X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslmodes.cpp;h=dc0063d29b0bf2260548f115521ebbda7a9bbd82;hb=77730fd5f09f8fc193205654c8bba84d34365670;hp=8ec346db25bd07476fe2a70b2ae93aab466f3709;hpb=e21ee18e62aecee6d27a0f9ba497a52688cb8349;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index 8ec346db2..dc0063d29 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -1,48 +1,86 @@ -/* +------------------------------------+ - * | Inspire Internet Relay Chat Daemon | - * +------------------------------------+ +/* + * InspIRCd -- Internet Relay Chat Daemon * - * InspIRCd: (C) 2002-2008 InspIRCd Development Team - * See: http://www.inspircd.org/wiki/index.php/Credits + * Copyright (C) 2013 Shawn Smith + * Copyright (C) 2009 Daniel De Graaf + * Copyright (C) 2007 Robin Burchell + * Copyright (C) 2007 Dennis Friis + * Copyright (C) 2006 Craig Edwards + * Copyright (C) 2006 Oliver Lupton * - * This program is free but copyrighted software; see - * the file COPYING for details. + * This file is part of InspIRCd. InspIRCd is free software: you can + * redistribute it and/or modify it under the terms of the GNU General Public + * License as published by the Free Software Foundation, version 2. * - * --------------------------------------------------- + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS + * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more + * details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . */ + #include "inspircd.h" +#include "modules/ssl.h" + +enum +{ + // From UnrealIRCd. + ERR_SECUREONLYCHAN = 489, + ERR_ALLMUSTSSL = 490 +}; -/* $ModDesc: Provides support for unreal-style channel mode +z */ +namespace +{ + bool IsSSLUser(UserCertificateAPI& api, User* user) + { + if (!api) + return false; -static char* dummy; + ssl_cert* cert = api->GetCertificate(user); + return (cert != NULL); + } +} /** Handle channel mode +z */ class SSLMode : public ModeHandler { + private: + UserCertificateAPI& API; + public: - SSLMode(InspIRCd* Instance) : ModeHandler(Instance, 'z', 0, 0, false, MODETYPE_CHANNEL, false) { } + SSLMode(Module* Creator, UserCertificateAPI& api) + : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL) + , API(api) + { + } - ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding, bool) + ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE { if (adding) { - if (!channel->IsModeSet('z')) + if (!channel->IsModeSet(this)) { if (IS_LOCAL(source)) { - CUList* userlist = channel->GetUsers(); - for(CUList::iterator i = userlist->begin(); i != userlist->end(); i++) + if (!API) + return MODEACTION_DENY; + + const Channel::MemberMap& userlist = channel->GetUsers(); + for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i) { - if(!i->first->GetExt("ssl", dummy)) + ssl_cert* cert = API->GetCertificate(i->first); + if (!cert && !i->first->server->IsULine()) { - source->WriteServ("490 %s %s :all members of the channel must be connected via SSL", source->nick, channel->name); + source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "all members of the channel must be connected via SSL"); return MODEACTION_DENY; } } } - channel->SetMode('z',true); + channel->SetMode(this, true); return MODEACTION_ALLOW; } else @@ -52,9 +90,9 @@ class SSLMode : public ModeHandler } else { - if (channel->IsModeSet('z')) + if (channel->IsModeSet(this)) { - channel->SetMode('z',false); + channel->SetMode(this, false); return MODEACTION_ALLOW; } @@ -63,57 +101,144 @@ class SSLMode : public ModeHandler } }; -class ModuleSSLModes : public Module +/** Handle user mode +z +*/ +class SSLModeUser : public ModeHandler { - - SSLMode* sslm; - + private: + UserCertificateAPI& API; + public: - ModuleSSLModes(InspIRCd* Me) - : Module(Me) + SSLModeUser(Module* Creator, UserCertificateAPI& api) + : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER) + , API(api) + { + if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode")) + DisableAutoRegister(); + } + + ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE { - + if (adding) + { + if (!dest->IsModeSet(this)) + { + if (!IsSSLUser(API, user)) + return MODEACTION_DENY; + + dest->SetMode(this, true); + return MODEACTION_ALLOW; + } + } + else + { + if (dest->IsModeSet(this)) + { + dest->SetMode(this, false); + return MODEACTION_ALLOW; + } + } - sslm = new SSLMode(ServerInstance); - if (!ServerInstance->Modes->AddMode(sslm)) - throw ModuleException("Could not add new modes!"); - Implementation eventlist[] = { I_OnUserPreJoin }; - ServerInstance->Modules->Attach(eventlist, this, 1); + return MODEACTION_DENY; } +}; +class ModuleSSLModes : public Module +{ + private: + UserCertificateAPI api; + SSLMode sslm; + SSLModeUser sslquery; + + public: + ModuleSSLModes() + : api(this) + , sslm(this, api) + , sslquery(this, api) + { + } - virtual int OnUserPreJoin(User* user, Channel* chan, const char* cname, std::string &privs) + ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven) CXX11_OVERRIDE { - if(chan && chan->IsModeSet('z')) + if(chan && chan->IsModeSet(sslm)) { - if(user->GetExt("ssl", dummy)) + if (!api) + return MOD_RES_DENY; + + ssl_cert* cert = api->GetCertificate(user); + if (cert) { // Let them in - return 0; + return MOD_RES_PASSTHRU; } else { // Deny - user->WriteServ( "489 %s %s :Cannot join channel; SSL users only (+z)", user->nick, cname); - return 1; + user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)"); + return MOD_RES_DENY; } } - - return 0; + + return MOD_RES_PASSTHRU; } - virtual ~ModuleSSLModes() + ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE { - ServerInstance->Modes->DelMode(sslm); - delete sslm; + if (msgtarget.type != MessageTarget::TYPE_USER) + return MOD_RES_PASSTHRU; + + User* target = msgtarget.Get(); + + /* If one or more of the parties involved is a ulined service, we wont stop it. */ + if (user->server->IsULine() || target->server->IsULine()) + return MOD_RES_PASSTHRU; + + /* If the target is +z */ + if (target->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, user)) + { + /* The sending user is not on an SSL connection */ + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)"); + return MOD_RES_DENY; + } + } + /* If the user is +z */ + else if (user->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, target)) + { + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user."); + return MOD_RES_DENY; + } + } + + return MOD_RES_PASSTHRU; } - - virtual Version GetVersion() + + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE { - return Version(1, 1, 0, 0, VF_COMMON | VF_VENDOR, API_VERSION); + if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':')) + { + if (!api) + return MOD_RES_DENY; + + ssl_cert* cert = api->GetCertificate(user); + if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2))) + return MOD_RES_DENY; + } + return MOD_RES_PASSTHRU; } -}; + void On005Numeric(std::map& tokens) CXX11_OVERRIDE + { + tokens["EXTBAN"].push_back('z'); + } -MODULE_INIT(ModuleSSLModes) + Version GetVersion() CXX11_OVERRIDE + { + return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR); + } +}; +MODULE_INIT(ModuleSSLModes)