int m_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
#ifdef USE_SSL
struct ConfItem *aconf;
RSA *rsa_public_key;
BIO *file = NULL;
char *challenge = NULL;
char *name;
char *tmpname;
char chan[CHANNELLEN-1];
char* join[2];
int nl;
struct Flags old_mode = cli_flags(sptr);
if (!MyUser(sptr))
return 0;
if (parc < 2)
return need_more_params(sptr, "CHALLENGE");
if (parc > 2) { /* This is a remote OPER Request */
struct Client *srv;
if (!string_has_wildcards(parv[1]))
srv = FindServer(parv[1]);
else
srv = find_match_server(parv[1]);
if (!feature_bool(FEAT_REMOTE_OPER))
return send_reply(sptr, ERR_NOOPERHOST);
if (!srv)
return send_reply(sptr, ERR_NOOPERHOST);
if (IsMe(srv)) {
parv[1] = parv[2];
} else {
sendcmdto_one(sptr, CMD_CHALLENGE, srv, "%C %s", srv, parv[2]);
return 0;
}
}
/* if theyre an oper, reprint oper motd and ignore */
if (IsOper(sptr))
{
send_reply(sptr, RPL_YOUREOPER);
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
}
if (*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (cli_user(sptr)->response == NULL)
return 0;
if (ircd_strcmp(cli_user(sptr)->response, ++parv[1]))
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
tmpname = strdup(cli_user(sptr)->auth_oper);
failed_challenge_notice(sptr, tmpname, "challenge failed");
return 0;
}
name = strdup(cli_user(sptr)->auth_oper);
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
MyUser(sptr) ? cli_sockhost(sptr) :
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (!aconf)
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (CONF_LOCOP == aconf->status) {
ClearOper(sptr);
SetLocOp(sptr);
}
else {
/*
* prevent someone from being both oper and local oper
*/
ClearLocOp(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) {
/* Global Oper */
SetOper(sptr);
ClearAdmin(sptr);
} else {
/* Admin */
SetOper(sptr);
OSetGlobal(sptr);
SetAdmin(sptr);
}
++UserStats.opers;
}
cli_handler(cptr) = OPER_HANDLER;
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) {
OSetWhois(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) {
OSetIdle(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) {
OSetXtraop(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) {
OSetHideChans(sptr);
}
SetFlag(sptr, FLAG_WALLOP);
SetFlag(sptr, FLAG_SERVNOTICE);
SetFlag(sptr, FLAG_DEBUG);
if (!IsAdmin(sptr))
cli_oflags(sptr) = aconf->port;
set_snomask(sptr, SNO_OPERDEFAULT, SNO_ADD);
client_set_privs(sptr, aconf);
cli_max_sendq(sptr) = 0; /* Get the sendq from the oper's class */
send_umode_out(cptr, sptr, &old_mode, HasPriv(sptr, PRIV_PROPAGATE));
send_reply(sptr, RPL_YOUREOPER);
if (IsAdmin(sptr)) {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
/* Autojoin admins to admin channel and oper channel (if enabled) */
if (feature_bool(FEAT_AUTOJOIN_ADMIN)) {
if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
} else {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr),
IsOper(sptr) ? 'O' : 'o');
if (feature_bool(FEAT_AUTOJOIN_OPER) && IsOper(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
}
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr);
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
return 0;
}
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", "");
aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername,
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(parv[1], cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(parv[1], cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (aconf == NULL)
{
send_reply(sptr, ERR_NOOPERHOST);
failed_challenge_notice(sptr, parv[1], "No o:line");
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (!(aconf->port & OFLAG_RSA))
{
send_reply(sptr, RPL_NO_CHALL);
return 0;
}
if (!verify_sslclifp(sptr, aconf))
{
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)",
parv[0], cli_user(sptr)->realusername,
cli_user(sptr)->realhost);
send_reply(sptr, ERR_SSLCLIFP);
return 0;
}
if ((file = BIO_new_file(aconf->passwd, "r")) == NULL)
{
send_reply(sptr, RPL_NO_KEY);
return 0;
}
rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL);
if (rsa_public_key == NULL)
return send_reply(sptr, RPL_INVALID_KEY);
if (!generate_challenge(&challenge, rsa_public_key, sptr)) {
Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge));
send_reply(sptr, RPL_RSACHALLENGE, challenge);
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name);
}
nl = BIO_set_close(file, BIO_CLOSE);
BIO_free(file);
return 1;
#else
return 1;
#endif
}
/** Handle a SERVER message from an unregistered connection.
