NeoStats-NeoIRCd/modules/m_challenge.c

/*
 *  NeoIRCd: NeoStats Group. Based on Hybird7
 *  m_challenge.c: Allows an IRC Operator to securely authenticate.
 *
 *  Copyright (C) 2002 by the past and present ircd coders, and others.
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 *
 *  $Id: m_challenge.c,v 1.7 2003/01/29 09:28:48 fishwaldo Exp $
 */

#include "stdinc.h"
#include "handlers.h"
#include "client.h"
#include "ircd.h"
#include "modules.h"
#include "numeric.h"
#include "send.h"
#include "s_conf.h"
#ifdef HAVE_LIBCRYPTO
#include "rsa.h"
#endif
#include "msg.h"
#include "parse.h"
#include "irc_string.h"
#include "s_log.h"

int oper_up( struct Client *source_p, struct ConfItem *aconf );

#ifndef HAVE_LIBCRYPTO
/* Maybe this should be an error or something?-davidt */
#ifndef STATIC_MODULES
void
_modinit(void)
{
  return;
}

void
_moddeinit(void)
{
  return;
}

const char *_version = "$Revision: 1.7 $";
#endif
#else

static void failed_challenge_notice(struct Client *, char *, char *);
static void m_challenge(struct Client*, struct Client*, int, char**);
void binary_to_hex( unsigned char * bin, char * hex, int length );

/* We have openssl support, so include /CHALLENGE */
struct Message challenge_msgtab = {
  "CHALLENGE", 0, 0, 2, 0, MFLG_SLOW, 0,
  {m_unregistered, m_challenge, m_ignore, m_challenge}
};
#ifndef STATIC_MODULES
void
_modinit(void)
{
  mod_add_cmd(&challenge_msgtab);
}

void
_moddeinit(void)
{
  mod_del_cmd(&challenge_msgtab);
}

const char *_version = "$Revision: 1.7 $";
#endif
/*
 * m_challenge - generate RSA challenge for wouldbe oper
 * parv[0] = sender prefix
 * parv[1] = operator to challenge for, or +response
 *
 */
static void m_challenge( struct Client *client_p, struct Client *source_p,
                        int parc, char *parv[] )
{
  char * challenge;
  dlink_node *ptr;
  struct ConfItem *aconf, *oconf;
  if(!(source_p->user) || !source_p->localClient)
    return;
  
  /* if theyre an oper, reprint oper motd and ignore */
  if(IsOper(source_p))
  {
    sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);
    SendMessageFile(source_p, &ConfigFileEntry.opermotd);
    return;
  }

  if (*parv[1] == '+')
  {
    /* Ignore it if we aren't expecting this... -A1kmm */
    if (!source_p->user->response)
      return;
     
    if (irccmp(source_p->user->response, ++parv[1]))
    {
      sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,
		 source_p->name);
      failed_challenge_notice(source_p, source_p->user->auth_oper, "challenge failed");
      return;
    }
     
    if (!(aconf = find_conf_by_name(source_p->user->auth_oper, CONF_OPERATOR)))
    {
      sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
      log_failed_oper(source_p, source_p->user->auth_oper);
      return;
    }

    ptr = source_p->localClient->confs.head;
    oconf = ptr->data;
    detach_conf(source_p,oconf);

    if(attach_conf(source_p, aconf) != 0)
    {
      sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",
		 me.name,source_p->name);   
      sendto_realops_flags(FLAGS_ALL|FLAGS_REMOTE, L_ALL,
			   "Failed OPER attempt by %s (%s@%s) can't attach conf!",
			   source_p->name, source_p->username, source_p->host);
      attach_conf(source_p, oconf);
      log_failed_oper(source_p, source_p->user->auth_oper);
      return;
    }
     
    oper_up(source_p, aconf);

    ilog(L_TRACE, "OPER %s by %s!%s@%s",
	 source_p->user->auth_oper, source_p->name, source_p->username,
	 source_p->host);
    log_oper(source_p, source_p->user->auth_oper);

