From ff06be6c442359aa223aa68c43d1d8c41920fb91 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 1 Feb 2021 12:59:06 +0000 Subject: Read once at load time. --- src/modules/m_sslinfo.cpp | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index bbbc9ba64..3ced2bc8b 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -148,6 +148,7 @@ class CommandSSLInfo : public Command { public: UserCertificateAPIImpl sslapi; + bool operonlyfp; CommandSSLInfo(Module* Creator) : Command(Creator, "SSLINFO", 1) @@ -166,7 +167,6 @@ class CommandSSLInfo : public Command return CMD_FAILURE; } - bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); if (operonlyfp && !user->IsOper() && target != user) { user->WriteNotice("*** You cannot view TLS (SSL) client certificate information for other users"); @@ -217,6 +217,12 @@ class ModuleSSLInfo { } + void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE + { + ConfigTag* tag = ServerInstance->Config->ConfValue("sslinfo"); + cmd.operonlyfp = tag->getBool("operonly"); + } + Version GetVersion() CXX11_OVERRIDE { return Version("Adds user facing TLS (SSL) information, various TLS (SSL) configuration options, and the /SSLINFO command to look up TLS (SSL) certificate information for other users.", VF_VENDOR); @@ -228,8 +234,7 @@ class ModuleSSLInfo if (cert) { whois.SendLine(RPL_WHOISSECURE, "is using a secure connection"); - bool operonlyfp = ServerInstance->Config->ConfValue("sslinfo")->getBool("operonly"); - if ((!operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty()) + if ((!cmd.operonlyfp || whois.IsSelfWhois() || whois.GetSource()->IsOper()) && !cert->fingerprint.empty()) whois.SendLine(RPL_WHOISCERTFP, InspIRCd::Format("has TLS (SSL) client certificate fingerprint %s", cert->fingerprint.c_str())); } } -- cgit v1.3.1-10-gc9f91 From 35530841cf4f38d0d5d0c3b399681a2eb0a43700 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 1 Feb 2021 13:02:07 +0000 Subject: Convert SSLINFO to SplitCommand. --- src/modules/m_sslinfo.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 3ced2bc8b..4623b318f 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -144,23 +144,23 @@ class UserCertificateAPIImpl : public UserCertificateAPIBase } }; -class CommandSSLInfo : public Command +class CommandSSLInfo : public SplitCommand { public: UserCertificateAPIImpl sslapi; bool operonlyfp; CommandSSLInfo(Module* Creator) - : Command(Creator, "SSLINFO", 1) + : SplitCommand(Creator, "SSLINFO", 1) , sslapi(Creator) { + allow_empty_last_param = false; syntax = ""; } - CmdResult Handle(User* user, const Params& parameters) CXX11_OVERRIDE + CmdResult HandleLocal(LocalUser* user, const Params& parameters) CXX11_OVERRIDE { User* target = ServerInstance->FindNickOnly(parameters[0]); - if ((!target) || (target->registered != REG_ALL)) { user->WriteNumeric(Numerics::NoSuchNick(parameters[0])); -- cgit v1.3.1-10-gc9f91 From b191657921845a26128e910bfff0f21251e98ee4 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 1 Feb 2021 14:11:12 +0000 Subject: Allow using SSLINFO on channels. --- src/modules/m_sslinfo.cpp | 87 +++++++++++++++++++++++++++++++++++++---------- 1 file changed, 69 insertions(+), 18 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 4623b318f..2809731be 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -146,20 +146,87 @@ class UserCertificateAPIImpl : public UserCertificateAPIBase class CommandSSLInfo : public SplitCommand { + private: + ChanModeReference sslonlymode; + + void HandleUserInternal(LocalUser* source, User* target, bool verbose) + { + ssl_cert* cert = sslapi.GetCertificate(target); + if (!cert) + { + source->WriteNotice(InspIRCd::Format("*** %s is not connected using TLS (SSL).", target->nick.c_str())); + } + else if (cert->GetError().length()) + { + source->WriteNotice(InspIRCd::Format("*** %s is connected using TLS (SSL) but has not specified a valid client certificate (%s).", + target->nick.c_str(), cert->GetError().c_str())); + } + else if (!verbose) + { + source->WriteNotice(InspIRCd::Format("*** %s is connected using TLS (SSL) with a valid client certificate (%s).", + target->nick.c_str(), cert->GetFingerprint().c_str())); + } + else + { + source->WriteNotice("*** Distinguished Name: " + cert->GetDN()); + source->WriteNotice("*** Issuer: " + cert->GetIssuer()); + source->WriteNotice("*** Key Fingerprint: " + cert->GetFingerprint()); + } + } + + CmdResult