*
* \a parv has the following elements:
* \li \a parv[1] is the server name
* \li \a parv[2] is the hop count to the server
* \li \a parv[3] is the start timestamp for the server
* \li \a parv[4] is the link timestamp
* \li \a parv[5] is the protocol version (P10 or J10)
* \li \a parv[6] is the numnick mask for the server
* \li \a parv[7] is a string of flags like +hs to mark hubs and services
* \li \a parv[\a parc - 1] is the server description
*
* See @ref m_functions for discussion of the arguments.
* @param[in] cptr Client that sent us the message.
* @param[in] sptr Original source of message.
* @param[in] parc Number of arguments.
* @param[in] parv Argument vector.
*/
int mr_server(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
char* host;
struct ConfItem* aconf;
struct Jupe* ajupe;
unsigned int hop;
int ret;
unsigned short prot;
time_t start_timestamp;
time_t timestamp;
time_t recv_time;
time_t ghost;
if (IsUserPort(cptr))
return exit_client_msg(cptr, cptr, &me,
"Cannot connect a server to a user port");
if (parc < 8)
{
need_more_params(sptr, "SERVER");
return exit_client(cptr, cptr, &me, "Need more parameters");
}
host = clean_servername(parv[1]);
if (!host)
{
sendto_opmask(0, SNO_OLDSNO, "Bogus server name (%s) from %s",
host, cli_name(cptr));
return exit_client_msg(cptr, cptr, &me, "Bogus server name (%s)", host);
}
if ((ajupe = jupe_find(host)) && JupeIsActive(ajupe))
return exit_client_msg(cptr, sptr, &me, "Juped: %s", JupeReason(ajupe));
/* check connection rules */
if (0 != conf_eval_crule(host, CRULE_ALL)) {
ServerStats->is_ref++;
sendto_opmask(0, SNO_OLDSNO, "Refused connection from %s.", cli_name(cptr));
return exit_client(cptr, cptr, &me, "Disallowed by connection rule");
}
log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "SERVER: %s %s[%s]", host,
cli_sockhost(cptr), cli_sock_ip(cptr));
/*
* Detect protocol
*/
hop = atoi(parv[2]);
start_timestamp = atoi(parv[3]);
timestamp = atoi(parv[4]);
prot = parse_protocol(parv[5]);
if (!prot)
return exit_client_msg(cptr, sptr, &me, "Bogus protocol (%s)", parv[5]);
else if (prot < atoi(MINOR_PROTOCOL))
return exit_new_server(cptr, sptr, host, timestamp,
"Incompatible protocol: %s", parv[5]);
Debug((DEBUG_INFO, "Got SERVER %s with timestamp [%s] age %Tu (%Tu)",
host, parv[4], start_timestamp, cli_serv(&me)->timestamp));
if (timestamp < OLDEST_TS || start_timestamp < OLDEST_TS)
return exit_client_msg(cptr, sptr, &me,
"Bogus timestamps (%s %s)", parv[3], parv[4]);
/* If the server had a different name before, change it. */
if (!EmptyString(cli_name(cptr)) &&
(IsUnknown(cptr) || IsHandshake(cptr)) &&
0 != ircd_strcmp(cli_name(cptr), host))
hChangeClient(cptr, host);
ircd_strncpy(cli_name(cptr), host, HOSTLEN);
ircd_strncpy(cli_info(cptr), parv[parc-1][0] ? parv[parc-1] : cli_name(&me), REALLEN);
cli_hopcount(cptr) = hop;
if (conf_check_server(cptr)) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Received unauthorized connection from %s",
cli_name(cptr));
log_write(LS_NETWORK, L_NOTICE, LOG_NOSNOTICE, "Received unauthorized "
"connection from %C [%s]", cptr,
