From 56d733a9fa9477d281b62ac9237eb7ac8356340d Mon Sep 17 00:00:00 2001 From: danieldg Date: Mon, 15 Feb 2010 18:04:53 +0000 Subject: Add to allow SSL fingerprint-based automatic oper login git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12467 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_ssl_gnutls.cpp | 1 - src/modules/extra/m_ssl_openssl.cpp | 2 -- src/modules/m_spanningtree/main.cpp | 18 ++++++++++++------ src/modules/m_sslinfo.cpp | 36 ++++++++++++++++++++++++------------ src/modules/ssl.h | 11 ----------- 5 files changed, 36 insertions(+), 32 deletions(-) (limited to 'src') diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 243c8e28e..5b2c7accb 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -575,7 +575,6 @@ class ModuleSSLGnuTLS : public Module if (sessions[user->eh.GetFd()].sess) { ssl_cert* cert = sessions[user->eh.GetFd()].cert; - SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), cert); std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->eh.GetFd()].sess)); cipher.append("-").append(gnutls_cipher_get_name(gnutls_cipher_get(sessions[user->eh.GetFd()].sess))).append("-"); cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->eh.GetFd()].sess))); diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 7d46cf66a..e099facd3 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -242,8 +242,6 @@ class ModuleSSLOpenSSL : public Module { if (sessions[user->eh.GetFd()].sess) { - SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), sessions[user->eh.GetFd()].cert); - if (!sessions[user->eh.GetFd()].cert->fingerprint.empty()) user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s", user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str()); diff --git a/src/modules/m_spanningtree/main.cpp b/src/modules/m_spanningtree/main.cpp index 11b309557..b313b876a 100644 --- a/src/modules/m_spanningtree/main.cpp +++ b/src/modules/m_spanningtree/main.cpp @@ -581,6 +581,13 @@ void ModuleSpanningTree::OnUserConnect(LocalUser* user) params.push_back(":"+std::string(user->fullname)); Utils->DoOneToMany(ServerInstance->Config->GetSID(), "UID", params); + if (IS_OPER(user)) + { + params.clear(); + params.push_back(user->oper->name); + Utils->DoOneToMany(user->uuid,"OPERTYPE",params); + } + for(Extensible::ExtensibleStore::const_iterator i = user->GetExtList().begin(); i != user->GetExtList().end(); i++) { ExtensionItem* item = i->first; @@ -790,12 +797,11 @@ void ModuleSpanningTree::RedoConfig(Module* mod) // locally. void ModuleSpanningTree::OnOper(User* user, const std::string &opertype) { - if (IS_LOCAL(user)) - { - parameterlist params; - params.push_back(opertype); - Utils->DoOneToMany(user->uuid,"OPERTYPE",params); - } + if (user->registered != REG_ALL || !IS_LOCAL(user)) + return; + parameterlist params; + params.push_back(opertype); + Utils->DoOneToMany(user->uuid,"OPERTYPE",params); } void ModuleSpanningTree::OnAddLine(User* user, XLine *x) diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index b9e9fb146..578b07c22 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -130,8 +130,8 @@ class ModuleSSLInfo : public Module ServerInstance->Extensions.Register(&cmd.CertExt); - Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass }; - ServerInstance->Modules->Attach(eventlist, this, 3); + Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect }; + ServerInstance->Modules->Attach(eventlist, this, 4); } Version GetVersion() @@ -199,18 +199,35 @@ class ModuleSSLInfo : public Module return MOD_RES_PASSTHRU; } + void OnUserConnect(LocalUser* user) + { + SocketCertificateRequest req(&user->eh, this); + if (!req.cert) + return; + cmd.CertExt.set(user, req.cert); + if (req.cert->fingerprint.empty()) + return; + // find an auto-oper block for this user + for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++) + { + OperInfo* ifo = i->second; + std::string fp = ifo->oper_block->getString("fingerprint"); + if (fp == req.cert->fingerprint && ifo->oper_block->getBool("autologin")) + user->Oper(ifo); + } + } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) { SocketCertificateRequest req(&user->eh, this); - req.Send(); bool ok = true; - if (myclass->config->getBool("requiressl")) + if (myclass->config->getString("requiressl") == "trusted") { - ok = (req.cert != NULL); + ok = (req.cert && req.cert->IsCAVerified()); } - else if (myclass->config->getString("requiressl") == "trusted") + else if (myclass->config->getBool("requiressl")) { - ok = (req.cert && req.cert->IsCAVerified()); + ok = (req.cert != NULL); } if (!ok) @@ -225,11 +242,6 @@ class ModuleSSLInfo : public Module UserCertificateRequest& req = static_cast(request); req.cert = cmd.CertExt.get(req.user); } - else if (strcmp("SET_CERT", request.id) == 0) - { - SSLCertSubmission& req = static_cast(request); - cmd.CertExt.set(req.item, req.cert); - } } }; diff --git a/src/modules/ssl.h b/src/modules/ssl.h index 2d0a2b1ee..e66e423aa 100644 --- a/src/modules/ssl.h +++ b/src/modules/ssl.h @@ -165,15 +165,4 @@ struct UserCertificateRequest : public Request } }; -struct SSLCertSubmission : public Request -{ - Extensible* const item; - ssl_cert* const cert; - SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert) - : Request(Me, Target, "SET_CERT"), item(is), cert(Cert) - { - Send(); - } -}; - #endif -- cgit v1.2.3