ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-09 18:49:03 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add support for requiring users to use SSL in order to use SASL.

Browse Source
This commit is contained in:
Sadie Powell 2020-02-21 20:27:05 +00:00
parent 77a2f04c41
commit b31a4aea1b
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
docs/conf/modules.conf.example
View File

@ -1951,7 +1951,10 @@
# You must define <sasl:target> to the name of your services server so
# that InspIRCd knows where to send SASL authentication messages and
# when it should enable the SASL capability.
#<sasl target="services.mynetwork.com">
# You can also define <sasl:requiressl> to require users to use SSL in
# order to be able to use SASL.
#<sasl target="services.mynetwork.com"
# requiressl="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent /LIST in the first minute of connection,

15
src/modules/m_sasl.cpp
View File

@ -109,11 +109,16 @@ class ServerTracker
class SASLCap : public Cap::Capability
{
private:
std::string mechlist;
const ServerTracker& servertracker;
UserCertificateAPI sslapi;
bool OnRequest(LocalUser* user, bool adding) CXX11_OVERRIDE
{
if (requiressl && sslapi && !sslapi->GetCertificate(user))
return false;
// Servers MUST NAK any sasl capability request if the authentication layer
// is unavailable.
return servertracker.IsOnline();
@ -121,6 +126,9 @@ class SASLCap : public Cap::Capability
bool OnList(LocalUser* user) CXX11_OVERRIDE
{
if (requiressl && sslapi && !sslapi->GetCertificate(user))
return false;
// Servers MUST NOT advertise the sasl capability if the authentication layer
// is unavailable.
return servertracker.IsOnline();
@ -132,9 +140,11 @@ class SASLCap : public Cap::Capability
}
public:
bool requiressl;
SASLCap(Module* mod, const ServerTracker& tracker)
: Cap::Capability(mod, "sasl")
, servertracker(tracker)
, sslapi(mod)
{
}
@ -426,10 +436,13 @@ class ModuleSASL : public Module
void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
{
std::string target = ServerInstance->Config->ConfValue("sasl")->getString("target");
ConfigTag* tag = ServerInstance->Config->ConfValue("sasl");
const std::string target = tag->getString("target");
if (target.empty())
throw ModuleException("<sasl:target> must be set to the name of your services server!");
cap.requiressl = tag->getBool("requiressl");
sasl_target = target;
servertracker.Reset();
}