aboutsummaryrefslogtreecommitdiffstats
path: root/src/modules/m_sslmodes.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2024-07-17 00:06:50 +0100
committerGravatar Sadie Powell2024-07-17 00:06:50 +0100
commit889d521e05f2e922683d48c74eb00290e7a2f548 (patch)
treeb4c56bd4cdf0881601c7e4d6ff571e491af10bf4 /src/modules/m_sslmodes.cpp
parentUse std::endian from C++20 in the sha1 module. (diff)
Shuffle the modules about a bit.
Diffstat (limited to 'src/modules/m_sslmodes.cpp')
-rw-r--r--src/modules/m_sslmodes.cpp253
1 files changed, 0 insertions, 253 deletions
diff --git a/src/modules/m_sslmodes.cpp b/src/modules/m_sslmodes.cpp
deleted file mode 100644
index 07880eef1..000000000
--- a/src/modules/m_sslmodes.cpp
+++ /dev/null
@@ -1,253 +0,0 @@
-/*
- * InspIRCd -- Internet Relay Chat Daemon
- *
- * Copyright (C) 2013, 2017-2024 Sadie Powell <sadie@witchery.services>
- * Copyright (C) 2013 Shawn Smith <ShawnSmith0828@gmail.com>
- * Copyright (C) 2012-2013 Attila Molnar <attilamolnar@hush.com>
- * Copyright (C) 2012 Robby <robby@chatbelgie.be>
- * Copyright (C) 2009-2010 Daniel De Graaf <danieldg@inspircd.org>
- * Copyright (C) 2009 Uli Schlachter <psychon@znc.in>
- * Copyright (C) 2008 Robin Burchell <robin+git@viroteck.net>
- * Copyright (C) 2007 Dennis Friis <peavey@inspircd.org>
- * Copyright (C) 2006-2007 Craig Edwards <brain@inspircd.org>
- *
- * This file is part of InspIRCd. InspIRCd is free software: you can
- * redistribute it and/or modify it under the terms of the GNU General Public
- * License as published by the Free Software Foundation, version 2.
- *
- * This program is distributed in the hope that it will be useful, but WITHOUT
- * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
- * FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
- * details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
-
-
-#include "inspircd.h"
-#include "modules/callerid.h"
-#include "modules/ctctags.h"
-#include "modules/extban.h"
-#include "modules/ssl.h"
-#include "numerichelper.h"
-
-enum
-{
- // From UnrealIRCd.
- ERR_SECUREONLYCHAN = 489,
-
- // InspIRCd-specific.
- ERR_ALLMUSTSSL = 490
-};
-
-class FingerprintExtBan final
- : public ExtBan::MatchingBase
-{
-private:
- UserCertificateAPI& sslapi;
-
-public:
- FingerprintExtBan(Module* Creator, UserCertificateAPI& api)
- : ExtBan::MatchingBase(Creator, "fingerprint", 'z')
- , sslapi(api)
- {
- }
-
- bool IsMatch(User* user, Channel* channel, const std::string& text) override
- {
- if (!sslapi)
- return false;
-
- for (const auto& fingerprint : sslapi->GetFingerprints(user))
- {
- if (InspIRCd::Match(fingerprint, text))
- return true;
- }
- return false;
- }
-};
-
-/** Handle channel mode +z
- */
-class SSLMode final
- : public ModeHandler
-{
-private:
- UserCertificateAPI& API;
-
-public:
- SSLMode(Module* Creator, UserCertificateAPI& api)
- : ModeHandler(Creator, "sslonly", 'z', PARAM_NONE, MODETYPE_CHANNEL)
- , API(api)
- {
- }
-
- bool OnModeChange(User* source, User* dest, Channel* channel, Modes::Change& change) override
- {
- if (change.adding)
- {
- if (!channel->IsModeSet(this))
- {
- if (IS_LOCAL(source))
- {
- if (!API)
- {
- source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, "Unable to determine whether all members of the channel are connected via TLS");
- return false;
- }
-
- size_t nonssl = 0;
- for (const auto& [u, _] : channel->GetUsers())
- {
- if (!API->IsSecure(u) && !u->server->IsService())
- nonssl++;
- }
-
- if (nonssl)
- {
