X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslmodes.cpp;h=dc0063d29b0bf2260548f115521ebbda7a9bbd82;hb=c60f88bb5ce23d1291dddfd3e15ba71c801b7d3c;hp=6d1d62782d4a162386132e39fbca8e0ea34c6692;hpb=91e0af0fc4889f20d2f63426f8fe379674fc0393;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp index 6d1d62782..dc0063d29 100644 --- a/src/modules/m_sslmodes.cpp +++ b/src/modules/m_sslmodes.cpp @@ -1,6 +1,7 @@ /* * InspIRCd -- Internet Relay Chat Daemon * + * Copyright (C) 2013 Shawn Smith * Copyright (C) 2009 Daniel De Graaf * Copyright (C) 2007 Robin Burchell * Copyright (C) 2007 Dennis Friis @@ -27,19 +28,33 @@ enum { // From UnrealIRCd. - ERR_SECUREONLYCHAN = 489 + ERR_SECUREONLYCHAN = 489, + ERR_ALLMUSTSSL = 490 }; +namespace +{ + bool IsSSLUser(UserCertificateAPI& api, User* user) + { + if (!api) + return false; + + ssl_cert* cert = api->GetCertificate(user); + return (cert != NULL); + } +} + /** Handle channel mode +z */ class SSLMode : public ModeHandler { - public: - UserCertificateAPI API; + private: + UserCertificateAPI& API; - SSLMode(Module* Creator) + public: + SSLMode(Module* Creator, UserCertificateAPI& api) : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL) - , API(Creator) + , API(api) { } @@ -86,14 +101,60 @@ class SSLMode : public ModeHandler } }; -class ModuleSSLModes : public Module +/** Handle user mode +z +*/ +class SSLModeUser : public ModeHandler { + private: + UserCertificateAPI& API; + + public: + SSLModeUser(Module* Creator, UserCertificateAPI& api) + : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER) + , API(api) + { + if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode")) + DisableAutoRegister(); + } + + ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE + { + if (adding) + { + if (!dest->IsModeSet(this)) + { + if (!IsSSLUser(API, user)) + return MODEACTION_DENY; + + dest->SetMode(this, true); + return MODEACTION_ALLOW; + } + } + else + { + if (dest->IsModeSet(this)) + { + dest->SetMode(this, false); + return MODEACTION_ALLOW; + } + } + return MODEACTION_DENY; + } +}; + +class ModuleSSLModes : public Module +{ + private: + UserCertificateAPI api; SSLMode sslm; + SSLModeUser sslquery; public: ModuleSSLModes() - : sslm(this) + : api(this) + , sslm(this, api) + , sslquery(this, api) { } @@ -101,10 +162,10 @@ class ModuleSSLModes : public Module { if(chan && chan->IsModeSet(sslm)) { - if (!sslm.API) + if (!api) return MOD_RES_DENY; - ssl_cert* cert = sslm.API->GetCertificate(user); + ssl_cert* cert = api->GetCertificate(user); if (cert) { // Let them in @@ -121,14 +182,48 @@ class ModuleSSLModes : public Module return MOD_RES_PASSTHRU; } + ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE + { + if (msgtarget.type != MessageTarget::TYPE_USER) + return MOD_RES_PASSTHRU; + + User* target = msgtarget.Get(); + + /* If one or more of the parties involved is a ulined service, we wont stop it. */ + if (user->server->IsULine() || target->server->IsULine()) + return MOD_RES_PASSTHRU; + + /* If the target is +z */ + if (target->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, user)) + { + /* The sending user is not on an SSL connection */ + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)"); + return MOD_RES_DENY; + } + } + /* If the user is +z */ + else if (user->IsModeSet(sslquery)) + { + if (!IsSSLUser(api, target)) + { + user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user."); + return MOD_RES_DENY; + } + } + + return MOD_RES_PASSTHRU; + } + ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE { if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':')) { - if (!sslm.API) + if (!api) return MOD_RES_DENY; - ssl_cert* cert = sslm.API->GetCertificate(user); + ssl_cert* cert = api->GetCertificate(user); if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2))) return MOD_RES_DENY; } @@ -142,7 +237,7 @@ class ModuleSSLModes : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Provides channel mode +z to allow for Secure/SSL only channels", VF_VENDOR); + return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR); } };