-- Leo's gemini proxy
-- Connecting to git.thebackupbox.net:1965...
-- Connected
-- Sending request
-- Meta line: 20 text/gemini
repo: urcd action: commit revision: path_from: revision_from: a871ec9b01efc42a2f5e2887f054f38d234539b4: path_to: revision_to:
commit a871ec9b01efc42a2f5e2887f054f38d234539b4 Author: root <root@administrator.(none)> Date: Mon Feb 3 01:35:46 2014 +0000 [src/urcd.pyx] (security) authentication filter between encrypted and plaintext channels diff --git a/src/urcd.pyx b/src/urcd.pyx
--- a/src/urcd.pyx +++ b/src/urcd.pyx @@ -100,8 +100,8 @@ if URCSECRETBOXDIR or URCSIGNDB or URCSIGNSECKEY or URCSIGNSECKEYDIR or URCSIGNP def _crypto_sign_open(m,s,pk): return 1 if crypto_sign_open(s[:32]+m+s[32:],pk) != 0 else 0 +urcsecretboxdb = dict() if URCSECRETBOXDIR: - urcsecretboxdb = dict() for dst in os.listdir(URCSECRETBOXDIR): urcsecretboxdb[dst.lower()] = open(URCSECRETBOXDIR+'/'+dst,'rb').read(64).decode('hex') @@ -481,7 +481,7 @@ while 1: while server_revents(0) and not client_revents(0): - buffer = try_read(sd,2+12+4+8+1024) + AUTH, buffer = 0, try_read(sd,2+12+4+8+1024) ### URCSIGN ### if buffer[2+12:2+12+4] == '\x01\x00\x00\x00': @@ -514,7 +514,7 @@ while 1: msg = crypto_secretbox_open(buffer[2+12+4+8:],buffer[2:2+12+4+8],seckey) if msg: break if not msg: continue - buffer = re_USER('!URCD@',msg.split('\n',1)[0],1) + AUTH, buffer = 1, re_USER('!URCD@',msg.split('\n',1)[0],1) ### URCSIGNSECRETBOX ### elif buffer[2+12:2+12+4] == '\x03\x00\x00\x00': @@ -524,7 +524,7 @@ while 1: if msg: break if not msg: continue - buffer = buffer[:2+12+4+8]+msg + AUTH, buffer = 1, buffer[:2+12+4+8]+msg buflen = len(buffer) try: src, cmd, dst = re_SPLIT(buffer[2+12+4+8+1:].lower(),3)[:3] @@ -565,6 +565,7 @@ while 1: if len(src)>NICKLEN: continue active_clients.append(src) cmd, dst = re_SPLIT(buffer.lower(),3)[1:3] + if not AUTH and dst in urcsecretboxdb.keys(): continue if dst[0] in ['#','&','!','+']: if len(dst)>CHANNELLEN: continue if not dst in channel_struct.keys(): @@ -604,6 +605,7 @@ while 1: active_clients.append(src) dst = buffer.split(':')[2].split('\n',1)[0].lower() if len(dst)>CHANNELLEN: continue + if not AUTH and dst in urcsecretboxdb.keys(): continue if not dst in channel_struct.keys(): if len(channel_struct.keys())>=CHANLIMIT: for dst in channel_struct.keys(): @@ -641,6 +643,7 @@ while 1: elif re_SERVER_KICK(buffer): dst, src = re_SPLIT(buffer.lower(),4)[2:4] if len(src)>NICKLEN or len(dst)>CHANNELLEN: continue + if not AUTH and dst in urcsecretboxdb.keys(): continue while src in active_clients: active_clients.remove(src) if not dst in channel_struct.keys(): if len(channel_struct.keys())>=CHANLIMIT:
-----END OF PAGE-----
-- Response ended
-- Page fetched on Sun Jun 2 16:53:56 2024