anAuthStruct *Auth_ConvertConf2AuthStruct(ConfigEntry *ce) { short type = AUTHTYPE_PLAINTEXT; anAuthStruct *as = NULL; /* If there is a {}, use it */ if (ce->ce_entries) { if (ce->ce_entries->ce_varname) { type = Auth_FindType(ce->ce_entries->ce_varname); } } as = (anAuthStruct *) MyMalloc(sizeof(anAuthStruct)); as->data = strdup(ce->ce_vardata); as->type = type; return as; }
int Auth_CheckError(ConfigEntry *ce) { short type = AUTHTYPE_PLAINTEXT; #ifdef AUTHENABLE_SSL_CLIENTCERT X509 *x509_filecert = NULL; FILE *x509_f = NULL; #endif if (!ce->ce_vardata) { config_error("%s:%i: authentication module failure: missing parameter", ce->ce_fileptr->cf_filename, ce->ce_varlinenum); return -1; } if (ce->ce_entries && ce->ce_entries->ce_next) { config_error("%s:%i: you may not have multiple authentication methods", ce->ce_fileptr->cf_filename, ce->ce_varlinenum); return -1; } if (ce->ce_entries) { if (ce->ce_entries->ce_varname) { type = Auth_FindType(ce->ce_entries->ce_varname); if (type == -1) { config_error("%s:%i: authentication module failure: %s is not an implemented/enabled authentication method", ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_entries->ce_varname); return -1; } switch (type) { #ifdef AUTHENABLE_UNIXCRYPT case AUTHTYPE_UNIXCRYPT: /* If our data is like 1 or none, we just let em through .. */ if (strlen(ce->ce_vardata) < 2) { config_error("%s:%i: authentication module failure: AUTHTYPE_UNIXCRYPT: no salt (crypt strings will always be >2 in length)", ce->ce_fileptr->cf_filename, ce->ce_varlinenum); return -1; } break; #endif #ifdef AUTHENABLE_SSL_CLIENTCERT case AUTHTYPE_SSL_CLIENTCERT: if (!(x509_f = fopen(ce->ce_vardata, "r"))) { config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: error opening file %s: %s", ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata, strerror(errno)); return -1; } x509_filecert = PEM_read_X509(x509_f, NULL, NULL, NULL); fclose(x509_f); if (!x509_filecert) { config_error("%s:%i: authentication module failure: AUTHTYPE_SSL_CLIENTCERT: PEM_read_X509 errored in file %s (format error?)", ce->ce_fileptr->cf_filename, ce->ce_varlinenum, ce->ce_vardata); return -1; } X509_free(x509_filecert); break; #endif default: ; } } } return 1; }
/* ** m_mkpasswd ** parv[0] = sender prefix ** parv[1] = password to encrypt */ int m_mkpasswd(aClient *cptr, aClient *sptr, int parc, char *parv[]) { short type; char *result = NULL; if (!MKPASSWD_FOR_EVERYONE && !IsAnOper(sptr)) { sendto_one(sptr, err_str(ERR_NOPRIVILEGES), me.name, sptr->name); return -1; } if (!IsAnOper(sptr)) { /* Non-opers /mkpasswd usage: lag them up, and send a notice to eyes snomask. * This notice is always sent, even in case of bad usage/bad auth methods/etc. */ sptr->since += 7; sendto_snomask(SNO_EYES, "*** /mkpasswd was used by %s (%s@%s) to create a hash.", sptr->name, sptr->user->username, GetHost(sptr)); } if ((parc < 3) || BadPtr(parv[2])) { sendto_one(sptr, ":%s NOTICE %s :*** Syntax: /mkpasswd <authmethod> <password>", me.name, sptr->name); return 0; } /* Don't want to take any risk ;p. -- Syzop */ if (strlen(parv[2]) > 64) { sendto_one(sptr, ":%s NOTICE %s :*** Your parameter (text-to-hash) is too long. Please Shorten it", me.name, sptr->name); return 0; } if ((type = Auth_FindType(parv[1])) == -1) { sendto_one(sptr, ":%s NOTICE %s :*** %s is not an enabled authentication method. SHA1 and above require an SSL compile.", me.name, sptr->name, parv[1]); return 0; } #ifdef AUTHENABLE_UNIXCRYPT if ((type == AUTHTYPE_UNIXCRYPT) && (strlen(parv[2]) > 8)) { sendnotice(sptr, "WARNING: Password truncated to 8 characters due to 'crypt' algorithm. " "You are suggested to use the 'md5' algorithm instead."); parv[2][8] = '\0'; } #endif if (!(result = Auth_Make(type, parv[2]))) { sendto_one(sptr, ":%s NOTICE %s :*** Failed to create hash using that encryption method %s", me.name, sptr->name, parv[1]); return 0; } sendto_one(sptr, ":%s %s %s :*** Your hashed password (method=%s, para=%s) is: %s", me.name, IsWebTV(sptr) ? "PRIVMSG" : "NOTICE", parv[0], parv[1], parv[2], result); return 0; }