ircd_ntoa(&cli_ip(cptr)));
return exit_client(cptr, cptr, &me, "No Connect block");
}
host = cli_name(cptr);
update_load();
if (!(aconf = find_conf_byname(cli_confs(cptr), host, CONF_SERVER))) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied. No conf line for server %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"Access denied. No conf line for server %s", cli_name(cptr));
}
#if defined(USE_SSL)
if (!verify_sslclifp(cptr, aconf)) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied (SSL fingerprint mismatch) %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"No Access (SSL fingerprint mismatch) %s", cli_name(cptr));
}
#endif
if (*aconf->passwd && !!strcmp(aconf->passwd, cli_passwd(cptr))) {
++ServerStats->is_ref;
sendto_opmask(0, SNO_OLDSNO, "Access denied (passwd mismatch) %s",
cli_name(cptr));
return exit_client_msg(cptr, cptr, &me,
"No Access (passwd mismatch) %s", cli_name(cptr));
}
memset(cli_passwd(cptr), 0, sizeof(cli_passwd(cptr)));
ret = check_loop_and_lh(cptr, sptr, &ghost, host, (parc > 7 ? parv[6] : NULL), timestamp, hop, 1);
if (ret != 1)
return ret;
make_server(cptr);
cli_serv(cptr)->timestamp = timestamp;
cli_serv(cptr)->prot = prot;
cli_serv(cptr)->ghost = ghost;
memset(cli_privs(cptr), 255, sizeof(struct Privs));
ClrPriv(cptr, PRIV_SET);
SetServerYXX(cptr, cptr, parv[6]);
update_uworld_flags(cptr);
if (*parv[7] == '+')
set_server_flags(cptr, parv[7] + 1);
recv_time = TStime();
check_start_timestamp(cptr, timestamp, start_timestamp, recv_time);
ret = server_estab(cptr, aconf);
if (feature_bool(FEAT_RELIABLE_CLOCK) &&
abs(cli_serv(cptr)->timestamp - recv_time) > 30) {
sendto_opmask(0, SNO_OLDSNO, "Connected to a net with a "
"timestamp-clock difference of %Td seconds! "
"Used SETTIME to correct this.",
timestamp - recv_time);
sendcmdto_prio_one(&me, CMD_SETTIME, cptr, "%Tu :%s", TStime(),
cli_name(&me));
}
return ret;
}
int ms_challenge(struct Client *cptr, struct Client *sptr, int parc, char *parv[])
{
#ifdef USE_SSL
struct ConfItem *aconf;
RSA *rsa_public_key;
BIO *file = NULL;
char *challenge = NULL;
char *name;
char *tmpname;
char chan[CHANNELLEN-1];
char* join[2];
int nl;
struct Client *acptr = NULL;
char *privbuf;
if (!IsServer(cptr))
return 0;
/* if theyre an oper, reprint oper motd and ignore */
if (IsOper(sptr))
{
send_reply(sptr, RPL_YOUREOPER);
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
}
if (parc < 3) {
return send_reply(sptr, ERR_NOOPERHOST);
}
if (!(acptr = FindNServer(parv[1]))) {
return send_reply(sptr, ERR_NOOPERHOST);
} else if (!IsMe(acptr)) {
sendcmdto_one(sptr, CMD_CHALLENGE, acptr, "%C %s %s", acptr, parv[2],
parv[3]);
return 0;
}
if (*parv[2] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (cli_user(sptr)->response == NULL)
return 0;
if (ircd_strcmp(cli_user(sptr)->response, ++parv[2]))
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (Password Incorrect)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
tmpname = strdup(cli_user(sptr)->auth_oper);
failed_challenge_notice(sptr, tmpname, "challenge failed");
return 0;
}
name = strdup(cli_user(sptr)->auth_oper);