    MyFree(source_p->user->response);
    MyFree(source_p->user->auth_oper);
    source_p->user->response = NULL;
    source_p->user->auth_oper = NULL;
    return;
  }
  
  MyFree(source_p->user->response);
  MyFree(source_p->user->auth_oper);
  source_p->user->response = NULL;
  source_p->user->auth_oper = NULL;

  if (!(aconf = find_conf_exact(parv[1], source_p->username, source_p->host,
	             		CONF_OPERATOR)) &&
      !(aconf = find_conf_exact(parv[1], source_p->username,
                                source_p->localClient->sockhost,
                                CONF_OPERATOR)))
  {
    sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);
    /* they suck, do we tell the world? */
    if (ConfigFileEntry.failed_oper_notice)
    {
      sendto_realops_flags(FLAGS_ALL, L_ALL, "Failed CHALLENGE attempt - host"
             " mismatch by %s (%s@%s)",
             source_p->name, source_p->username, source_p->host);
    }
    log_failed_oper(source_p, parv[1]);
    return;
  }
  if (!aconf->rsa_public_key)
  {
    sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "
		"is not enabled for your oper{} block.", me.name,
		parv[0]);
    return;
  }
  if (
   !generate_challenge (&challenge, &(source_p->user->response), aconf->rsa_public_key)
     )
  {
    sendto_one (source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0],
		challenge);
  }
  DupString(source_p->user->auth_oper, aconf->name);
  MyFree(challenge);
  return;
}

/*
 * failed_challenge_notice
 *
 * inputs       - pointer to client doing /oper ...
 *              - pointer to nick they tried to oper as
 *              - pointer to reason they have failed
 * output       - nothing
 * side effects - notices all opers of the failed oper attempt if enabled
 */

static void
failed_challenge_notice(struct Client *source_p, char *name, char *reason)
{
    if (ConfigFileEntry.failed_oper_notice)
      sendto_realops_flags(FLAGS_ALL | FLAGS_REMOTE, L_ALL, "Failed CHALLENGE attempt as %s "
                           "by %s (%s@%s) - %s", name, source_p->name,
                           source_p->username, source_p->host, reason);
}

#endif /* HAVE_LIBCRYPTO */
Initial revision 2002-08-13 14:34:25 +00:00			`/*`
Wow. HUGE update. Update all headers to reflect NeoIRCD. aliases for services implemented config file parsing updated, and modified example.conf to be compatible. 2002-09-13 06:50:09 +00:00			`* NeoIRCd: NeoStats Group. Based on Hybird7`
Initial revision 2002-08-13 14:34:25 +00:00			`* m_challenge.c: Allows an IRC Operator to securely authenticate.`
			`*`
			`* Copyright (C) 2002 by the past and present ircd coders, and others.`
			`*`
			`* This program is free software; you can redistribute it and/or modify`
			`* it under the terms of the GNU General Public License as published by`
			`* the Free Software Foundation; either version 2 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU General Public License`
			`* along with this program; if not, write to the Free Software`
			`* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307`
			`* USA`
			`*`
HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`* $Id: m_challenge.c,v 1.7 2003/01/29 09:28:48 fishwaldo Exp $`
Initial revision 2002-08-13 14:34:25 +00:00			`*/`

			`#include "stdinc.h"`
			`#include "handlers.h"`
			`#include "client.h"`
			`#include "ircd.h"`
			`#include "modules.h"`
			`#include "numeric.h"`
			`#include "send.h"`
			`#include "s_conf.h"`
			`#ifdef HAVE_LIBCRYPTO`
			`#include "rsa.h"`
			`#endif`
			`#include "msg.h"`
			`#include "parse.h"`
			`#include "irc_string.h"`
			`#include "s_log.h"`

