anAuthStruct *Auth_ConvertConf2AuthStruct(ConfigEntry *ce)
{
short type = AUTHTYPE_PLAINTEXT;
anAuthStruct *as = NULL;
/* If there is a {}, use it */
if (ce->ce_entries)
{
if (ce->ce_entries->ce_varname)
{
type = Auth_FindType(ce->ce_entries->ce_varname);
}
}
as = (anAuthStruct *) MyMalloc(sizeof(anAuthStruct));
as->data = strdup(ce->ce_vardata);
as->type = type;
return as;
}
int Auth_CheckError(ConfigEntry *ce)
{
short type = AUTHTYPE_PLAINTEXT;
#ifdef AUTHENABLE_SSL_CLIENTCERT
X509 *x509_filecert = NULL;
FILE *x509_f = NULL;
#endif
if (!ce->ce_vardata)
{
config_error("%s:%i: authentication module failure: missing parameter",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
return -1;
}
if (ce->ce_entries && ce->ce_entries->ce_next)
{
config_error("%s:%i: you may not have multiple authentication methods",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
return -1;
}
if (ce->ce_entries)
{
if (ce->ce_entries->ce_varname)
{
type = Auth_FindType(ce->ce_entries->ce_varname);
if (type == -1)
{
config_error("%s:%i: authentication module failure: %s is not an implemented/enabled authentication method",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum,
ce->ce_entries->ce_varname);
return -1;
}
switch (type)
{
#ifdef AUTHENABLE_UNIXCRYPT
case AUTHTYPE_UNIXCRYPT:
/* If our data is like 1 or none, we just let em through .. */
if (strlen(ce->ce_vardata) < 2)
{
config_error("%s:%i: authentication module failure: AUTHTYPE_UNIXCRYPT: no salt (crypt strings will always be >2 in length)",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum);
return -1;
}
break;
#endif
#ifdef AUTHENABLE_SSL_CLIENTCERT
case AUTHTYPE_SSL_CLIENTCERT:
if (!(x509_f = fopen(ce->ce_vardata, "r")))
{
config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: error opening file %s: %s",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata, strerror(errno));
return -1;
}
x509_filecert = PEM_read_X509(x509_f, NULL, NULL, NULL);
fclose(x509_f);
if (!x509_filecert)
{
config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: PEM_read_X509 errored in file %s (format error?)",
ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata);
return -1;
}
X509_free(x509_filecert);
break;
#endif
default: ;
}
}
}
return 1;
}
/*
** m_mkpasswd
** parv[0] = sender prefix
** parv[1] = password to encrypt
*/
int m_mkpasswd(aClient *cptr, aClient *sptr, int parc, char *parv[])
{
short type;
char *result = NULL;
if (!MKPASSWD_FOR_EVERYONE && !IsAnOper(sptr))
{
sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, sptr->name);
return -1;
}
if (!IsAnOper(sptr))
{
/* Non-opers /mkpasswd usage: lag them up, and send a notice to eyes snomask.
* This notice is always sent, even in case of bad usage/bad auth methods/etc.
*/
sptr->since += 7;
sendto_snomask(SNO_EYES, "*** /mkpasswd was used by %s (%s@%s) to create a hash.",
sptr->name, sptr->user->username, GetHost(sptr));
}
if ((parc < 3) || BadPtr(parv[2]))
{
sendto_one(sptr, ":%s NOTICE %s :*** Syntax: /mkpasswd <authmethod> <password>",
me.name, sptr->name);
return 0;
}
/* Don't want to take any risk ;p. -- Syzop */
if (strlen(parv[2]) > 64)
{
sendto_one(sptr, ":%s NOTICE %s :*** Your parameter (text-to-hash) is too long. Please Shorten it",
me.name, sptr->name);
return 0;
}
if ((type = Auth_FindType(parv[1])) == -1)
{
sendto_one(sptr,
":%s NOTICE %s :*** %s is not an enabled authentication method. SHA1 and above require an SSL compile.",
me.name, sptr->name, parv[1]);
return 0;
}
#ifdef AUTHENABLE_UNIXCRYPT
if ((type == AUTHTYPE_UNIXCRYPT) && (strlen(parv[2]) > 8))
{
sendnotice(sptr, "WARNING: Password truncated to 8 characters due to 'crypt' algorithm. "
"You are suggested to use the 'md5' algorithm instead.");
parv[2][8] = '\0';
}
#endif
if (!(result = Auth_Make(type, parv[2])))
{
sendto_one(sptr,
":%s NOTICE %s :*** Failed to create hash using that encryption method %s",
me.name, sptr->name, parv[1]);
return 0;
}
sendto_one(sptr, ":%s %s %s :*** Your hashed password (method=%s, para=%s) is: %s",
me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1], parv[2], result);
return 0;
}
