trunk/modules/m_oper.c

/*
 *  ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
 *  m_oper.c: Makes a user an IRC Operator.
 *
 *  Copyright (C) 2002 by the past and present ircd coders, and others.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
 *  $Id$
 */

#include "stdinc.h"
#include "list.h"
#include "client.h"
#include "irc_string.h"
#include "ircd.h"
#include "numeric.h"
#include "conf.h"
#include "log.h"
#include "s_user.h"
#include "send.h"
#include "parse.h"
#include "modules.h"
#include "packet.h"


/* failed_oper_notice()
 *
 * inputs       - pointer to client doing /oper ...
 *              - pointer to nick they tried to oper as
 *              - pointer to reason they have failed
 * output       - nothing
 * side effects - notices all opers of the failed oper attempt if enabled
 */
static void
failed_oper_notice(struct Client *source_p, const char *name,
                   const char *reason)
{
  if (ConfigFileEntry.failed_oper_notice)
    sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
                         "Failed OPER attempt as %s by %s (%s@%s) - %s",
                         name, source_p->name, source_p->username,
                         source_p->host, reason);

  ilog(LOG_TYPE_OPER, "Failed OPER attempt as %s by %s (%s@%s) - %s",
       name, source_p->name, source_p->username,
       source_p->host, reason);
}

/*
** m_oper
**      parv[0] = sender prefix
**      parv[1] = oper name
**      parv[2] = oper password
*/
static void
m_oper(struct Client *client_p, struct Client *source_p,
       int parc, char *parv[])
{
  struct MaskItem *conf = NULL;
  const char *name = parv[1];
  const char *password = parv[2];

  if (EmptyString(password))
  {
    sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
               me.name, source_p->name, "OPER");
    return;
  }

  /* end the grace period */
  if (!IsFloodDone(source_p))
    flood_endgrace(source_p);

  if ((conf = find_exact_name_conf(CONF_OPER, source_p, name, NULL, NULL)) == NULL)
  {
    sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
    conf = find_exact_name_conf(CONF_OPER, NULL, name, NULL, NULL);
    failed_oper_notice(source_p, name, (conf != NULL) ?
                       "host mismatch" : "no oper {} block");
    return;
  }

  if (!EmptyString(conf->certfp))
  {
    if (source_p->certfp[0] == '\0' || strcasecmp(source_p->certfp, conf->certfp))
    {
      sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
      failed_oper_notice(source_p, name, "client certificate fingerprint mismatch");
      return;
    }
  }

  if (match_conf_password(password, conf))
  {
    if (attach_conf(source_p, conf) != 0)
    {
      sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
                 me.name, source_p->name);
      failed_oper_notice(source_p, name, "can't attach conf!");
      return;
    }

    ++conf->count;
    oper_up(source_p);

    ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
         name, source_p->name, source_p->username, source_p->host);
  }
  else
  {
    sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
    failed_oper_notice(source_p, name, "password mismatch");
  }
}

/*
** mo_oper
**      parv[0] = sender prefix
**      parv[1] = oper name
**      parv[2] = oper password
*/
static void
mo_oper(struct Client *client_p, struct Client *source_p,
        int parc, char *parv[])
{
  sendto_one(source_p, form_str(RPL_YOUREOPER),
             me.name, source_p->name);
}

static struct Message oper_msgtab = {
  "OPER", 0, 0, 3, MAXPARA, MFLG_SLOW, 0,
  { m_unregistered, m_oper, m_ignore, m_ignore, mo_oper, m_ignore }
};

