#include "inspircd.h"
+#include "modules/ctctags.h"
#include "modules/ssl.h"
enum
ERR_ALLMUSTSSL = 490
};
-namespace
-{
- bool IsSSLUser(UserCertificateAPI& api, User* user)
- {
- if (!api)
- return false;
-
- ssl_cert* cert = api->GetCertificate(user);
- return (cert != NULL);
- }
-}
-
/** Handle channel mode +z
*/
class SSLMode : public ModeHandler
if (IS_LOCAL(source))
{
if (!API)
+ {
+ source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via SSL");
return MODEACTION_DENY;
+ }
const Channel::MemberMap& userlist = channel->GetUsers();
for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i)
{
if (!dest->IsModeSet(this))
{
- if (!IsSSLUser(API, user))
+ if (!API || !API->GetCertificate(user))
return MODEACTION_DENY;
dest->SetMode(this, true);
}
};
-class ModuleSSLModes : public Module
+class ModuleSSLModes
+ : public Module
+ , public CTCTags::EventListener
{
private:
UserCertificateAPI api;
public:
ModuleSSLModes()
- : api(this)
+ : CTCTags::EventListener(this)
+ , api(this)
, sslm(this, api)
, sslquery(this, api)
{
if(chan && chan->IsModeSet(sslm))
{
if (!api)
- return MOD_RES_DENY;
-
- ssl_cert* cert = api->GetCertificate(user);
- if (cert)
{
- // Let them in
- return MOD_RES_PASSTHRU;
+ user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are an SSL user (+z is set)");
+ return MOD_RES_DENY;
}
- else
+
+ if (!api->GetCertificate(user))
{
- // Deny
- user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)");
+ user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z is set)");
return MOD_RES_DENY;
}
}
return MOD_RES_PASSTHRU;
}
- ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE
+ ModResult HandleMessage(User* user, const MessageTarget& msgtarget)
{
if (msgtarget.type != MessageTarget::TYPE_USER)
return MOD_RES_PASSTHRU;
/* If the target is +z */
if (target->IsModeSet(sslquery))
{
- if (!IsSSLUser(api, user))
+ if (!api || !api->GetCertificate(user))
{
/* The sending user is not on an SSL connection */
- user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)");
+ user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z is set)");
return MOD_RES_DENY;
}
}
/* If the user is +z */
else if (user->IsModeSet(sslquery))
{
- if (!IsSSLUser(api, target))
+ if (!api || !api->GetCertificate(target))
{
- user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user.");
+ user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove user mode 'z' before you are able to send private messages to a non-SSL user.");
return MOD_RES_DENY;
}
}
return MOD_RES_PASSTHRU;
}
+ ModResult OnUserPreMessage(User* user, const MessageTarget& target, MessageDetails& details) CXX11_OVERRIDE
+ {
+ return HandleMessage(user, target);
+ }
+
+ ModResult OnUserPreTagMessage(User* user, const MessageTarget& target, CTCTags::TagMessageDetails& details) CXX11_OVERRIDE
+ {
+ return HandleMessage(user, target);
+ }
+
ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE
{
if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
{
- if (!api)
- return MOD_RES_DENY;
-
- ssl_cert* cert = api->GetCertificate(user);
- if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2)))
+ const std::string fp = api ? api->GetFingerprint(user) : "";
+ if (!fp.empty() && InspIRCd::Match(fp, mask.substr(2)))
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR);
+ return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices", VF_VENDOR);
}
};