Browse Source

* AUTHHASH now works as follows:
If authkey is set in .config, auth hashing will occur.
If a user has a SECPASS set (default: random), auth hashing will occur.
If either of the above two things are empty, auth hashing will NOT occur.


svn: 1166

Bryan Drewery 22 years ago
parent
commit
334e83be3d
7 changed files with 55 additions and 65 deletions
  1. 0 1
      config.h.in
  2. 5 1
      doc/UPDATES
  3. 0 3
      src/auth.c
  4. 2 8
      src/auth.h
  5. 0 4
      src/cfg.c
  6. 3 6
      src/cfg.h
  7. 45 42
      src/mod/irc.mod/msgcmds.c

+ 0 - 1
config.h.in

@@ -336,7 +336,6 @@
 #undef volatile
 
 /* Defines for pack features */
-#undef S_AUTHHASH
 #undef S_AUTOLOCK
 #undef S_DCCAUTH
 #undef S_GARBLESTRINGS

+ 5 - 1
doc/UPDATES

@@ -5,13 +5,17 @@ This is a summary of ChangeLog basically.
 * Wrote new 'response' code for misc stuff like kick reasons, and dcc responses...
 * Removed many unnecesary compile defines: (.config controlling them makes more sense)
   ANTITRACE, HIJACKCHECK, LASTCHECK, NODELAY, PROCESSCHECK, PROMISC, AUTHCMDS, CONFEDIT
-  RANDSERVERS, DCCPASS, PSCLOAK, MSGCMDS, UTCTIME, AUTOAWAY
+  RANDSERVERS, DCCPASS, PSCLOAK, MSGCMDS, UTCTIME, AUTOAWAY, AUTHHASH
   -Moved PSCLOAK entries to misc/responses.txt
 * All dates are UTC (GMT) now.
 * cmd_newleaf was sharing the new bot incorrectly.
 * Fixed a cosmetic/memory bug in cmd_who.
 * cmd_bots was displaying the wrong number of bots up.
 * -userbans no longer exempts +m|m
+* AUTHHASH now works as follows:
+  If authkey is set in .config, auth hashing will occur.
+  If a user has a SECPASS set (default: random), auth hashing will occur.
+  If either of the above two things are empty, auth hashing will NOT occur.
 
 1.1.9
 

+ 0 - 3
src/auth.c

@@ -70,7 +70,6 @@ init_auth()
   timer_create_secs(60, "expire_auths", (Function) expire_auths);
 }
 
-#if defined(S_AUTHHASH) || defined(S_DCCAUTH)
 char *
 makehash(struct userrec *u, char *randstring)
 {
@@ -88,8 +87,6 @@ makehash(struct userrec *u, char *randstring)
 
   return MD5(hash);
 }
-#endif /* S_AUTHHASH || S_DCCAUTH */
-
 
 char *
 makebdhash(char *randstring)

+ 2 - 8
src/auth.h

@@ -1,6 +1,7 @@
 #ifndef _AUTH_H
 #  define _AUTH_H
 
+#  include "cfg.h"
 #  include "crypt.h"
 
 struct auth_t {
@@ -20,19 +21,12 @@ int new_auth();
 int findauth(char *);
 void removeauth(int);
 char *makebdhash(char *);
-
-#  if defined(S_AUTHHASH) || defined(S_DCCAUTH)
 char *makehash(struct userrec *, char *);
-#  endif /* S_AUTHHASH || S_DCCAUTH */
 
 
 extern int auth_total;
 extern struct auth_t *auth;
 
-#  if defined(S_AUTHHASH) || defined(S_DCCAUTH)
-#    include "cfg.h"
-#    define authkey CFG_AUTHKEY.ldata ? CFG_AUTHKEY.ldata : CFG_AUTHKEY.gdata ? CFG_AUTHKEY.gdata : ""
-#  endif
-       /* S_AUTHHASH || S_DCCAUTH */
+#  define authkey CFG_AUTHKEY.ldata ? CFG_AUTHKEY.ldata : CFG_AUTHKEY.gdata ? CFG_AUTHKEY.gdata : ""
 
 #endif /* !_AUTH_H */

+ 0 - 4
src/cfg.c

@@ -82,7 +82,6 @@ struct cfg_entry CFG_SERVPORT = {
 #endif /* LEAF */
 };
 
