aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Sadie Powell2021-04-17 18:52:19 +0100
committerGravatar Sadie Powell2021-04-17 18:52:19 +0100
commit8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22 (patch)
tree54c9b151e3812bdd49daf012ed3664c39f50b555
parentClean up the ConvTo functions. (diff)
parentImprove the debug logging for httpd_acl auth attempts. (diff)
Merge branch 'insp3' into master.
-rw-r--r--src/modules/m_gateway.cpp9
-rw-r--r--src/modules/m_httpd_acl.cpp10
-rw-r--r--src/modules/m_ldapauth.cpp2
-rwxr-xr-xtools/testssl2
4 files changed, 19 insertions, 4 deletions
diff --git a/src/modules/m_gateway.cpp b/src/modules/m_gateway.cpp
index e8e45ab24..dbf2d9b4c 100644
--- a/src/modules/m_gateway.cpp
+++ b/src/modules/m_gateway.cpp
@@ -518,11 +518,16 @@ class ModuleGateway
void OnWhois(Whois::Context& whois) override
{
// If these fields are not set then the client is not using a gateway.
- const std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget());
- const std::string* realip = cmdwebirc.realip.Get(whois.GetTarget());
+ std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget());
+ std::string* realip = cmdwebirc.realip.Get(whois.GetTarget());
if (!realhost || !realip)
return;
+ // If the source doesn't have the right privs then only show the gateway name.
+ std::string hidden = "*";
+ if (!whois.GetSource()->HasPrivPermission("users/auspex"))
+ realhost = realip = &hidden;
+
const std::string* gateway = cmdwebirc.extban.gateway.Get(whois.GetTarget());
if (gateway)
whois.SendLine(RPL_WHOISGATEWAY, *realhost, *realip, "is connected via the " + *gateway + " WebIRC gateway");
diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp
index b0ed65455..19af85f04 100644
--- a/src/modules/m_httpd_acl.cpp
+++ b/src/modules/m_httpd_acl.cpp
@@ -199,20 +199,30 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener
return true;
}
else
+ {
/* Invalid password */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username do not match");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
+ {
/* Malformed user:pass pair */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username malformed");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
+ {
/* Unsupported authentication type */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: unsupported auth type: %s", authtype.c_str());
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
{
/* No password given at all, access denied */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username not sent");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
}
return false;
diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 236e0ea11..ac8ff442b 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -331,7 +331,7 @@ public:
vhost = tag->getString("host");
// Set to true if failed connects should be reported to operators
verbose = tag->getBool("verbose");
- useusername = tag->getBool("userfield");
+ useusername = tag->getBool("useusername", tag->getBool("userfield"));
LDAP.SetProvider("LDAP/" + tag->getString("dbid"));
diff --git a/tools/testssl b/tools/testssl
index 1f06f2547..643dd4463 100755
--- a/tools/testssl
+++ b/tools/testssl
@@ -107,7 +107,7 @@ It appears that the server endpoint is using plaintext! Make sure that:
* The value of <bind:ssl> is the same as an <sslprofile:name> field.
* The value of <sslprofile:provider> for your used TLS profile is set to
- "gnutls" if using the ssl_gnutle module, "openssl" if using the ssl_openssl
+ "gnutls" if using the ssl_gnutls module, "openssl" if using the ssl_openssl
module, or "mbedtls" if using the ssl_mbedtls module.
* If you have your TLS configuration in a file other than inspircd.conf then