summaryrefslogtreecommitdiff
path: root/src/modules/m_sslinfo.cpp
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-15 18:04:53 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-15 18:04:53 +0000
commit56d733a9fa9477d281b62ac9237eb7ac8356340d (patch)
treeb521a5c0bcbc7692659994af33fb02c85034e241 /src/modules/m_sslinfo.cpp
parent065d1788b602c807a4d669ba413a175c0059e357 (diff)
Add <oper:autologin> to allow SSL fingerprint-based automatic oper login
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12467 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
-rw-r--r--src/modules/m_sslinfo.cpp36
1 files changed, 24 insertions, 12 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index b9e9fb146..578b07c22 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -130,8 +130,8 @@ class ModuleSSLInfo : public Module
ServerInstance->Extensions.Register(&cmd.CertExt);
- Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass };
- ServerInstance->Modules->Attach(eventlist, this, 3);
+ Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect };
+ ServerInstance->Modules->Attach(eventlist, this, 4);
}
Version GetVersion()
@@ -199,18 +199,35 @@ class ModuleSSLInfo : public Module
return MOD_RES_PASSTHRU;
}
+ void OnUserConnect(LocalUser* user)
+ {
+ SocketCertificateRequest req(&user->eh, this);
+ if (!req.cert)
+ return;
+ cmd.CertExt.set(user, req.cert);
+ if (req.cert->fingerprint.empty())
+ return;
+ // find an auto-oper block for this user
+ for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++)
+ {
+ OperInfo* ifo = i->second;
+ std::string fp = ifo->oper_block->getString("fingerprint");
+ if (fp == req.cert->fingerprint && ifo->oper_block->getBool("autologin"))
+ user->Oper(ifo);
+ }
+ }
+
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
{
SocketCertificateRequest req(&user->eh, this);
- req.Send();
bool ok = true;
- if (myclass->config->getBool("requiressl"))
+ if (myclass->config->getString("requiressl") == "trusted")
{
- ok = (req.cert != NULL);
+ ok = (req.cert && req.cert->IsCAVerified());
}
- else if (myclass->config->getString("requiressl") == "trusted")
+ else if (myclass->config->getBool("requiressl"))
{
- ok = (req.cert && req.cert->IsCAVerified());
+ ok = (req.cert != NULL);
}
if (!ok)
@@ -225,11 +242,6 @@ class ModuleSSLInfo : public Module
UserCertificateRequest& req = static_cast<UserCertificateRequest&>(request);
req.cert = cmd.CertExt.get(req.user);
}
- else if (strcmp("SET_CERT", request.id) == 0)
- {
- SSLCertSubmission& req = static_cast<SSLCertSubmission&>(request);
- cmd.CertExt.set(req.item, req.cert);
- }
}
};