-#if defined(S_AUTHHASH) || defined(S_DCCAUTH)
 #ifdef HUB
 static void authkey_describe(struct cfg_entry *entry, int idx) {
   dprintf(idx, 
@@ -98,7 +97,6 @@ struct cfg_entry CFG_AUTHKEY = {
 	NULL, NULL, authkey_describe
 #endif /* LEAF */
 };
-#endif /* S_AUTHHASH || S_DCCAUTH */
 
 #ifdef HUB
 static void msgcmds_describe(struct cfg_entry *entry, int idx) {
@@ -821,9 +819,7 @@ void init_config()
 {
   add_cfg(&CFG_SERVPORT);
   add_cfg(&CFG_CHANSET);
-#if defined(S_AUTHHASH) || defined(S_DCCAUTH)
   add_cfg(&CFG_AUTHKEY);
-#endif /* S_AUTHHASH || S_DCCAUTH */
   add_cfg(&CFG_MOTD);
   add_cfg(&CFG_FORKINTERVAL);
   add_cfg(&CFG_LOGIN);

+ 3 - 6
src/cfg.h

@@ -23,15 +23,12 @@ typedef struct cfg_entry {
 extern struct cfg_entry CFG_MOTD, CFG_CMDPREFIX, CFG_BADCOOKIE, CFG_MANUALOP, CFG_MDOP, 
                         CFG_MOP, CFG_FORKINTERVAL, CFG_CHANSET, CFG_SERVERS, CFG_SERVERS6, 
                         CFG_NICK, CFG_REALNAME, CFG_INBOTS, CFG_LAGTHRESHOLD, CFG_OPREQUESTS, CFG_OPTIMESLACK,
-                        CFG_OPBOTS, CFG_INBOTS, CFG_SERVPORT;
-#if defined(S_AUTHHASH) || defined(S_DCCAUTH)
-extern struct cfg_entry CFG_AUTHKEY;
-#endif /* S_AUTHHASH || S_DCCAUTH */
-extern struct cfg_entry CFG_MSGOP, CFG_MSGPASS, CFG_MSGINVITE, CFG_MSGIDENT;
+                        CFG_OPBOTS, CFG_INBOTS, CFG_SERVPORT, CFG_AUTHKEY, CFG_MSGOP, CFG_MSGPASS, 
+			CFG_MSGINVITE, CFG_MSGIDENT, CFG_LOGIN, CFG_HIJACK, CFG_TRACE, CFG_PROMISC, 
+			CFG_BADPROCESS, CFG_PROCESSLIST;
 #ifdef G_MEAN
 extern struct cfg_entry CFG_MEANDEOP, CFG_MEANKICK, CFG_MEANBAN;
 #endif /* G_MEAN */
-extern struct cfg_entry CFG_LOGIN, CFG_HIJACK, CFG_TRACE, CFG_PROMISC, CFG_BADPROCESS, CFG_PROCESSLIST;
 #ifdef S_AUTOLOCK
 struct cfg_entry CFG_FIGHTTHRESHOLD;
 #endif /* S_AUTOLOCK */

+ 45 - 42
src/mod/irc.mod/msgcmds.c

@@ -255,15 +255,22 @@ static int msg_authstart(char *nick, char *host, struct userrec *u, char *par)
   dprintf(DP_HELP, "PRIVMSG %s :auth%s %s\n", nick, u ? "." : "!", conf.bot->nick);
 
   return BIND_RET_BREAK;
+}
 
+static void
+addauth(int i, char *nick, char *host)
+{
+  putlog(LOG_CMDS, "*", "(%s!%s) !%s! +AUTH", nick, host, auth[i].user->handle);
+  auth[i].authed = 1;
+  auth[i].authing = 0;
+  auth[i].authtime = now;
+  auth[i].atime = now;
+  dprintf(DP_HELP, "NOTICE %s :You are now authorized for cmds, see %chelp\n", nick, cmdprefix);
 }
 
 static int msg_auth(char *nick, char *host, struct userrec *u, char *par)
 {
   char *pass = NULL;
-#ifdef S_AUTHHASH
-  char randstring[50] = "";
-#endif /* S_AUTHHASH */
   int i = 0;
 
   if (match_my_nick(nick))
@@ -282,17 +289,23 @@ static int msg_auth(char *nick, char *host, struct userrec *u, char *par)
   pass = newsplit(&par);
 
   if (u_pass_match(u, pass) && !u_pass_match(u, "-")) {
-      auth[i].user = u;
-      strcpy(auth[i].hand, u->handle);
-#ifdef S_AUTHHASH
-      putlog(LOG_CMDS, "*", "(%s!%s) !%s! -AUTH", nick, host, u->handle);
+    auth[i].user = u;
+    strcpy(auth[i].hand, u->handle);
+    if (strlen(authkey) && get_user(&USERENTRY_SECPASS, u)) {
+      char randstring[50] = "";
+
+      putlog(LOG_CMDS, "*", "(%s!%s) !%s! AUTH", nick, host, u->handle);
 
