2 * ircd-ratbox: A slightly useful ircd.
3 * m_oper.c: Makes a user an IRC Operator.
5 * Copyright (C) 1990 Jarkko Oikarinen and University of Oulu, Co Center
6 * Copyright (C) 1996-2002 Hybrid Development Team
7 * Copyright (C) 2002-2005 ircd-ratbox development team
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 2 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
31 #include "s_newconf.h"
42 static const char oper_desc
[] = "Provides the OPER command to become an IRC operator";
44 static void m_oper(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
45 static void mc_oper(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
46 static void me_oper(struct MsgBuf
*, struct Client
*, struct Client
*, int, const char **);
48 static bool match_oper_password(const char *password
, struct oper_conf
*oper_p
);
50 struct Message oper_msgtab
= {
52 {mg_unreg
, {m_oper
, 3}, {mc_oper
, 2}, mg_ignore
, {me_oper
, 2}, {m_oper
, 3}}
55 mapi_clist_av1 oper_clist
[] = { &oper_msgtab
, NULL
};
57 DECLARE_MODULE_AV2(oper
, NULL
, NULL
, oper_clist
, NULL
, NULL
, NULL
, NULL
, oper_desc
);
62 * parv[2] = oper password
65 m_oper(struct MsgBuf
*msgbuf_p
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char *parv
[])
67 struct oper_conf
*oper_p
;
74 if (ConfigFileEntry
.oper_secure_only
&& !IsSecureClient(source_p
))
76 sendto_one_notice(source_p
, ":You must be using a secure connection to /OPER on this server");
77 if (ConfigFileEntry
.failed_oper_notice
)
79 sendto_realops_snomask(SNO_GENERAL
, L_NETWIDE
,
80 "Failed OPER attempt - missing secure connection by %s (%s@%s)",
81 source_p
->name
, source_p
->username
, source_p
->host
);
88 sendto_one(source_p
, form_str(RPL_YOUREOPER
), me
.name
, source_p
->name
);
89 send_oper_motd(source_p
);
93 /* end the grace period */
94 if(!IsFloodDone(source_p
))
95 flood_endgrace(source_p
);
97 oper_p
= find_oper_conf(source_p
->username
, source_p
->orighost
,
98 source_p
->sockhost
, name
);
102 sendto_one_numeric(source_p
, ERR_NOOPERHOST
, form_str(ERR_NOOPERHOST
));
103 ilog(L_FOPER
, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
104 name
, source_p
->name
,
105 source_p
->username
, source_p
->host
, source_p
->sockhost
);
107 if(ConfigFileEntry
.failed_oper_notice
)
109 sendto_realops_snomask(SNO_GENERAL
, L_NETWIDE
,
110 "Failed OPER attempt - host mismatch by %s (%s@%s)",
111 source_p
->name
, source_p
->username
, source_p
->host
);
117 if(IsOperConfNeedSSL(oper_p
) && !IsSecureClient(source_p
))
119 sendto_one_numeric(source_p
, ERR_NOOPERHOST
, form_str(ERR_NOOPERHOST
));
120 ilog(L_FOPER
, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- requires SSL/TLS",
121 name
, source_p
->name
,
122 source_p
->username
, source_p
->host
, source_p
->sockhost
);
124 if(ConfigFileEntry
.failed_oper_notice
)
126 sendto_realops_snomask(SNO_GENERAL
, L_ALL
,
127 "Failed OPER attempt - missing SSL/TLS by %s (%s@%s)",
128 source_p
->name
, source_p
->username
, source_p
->host
);
133 if (oper_p
->certfp
!= NULL
)
135 if (source_p
->certfp
== NULL
|| rb_strcasecmp(source_p
->certfp
, oper_p
->certfp
))
137 sendto_one_numeric(source_p
, ERR_NOOPERHOST
, form_str(ERR_NOOPERHOST
));
