diff options
| author | Russell King <rmk+kernel@arm.linux.org.uk> | 2016-06-05 14:43:34 +0100 |
|---|---|---|
| committer | Russell King <rmk+kernel@armlinux.org.uk> | 2019-07-21 20:59:35 +0100 |
| commit | 3cf1f1d92d1f70d22a5130b8ff9c602acd7f17c8 (patch) | |
| tree | 567a2fbdae892b44ba309c7877cada6328d5e531 /modules | |
| parent | 9b983823e867cfc951ccaa45832bddb5e945cc24 (diff) | |
Add initial support for client certificate fingerprints
Networks such as Freenode and OFTC use client certificates to identify
users and servers, not only for services, but also for server operator
status and auth blocks.
This allows us to use stronger certificates for authentication rather
than passwords.
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/m_dline.c | 2 | ||||
| -rw-r--r-- | modules/m_gline.c | 2 | ||||
| -rw-r--r-- | modules/m_kline.c | 4 | ||||
| -rw-r--r-- | modules/m_oper.c | 3 | ||||
| -rw-r--r-- | modules/m_stats.c | 18 | ||||
| -rw-r--r-- | modules/m_webirc.c | 3 |
6 files changed, 20 insertions, 12 deletions
diff --git a/modules/m_dline.c b/modules/m_dline.c index 6f69b6c..9521519 100644 --- a/modules/m_dline.c +++ b/modules/m_dline.c @@ -114,7 +114,7 @@ remove_dline_match(const char *host) else piphost = NULL; - if ((conf = find_conf_by_address(host, piphost, CONF_DLINE, aftype, NULL, NULL, 0))) + if ((conf = find_conf_by_address(host, piphost, CONF_DLINE, aftype, NULL, NULL, 0, NULL))) { if (IsConfDatabase(conf)) { diff --git a/modules/m_gline.c b/modules/m_gline.c index b429351..2068dc6 100644 --- a/modules/m_gline.c +++ b/modules/m_gline.c @@ -144,7 +144,7 @@ remove_gline_match(const char *user, const char *host) else piphost = NULL; - if ((conf = find_conf_by_address(host, piphost, CONF_GLINE, aftype, user, NULL, 0))) + if ((conf = find_conf_by_address(host, piphost, CONF_GLINE, aftype, user, NULL, 0, NULL))) { if (IsConfDatabase(conf)) { diff --git a/modules/m_kline.c b/modules/m_kline.c index 10b23c0..4a00dda 100644 --- a/modules/m_kline.c +++ b/modules/m_kline.c @@ -152,7 +152,7 @@ remove_kline_match(const char *host, const char *user) else piphost = NULL; - if ((conf = find_conf_by_address(host, piphost, CONF_KLINE, aftype, user, NULL, 0))) + if ((conf = find_conf_by_address(host, piphost, CONF_KLINE, aftype, user, NULL, 0, NULL))) { if (IsConfDatabase(conf)) { @@ -196,7 +196,7 @@ already_placed_kline(struct Client *source_p, const char *luser, const char *lho else piphost = NULL; - if ((conf = find_conf_by_address(lhost, piphost, CONF_KLINE, aftype, luser, NULL, 0))) + if ((conf = find_conf_by_address(lhost, piphost, CONF_KLINE, aftype, luser, NULL, 0, NULL))) { if (warn) { diff --git a/modules/m_oper.c b/modules/m_oper.c index 98342df..a8f0058 100644 --- a/modules/m_oper.c +++ b/modules/m_oper.c @@ -114,7 +114,8 @@ m_oper(struct Client *client_p, struct Client *source_p, } } - if (match_conf_password(password, conf)) + /* If we have valid certfp, don't check password */ + if (!EmptyString(conf->certfp) || match_conf_password(password, conf)) { if (attach_conf(source_p, conf) != 0) { diff --git a/modules/m_stats.c b/modules/m_stats.c index 4705d33..193364d 100644 --- a/modules/m_stats.c +++ b/modules/m_stats.c @@ -942,10 +942,12 @@ stats_auth(struct Client *source_p, int parc, char *parv[]) &source_p->localClient->ip, CONF_CLIENT, source_p->localClient->aftype, source_p->username, - source_p->localClient->passwd, 1); + source_p->localClient->passwd, 1, + source_p->certfp); else conf = find_conf_by_address(source_p->host, NULL, CONF_CLIENT, - 0, source_p->username, NULL, 1); + 0, source_p->username, NULL, 1, + source_p->certfp); if (conf == NULL) return; @@ -1024,10 +1026,12 @@ stats_tklines(struct Client *source_p, int parc, char *parv[]) conf = find_conf_by_address(source_p->host, &source_p->localClient->ip, CONF_KLINE, source_p->localClient->aftype, - source_p->username, NULL, 1); + source_p->username, NULL, 1, + source_p->certfp); else conf = find_conf_by_address(source_p->host, NULL, CONF_KLINE, - 0, source_p->username, NULL, 1); + 0, source_p->username, NULL, 1, + source_p->certfp); if (!conf) return; @@ -1063,10 +1067,12 @@ stats_klines(struct Client *source_p, int parc, char *parv[]) conf = find_conf_by_address(source_p->host, &source_p->localClient->ip, CONF_KLINE, source_p->localClient->aftype, - source_p->username, NULL, 0); + source_p->username, NULL, 0, + source_p->certfp); else conf = find_conf_by_address(source_p->host, NULL, CONF_KLINE, - 0, source_p->username, NULL, 0); + 0, source_p->username, NULL, 0, + source_p->certfp); if (!conf) return; diff --git a/modules/m_webirc.c b/modules/m_webirc.c index 8a53b6b..635c521 100644 --- a/modules/m_webirc.c +++ b/modules/m_webirc.c @@ -63,7 +63,8 @@ mr_webirc(struct Client *client_p, struct Client *source_p, int parc, char *parv conf = find_address_conf(source_p->host, IsGotId(source_p) ? source_p->username : "webirc", &source_p->localClient->ip, - source_p->localClient->aftype, parv[1]); + source_p->localClient->aftype, parv[1], + source_p->certfp); if (conf == NULL || !IsConfClient(conf)) return 0; |