diff options
| author | 2022-11-27 07:32:42 +0000 | |
|---|---|---|
| committer | 2022-11-28 02:57:50 +0000 | |
| commit | ee44af8d04f23b4a16c9b377764f930d69e575f7 (patch) | |
| tree | 4348a9d4b76ea65266875651d57d2ebf3e1d7894 /src/modules/m_sslinfo.cpp | |
| parent | Merge branch 'insp3' into master. (diff) | |
Refactor the internals of the oper system.
- Allow overriding privileges from the <class> blocks in the <type>
and <oper> blocks.
- Separate oper types from oper accounts in the code. This enables
moving some core stuff out of the config tag later.
- Merge the config tags together to make a synthetic tag that can
have getXXX called on it instead of using getConfig and then
converting it.
- Move the details of Have*Permission into the oper type class.
- Improve oper events to allow modules to easily hook into the oper
system.
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
| -rw-r--r-- | src/modules/m_sslinfo.cpp | 43 |
1 files changed, 10 insertions, 33 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 5366f4ddd..15b76e4f3 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -323,36 +323,16 @@ public: return MOD_RES_PASSTHRU; } - ModResult OnPreCommand(std::string& command, CommandBase::Params& parameters, LocalUser* user, bool validated) override + ModResult OnPreOperLogin(LocalUser* user, const std::shared_ptr<OperAccount>& oper) override { - if ((command == "OPER") && (validated)) - { - ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.find(parameters[0]); - if (i != ServerInstance->Config->oper_blocks.end()) - { - std::shared_ptr<OperInfo> ifo = i->second; - ssl_cert* cert = cmd.sslapi.GetCertificate(user); - - if (ifo->oper_block->getBool("sslonly") && !cert) - { - user->WriteNumeric(ERR_NOOPERHOST, "Invalid oper credentials"); - user->CommandFloodPenalty += 10000; - ServerInstance->SNO.WriteGlobalSno('o', "WARNING! Failed oper attempt by %s using login '%s': a secure connection is required.", user->GetFullRealHost().c_str(), parameters[0].c_str()); - return MOD_RES_DENY; - } + auto cert = cmd.sslapi.GetCertificate(user); + if (oper->GetConfig()->getBool("sslonly") && !cert) + return MOD_RES_DENY; - std::string fingerprint; - if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || !MatchFP(cert, fingerprint))) - { - user->WriteNumeric(ERR_NOOPERHOST, "Invalid oper credentials"); - user->CommandFloodPenalty += 10000; - ServerInstance->SNO.WriteGlobalSno('o', "WARNING! Failed oper attempt by %s using login '%s': their TLS client certificate fingerprint does not match.", user->GetFullRealHost().c_str(), parameters[0].c_str()); - return MOD_RES_DENY; - } - } - } + const std::string fingerprint = oper->GetConfig()->getString("fingerprint"); + if (!fingerprint.empty() && (!cert || !MatchFP(cert, fingerprint))) + return MOD_RES_DENY; - // Let core handle it for extra stuff return MOD_RES_PASSTHRU; } @@ -382,19 +362,16 @@ public: return; // Find an auto-oper block for this user - for (const auto& [_, info] : ServerInstance->Config->oper_blocks) + for (const auto& [_, info] : ServerInstance->Config->OperAccounts) { - auto oper = info->oper_block; + const auto& oper = info->GetConfig(); if (!oper->getBool("autologin")) continue; // No autologin for this block. if (!InspIRCd::MatchMask(oper->getString("host"), localuser->MakeHost(), localuser->MakeHostIP())) continue; // Host doesn't match. - if (!MatchFP(cert, oper->getString("fingerprint"))) - continue; // Fingerprint doesn't match. - - user->Oper(info); + user->OperLogin(info); } } |
