From d6c813780f431deb2bef9fc03782561f94eadd77 Mon Sep 17 00:00:00 2001 From: Ed Kellett Date: Sun, 9 Jun 2019 01:12:52 +0100 Subject: [PATCH] m_webirc: respect ircv3's `secure` option --- extensions/m_webirc.c | 23 +++++++++++++++++++++++ include/client.h | 5 +++++ ircd/s_user.c | 2 +- 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/extensions/m_webirc.c b/extensions/m_webirc.c index 1b48e3cb..07057116 100644 --- a/extensions/m_webirc.c +++ b/extensions/m_webirc.c @@ -80,6 +80,8 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc const char *encr; struct rb_sockaddr_storage addr; + int secure = 0; + aconf = find_address_conf(client_p->host, client_p->sockhost, IsGotId(client_p) ? client_p->username : "webirc", IsGotId(client_p) ? client_p->username : "webirc", @@ -125,6 +127,27 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc source_p->localClient->ip = addr; + if (parc >= 6) + { + char *s; + for (s = strtok(parv[5], " "); s != NULL; s = strtok(NULL, " ")) + { + if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == '\0')) + secure = 1; + } + } + + if (secure && !IsSSL(source_p)) + { + sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure"); + return 0; + } + + if (!secure) + { + SetInsecure(source_p); + } + rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost)); if(strlen(parv[3]) <= HOSTLEN) diff --git a/include/client.h b/include/client.h index ccc3c2e9..af8ccfa4 100644 --- a/include/client.h +++ b/include/client.h @@ -439,6 +439,7 @@ struct ListClient #define LFLAGS_FLUSH 0x00000002 #define LFLAGS_CORK 0x00000004 #define LFLAGS_SCTP 0x00000008 +#define LFLAGS_INSECURE 0x00000010 /* for marking SSL clients as insecure before registration */ /* umodes, settable flags */ /* lots of this moved to snomask -- jilles */ @@ -513,6 +514,10 @@ struct ListClient #define SetSCTP(x) ((x)->localClient->localflags |= LFLAGS_SCTP) #define ClearSCTP(x) ((x)->localClient->localflags &= ~LFLAGS_SCTP) +#define IsInsecure(x) ((x)->localClient->localflags & LFLAGS_INSECURE) +#define SetInsecure(x) ((x)->localClient->localflags |= LFLAGS_INSECURE) +#define ClearInsecure(x) ((x)->localClient->localflags &= ~LFLAGS_INSECURE) + /* oper flags */ #define MyOper(x) (MyConnect(x) && IsOper(x)) diff --git a/ircd/s_user.c b/ircd/s_user.c index 3a3dc8b6..4ac4741e 100644 --- a/ircd/s_user.c +++ b/ircd/s_user.c @@ -632,7 +632,7 @@ register_local_user(struct Client *client_p, struct Client *source_p) add_to_id_hash(source_p->id, source_p); } - if (IsSSL(source_p)) + if (IsSSL(source_p) && !IsInsecure(source_p)) source_p->umodes |= UMODE_SSLCLIENT; if (source_p->umodes & UMODE_INVISIBLE)