aboutsummaryrefslogtreecommitdiffstats
path: root/src/modules/m_sslmodes.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2026-03-04 21:11:16 +0000
committerGravatar Sadie Powell2026-03-04 21:11:16 +0000
commit4ad8a917490606b79f9d6b69e579a51934237322 (patch)
tree37b93a1b00611beb6293d4fbd7df22b2a3563e7d /src/modules/m_sslmodes.cpp
parentAdd a validation hook for extbans. (diff)
downloadinspircd++-4ad8a917490606b79f9d6b69e579a51934237322.tar.gz
inspircd++-4ad8a917490606b79f9d6b69e579a51934237322.tar.bz2
inspircd++-4ad8a917490606b79f9d6b69e579a51934237322.zip
Prevent non-opers from using extban z when <sslinfo:operonly> is set.
Diffstat (limited to 'src/modules/m_sslmodes.cpp')
-rw-r--r--src/modules/m_sslmodes.cpp19
1 files changed, 19 insertions, 0 deletions
diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp
index d3225f6a5..8621c61d1 100644
--- a/src/modules/m_sslmodes.cpp
+++ b/src/modules/m_sslmodes.cpp
@@ -48,6 +48,8 @@ private:
UserCertificateAPI& sslapi;
public:
+ bool operonly;
+
FingerprintExtBan(Module* Creator, UserCertificateAPI& api)
: ExtBan::MatchingBase(Creator, "fingerprint", 'z')
, sslapi(api)
@@ -66,6 +68,17 @@ public:
}
return false;
}
+
+ bool Validate(ListModeBase* lm, LocalUser* user, Channel* channel, std::string& text, bool inverted) override
+ {
+ if (operonly && !user->IsOper())
+ {
+ // XXX: this has to match the check in sslinfo.
+ user->WriteNumeric(ERR_NOPRIVILEGES, "Permission Denied - You do not have the required operator privileges");
+ return false;
+ }
+ return true;
+ }
};
/** Handle channel mode +z
@@ -177,6 +190,12 @@ public:
{
}
+ void ReadConfig(ConfigStatus& status) override
+ {
+ const auto& tag = ServerInstance->Config->ConfValue("sslinfo");
+ extban.operonly = tag->getBool("operonly");
+ }
+
ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven, bool override) override
{
if (!override && chan && chan->IsModeSet(sslm))