mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-06-25 12:56:39 +02:00
stskeeps
56958c9545
=================================================================== RCS file: /home/cmunk/ircsystems/cvsroot/unreal/Changes,v retrieving revision 1.1.1.1.2.1.2.1.2.2343 diff -u -r1.1.1.1.2.1.2.1.2.2343 Changes --- Changes 6 Apr 2007 22:17:27 -0000 1.1.1.1.2.1.2.1.2.2343 +++ Changes 15 Apr 2007 09:44:58 -0000 @@ -1546,3 +1546,23 @@ - Added include::bind-ip to bind an ip to download in case of having defined LIBCURL, suggested by djGrrr (#00003185). - oper::from::userhost now accepts a CIDR address (eg *me@1.2.3.0/24), requested by djGrrr (#0003234). - Corrected a couple of grammar errors in WebTV whois (/msg IRC WHOIS nick) output, reported by CuLpA (#0003244). +- Implemented #0003254 - Auth type 'sslcertfingerprint-sha1', suggested by + djGrr. There are reservations regarding the security of this, but for most + purposes it should be okay. Cryptographically minded people may comment. + This may also be used to allow remote included opers with SSL certificate + fingerprints as we cannot as of yet remote include client certificates + (#0002832, suggested by Stealth) + Example use: + $ openssl x509 -in cert.pem -noout -sha1 -fingerprint + (where cert.pem is the oper's/server's/etc SSL client certificate) + SHA1 Fingerprint=FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E + + translating into this auth block: + password "FA:A6:A3:42:95:34:15:68:26:35:40:18:8D:50:68:D4:15:C8:12:9E" { sslcertfingerprint-sha1; }; + (the auth code is case sensitive). + + If anyone is interested in making a module for SSL client certificate + authentication for services, you can probably use the code in here to do it + quite simple. + .. please mind any errors, it's been years since I (Stskeeps) last committed to here :) +
61 lines
1.7 KiB
C
61 lines
1.7 KiB
C
/************************************************************************
|
|
* Unreal Internet Relay Chat Daemon, include/auth.h
|
|
* Copyright (C) 2001 Carsten V. Munk (stskeeps@tspre.org)
|
|
*
|
|
* This program is free software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License as published by
|
|
* the Free Software Foundation; either version 1, or (at your option)
|
|
* any later version.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU General Public License
|
|
* along with this program; if not, write to the Free Software
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
*
|
|
* $Id$
|
|
*/
|
|
|
|
typedef struct {
|
|
char *data;
|
|
short type;
|
|
} anAuthStruct;
|
|
|
|
#define AUTHTYPE_PLAINTEXT 0
|
|
#define AUTHTYPE_UNIXCRYPT 1
|
|
#define AUTHTYPE_MD5 2
|
|
#define AUTHTYPE_SHA1 3
|
|
#define AUTHTYPE_SSL_CLIENTCERT 4
|
|
#define AUTHTYPE_RIPEMD160 5
|
|
#define AUTHTYPE_SSL_CERTFINGERPRINT_SHA1 6
|
|
|
|
/* md5 is always available and enabled as of Unreal3.2.1 */
|
|
#define AUTHENABLE_MD5
|
|
#ifdef USE_SSL
|
|
#define AUTHENABLE_SHA1
|
|
#define AUTHENABLE_SSL_CLIENTCERT
|
|
#define AUTHENABLE_SSL_CERTFINGERPRINT
|
|
#define AUTHENABLE_RIPEMD160
|
|
/* OpenSSL provides a crypt() */
|
|
#ifndef AUTHENABLE_UNIXCRYPT
|
|
#define AUTHENABLE_UNIXCRYPT
|
|
#if OPENSSL_VERSION_NUMBER >= 0x0090700fL
|
|
#ifndef HAVE_CRYPT
|
|
#define crypt DES_crypt
|
|
#endif
|
|
#endif
|
|
#endif
|
|
#endif
|
|
|
|
#ifdef _WIN32
|
|
#ifndef AUTHENABLE_SHA1
|
|
#define AUTHENABLE_SHA1
|
|
#endif
|
|
#endif
|
|
|
|
|
|
|