aboutsummaryrefslogtreecommitdiff
path: root/src/modules/m_starttls.cpp
blob: 48efef892a4ee6bd282e33a2fa630761c8e3eb18 (about) (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
/*
 * InspIRCd -- Internet Relay Chat Daemon
 *
 *   Copyright (C) 2020 Matt Schatz <genius3000@g3k.solutions>
 *   Copyright (C) 2019 Robby <robby@chatbelgie.be>
 *   Copyright (C) 2018, 2021 Sadie Powell <sadie@witchery.services>
 *   Copyright (C) 2014 Adam <Adam@anope.org>
 *   Copyright (C) 2013, 2016 Attila Molnar <attilamolnar@hush.com>
 *
 * This file is part of InspIRCd.  InspIRCd is free software: you can
 * redistribute it and/or modify it under the terms of the GNU General Public
 * License as published by the Free Software Foundation, version 2.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
 * details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */


#include "inspircd.h"
#include "modules/ssl.h"
#include "modules/cap.h"

// From IRCv3 tls-3.1
enum
{
	RPL_STARTTLS = 670,
	ERR_STARTTLS = 691
};

class CommandStartTLS : public SplitCommand
{
	dynamic_reference_nocheck<IOHookProvider>& ssl;

 public:
	CommandStartTLS(Module* mod, dynamic_reference_nocheck<IOHookProvider>& s)
		: SplitCommand(mod, "STARTTLS")
		, ssl(s)
	{
		works_before_reg = true;
	}

	CmdResult HandleLocal(LocalUser* user, const Params& parameters) CXX11_OVERRIDE
	{
		if (!ssl)
		{
			user->WriteNumeric(ERR_STARTTLS, "STARTTLS is not enabled");
			return CMD_FAILURE;
		}

		if (user->registered == REG_ALL)
		{
			user->WriteNumeric(ERR_STARTTLS, "STARTTLS is not permitted after client registration is complete");
			return CMD_FAILURE;
		}

		if (user->eh.GetIOHook())
		{
			user->WriteNumeric(ERR_STARTTLS, "STARTTLS failure");
			return CMD_FAILURE;
		}

		user->WriteNumeric(RPL_STARTTLS, "STARTTLS successful, go ahead with TLS handshake");
		/* We need to flush the write buffer prior to adding the IOHook,
		 * otherwise we'll be sending this line inside the TLS (SSL) session - which
		 * won't start its handshake until the client gets this line. Currently,
		 * we assume the write will not block here; this is usually safe, as
		 * STARTTLS is sent very early on in the registration phase, where the
		 * user hasn't built up much sendq. Handling a blocked write here would
		 * be very annoying.
		 */
		user->eh.DoWrite();

		ssl->OnAccept(&user->eh, NULL, NULL);

		return CMD_SUCCESS;
	}
};

class TLSCap : public Cap::Capability
{
 private:
	dynamic_reference_nocheck<IOHookProvider>& sslref;

	bool OnList(LocalUser* user) CXX11_OVERRIDE
	{
		return sslref;
	}

	bool OnRequest(LocalUser* user, bool adding) CXX11_OVERRIDE
	{
		return sslref;
	}

 public:
	TLSCap(Module* mod, dynamic_reference_nocheck<IOHookProvider>& ssl)
		: Cap::Capability(mod, "tls")
		, sslref(ssl)
	{
	}
};

class ModuleStartTLS : public Module
{
	CommandStartTLS starttls;
	TLSCap tls;
	dynamic_reference_nocheck<IOHookProvider> ssl;

 public:
	ModuleStartTLS()
		: starttls(this, ssl)
		, tls(this, ssl)
		, ssl(this, "ssl")
	{
	}

	void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE
	{
		ConfigTag* conf = ServerInstance->Config->ConfValue("starttls");

		std::string newprovider = conf->getString("provider");
		if (newprovider.empty())
			ssl.SetProvider("ssl");
		else
			ssl.SetProvider("ssl/" + newprovider);
	}

	Version GetVersion() CXX11_OVERRIDE
	{
		return Version("Provides the IRCv3 tls client capability.", VF_VENDOR);
	}
};

MODULE_INIT(ModuleStartTLS)