Merge insp20

diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index a2bdb76eebdfa8133cdf21db9617662df608109c..d33403abade42dfef29d4f625f8dc9df1814b1f7 100644 (file)
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -1029,6 +1029,7 @@ info_done_dealloc:
        }
 
        GnuTLS::Profile* GetProfile() { return profile; }
+       bool IsHandshakeDone() const { return (status == ISSL_HANDSHAKEN); }
 };
 
 int GnuTLS::X509Credentials::cert_callback(gnutls_session_t sess, const gnutls_datum_t* req_ca_rdn, int nreqs, const gnutls_pk_algorithm_t* sign_algos, int sign_algos_length, cert_cb_last_param_type* st)
@@ -1204,6 +1205,18 @@ class ModuleSSLGnuTLS : public Module
                if (hook && hook->prov->creator == this)
                        static_cast<GnuTLSIOHook*>(hook)->TellCiphersAndFingerprint(user);
        }
+
+       ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
+       {
+               if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
+               {
+                       GnuTLSIOHook* iohook = static_cast<GnuTLSIOHook*>(user->eh.GetIOHook());
+                       if (!iohook->IsHandshakeDone())
+                               return MOD_RES_DENY;
+               }
+
+               return MOD_RES_PASSTHRU;
+       }
 };
 
 MODULE_INIT(ModuleSSLGnuTLS)

diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 0fd4608be21702e28abf82807e6e735ba646e37d..c8a035fac60d41702cda6c5bf37ffbd3a102ced2 100644 (file)
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -680,6 +680,8 @@ class OpenSSLIOHook : public SSLIOHook
                out.append(SSL_get_version(sess)).push_back('-');
                out.append(SSL_get_cipher(sess));
        }
+
+       bool IsHandshakeDone() const { return (status == ISSL_OPEN); }
 };
 
 static void StaticSSLInfoCallback(const SSL* ssl, int where, int rc)
@@ -831,6 +833,18 @@ class ModuleSSLOpenSSL : public Module
                }
        }
 
+       ModResult OnCheckReady(LocalUser* user) CXX11_OVERRIDE
+       {
+               if ((user->eh.GetIOHook()) && (user->eh.GetIOHook()->prov->creator == this))
+               {
+                       OpenSSLIOHook* iohook = static_cast<OpenSSLIOHook*>(user->eh.GetIOHook());
+                       if (!iohook->IsHandshakeDone())
+                               return MOD_RES_DENY;
+               }
+
+               return MOD_RES_PASSTHRU;
+       }
+
        Version GetVersion() CXX11_OVERRIDE
        {
                return Version("Provides SSL support for clients", VF_VENDOR);

diff --git a/src/modules/m_restrictmsg.cpp b/src/modules/m_restrictmsg.cpp
index e0887e58714dc051e8a3945e6dab10e8cd9ef5b5..279775d480570621bb58a9f3464c390271a0d0b7 100644 (file)
--- a/src/modules/m_restrictmsg.cpp
+++ b/src/modules/m_restrictmsg.cpp
@@ -33,8 +33,9 @@ class ModuleRestrictMsg : public Module
                        // message allowed if:
                        // (1) the sender is opered
                        // (2) the recipient is opered
+                       // (3) the recipient is on a ulined server
                        // anything else, blocked.
-                       if (u->IsOper() || user->IsOper())
+                       if (u->IsOper() || user->IsOper() || u->server->IsULine())
                        {
                                return MOD_RES_PASSTHRU;
                        }