From 421b224d8ea010230b4cb950a6ac2b2f3fb33303 Mon Sep 17 00:00:00 2001 From: Bram Matthys Date: Sat, 18 Jul 2015 22:05:22 +0200 Subject: [PATCH] Fix SSL client certificate fingerprint authentication not working for server linking. Broken since May 23 already. --- include/modules.h | 1 + src/modules/certfp.c | 23 +++++++++++++++++++---- src/s_bsd.c | 2 ++ 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/include/modules.h b/include/modules.h index 0a82cd03c..ef6cf59d8 100644 --- a/include/modules.h +++ b/include/modules.h @@ -771,6 +771,7 @@ extern char *moddata_client_get(aClient *acptr, char *varname); #define HOOKTYPE_PRE_KILL 85 #define HOOKTYPE_SEE_CHANNEL_IN_WHOIS 86 #define HOOKTYPE_DCC_DENIED 87 +#define HOOKTYPE_SERVER_HANDSHAKE_OUT 88 /* Hook return values */ #define HOOK_CONTINUE 0 diff --git a/src/modules/certfp.c b/src/modules/certfp.c index cb84cd465..910b2ab3d 100644 --- a/src/modules/certfp.c +++ b/src/modules/certfp.c @@ -24,6 +24,7 @@ ModuleHeader MOD_HEADER(certfp) void certfp_free(ModData *m); char *certfp_serialize(ModData *m); void certfp_unserialize(char *str, ModData *m); +int certfp_handshake(aClient *sptr); int certfp_connect(aClient *sptr); int certfp_whois(aClient *sptr, aClient *acptr); @@ -49,6 +50,8 @@ ModDataInfo mreq; abort(); HookAdd(modinfo->handle, HOOKTYPE_LOCAL_CONNECT, 0, certfp_connect); + HookAdd(modinfo->handle, HOOKTYPE_HANDSHAKE, 0, certfp_handshake); + HookAdd(modinfo->handle, HOOKTYPE_SERVER_HANDSHAKE_OUT, 0, certfp_handshake); HookAdd(modinfo->handle, HOOKTYPE_WHOIS, 0, certfp_whois); return MOD_SUCCESS; @@ -100,21 +103,33 @@ char *get_fingerprint_for_client(aClient *cptr) return NULL; } -int certfp_connect(aClient *acptr) +int certfp_handshake(aClient *acptr) { - if (IsSecure(acptr)) + if (acptr->ssl) { char *fp = get_fingerprint_for_client(acptr); if (!fp) - return 0; /* wtf? */ + return 0; moddata_client_set(acptr, "certfp", fp); /* set & broadcast */ - sendnotice(acptr, "*** Your SSL fingerprint is %s", fp); } return 0; } +int certfp_connect(aClient *acptr) +{ + if (IsSecure(acptr)) + { + char *fp = moddata_client_get(acptr, "certfp"); + + if (fp) + sendnotice(acptr, "*** Your SSL fingerprint is %s", fp); + } + + return 0; +} + int certfp_whois(aClient *sptr, aClient *acptr) { char *fp = moddata_client_get(acptr, "certfp"); diff --git a/src/s_bsd.c b/src/s_bsd.c index 8d82b1668..58602fd10 100644 --- a/src/s_bsd.c +++ b/src/s_bsd.c @@ -767,6 +767,8 @@ void start_server_handshake(aClient *cptr) return; } + RunHook(HOOKTYPE_SERVER_HANDSHAKE_OUT, cptr); + sendto_one(cptr, "PASS :%s", (aconf->auth->type == AUTHTYPE_PLAINTEXT) ? aconf->auth->data : "*"); send_protoctl_servers(cptr, 0);