]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/extra/m_ssl_gnutls.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
m_ssl_gnutls Hold users in pre-registration state until the handshake is completed
[user/henk/code/inspircd.git] / src / modules / extra / m_ssl_gnutls.cpp
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index cdfe00b9c929705fcdcbeb76e568cbfa8bf6d816..59ac1acb3bcd62295ba9ea5e531ef7479ed480e0 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -22,9 +22,6 @@
 
 
 #include "inspircd.h"
-#ifndef _WIN32
-#include <gcrypt.h>
-#endif
 #include <gnutls/gnutls.h>
 #include <gnutls/x509.h>
 #include "ssl.h"
@@ -35,8 +32,8 @@
 #endif
 
 /* $ModDesc: Provides SSL support for clients */
-/* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") exec("libgcrypt-config --cflags") */
-/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") exec("libgcrypt-config --libs") */
+/* $CompileFlags: pkgconfincludes("gnutls","/gnutls/gnutls.h","") iflt("pkg-config --modversion gnutls","2.12") exec("libgcrypt-config --cflags") */
+/* $LinkerFlags: rpath("pkg-config --libs gnutls") pkgconflibs("gnutls","/libgnutls.so","-lgnutls") iflt("pkg-config --modversion gnutls","2.12") exec("libgcrypt-config --libs") */
 /* $NoPedantic */
 
 #ifndef GNUTLS_VERSION_MAJOR
@@ -55,7 +52,7 @@ typedef gnutls_certificate_credentials_t gnutls_certificate_credentials;
 typedef gnutls_dh_params_t gnutls_dh_params;
 #endif
 
-#if (defined(_WIN32) && (GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 12)))
+#if (GNUTLS_VERSION_MAJOR > 2 || (GNUTLS_VERSION_MAJOR == 2 && GNUTLS_VERSION_MINOR >= 12))
 # define GNUTLS_HAS_RND
 # include <gnutls/crypto.h>
 #else
@@ -157,7 +154,7 @@ public:
        reference<ssl_cert> cert;
        reference<SSLConfig> config;
 
-       issl_session() : socket(NULL), sess(NULL) {}
+       issl_session() : socket(NULL), sess(NULL), status(ISSL_NONE) {}
 };
 
 static SSLConfig* GetSessionConfig(gnutls_session_t sess)
@@ -319,7 +316,7 @@ class ModuleSSLGnuTLS : public Module
                ServerInstance->GenRandom = &randhandler;
 
                Implementation eventlist[] = { I_On005Numeric, I_OnRehash, I_OnModuleRehash, I_OnUserConnect,
-                       I_OnEvent, I_OnHookIO };
+                       I_OnEvent, I_OnHookIO, I_OnCheckReady };
                ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
 
                ServerInstance->Modules->AddService(iohook);
@@ -419,6 +416,10 @@ class ModuleSSLGnuTLS : public Module
                        hash = GNUTLS_DIG_MD5;
                else if (hashname == "sha1")
                        hash = GNUTLS_DIG_SHA1;
+#ifdef INSPIRCD_GNUTLS_ENABLE_SHA256_FINGERPRINT
+               else if (hashname == "sha256")
+                       hash = GNUTLS_DIG_SHA256;
+#endif
                else
                        throw ModuleException("Unknown hash type " + hashname);
 
@@ -973,6 +974,13 @@ info_done_dealloc:
                if (starttls.enabled)
                        capHandler.HandleEvent(ev);
        }
+
+       ModResult OnCheckReady(LocalUser* user)
+       {
+               if ((user->eh.GetIOHook() == this) && (sessions[user->eh.GetFd()].status != ISSL_HANDSHAKEN))
+                       return MOD_RES_DENY;
+               return MOD_RES_PASSTHRU;
+       }
 };
 
 MODULE_INIT(ModuleSSLGnuTLS)