/***********************************************************************
X3 ChangeLog
+2009-11-29 Neil Spierling <sirvulcan@sirvulcan.co.nz>
+
+ * src/nickserv.c: Added SSL fingerprint support to LOC.
+
+ * src/nickserv.h: Added sslfp to loc_auth.
+
+ * src/proto-p10.c: Added support for the new S loc auth type.
+
2008-11-28 Matthew Beeching <jobe@mdbnmet.co.uk>
* src/nickserv.help: Added help for ADDSSLFP, DELSSLFP, OADDSSLFP
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password, char *userhost)
+struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
- int wildmask = 0;
+ int wildmask = 0, fpmatch = 0;
struct handle_info *hi;
struct userNode *other;
#ifdef WITH_LDAP
return NULL;
}
- if (!checkpass(password, hi->passwd)) {
+ if (password && *password && !checkpass(password, hi->passwd)) {
return NULL;
}
+
#endif
#ifdef WITH_LDAP
/* ldap libs are present but we are not using them... */
return NULL;
}
+ if (sslfp && !hi->sslfps->used) {
+
+ /* If any SSL fingerprint matches, allow it. */
+ for (ii=0; ii<hi->sslfps->used; ii++) {
+ if (!irccasecmp(sslfp, hi->sslfps->list[ii])) {
+ fpmatch = 1;
+ break;
+ }
+ }
+
+ /* No valid SSL fingerprint found. */
+ if (!fpmatch) {
+ return NULL;
+ }
+ }
+
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
void nickserv_show_oper_accounts(struct userNode *user, struct svccmd *cmd);
struct handle_info *get_victim_oper(struct userNode *user, const char *target);
-struct handle_info *loc_auth(char *handle, char *password, char *userhost);
+struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost);
typedef void (*user_mode_func_t)(struct userNode *user, const char *mode_change, void *extra);
void reg_user_mode_func(user_mode_func_t func, void *extra);
if(!strcmp(argv[2],"C"))
{
- if((hi = loc_auth(argv[4], argv[5], NULL)))
+ if((hi = loc_auth(NULL, argv[4], argv[5], NULL)))
{
/* Return a AC A */
putsock("%s " P10_ACCOUNT " %s A %s "FMT_TIME_T, self->numeric, server->numeric , argv[3], hi->registered);
}
else if(!strcmp(argv[2],"H")) /* New enhanced (host) version of C */
{
- if((hi = loc_auth(argv[5], argv[6], argv[4] )))
+ if((hi = loc_auth(NULL, argv[5], argv[6], argv[4] )))
+ {
+ /* Return a AC A */
+ putsock("%s " P10_ACCOUNT " %s A %s "FMT_TIME_T, self->numeric, server->numeric , argv[3], hi->registered);
+ }
+ else
+ {
+ /* Return a AC D */
+ putsock("%s " P10_ACCOUNT " %s D %s", self->numeric, server->numeric , argv[3]);
+ }
+ return 1;
+ }
+ else if(!strcmp(argv[2],"S"))
+ {
+ if((hi = loc_auth(argv[5], argv[6], argv[7], argv[4])))
{
/* Return a AC A */
putsock("%s " P10_ACCOUNT " %s A %s "FMT_TIME_T, self->numeric, server->numeric , argv[3], hi->registered);