ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-10 02:59:01 -04:00
Code Issues Packages Projects Releases Wiki Activity

Always respect the host field when automatically logging in opers.

Browse Source
This commit is contained in:
Sadie Powell 2021-08-26 18:17:22 +01:00
parent 685d9084a1
commit 2cfd1708d5
2 changed files with 12 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
docs/conf/opers.conf.example
View File

@ -124,11 +124,8 @@
#fingerprint="67cb9dc013248a829bb2171ed11becd4"
# autologin: If a TLS client certificate fingerprint for this oper is specified,
# you can have the oper block automatically log in. This can also be set to
# "if-host-match", to additionally check the host setting for this block before
# automatically logging in. Otherwise, all security of the oper block rests on the
# protection of the TLS client certificate, so be sure that the private key is
# well-protected!. Requires the sslinfo module.
# you can have the oper block automatically log in if they match the fingerprint
# and host fields. Requires the sslinfo module.
#autologin="yes"
# sslonly: If enabled, this oper can only oper up if they're using a TLS connection.

28
src/modules/m_sslinfo.cpp
View File

@ -373,27 +373,19 @@ class ModuleSSLInfo
return;
// Find an auto-oper block for this user
for (const auto& [_, ifo] : ServerInstance->Config->oper_blocks)
for (const auto& [_, info] : ServerInstance->Config->oper_blocks)
{
std::string fp = ifo->oper_block->getString("fingerprint");
if (!MatchFP(cert, fp))
continue;
auto oper = info->oper_block;
if (!oper->getBool("autologin"))
continue; // No autologin for this block.
bool do_login = false;
const std::string autologin = ifo->oper_block->getString("autologin");
if (stdalgo::string::equalsci(autologin, "if-host-match"))
{
const std::string& userHost = localuser->MakeHost();
const std::string& userIP = localuser->MakeHostIP();
do_login = InspIRCd::MatchMask(ifo->oper_block->getString("host"), userHost, userIP);
}
else if (ifo->oper_block->getBool("autologin"))
{
do_login = true;
}
if (!InspIRCd::MatchMask(oper->getString("host"), localuser->MakeHost(), localuser->MakeHostIP()))
continue; // Host doesn't match.
if (do_login)
user->Oper(ifo);
if (!MatchFP(cert, oper->getString("fingerprint")))
continue; // Fingerprint doesn't match.
user->Oper(info);
}
}