X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslmodes.cpp;h=67128e6bd59596076437feb3288f0e09034c52ae;hb=e59cb85871f75b7603c63c6cd274d57536cf6794;hp=d3afd00e6854ca4fac1adaf74736889904929ab9;hpb=a3e0768758ca68429a29d9c78ce672f2d938c6e7;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index d3afd00e6..67128e6bd 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -1,6 +1,7 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2013 Shawn Smith * Copyright (C) 2009 Daniel De Graaf * Copyright (C) 2007 Robin Burchell * Copyright (C) 2007 Dennis Friis @@ -22,28 +23,31 @@ #include "inspircd.h" +#include "modules/ctctags.h" #include "modules/ssl.h" enum { // From UnrealIRCd. - ERR_SECUREONLYCHAN = 489 + ERR_SECUREONLYCHAN = 489, + ERR_ALLMUSTSSL = 490 }; /** Handle channel mode +z */ class SSLMode : public ModeHandler { - public: - UserCertificateAPI API; + private: + UserCertificateAPI& API; - SSLMode(Module* Creator) + public: + SSLMode(Module* Creator, UserCertificateAPI& api) : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL) - , API(Creator) + , API(api) { } - ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE { if (adding) { @@ -52,7 +56,10 @@ class SSLMode : public ModeHandler if (IS_LOCAL(source)) { if (!API) + { + source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via SSL"); return MODEACTION_DENY; + } const Channel::MemberMap& userlist = channel->GetUsers(); for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i) @@ -86,14 +93,63 @@ class SSLMode : public ModeHandler } }; -class ModuleSSLModes : public Module +/** Handle user mode +z +*/ +class SSLModeUser : public ModeHandler { + private: + UserCertificateAPI& API; + + public: + SSLModeUser(Module* Creator, UserCertificateAPI& api) + : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER) + , API(api) + { + if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode")) + DisableAutoRegister(); + } + ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE + { + if (adding) + { + if (!dest->IsModeSet(this)) + { + if (!API || !API->GetCertificate(user)) + return MODEACTION_DENY; + + dest->SetMode(this, true); + return MODEACTION_ALLOW; + } + } + else + { + if (dest->IsModeSet(this)) + { + dest->SetMode(this, false); + return MODEACTION_ALLOW; + } + } + + return MODEACTION_DENY; + } +}; + +class ModuleSSLModes + : public Module + , public CTCTags::EventListener +{ + private: + UserCertificateAPI api; SSLMode sslm; + SSLModeUser sslquery; public: ModuleSSLModes() - : sslm(this) + : CTCTags::EventListener(this) + , api(this) + , sslm(this, api) + , sslquery(this, api) { } @@ -101,19 +157,49 @@ class ModuleSSLModes : public Module { if(chan && chan->IsModeSet(sslm)) { - if (!sslm.API) + if (!api) + { + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are an SSL user (+z is set)"); return MOD_RES_DENY; + } - ssl_cert* cert = sslm.API->GetCertificate(user); - if (cert) + if (!api->GetCertificate(user)) { - // Let them in - return MOD_RES_PASSTHRU; + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z is set)"); + return MOD_RES_DENY; } - else + } + + return MOD_RES_PASSTHRU; + } + + ModResult HandleMessage(User* user, const MessageTarget& msgtarget) + { + if (msgtarget.type != MessageTarget::TYPE_USER) + return MOD_RES_PASSTHRU; + + User* target = msgtarget.Get(); + + /* If one or more of the parties involved is a ulined service, we wont stop it. */ + if (user->server->IsULine() || target->server->IsULine()) + return MOD_RES_PASSTHRU; + + /* If the target is +z */ + if (target->IsModeSet(sslquery)) + { + if (!api || !api->GetCertificate(user)) { - // Deny - user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)"); + /* The sending user is not on an SSL connection */ + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z is set)"); + return MOD_RES_DENY; + } + } + /* If the user is +z */ + else if (user->IsModeSet(sslquery)) + { + if (!api || !api->GetCertificate(target)) + { + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove user mode 'z' before you are able to send private messages to a non-SSL user."); return MOD_RES_DENY; } } @@ -121,15 +207,22 @@ class ModuleSSLModes : public Module return MOD_RES_PASSTHRU; } + ModResult OnUserPreMessage(User* user, const MessageTarget& target, MessageDetails& details) CXX11_OVERRIDE + { + return HandleMessage(user, target); + } + + ModResult OnUserPreTagMessage(User* user, const MessageTarget& target, CTCTags::TagMessageDetails& details) CXX11_OVERRIDE + { + return HandleMessage(user, target); + } + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE { if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':')) { - if (!sslm.API) - return MOD_RES_DENY; - - ssl_cert* cert = sslm.API->GetCertificate(user); - if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2))) + const std::string fp = api ? api->GetFingerprint(user) : ""; + if (!fp.empty() && InspIRCd::Match(fp, mask.substr(2))) return MOD_RES_DENY; } return MOD_RES_PASSTHRU; @@ -142,7 +235,7 @@ class ModuleSSLModes : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Provides channel mode +z to allow for Secure/SSL only channels", VF_VENDOR); + return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices", VF_VENDOR); } };