diff options
-rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 13 | ||||
-rw-r--r-- | src/modules/extra/m_ssl_openssl.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_restrictmsg.cpp | 3 |
3 files changed, 29 insertions, 1 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index a2bdb76ee..d33403aba 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -1029,6 +1029,7 @@ info_done_dealloc: } GnuTLS::Profile* GetProfile() { return profile; } + bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); } }; int GnuTLS::X509Credentials::cert_callback(gnutls_session_t sess, const gnutls_datum_t* req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t* sign_algos, int sign_algos_length, cert_cb_last_param_type* st) @@ -1204,6 +1205,18 @@ class ModuleSSLGnuTLS : public Module if (hook && hook->prov->creator == this) static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user); } + + ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE + { + if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this)) + { + GnuTLSIOHook* iohook = static_cast<GnuTLSIOHook*>(user->eh.GetIOHook()); + if (!iohook->IsHandshakeDone()) + return MOD_RES_DENY; + } + + return MOD_RES_PASSTHRU; + } }; MODULE_INIT(ModuleSSLGnuTLS) diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 0fd4608be..c8a035fac 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -680,6 +680,8 @@ class OpenSSLIOHook : public SSLIOHook out.append(SSL_get_version(sess)).push_back('-'); out.append(SSL_get_cipher(sess)); } + + bool IsHandshakeDone() const { return (status == ISSL_OPEN); } }; static void StaticSSLInfoCallback(const SSL* ssl, int where, int rc) @@ -831,6 +833,18 @@ class ModuleSSLOpenSSL : public Module } } + ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE + { + if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this)) + { + OpenSSLIOHook* iohook = static_cast<OpenSSLIOHook*>(user->eh.GetIOHook()); + if (!iohook->IsHandshakeDone()) + return MOD_RES_DENY; + } + + return MOD_RES_PASSTHRU; + } + Version GetVersion() CXX11_OVERRIDE { return Version("Provides SSL support for clients", VF_VENDOR); diff --git a/src/modules/m_restrictmsg.cpp b/src/modules/m_restrictmsg.cpp index e0887e587..279775d48 100644 --- a/src/modules/m_restrictmsg.cpp +++ b/src/modules/m_restrictmsg.cpp @@ -33,8 +33,9 @@ class ModuleRestrictMsg : public Module // message allowed if: // (1) the sender is opered // (2) the recipient is opered + // (3) the recipient is on a ulined server // anything else, blocked. - if (u->IsOper() || user->IsOper()) + if (u->IsOper() || user->IsOper() || u->server->IsULine()) { return MOD_RES_PASSTHRU; } |