1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 13:53:12 +02:00

Fix SSL client certificate fingerprint authentication not working for server linking. Broken since May 23 already.

This commit is contained in:
Bram Matthys
2015-07-18 22:05:22 +02:00
parent 8b716f337d
commit 421b224d8e
3 changed files with 22 additions and 4 deletions
+1
View File
@@ -771,6 +771,7 @@ extern char *moddata_client_get(aClient *acptr, char *varname);
#define HOOKTYPE_PRE_KILL 85
#define HOOKTYPE_SEE_CHANNEL_IN_WHOIS 86
#define HOOKTYPE_DCC_DENIED 87
#define HOOKTYPE_SERVER_HANDSHAKE_OUT 88
/* Hook return values */
#define HOOK_CONTINUE 0
+19 -4
View File
@@ -24,6 +24,7 @@ ModuleHeader MOD_HEADER(certfp)
void certfp_free(ModData *m);
char *certfp_serialize(ModData *m);
void certfp_unserialize(char *str, ModData *m);
int certfp_handshake(aClient *sptr);
int certfp_connect(aClient *sptr);
int certfp_whois(aClient *sptr, aClient *acptr);
@@ -49,6 +50,8 @@ ModDataInfo mreq;
abort();
HookAdd(modinfo->handle, HOOKTYPE_LOCAL_CONNECT, 0, certfp_connect);
HookAdd(modinfo->handle, HOOKTYPE_HANDSHAKE, 0, certfp_handshake);
HookAdd(modinfo->handle, HOOKTYPE_SERVER_HANDSHAKE_OUT, 0, certfp_handshake);
HookAdd(modinfo->handle, HOOKTYPE_WHOIS, 0, certfp_whois);
return MOD_SUCCESS;
@@ -100,21 +103,33 @@ char *get_fingerprint_for_client(aClient *cptr)
return NULL;
}
int certfp_connect(aClient *acptr)
int certfp_handshake(aClient *acptr)
{
if (IsSecure(acptr))
if (acptr->ssl)
{
char *fp = get_fingerprint_for_client(acptr);
if (!fp)
return 0; /* wtf? */
return 0;
moddata_client_set(acptr, "certfp", fp); /* set & broadcast */
sendnotice(acptr, "*** Your SSL fingerprint is %s", fp);
}
return 0;
}
int certfp_connect(aClient *acptr)
{
if (IsSecure(acptr))
{
char *fp = moddata_client_get(acptr, "certfp");
if (fp)
sendnotice(acptr, "*** Your SSL fingerprint is %s", fp);
}
return 0;
}
int certfp_whois(aClient *sptr, aClient *acptr)
{
char *fp = moddata_client_get(acptr, "certfp");
+2
View File
@@ -767,6 +767,8 @@ void start_server_handshake(aClient *cptr)
return;
}
RunHook(HOOKTYPE_SERVER_HANDSHAKE_OUT, cptr);
sendto_one(cptr, "PASS :%s", (aconf->auth->type == AUTHTYPE_PLAINTEXT) ? aconf->auth->data : "*");
send_protoctl_servers(cptr, 0);