HandleChannel(LocalUser* source, const std::string& channel) + { + Channel* chan = ServerInstance->FindChan(channel); + if (!chan) + { + source->WriteNumeric(Numerics::NoSuchChannel(channel)); + return CMD_FAILURE; + } + + if (operonlyfp && !source->IsOper()) + { + source->WriteNumeric(ERR_NOPRIVILEGES, "You must be a server operator to view TLS (SSL) client certificate information for channels."); + return CMD_FAILURE; + } + + if (!source->IsOper() && chan->GetPrefixValue(source) < OP_VALUE) + { + source->WriteNumeric(ERR_CHANOPRIVSNEEDED, chan->name, "You must be a channel operator."); + return CMD_FAILURE; + } + + if (sslonlymode) + { + source->WriteNotice(InspIRCd::Format("*** %s %s have channel mode +%c (%s) set.", + chan->name.c_str(), chan->IsModeSet(sslonlymode) ? "does" : "does not", + sslonlymode->GetModeChar(), sslonlymode->name.c_str())); + } + + const Channel::MemberMap& userlist = chan->GetUsers(); + for (Channel::MemberMap::const_iterator i = userlist.begin(); i != userlist.end(); ++i) + HandleUserInternal(source, i->first, false); + + return CMD_SUCCESS; + } + public: UserCertificateAPIImpl sslapi; bool operonlyfp; CommandSSLInfo(Module* Creator) : SplitCommand(Creator, "SSLINFO", 1) + , sslonlymode(Creator, "sslonly") , sslapi(Creator) { allow_empty_last_param = false; - syntax = ""; + syntax = ""; } CmdResult HandleLocal(LocalUser* user, const Params& parameters) CXX11_OVERRIDE { + if (ServerInstance->IsChannel(parameters[0])) + return HandleChannel(user, parameters[0]); + User* target = ServerInstance->FindNickOnly(parameters[0]); if ((!target) || (target->registered != REG_ALL)) { @@ -173,23 +240,7 @@ class CommandSSLInfo : public SplitCommand return CMD_FAILURE; } - ssl_cert* cert = sslapi.GetCertificate(target); - if (!cert) - { - user->WriteNotice(InspIRCd::Format("*** %s is not connected using TLS (SSL).", target->nick.c_str())); - } - else if (cert->GetError().length()) - { - user->WriteNotice(InspIRCd::Format("*** %s is connected using TLS (SSL) but has not specified a valid client certificate (%s).", - target->nick.c_str(), cert->GetError().c_str())); - } - else - { - user->WriteNotice("*** Distinguished Name: " + cert->GetDN()); - user->WriteNotice("*** Issuer: " + cert->GetIssuer()); - user->WriteNotice("*** Key Fingerprint: " + cert->GetFingerprint()); - } - + HandleUserInternal(user, target, true); return CMD_SUCCESS; } }; -- cgit v1.3.1-10-gc9f91 From a235e4356074f10b6946ee4019769a707f4f6e1d Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 1 Feb 2021 14:13:36 +0000 Subject: Move SSLINFO code for users to its own function and refactor. --- src/modules/m_sslinfo.cpp | 37 +++++++++++++++++++++---------------- 1 file changed, 21 insertions(+), 16 deletions(-) (limited to 'src/modules') diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp index 2809731be..d51a691c6 100644 --- a/src/modules/m_sslinfo.cpp +++ b/src/modules/m_sslinfo.cpp @@ -174,6 +174,25 @@ class CommandSSLInfo : public SplitCommand } } + CmdResult HandleUser(LocalUser* source, const std::string& nick) + { + User* target = ServerInstance->FindNickOnly(nick); + if (!target || target->registered != REG_ALL) + { + source->WriteNumeric(Numerics::NoSuchNick(nick)); + return CMD_FAILURE; + } + + if (operonlyfp && !source->IsOper() && source != target) + { + source->WriteNumeric(ERR_NOPRIVILEGES, "You must be a server operator to view TLS (SSL) client certificate information for other users."); + return CMD_FAILURE; + } + + HandleUserInternal(source, target, true); + return CMD_SUCCESS; + } + CmdResult HandleChannel(LocalUser* source, const std::string& channel) { Channel* chan = ServerInstance->FindChan(channel); @@ -226,22 +245,8 @@ class CommandSSLInfo : public SplitCommand { if (ServerInstance->IsChannel(parameters[0])) return HandleChannel(user, parameters[0]); - - User* target = ServerInstance->FindNickOnly(parameters[0]); - if ((!target) || (target->registered != REG_ALL)) - { - user->WriteNumeric(Numerics::NoSuchNick(parameters[0])); - return CMD_FAILURE; - } - - if (operonlyfp && !user->IsOper() && target != user) - { - user->WriteNotice("*** You cannot view TLS (SSL) client certificate information for other users"); - return CMD_FAILURE; - } - - HandleUserInternal(user, target, true); - return CMD_SUCCESS; + else + return HandleUser(user, parameters[0]); } }; -- cgit v1.3.1-10-gc9f91