			`int oper_up( struct Client source_p, struct ConfItem aconf );`

			`#ifndef HAVE_LIBCRYPTO`
			`/* Maybe this should be an error or something?-davidt */`
			`#ifndef STATIC_MODULES`
			`void`
			`_modinit(void)`
			`{`
			`return;`
			`}`

			`void`
			`_moddeinit(void)`
			`{`
			`return;`
			`}`

HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`const char *_version = "$Revision: 1.7 $";`
Initial revision 2002-08-13 14:34:25 +00:00			`#endif`
			`#else`

HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`static void failed_challenge_notice(struct Client , char , char *);`
Initial revision 2002-08-13 14:34:25 +00:00			`static void m_challenge(struct Client, struct Client, int, char**);`
			`void binary_to_hex( unsigned char * bin, char * hex, int length );`

			`/* We have openssl support, so include /CHALLENGE */`
			`struct Message challenge_msgtab = {`
			`"CHALLENGE", 0, 0, 2, 0, MFLG_SLOW, 0,`
			`{m_unregistered, m_challenge, m_ignore, m_challenge}`
			`};`
			`#ifndef STATIC_MODULES`
			`void`
			`_modinit(void)`
			`{`
			`mod_add_cmd(&challenge_msgtab);`
			`}`

			`void`
			`_moddeinit(void)`
			`{`
			`mod_del_cmd(&challenge_msgtab);`
			`}`

HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`const char *_version = "$Revision: 1.7 $";`
Initial revision 2002-08-13 14:34:25 +00:00			`#endif`
			`/*`
			`* m_challenge - generate RSA challenge for wouldbe oper`
			`* parv[0] = sender prefix`
			`* parv[1] = operator to challenge for, or +response`
			`*`
			`*/`
			`static void m_challenge( struct Client client_p, struct Client source_p,`
			`int parc, char *parv[] )`
			`{`
			`char * challenge;`
			`dlink_node *ptr;`
			`struct ConfItem aconf, oconf;`
			`if(!(source_p->user) \|\| !source_p->localClient)`
			`return;`

			`/* if theyre an oper, reprint oper motd and ignore */`
			`if(IsOper(source_p))`
			`{`
			`sendto_one(source_p, form_str(RPL_YOUREOPER), me.name, parv[0]);`
			`SendMessageFile(source_p, &ConfigFileEntry.opermotd);`
			`return;`
			`}`

			`if (*parv[1] == '+')`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`{`
			`/* Ignore it if we aren't expecting this... -A1kmm */`
			`if (!source_p->user->response)`
			`return;`
Initial revision 2002-08-13 14:34:25 +00:00
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`if (irccmp(source_p->user->response, ++parv[1]))`
			`{`
			`sendto_one(source_p, form_str(ERR_PASSWDMISMATCH), me.name,`
			`source_p->name);`
HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`failed_challenge_notice(source_p, source_p->user->auth_oper, "challenge failed");`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`if (!(aconf = find_conf_by_name(source_p->user->auth_oper, CONF_OPERATOR)))`
			`{`
			`sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);`
			`log_failed_oper(source_p, source_p->user->auth_oper);`
			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00
			`ptr = source_p->localClient->confs.head;`
			`oconf = ptr->data;`
			`detach_conf(source_p,oconf);`

			`if(attach_conf(source_p, aconf) != 0)`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`{`
			`sendto_one(source_p,":%s NOTICE %s :Can't attach conf!",`
			`me.name,source_p->name);`
			`sendto_realops_flags(FLAGS_ALL\|FLAGS_REMOTE, L_ALL,`
			`"Failed OPER attempt by %s (%s@%s) can't attach conf!",`
			`source_p->name, source_p->username, source_p->host);`
			`attach_conf(source_p, oconf);`
			`log_failed_oper(source_p, source_p->user->auth_oper);`
			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00
			`oper_up(source_p, aconf);`

