9pfs/solanum-vs-hackint-and-charybdis
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #293 from edk0/webirc

Browse source 
m_webirc: improve TLS handling
This commit is contained in:
Aaron Jones 2019-10-22 16:17:33 +00:00 committed by GitHub
commit a52d84f723
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 34 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
extensions/m_webirc.c
View file

@ -86,6 +86,8 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
const char *encr; const char *encr;
struct rb_sockaddr_storage addr; struct rb_sockaddr_storage addr;
int secure = 0;
aconf = find_address_conf(client_p->host, client_p->sockhost, aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "webirc", IsGotId(client_p) ? client_p->username : "webirc",
IsGotId(client_p) ? client_p->username : "webirc", IsGotId(client_p) ? client_p->username : "webirc",
@ -104,6 +106,11 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password"); sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
return; return;
} }
if (!IsSSL(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL)
{
sendto_one(source_p, "NOTICE * :Your CGI:IRC block requires TLS");
return;
}
if (EmptyString(parv[1])) if (EmptyString(parv[1]))
encr = ""; encr = "";
@ -126,6 +133,27 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
source_p->localClient->ip = addr; source_p->localClient->ip = addr;
if (parc >= 6)
{
const char *s;
for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++)
{
if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0'))
secure = 1;
}
}
if (secure && !IsSSL(source_p))
{
sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure");
secure = 0;
}
if (!secure)
{
SetInsecure(source_p);
}
rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN) if(strlen(parv[3]) <= HOSTLEN)

5
include/client.h
View file

@ -439,6 +439,7 @@ struct ListClient
#define LFLAGS_FLUSH 0x00000002 #define LFLAGS_FLUSH 0x00000002
#define LFLAGS_CORK 0x00000004 #define LFLAGS_CORK 0x00000004
#define LFLAGS_SCTP 0x00000008 #define LFLAGS_SCTP 0x00000008
#define LFLAGS_INSECURE 0x00000010 /* for marking SSL clients as insecure before registration */
/* umodes, settable flags */ /* umodes, settable flags */
/* lots of this moved to snomask -- jilles */ /* lots of this moved to snomask -- jilles */
@ -513,6 +514,10 @@ struct ListClient
#define SetSCTP(x) ((x)->localClient->localflags |= LFLAGS_SCTP) #define SetSCTP(x) ((x)->localClient->localflags |= LFLAGS_SCTP)
#define ClearSCTP(x) ((x)->localClient->localflags &= ~LFLAGS_SCTP) #define ClearSCTP(x) ((x)->localClient->localflags &= ~LFLAGS_SCTP)
#define IsInsecure(x) ((x)->localClient->localflags & LFLAGS_INSECURE)
#define SetInsecure(x) ((x)->localClient->localflags |= LFLAGS_INSECURE)
#define ClearInsecure(x) ((x)->localClient->localflags &= ~LFLAGS_INSECURE)
/* oper flags */ /* oper flags */
#define MyOper(x) (MyConnect(x) && IsOper(x)) #define MyOper(x) (MyConnect(x) && IsOper(x))

2
ircd/s_user.c
View file

@ -632,7 +632,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
add_to_id_hash(source_p->id, source_p); add_to_id_hash(source_p->id, source_p);
} }
if (IsSSL(source_p)) if (IsSSL(source_p) && !IsInsecure(source_p))
source_p->umodes |= UMODE_SSLCLIENT; source_p->umodes |= UMODE_SSLCLIENT;
if (source_p->umodes & UMODE_INVISIBLE) if (source_p->umodes & UMODE_INVISIBLE)