ModResult OnUserPreMessage(User* user, const MessageTarget& msgtarget, MessageDetails& details) override
{
if (msgtarget.type != MessageTarget::TYPE_USER)
return MOD_RES_PASSTHRU;
User* target = msgtarget.Get<User>();
/* If one or more of the parties involved is a ulined service, we wont stop it. */
if (user->server->IsULine() || target->server->IsULine())
return MOD_RES_PASSTHRU;
/* If the target is +z */
if (target->IsModeSet(sslquery))
{
if (!api || !api->GetCertificate(user))
{
/* The sending user is not on an SSL connection */
user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You are not permitted to send private messages to this user (+z set)");
return MOD_RES_DENY;
}
}
/* If the user is +z */
else if (user->IsModeSet(sslquery))
{
if (!api || !api->GetCertificate(target))
{
user->WriteNumeric(ERR_CANTSENDTOUSER, target->nick, "You must remove usermode 'z' before you are able to send private messages to a non-ssl user.");
return MOD_RES_DENY;
}
}
return MOD_RES_PASSTHRU;
}
ModResult OnCheckBan(User *user, Channel *c, const std::string& mask) override
{
if ((mask.length() > 2) && (mask[0] == 'z') && (mask[1] == ':'))
{
const std::string fp = api ? api->GetFingerprint(user) : "";
if (!fp.empty() && InspIRCd::Match(fp, mask.substr(2)))
return MOD_RES_DENY;
}
return MOD_RES_PASSTHRU;
}
bool Matches(LocalUser* user, const std::string& pass, UserCertificateAPI& sslapi) const
{
// Did the user send a valid password?
if (!password.empty() && !ServerInstance->PassCompare(user, password, pass, passhash))
return false;
// Does the user have a valid fingerprint?
const std::string fp = sslapi ? sslapi->GetFingerprint(user) : "";
if (!fingerprint.empty() && !InspIRCd::TimingSafeCompare(fp, fingerprint))
return false;
// Does the user's hostname match our hostmask?
if (InspIRCd::Match(user->GetRealHost(), hostmask, ascii_case_insensitive_map))
return true;
// Does the user's IP address match our hostmask?
return InspIRCd::MatchCIDR(user->GetIPString(), hostmask, ascii_case_insensitive_map);
}
ModResult OnUserPreJoin(LocalUser* user, Channel* chan, const std::string& cname, std::string& privs, const std::string& keygiven) override
{
if(chan && chan->IsModeSet(sslm))
{
if (!api)
{
user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; unable to determine if you are a SSL user (+z)");
return MOD_RES_DENY;
}
if (!api->GetCertificate(user))
{
user->WriteNumeric(ERR_SECUREONLYCHAN, cname, "Cannot join channel; SSL users only (+z)");
return MOD_RES_DENY;
}
}
return MOD_RES_PASSTHRU;
}
ModeAction OnModeChange(User* source, User* dest, Channel* channel, std::string ¶meter, bool adding)
{
if (adding)
{
if (!channel->IsModeSet(this))
{
if (IS_LOCAL(source))
{
if (!API)
return MODEACTION_DENY;
const UserMembList* userlist = channel->GetUsers();
for(UserMembCIter i = userlist->begin(); i != userlist->end(); i++)
{
ssl_cert* cert = API->GetCertificate(i->first);
if (!cert && !ServerInstance->ULine(i->first->server))
{
source->WriteNumeric(ERR_ALLMUSTSSL, "%s :all members of the channel must be connected via SSL", channel->name.c_str());
return MODEACTION_DENY;
}
}
}
channel->SetMode(this, true);
return MODEACTION_ALLOW;
}
else
{
return MODEACTION_DENY;
}
}
else
{
if (channel->IsModeSet(this))
{
channel->SetMode(this, false);
return MODEACTION_ALLOW;
}
return MODEACTION_DENY;
}
}