1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 21:43:12 +02:00

More cleanups: now mostly auth-related: use better names and use enums

for authentication types. Rename Auth_Make to Auth_Hash. Add docs. etc.
This commit is contained in:
Bram Matthys
2019-09-11 12:37:34 +02:00
parent e8d53ffe8e
commit 05e776fb71
15 changed files with 114 additions and 114 deletions
-40
View File
@@ -1,40 +0,0 @@
/************************************************************************
* Unreal Internet Relay Chat Daemon, include/auth.h
* Copyright (C) 2001 Carsten V. Munk (stskeeps@tspre.org)
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* $Id$
*/
typedef struct {
char *data;
short type;
} anAuthStruct;
#define AUTHTYPE_PLAINTEXT 0
#define AUTHTYPE_UNIXCRYPT 1
#define AUTHTYPE_MD5 2
#define AUTHTYPE_SHA1 3
#define AUTHTYPE_TLS_CLIENTCERT 4
#define AUTHTYPE_RIPEMD160 5
#define AUTHTYPE_TLS_CLIENTCERTFP 6
#define AUTHTYPE_BCRYPT 7
#define AUTHTYPE_SPKIFP 8
#define AUTHTYPE_ARGON2 9
#ifndef HAVE_CRYPT
#define crypt DES_crypt
#endif
+5 -5
View File
@@ -468,11 +468,11 @@ extern void close_connections(void);
extern int b64_encode(unsigned char const *src, size_t srclength, char *target, size_t targsize);
extern int b64_decode(char const *src, unsigned char *target, size_t targsize);
extern int Auth_FindType(char *hash, char *type);
extern anAuthStruct *Auth_ConvertConf2AuthStruct(ConfigEntry *ce);
extern void Auth_DeleteAuthStruct(anAuthStruct *as);
extern int Auth_Check(Client *cptr, anAuthStruct *as, char *para);
extern char *Auth_Make(short type, char *para);
extern AuthenticationType Auth_FindType(char *hash, char *type);
extern AuthConfig *AuthBlockToAuthConfig(ConfigEntry *ce);
extern void Auth_DeleteAuthConfig(AuthConfig *as);
extern int Auth_Check(Client *cptr, AuthConfig *as, char *para);
extern char *Auth_Hash(int type, char *para);
extern int Auth_CheckError(ConfigEntry *ce);
extern char *make_virthost(Client *sptr, char *curr, char *new, int mode);
+32 -7
View File
@@ -55,7 +55,6 @@
# include <sys/syslog.h>
# endif
#endif
#include "auth.h"
#define PCRE2_CODE_UNIT_WIDTH 8
#include "pcre2.h"
@@ -1011,7 +1010,33 @@ struct NameValueList {
#define PREPROCESSOR_PHASE_INITIAL 1
#define PREPROCESSOR_PHASE_MODULE 2
typedef enum AuthenticationType {
AUTHTYPE_INVALID = -1,
AUTHTYPE_PLAINTEXT = 0,
AUTHTYPE_UNIXCRYPT = 1,
AUTHTYPE_MD5 = 2,
AUTHTYPE_SHA1 = 3,
AUTHTYPE_TLS_CLIENTCERT = 4,
AUTHTYPE_RIPEMD160 = 5,
AUTHTYPE_TLS_CLIENTCERTFP = 6,
AUTHTYPE_BCRYPT = 7,
AUTHTYPE_SPKIFP = 8,
AUTHTYPE_ARGON2 = 9,
} AuthenticationType;
typedef struct AuthConfig AuthConfig;
/** Authentication Configuration - this can be a password or
* other authentication method that was parsed from the
* configuration file.