			`ilog(L_TRACE, "OPER %s by %s!%s@%s",`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`source_p->user->auth_oper, source_p->name, source_p->username,`
			`source_p->host);`
Initial revision 2002-08-13 14:34:25 +00:00			`log_oper(source_p, source_p->user->auth_oper);`

hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`MyFree(source_p->user->response);`
			`MyFree(source_p->user->auth_oper);`
			`source_p->user->response = NULL;`
			`source_p->user->auth_oper = NULL;`
			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00
			`MyFree(source_p->user->response);`
			`MyFree(source_p->user->auth_oper);`
			`source_p->user->response = NULL;`
Booooooo! Halloween Special HybridRC5 Merge (I'm pretty soon going to give up the Hybrid RC Merges..... To Many Bugs) Needs Testing... Eggy?!?! 2002-10-31 13:01:58 +00:00			`source_p->user->auth_oper = NULL;`
Initial revision 2002-08-13 14:34:25 +00:00
			`if (!(aconf = find_conf_exact(parv[1], source_p->username, source_p->host,`
			`CONF_OPERATOR)) &&`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`!(aconf = find_conf_exact(parv[1], source_p->username,`
Initial revision 2002-08-13 14:34:25 +00:00			`source_p->localClient->sockhost,`
			`CONF_OPERATOR)))`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`{`
			`sendto_one (source_p, form_str(ERR_NOOPERHOST), me.name, parv[0]);`
Booooooo! Halloween Special HybridRC5 Merge (I'm pretty soon going to give up the Hybrid RC Merges..... To Many Bugs) Needs Testing... Eggy?!?! 2002-10-31 13:01:58 +00:00			`/* they suck, do we tell the world? */`
			`if (ConfigFileEntry.failed_oper_notice)`
			`{`
			`sendto_realops_flags(FLAGS_ALL, L_ALL, "Failed CHALLENGE attempt - host"`
			`" mismatch by %s (%s@%s)",`
			`source_p->name, source_p->username, source_p->host);`
			`}`
			`log_failed_oper(source_p, parv[1]);`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00			`if (!aconf->rsa_public_key)`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`{`
			`sendto_one (source_p, ":%s NOTICE %s :I'm sorry, PK authentication "`
			`"is not enabled for your oper{} block.", me.name,`
			`parv[0]);`
			`return;`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00			`if (`
			`!generate_challenge (&challenge, &(source_p->user->response), aconf->rsa_public_key)`
			`)`
hybrid rc4 fixes... Persistant Channel fixes 2002-09-19 05:41:11 +00:00			`{`
			`sendto_one (source_p, form_str(RPL_RSACHALLENGE), me.name, parv[0],`
			`challenge);`
			`}`
Initial revision 2002-08-13 14:34:25 +00:00			`DupString(source_p->user->auth_oper, aconf->name);`
			`MyFree(challenge);`
			`return;`
			`}`

HyrbidTeam RC6, RC7 and RC8 Patches. Wonder whats broken now :( 2003-01-29 09:28:50 +00:00			`/*`
			`* failed_challenge_notice`
			`*`
			`* inputs - pointer to client doing /oper ...`
			`* - pointer to nick they tried to oper as`
			`* - pointer to reason they have failed`
			`* output - nothing`
			`* side effects - notices all opers of the failed oper attempt if enabled`
			`*/`

			`static void`
			`failed_challenge_notice(struct Client source_p, char name, char *reason)`
			`{`
			`if (ConfigFileEntry.failed_oper_notice)`
			`sendto_realops_flags(FLAGS_ALL \| FLAGS_REMOTE, L_ALL, "Failed CHALLENGE attempt as %s "`
			`"by %s (%s@%s) - %s", name, source_p->name,`
			`source_p->username, source_p->host, reason);`
			`}`

Initial revision 2002-08-13 14:34:25 +00:00			`#endif /* HAVE_LIBCRYPTO */`