I'm sorry, PK authentication "
                      "is not enabled for your oper{} block.");
    return 0;
  }

  if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
  {
    sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
    failed_challenge_notice(source_p, conf->name, "requires SSL/TLS");
    return 0;
  }

  if (!EmptyString(conf->certfp))
  {
    if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
    {
      sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
      failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch");
      return 0;
    }
  }

  if (!generate_challenge(&challenge, &(source_p->localClient->response),
                          conf->rsa_public_key))
    sendto_one_numeric(source_p, &me, RPL_RSACHALLENGE, challenge);

  source_p->localClient->auth_oper = xstrdup(conf->name);
  MyFree(challenge);
  return 0;
}

/*! \brief CHALLENGE command handler
 *
 * \param source_p Pointer to allocated Client struct from which the message
 *                 originally comes from.  This can be a local or remote client.
 * \param parc     Integer holding the number of supplied arguments.
 * \param parv     Argument vector where parv[0] .. parv[parc-1] are non-NULL
 *                 pointers.
 * \note Valid arguments for this command are:
 *      - parv[0] = command
 *      - parv[1] = operator to challenge for, or +response
 */
static int
mo_challenge(struct Client *source_p, int parc, char *parv[])
{
  sendto_one_numeric(source_p, &me, RPL_YOUREOPER);
  return 0;
}

static struct Message challenge_msgtab =
{
  "CHALLENGE", 0, 0, 2, MAXPARA, MFLG_SLOW, 0,
  { m_unregistered, m_challenge, m_ignore, m_ignore, mo_challenge, m_ignore }
};

