X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sslmodes.cpp;h=f162ceb87d25c097895edac583e74aead037a896;hb=625e5435f51650f547f4411441c0b7b958c53d30;hp=dc0063d29b0bf2260548f115521ebbda7a9bbd82;hpb=48a400f2e068527b338ceecf8ed1dde2da971ca9;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp
index dc0063d29..f162ceb87 100644
--- a/src/modules/m_sslmodes.cpp
+++ b/src/modules/m_sslmodes.cpp
@@ -32,18 +32,6 @@ enum
 	ERR_ALLMUSTSSL = 490
 };
 
-namespace
-{
-	bool IsSSLUser(UserCertificateAPI& api, User* user)
-	{
-		if (!api)
-			return false;
-
-		ssl_cert* cert = api->GetCertificate(user);
-		return (cert != NULL);
-	}
-}
-
 /** Handle channel mode +z
  */
 class SSLMode : public ModeHandler
@@ -67,7 +55,10 @@ class SSLMode : public ModeHandler
 				if (IS_LOCAL(source))
 				{
 					if (!API)
+					{
+						source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via SSL");
 						return MODEACTION_DENY;
+					}
 
 					const Channel::MemberMap& userlist = channel->GetUsers();
 					for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i)
@@ -123,7 +114,7 @@ class SSLModeUser : public ModeHandler
 		{
 			if (!dest->IsModeSet(this))
 			{
-				if (!IsSSLUser(API, user))
+				if (!API || !API->GetCertificate(user))
 					return MODEACTION_DENY;
 
 				dest->SetMode(this, true);
@@ -163,17 +154,13 @@ class ModuleSSLModes : public Module
 		if(chan && chan->IsModeSet(sslm))
 		{
 			if (!api)
-				return MOD_RES_DENY;
-
-			ssl_cert* cert = api->GetCertificate(user);
-			if (cert)
 			{
-				// Let them in
-				return MOD_RES_PASSTHRU;
+				user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are a SSL user (+z)");
+				return MOD_RES_DENY;
 			}
-			else
+
+			if (!api->GetCertificate(user))
 			{
-				// Deny
 				user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)");
 				return MOD_RES_DENY;
 			}
@@ -196,7 +183,7 @@ class ModuleSSLModes : public Module
 		/* If the target is +z */
 		if (target->IsModeSet(sslquery))
 		{
-			if (!IsSSLUser(api, user))
+			if (!api || !api->GetCertificate(user))
 			{
 				/* The sending user is not on an SSL connection */
 				user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)");
@@ -206,7 +193,7 @@ class ModuleSSLModes : public Module
 		/* If the user is +z */
 		else if (user->IsModeSet(sslquery))
 		{
-			if (!IsSSLUser(api, target))
+			if (!api || !api->GetCertificate(target))
 			{
 				user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user.");
 				return MOD_RES_DENY;
@@ -220,11 +207,8 @@ class ModuleSSLModes : public Module
 	{
 		if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
 		{
-			if (!api)
-				return MOD_RES_DENY;
-
-			ssl_cert* cert = api->GetCertificate(user);
-			if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2)))
+			const std::string fp = api ? api->GetFingerprint(user) : "";
+			if (!fp.empty() && InspIRCd::Match(fp, mask.substr(2)))
 				return MOD_RES_DENY;
 		}
 		return MOD_RES_PASSTHRU;