summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp13
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp14
-rw-r--r--src/modules/m_restrictmsg.cpp3
3 files changed, 29 insertions, 1 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index a2bdb76ee..d33403aba 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1029,6 +1029,7 @@ info_done_dealloc:
}
GnuTLS::Profile* GetProfile() { return profile; }
+ bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); }
};
int GnuTLS::X509Credentials::cert_callback(gnutls_session_t sess, const gnutls_datum_t* req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t* sign_algos, int sign_algos_length, cert_cb_last_param_type* st)
@@ -1204,6 +1205,18 @@ class ModuleSSLGnuTLS : public Module
if (hook && hook->prov->creator == this)
static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user);
}
+
+ ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
+ {
+ if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
+ {
+ GnuTLSIOHook* iohook = static_cast<GnuTLSIOHook*>(user->eh.GetIOHook());
+ if (!iohook->IsHandshakeDone())
+ return MOD_RES_DENY;
+ }
+
+ return MOD_RES_PASSTHRU;
+ }
};
MODULE_INIT(ModuleSSLGnuTLS)
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0fd4608be..c8a035fac 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -680,6 +680,8 @@ class OpenSSLIOHook : public SSLIOHook
out.append(SSL_get_version(sess)).push_back('-');
out.append(SSL_get_cipher(sess));
}
+
+ bool IsHandshakeDone() const { return (status == ISSL_OPEN); }
};
static void StaticSSLInfoCallback(const SSL* ssl, int where, int rc)
@@ -831,6 +833,18 @@ class ModuleSSLOpenSSL : public Module
}
}
+ ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
+ {
+ if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
+ {
+ OpenSSLIOHook* iohook = static_cast<OpenSSLIOHook*>(user->eh.GetIOHook());
+ if (!iohook->IsHandshakeDone())
+ return MOD_RES_DENY;
+ }
+
+ return MOD_RES_PASSTHRU;
+ }
+
Version GetVersion() CXX11_OVERRIDE
{
return Version("Provides SSL support for clients", VF_VENDOR);
diff --git a/src/modules/m_restrictmsg.cpp b/src/modules/m_restrictmsg.cpp
index e0887e587..279775d48 100644
--- a/src/modules/m_restrictmsg.cpp
+++ b/src/modules/m_restrictmsg.cpp
@@ -33,8 +33,9 @@ class ModuleRestrictMsg : public Module
// message allowed if:
// (1) the sender is opered
// (2) the recipient is opered
+ // (3) the recipient is on a ulined server
// anything else, blocked.
- if (u->IsOper() || user->IsOper())
+ if (u->IsOper() || user->IsOper() || u->server->IsULine())
{
return MOD_RES_PASSTHRU;
}