       auth[i].authing = 2;      
       make_rand_str(randstring, 50);
       strncpyz(auth[i].hash, makehash(u, randstring), sizeof auth[i].hash);
       dprintf(DP_HELP, "PRIVMSG %s :-Auth %s %s\n", nick, randstring, conf.bot->nick);
+    } else {
+      /* no authkey and/or no SECPASS for the user, don't require a hash auth */
+      addauth(i, nick, host);
+    }
   } else {
-    putlog(LOG_CMDS, "*", "(%s!%s) !%s! failed -AUTH", nick, host, u->handle);
+    putlog(LOG_CMDS, "*", "(%s!%s) !%s! failed AUTH", nick, host, u->handle);
     removeauth(i);
   }
   return BIND_RET_BREAK;
@@ -301,44 +314,36 @@ static int msg_auth(char *nick, char *host, struct userrec *u, char *par)
 
 static int msg_pls_auth(char *nick, char *host, struct userrec *u, char *par)
 {
+  if (strlen(authkey) && get_user(&USERENTRY_SECPASS, u)) {
+    int i = 0;
 
-  int i = 0;
+    if (match_my_nick(nick))
+      return BIND_RET_BREAK;
+    if (u && u->bot)
+      return BIND_RET_BREAK;
 
-  if (match_my_nick(nick))
-    return BIND_RET_BREAK;
-  if (u && u->bot)
-    return BIND_RET_BREAK;
+    i = findauth(host);
 
-  i = findauth(host);
+    if (i == -1)
+      return BIND_RET_BREAK;
 
-  if (i == -1)
-    return BIND_RET_BREAK;
+    if (auth[i].authing != 2)
+      return BIND_RET_BREAK;
 
-  if (auth[i].authing != 2)
+    if (!strcmp(auth[i].hash, par)) { /* good hash! */
+      addauth(i, nick, host);
+    } else { /* bad hash! */
+      char s[300] = "";
+
+      putlog(LOG_CMDS, "*", "(%s!%s) !%s! failed +AUTH", nick, host, u->handle);
+      dprintf(DP_HELP, "NOTICE %s :Invalid hash.\n", nick);
+      sprintf(s, "*!%s", host);
+      addignore(s, origbotname, "Invalid auth hash.", now + (60 * ignore_time));
+      removeauth(i);
+    } 
     return BIND_RET_BREAK;
-
-  if (!strcmp(auth[i].hash, par)) { /* good hash! */
-#endif /* S_AUTHHASH */
-    putlog(LOG_CMDS, "*", "(%s!%s) !%s! +AUTH", nick, host, u->handle);
-    auth[i].authed = 1;
-    auth[i].authing = 0;
-    auth[i].authtime = now;
-    auth[i].atime = now;
-    dprintf(DP_HELP, "NOTICE %s :You are now authorized for cmds, see %chelp\n", nick, cmdprefix);
-  } else { /* bad hash! */
-    putlog(LOG_CMDS, "*", "(%s!%s) !%s! failed +AUTH", nick, host, u->handle);
-#ifdef S_AUTHHASH
-{
-    char s[300] = "";
-
-    dprintf(DP_HELP, "NOTICE %s :Invalid hash.\n", nick);
-    sprintf(s, "*!%s", host);
-    addignore(s, origbotname, "Invalid auth hash.", now + (60 * ignore_time));
-}
-#endif /* S_AUTHHASH */
-    removeauth(i);
-  } 
-  return BIND_RET_BREAK;
+  }
+  return BIND_RET_LOG;
 }
 
 static int msg_unauth(char *nick, char *host, struct userrec *u, char *par)
@@ -449,9 +454,7 @@ static cmd_t C_msg[] =
 {
   {"auth?",		"",	(Function) msg_authstart,	NULL},
   {"auth",		"",	(Function) msg_auth,		NULL},
-#ifdef S_AUTHHASH
   {"+auth",		"",	(Function) msg_pls_auth,	NULL},
-#endif /* S_AUTHHASH */
   {"unauth",		"",	(Function) msg_unauth,		NULL},
   {"ident",   		"",	(Function) msg_ident,		NULL},
   {"invite",		"",	(Function) msg_invite,		NULL},