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
MyUser(sptr) ? cli_sockhost(sptr) :
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(cli_user(sptr)->auth_oper, cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (!aconf)
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (CONF_LOCOP == aconf->status) {
ClearOper(sptr);
SetLocOp(sptr);
}
else {
/* This must be called before client_set_privs() */
SetRemoteOper(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_WHOIS)) {
OSetWhois(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_IDLE)) {
OSetIdle(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_XTRAOP)) {
OSetXtraop(sptr);
}
if (!feature_bool(FEAT_OPERFLAGS) || (aconf->port & OFLAG_HIDECHANS)) {
OSetHideChans(sptr);
}
/* prevent someone from being both oper and local oper */
ClearLocOp(sptr);
if (!feature_bool(FEAT_OPERFLAGS) || !(aconf->port & OFLAG_ADMIN)) {
/* Global Oper */
ClearAdmin(sptr);
OSetGlobal(sptr);
SetOper(sptr);
} else {
/* Admin */
OSetGlobal(sptr);
OSetAdmin(sptr);
SetOper(sptr);
SetAdmin(sptr);
}
/* Tell client_set_privs to send privileges to the user */
client_set_privs(sptr, aconf);
ClearOper(sptr);
ClearAdmin(sptr);
ClearRemoteOper(sptr);
privbuf = client_print_privs(sptr);
sendcmdto_one(&me, CMD_PRIVS, sptr, "%C %s", sptr, privbuf);
}
sendcmdto_one(&me, CMD_MODE, sptr, "%s %s", cli_name(sptr),
(OIsAdmin(sptr)) ? "+aoiwsg" : "+oiwsg");
send_reply(sptr, RPL_YOUREOPER);
if (OIsAdmin(sptr)) {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Administrator",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr));
/* Autojoin admins to admin channel and oper channel (if enabled) */
if (feature_bool(FEAT_AUTOJOIN_ADMIN)) {
if (feature_bool(FEAT_AUTOJOIN_ADMIN_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_ADMIN_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_ADMIN_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
} else {
sendto_allops(&me, SNO_OLDSNO, "%s (%s@%s) is now an IRC Operator (%c)",
parv[0], cli_user(sptr)->username, cli_sockhost(sptr),
OIsGlobal(sptr) ? 'O' : 'o');
if (feature_bool(FEAT_AUTOJOIN_OPER) && OIsGlobal(sptr)) {
if (feature_bool(FEAT_AUTOJOIN_OPER_NOTICE))
sendcmdto_one(&me, CMD_NOTICE, sptr, "%C :%s", sptr, feature_str(FEAT_AUTOJOIN_OPER_NOTICE_VALUE));
ircd_strncpy(chan, feature_str(FEAT_AUTOJOIN_OPER_CHANNEL), CHANNELLEN-1);
join[0] = cli_name(sptr);
join[1] = chan;
m_join(sptr, sptr, 2, join);
}
}
if (feature_bool(FEAT_OPERMOTD))
m_opermotd(sptr, sptr, 1, parv);
log_write(LS_OPER, L_INFO, 0, "OPER (%s) by (%#C)", name, sptr);
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
return 0;
}
ircd_snprintf(0, cli_user(sptr)->response, BUFSIZE+1, "%s", "");
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN+1, "%s", "");
aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername,
cli_user(sptr)->realhost, CONF_OPS);
if (!aconf)
aconf = find_conf_exact(parv[2], cli_user(sptr)->realusername,
ircd_ntoa((const char*) &(cli_ip(sptr))), CONF_OPS);
if (!aconf)
aconf = find_conf_cidr(parv[2], cli_user(sptr)->realusername,
