ouch/inspircd
2
0
Fork 0
mirror of https://github.com/inspircd/inspircd.git synced 2025-03-09 10:39:02 -04:00
Code Issues Packages Projects Releases Wiki Activity

Add the fingerprint cloak method to the cloak_user module.

Browse Source
This commit is contained in:
Sadie Powell 2024-01-13 19:10:47 +00:00
parent 0086b162aa
commit f2652e25b6
2 changed files with 59 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
docs/conf/modules.conf.example
View File

@ -653,7 +653,8 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# User data cloak module: Adds the "account" (services account name),
# "account-id" (services account id), "nickname" (current nickname),
# and "username" (RFC 1413 identification string) cloak methods.
# "fingerprint" (client certificate fingerprint), and "username" (RFC
# 1413 identification string) cloak methods.
#<module name="cloak_user">
#
#-#-#-#-#-#-#-#-#-#-#- USER CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
@ -670,6 +671,11 @@
# host character, or "truncate" to truncate the cloak #
# at the invalid host character. Defaults to "strip". #
# #
# length - If using the "fingerprint" method them the number of #
# characters of the fingerprint hash to use. Defaults #
# to the value of <limits:maxhost> minus the length of #
# the prefix and suffix fields. #
# #
# prefix - A freeform value to prefix cloaks with. This must #
# not contain spaces. #
# #
@ -694,6 +700,13 @@
# prefix=""
# suffix=".users.example.com">
#
#<cloak method="fingerprint"
# class=""
# invalidchar="strip"
# length="16"
# prefix=""
# suffix=".fp">
#
#<cloak method="nickname"
# class=""
# invalidchar="strip"

47
src/modules/m_cloak_user.cpp
View File

@ -19,11 +19,12 @@
#include "inspircd.h"
#include "modules/account.h"
#include "modules/cloak.h"
#include "modules/ssl.h"
class UserMethodBase
: public Cloak::Method
{
private:
protected:
// The action to take when an invalid character is encountered.
enum InvalidChar
: uint8_t
@ -53,7 +54,6 @@ private:
// Retrieves the middle segment of the cloak.
virtual std::string GetMiddle(LocalUser* user) = 0;
protected:
UserMethodBase(const Cloak::Engine* engine, const std::shared_ptr<ConfigTag>& tag, const CharState& hm) ATTR_NOT_NULL(2)
: Cloak::Method(engine, tag)
, hostmap(hm)
@ -186,6 +186,47 @@ public:
}
};
class FingerprintMethod final
: public UserMethodBase
{
private:
// Dynamic reference to the certificate api.
UserCertificateAPI sslapi;
// The number of octets of the fingerprint to use.
size_t length;
// Retrieves the middle segment of the cloak.
std::string GetMiddle(LocalUser* user) override
{
const ssl_cert* cert = sslapi ? sslapi->GetCertificate(user) : nullptr;
if (!cert || !cert->IsUsable())
return {};
return cert->GetFingerprint().substr(0, length);
}
// Calculates the longest valid fingerprint length.
inline size_t GetMaxLength()
{
return ServerInstance->Config->Limits.MaxHost - prefix.length() - suffix.length();
}
public:
FingerprintMethod(const Cloak::Engine* engine, const std::shared_ptr<ConfigTag>& tag, const CharState& hm) ATTR_NOT_NULL(2)
: UserMethodBase(engine, tag, hm)
, sslapi(engine->creator)
, length(tag->getNum<size_t>("length", GetMaxLength(), 1, GetMaxLength()))
{
}
void GetLinkData(Module::LinkData& data, std::string& compatdata) override
{
UserMethodBase::GetLinkData(data, compatdata);
data["length"] = ConvToStr(length);
}
};
class NickMethod final
: public UserMethodBase
{
@ -248,6 +289,7 @@ class ModuleCloakUser final
private:
UserEngine<AccountMethod> accountcloak;
UserEngine<AccountIdMethod> accountidcloak;
UserEngine<FingerprintMethod> fingerprintcloak;
UserEngine<NickMethod> nicknamecloak;
UserEngine<UserMethod> usernamecloak;
Cloak::API cloakapi;
@ -259,6 +301,7 @@ public:
, Account::EventListener(this)
, accountcloak(this, "account", hostmap)
, accountidcloak(this, "account-id", hostmap)
, fingerprintcloak(this, "fingerprint", hostmap)
, nicknamecloak(this, "nickname", hostmap)
, usernamecloak(this, "username", hostmap)
, cloakapi(this)