- source->WriteNumeric(ERR_ALLMUSTSSL, channel->name, fmt::format("All members of the channel must be connected via TLS ({}/{} are non-TLS)",
- nonssl, channel->GetUsers().size()));
- return false;
- }
- }
- channel->SetMode(this, true);
- return true;
- }
- else
- {
- return false;
- }
- }
- else
- {
- if (channel->IsModeSet(this))
- {
- channel->SetMode(this, false);
- return true;
- }
-
- return false;
- }
- }
-};
-
-/** Handle user mode +z
-*/
-class SSLModeUser final
- : public ModeHandler
-{
-private:
- UserCertificateAPI& API;
-
-public:
- SSLModeUser(Module* Creator, UserCertificateAPI& api)
- : ModeHandler(Creator, "sslqueries", 'z', PARAM_NONE, MODETYPE_USER)
- , API(api)
- {
- }
-
- bool OnModeChange(User* user, User* dest, Channel* channel, Modes::Change& change) override
- {
- if (change.adding == dest->IsModeSet(this))
- return false;
-
- if (change.adding && IS_LOCAL(user) && (!API || !API->IsSecure(user)))
- return false;
-
- dest->SetMode(this, change.adding);
- return true;
- }
-};
-
-class ModuleSSLModes final
- : public Module
- , public CTCTags::EventListener
-{
-private:
- UserCertificateAPI api;
- CallerID::API calleridapi;
- SSLMode sslm;
- SSLModeUser sslquery;
- FingerprintExtBan extban;
-
-public:
- ModuleSSLModes()
- : Module(VF_VENDOR, "Adds channel mode z (sslonly) which prevents users who are not connecting using TLS from joining the channel and user mode z (sslqueries) to prevent messages from non-TLS users.")
- , CTCTags::EventListener(this)
- , api(this)
- , calleridapi(this)
- , sslm(this, api)
- , sslquery(this, api)
- , extban(this, api)
- {
- }
-
- ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven, bool override) override
- {
- if (!override && chan && chan->IsModeSet(sslm))
- {
- if (!api)
- {
- user->WriteNumeric(ERR_SECUREONLYCHAN, cname, fmt::format("Cannot join channel; unable to determine if you are a TLS user (+{} is set)",
- sslm.GetModeChar()));
- return MOD_RES_DENY;
- }
-
- if (!api->IsSecure(user))
- {
- user->WriteNumeric(ERR_SECUREONLYCHAN, cname, fmt::format("Cannot join channel; TLS users only (+{} is set)",
- sslm.GetModeChar()));
- return MOD_RES_DENY;
- }
- }
-
- return MOD_RES_PASSTHRU;
- }
-
- ModResult HandleMessage(User* user, const MessageTarget& msgtarget)
- {
- if (msgtarget.type != MessageTarget::TYPE_USER)
- return MOD_RES_PASSTHRU;
-
- auto* target = msgtarget.Get<User>();
-
- /* If one or more of the parties involved is a services user, we won't stop it. */
- if (user->server->IsService() || target->server->IsService())
- return MOD_RES_PASSTHRU;
-
- /* If the target is +z */
- if (target->IsModeSet(sslquery))
- {
- if (!api || !api->IsSecure(user) || (calleridapi && !calleridapi->IsOnAcceptList(user, target)))
- {
- /* The sending user is not on an TLS connection */
- user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery));
- return MOD_RES_DENY;
- }
- }
- /* If the user is +z */
- else if (user->IsModeSet(sslquery))
- {
- if (!api || !api->IsSecure(target))
- {
- user->WriteNumeric(Numerics::CannotSendTo(target, "messages", &sslquery, true));
- return MOD_RES_DENY;
- }
- }
-
- return MOD_RES_PASSTHRU;
- }
-
- ModResult OnUserPreMessage(User* user, MessageTarget& target, MessageDetails& details) override
- {
- return HandleMessage(user, target);
- }
-
- ModResult OnUserPreTagMessage(User* user, MessageTarget& target, CTCTags::TagMessageDetails& details) override
- {
- return HandleMessage(user, target);
- }
-};
-
-MODULE_INIT(ModuleSSLModes)