extensions: add chm_insecure, which has the opposite effect of chm_sslonly.

This module makes SSL required to join any channels except for ones specifically marked insecure.
It is meant to be used in a migration path away from plaintext IRC.

extensions/Makefile.am

@@ -9,6 +9,7 @@ extension_LTLIBRARIES =		\
   chm_adminonly.la		\
   chm_operonly.la		\
   chm_operonly_compat.la		\
+  chm_insecure.la		\
   chm_nonotice.la		\
   chm_operpeace.la		\
   chm_quietunreg_compat.la	\

extensions/Makefile.in

@@ -140,6 +140,9 @@ AM_V_lt = $(am__v_lt_@AM_V@)
 am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@)
 am__v_lt_0 = --silent
 am__v_lt_1 = 
+chm_insecure_la_LIBADD =
+chm_insecure_la_SOURCES = chm_insecure.c
+chm_insecure_la_OBJECTS = chm_insecure.lo
 chm_nonotice_la_LIBADD =
 chm_nonotice_la_SOURCES = chm_nonotice.c
 chm_nonotice_la_OBJECTS = chm_nonotice.lo
@@ -357,7 +360,7 @@ AM_V_CCLD = $(am__v_CCLD_@AM_V@)
 am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@)
 am__v_CCLD_0 = @echo "  CCLD    " $@;
 am__v_CCLD_1 = 
-SOURCES = chm_adminonly.c chm_nonotice.c chm_operonly.c \
+SOURCES = chm_adminonly.c chm_insecure.c chm_nonotice.c chm_operonly.c \
 	chm_operonly_compat.c chm_operpeace.c chm_quietunreg_compat.c \
 	chm_sslonly.c chm_sslonly_compat.c createauthonly.c \
 	createoperonly.c example_module.c extb_account.c \
@@ -375,14 +378,14 @@ SOURCES = chm_adminonly.c chm_nonotice.c chm_operonly.c \
 	sno_globaloper.c sno_whois.c spy_admin_notice.c \
 	spy_info_notice.c spy_links_notice.c spy_motd_notice.c \
 	spy_stats_notice.c spy_stats_p_notice.c spy_trace_notice.c
-DIST_SOURCES = chm_adminonly.c chm_nonotice.c chm_operonly.c \
-	chm_operonly_compat.c chm_operpeace.c chm_quietunreg_compat.c \
-	chm_sslonly.c chm_sslonly_compat.c createauthonly.c \
-	createoperonly.c example_module.c extb_account.c \
-	extb_canjoin.c extb_channel.c extb_combi.c extb_extgecos.c \
-	extb_hostmask.c extb_oper.c extb_realname.c extb_server.c \
-	extb_ssl.c extb_usermode.c force_user_invis.c helpops.c \
-	hide_uncommon_channels.c hurt.c ip_cloaking.c \
+DIST_SOURCES = chm_adminonly.c chm_insecure.c chm_nonotice.c \
+	chm_operonly.c chm_operonly_compat.c chm_operpeace.c \
+	chm_quietunreg_compat.c chm_sslonly.c chm_sslonly_compat.c \
+	createauthonly.c createoperonly.c example_module.c \
+	extb_account.c extb_canjoin.c extb_channel.c extb_combi.c \
+	extb_extgecos.c extb_hostmask.c extb_oper.c extb_realname.c \
+	extb_server.c extb_ssl.c extb_usermode.c force_user_invis.c \
+	helpops.c hide_uncommon_channels.c hurt.c ip_cloaking.c \
 	ip_cloaking_3.0.c ip_cloaking_4.0.c ip_cloaking_old.c m_42.c \
 	m_adminwall.c m_extendchans.c m_findforwards.c m_identify.c \
 	m_mkpasswd.c m_ojoin.c m_okick.c m_omode.c m_opme.c m_remove.c \
@@ -606,6 +609,7 @@ extension_LTLIBRARIES = \
   chm_adminonly.la		\
   chm_operonly.la		\
   chm_operonly_compat.la		\
+  chm_insecure.la		\
   chm_nonotice.la		\
   chm_operpeace.la		\
   chm_quietunreg_compat.la	\
@@ -738,6 +742,9 @@ clean-extensionLTLIBRARIES:
 chm_adminonly.la: $(chm_adminonly_la_OBJECTS) $(chm_adminonly_la_DEPENDENCIES) $(EXTRA_chm_adminonly_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(extensiondir) $(chm_adminonly_la_OBJECTS) $(chm_adminonly_la_LIBADD) $(LIBS)
 
+chm_insecure.la: $(chm_insecure_la_OBJECTS) $(chm_insecure_la_DEPENDENCIES) $(EXTRA_chm_insecure_la_DEPENDENCIES) 
+	$(AM_V_CCLD)$(LINK) -rpath $(extensiondir) $(chm_insecure_la_OBJECTS) $(chm_insecure_la_LIBADD) $(LIBS)
+
 chm_nonotice.la: $(chm_nonotice_la_OBJECTS) $(chm_nonotice_la_DEPENDENCIES) $(EXTRA_chm_nonotice_la_DEPENDENCIES) 
 	$(AM_V_CCLD)$(LINK) -rpath $(extensiondir) $(chm_nonotice_la_OBJECTS) $(chm_nonotice_la_LIBADD) $(LIBS)
 
@@ -928,6 +935,7 @@ distclean-compile:
 	-rm -f *.tab.c
 
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chm_adminonly.Plo@am__quote@
+@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chm_insecure.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chm_nonotice.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chm_operonly.Plo@am__quote@
 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/chm_operonly_compat.Plo@am__quote@

extensions/chm_insecure.c

@@ -0,0 +1,53 @@
+#include "stdinc.h"
+#include "modules.h"
+#include "hook.h"
+#include "client.h"
+#include "ircd.h"
+#include "send.h"
+#include "s_conf.h"
+#include "s_user.h"
+#include "s_serv.h"
+#include "numeric.h"
+#include "chmode.h"
+
+static void h_can_join(hook_data_channel *);
+
+mapi_hfn_list_av1 sslonly_hfnlist[] = {
+	{ "can_join", (hookfn) h_can_join },
+	{ NULL, NULL }
+};
+
+static unsigned int mymode;
+
+static int
+_modinit(void)
+{
+	mymode = cflag_add('U', chm_simple);
+	if (mymode == 0)
+		return -1;
+
+	return 0;
+}
+
+
+static void
+_moddeinit(void)
+{
+	cflag_orphan('U');
+}
+
+DECLARE_MODULE_AV1(chm_insecure, _modinit, _moddeinit, NULL, NULL, sslonly_hfnlist, "$Revision$");
+
+static void
+h_can_join(hook_data_channel *data)
+{
+	struct Client *source_p = data->client;
+	struct Channel *chptr = data->chptr;
+
+	if(!(chptr->mode.mode & mymode) && !IsSSLClient(source_p)) {
+		/* XXX This is equal to ERR_THROTTLE */
+		sendto_one_numeric(source_p, 480, "%s :Cannot join channel (-U) - SSL/TLS required", chptr->chname);
+		data->approved = ERR_CUSTOM;
+	}
+}
+