/*
* InspIRCd -- Internet Relay Chat Daemon
*
+ * Copyright (C) 2013 Shawn Smith <shawn@inspircd.org>
* Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
* Copyright (C) 2007 Robin Burchell <robin+git@viroteck.net>
* Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
#include "inspircd.h"
#include "modules/ssl.h"
-/* $ModDesc: Provides channel mode +z to allow for Secure/SSL only channels */
+enum
+{
+ // From UnrealIRCd.
+ ERR_SECUREONLYCHAN = 489,
+ ERR_ALLMUSTSSL = 490
+};
+
+namespace
+{
+ bool IsSSLUser(UserCertificateAPI& api, User* user)
+ {
+ if (!api)
+ return false;
+
+ ssl_cert* cert = api->GetCertificate(user);
+ return (cert != NULL);
+ }
+}
/** Handle channel mode +z
*/
class SSLMode : public ModeHandler
{
- public:
- UserCertificateAPI API;
+ private:
+ UserCertificateAPI& API;
- SSLMode(Module* Creator)
+ public:
+ SSLMode(Module* Creator, UserCertificateAPI& api)
: ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL)
- , API(Creator)
+ , API(api)
{
}
- ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding)
+ ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
{
if (adding)
{
- if (!channel->IsModeSet('z'))
+ if (!channel->IsModeSet(this))
{
if (IS_LOCAL(source))
{
if (!API)
return MODEACTION_DENY;
- const UserMembList* userlist = channel->GetUsers();
- for(UserMembCIter i = userlist->begin(); i != userlist->end(); i++)
+ const Channel::MemberMap& userlist = channel->GetUsers();
+ for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i)
{
ssl_cert* cert = API->GetCertificate(i->first);
- if (!cert && !ServerInstance->ULine(i->first->server))
+ if (!cert && !i->first->server->IsULine())
{
- source->WriteNumeric(ERR_ALLMUSTSSL, "%s %s :all members of the channel must be connected via SSL", source->nick.c_str(), channel->name.c_str());
+ source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "all members of the channel must be connected via SSL");
return MODEACTION_DENY;
}
}
}
- channel->SetMode('z',true);
+ channel->SetMode(this, true);
return MODEACTION_ALLOW;
}
else
}
else
{
- if (channel->IsModeSet('z'))
+ if (channel->IsModeSet(this))
{
- channel->SetMode('z',false);
+ channel->SetMode(this, false);
return MODEACTION_ALLOW;
}
}
};
-class ModuleSSLModes : public Module
+/** Handle user mode +z
+*/
+class SSLModeUser : public ModeHandler
{
-
- SSLMode sslm;
+ private:
+ UserCertificateAPI& API;
public:
- ModuleSSLModes()
- : sslm(this)
+ SSLModeUser(Module* Creator, UserCertificateAPI& api)
+ : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER)
+ , API(api)
{
+ if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode"))
+ DisableAutoRegister();
}
- void init() CXX11_OVERRIDE
+ ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
+ {
+ if (adding)
+ {
+ if (!dest->IsModeSet(this))
+ {
+ if (!IsSSLUser(API, user))
+ return MODEACTION_DENY;
+
+ dest->SetMode(this, true);
+ return MODEACTION_ALLOW;
+ }
+ }
+ else
+ {
+ if (dest->IsModeSet(this))
+ {
+ dest->SetMode(this, false);
+ return MODEACTION_ALLOW;
+ }
+ }
+
+ return MODEACTION_DENY;
+ }
+};
+
+class ModuleSSLModes : public Module
+{
+ private:
+ UserCertificateAPI api;
+ SSLMode sslm;
+ SSLModeUser sslquery;
+
+ public:
+ ModuleSSLModes()
+ : api(this)
+ , sslm(this, api)
+ , sslquery(this, api)
{
- ServerInstance->Modules->AddService(sslm);
- Implementation eventlist[] = { I_OnUserPreJoin, I_OnCheckBan, I_On005Numeric };
- ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
}
ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven) CXX11_OVERRIDE
{
- if(chan && chan->IsModeSet('z'))
+ if(chan && chan->IsModeSet(sslm))
{
- if (!sslm.API)
+ if (!api)
return MOD_RES_DENY;
- ssl_cert* cert = sslm.API->GetCertificate(user);
+ ssl_cert* cert = api->GetCertificate(user);
if (cert)
{
// Let them in
else
{
// Deny
- user->WriteServ( "489 %s %s :Cannot join channel; SSL users only (+z)", user->nick.c_str(), cname.c_str());
+ user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)");
+ return MOD_RES_DENY;
+ }
+ }
+
+ return MOD_RES_PASSTHRU;
+ }
+
+ ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE
+ {
+ if (msgtarget.type != MessageTarget::TYPE_USER)
+ return MOD_RES_PASSTHRU;
+
+ User* target = msgtarget.Get<User>();
+
+ /* If one or more of the parties involved is a ulined service, we wont stop it. */
+ if (user->server->IsULine() || target->server->IsULine())
+ return MOD_RES_PASSTHRU;
+
+ /* If the target is +z */
+ if (target->IsModeSet(sslquery))
+ {
+ if (!IsSSLUser(api, user))
+ {
+ /* The sending user is not on an SSL connection */
+ user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)");
+ return MOD_RES_DENY;
+ }
+ }
+ /* If the user is +z */
+ else if (user->IsModeSet(sslquery))
+ {
+ if (!IsSSLUser(api, target))
+ {
+ user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user.");
return MOD_RES_DENY;
}
}
{
if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
{
- if (!sslm.API)
+ if (!api)
return MOD_RES_DENY;
- ssl_cert* cert = sslm.API->GetCertificate(user);
+ ssl_cert* cert = api->GetCertificate(user);
if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2)))
return MOD_RES_DENY;
}
Version GetVersion() CXX11_OVERRIDE
{
- return Version("Provides channel mode +z to allow for Secure/SSL only channels", VF_VENDOR);
+ return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR);
}
};
projects / user / henk / code / inspircd.git / blobdiff