diff options
| author | 2021-04-17 18:52:19 +0100 | |
|---|---|---|
| committer | 2021-04-17 18:52:19 +0100 | |
| commit | 8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22 (patch) | |
| tree | 54c9b151e3812bdd49daf012ed3664c39f50b555 /src/modules | |
| parent | Clean up the ConvTo functions. (diff) | |
| parent | Improve the debug logging for httpd_acl auth attempts. (diff) | |
| download | inspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.tar.gz inspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.tar.bz2 inspircd++-8e6b4d17d4d5fc45d2ed8c3043bed770c6d64d22.zip | |
Merge branch 'insp3' into master.
Diffstat (limited to 'src/modules')
| -rw-r--r-- | src/modules/m_gateway.cpp | 9 | ||||
| -rw-r--r-- | src/modules/m_httpd_acl.cpp | 10 | ||||
| -rw-r--r-- | src/modules/m_ldapauth.cpp | 2 |
3 files changed, 18 insertions, 3 deletions
diff --git a/src/modules/m_gateway.cpp b/src/modules/m_gateway.cpp index e8e45ab24..dbf2d9b4c 100644 --- a/src/modules/m_gateway.cpp +++ b/src/modules/m_gateway.cpp @@ -518,11 +518,16 @@ class ModuleGateway void OnWhois(Whois::Context& whois) override { // If these fields are not set then the client is not using a gateway. - const std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget()); - const std::string* realip = cmdwebirc.realip.Get(whois.GetTarget()); + std::string* realhost = cmdwebirc.realhost.Get(whois.GetTarget()); + std::string* realip = cmdwebirc.realip.Get(whois.GetTarget()); if (!realhost || !realip) return; + // If the source doesn't have the right privs then only show the gateway name. + std::string hidden = "*"; + if (!whois.GetSource()->HasPrivPermission("users/auspex")) + realhost = realip = &hidden; + const std::string* gateway = cmdwebirc.extban.gateway.Get(whois.GetTarget()); if (gateway) whois.SendLine(RPL_WHOISGATEWAY, *realhost, *realip, "is connected via the " + *gateway + " WebIRC gateway"); diff --git a/src/modules/m_httpd_acl.cpp b/src/modules/m_httpd_acl.cpp index b0ed65455..19af85f04 100644 --- a/src/modules/m_httpd_acl.cpp +++ b/src/modules/m_httpd_acl.cpp @@ -199,20 +199,30 @@ class ModuleHTTPAccessList : public Module, public HTTPACLEventListener return true; } else + { /* Invalid password */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username do not match"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else + { /* Malformed user:pass pair */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username malformed"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else + { /* Unsupported authentication type */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: unsupported auth type: %s", authtype.c_str()); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); + } } else { /* No password given at all, access denied */ + ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "HTTP authorization: password and username not sent"); BlockAccess(http, 401, "WWW-Authenticate", "Basic realm=\"Restricted Object\""); } return false; diff --git a/src/modules/m_ldapauth.cpp b/src/modules/m_ldapauth.cpp index 236e0ea11..ac8ff442b 100644 --- a/src/modules/m_ldapauth.cpp +++ b/src/modules/m_ldapauth.cpp @@ -331,7 +331,7 @@ public: vhost = tag->getString("host"); // Set to true if failed connects should be reported to operators verbose = tag->getBool("verbose"); - useusername = tag->getBool("userfield"); + useusername = tag->getBool("useusername", tag->getBool("userfield")); LDAP.SetProvider("LDAP/" + tag->getString("dbid")); |
