diff options
| author | 2021-04-17 18:52:19 +0100 | |
|---|---|---|
| committer | 2021-04-17 18:52:19 +0100 | |
| commit | 8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22 (patch) | |
| tree | 54c9b151e3812bdd49daf012ed3664c39f50b555 | |
| parent | Clean up the ConvTo functions. (diff) | |
| parent | Improve the debug logging for httpd_acl auth attempts. (diff) | |
Merge branch 'insp3' into master.
| -rw-r--r-- | src/modules/m_gateway.cpp | 9 | ||||
| -rw-r--r-- | src/modules/m_httpd_acl.cpp | 10 | ||||
| -rw-r--r-- | src/modules/m_ldapauth.cpp | 2 | ||||
| -rwxr-xr-x | tools/testssl | 2 |
4 files changed, 19 insertions, 4 deletions
diff --git a/src/modules/m_gateway.cpp b/src/modules/m_gateway.cpp index e8e45ab24..dbf2d9b4c 100644 --- a/src/modules/m_gateway.cpp +++ b/src/modules/m_gateway.cpp @@ -518,11 +518,16 @@ class ModuleGateway void OnWhois(Whois::Context& whois) override { // If these fields are not set then the client is not using a gateway. - const std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget()); - const std::string* realip = cmdwebirc.realip.Get(whois.GetTarget()); + std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget()); + std::string* realip = cmdwebirc.realip.Get(whois.GetTarget()); if (!realhost || !realip) return; + // If the source doesn't have the right privs then only show the gateway name. + std::string hidden = "*"; + if (!whois.GetSource()->HasPrivPermission("users/auspex")) + realhost = realip = &hidden; + const std::string* gateway = cmdwebirc.extban.gateway.Get(whois.GetTarget()); if (gateway) whois.SendLine(RPL_WHOISGATEWAY, *realhost, *realip, "is connected via the " + *gateway + " WebIRC gateway"); diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp index b0ed65455..19af85f04 100644 --- a/src/modules/m_httpd_acl.cpp +++ b/src/modules/m_httpd_acl.cpp @@ -199,20 +199,30 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener return true; } else + { /* Invalid password */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username do not match"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else + { /* Malformed user:pass pair */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username malformed"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else + { /* Unsupported authentication type */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: unsupported auth type: %s", authtype.c_str()); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else { /* No password given at all, access denied */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username not sent"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } return false; diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index 236e0ea11..ac8ff442b 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -331,7 +331,7 @@ public: vhost = tag->getString("host"); // Set to true if failed connects should be reported to operators verbose = tag->getBool("verbose"); - useusername = tag->getBool("userfield"); + useusername = tag->getBool("useusername", tag->getBool("userfield")); LDAP.SetProvider("LDAP/" + tag->getString("dbid")); diff --git a/tools/testssl b/tools/testssl index 1f06f2547..643dd4463 100755 --- a/tools/testssl +++ b/tools/testssl @@ -107,7 +107,7 @@ It appears that the server endpoint is using plaintext! Make sure that: * The value of <bind:ssl> is the same as an <sslprofile:name> field. * The value of <sslprofile:provider> for your used TLS profile is set to - "gnutls" if using the ssl_gnutle module, "openssl" if using the ssl_openssl + "gnutls" if using the ssl_gnutls module, "openssl" if using the ssl_openssl module, or "mbedtls" if using the ssl_mbedtls module. * If you have your TLS configuration in a file other than inspircd.conf then |