*/
struct AuthConfig {
AuthenticationType type; /**< Type of data, one of AUTHTYPE_* (TODO: enum?) */
char *data; /**< Data associated with this record */
};
#ifndef HAVE_CRYPT
#define crypt DES_crypt
#endif
/*
* conf2 stuff -stskeeps
@@ -1128,7 +1153,7 @@ struct ConfigItem_allow {
ConfigItem_allow *prev, *next;
ConfigFlag flag;
char *ip, *hostname, *server;
anAuthStruct *auth;
AuthConfig *auth;
unsigned short maxperip;
int port;
ConfigItem_class *class;
@@ -1189,7 +1214,7 @@ struct ConfigItem_oper {
ConfigFlag flag;
char *name, *snomask;
SWhois *swhois;
anAuthStruct *auth;
AuthConfig *auth;
char *operclass;
ConfigItem_class *class;
ConfigItem_mask *mask;
@@ -1230,8 +1255,8 @@ struct ConfigItem_mask {
};
struct ConfigItem_drpass {
anAuthStruct *restartauth;
anAuthStruct *dieauth;
AuthConfig *restartauth;
AuthConfig *dieauth;
};
struct ConfigItem_ulines {
@@ -1279,7 +1304,7 @@ struct ConfigItem_vhost {
ConfigItem_mask *mask;
char *login, *virthost, *virtuser;
SWhois *swhois;
anAuthStruct *auth;
AuthConfig *auth;
};
struct ConfigItem_link {
@@ -1296,7 +1321,7 @@ struct ConfigItem_link {
int port; /**< Port to connect to */
int options; /**< Connect options like tls or autoconnect */
} outgoing;
anAuthStruct *auth; /**< authentication method (eg: password) */
AuthConfig *auth; /**< authentication method (eg: password) */
char *hub; /**< Hub mask */
char *leaf; /**< Leaf mask */
int leaf_depth; /**< Leaf depth */
+1 -1
View File
@@ -41,7 +41,7 @@ SRC=$(OBJS:%.o=%.c)
BINCFLAGS=@HARDEN_BINCFLAGS@
BINLDFLAGS=@DYNAMIC_LDFLAGS@ @HARDEN_BINLDFLAGS@
INCLUDES = ../include/auth.h ../include/channel.h \
INCLUDES = ../include/channel.h \
../include/class.h ../include/common.h ../include/config.h ../include/dbuf.h \
../include/dynconf.h ../include/fdlist.h ../include/h.h \
../include/ircsprintf.h \
+49 -34
View File
@@ -21,7 +21,14 @@
#include "crypt_blowfish.h"
#include <argon2.h>
anAuthStruct MODVAR AuthTypes[] = {
typedef struct AuthTypeList AuthTypeList;
struct AuthTypeList {
char *name;
AuthenticationType type;
};
/** The list of authentication types that we support. */
AuthTypeList MODVAR AuthTypeLists[] = {
{"plain", AUTHTYPE_PLAINTEXT},
{"plaintext", AUTHTYPE_PLAINTEXT},
{"md5", AUTHTYPE_MD5},
@@ -119,36 +126,33 @@ int Auth_AutoDetectHashType(char *hash)
* than trying to determine the type on the 'hash' parameter.
* Or leave NULL, then we use hash autodetection.
*/
int Auth_FindType(char *hash, char *type)
AuthenticationType Auth_FindType(char *hash, char *type)
{
if (type)
{
anAuthStruct *p = AuthTypes;
while (p->data)
AuthTypeList *e = AuthTypeLists;
while (e->name)
{
if (!mycmp(p->data, type))
return p->type;
p++;
if (!mycmp(e->name, type))
return e->type;
e++;
}
return -1; /* Not found */
return AUTHTYPE_INVALID; /* Not found */
}
if (hash)
return Auth_AutoDetectHashType(hash);
return -1; /* both 'hash' and 'type' are NULL */
return AUTHTYPE_INVALID; /* both 'hash' and 'type' are NULL */
}
/*
* This is for converting something like:
* {
* password "data" { type; };
* }
/** Check the syntax of an authentication block.
* This is a block like: password "data" { type; };
* in the configuration file.
*/
int Auth_CheckError(ConfigEntry *ce)
int Auth_CheckError(ConfigEntry *ce)
{
short type = AUTHTYPE_PLAINTEXT;
AuthenticationType type = AUTHTYPE_PLAINTEXT;
X509 *x509_filecert = NULL;
FILE *x509_f = NULL;
if (!ce->ce_vardata)
@@ -241,22 +245,25 @@ int Auth_CheckError(ConfigEntry *ce)
return 1;
}
anAuthStruct *Auth_ConvertConf2AuthStruct(ConfigEntry *ce)
/** Convert an authentication block from the configuration file
* into an AuthConfig structure so it can be used at runtime.
