aboutsummaryrefslogtreecommitdiffstats
path: root/src/modules
diff options
context:
space:
mode:
authorGravatar Sadie Powell2021-04-17 18:52:19 +0100
committerGravatar Sadie Powell2021-04-17 18:52:19 +0100
commit8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22 (patch)
tree54c9b151e3812bdd49daf012ed3664c39f50b555 /src/modules
parentClean up the ConvTo functions. (diff)
parentImprove the debug logging for httpd_acl auth attempts. (diff)
downloadinspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.tar.gz
inspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.tar.bz2
inspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.zip
Merge branch 'insp3' into master.
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/m_gateway.cpp9
-rw-r--r--src/modules/m_httpd_acl.cpp10
-rw-r--r--src/modules/m_ldapauth.cpp2
3 files changed, 18 insertions, 3 deletions
diff --git a/src/modules/m_gateway.cpp b/src/modules/m_gateway.cpp
index e8e45ab24..dbf2d9b4c 100644
--- a/src/modules/m_gateway.cpp
+++ b/src/modules/m_gateway.cpp
@@ -518,11 +518,16 @@ class ModuleGateway
void OnWhois(Whois::Context& whois) override
{
// If these fields are not set then the client is not using a gateway.
- const std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget());
- const std::string* realip = cmdwebirc.realip.Get(whois.GetTarget());
+ std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget());
+ std::string* realip = cmdwebirc.realip.Get(whois.GetTarget());
if (!realhost || !realip)
return;
+ // If the source doesn't have the right privs then only show the gateway name.
+ std::string hidden = "*";
+ if (!whois.GetSource()->HasPrivPermission("users/auspex"))
+ realhost = realip = &hidden;
+
const std::string* gateway = cmdwebirc.extban.gateway.Get(whois.GetTarget());
if (gateway)
whois.SendLine(RPL_WHOISGATEWAY, *realhost, *realip, "is connected via the " + *gateway + " WebIRC gateway");
diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp
index b0ed65455..19af85f04 100644
--- a/src/modules/m_httpd_acl.cpp
+++ b/src/modules/m_httpd_acl.cpp
@@ -199,20 +199,30 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener
return true;
}
else
+ {
/* Invalid password */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username do not match");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
+ {
/* Malformed user:pass pair */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username malformed");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
+ {
/* Unsupported authentication type */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: unsupported auth type: %s", authtype.c_str());
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
+ }
}
else
{
/* No password given at all, access denied */
+ ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username not sent");
BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\"");
}
return false;
diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp
index 236e0ea11..ac8ff442b 100644
--- a/src/modules/m_ldapauth.cpp
+++ b/src/modules/m_ldapauth.cpp
@@ -331,7 +331,7 @@ public:
vhost = tag->getString("host");
// Set to true if failed connects should be reported to operators
verbose = tag->getBool("verbose");
- useusername = tag->getBool("userfield");
+ useusername = tag->getBool("useusername", tag->getBool("userfield"));
LDAP.SetProvider("LDAP/" + tag->getString("dbid"));