/*! \brief OPER command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = oper name
* - parv[2] = oper password
*/
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
const char *const opername = parv[1];
const char *const password = parv[2];
if (EmptyString(password))
{
sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
return 0;
}
struct MaskItem *conf;
if ((conf = operator_find(source_p, opername)) == NULL)
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
conf = operator_find(NULL, opername);
failed_oper_notice(source_p, opername, conf ? "host mismatch" : "no operator {} block");
return 0;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "requires SSL/TLS");
return 0;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
return 0;
}
}
if (match_conf_password(password, conf) == true)
{
if (conf_attach(source_p, conf))
{
sendto_one_notice(source_p, &me, ":Can't attach conf!");
failed_oper_notice(source_p, opername, "can't attach conf!");
return 0;
}
oper_up(source_p, conf);
}
else
{
sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
failed_oper_notice(source_p, opername, "password mismatch");
}
return 0;
}
/*
* m_challenge - generate RSA challenge for wouldbe oper
* parv[0] = sender prefix
* parv[1] = operator to challenge for, or +response
*
*/
static void
m_challenge(struct Client *client_p, struct Client *source_p,
int parc, char *parv[])
{
char *challenge = NULL;
struct MaskItem *conf = NULL;
if (*parv[1] == '+')
{
/* Ignore it if we aren't expecting this... -A1kmm */
if (source_p->localClient->response == NULL)
return;
if (irccmp(source_p->localClient->response, ++parv[1]))
{
sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
source_p->name);
failed_challenge_notice(source_p, source_p->localClient->auth_oper,
"challenge failed");
return;
}
conf = find_exact_name_conf(CONF_OPER, source_p,
source_p->localClient->auth_oper, NULL, NULL);
if (conf == NULL)
{
/* XXX: logging */
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
return;
}
if (attach_conf(source_p, conf) != 0)
{
sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
me.name, source_p->name);
failed_challenge_notice(source_p, conf->name, "can't attach conf!");
return;
}
++conf->count;
oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s",
source_p->localClient->auth_oper, source_p->name, source_p->username,
source_p->host);
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
return;
}
MyFree(source_p->localClient->response);
MyFree(source_p->localClient->auth_oper);
source_p->localClient->response = NULL;
source_p->localClient->auth_oper = NULL;
conf = find_exact_name_conf(CONF_OPER, source_p, parv[1], NULL, NULL);
if (!conf)
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
conf = find_exact_name_conf(CONF_OPER, NULL, parv[1], NULL, NULL);
failed_challenge_notice(source_p, parv[1], (conf != NULL)
? "host mismatch" : "no oper {} block");
return;
}
if (conf->rsa_public_key == NULL)
{
sendto_one(source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
"is not enabled for your oper{} block.", me.name,
source_p->name);
return;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
failed_challenge_notice(source_p, conf->name, "requires SSL/TLS");
return;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
failed_challenge_notice(source_p, conf->name, "client certificate fingerprint mismatch");
return;
}
}
if (!generate_challenge(&challenge, &(source_p->localClient->response),
conf->rsa_public_key))
sendto_one(source_p, form_str(RPL_RSACHALLENGE),
me.name, source_p->name, challenge);
source_p->localClient->auth_oper = xstrdup(conf->name);
MyFree(challenge);
}
/*! \brief OPER command handler
*
* \param source_p Pointer to allocated Client struct from which the message
* originally comes from. This can be a local or remote client.
* \param parc Integer holding the number of supplied arguments.
* \param parv Argument vector where parv[0] .. parv[parc-1] are non-NULL
* pointers.
* \note Valid arguments for this command are:
* - parv[0] = command
* - parv[1] = oper name
* - parv[2] = oper password
*/
static int
m_oper(struct Client *source_p, int parc, char *parv[])
{
struct MaskItem *conf = NULL;
const char *const opername = parv[1];
const char *const password = parv[2];
if (EmptyString(password))
{
sendto_one_numeric(source_p, &me, ERR_NEEDMOREPARAMS, "OPER");
return 0;
}
/* end the grace period */
if (!IsFloodDone(source_p))
flood_endgrace(source_p);
if ((conf = find_exact_name_conf(CONF_OPER, source_p, opername, NULL, NULL)) == NULL)
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
conf = find_exact_name_conf(CONF_OPER, NULL, opername, NULL, NULL);
failed_oper_notice(source_p, opername, (conf != NULL) ?
"host mismatch" : "no operator {} block");
return 0;
}
if (IsConfSSL(conf) && !HasUMode(source_p, UMODE_SSL))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "requires SSL/TLS");
return 0;
}
if (!EmptyString(conf->certfp))
{
if (EmptyString(source_p->certfp) || strcasecmp(source_p->certfp, conf->certfp))
{
sendto_one_numeric(source_p, &me, ERR_NOOPERHOST);
failed_oper_notice(source_p, opername, "client certificate fingerprint mismatch");
return 0;
}
}
if (match_conf_password(password, conf))
{
if (attach_conf(source_p, conf))
{
sendto_one_notice(source_p, &me, ":Can't attach conf!");
failed_oper_notice(source_p, opername, "can't attach conf!");
return 0;
}
user_oper_up(source_p);
ilog(LOG_TYPE_OPER, "OPER %s by %s!%s@%s", opername, source_p->name,
source_p->username, source_p->host);
}
else
{
sendto_one_numeric(source_p, &me, ERR_PASSWDMISMATCH);
failed_oper_notice(source_p, opername, "password mismatch");
}
return 0;
}
