]> jfr.im git - irc/rqf/shadowircd.git/blobdiff - modules/m_challenge.c
projects / irc / rqf / shadowircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Enforce TS rules on MLOCKs.
[irc/rqf/shadowircd.git] / modules / m_challenge.c
diff --git a/modules/m_challenge.c b/modules/m_challenge.c
index e0b9dbe053a4ced838a0c9352fea332d0103e84d..73f8e909aec33aa27776e43d284be9ee7b7fedfa 100644 (file)
--- a/modules/m_challenge.c
+++ b/modules/m_challenge.c
@@ -21,7 +21,6 @@
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
  *  USA
  *
- *  $Id: m_challenge.c 3161 2007-01-25 07:23:01Z nenolod $
  */
 
 #include "stdinc.h"
@@ -100,7 +99,6 @@ cleanup_challenge(struct Client *target_p)
 
 /*
  * m_challenge - generate RSA challenge for wouldbe oper
- * parv[0] = sender prefix
  * parv[1] = operator to challenge for, or +response
  *
  */
@@ -173,8 +171,7 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch
 
                if(oper_p == NULL)
                {
-                       sendto_one(source_p, form_str(ERR_NOOPERHOST), 
-                                  me.name, source_p->name);
+                       sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
                        ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
                             source_p->localClient->opername, source_p->name,
                             source_p->username, source_p->host,
@@ -205,7 +202,7 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch
 
        if(oper_p == NULL)
        {
-               sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
+               sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
                ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
                     parv[1], source_p->name,
                     source_p->username, source_p->host, source_p->sockhost);
@@ -225,7 +222,7 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch
 
        if(IsOperConfNeedSSL(oper_p) && !IsSSLClient(source_p))
        {
-               sendto_one(source_p, form_str(ERR_NOOPERHOST), me.name, source_p->name);
+               sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
                ilog(L_FOPER, "FAILED CHALLENGE (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS",
                     parv[1], source_p->name, source_p->username, source_p->host,
                     source_p->sockhost);
@@ -239,6 +236,25 @@ m_challenge(struct Client *client_p, struct Client *source_p, int parc, const ch
                return 0;
        }
 
+       if (oper_p->certfp != NULL)
+       {
+               if (source_p->certfp == NULL || strcasecmp(source_p->certfp, oper_p->certfp))
+               {
+                       sendto_one_numeric(source_p, ERR_NOOPERHOST, form_str(ERR_NOOPERHOST));
+                       ilog(L_FOPER, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- client certificate fingerprint mismatch",
+                            parv[1], source_p->name,
+                            source_p->username, source_p->host, source_p->sockhost);
+
+                       if(ConfigFileEntry.failed_oper_notice)
+                       {
+                               sendto_realops_snomask(SNO_GENERAL, L_ALL,
+                                                    "Failed OPER attempt - client certificate fingerprint mismatch by %s (%s@%s)",
+                                                    source_p->name, source_p->username, source_p->host);
+                       }
+                       return 0;
+               }
+       }
+
        if(!generate_challenge(&challenge, &(source_p->localClient->challenge), oper_p->rsa_pubkey))
        {
                char *chal = challenge;
Unnamed repository; edit this file 'description' to name the repository.