+ }
+
+ void init()
+ {
+ ServerInstance->Modules->AddService(cmd);
+
+ ServerInstance->Modules->AddService(cmd.CertExt);
+
+ Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect, I_OnPostConnect };
+ ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
+ }
+
+ Version GetVersion()
+ {
+ return Version("SSL Certificate Utilities", VF_VENDOR);
+ }
+
+ void OnWhois(User* source, User* dest)
+ {
+ ssl_cert* cert = cmd.CertExt.get(dest);
+ if (cert)
+ {
+ ServerInstance->SendWhoisLine(source, dest, 671, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str());
+ bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly");
+ if ((!operonlyfp || source == dest || IS_OPER(source)) && !cert->fingerprint.empty())
+ ServerInstance->SendWhoisLine(source, dest, 276, "%s %s :has client certificate fingerprint %s",
+ source->nick.c_str(), dest->nick.c_str(), cert->fingerprint.c_str());
+ }
+ }
+
+ bool OneOfMatches(const char* host, const char* ip, const char* hostlist)
+ {
+ std::stringstream hl(hostlist);
+ std::string xhost;
+ while (hl >> xhost)
+ {
+ if (InspIRCd::Match(host, xhost, ascii_case_insensitive_map) || InspIRCd::MatchCIDR(ip, xhost, ascii_case_insensitive_map))
+ {
+ return true;
+ }
+ }
+ return false;
+ }
+
+ ModResult OnPreCommand(std::string &command, std::vector<std::string> ¶meters, LocalUser *user, bool validated, const std::string &original_line)
+ {
+ if ((command == "OPER") && (validated))
+ {
+ OperIndex::iterator i = ServerInstance->Config->oper_blocks.find(parameters[0]);
+ if (i != ServerInstance->Config->oper_blocks.end())
+ {
+ OperInfo* ifo = i->second;
+ ssl_cert* cert = cmd.CertExt.get(user);
+
+ if (ifo->oper_block->getBool("sslonly") && !cert)
+ {
+ user->WriteNumeric(491, "%s :This oper login requires an SSL connection.", user->nick.c_str());
+ user->CommandFloodPenalty += 10000;
+ return MOD_RES_DENY;
+ }