Allow disabling a STS policy for users in specific connect classes.

Fixes #1634.

2 files changed, 12 insertions, 0 deletions

diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example
index 8091ec5de..cfccf8ac0 100644
--- a/docs/conf/inspircd.conf.example
+++ b/docs/conf/inspircd.conf.example
@@ -291,6 +291,10 @@
          # useident: Defines if users in this class MUST respond to a ident query or not.
          useident="no"
 
+         # usests: Whether a STS policy should be advertised to users in this class.
+         # This setting only has effect when the ircv3_sts module is loaded.
+         #usests="no"
+
          # webirc: Restricts usage of this class to the specified WebIRC gateway.
          # This setting only has effect when the cgiirc module is loaded.
          #webirc="name"
@@ -419,6 +423,10 @@
          # useident: Defines if users in this class must respond to a ident query or not.
          useident="no"
 
+         # usests: Whether a STS policy should be advertised to users in this class.
+         # This setting only has effect when the ircv3_sts module is loaded.
+         #usests="no"
+
          # limit: How many users are allowed in this class
          limit="5000"
 
diff --git a/src/modules/m_ircv3_sts.cpp b/src/modules/m_ircv3_sts.cpp
index a8738b2ac..68f4c46c6 100644
--- a/src/modules/m_ircv3_sts.cpp
+++ b/src/modules/m_ircv3_sts.cpp
@@ -35,6 +35,10 @@ class STSCap : public Cap::Capability
 		if (GetProtocol(user) == Cap::CAP_LEGACY)
 			return false;
 
+		// Don't send the cap to clients in a class which has STS disabled.
+		if (user->GetClass()->config->getBool("usests", true))
+			return false;
+
 		// Plaintext listeners have their own policy.
 		SSLIOHook* sslhook = SSLIOHook::IsSSL(&user->eh);
 		if (!sslhook)