1
0
mirror of https://github.com/unrealircd/unrealircd.git synced 2026-07-07 07:03:13 +02:00
Commit Graph

47 Commits

Author SHA1 Message Date
Bram Matthys 6afbc4ee99 Relative paths for sslclientcerts did not work. This has been fixed
so password "ssl/something.crt" { sslclientcert; }; works OK now.
2017-08-19 12:02:25 +02:00
Bram Matthys a1ff9fe2c4 Fix crash if invalid crypt password present in configuration file. Reported by k4be. 2016-12-27 19:31:05 +01:00
Bram Matthys 01244b1710 Fix OpenBSD compile problem regarding sys/timeb.h. Reported by cman351 (#4398).
More use of unrealircd.h.
2015-09-04 11:59:53 +02:00
Bram Matthys 13fffa4e1a split all the local client stuff to acptr->local. makes it a lot easier to catch bugs.
If the IRCd crashes then it's likely not by this change but rather an existing issue that was previously gone unnoticed.
2015-07-19 12:48:18 +02:00
Bram Matthys 64540d14aa smart.. 2015-07-17 21:00:13 +02:00
Bram Matthys da9bd09e76 deal with uppercase hex in link::password (and others) -> autodetect as sslclientcertfp 2015-07-17 20:56:34 +02:00
Bram Matthys f22cef97d4 Why do we have those unnecessary (SSL *) casts everywhere? Poof. Gone. 2015-07-15 15:54:36 +02:00
Bram Matthys d5caf06ec5 bcrypt password hashing is now implemented (#4335). Not yet documented. 2015-05-23 16:38:48 +02:00
Bram Matthys 6e48ddf3f9 add autodetect for AUTHTYPE_SSL_CLIENTCERTFP 2015-05-23 15:19:44 +02:00
Bram Matthys 4a38d0c838 make auth-type optional for passwords in config (#4334).
Now you can just add password "$ZaJw56to$uSEc[etc..]"; to your configuration file without needing an explicit { md5; }; or { sha1; };.
Naturally you can still specify an auth-type if you want to, and for types like 'sslclientcert' it's still required.
2015-05-23 15:07:37 +02:00
Bram Matthys 6e886d8dac whoops.. final cleanup. really. 2015-05-23 09:31:20 +02:00
Bram Matthys af551ba491 more cleanups in src/auth.c, and don't require 'para' in Auth_Check() if we don't use it (eg: client certs) 2015-05-23 09:27:21 +02:00
Bram Matthys 8e43418775 get rid of win32-dependent code, not needed anymore as we have (Open)SSL on Windows as well 2015-05-23 09:17:21 +02:00
Bram Matthys 5c0e2b59e1 cleanup part I: remove #ifdef's for AUTHENABLE_*, as all of them will be available now we require (Open)SSL 2015-05-23 09:11:28 +02:00
dboyz a8f2e08ef8 Initialize variable and some fixes (don't blindly copy paste) 2015-05-21 11:00:06 +08:00
dboyz 0361248fc3 Provisional code to authenticate based on certfp based on moddata 2015-05-21 09:25:14 +08:00
dboyz 09c71fc5f9 Make auth_findtype case insensitive 2015-05-20 00:42:32 +08:00
William Pitcock afdf5d780a - Replace ircsprintf() with bounds-checking ircsnprintf(), patch from FalconKirtaran. (#4208) 2013-05-21 06:26:52 +00:00
Bram Matthys b600dffdc8 - Added auth method 'sslclientcertfp' which provides an alternative
method to authenticate users with SSL client certificates based
  on SHA256 fingerprints. This can be used instead of the already
  existing 'sslclientcert' so you don't have to use an external file.
  One way to get the SHA256 fingerprint would be:
  openssl x509 -in name-of-pem-file.pem -sha256 -noout -fingerprint
  Suggested and patch supplied by Jobe (#4019).
- Added documentation on the new sslclientcertfp
- Moved documentation on authentication types to one place and refer
  to it from each section (oper::password, vhost::password,
  link::password-receive, etc).
2012-10-15 21:25:38 +02:00
Bram Matthys 9ed1e4fa02 - Throw up an error if a password in the configuration file is too long
(max 48 characters), reported by JasonTik, based on patch from
  WolfSage (#3223).
