aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_sslinfo.cpp
diff options
context:
space:
mode:
authorGravatar Sadie Powell2022-11-27 07:32:42 +0000
committerGravatar Sadie Powell2022-11-28 02:57:50 +0000
commitee44af8d04f23b4a16c9b377764f930d69e575f7 (patch)
tree4348a9d4b76ea65266875651d57d2ebf3e1d7894 /src/modules/m_sslinfo.cpp
parentMerge branch 'insp3' into master. (diff)
Refactor the internals of the oper system.
- Allow overriding privileges from the <class> blocks in the <type> and <oper> blocks. - Separate oper types from oper accounts in the code. This enables moving some core stuff out of the config tag later. - Merge the config tags together to make a synthetic tag that can have getXXX called on it instead of using getConfig and then converting it. - Move the details of Have*Permission into the oper type class. - Improve oper events to allow modules to easily hook into the oper system.
Diffstat (limited to 'src/modules/m_sslinfo.cpp')
-rw-r--r--src/modules/m_sslinfo.cpp43
1 files changed, 10 insertions, 33 deletions
diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp
index 5366f4ddd..15b76e4f3 100644
--- a/src/modules/m_sslinfo.cpp
+++ b/src/modules/m_sslinfo.cpp
@@ -323,36 +323,16 @@ public:
return MOD_RES_PASSTHRU;
}
- ModResult OnPreCommand(std::string& command, CommandBase::Params& parameters, LocalUser* user, bool validated) override
+ ModResult OnPreOperLogin(LocalUser* user, const std::shared_ptr<OperAccount>& oper) override
{
- if ((command == "OPER") && (validated))
- {
- ServerConfig::OperIndex::const_iterator i = ServerInstance->Config->oper_blocks.find(parameters[0]);
- if (i != ServerInstance->Config->oper_blocks.end())
- {
- std::shared_ptr<OperInfo> ifo = i->second;
- ssl_cert* cert = cmd.sslapi.GetCertificate(user);
-
- if (ifo->oper_block->getBool("sslonly") && !cert)
- {
- user->WriteNumeric(ERR_NOOPERHOST, "Invalid oper credentials");
- user->CommandFloodPenalty += 10000;
- ServerInstance->SNO.WriteGlobalSno('o', "WARNING! Failed oper attempt by %s using login '%s': a secure connection is required.", user->GetFullRealHost().c_str(), parameters[0].c_str());
- return MOD_RES_DENY;
- }
+ auto cert = cmd.sslapi.GetCertificate(user);
+ if (oper->GetConfig()->getBool("sslonly") && !cert)
+ return MOD_RES_DENY;
- std::string fingerprint;
- if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || !MatchFP(cert, fingerprint)))
- {
- user->WriteNumeric(ERR_NOOPERHOST, "Invalid oper credentials");
- user->CommandFloodPenalty += 10000;
- ServerInstance->SNO.WriteGlobalSno('o', "WARNING! Failed oper attempt by %s using login '%s': their TLS client certificate fingerprint does not match.", user->GetFullRealHost().c_str(), parameters[0].c_str());
- return MOD_RES_DENY;
- }
- }
- }
+ const std::string fingerprint = oper->GetConfig()->getString("fingerprint");
+ if (!fingerprint.empty() && (!cert || !MatchFP(cert, fingerprint)))
+ return MOD_RES_DENY;
- // Let core handle it for extra stuff
return MOD_RES_PASSTHRU;
}
@@ -382,19 +362,16 @@ public:
return;
// Find an auto-oper block for this user
- for (const auto& [_, info] : ServerInstance->Config->oper_blocks)
+ for (const auto& [_, info] : ServerInstance->Config->OperAccounts)
{
- auto oper = info->oper_block;
+ const auto& oper = info->GetConfig();
if (!oper->getBool("autologin"))
continue; // No autologin for this block.
if (!InspIRCd::MatchMask(oper->getString("host"), localuser->MakeHost(), localuser->MakeHostIP()))
continue; // Host doesn't match.
- if (!MatchFP(cert, oper->getString("fingerprint")))
- continue; // Fingerprint doesn't match.
-
- user->Oper(info);
+ user->OperLogin(info);
}
}