1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-05 16:33:12 +02:00
Commit Graph

66 Commits

Author SHA1 Message Date
Bram Matthys aa7b199a8a Fix crash when reading configuration file with a password that is in
the old and unsupported unrealircd-specific md5/sha1 style.
2019-12-28 15:10:34 +01:00
Bram Matthys 24c60fd85e Fix some doxygen tags (eg @notes to @note) 2019-10-26 09:33:09 +02:00
Bram Matthys 3a64077f51 Use 'client' everywhere (if there is no confusion) instead of 'sptr' or 'cptr'.
This so I - and others - don't constantly have to wonder whether the client
is called sptr, cptr or acptr in a simple routine.
Insane --> 212 files changed, 6814 insertions(+), 6945 deletions(-)
Couldn't just mass-replace of course since there are places where there
are multiple clients involved. So had to check each function.
Also renamed some 'acptr' to 'target' and such.

I will write a page with new style rules later.. but in short if there is
only 1 client involved it will now be called 'client'.
2019-10-04 15:25:35 +02:00
Bram Matthys 9fc1e758ab Mass change of dst = strdup(str) to safe_strdup(dst,str) but with a manual
audit since 'dst' must now be initialized memory.
There's still a raw_strdup() if you insist.

This is step 2 of X of memory allocation changes
2019-09-14 16:58:01 +02:00
Bram Matthys de87b439b7 Update memory allocation routines. Step 1 of X. 2019-09-14 16:52:53 +02:00
Bram Matthys 70410b3f33 Remove unused variables (67 files done, will do rest another time). 2019-09-12 17:57:01 +02:00
Bram Matthys 628aab3a76 Duh, check NULL pointer properly in Auth_Check() in case of NULL structs.
Fixes crash-on-connect due to an earlier commit last hour.
2019-09-11 13:38:49 +02:00
Bram Matthys 1e6a3bdd55 Bump PASSWDLEN to something "large enough for everyone" (256) rather than current (48). 2019-09-11 13:27:45 +02:00
Bram Matthys 786054e6b7 Remove 'md5', 'sha1' and 'ripemd160' from auth code. These are insecure and
old authentication types that are already deprecated in UnrealIRCd 4.x.
They don't contain any rounds which means they can be cracked at a rate of
millions per second. Use the secure hashing type 'argon2' instead
(or, if you must, use the less secure 'bcrypt' type).
2019-09-11 13:17:28 +02:00
Bram Matthys 04607f5b1a Various auth cleanups: Auth_Check() now returns 1 on allow and 0 on deny (!)
to keep things simple, rather than having 4 different return values
(yes.. FOUR!).
[skip ci]
2019-09-11 13:10:15 +02:00
Bram Matthys 05e776fb71 More cleanups: now mostly auth-related: use better names and use enums
for authentication types. Rename Auth_Make to Auth_Hash. Add docs. etc.
2019-09-11 12:37:34 +02:00
Bram Matthys 23116d344a Give structs the same name as the typedefs. Rename aClient to Client,
aChannel to Channel, and some more. Third party module coders will
love this. But.. it makes things more logical and the doxygen output
will look more clean and logical as well.
(More changes will follow)
2019-09-11 09:48:00 +02:00
Bram Matthys 7fa2b8be05 More ssl -> tls moves. Also recommend to use 'certfp' rather than
the longer 'sslcertfp' or 'tlscertfp', we already support this since
4.0 so... updated the documentation as well.
2019-08-12 14:53:29 +02:00
Bram Matthys 7dcb5a5bb1 The authentication types 'md5', 'sha1' and 'ripemd160' have been
deprecated because they can be cracked at high speeds. They still
work, but a warning will be shown on boot and on rehash.
Please use 'bcrypt' or (even better) the new 'argon2' type instead:
"./unrealircd mkpasswd argon2" or "/mkpasswd argon2 passwd" on IRC.

Also, not in release notes because it would take up too much text:
Unix crypt is a bit more complicated: most types are outright 'bad',
while other types have reasonable security similar to 'bcrypt'.
To be honest these people should probably use 'argon2' since it's
a lot better. Then again, warning about this when it's still such
a common hashing method (now, in 2018) may be a bit overzealous.
So: not warning about crypt types $5/$6 which use SHA256/SHA512
with normally at least 5000 rounds (unless deliberately weakened
by the user), but we do warn about other crypt() usage.