*/
AuthConfig *AuthBlockToAuthConfig(ConfigEntry *ce)
{
short type = AUTHTYPE_PLAINTEXT;
anAuthStruct *as = NULL;
AuthenticationType type = AUTHTYPE_PLAINTEXT;
AuthConfig *as = NULL;
type = Auth_FindType(ce->ce_vardata, ce->ce_entries ? ce->ce_entries->ce_varname : NULL);
if (type == -1)
if (type == AUTHTYPE_INVALID)
type = AUTHTYPE_PLAINTEXT;
as = MyMallocEx(sizeof(anAuthStruct));
as = MyMallocEx(sizeof(AuthConfig));
as->data = strdup(ce->ce_vardata);
as->type = type;
return as;
}
void Auth_DeleteAuthStruct(anAuthStruct *as)
void Auth_DeleteAuthConfig(AuthConfig *as)
{
if (!as)
return;
@@ -306,7 +313,7 @@ int max;
return 1;
}
static int authcheck_argon2(Client *cptr, anAuthStruct *as, char *para)
static int authcheck_argon2(Client *cptr, AuthConfig *as, char *para)
{
argon2_type hashtype;
@@ -331,7 +338,7 @@ static int authcheck_argon2(Client *cptr, anAuthStruct *as, char *para)
return -1; /* NO MATCH or error */
}
static int authcheck_bcrypt(Client *cptr, anAuthStruct *as, char *para)
static int authcheck_bcrypt(Client *cptr, AuthConfig *as, char *para)
{
char data[512]; /* NOTE: only 64 required by BF_crypt() */
char *str;
@@ -351,7 +358,7 @@ char *str;
return -1; /* NO MATCH */
}
static int authcheck_md5(Client *cptr, anAuthStruct *as, char *para)
static int authcheck_md5(Client *cptr, AuthConfig *as, char *para)
{
static char buf[512];
int i, r;
@@ -407,7 +414,7 @@ char *saltstr, *hashstr;
return -1; /* NOTREACHED */
}
static int authcheck_sha1(Client *cptr, anAuthStruct *as, char *para)
static int authcheck_sha1(Client *cptr, AuthConfig *as, char *para)
{
char buf[512];
int i, r;
@@ -465,7 +472,7 @@ char *saltstr, *hashstr;
}
}
static int authcheck_ripemd160(Client *cptr, anAuthStruct *as, char *para)
static int authcheck_ripemd160(Client *cptr, AuthConfig *as, char *para)
{
char buf[512];
int i, r;
@@ -533,9 +540,9 @@ char *saltstr, *hashstr;
* 1 if authentication succeeded
* 2 if authentication succeeded, using parameter
* -2 if authentication is delayed, don't error
* No AuthStruct = everyone allowed
* No AuthConfig = everyone allowed
*/
int Auth_Check(Client *cptr, anAuthStruct *as, char *para)
int Auth_Check(Client *cptr, AuthConfig *as, char *para)
{
extern char *crypt();
char *res;
@@ -661,6 +668,9 @@ int Auth_Check(Client *cptr, anAuthStruct *as, char *para)
return 2; /* SUCCESS */
}
case AUTHTYPE_INVALID:
return -1; /* Should never happen */
}
return -1;
}
@@ -734,18 +744,23 @@ static char *mkpass_bcrypt(char *para)
return buf;
}
char *Auth_Make(short type, char *para)
/** Create a hashed password for the specified string.
* @param type One of AUTHTYPE_*, eg AUTHTYPE_ARGON2.
* @param text The password in plaintext.
* @returns The hashed password.