cli_ip(sptr), CONF_OPS);
if (aconf == NULL)
{
send_reply(sptr, ERR_NOOPERHOST);
failed_challenge_notice(sptr, parv[2], "No o:line");
sendto_allops(&me, SNO_OLDREALOP, "Failed OPER attempt by %s (%s@%s) (No O:line)",
parv[0], cli_user(sptr)->realusername, cli_sockhost(sptr));
return 0;
}
if (!(aconf->port & OFLAG_REMOTE)) {
send_reply(sptr, ERR_NOOPERHOST);
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (Remote Oper)", parv[0],
cli_user(sptr)->realusername, cli_user(sptr)->realhost);
return 0;
}
if (!(aconf->port & OFLAG_RSA))
{
send_reply(sptr, RPL_NO_CHALL);
return 0;
}
if (!verify_sslclifp(sptr, aconf))
{
sendto_allops(&me, SNO_OLDREALOP,
"Failed OPER attempt by %s (%s@%s) (SSL Fingerprint Missmatch)",
parv[0], cli_user(sptr)->realusername,
cli_user(sptr)->realhost);
send_reply(sptr, ERR_SSLCLIFP);
return 0;
}
if ((file = BIO_new_file(aconf->passwd, "r")) == NULL)
{
send_reply(sptr, RPL_NO_KEY);
return 0;
}
rsa_public_key = (RSA *)PEM_read_bio_RSA_PUBKEY(file, NULL, 0, NULL);
if (rsa_public_key == NULL)
return send_reply(sptr, RPL_INVALID_KEY);
if (!generate_challenge(&challenge, rsa_public_key, sptr)) {
Debug((DEBUG_DEBUG, "generating challenge sum (%s)", challenge));
send_reply(sptr, RPL_RSACHALLENGE, challenge);
ircd_snprintf(0, cli_user(sptr)->auth_oper, NICKLEN + 1, "%s", aconf->name);
}
nl = BIO_set_close(file, BIO_CLOSE);
BIO_free(file);
return 1;
#else
return 1;
#endif
}
int can_oper(struct Client *cptr, struct Client *sptr, char *name,
char *password, struct ConfItem **_aconf)
{
struct ConfItem *aconf;
aconf = find_conf_exact(name, sptr, CONF_OPERATOR);
if (!aconf || IsIllegal(aconf))
{
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(no operator block)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
assert(0 != (aconf->status & CONF_OPERATOR));
if (!MyUser(sptr)) {
if (FlagHas(&aconf->privs, PRIV_REMOTE)) {
} else if (aconf->conn_class && FlagHas(&aconf->conn_class->privs, PRIV_REMOTE)) {
} else {
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(no remote oper priv)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
}
if (!verify_sslclifp(sptr, aconf))
{
send_reply(sptr, ERR_SSLCLIFP);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s "
"(%s@%s) (SSL fingerprint mismatch)",
(!MyUser(sptr) ? "remote " : ""), cli_name(sptr),
cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
if (oper_password_match(password, aconf->passwd))
{
if (MyUser(sptr))
{
int attach_result = attach_conf(sptr, aconf);
if ((ACR_OK != attach_result) && (ACR_ALREADY_AUTHORIZED != attach_result)) {
send_reply(sptr, ERR_NOOPERHOST);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s "
"(%s@%s) (no operator block)",
(!MyUser(sptr) ? "remote " : ""), cli_name(sptr),
cli_user(sptr)->username, cli_user(sptr)->realhost);
return 0;
}
}
*_aconf = aconf;
return -1;
}
else
{
send_reply(sptr, ERR_PASSWDMISMATCH);
sendto_opmask_butone_global(&me, SNO_OLDREALOP, "Failed %sOPER attempt by %s (%s@%s) "
"(password mis-match)", (!MyUser(sptr) ? "remote " : ""),
cli_name(sptr), cli_user(sptr)->username,
cli_user(sptr)->realhost);
return 0;
}
}
