gemini://git.thebackupbox.net/urcd/commit/a871ec9b01efc42a2f5e2887f054f38d234539b4

-- Leo's gemini proxy

-- Connecting to git.thebackupbox.net:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini

repo: urcd
action: commit
revision:
path_from:
revision_from: a871ec9b01efc42a2f5e2887f054f38d234539b4:
path_to:
revision_to:

git.thebackupbox.net

urcd

git://git.thebackupbox.net/urcd

commit a871ec9b01efc42a2f5e2887f054f38d234539b4
Author: root <root@administrator.(none)>
Date:   Mon Feb 3 01:35:46 2014 +0000

    [src/urcd.pyx] (security) authentication filter between encrypted and plaintext channels

diff --git a/src/urcd.pyx b/src/urcd.pyx

index 8210bba6eed511fd578dc2b817d082e39be7e0ec..

index ..97f38418e83f49bc2c7830616384e61e5e1f82fd 100644

--- a/src/urcd.pyx
+++ b/src/urcd.pyx
@@ -100,8 +100,8 @@ if URCSECRETBOXDIR or URCSIGNDB or URCSIGNSECKEY or URCSIGNSECKEYDIR or URCSIGNP
   def _crypto_sign_open(m,s,pk):
     return 1 if crypto_sign_open(s[:32]+m+s[32:],pk) != 0 else 0

+urcsecretboxdb = dict()
 if URCSECRETBOXDIR:
-  urcsecretboxdb = dict()
   for dst in os.listdir(URCSECRETBOXDIR):
     urcsecretboxdb[dst.lower()] = open(URCSECRETBOXDIR+'/'+dst,'rb').read(64).decode('hex')

@@ -481,7 +481,7 @@ while 1:

   while server_revents(0) and not client_revents(0):

-    buffer = try_read(sd,2+12+4+8+1024)
+    AUTH, buffer = 0, try_read(sd,2+12+4+8+1024)

     ### URCSIGN ###
     if buffer[2+12:2+12+4] == '\x01\x00\x00\x00':
@@ -514,7 +514,7 @@ while 1:
         msg = crypto_secretbox_open(buffer[2+12+4+8:],buffer[2:2+12+4+8],seckey)
         if msg: break
       if not msg: continue
-      buffer = re_USER('!URCD@',msg.split('\n',1)[0],1)
+      AUTH, buffer = 1, re_USER('!URCD@',msg.split('\n',1)[0],1)

     ### URCSIGNSECRETBOX ###
     elif buffer[2+12:2+12+4] == '\x03\x00\x00\x00':
@@ -524,7 +524,7 @@ while 1:
         if msg: break
       if not msg: continue

-      buffer = buffer[:2+12+4+8]+msg
+      AUTH, buffer = 1, buffer[:2+12+4+8]+msg
       buflen = len(buffer)
       try:
         src, cmd, dst = re_SPLIT(buffer[2+12+4+8+1:].lower(),3)[:3]
@@ -565,6 +565,7 @@ while 1:
       if len(src)>NICKLEN: continue
       active_clients.append(src)
       cmd, dst = re_SPLIT(buffer.lower(),3)[1:3]
+      if not AUTH and dst in urcsecretboxdb.keys(): continue
       if dst[0] in ['#','&','!','+']:
         if len(dst)>CHANNELLEN: continue
         if not dst in channel_struct.keys():
@@ -604,6 +605,7 @@ while 1:
       active_clients.append(src)
       dst = buffer.split(':')[2].split('\n',1)[0].lower()
       if len(dst)>CHANNELLEN: continue
+      if not AUTH and dst in urcsecretboxdb.keys(): continue
       if not dst in channel_struct.keys():
         if len(channel_struct.keys())>=CHANLIMIT:
           for dst in channel_struct.keys():
@@ -641,6 +643,7 @@ while 1:
     elif re_SERVER_KICK(buffer):
       dst, src = re_SPLIT(buffer.lower(),4)[2:4]
       if len(src)>NICKLEN or len(dst)>CHANNELLEN: continue
+      if not AUTH and dst in urcsecretboxdb.keys(): continue
       while src in active_clients: active_clients.remove(src)
       if not dst in channel_struct.keys():
         if len(channel_struct.keys())>=CHANLIMIT:

-----END OF PAGE-----

-- Response ended

-- Page fetched on Sun Jun 2 16:53:56 2024