mirror of
https://github.com/inspircd/inspircd.git
synced 2025-03-09 18:49:03 -04:00
Shawn Smith
Peter Powell
parent
aa78793b3a
commit
cd43acedc9
@ -810,6 +810,8 @@ using their cloak when they quit.">
|
||||
(requires services account module).
|
||||
w Receives wallops messages.
|
||||
x Gives a cloaked hostname (requires cloaking module).
|
||||
z Only allow private messages from SSL users (requires
|
||||
sslmode module).
|
||||
B Marks as a bot (requires botmode module).
|
||||
G Censors messages sent to the user based on filters
|
||||
configured for the network (requires censor module).
|
||||
|
||||
@ -94,6 +94,8 @@ LOCKSERV UNLOCKSERV">
|
||||
(requires services account module).
|
||||
w Receives wallops messages.
|
||||
x Gives a cloaked hostname (requires cloaking module).
|
||||
z Only allow private messages from SSL users (requires
|
||||
sslmode module).
|
||||
B Marks as a bot (requires botmode module).
|
||||
G Censors messages sent to the user based on filters
|
||||
configured for the network (requires censor module).
|
||||
|
||||
@ -1882,12 +1882,17 @@
|
||||
#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
|
||||
|
||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
||||
# SSL channel mode module: Adds support for SSL-only channels via
|
||||
# channel mode +z and the 'z' extban which matches SSL client
|
||||
# certificate fingerprints.
|
||||
# SSL mode module: Adds support for SSL-only channels via the '+z'
|
||||
# channel mode, SSL-only private messages via the '+z' user mode and
|
||||
# the 'z:' extban which matches SSL client certificate fingerprints.
|
||||
#
|
||||
# Does not do anything useful without a working SSL module and the
|
||||
# sslinfo module (see below).
|
||||
#<module name="sslmodes">
|
||||
#
|
||||
# The +z user mode is not enabled by default to enable link compatibility
|
||||
# with 2.0 servers. You can enable it by uncommenting this:
|
||||
#<sslmodes enableumode="yes">
|
||||
|
||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
||||
# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
|
||||
|
||||
@ -1,6 +1,7 @@
|
||||
/*
|
||||
* InspIRCd -- Internet Relay Chat Daemon
|
||||
*
|
||||
* Copyright (C) 2013 Shawn Smith <shawn@inspircd.org>
|
||||
* Copyright (C) 2009 Daniel De Graaf <danieldg@inspircd.org>
|
||||
* Copyright (C) 2007 Robin Burchell <robin+git@viroteck.net>
|
||||
* Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
|
||||
@ -30,16 +31,29 @@ enum
|
||||
ERR_SECUREONLYCHAN = 489
|
||||
};
|
||||
|
||||
namespace
|
||||
{
|
||||
bool IsSSLUser(UserCertificateAPI& api, User* user)
|
||||
{
|
||||
if (!api)
|
||||
return false;
|
||||
|
||||
ssl_cert* cert = api->GetCertificate(user);
|
||||
return (cert != NULL);
|
||||
}
|
||||
}
|
||||
|
||||
/** Handle channel mode +z
|
||||
*/
|
||||
class SSLMode : public ModeHandler
|
||||
{
|
||||
public:
|
||||
UserCertificateAPI API;
|
||||
private:
|
||||
UserCertificateAPI& API;
|
||||
|
||||
SSLMode(Module* Creator)
|
||||
public:
|
||||
SSLMode(Module* Creator, UserCertificateAPI& api)
|
||||
: ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL)
|
||||
, API(Creator)
|
||||
, API(api)
|
||||
{
|
||||
}
|
||||
|
||||
@ -86,14 +100,60 @@ class SSLMode : public ModeHandler
|
||||
}
|
||||
};
|
||||
|
||||
/** Handle user mode +z
|
||||
*/
|
||||
class SSLModeUser : public ModeHandler
|
||||
{
|
||||
private:
|
||||
UserCertificateAPI& API;
|
||||
|
||||
public:
|
||||
SSLModeUser(Module* Creator, UserCertificateAPI& api)
