From f19dd8310e0b14dd679aba0dc054a4314ca53c5a Mon Sep 17 00:00:00 2001 From: Daniel Vassdal Date: Mon, 26 Aug 2013 08:20:09 -0700 Subject: Allow jmpsrv to handle SSL-connected clients correctly - also allow clients to use the port they're currently using. --- src/modules/m_jumpserver.cpp | 37 +++++++++++++++++++++++++++---------- 1 file changed, 27 insertions(+), 10 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_jumpserver.cpp b/src/modules/m_jumpserver.cpp index e6c8e4e13..81022a907 100644 --- a/src/modules/m_jumpserver.cpp +++ b/src/modules/m_jumpserver.cpp @@ -20,6 +20,7 @@ #include "inspircd.h" +#include "modules/ssl.h" /** Handle /JUMPSERVER */ @@ -30,11 +31,14 @@ class CommandJumpserver : public Command std::string redirect_to; std::string reason; int port; + int sslport; CommandJumpserver(Module* Creator) : Command(Creator, "JUMPSERVER", 0, 4) { - flags_needed = 'o'; syntax = "[ <+/-an> ]"; + flags_needed = 'o'; + syntax = "[ [:] <+/-an> ]"; port = 0; + sslport = 0; redirect_new_users = false; } @@ -56,6 +60,7 @@ class CommandJumpserver : public Command user->WriteNotice("*** Jumpserver was not enabled."); port = 0; + sslport = 0; redirect_to.clear(); return CMD_SUCCESS; } @@ -88,7 +93,13 @@ class CommandJumpserver : public Command } } - if (!atoi(parameters[1].c_str())) + size_t delimpos = parameters[1].find(':'); + port = ConvToInt(parameters[1].substr(0, delimpos ? delimpos : std::string::npos)); + sslport = (delimpos == std::string::npos ? 0 : ConvToInt(parameters[1].substr(delimpos + 1))); + + if (parameters[1].find_first_not_of("0123456789:") != std::string::npos + || parameters[1].rfind(':') != delimpos + || port > 65535 || sslport > 65535) { user->WriteNotice("*** Invalid port number"); return CMD_FAILURE; @@ -99,10 +110,10 @@ class CommandJumpserver : public Command /* Redirect everyone but the oper sending the command */ for (LocalUserList::const_iterator i = ServerInstance->Users->local_users.begin(); i != ServerInstance->Users->local_users.end(); ++i) { - User* t = *i; + LocalUser* t = *i; if (!t->IsOper()) { - t->WriteNumeric(10, "%s %s %s :Please use this Server/Port instead", t->nick.c_str(), parameters[0].c_str(), parameters[1].c_str()); + t->WriteNumeric(10, "%s %s %d :Please use this Server/Port instead", t->nick.c_str(), parameters[0].c_str(), GetPort(t)); ServerInstance->Users->QuitUser(t, reason); n_done++; } @@ -114,18 +125,23 @@ class CommandJumpserver : public Command } if (redirect_new_users) - { redirect_to = parameters[0]; - port = atoi(parameters[1].c_str()); - } - user->WriteNotice("*** Set jumpserver to server '" + parameters[0] + "' port '" + parameters[1] + "', flags '+" + + user->WriteNotice("*** Set jumpserver to server '" + parameters[0] + "' port '" + (port ? ConvToStr(port) : "Auto") + ", SSL " + (sslport ? ConvToStr(sslport) : "Auto") + "', flags '+" + (redirect_all_immediately ? "a" : "") + (redirect_new_users ? "n'" : "'") + (n_done ? " (" + n_done_s + "user(s) redirected): " : ": ") + reason); } return CMD_SUCCESS; } + + int GetPort(LocalUser* user) + { + int p = (SSLClientCert::GetCertificate(&user->eh) ? sslport : port); + if (p == 0) + p = user->GetServerPort(); + return p; + } }; class ModuleJumpServer : public Module @@ -143,10 +159,11 @@ class ModuleJumpServer : public Module ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { - if (js.port && js.redirect_new_users) + if (js.redirect_new_users) { + int port = js.GetPort(user); user->WriteNumeric(10, "%s %s %d :Please use this Server/Port instead", - user->nick.c_str(), js.redirect_to.c_str(), js.port); + user->nick.c_str(), js.redirect_to.c_str(), port); ServerInstance->Users->QuitUser(user, js.reason); return MOD_RES_PASSTHRU; } -- cgit v1.2.3