[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Most recent version of the FAQ?

To: Jack Twilley <jmt@xxxxxxx>
Subject: Re: Most recent version of the FAQ?
From: Kurt Roeckx <Q@xxxxxxx>
Date: Sat, 29 Apr 2000 00:31:33 +0200
Cc: Piotr Kucharski <chopin@xxxxxxxxxx>, ircd-users@xxxxxxx
Delivered-to: ircd-users-out@irc.org
Delivered-to: ircd-users@irc.org
In-reply-to: <m3zoqevtpz.fsf@duchess.twilley.org>
References: <m3purbysqq.fsf@duchess.twilley.org> <20000428033506.L1888@sgh.waw.pl> <m3bt2vypbj.fsf@duchess.twilley.org> <20000428203359.A6263@ping.be> <m3zoqevtpz.fsf@duchess.twilley.org>

On Fri, Apr 28, 2000 at 04:47:04PM -0400, Jack Twilley wrote:
> >>>>> "Kurt" == Kurt Roeckx <Q@xxxxxxx> writes:
> 
> Jack> * how do iauth and mod_passwd work together to authenticate
> Jack> access to an ircd?
> 
> Kurt> Afaik, mod_passwd doesn't really work yet, it's more something
> Kurt> to demostrate how it should be done.
> 
> Mmmm.  So if I write my own widget to fit inside that obvious
> commented area, I should be fine...

Wouldn't it be alot easier just using the password field in the I-lines?
Or are you planning on using both user and pass to authenticate it?

And yes, that should probably do it.

> I'm looking for a real simple table lookup situation, and it's my home
> that the user won't be able to do anything on my ircd if it hasn't
> authenticated.  Is this unreasonable?

Looking a user and pass up in some table should be pretty easy.

> Kurt> The module can reject clients, by sending it to ircd, and then
> Kurt> make iauth stop authenticate it, by setting an option on the
> Kurt> client data.
> 
> Ooooh.  I'd love to see a simple functional example.

It already does it...

from mod_passwd.c:

        if ((cldata[cl].state & A_GOTP) == 0)
            {
                /* no password to check -> reject user! */
                cldata[cl].state |= A_DENY;
                sendto_ircd("K %d %s %u ", cl, cldata[cl].itsip,
                            cldata[cl].itsport);
                return -1; /* done */
            }

The cldata[cl].state |= A_DENY; says to iauth that it's rejected.

sendto_ircd("K ...") sends to ircd that it should deny that client.

The return -1 says that that module has done processing that client.

> Kurt> It's just the same like all other modules in iauth work.
> 
> See, this helps me not.  The docs weren't too useful for me,
> unfortunately. 

Did you read iauth-internals.txt? If that didn't help, try reading some of
the other modules, or ask.

> Jack> * what known security holes exist in ircd 2.10.3?
> Kurt> There are no known security holes.
> 
> Great.  What's the process when one comes up?  Do you guys notify the
> list when the problem's reported, when it's verified, when it's fixed,
> anything like that?

It depends on the bug.

There are cases where we send mail to ircd-users@xxxxxxx as soon as we
have a fix or workaround for it, like last time.

There are other cases where we first mail the opers of IRCnet (the primary
net that uses this ircd), with the fix. This is to prevent the whole net
from being DoS'd (or hacked).
The list will be mailed at a later time then.

Kurt

Follow-Ups:
- Re: Most recent version of the FAQ?
  - From: Jack Twilley

References:
- Most recent version of the FAQ?
  - From: Jack Twilley
- Re: Most recent version of the FAQ?
  - From: Piotr Kucharski
- Re: Most recent version of the FAQ?
  - From: Jack Twilley
- Re: Most recent version of the FAQ?
  - From: Kurt Roeckx
- Re: Most recent version of the FAQ?
  - From: Jack Twilley

Prev by Date: Re: Most recent version of the FAQ?
Next by Date: Re: Service help
Previous by thread: Re: Most recent version of the FAQ?
Next by thread: Re: Most recent version of the FAQ?
Index(es):
- Date
- Thread