X-Git-Url: https://jfr.im/git/irc/quakenet/newserv.git/blobdiff_plain/5d15af9500332fcf1084e8ce3c40639294a442b7..f6ecfee93e749a205c09ff49005a7e47d053fe8d:/ticketauth/ticketauth.c

diff --git a/ticketauth/ticketauth.c b/ticketauth/ticketauth.c
index 47391f54..40bd8b5d 100644
--- a/ticketauth/ticketauth.c
+++ b/ticketauth/ticketauth.c
@@ -1,7 +1,5 @@
 /* ticketauth.c */
 
-#error INSECURE/BROKEN -- DO NOT USE UNTIL READY
-
 #include <stdio.h>
 #include <string.h>
 #include <strings.h>
@@ -10,93 +8,87 @@
 #include "../core/config.h"
 #include "../nick/nick.h"
 #include "../core/error.h"
-#include "../lib/sha1.h"
+#include "../lib/hmac.h"
 #include "../lib/version.h"
-
+#include "../localuser/localuser.h"
 #include "../core/hooks.h"
 #include "../irc/irc.h"
 
-#define WARN_CHANNEL "#fishcowcow"
+#define CS_NODB
+#include "../chanserv/chanserv.h"
+
+#define WARN_CHANNEL "#twilightzone"
 
 MODULE_VERSION("");
 
 sstring *sharedsecret = NULL;
 
-/* here as we're not currently using TS, this should be REMOVED and the code updated to use localusersetaccount instead */
-void localusersetaccountnots(nick *np, char *accname) {
-  if (IsAccount(np)) {
-    Error("localuser",ERR_WARNING,"Tried to set account on user %s already authed", np->nick);
-    return;
-  }
-
-  SetAccount(np);
-  strncpy(np->authname, accname, ACCOUNTLEN);
-  np->authname[ACCOUNTLEN]='\0';
-
-  if (connected) {
-    irc_send("%s AC %s %s",mynumeric->content, longtonumeric(np->numeric,5), np->authname);
-  }
-
-  triggerhook(HOOK_NICK_ACCOUNT, np);
-}
-
 int ta_ticketauth(void *source, int cargc, char **cargv) {
   nick *np = (nick *)source;
-  char buffer[1024], *hmac, *acc;
-  unsigned char shabuf[20];
-  int expiry, acclen;
-  SHA1_CTX context;
+  char buffer[1024], *uhmac, *acc, *junk, *flags;
+  unsigned char digest[32];
+  int expiry, acclen, id;
+  hmacsha256 hmac;
+  channel *wcp;
 
   if(IsAccount(np)) {
     controlreply(np, "You're already authed.");
     return CMD_ERROR;
   }
 
-  if(cargc != 3)
+  if(cargc != 6) {
+    controlreply(np, "%d\n", cargc);
     return CMD_USAGE;
+  }
 
-  hmac = cargv[0];
-  acc = cargv[1];
+  acc = cargv[0];
+  expiry = atoi(cargv[1]);
+  id = atoi(cargv[2]);
   acclen = strlen(acc);
-  expiry = atoi(cargv[2]);
-  junk = cargv[3];
+  flags = cargv[3];
+  junk = cargv[4];
+  uhmac = cargv[5];
 
   if((acclen <= 1) || (acclen > ACCOUNTLEN)) {
     controlreply(np, "Bad account.");
     return CMD_ERROR;
   }
 
-  if(time(NULL) > expiry) {
+  if(time(NULL) > expiry + 30) {
     controlwall(NO_OPER, NL_MISC, "%s!%s@%s attempted to TICKETAUTH as %s (expired)", np->nick, np->ident, np->host->name->content, acc);
     controlreply(np, "Ticket time is bad or has expired.");
     return CMD_ERROR;
   }
-  
-  snprintf(buffer, sizeof(buffer), " %s %d %s", acc, expiry, junk);
 
-  SHA1Init(&context);
-  SHA1Update(&context, (unsigned char *)buffer, strlen(buffer));
-  SHA1Update(&context, (unsigned char *)buffer, strlen(buffer));
-  SHA1Final(shabuf, &context);
+  hmacsha256_init(&hmac, (unsigned char *)sharedsecret->content, sharedsecret->length);
+  snprintf(buffer, sizeof(buffer), "%s %d %d %s %s", acc, expiry, id, flags, junk);
+  hmacsha256_update(&hmac, (unsigned char *)buffer, strlen(buffer));
+  hmacsha256_final(&hmac, digest);
   
-  /* ha! */
-  snprintf(buffer, sizeof(buffer), "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", shabuf[0], shabuf[1],  shabuf[2], shabuf[3], shabuf[4], shabuf[5], shabuf[6], shabuf[7], shabuf[8], shabuf[9], shabuf[10], shabuf[11], shabuf[12], shabuf[13], shabuf[14], shabuf[15], shabuf[16], shabuf[17], shabuf[18], shabuf[19]);
+  /* hahahaha */
+  snprintf(buffer, sizeof(buffer), "%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x%.2x", digest[0], digest[1],  digest[2], digest[3], digest[4], digest[5], digest[6], digest[7], digest[8], digest[9], digest[10], digest[11], digest[12], digest[13], digest[14], digest[15], digest[16], digest[17], digest[18], digest[19], digest[20], digest[21], digest[22], digest[23], digest[24], digest[25], digest[26], digest[27], digest[28], digest[29], digest[30], digest[31]);
 
-  if(strcasecmp(buffer, hmac)) {
+  if(hmac_strcmp(buffer, uhmac)) {
     controlwall(NO_OPER, NL_MISC, "%s!%s@%s attempted to TICKETAUTH as %s (bad HMAC)", np->nick, np->ident, np->host->name->content, acc);
     controlreply(np, "Bad HMAC.");
     return CMD_ERROR;
   }
 
   controlwall(NO_OPER, NL_MISC, "%s!%s@%s TICKETAUTH'ed as %s", np->nick, np->ident, np->host->name->content, acc);
+
+  wcp = findchannel(WARN_CHANNEL);
+  if(wcp)
+    controlchanmsg(wcp, "WARNING: %s!%s@%s TICKETAUTH'ed as %s", np->nick, np->ident, np->host->name->content, acc);
+
   controlreply(np, "Ticket valid, authing. . .");
 
-  localusersetaccountnots(np, acc);
+  localusersetaccount(np, acc, id, cs_accountflagmap_str(flags), 0);
 
+  controlreply(np, "Done.");
   return CMD_OK;
 }
 
-void _init() {  
+void _init() {
   sharedsecret = getcopyconfigitem("ticketauth", "sharedsecret", "", 512);
   if(!sharedsecret || !sharedsecret->content || !sharedsecret->content[0]) {
     Error("ticketauth", ERR_ERROR, "Shared secret not defined in config file.");
@@ -108,7 +100,7 @@ void _init() {
     return;
   }
 
-  registercontrolhelpcmd("ticketauth", NO_OPERED, 3, ta_ticketauth, "Usage: ticketauth <ticket>");
+  registercontrolhelpcmd("ticketauth", NO_OPERED, 6, ta_ticketauth, "Usage: ticketauth <ticket>");
 }
 
 void _fini() {