X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;ds=sidebyside;f=src%2Fmodules%2Fm_sslmodes.cpp;h=dc0063d29b0bf2260548f115521ebbda7a9bbd82;hb=77730fd5f09f8fc193205654c8bba84d34365670;hp=e499082ff81f5c821745597ca25744ec5961f573;hpb=da29af8cba49d51e53d6e68237ccbf6370b6dd1f;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index e499082ff..dc0063d29 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -1,6 +1,7 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2013 Shawn Smith * Copyright (C) 2009 Daniel De Graaf * Copyright (C) 2007 Robin Burchell * Copyright (C) 2007 Dennis Friis @@ -24,20 +25,40 @@ #include "inspircd.h" #include "modules/ssl.h" +enum +{ + // From UnrealIRCd. + ERR_SECUREONLYCHAN = 489, + ERR_ALLMUSTSSL = 490 +}; + +namespace +{ + bool IsSSLUser(UserCertificateAPI& api, User* user) + { + if (!api) + return false; + + ssl_cert* cert = api->GetCertificate(user); + return (cert != NULL); + } +} + /** Handle channel mode +z */ class SSLMode : public ModeHandler { - public: - UserCertificateAPI API; + private: + UserCertificateAPI& API; - SSLMode(Module* Creator) + public: + SSLMode(Module* Creator, UserCertificateAPI& api) : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL) - , API(Creator) + , API(api) { } - ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE { if (adding) { @@ -80,14 +101,60 @@ class SSLMode : public ModeHandler } }; -class ModuleSSLModes : public Module +/** Handle user mode +z +*/ +class SSLModeUser : public ModeHandler { + private: + UserCertificateAPI& API; + public: + SSLModeUser(Module* Creator, UserCertificateAPI& api) + : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER) + , API(api) + { + if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode")) + DisableAutoRegister(); + } + + ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE + { + if (adding) + { + if (!dest->IsModeSet(this)) + { + if (!IsSSLUser(API, user)) + return MODEACTION_DENY; + + dest->SetMode(this, true); + return MODEACTION_ALLOW; + } + } + else + { + if (dest->IsModeSet(this)) + { + dest->SetMode(this, false); + return MODEACTION_ALLOW; + } + } + + return MODEACTION_DENY; + } +}; + +class ModuleSSLModes : public Module +{ + private: + UserCertificateAPI api; SSLMode sslm; + SSLModeUser sslquery; public: ModuleSSLModes() - : sslm(this) + : api(this) + , sslm(this, api) + , sslquery(this, api) { } @@ -95,10 +162,10 @@ class ModuleSSLModes : public Module { if(chan && chan->IsModeSet(sslm)) { - if (!sslm.API) + if (!api) return MOD_RES_DENY; - ssl_cert* cert = sslm.API->GetCertificate(user); + ssl_cert* cert = api->GetCertificate(user); if (cert) { // Let them in @@ -107,7 +174,41 @@ class ModuleSSLModes : public Module else { // Deny - user->WriteNumeric(489, cname, "Cannot join channel; SSL users only (+z)"); + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)"); + return MOD_RES_DENY; + } + } + + return MOD_RES_PASSTHRU; + } + + ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE + { + if (msgtarget.type != MessageTarget::TYPE_USER) + return MOD_RES_PASSTHRU; + + User* target = msgtarget.Get(); + + /* If one or more of the parties involved is a ulined service, we wont stop it. */ + if (user->server->IsULine() || target->server->IsULine()) + return MOD_RES_PASSTHRU; + + /* If the target is +z */ + if (target->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, user)) + { + /* The sending user is not on an SSL connection */ + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)"); + return MOD_RES_DENY; + } + } + /* If the user is +z */ + else if (user->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, target)) + { + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user."); return MOD_RES_DENY; } } @@ -119,10 +220,10 @@ class ModuleSSLModes : public Module { if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':')) { - if (!sslm.API) + if (!api) return MOD_RES_DENY; - ssl_cert* cert = sslm.API->GetCertificate(user); + ssl_cert* cert = api->GetCertificate(user); if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2))) return MOD_RES_DENY; } @@ -136,7 +237,7 @@ class ModuleSSLModes : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Provides channel mode +z to allow for Secure/SSL only channels", VF_VENDOR); + return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR); } };