diff options
| author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2010-02-10 23:11:13 +0000 |
|---|---|---|
| committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2010-02-10 23:11:13 +0000 |
| commit | d4d2b9a1fbeea981dc0c35402483d6216e8e45ac (patch) | |
| tree | a159c7a98d1dab5959ee7b97d9b6b31a017dd5ce | |
| parent | e5a5d4f82ebd466c176586e3347d4b08593927d4 (diff) | |
Show SSL fingerprint in /WHOIS line, allow fingerprints to be hidden from non-opers with config option
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12429 e03df62e-2008-0410-955e-edbf42e46eb7
| -rw-r--r-- | src/modules/m_sslinfo.cpp | 62 |
1 files changed, 35 insertions, 27 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 19b6160cc..b9e9fb146 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -85,33 +85,33 @@ class CommandSSLInfo : public Command { User* target = ServerInstance->FindNick(parameters[0]); - if (target) + if (!target) { - ssl_cert* cert = CertExt.get(target); - if (cert) - { - if (cert->GetError().length()) - { - user->WriteServ("NOTICE %s :*** No SSL certificate information for this user (%s).", user->nick.c_str(), cert->GetError().c_str()); - } - else - { - user->WriteServ("NOTICE %s :*** Distinguised Name: %s", user->nick.c_str(), cert->GetDN().c_str()); - user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick.c_str(), cert->GetIssuer().c_str()); - user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick.c_str(), cert->GetFingerprint().c_str()); - } - return CMD_SUCCESS; - } - else - { - user->WriteServ("NOTICE %s :*** No SSL certificate information for this user.", user->nick.c_str()); - return CMD_FAILURE; - } + user->WriteNumeric(ERR_NOSUCHNICK, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); + return CMD_FAILURE; + } + bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); + if (operonlyfp && !IS_OPER(user) && target != user) + { + user->WriteServ("NOTICE %s :*** You cannot view SSL certificate information for other users", user->nick.c_str()); + return CMD_FAILURE; + } + ssl_cert* cert = CertExt.get(target); + if (!cert) + { + user->WriteServ("NOTICE %s :*** No SSL certificate for this user", user->nick.c_str()); + } + else if (cert->GetError().length()) + { + user->WriteServ("NOTICE %s :*** No SSL certificate information for this user (%s).", user->nick.c_str(), cert->GetError().c_str()); } else - user->WriteNumeric(ERR_NOSUCHNICK, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); - - return CMD_FAILURE; + { + user->WriteServ("NOTICE %s :*** Distinguished Name: %s", user->nick.c_str(), cert->GetDN().c_str()); + user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick.c_str(), cert->GetIssuer().c_str()); + user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick.c_str(), cert->GetFingerprint().c_str()); + } + return CMD_SUCCESS; } }; @@ -120,8 +120,11 @@ class ModuleSSLInfo : public Module CommandSSLInfo cmd; public: - ModuleSSLInfo() - : cmd(this) + ModuleSSLInfo() : cmd(this) + { + } + + void init() { ServerInstance->AddCommand(&cmd); @@ -138,9 +141,14 @@ class ModuleSSLInfo : public Module void OnWhois(User* source, User* dest) { - if (cmd.CertExt.get(dest)) + ssl_cert* cert = cmd.CertExt.get(dest); + if (cert) { ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); + bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); + if ((!operonlyfp || source == dest || IS_OPER(source)) && !cert->fingerprint.empty()) + ServerInstance->SendWhoisLine(source, dest, 276, "%s %s :has client certificate fingerprint %s", + source->nick.c_str(), dest->nick.c_str(), cert->fingerprint.c_str()); } } |