static void
h_can_join(hook_data_channel *data)
{
struct Client *source_p = data->client;
struct Channel *chptr = data->chptr;
if((chptr->mode.mode & chmode_flags['S']) && !IsSSLClient(source_p)) {
sendto_one_notice(source_p, ":Only users using SSL could join this channel!");
data->approved = ERR_CUSTOM;
}
}
/*
* m_challenge - generate RSA challenge for wouldbe oper
* parv[1] = operator to challenge for, or +response
*
*/
static int
m_challenge(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct oper_conf *oper_p;
char *challenge = NULL; /* to placate gcc */
char chal_line[CHALLENGE_WIDTH];
unsigned char *b_response;
size_t cnt;
int len = 0;
/* if theyre an oper, reprint oper motd and ignore */
if(IsOper(source_p))
{
sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, source_p->name);
send_oper_motd(source_p);
return 0;
}
if(*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if(!source_p->localClient->challenge)
return 0;
if((rb_current_time() - source_p->localClient->chal_time) > CHALLENGE_EXPIRES)
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
ilog(L_FOPER, "EXPIRED CHALLENGE (%s) by (%s!%s@%s) (%s)",
source_p->localClient->opername, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Expired CHALLENGE attempt by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
cleanup_challenge(source_p);
return 0;
}
parv[1]++;
b_response = rb_base64_decode((const unsigned char *)parv[1], strlen(parv[1]), &len);
if(len != SHA_DIGEST_LENGTH ||
memcmp(source_p->localClient->challenge, b_response, SHA_DIGEST_LENGTH))
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name, source_p->name);
ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s)",
source_p->localClient->opername, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed CHALLENGE attempt by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
rb_free(b_response);
cleanup_challenge(source_p);
return 0;
}
rb_free(b_response);
oper_p = find_oper_conf(source_p->username, source_p->orighost,
source_p->sockhost,
source_p->localClient->opername);
if(oper_p == NULL)
{
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
source_p->localClient->opername, source_p->name,
source_p->username, source_p->host,
source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed CHALLENGE attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username,
source_p->host);
return 0;
}
cleanup_challenge(source_p);
oper_up(source_p, oper_p);
ilog(L_OPERED, "OPER %s by %s!%s@%s (%s)",
source_p->localClient->opername, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
return 0;
}
cleanup_challenge(source_p);
oper_p = find_oper_conf(source_p->username, source_p->orighost,
source_p->sockhost, parv[1]);
if(oper_p == NULL)
{
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
parv[1], source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed CHALLENGE attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
return 0;
}
if(!oper_p->rsa_pubkey)
{
sendto_one_notice(source_p, ":I'm sorry, PK authentication is not enabled for your oper{} block.");
return 0;
}
if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p))
{
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS",
parv[1], source_p->name, source_p->username, source_p->host,
source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Failed CHALLENGE attempt - missing SSL/TLS by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return 0;
}
if (oper_p->certfp != NULL)
{
if (source_p->certfp == NULL || strcasecmp(source_p->certfp, oper_p->certfp))
{
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- client certificate fingerprint mismatch",
parv[1], source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice)
{
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Failed OPER attempt - client certificate fingerprint mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return 0;
}
}
if(!generate_challenge(&challenge, &(source_p->localClient->challenge), oper_p->rsa_pubkey))
{
char *chal = challenge;
source_p->localClient->chal_time = rb_current_time();
for(;;)
{
cnt = rb_strlcpy(chal_line, chal, CHALLENGE_WIDTH);
sendto_one(source_p, form_str(RPL_RSACHALLENGE2), me.name, source_p->name, chal_line);
if(cnt > CHALLENGE_WIDTH)
chal += CHALLENGE_WIDTH - 1;
else
break;
}
sendto_one(source_p, form_str(RPL_ENDOFRSACHALLENGE2),
me.name, source_p->name);
rb_free(challenge);
source_p->localClient->opername = rb_strdup(oper_p->name);
}
else
sendto_one_notice(source_p, ":Failed to generate challenge.");
return 0;
}
/*
* m_oper
* parv[1] = oper name
* parv[2] = oper password