static void
module_init(void)
{
  mod_add_cmd(&oper_msgtab);
}

static void
module_exit(void)
{
  mod_del_cmd(&oper_msgtab);
}

struct module module_entry = {
  .node    = { NULL, NULL, NULL },
  .name    = NULL,
  .version = "$Revision$",
  .handle  = NULL,
  .modinit = module_init,
  .modexit = module_exit,
  .flags   = 0
};
Revision:	2228
Committed:	Thu Jun 13 19:46:30 2013 UTC (12 years, 2 months ago) by michael
Content type:	text/x-csrc
File size:	4667 byte(s)
Log Message:	- Implement certificate fingerprint validation for oper{} and connect{} blocks. Some code taken from oftc-hybrid. Hello, stu!
#	User	Rev	Content
1	adx	30	/*
2			* ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3			* m_oper.c: Makes a user an IRC Operator.
4			*
5			* Copyright (C) 2002 by the past and present ircd coders, and others.
6			*
7			* This program is free software; you can redistribute it and/or modify
8			* it under the terms of the GNU General Public License as published by
9			* the Free Software Foundation; either version 2 of the License, or
10			* (at your option) any later version.
11			*
12			* This program is distributed in the hope that it will be useful,
13			* but WITHOUT ANY WARRANTY; without even the implied warranty of
14			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			* GNU General Public License for more details.
16			*
17			* You should have received a copy of the GNU General Public License
18			* along with this program; if not, write to the Free Software
19			* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20			* USA
21			*
22	knight	31	* $Id$
23	adx	30	*/
24
25			#include "stdinc.h"
26	michael	1011	#include "list.h"
27	adx	30	#include "client.h"
28			#include "irc_string.h"
29			#include "ircd.h"
30			#include "numeric.h"
31	michael	1309	#include "conf.h"
32			#include "log.h"
33	adx	30	#include "s_user.h"
34			#include "send.h"
35			#include "parse.h"
36			#include "modules.h"
37			#include "packet.h"
38
39
40
41	michael	1230	/* failed_oper_notice()
42			*
43			* inputs - pointer to client doing /oper ...
44			* - pointer to nick they tried to oper as
45			* - pointer to reason they have failed
46			* output - nothing
47			* side effects - notices all opers of the failed oper attempt if enabled
48			*/
49			static void
50			failed_oper_notice(struct Client source_p, const char name,
51			const char *reason)
52	adx	30	{
53	michael	1230	if (ConfigFileEntry.failed_oper_notice)
54	michael	1618	sendto_realops_flags(UMODE_ALL, L_ALL, SEND_NOTICE,
55			"Failed OPER attempt as %s by %s (%s@%s) - %s",
56			name, source_p->name, source_p->username,
57			source_p->host, reason);
58	michael	1247
59	michael	1618	ilog(LOG_TYPE_OPER, "Failed OPER attempt as %s by %s (%s@%s) - %s",
60			name, source_p->name, source_p->username,
61			source_p->host, reason);
62	adx	30	}
63
64			/*
65			** m_oper
66			** parv[0] = sender prefix
67			** parv[1] = oper name
68			** parv[2] = oper password
69			*/
70			static void
71			m_oper(struct Client client_p, struct Client source_p,
72			int parc, char *parv[])
73			{
74	michael	1632	struct MaskItem *conf = NULL;
75	adx	30	const char *name = parv[1];
76			const char *password = parv[2];
77
78			if (EmptyString(password))
79			{
80	michael	1834	sendto_one(source_p, form_str(ERR_NEEDMOREPARAMS),
81	michael	1446	me.name, source_p->name, "OPER");
82	adx	30	return;
83			}
84
85			/* end the grace period */
86			if (!IsFloodDone(source_p))
87			flood_endgrace(source_p);
88
89	michael	1632	if ((conf = find_exact_name_conf(CONF_OPER, source_p, name, NULL, NULL)) == NULL)
90	adx	30	{
91	michael	1834	sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
92	michael	1632	conf = find_exact_name_conf(CONF_OPER, NULL, name, NULL, NULL);
93	adx	30	failed_oper_notice(source_p, name, (conf != NULL) ?
94			"host mismatch" : "no oper {} block");
95			return;
96			}
97
98	michael	2228	if (!EmptyString(conf->certfp))
99			{
100			if (source_p->certfp[0] == '\0' \|\| strcasecmp(source_p->certfp, conf->certfp))
101			{
102			sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
103			failed_oper_notice(source_p, name, "client certificate fingerprint mismatch");
104			return;
105			}
106			}
107
108	michael	1632	if (match_conf_password(password, conf))
109	adx	30	{
110			if (attach_conf(source_p, conf) != 0)
111			{
112			sendto_one(source_p, ":%s NOTICE %s :Can't attach conf!",
113			me.name, source_p->name);
114			failed_oper_notice(source_p, name, "can't attach conf!");
115			return;
116			}
117
118	michael	1925	++conf->count;
119	adx	30	oper_up(source_p);
120
121	michael	1247	ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
122	adx	30	name, source_p->name, source_p->username, source_p->host);
123			}
124			else
125			{
126	michael	1834	sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
127	adx	30	failed_oper_notice(source_p, name, "password mismatch");
128			}
129			}
130
131			/*
132			** mo_oper
133			** parv[0] = sender prefix
134			** parv[1] = oper name
135			** parv[2] = oper password
136			*/
137			static void
138			mo_oper(struct Client client_p, struct Client source_p,
139			int parc, char *parv[])
140			{
141	michael	1834	sendto_one(source_p, form_str(RPL_YOUREOPER),
142	michael	1446	me.name, source_p->name);
143	adx	30	}
144
145	michael	1230	static struct Message oper_msgtab = {
146			"OPER", 0, 0, 3, MAXPARA, MFLG_SLOW, 0,
147			{ m_unregistered, m_oper, m_ignore, m_ignore, mo_oper, m_ignore }
148			};
149
150			static void
151			module_init(void)
152	adx	30	{
153	michael	1230	mod_add_cmd(&oper_msgtab);
154	adx	30	}
155
156			static void
157	michael	1230	module_exit(void)
158	adx	30	{
159	michael	1230	mod_del_cmd(&oper_msgtab);
160	adx	30	}
161	michael	1230
162			struct module module_entry = {
163			.node = { NULL, NULL, NULL },
164			.name = NULL,
165			.version = "$Revision$",
166			.handle = NULL,
167			.modinit = module_init,
168			.modexit = module_exit,
169			.flags = 0
170			};