*/
char *Auth_Hash(AuthenticationType type, char *text)
{
switch (type)
{
case AUTHTYPE_PLAINTEXT:
return para;
return text;
case AUTHTYPE_ARGON2:
return mkpass_argon2(para);
return mkpass_argon2(text);
case AUTHTYPE_BCRYPT:
return mkpass_bcrypt(para);
return mkpass_bcrypt(text);
default:
return NULL;
+16 -16
View File
@@ -2181,7 +2181,7 @@ void config_rehash()
safefree(oper_ptr->snomask);
safefree(oper_ptr->operclass);
safefree(oper_ptr->vhost);
Auth_DeleteAuthStruct(oper_ptr->auth);
Auth_DeleteAuthConfig(oper_ptr->auth);
unreal_delete_masks(oper_ptr->mask);
DelListItem(oper_ptr, conf_oper);
for (s = oper_ptr->swhois; s; s = s_next)
@@ -2234,7 +2234,7 @@ void config_rehash()
next = (ListStruct *)allow_ptr->next;
safefree(allow_ptr->ip);
safefree(allow_ptr->hostname);
Auth_DeleteAuthStruct(allow_ptr->auth);
Auth_DeleteAuthConfig(allow_ptr->auth);
DelListItem(allow_ptr, conf_allow);
MyFree(allow_ptr);
}
@@ -2287,7 +2287,7 @@ void config_rehash()
next = (ListStruct *)vhost_ptr->next;
safefree(vhost_ptr->login);
Auth_DeleteAuthStruct(vhost_ptr->auth);
Auth_DeleteAuthConfig(vhost_ptr->auth);
safefree(vhost_ptr->virthost);
safefree(vhost_ptr->virtuser);
unreal_delete_masks(vhost_ptr->mask);
@@ -2365,9 +2365,9 @@ void config_rehash()
if (conf_drpass)
{
Auth_DeleteAuthStruct(conf_drpass->restartauth);
Auth_DeleteAuthConfig(conf_drpass->restartauth);
conf_drpass->restartauth = NULL;
Auth_DeleteAuthStruct(conf_drpass->dieauth);
Auth_DeleteAuthConfig(conf_drpass->dieauth);
conf_drpass->dieauth = NULL;
safefree(conf_drpass);
}
@@ -3782,7 +3782,7 @@ int _conf_oper(ConfigFile *conf, ConfigEntry *ce)
if (!strcmp(cep->ce_varname, "operclass"))
oper->operclass = strdup(cep->ce_vardata);
if (!strcmp(cep->ce_varname, "password"))
oper->auth = Auth_ConvertConf2AuthStruct(cep);
oper->auth = AuthBlockToAuthConfig(cep);
else if (!strcmp(cep->ce_varname, "class"))
{
oper->class = Find_class(cep->ce_vardata);
@@ -4335,16 +4335,16 @@ int _conf_drpass(ConfigFile *conf, ConfigEntry *ce)
if (!strcmp(cep->ce_varname, "restart"))
{
if (conf_drpass->restartauth)
Auth_DeleteAuthStruct(conf_drpass->restartauth);
Auth_DeleteAuthConfig(conf_drpass->restartauth);
conf_drpass->restartauth = Auth_ConvertConf2AuthStruct(cep);
conf_drpass->restartauth = AuthBlockToAuthConfig(cep);
}
else if (!strcmp(cep->ce_varname, "die"))
{
if (conf_drpass->dieauth)
Auth_DeleteAuthStruct(conf_drpass->dieauth);
Auth_DeleteAuthConfig(conf_drpass->dieauth);
conf_drpass->dieauth = Auth_ConvertConf2AuthStruct(cep);
conf_drpass->dieauth = AuthBlockToAuthConfig(cep);
}
}
return 1;
@@ -5037,7 +5037,7 @@ int _conf_allow(ConfigFile *conf, ConfigEntry *ce)
else if (!strcmp(cep->ce_varname, "hostname"))
allow->hostname = strdup(cep->ce_vardata);
else if (!strcmp(cep->ce_varname, "password"))
allow->auth = Auth_ConvertConf2AuthStruct(cep);
allow->auth = AuthBlockToAuthConfig(cep);
else if (!strcmp(cep->ce_varname, "class"))
{
allow->class = Find_class(cep->ce_vardata);
@@ -5579,7 +5579,7 @@ int _conf_vhost(ConfigFile *conf, ConfigEntry *ce)
else if (!strcmp(cep->ce_varname, "login"))
vhost->login = strdup(cep->ce_vardata);
else if (!strcmp(cep->ce_varname, "password"))
vhost->auth = Auth_ConvertConf2AuthStruct(cep);
vhost->auth = AuthBlockToAuthConfig(cep);
else if (!strcmp(cep->ce_varname, "mask"))
{
unreal_add_masks(&vhost->mask, cep);
@@ -6042,7 +6042,7 @@ int _conf_link(ConfigFile *conf, ConfigEntry *ce)
}
}
else if (!strcmp(cep->ce_varname, "password"))
link->auth = Auth_ConvertConf2AuthStruct(cep);
link->auth = AuthBlockToAuthConfig(cep);
else if (!strcmp(cep->ce_varname, "hub"))
safestrdup(link->hub, cep->ce_vardata);