138 ilog(L_FOPER
, "FAILED OPER (%s) by (%s!%s@%s) (%s) -- client certificate fingerprint mismatch",
139 name
, source_p
->name
,
140 source_p
->username
, source_p
->host
, source_p
->sockhost
);
142 if(ConfigFileEntry
.failed_oper_notice
)
144 sendto_realops_snomask(SNO_GENERAL
, L_ALL
,
145 "Failed OPER attempt - client certificate fingerprint mismatch by %s (%s@%s)",
146 source_p
->name
, source_p
->username
, source_p
->host
);
152 if(match_oper_password(password
, oper_p
))
154 oper_up(source_p
, oper_p
);
156 ilog(L_OPERED
, "OPER %s by %s!%s@%s (%s)",
157 name
, source_p
->name
, source_p
->username
, source_p
->host
,
163 sendto_one(source_p
, form_str(ERR_PASSWDMISMATCH
),
164 me
.name
, source_p
->name
);
166 ilog(L_FOPER
, "FAILED OPER (%s) by (%s!%s@%s) (%s)",
167 name
, source_p
->name
, source_p
->username
, source_p
->host
,
170 if(ConfigFileEntry
.failed_oper_notice
)
172 sendto_realops_snomask(SNO_GENERAL
, L_NETWIDE
,
173 "Failed OPER attempt by %s (%s@%s)",
174 source_p
->name
, source_p
->username
, source_p
->host
);
180 * mc_oper - server-to-server OPER propagation
185 mc_oper(struct MsgBuf
*msgbuf_p
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char *parv
[])
187 struct PrivilegeSet
*privset
;
191 sendto_server(client_p
, NULL
, CAP_TS6
, NOCAPS
, ":%s OPER %s %s", use_id(source_p
), parv
[1], parv
[2]);
193 privset
= privilegeset_get(parv
[2]);
196 /* if we don't have a matching privset, we'll create an empty one and
197 * mark it illegal, so it gets picked up on a rehash later */
198 sendto_realops_snomask(SNO_GENERAL
, L_NETWIDE
, "Received OPER for %s with unknown privset %s", source_p
->name
, parv
[2]);
199 privset
= privilegeset_set_new(parv
[2], "", 0);
200 privset
->status
|= CONF_ILLEGAL
;
203 privset
= privilegeset_ref(privset
);
204 if (source_p
->user
->privset
!= NULL
)
205 privilegeset_unref(source_p
->user
->privset
);
207 source_p
->user
->privset
= privset
;
211 sendto_server(client_p
, NULL
, CAP_TS6
, NOCAPS
, ":%s OPER %s", use_id(source_p
), parv
[1]);
214 rb_free(source_p
->user
->opername
);
215 source_p
->user
->opername
= rb_strdup(parv
[1]);
219 * me_oper - ircd-seven-style OPER propagation
223 me_oper(struct MsgBuf
*msgbuf_p
, struct Client
*client_p
, struct Client
*source_p
, int parc
, const char *parv
[])
225 rb_free(source_p
->user
->opername
);
226 source_p
->user
->opername
= rb_strdup(parv
[1]);
230 * match_oper_password
232 * inputs - pointer to given password
234 * output - true if match, false otherwise
235 * side effects - none
238 match_oper_password(const char *password
, struct oper_conf
*oper_p
)
242 /* passwd may be NULL pointer. Head it off at the pass... */
243 if(EmptyString(oper_p
->passwd
))
246 if(IsOperConfEncrypted(oper_p
))
248 /* use first two chars of the password they send in as salt */
249 /* If the password in the conf is MD5, and ircd is linked
250 * to scrypt on FreeBSD, or the standard crypt library on
251 * glibc Linux, then this code will work fine on generating
252 * the proper encrypted hash for comparison.
254 if(!EmptyString(password
))
255 encr
= rb_crypt(password
, oper_p
->passwd
);
262 if(encr
!= NULL
&& strcmp(encr
, oper_p
->passwd
) == 0)