static void
module_init(void)
{
  mod_add_cmd(&challenge_msgtab);
}

static void
module_exit(void)
{
  mod_del_cmd(&challenge_msgtab);
}

#else

static void
module_init(void)
{
}

static void
module_exit(void)
{
}
#endif

struct module module_entry =
{
  .node    = { NULL, NULL, NULL },
  .name    = NULL,
  .version = "$Revision$",
  .handle  = NULL,
  .modinit = module_init,
  .modexit = module_exit,
  .flags   = 0
};
Revision:	3786
Committed:	Mon Jun 2 23:27:06 2014 UTC (11 years, 2 months ago) by michael
Content type:	text/x-csrc
File size:	7023 byte(s)
Log Message:	- m_challenge.c: whitespace commit
#	Content
1	/*
2	* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3	*
4	* Copyright (c) 2000-2014 ircd-hybrid development team
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, write to the Free Software
18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19	* USA
20	*/
21
22	/*! \file m_challenge.c
23	* \brief Includes required functions for processing the CHALLENGE command.
24	* \version $Id$
25	*/
26
27	#include "stdinc.h"
28	#include "client.h"
29	#include "ircd.h"
30	#include "modules.h"
31	#include "numeric.h"
32	#include "send.h"
33	#include "conf.h"
34	#include "rsa.h"
35	#include "parse.h"
36	#include "irc_string.h"
37	#include "log.h"
38	#include "user.h"
39	#include "memory.h"
40
41
42	#ifdef HAVE_LIBCRYPTO
43	/*! \brief Notices all opers of the failed challenge attempt if enabled
44	*
45	* \param source_p Client doing /challenge ...
46	* \param name The nick they tried to oper as
47	* \param reason The reason why they have failed
48	*/
49	static void
50	failed_challenge_notice(struct Client source_p, const char name,
51	const char *reason)
52	{
53	if (ConfigFileEntry.failed_oper_notice)
54	sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
55	"Failed CHALLENGE attempt as %s "
56	"by %s (%s@%s) - %s", name, source_p->name,
57	source_p->username, source_p->host, reason);
58
59	ilog(LOG_TYPE_OPER, "Failed CHALLENGE attempt as %s "
60	"by %s (%s@%s) - %s", name, source_p->name,
61	source_p->username, source_p->host, reason);
62	}
63
64	/*! \brief CHALLENGE command handler
65	*
66	* \param source_p Pointer to allocated Client struct from which the message
67	* originally comes from. This can be a local or remote client.
68	* \param parc Integer holding the number of supplied arguments.
69	* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
70	* pointers.
71	* \note Valid arguments for this command are:
72	* - parv[0] = command
73	* - parv[1] = operator to challenge for, or +response
74	*/
75	static int
76	m_challenge(struct Client source_p, int parc, char parv[])
77	{
78	char *challenge = NULL;
79	struct MaskItem *conf = NULL;
80
81	if (*parv[1] == '+')
82	{
83	/* Ignore it if we aren't expecting this... -A1kmm */
84	if (source_p->localClient->response == NULL)
85	return 0;
86
87	if (irccmp(source_p->localClient->response, ++parv[1]))
88	{
89	sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
90	failed_challenge_notice(source_p, source_p->localClient->auth_oper,
91	"challenge failed");
92	return 0;
93	}
94
95	conf = find_exact_name_conf(CONF_OPER, source_p,
96	source_p->localClient->auth_oper, NULL, NULL);
97	if (conf == NULL)
98	{
99	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
100	conf = find_exact_name_conf(CONF_OPER, NULL, source_p->localClient->auth_oper, NULL, NULL);
101	failed_challenge_notice(source_p, source_p->localClient->auth_oper, (conf != NULL) ?
102	"host mismatch" : "no oper {} block");
103	return 0;
104	}
105
106	if (attach_conf(source_p, conf) != 0)
107	{
108	sendto_one_notice(source_p, &me, ":Can't attach conf!");
109	failed_challenge_notice(source_p, conf->name, "can't attach conf!");
110	return 0;
111	}
112
113	oper_up(source_p);
114
115	ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
116	source_p->localClient->auth_oper, source_p->name, source_p->username,
117	source_p->host);
118
119	MyFree(source_p->localClient->response);
120	MyFree(source_p->localClient->auth_oper);
121	source_p->localClient->response = NULL;
122	source_p->localClient->auth_oper = NULL;
123	return 0;
124	}
125
126	MyFree(source_p->localClient->response);
127	MyFree(source_p->localClient->auth_oper);
128	source_p->localClient->response = NULL;
129	source_p->localClient->auth_oper = NULL;
130
131	conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);
132
133	if (!conf)
134	{
135	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
136	conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
137	failed_challenge_notice(source_p, parv[1], (conf != NULL)
138	? "host mismatch" : "no oper {} block");
139	return 0;
140	}
141
142	if (conf->rsa_public_key == NULL)
143	{
144	sendto_one_notice(source_p, &me, ":I'm sorry, PK authentication "
145	"is not enabled for your oper{} block.");
146	return 0;
147	}
148
149	if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
150	{
151	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
152	failed_challenge_notice(source_p, conf->name, "requires SSL/TLS");
153	return 0;
154	}
155
156	if (!EmptyString(conf->certfp))
157	{
158	if (EmptyString(source_p->certfp) \|\| strcasecmp(source_p->certfp, conf->certfp))
159	{
160	sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
161	failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch");
162	return 0;
163	}
164	}
165
166	if (!generate_challenge(&challenge, &(source_p->localClient->response),
167	conf->rsa_public_key))
168	sendto_one_numeric(source_p, &me, RPL_RSACHALLENGE, challenge);
169
170	source_p->localClient->auth_oper = xstrdup(conf->name);
171	MyFree(challenge);
172	return 0;
173	}
174
175	/*! \brief CHALLENGE command handler
176	*
177	* \param source_p Pointer to allocated Client struct from which the message
178	* originally comes from. This can be a local or remote client.
179	* \param parc Integer holding the number of supplied arguments.
180	* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
181	* pointers.
182	* \note Valid arguments for this command are:
183	* - parv[0] = command
184	* - parv[1] = operator to challenge for, or +response
185	*/
186	static int
187	mo_challenge(struct Client source_p, int parc, char parv[])
188	{
189	sendto_one_numeric(source_p, &me, RPL_YOUREOPER);
190	return 0;
191	}
192
193	static struct Message challenge_msgtab =
194	{
195	"CHALLENGE", 0, 0, 2, MAXPARA, MFLG_SLOW, 0,
196	{ m_unregistered, m_challenge, m_ignore, m_ignore, mo_challenge, m_ignore }
197	};
198
199	static void
200	module_init(void)
201	{
202	mod_add_cmd(&challenge_msgtab);
203	}
204
205	static void
206	module_exit(void)
207	{
208	mod_del_cmd(&challenge_msgtab);
209	}
210
211	#else
212
213	static void
214	module_init(void)
215	{
216	}
217
218	static void
219	module_exit(void)
220	{
221	}
222	#endif
223
224	struct module module_entry =
225	{
226	.node = { NULL, NULL, NULL },
227	.name = NULL,
228	.version = "$Revision$",
229	.handle = NULL,
230	.modinit = module_init,
231	.modexit = module_exit,
232	.flags = 0
233	};