1# Run a challenge response oper thingie 2# 3# (C) 2006 by Joerg Jaspert <joerg@debian.org> 4# 5# This program is free software; you can redistribute it and/or modify 6# it under the terms of the GNU General Public License as published by 7# the Free Software Foundation; either version 2 of the License, or 8# (at your option) any later version. 9# 10# This program is distributed in the hope that it will be useful, 11# but WITHOUT ANY WARRANTY; without even the implied warranty of 12# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13# GNU General Public License for more details. 14# 15# You should have received a copy of the GNU General Public License 16# along with this script; if not, write to the Free Software 17# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 18 19 20# This script needs "rsa_respond" out of the hybrid ircd to actually work. 21# (https://github.com/oftc/oftc-hybrid/tree/develop/tools) 22# And you need to have an rsa keypair in your oper block. Create one with 23# openssl genrsa -des3 1024 > oper-whatever.key 24# openssl rsa -pubout < oper-whatever.key > oper-whatever.pub 25# and send the .pub to your noc :) 26 27# The key length shouldn't be longer than 1024 to ensure that the entire 28# challenge will fit inside the limits of the ircd message (510+\r\n) 29 30# You have two settings to change after loading this script, just type 31# /set challenge to see them. Then you can use it in the future to oper by 32# typing /cr YOUROPERNICK 33 34use strict; 35use Irssi; 36 37use vars qw($VERSION %IRSSI); 38 39 40$VERSION = '0.0.0.0.1.alpha.0.3'; 41%IRSSI = ( 42 authors => 'Joerg Jaspert', 43 contact => 'joerg@debian.org', 44 name => 'challenge', 45 description => 'Performs challenge-response oper auth', 46 license => 'GPL v2 (and no later)', 47); 48 49 50# Gets called from user, $arg should only contain the oper name 51sub challenge_oper { 52 my ($arg, $server, $window) = @_; 53 54 if (length($arg) < 2) { # a one char oper name? not here 55 print CLIENTCRAP "%B>>%n call it like /cr YOUROPERNICK"; 56 return; 57 } else { 58 $server->redirect_event('challenge', 1, "", -1, undef, 59 { 60 "" => "redir challenge received", 61 }); 62 $server->send_raw("challenge $arg"); 63 } 64} 65 66 67# This event now actually handles the challenge, the rest was just setup 68sub event_challenge_received{ 69 my ($server, $data) = @_; 70 # Data contains "nick :challenge" 71 my (undef, $challenge) = split(/:/, $data); 72 73 my $key = Irssi::settings_get_str('challenge_oper_key'); 74 my $respond = Irssi::settings_get_str('challenge_rsa_path'); 75 76 my $irssi_tty=`stty -g`; 77 system("stty", "icrnl"); 78 my $pid = open(RSA, "$respond $key $challenge |") or die "Damn, couldnt run $respond"; 79 my $response = <RSA>; 80 close (RSA); 81 system("stty", "$irssi_tty"); 82 $server->send_raw("challenge +$response"); 83 my $window = Irssi::active_win(); 84 $window->command("redraw"); 85} 86 87 88# ---------- Do the startup tasks ---------- 89 90Irssi::command_bind('cr', 'challenge_oper'); 91 92# Add the settings 93Irssi::settings_add_str("challenge.pl", "challenge_oper_key", "$ENV{HOME}/.irssi/oper-$ENV{USER}.key"); 94Irssi::settings_add_str("challenge.pl", "challenge_rsa_path", "respond"); 95 96# Ok, setup the redirect event, so we can later handle the challenge thing. 97Irssi::Irc::Server::redirect_register("challenge", 98 0, # not a remote one 99 5, # wait at max 5 seconds for a reply 100 undef, # no start event 101 { 102 "event 386" => -1, # act on the 386, the rsa challenge 103 }, 104 undef, # no optional event 105 ); 106Irssi::signal_add({'redir challenge received' => \&event_challenge_received,}); 107