From e0f1c3b5bc6c55b88938df0fa601522cf9ebdf52 Mon Sep 17 00:00:00 2001 From: Ellenor Malik Date: Fri, 16 Jun 2017 01:48:30 +0000 Subject: [PATCH] extensions/extb_ssl.c: add support for matching by certificate fingerprint --- extensions/extb_ssl.c | 17 ++++++++++++++--- help/opers/extban | 1 + 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/extensions/extb_ssl.c b/extensions/extb_ssl.c index 73e835b1..fcc0ba22 100644 --- a/extensions/extb_ssl.c +++ b/extensions/extb_ssl.c @@ -1,5 +1,9 @@ /* SSL extban type: matches ssl users */ +/* This file is available under the same conditions as the rest of + https://github.com/asterIRC/ircd-chatd, and by extension, the rest + of Charybdis. */ + #include "stdinc.h" #include "modules.h" #include "client.h" @@ -9,7 +13,7 @@ static int _modinit(void); static void _moddeinit(void); static int eb_ssl(const char *data, struct Client *client_p, struct Channel *chptr, long mode_type); -DECLARE_MODULE_AV1(extb_ssl, _modinit, _moddeinit, NULL, NULL, NULL, "$Revision$"); +DECLARE_MODULE_AV1(extb_ssl, _modinit, _moddeinit, NULL, NULL, NULL, "1.05"); static int _modinit(void) @@ -26,12 +30,19 @@ _moddeinit(void) } static int eb_ssl(const char *data, struct Client *client_p, - struct Channel *chptr, long mode_type) + struct Channel *chptr, long mode_type) { (void)chptr; (void)mode_type; + if (data != NULL) - return EXTBAN_INVALID; + { + if (EmptyString(client_p->certfp)) + return EXTBAN_NOMATCH; + + return !irccmp(data, client_p->certfp) ? EXTBAN_MATCH : EXTBAN_NOMATCH; + } + return IsSSLClient(client_p) ? EXTBAN_MATCH : EXTBAN_NOMATCH; } diff --git a/help/opers/extban b/help/opers/extban index 5a0e8e68..a7af800e 100644 --- a/help/opers/extban +++ b/help/opers/extban @@ -28,4 +28,5 @@ Unless noted below, all types can be used with +b, +q, +e and +I. channel $x: - Bans all users with matching nick!user@host#gecos $z - Matches all SSL users + $z: - Matches all SSL users with a fingerprint matching the data