|
||||
: ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER)
|
||||
, API(api)
|
||||
{
|
||||
if (!ServerInstance->Config->ConfValue("sslmodes")->getBool("enableumode"))
|
||||
DisableAutoRegister();
|
||||
}
|
||||
|
||||
ModeAction OnModeChange(User* user, User* dest, Channel* channel, std::string& parameter, bool adding) CXX11_OVERRIDE
|
||||
{
|
||||
if (adding)
|
||||
{
|
||||
if (!dest->IsModeSet(this))
|
||||
{
|
||||
if (!IsSSLUser(API, user))
|
||||
return MODEACTION_DENY;
|
||||
|
||||
dest->SetMode(this, true);
|
||||
return MODEACTION_ALLOW;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
if (dest->IsModeSet(this))
|
||||
{
|
||||
dest->SetMode(this, false);
|
||||
return MODEACTION_ALLOW;
|
||||
}
|
||||
}
|
||||
|
||||
return MODEACTION_DENY;
|
||||
}
|
||||
};
|
||||
|
||||
class ModuleSSLModes : public Module
|
||||
{
|
||||
|
||||
private:
|
||||
UserCertificateAPI api;
|
||||
SSLMode sslm;
|
||||
SSLModeUser sslquery;
|
||||
|
||||
public:
|
||||
ModuleSSLModes()
|
||||
: sslm(this)
|
||||
: api(this)
|
||||
, sslm(this, api)
|
||||
, sslquery(this, api)
|
||||
{
|
||||
}
|
||||
|
||||
@ -101,10 +161,10 @@ class ModuleSSLModes : public Module
|
||||
{
|
||||
if(chan && chan->IsModeSet(sslm))
|
||||
{
|
||||
if (!sslm.API)
|
||||
if (!api)
|
||||
return MOD_RES_DENY;
|
||||
|
||||
ssl_cert* cert = sslm.API->GetCertificate(user);
|
||||
ssl_cert* cert = api->GetCertificate(user);
|
||||
if (cert)
|
||||
{
|
||||
// Let them in
|
||||
@ -121,14 +181,48 @@ class ModuleSSLModes : public Module
|
||||
return MOD_RES_PASSTHRU;
|
||||
}
|
||||
|
||||
ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) CXX11_OVERRIDE
|
||||
{
|
||||
if (msgtarget.type != MessageTarget::TYPE_USER)
|
||||
return MOD_RES_PASSTHRU;
|
||||
|
||||
User* target = msgtarget.Get<User>();
|
||||
|
||||
/* If one or more of the parties involved is a ulined service, we wont stop it. */
|
||||
if (user->server->IsULine() || target->server->IsULine())
|
||||
return MOD_RES_PASSTHRU;
|
||||
|
||||
/* If the target is +z */
|
||||
if (target->IsModeSet(sslquery))
|
||||
{
|
||||
if (!IsSSLUser(api, user))
|
||||
{
|
||||
/* The sending user is not on an SSL connection */
|
||||
user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)");
|
||||
return MOD_RES_DENY;
|
||||
}
|
||||
}
|
||||
/* If the user is +z */
|
||||
else if (user->IsModeSet(sslquery))
|
||||
{
|
||||
if (!IsSSLUser(api, target))
|
||||
{
|
||||
user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user.");
|
||||
return MOD_RES_DENY;
|
||||
}
|
||||
}
|
||||
|
||||
return MOD_RES_PASSTHRU;
|
||||
}
|
||||
|
||||
ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) CXX11_OVERRIDE
|
||||
{
|
||||
if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
|
||||
{
|
||||
if (!sslm.API)
|
||||
if (!api)
|
||||
return MOD_RES_DENY;
|
||||
|
||||
ssl_cert* cert = sslm.API->GetCertificate(user);
|
||||
ssl_cert* cert = api->GetCertificate(user);
|
||||
if (cert && InspIRCd::Match(cert->GetFingerprint(), mask.substr(2)))
|
||||
return MOD_RES_DENY;
|
||||
}
|
||||
@ -142,7 +236,7 @@ class ModuleSSLModes : public Module
|
||||
|
||||
Version GetVersion() CXX11_OVERRIDE
|
||||
{
|
||||
return Version("Provides channel mode +z to allow for Secure/SSL only channels", VF_VENDOR);
|
||||
return Version("Provides user and channel mode +z to allow for SSL-only channels, queries and notices.", VF_VENDOR);
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user