2011-12-25 16:58:18 +01:00
Bram Matthys b8026bbc50 - Fix return values in src/auth.c on Win32. 2010-12-08 10:13:14 +00:00
stskeeps 74349aa334 - #0003429 reported by Bock about appearing to accept multiple auth blocks. 2007-07-09 19:46:28 +00:00
Bram Matthys 8eb88be500 - Made unreal_copyfile try hardlinking first, if that fails.. it will try to copy
(perhaps this should be a different function?). Anyway, this means less diskspace
  is needed (~1.5mb or more), and it also makes it a bit easier for RBAC (#2300).
- Made a new function DoMD5() which is ssl/non-ssl independent. Also made the cloaking
  module and the auth functions use it. Hopefully I didn't break anything ;). Suggested
  by Bugz (#2298).
2005-02-04 00:26:37 +00:00
Bram Matthys 47c5c36bda - Added salted passwords. Salts are useful because it "protects" against stored-plaintext
attacks (eg: rainbow) and prevents cracking of several passwords at once.
  This change means /MKPASSWD will now just generate a different string than before.
  Do note however, that the old syntax/encrypted passwords will still work and _will continue
  to work_ in the future, for at least the whole 3.2* series.
  If you are concerned with security and have some time, then converting your passwords
  is probably a good idea... Just in case your configuration file gets stolen one day ;).
- MD5 password encryption is now always available on *NIX, even if SSL is disabled.
2004-09-19 16:13:03 +00:00
codemastr 99bd34fbb9 Added module support for Windows 2004-05-12 22:02:05 +00:00
Bram Matthys 7c4418113b - Changed random number generator to use arc4random-alike routines so we can get "secure"
random numbers. We will also no longer be using rand()/random() anywhere.
  Thanks to dek\ for pointing out this is potentionally dangerous, especially on
  win32 with NOSPOOF enabled.
2004-01-19 19:49:28 +00:00
Bram Matthys eb6b8f89bb - Fixed ripemd-160 vs ripemd160 confusion, reported by thelight (#0000949). 2003-05-06 03:48:17 +00:00
codemastr c02033f3ca Fixed a bug when leaving off a parameter for a password config entry 2003-01-15 16:40:15 +00:00
stskeeps cd83b8a845 - Fixed win32 compile error with default: ; 2002-11-22 21:04:40 +00:00
stskeeps e4bd382898 - /rehash for conf3 (that works) :) 2002-11-22 16:16:33 +00:00
stskeeps 282cc51768 - Changed auth method sslpubkey into sslclientcert, which means it will check the X509 certificate of the
user using X509_cmp. Also needing is some policy/conf setting to adjust if to reject invalid client certificates or whatever..
2002-09-27 16:08:03 +00:00
codemastr e1c7eead30 ... 2002-08-25 16:54:00 +00:00
codemastr cebae72da4 Fixed a win32 password encryption bug in NT service mode 2002-08-25 16:35:17 +00:00
codemastr fdfdbd993e Added MD5 and SHA1 encryption to the win32 version 2002-07-01 21:09:01 +00:00
codemastr e81ca7b87c Added support for RIPEMD-160 encryption of passwords 2002-07-01 16:32:15 +00:00
griever 6f8aca82f3 -Wunused 2002-02-16 20:15:41 +00:00
griever c7fbfa3e92 Yeah yeah, blah blah shit 2002-02-02 02:24:44 +00:00
stskeeps 6d239e28ec - -Wall cleanup cleanup with SSL AUTH problem 2002-01-27 22:40:11 +00:00
codemastr 6b8c83ba85 Cleaned up a bunch of -Wall warnings 2002-01-27 20:28:41 +00:00
stskeeps f387fbbd4f +- Auth_Make fix for crypt method 2001-12-22 16:59:08 +00:00
stskeeps abea394dc6 ---------------------------------------------------------------------- 2001-12-02 14:50:58 +00:00
stskeeps 528d82b219 +- Added ssl-pubkey auth method (parameter = pem file for public key) 2001-12-02 14:39:59 +00:00
stskeeps d7889e777e moo 2001-12-01 23:55:30 +00:00
griever 69647bba3b Argh, no newline notices getting annoying now 2001-11-29 04:51:23 +00:00
stskeeps 197378a364 . 2001-11-15 22:00:37 +00:00
stskeeps c980e53fad . 2001-11-15 21:48:44 +00:00
stskeeps e9123b12db +- Added new auth.c API and a lot of different crap .. will document later 2001-11-15 20:26:52 +00:00