X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslinfo.cpp;h=b51c30b768ab0df72fdae9b89ebe275361de33f2;hb=551d687ec6d7ce44be35fae0dd7345fe73c4f63a;hp=b9e9fb1461438eb90e5519075097be79efe6d4b0;hpb=d4d2b9a1fbeea981dc0c35402483d6216e8e45ac;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index b9e9fb146..b51c30b76 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -1,18 +1,24 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2010 InspIRCd Development Team - * See: http://wiki.inspircd.org/Credits + * Copyright (C) 2009-2010 Daniel De Graaf * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + #include "inspircd.h" -#include "ssl.h" +#include "modules/ssl.h" /* $ModDesc: Provides SSL metadata, including /WHOIS information and /SSLINFO command */ @@ -83,15 +89,15 @@ class CommandSSLInfo : public Command CmdResult Handle (const std::vector ¶meters, User *user) { - User* target = ServerInstance->FindNick(parameters[0]); + User* target = ServerInstance->FindNickOnly(parameters[0]); - if (!target) + if ((!target) || (target->registered != REG_ALL)) { user->WriteNumeric(ERR_NOSUCHNICK, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); return CMD_FAILURE; } bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); - if (operonlyfp && !IS_OPER(user) && target != user) + if (operonlyfp && !user->IsOper() && target != user) { user->WriteServ("NOTICE %s :*** You cannot view SSL certificate information for other users", user->nick.c_str()); return CMD_FAILURE; @@ -126,12 +132,12 @@ class ModuleSSLInfo : public Module void init() { - ServerInstance->AddCommand(&cmd); + ServerInstance->Modules->AddService(cmd); - ServerInstance->Extensions.Register(&cmd.CertExt); + ServerInstance->Modules->AddService(cmd.CertExt); - Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass }; - ServerInstance->Modules->Attach(eventlist, this, 3); + Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect, I_OnPostConnect }; + ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation)); } Version GetVersion() @@ -144,9 +150,9 @@ class ModuleSSLInfo : public Module ssl_cert* cert = cmd.CertExt.get(dest); if (cert) { - ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); + ServerInstance->SendWhoisLine(source, dest, 671, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); - if ((!operonlyfp || source == dest || IS_OPER(source)) && !cert->fingerprint.empty()) + if ((!operonlyfp || source == dest || source->IsOper()) && !cert->fingerprint.empty()) ServerInstance->SendWhoisLine(source, dest, 276, "%s %s :has client certificate fingerprint %s", source->nick.c_str(), dest->nick.c_str(), cert->fingerprint.c_str()); } @@ -168,9 +174,7 @@ class ModuleSSLInfo : public Module ModResult OnPreCommand(std::string &command, std::vector ¶meters, LocalUser *user, bool validated, const std::string &original_line) { - irc::string pcmd = command.c_str(); - - if ((pcmd == "OPER") && (validated)) + if ((command == "OPER") && (validated)) { OperIndex::iterator i = ServerInstance->Config->oper_blocks.find(parameters[0]); if (i != ServerInstance->Config->oper_blocks.end()) @@ -199,18 +203,40 @@ class ModuleSSLInfo : public Module return MOD_RES_PASSTHRU; } + void OnUserConnect(LocalUser* user) + { + SocketCertificateRequest req(&user->eh, this); + if (!req.cert) + return; + cmd.CertExt.set(user, req.cert); + } + + void OnPostConnect(User* user) + { + ssl_cert *cert = cmd.CertExt.get(user); + if (!cert || cert->fingerprint.empty()) + return; + // find an auto-oper block for this user + for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++) + { + OperInfo* ifo = i->second; + std::string fp = ifo->oper_block->getString("fingerprint"); + if (fp == cert->fingerprint && ifo->oper_block->getBool("autologin")) + user->Oper(ifo); + } + } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) { SocketCertificateRequest req(&user->eh, this); - req.Send(); bool ok = true; - if (myclass->config->getBool("requiressl")) + if (myclass->config->getString("requiressl") == "trusted") { - ok = (req.cert != NULL); + ok = (req.cert && req.cert->IsCAVerified()); } - else if (myclass->config->getString("requiressl") == "trusted") + else if (myclass->config->getBool("requiressl")) { - ok = (req.cert && req.cert->IsCAVerified()); + ok = (req.cert != NULL); } if (!ok) @@ -225,13 +251,7 @@ class ModuleSSLInfo : public Module UserCertificateRequest& req = static_cast(request); req.cert = cmd.CertExt.get(req.user); } - else if (strcmp("SET_CERT", request.id) == 0) - { - SSLCertSubmission& req = static_cast(request); - cmd.CertExt.set(req.item, req.cert); - } } }; MODULE_INIT(ModuleSSLInfo) -