1# Run a challenge response oper thingie
2#
3# (C) 2006 by Joerg Jaspert <joerg@debian.org>
4#
5#    This program is free software; you can redistribute it and/or modify
6#    it under the terms of the GNU General Public License as published by
7#    the Free Software Foundation; either version 2 of the License, or
8#    (at your option) any later version.
9#
10#    This program is distributed in the hope that it will be useful,
11#    but WITHOUT ANY WARRANTY; without even the implied warranty of
12#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
13#    GNU General Public License for more details.
14#
15#    You should have received a copy of the GNU General Public License
16#    along with this script; if not, write to the Free Software
17#    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18
19
20# This script needs "rsa_respond" out of the hybrid ircd to actually work.
21# (https://github.com/oftc/oftc-hybrid/tree/develop/tools)
22# And you need to have an rsa keypair in your oper block. Create one with
23# openssl genrsa -des3 1024 > oper-whatever.key
24# openssl rsa -pubout < oper-whatever.key > oper-whatever.pub
25# and send the .pub to your noc :)
26
27# The key length shouldn't be longer than 1024 to ensure that the entire
28# challenge will fit inside the limits of the ircd message (510+\r\n)
29
30# You have two settings to change after loading this script, just type
31# /set challenge to see them. Then you can use it in the future to oper by
32# typing /cr YOUROPERNICK
33
34use strict;
35use Irssi;
36
37use vars qw($VERSION %IRSSI);
38
39
40$VERSION = '0.0.0.0.1.alpha.0.3';
41%IRSSI = (
42    authors     => 'Joerg Jaspert',
43    contact     => 'joerg@debian.org',
44    name  => 'challenge',
45    description => 'Performs challenge-response oper auth',
46    license     => 'GPL v2 (and no later)',
47);
48
49
50# Gets called from user, $arg should only contain the oper name
51sub challenge_oper {
52  my ($arg, $server, $window) = @_;
53
54  if (length($arg) < 2) { # a one char oper name? not here
55	print CLIENTCRAP "%B>>%n call it like /cr YOUROPERNICK";
56	return;
57  } else {
58    $server->redirect_event('challenge', 1, "", -1, undef,
59			    {
60			     "" => "redir challenge received",
61			    });
62	$server->send_raw("challenge $arg");
63  }
64}
65
66
67# This event now actually handles the challenge, the rest was just setup
68sub event_challenge_received{
69  my ($server, $data) = @_;
70  # Data contains "nick :challenge"
71  my (undef, $challenge) = split(/:/, $data);
72
73  my $key = Irssi::settings_get_str('challenge_oper_key');
74  my $respond = Irssi::settings_get_str('challenge_rsa_path');
75
76  my $irssi_tty=`stty -g`;
77  system("stty", "icrnl");
78  my $pid = open(RSA, "$respond $key $challenge |") or die "Damn, couldnt run $respond";
79  my $response = <RSA>;
80  close (RSA);
81  system("stty", "$irssi_tty");
82  $server->send_raw("challenge +$response");
83  my $window = Irssi::active_win();
84  $window->command("redraw");
85}
86
87
88# ---------- Do the startup tasks ----------
89
90Irssi::command_bind('cr', 'challenge_oper');
91
92# Add the settings
93Irssi::settings_add_str("challenge.pl", "challenge_oper_key", "$ENV{HOME}/.irssi/oper-$ENV{USER}.key");
94Irssi::settings_add_str("challenge.pl", "challenge_rsa_path", "respond");
95
96# Ok, setup the redirect event, so we can later handle the challenge thing.
97Irssi::Irc::Server::redirect_register("challenge",
98									  0, # not a remote one
99									  5, # wait at max 5 seconds for a reply
100									  undef, # no start event
101									  {
102									   "event 386" => -1, # act on the 386, the rsa challenge
103									  },
104									  undef, # no optional event
105									 );
106Irssi::signal_add({'redir challenge received' => \&event_challenge_received,});
107