2 * InspIRCd -- Internet Relay Chat Daemon
4 * Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
5 * Copyright (C) 2013, 2017-2020 Sadie Powell <sadie@witchery.services>
6 * Copyright (C) 2013 Shawn Smith <ShawnSmith0828@gmail.com>
7 * Copyright (C) 2012-2014 Attila Molnar <attilamolnar@hush.com>
8 * Copyright (C) 2012 Robby <robby@chatbelgie.be>
9 * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
10 * Copyright (C) 2009 Uli Schlachter <psychon@inspircd.org>
11 * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
12 * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
13 * Copyright (C) 2006-2007, 2010 Craig Edwards <brain@inspircd.org>
15 * This file is part of InspIRCd. InspIRCd is free software: you can
16 * redistribute it and/or modify it under the terms of the GNU General Public
17 * License as published by the Free Software Foundation, version 2.
19 * This program is distributed in the hope that it will be useful, but WITHOUT
20 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
21 * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
24 * You should have received a copy of the GNU General Public License
25 * along with this program. If not, see <http://www.gnu.org/licenses/>.
30 #include "modules/ctctags.h"
31 #include "modules/ssl.h"
36 ERR_SECUREONLYCHAN = 489,
40 /** Handle channel mode +z
42 class SSLMode : public ModeHandler
45 UserCertificateAPI& API;
48 SSLMode(Module* Creator, UserCertificateAPI& api)
49 : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL)
54 ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
58 if (!channel->IsModeSet(this))
64 source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via TLS (SSL)");
65 return MODEACTION_DENY;
68 unsigned long nonssl = 0;
69 const Channel::MemberMap& userlist = channel->GetUsers();
70 for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i)
72 ssl_cert* cert = API->GetCertificate(i->first);
73 if (!cert && !i->first->server->IsULine())
79 source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, InspIRCd::Format("All members of the channel must be connected via TLS (SSL) (%lu/%lu are non-TLS (SSL))",
80 nonssl, static_cast<unsigned long>(userlist.size())));
81 return MODEACTION_DENY;
84 channel->SetMode(this, true);
85 return MODEACTION_ALLOW;
89 return MODEACTION_DENY;
94 if (channel->IsModeSet(this))
96 channel->SetMode(this, false);
97 return MODEACTION_ALLOW;
100 return MODEACTION_DENY;
105 /** Handle user mode +z
107 class SSLModeUser : public ModeHandler
110 UserCertificateAPI& API;
113 SSLModeUser(Module* Creator, UserCertificateAPI& api)
114 : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER)
117 if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode"))
118 DisableAutoRegister();
121 ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
125 if (!dest->IsModeSet(this))
127 if (!API || !API->GetCertificate(user))
128 return MODEACTION_DENY;
130 dest->SetMode(this, true);
131 return MODEACTION_ALLOW;
136 if (dest->IsModeSet(this))
138 dest->SetMode(this, false);
139 return MODEACTION_ALLOW;
143 return MODEACTION_DENY;
149 , public CTCTags::EventListener
152 UserCertificateAPI api;
154 SSLModeUser sslquery;
158 : CTCTags::EventListener(this)
161 , sslquery(this, api)
165 ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven) CXX11_OVERRIDE
167 if(chan && chan->IsModeSet(sslm))
171 user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are a TLS (SSL) user (+z is set)");
175 if (!api->GetCertificate(user))
177 user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; TLS (SSL) users only (+z is set)");
182 return MOD_RES_PASSTHRU;
185 ModResult HandleMessage(User* user, const MessageTarget& msgtarget)
187 if (msgtarget.type != MessageTarget::TYPE_USER)
188 return MOD_RES_PASSTHRU;
190 User* target = msgtarget.Get<User>();
192 /* If one or more of the parties involved is a ulined service, we won't stop it. */
193 if (user->server->IsULine() || target->server->IsULine())
194 return MOD_RES_PASSTHRU;
196 /* If the target is +z */
197 if (target->IsModeSet(sslquery))
199 if (!api || !api->GetCertificate(user))
201 /* The sending user is not on an SSL connection */
202 user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery));
206 /* If the user is +z */
207 else if (user->IsModeSet(sslquery))
209 if (!api || !api->GetCertificate(target))
211 user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery, true));
216 return MOD_RES_PASSTHRU;
219 ModResult OnUserPreMessage(User* user, const MessageTarget& target, MessageDetails& details) CXX11_OVERRIDE
221 return HandleMessage(user, target);
224 ModResult OnUserPreTagMessage(User* user, const MessageTarget& target, CTCTags::TagMessageDetails& details) CXX11_OVERRIDE
226 return HandleMessage(user, target);
229 ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE
231 if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
233 const std::string fp = api ? api->GetFingerprint(user) : "";
234 if (!fp.empty() && InspIRCd::Match(fp, mask.substr(2)))
237 return MOD_RES_PASSTHRU;
240 void On005Numeric(std::map<std::string, std::string>& tokens) CXX11_OVERRIDE
242 tokens["EXTBAN"].push_back('z');
245 Version GetVersion() CXX11_OVERRIDE
247 return Version("Adds channel mode z (sslonly) which prevents users who are not connecting using TLS (SSL) from joining the channel and user mode z (sslqueries) to prevent messages from non-TLS (SSL) users.", VF_VENDOR);
251 MODULE_INIT(ModuleSSLModes)
projects / user / henk / code / inspircd.git / blob