diff options
-rw-r--r-- | conf/inspircd.conf.example | 6 | ||||
-rw-r--r-- | src/modules/m_ident.cpp | 14 | ||||
-rw-r--r-- | src/modules/m_sslinfo.cpp | 11 |
3 files changed, 26 insertions, 5 deletions
diff --git a/conf/inspircd.conf.example b/conf/inspircd.conf.example index baadf24d6..b9eec0e43 100644 --- a/conf/inspircd.conf.example +++ b/conf/inspircd.conf.example @@ -275,9 +275,13 @@ # module be loaded as well. modes="+x" + # requireident/requiressl: require that users of this block use SSL or + # have a valid ident response. Requires m_ident or m_sslinfo + requiressl="on" + # port: What port this user is allowed to connect on. (optional) # The port MUST be set to listen in the bind blocks above. - port="6667"> + port="6697"> <connect # name: Name to use for this connect block. Mainly used for diff --git a/src/modules/m_ident.cpp b/src/modules/m_ident.cpp index ead8a2021..d20c9d8dd 100644 --- a/src/modules/m_ident.cpp +++ b/src/modules/m_ident.cpp @@ -280,8 +280,11 @@ class ModuleIdent : public Module ModuleIdent() : ext("ident_socket", this) { OnRehash(NULL); - Implementation eventlist[] = { I_OnRehash, I_OnUserRegister, I_OnCheckReady, I_OnUserDisconnect }; - ServerInstance->Modules->Attach(eventlist, this, 4); + Implementation eventlist[] = { + I_OnRehash, I_OnUserRegister, I_OnCheckReady, + I_OnUserDisconnect, I_OnSetConnectClass + }; + ServerInstance->Modules->Attach(eventlist, this, 5); } ~ModuleIdent() @@ -384,6 +387,13 @@ class ModuleIdent : public Module return MOD_RES_PASSTHRU; } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) + { + if (myclass->config->getBool("requireident") && user->ident[0] == '~') + return MOD_RES_DENY; + return MOD_RES_PASSTHRU; + } + virtual void OnCleanup(int target_type, void *item) { /* Module unloading, tidy up users */ diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index e69f878d1..b67498072 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -127,8 +127,8 @@ class ModuleSSLInfo : public Module ServerInstance->Extensions.Register(&cmd.CertExt); - Implementation eventlist[] = { I_OnWhois, I_OnPreCommand }; - ServerInstance->Modules->Attach(eventlist, this, 2); + Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass }; + ServerInstance->Modules->Attach(eventlist, this, 3); } Version GetVersion() @@ -191,6 +191,13 @@ class ModuleSSLInfo : public Module return MOD_RES_PASSTHRU; } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) + { + if (myclass->config->getBool("requiressl") && !cmd.CertExt.get(user)) + return MOD_RES_DENY; + return MOD_RES_PASSTHRU; + } + void OnRequest(Request& request) { if (strcmp("GET_USER_CERT", request.id) == 0) |