else if (!strcmp(cep->ce_varname, "leaf"))
@@ -6228,7 +6228,7 @@ int _test_link(ConfigFile *conf, ConfigEntry *ce)
{
errors++;
} else {
anAuthStruct *auth = Auth_ConvertConf2AuthStruct(cep);
AuthConfig *auth = AuthBlockToAuthConfig(cep);
/* hm. would be nicer if handled @auth-system I think. ah well.. */
if ((auth->type != AUTHTYPE_PLAINTEXT) && (auth->type != AUTHTYPE_TLS_CLIENTCERT) &&
(auth->type != AUTHTYPE_TLS_CLIENTCERTFP) && (auth->type != AUTHTYPE_SPKIFP))
@@ -6239,7 +6239,7 @@ int _test_link(ConfigFile *conf, ConfigEntry *ce)
cep->ce_fileptr->cf_filename, cep->ce_varlinenum);
errors++;
}
Auth_DeleteAuthStruct(auth);
Auth_DeleteAuthConfig(auth);
}
}
else if (!strcmp(cep->ce_varname, "hub"))
@@ -9909,7 +9909,7 @@ void link_cleanup(ConfigItem_link *link_ptr)
{
safefree(link_ptr->servername);
unreal_delete_masks(link_ptr->incoming.mask);
Auth_DeleteAuthStruct(link_ptr->auth);
Auth_DeleteAuthConfig(link_ptr->auth);
safefree(link_ptr->outgoing.bind_ip);
safefree(link_ptr->outgoing.hostname);
safefree(link_ptr->hub);
+1 -1
View File
@@ -1003,7 +1003,7 @@ int InitUnrealIRCd(int argc, char *argv[])
"You are suggested to use the 'argon2' algorithm instead.");
p[8] = '\0';
}
if (!(result = Auth_Make(type, p))) {
if (!(result = Auth_Hash(type, p))) {
printf("Failed to generate password. Deprecated method? Try 'argon2' instead.\n");
exit(0);
}
+1 -1
View File
@@ -22,7 +22,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../include/auth.h ../include/channel.h \
INCLUDES = ../include/channel.h \
../include/class.h ../include/common.h ../include/config.h ../include/dbuf.h \
../include/dynconf.h ../include/fdlist.h ../include/h.h \
../include/ircsprintf.h \
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/channel.h \
INCLUDES = ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/ircsprintf.h \
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/channel.h \
INCLUDES = ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/ircsprintf.h \
+1 -1
View File
@@ -104,7 +104,7 @@ CMD_FUNC(m_mkpasswd)
return 0;
}
if (!(result = Auth_Make(type, parv[2])))
if (!(result = Auth_Hash(type, parv[2])))
{
sendnotice(sptr, "*** Authentication method %s failed", parv[1]);
return 0;
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/channel.h \
INCLUDES = ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/ircsprintf.h \
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/channel.h \
INCLUDES = ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/ircsprintf.h \
+1 -1
View File
@@ -19,7 +19,7 @@
CC = "==== DO NOT RUN MAKE FROM THIS DIRECTORY ===="
INCLUDES = ../../include/auth.h ../../include/channel.h \
INCLUDES = ../../include/channel.h \
../../include/class.h ../../include/common.h ../../include/config.h ../../include/dbuf.h \
../../include/dynconf.h ../../include/fdlist.h ../../include/h.h \
../../include/ircsprintf.h \
+3 -3
View File
@@ -30,7 +30,7 @@ struct ConfigItem_webirc {
ConfigFlag flag;
ConfigItem_mask *mask;
WEBIRCType type;
anAuthStruct *auth;
AuthConfig *auth;
};
/* Module header */
@@ -134,7 +134,7 @@ void delete_webircblock(ConfigItem_webirc *e)
{
unreal_delete_masks(e->mask);
if (e->auth)
Auth_DeleteAuthStruct(e->auth);
Auth_DeleteAuthConfig(e->auth);
DelListItem(e, conf_webirc);
MyFree(e);
}
@@ -267,7 +267,7 @@ int webirc_config_run(ConfigFile *cf, ConfigEntry *ce, int type)
if (!strcmp(cep->ce_varname, "mask"))
unreal_add_masks(&webirc->mask, cep);
else if (!strcmp(cep->ce_varname, "password"))
webirc->auth = Auth_ConvertConf2AuthStruct(cep);
webirc->auth = AuthBlockToAuthConfig(cep);
else if (!strcmp(cep->ce_varname, "type"))
{
if (!strcmp(cep->ce_vardata, "webirc"))