Also, mkpasswd support for those deprecated types has been removed since
there's no good reason to generate new password hashes with these.
2018-12-10 15:46:11 +01:00
Bram Matthys a852b480d5 Add support for Argon2 password hashes (argon2id).
Also, make this the default for './unrealircd mkpasswd'.
The Windows version also works.. I just need to create a new library
package, will be done later today or tomorrow.
https://bugs.unrealircd.org/view.php?id=5116
2018-12-09 17:22:12 +01:00
Bram Matthys d5d446c38d More code cleanups to get rid of useless casts and other useless
structures such as:
-       lp->value.cp = (char *)MyMalloc(strlen(mask) + 1);
-       (void)strcpy(lp->value.cp, mask);
+       lp->value.cp = strdup(mask);
2018-04-22 14:28:22 +02:00
Bram Matthys 6ef9a83c97 Surely this can use the generic #include "unrealircd.h" instead?
Avoids sendto_realops() warning.
2018-04-22 09:48:12 +02:00
Bram Matthys df5ed0884e Use spkifp instead of sslclientcertfp in example conf.
Add example link block for services (but reject if user does not
change the default password)
2017-10-09 15:10:37 +02:00
Bram Matthys 16faccb777 Add support for 'spki' authtype. Example:
password "AHMYBevUxXKU/S3pdBSjXP4zi4VOetYQQVJXoNYiBR0=" { spkifp; };
This value will stay the same even for new SSL/TLS certificates,
as long as the key stays the same. This can be useful in case of
Let's Encrypt (if you use a tool that keeps the same key, that is,
certbot does not at the moment). Suggested by grawity (#5014).

