summaryrefslogtreecommitdiff
path: root/src/modules
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-15 18:04:53 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-15 18:04:53 +0000
commit56d733a9fa9477d281b62ac9237eb7ac8356340d (patch)
treeb521a5c0bcbc7692659994af33fb02c85034e241 /src/modules
parent065d1788b602c807a4d669ba413a175c0059e357 (diff)
Add <oper:autologin> to allow SSL fingerprint-based automatic oper login
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12467 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules')
-rw-r--r--src/modules/extra/m_ssl_gnutls.cpp1
-rw-r--r--src/modules/extra/m_ssl_openssl.cpp2
-rw-r--r--src/modules/m_spanningtree/main.cpp18
-rw-r--r--src/modules/m_sslinfo.cpp36
-rw-r--r--src/modules/ssl.h11
5 files changed, 36 insertions, 32 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp
index 243c8e28e..5b2c7accb 100644
--- a/src/modules/extra/m_ssl_gnutls.cpp
+++ b/src/modules/extra/m_ssl_gnutls.cpp
@@ -575,7 +575,6 @@ class ModuleSSLGnuTLS : public Module
if (sessions[user->eh.GetFd()].sess)
{
ssl_cert* cert = sessions[user->eh.GetFd()].cert;
- SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), cert);
std::string cipher = gnutls_kx_get_name(gnutls_kx_get(sessions[user->eh.GetFd()].sess));
cipher.append("-").append(gnutls_cipher_get_name(gnutls_cipher_get(sessions[user->eh.GetFd()].sess))).append("-");
cipher.append(gnutls_mac_get_name(gnutls_mac_get(sessions[user->eh.GetFd()].sess)));
diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp
index 7d46cf66a..e099facd3 100644
--- a/src/modules/extra/m_ssl_openssl.cpp
+++ b/src/modules/extra/m_ssl_openssl.cpp
@@ -242,8 +242,6 @@ class ModuleSSLOpenSSL : public Module
{
if (sessions[user->eh.GetFd()].sess)
{
- SSLCertSubmission(user, this, ServerInstance->Modules->Find("m_sslinfo.so"), sessions[user->eh.GetFd()].cert);
-
if (!sessions[user->eh.GetFd()].cert->fingerprint.empty())
user->WriteServ("NOTICE %s :*** You are connected using SSL fingerprint %s",
user->nick.c_str(), sessions[user->eh.GetFd()].cert->fingerprint.c_str());
diff --git a/src/modules/m_spanningtree/main.cpp b/src/modules/m_spanningtree/main.cpp
index 11b309557..b313b876a 100644
--- a/src/modules/m_spanningtree/main.cpp
+++ b/src/modules/m_spanningtree/main.cpp
@@ -581,6 +581,13 @@ void ModuleSpanningTree::OnUserConnect(LocalUser* user)
params.push_back(":"+std::string(user->fullname));
Utils->DoOneToMany(ServerInstance->Config->GetSID(), "UID", params);
+ if (IS_OPER(user))
+ {
+ params.clear();
+ params.push_back(user->oper->name);
+ Utils->DoOneToMany(user->uuid,"OPERTYPE",params);
+ }
+
for(Extensible::ExtensibleStore::const_iterator i = user->GetExtList().begin(); i != user->GetExtList().end(); i++)
{
ExtensionItem* item = i->first;
@@ -790,12 +797,11 @@ void ModuleSpanningTree::RedoConfig(Module* mod)
// locally.
void ModuleSpanningTree::OnOper(User* user, const std::string &opertype)
{
- if (IS_LOCAL(user))
- {
- parameterlist params;
- params.push_back(opertype);
- Utils->DoOneToMany(user->uuid,"OPERTYPE",params);
- }
+ if (user->registered != REG_ALL || !IS_LOCAL(user))
+ return;
+ parameterlist params;
+ params.push_back(opertype);
+ Utils->DoOneToMany(user->uuid,"OPERTYPE",params);
}
void ModuleSpanningTree::OnAddLine(User* user, XLine *x)
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index b9e9fb146..578b07c22 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -130,8 +130,8 @@ class ModuleSSLInfo : public Module
ServerInstance->Extensions.Register(&cmd.CertExt);
- Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass };
- ServerInstance->Modules->Attach(eventlist, this, 3);
+ Implementation eventlist[] = { I_OnWhois, I_OnPreCommand, I_OnSetConnectClass, I_OnUserConnect };
+ ServerInstance->Modules->Attach(eventlist, this, 4);
}
Version GetVersion()
@@ -199,18 +199,35 @@ class ModuleSSLInfo : public Module
return MOD_RES_PASSTHRU;
}
+ void OnUserConnect(LocalUser* user)
+ {
+ SocketCertificateRequest req(&user->eh, this);
+ if (!req.cert)
+ return;
+ cmd.CertExt.set(user, req.cert);
+ if (req.cert->fingerprint.empty())
+ return;
+ // find an auto-oper block for this user
+ for(OperIndex::iterator i = ServerInstance->Config->oper_blocks.begin(); i != ServerInstance->Config->oper_blocks.end(); i++)
+ {
+ OperInfo* ifo = i->second;
+ std::string fp = ifo->oper_block->getString("fingerprint");
+ if (fp == req.cert->fingerprint && ifo->oper_block->getBool("autologin"))
+ user->Oper(ifo);
+ }
+ }
+
ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass)
{
SocketCertificateRequest req(&user->eh, this);
- req.Send();
bool ok = true;
- if (myclass->config->getBool("requiressl"))
+ if (myclass->config->getString("requiressl") == "trusted")
{
- ok = (req.cert != NULL);
+ ok = (req.cert && req.cert->IsCAVerified());
}
- else if (myclass->config->getString("requiressl") == "trusted")
+ else if (myclass->config->getBool("requiressl"))
{
- ok = (req.cert && req.cert->IsCAVerified());
+ ok = (req.cert != NULL);
}
if (!ok)
@@ -225,11 +242,6 @@ class ModuleSSLInfo : public Module
UserCertificateRequest& req = static_cast<UserCertificateRequest&>(request);
req.cert = cmd.CertExt.get(req.user);
}
- else if (strcmp("SET_CERT", request.id) == 0)
- {
- SSLCertSubmission& req = static_cast<SSLCertSubmission&>(request);
- cmd.CertExt.set(req.item, req.cert);
- }
}
};
diff --git a/src/modules/ssl.h b/src/modules/ssl.h
index 2d0a2b1ee..e66e423aa 100644
--- a/src/modules/ssl.h
+++ b/src/modules/ssl.h
@@ -165,15 +165,4 @@ struct UserCertificateRequest : public Request
}
};
-struct SSLCertSubmission : public Request
-{
- Extensible* const item;
- ssl_cert* const cert;
- SSLCertSubmission(Extensible* is, Module* Me, Module* Target, ssl_cert* Cert)
- : Request(Me, Target, "SET_CERT"), item(is), cert(Cert)
- {
- Send();
- }
-};
-
#endif