X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslinfo.cpp;h=e27161dac02c809e76afae2e274a041f2e8c3562;hb=3cf993500544c2157992650da2487bfa89be405d;hp=19b6160cc8b20cd903979a8b38e15ea197e18535;hpb=b7bed41eb90a1c71bf99af1ce7cb0685e5582cf7;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 19b6160cc..e27161dac 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -83,35 +83,35 @@ class CommandSSLInfo : public Command CmdResult Handle (const std::vector ¶meters, User *user) { - User* target = ServerInstance->FindNick(parameters[0]); + User* target = ServerInstance->FindNickOnly(parameters[0]); - if (target) + if (!target) { - ssl_cert* cert = CertExt.get(target); - if (cert) - { - if (cert->GetError().length()) - { - user->WriteServ("NOTICE %s :*** No SSL certificate information for this user (%s).", user->nick.c_str(), cert->GetError().c_str()); - } - else - { - user->WriteServ("NOTICE %s :*** Distinguised Name: %s", user->nick.c_str(), cert->GetDN().c_str()); - user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick.c_str(), cert->GetIssuer().c_str()); - user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick.c_str(), cert->GetFingerprint().c_str()); - } - return CMD_SUCCESS; - } - else - { - user->WriteServ("NOTICE %s :*** No SSL certificate information for this user.", user->nick.c_str()); - return CMD_FAILURE; - } + user->WriteNumeric(ERR_NOSUCHNICK, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); + return CMD_FAILURE; + } + bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); + if (operonlyfp && !IS_OPER(user) && target != user) + { + user->WriteServ("NOTICE %s :*** You cannot view SSL certificate information for other users", user->nick.c_str()); + return CMD_FAILURE; + } + ssl_cert* cert = CertExt.get(target); + if (!cert) + { + user->WriteServ("NOTICE %s :*** No SSL certificate for this user", user->nick.c_str()); + } + else if (cert->GetError().length()) + { + user->WriteServ("NOTICE %s :*** No SSL certificate information for this user (%s).", user->nick.c_str(), cert->GetError().c_str()); } else - user->WriteNumeric(ERR_NOSUCHNICK, "%s %s :No such nickname", user->nick.c_str(), parameters[0].c_str()); - - return CMD_FAILURE; + { + user->WriteServ("NOTICE %s :*** Distinguished Name: %s", user->nick.c_str(), cert->GetDN().c_str()); + user->WriteServ("NOTICE %s :*** Issuer: %s", user->nick.c_str(), cert->GetIssuer().c_str()); + user->WriteServ("NOTICE %s :*** Key Fingerprint: %s", user->nick.c_str(), cert->GetFingerprint().c_str()); + } + return CMD_SUCCESS; } }; @@ -120,15 +120,18 @@ class ModuleSSLInfo : public Module CommandSSLInfo cmd; public: - ModuleSSLInfo() - : cmd(this) + ModuleSSLInfo() : cmd(this) + { + } + + void init() { ServerInstance->AddCommand(&cmd); ServerInstance->Extensions.Register(&cmd.CertExt); - Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass }; - ServerInstance->Modules->Attach(eventlist, this, 3); + Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect }; + ServerInstance->Modules->Attach(eventlist, this, 4); } Version GetVersion() @@ -138,9 +141,14 @@ class ModuleSSLInfo : public Module void OnWhois(User* source, User* dest) { - if (cmd.CertExt.get(dest)) + ssl_cert* cert = cmd.CertExt.get(dest); + if (cert) { - ServerInstance->SendWhoisLine(source, dest, 320, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); + ServerInstance->SendWhoisLine(source, dest, 671, "%s %s :is using a secure connection", source->nick.c_str(), dest->nick.c_str()); + bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); + if ((!operonlyfp || source == dest || IS_OPER(source)) && !cert->fingerprint.empty()) + ServerInstance->SendWhoisLine(source, dest, 276, "%s %s :has client certificate fingerprint %s", + source->nick.c_str(), dest->nick.c_str(), cert->fingerprint.c_str()); } } @@ -191,18 +199,35 @@ class ModuleSSLInfo : public Module return MOD_RES_PASSTHRU; } + void OnUserConnect(LocalUser* user) + { + SocketCertificateRequest req(&user->eh, this); + if (!req.cert) + return; + cmd.CertExt.set(user, req.cert); + if (req.cert->fingerprint.empty()) + return; + // find an auto-oper block for this user + for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++) + { + OperInfo* ifo = i->second; + std::string fp = ifo->oper_block->getString("fingerprint"); + if (fp == req.cert->fingerprint && ifo->oper_block->getBool("autologin")) + user->Oper(ifo); + } + } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) { SocketCertificateRequest req(&user->eh, this); - req.Send(); bool ok = true; - if (myclass->config->getBool("requiressl")) + if (myclass->config->getString("requiressl") == "trusted") { - ok = (req.cert != NULL); + ok = (req.cert && req.cert->IsCAVerified()); } - else if (myclass->config->getString("requiressl") == "trusted") + else if (myclass->config->getBool("requiressl")) { - ok = (req.cert && req.cert->IsCAVerified()); + ok = (req.cert != NULL); } if (!ok) @@ -217,11 +242,6 @@ class ModuleSSLInfo : public Module UserCertificateRequest& req = static_cast(request); req.cert = cmd.CertExt.get(req.user); } - else if (strcmp("SET_CERT", request.id) == 0) - { - SSLCertSubmission& req = static_cast(request); - cmd.CertExt.set(req.item, req.cert); - } } };