Also make auth type 'sslclientcert' available as 'cert' and
make 'sslclientcertfp' available as 'certfp'.
2017-10-09 12:28:08 +02:00
Bram Matthys 6afbc4ee99 Relative paths for sslclientcerts did not work. This has been fixed
so password "ssl/something.crt" { sslclientcert; }; works OK now.
2017-08-19 12:02:25 +02:00
Bram Matthys a1ff9fe2c4 Fix crash if invalid crypt password present in configuration file. Reported by k4be. 2016-12-27 19:31:05 +01:00
Bram Matthys 01244b1710 Fix OpenBSD compile problem regarding sys/timeb.h. Reported by cman351 (#4398).
More use of unrealircd.h.
2015-09-04 11:59:53 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys 64540d14aa smart.. 2015-07-17 21:00:13 +02:00
Bram Matthys da9bd09e76 deal with uppercase hex in link::password (and others) -> autodetect as sslclientcertfp 2015-07-17 20:56:34 +02:00
Bram Matthys f22cef97d4 Why do we have those unnecessary (SSL *) casts everywhere? Poof. Gone. 2015-07-15 15:54:36 +02:00
Bram Matthys d5caf06ec5 bcrypt password hashing is now implemented (#4335). Not yet documented. 2015-05-23 16:38:48 +02:00
Bram Matthys 6e48ddf3f9 add autodetect for AUTHTYPE_SSL_CLIENTCERTFP 2015-05-23 15:19:44 +02:00
Bram Matthys 4a38d0c838 make auth-type optional for passwords in config (#4334).
Now you can just add password "$ZaJw56to$uSEc[etc..]"; to your configuration file without needing an explicit { md5; }; or { sha1; };.
Naturally you can still specify an auth-type if you want to, and for types like 'sslclientcert' it's still required.
2015-05-23 15:07:37 +02:00
Bram Matthys 6e886d8dac whoops.. final cleanup. really. 2015-05-23 09:31:20 +02:00
Bram Matthys af551ba491 more cleanups in src/auth.c, and don't require 'para' in Auth_Check() if we don't use it (eg: client certs) 2015-05-23 09:27:21 +02:00
Bram Matthys 8e43418775 get rid of win32-dependent code, not needed anymore as we have (Open)SSL on Windows as well 2015-05-23 09:17:21 +02:00
Bram Matthys 5c0e2b59e1 cleanup part I: remove #ifdef's for AUTHENABLE_*, as all of them will be available now we require (Open)SSL 2015-05-23 09:11:28 +02:00
dboyz a8f2e08ef8 Initialize variable and some fixes (don't blindly copy paste) 2015-05-21 11:00:06 +08:00
dboyz 0361248fc3 Provisional code to authenticate based on certfp based on moddata 2015-05-21 09:25:14 +08:00
dboyz 09c71fc5f9 Make auth_findtype case insensitive 2015-05-20 00:42:32 +08:00
William Pitcock afdf5d780a - Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. (#4208) 2013-05-21 06:26:52 +00:00
Bram Matthys b600dffdc8 - Added auth method 'sslclientcertfp' which provides an alternative
method to authenticate users with SSL client certificates based
  on SHA256 fingerprints. This can be used instead of the already
  existing 'sslclientcert' so you don't have to use an external file.
  One way to get the SHA256 fingerprint would be:
  openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
  Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
  to it from each section (oper::password, vhost::password,
  link::password-receive, etc).
2012-10-15 21:25:38 +02:00
Bram Matthys 9ed1e4fa02 - Throw up an error if a password in the configuration file is too long
(max 48 characters), reported by JasonTik, based on patch from
  WolfSage (#3223).
2011-12-25 16:58:18 +01:00
Bram Matthys b8026bbc50 - Fix return values in src/auth.c on Win32. 2010-12-08 10:13:14 +00:00
stskeeps 74349aa334 - #0003429 reported by Bock about appearing to accept multiple auth blocks. 2007-07-09 19:46:28 +00:00
Bram Matthys 8eb88be500 - Made unreal_copyfile try hardlinking first, if that fails.. it will try to copy
(perhaps this should be a different function?). Anyway, this means less diskspace
  is needed (~1.5mb or more), and it also makes it a bit easier for RBAC (#2300).
- Made a new function DoMD5() which is ssl/non-ssl independent. Also made the cloaking
  module and the auth functions use it. Hopefully I didn't break anything ;). Suggested
  by Bugz (#2298).
2005-02-04 00:26:37 +00:00
Bram Matthys 47c5c36bda - Added salted passwords. Salts are useful because it "protects" against stored-plaintext
attacks (eg: rainbow) and prevents cracking of several passwords at once.
  This change means /MKPASSWD will now just generate a different string than before.
  Do note however, that the old syntax/encrypted passwords will still work and _will continue
  to work_ in the future, for at least the whole 3.2* series.
  If you are concerned with security and have some time, then converting your passwords
  is probably a good idea... Just in case your configuration file gets stolen one day ;).
- MD5 password encryption is now always available on *NIX, even if SSL is disabled.
2004-09-19 16:13:03 +00:00
codemastr 99bd34fbb9 Added module support for Windows 2004-05-12 22:02:05 +00:00
Bram Matthys 7c4418113b - Changed random number generator to use arc4random-alike routines so we can get "secure"
random numbers. We will also no longer be using rand()/random() anywhere.
  Thanks to dek\ for pointing out this is potentionally dangerous, especially on
  win32 with NOSPOOF enabled.
2004-01-19 19:49:28 +00:00
Bram Matthys eb6b8f89bb - Fixed ripemd-160 vs ripemd160 confusion, reported by thelight (#0000949). 2003-05-06 03:48:17 +00:00
codemastr c02033f3ca Fixed a bug when leaving off a parameter for a password config entry 2003-01-15 16:40:15 +00:00
stskeeps cd83b8a845 - Fixed win32 compile error with default: ; 2002-11-22 21:04:40 +00:00
stskeeps e4bd382898 - /rehash for conf3 (that works) :) 2002-11-22 16:16:33 +00:00
stskeeps 282cc51768 - Changed auth method sslpubkey into sslclientcert, which means it will check the X509 certificate of the
user using X509_cmp. Also needing is some policy/conf setting to adjust if to reject invalid client certificates or whatever..
2002-09-27 16:08:03 +00:00