*/
static int
m_oper(struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct oper_conf *oper_p;
const char *name;
const char *password;
name = parv[1];
password = parv[2];
if(IsOper(source_p)) {
sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, source_p->name);
send_oper_motd(source_p);
return 0;
}
/* end the grace period */
if(!IsFloodDone(source_p))
flood_endgrace(source_p);
oper_p = find_oper_conf(source_p->username, source_p->orighost,
source_p->sockhost, name);
if(oper_p == NULL) {
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
name, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice) {
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed OPER attempt - host mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return 0;
}
if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p)) {
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS",
name, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice) {
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Failed OPER attempt - missing SSL/TLS by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return 0;
}
if (oper_p->certfp != NULL) {
if (source_p->certfp == NULL || strcasecmp(source_p->certfp, oper_p->certfp)) {
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- client certificate fingerprint mismatch",
name, source_p->name,
source_p->username, source_p->host, source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice) {
sendto_realops_snomask(SNO_GENERAL, L_ALL,
"Failed OPER attempt - client certificate fingerprint mismatch by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
return 0;
}
}
if(match_oper_password(password, oper_p)) {
oper_up(source_p, oper_p);
ilog(L_OPERED, "OPER %s by %s!%s@%s (%s)",
name, source_p->name, source_p->username, source_p->host,
source_p->sockhost);
return 0;
} else {
sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
name, source_p->name, source_p->username, source_p->host,
source_p->sockhost);
if(ConfigFileEntry.failed_oper_notice) {
sendto_realops_snomask(SNO_GENERAL, L_NETWIDE,
"Failed OPER attempt by %s (%s@%s)",
source_p->name, source_p->username, source_p->host);
}
}
return 0;
}
static int
m_cmessage(int p_or_n, const char *command,
struct Client *client_p, struct Client *source_p, int parc, const char *parv[])
{
struct Client *target_p;
struct Channel *chptr;
struct membership *msptr;
if(!IsFloodDone(source_p))
flood_endgrace(source_p);
if((target_p = find_named_person(parv[1])) == NULL)
{
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_NOSUCHNICK,
form_str(ERR_NOSUCHNICK), parv[1]);
return 0;
}
if((chptr = find_channel(parv[2])) == NULL)
{
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_NOSUCHCHANNEL,
form_str(ERR_NOSUCHCHANNEL), parv[2]);
return 0;
}
if((msptr = find_channel_membership(chptr, source_p)) == NULL)
{
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_NOTONCHANNEL,
form_str(ERR_NOTONCHANNEL),
chptr->chname);
return 0;
}
if(!is_chanop_voiced(msptr))
{
if(p_or_n != NOTICE)
sendto_one(source_p, form_str(ERR_VOICENEEDED),
me.name, source_p->name, chptr->chname);
return 0;
}
if(!IsMember(target_p, chptr))
{
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_USERNOTINCHANNEL,
form_str(ERR_USERNOTINCHANNEL),
target_p->name, chptr->chname);
return 0;
}
if((MyClient(target_p) && (IsSetCallerId(target_p) || (IsSetRegOnlyMsg(target_p) && !source_p->user->suser[0]) ||
(IsSetSslOnlyMsg(target_p) && !IsSSLClient(source_p))) &&
!accept_message(source_p, target_p) && !IsOper(source_p))
)
{
if (IsSetRegOnlyMsg(target_p) && !source_p->user->suser[0])
{
if (p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_NONONREG,
form_str(ERR_NONONREG),
target_p->name);
return 0;
}
if (IsSetSslOnlyMsg(target_p) && !IsSSLClient(source_p))
{
if (p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_NONONSSL,
form_str(ERR_NONONSSL),
target_p->name);
return 0;
}
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, ERR_TARGUMODEG,
form_str(ERR_TARGUMODEG), target_p->name);
if((target_p->localClient->last_caller_id_time +
ConfigFileEntry.caller_id_wait) < rb_current_time())
{
if(p_or_n != NOTICE)
sendto_one_numeric(source_p, RPL_TARGNOTIFY,
form_str(RPL_TARGNOTIFY),
target_p->name);
sendto_one(target_p, form_str(RPL_UMODEGMSG),
me.name, target_p->name, source_p->name,
source_p->username, source_p->host);
target_p->localClient->last_caller_id_time = rb_current_time();
}
return 0;
}
if(p_or_n != NOTICE)
source_p->localClient->last = rb_current_time();
sendto_anywhere(target_p, source_p, command, ":%s", parv[3]);
return 0;
}
