m_webirc: respect ircv3's `secure` option

2019-06-09 01:12:52 +01:00 · 2019-06-09 01:12:52 +01:00 · d6c813780f
parent ab4420cbbe
commit d6c813780f
3 changed files with 29 additions and 1 deletions
--- a/extensions/m_webirc.c
+++ b/extensions/m_webirc.c
@ -80,6 +80,8 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc
 	const char *encr;
 	struct rb_sockaddr_storage addr;

+	int secure = 0;
+
 	aconf = find_address_conf(client_p->host, client_p->sockhost,
 				IsGotId(client_p) ? client_p->username : "webirc",
 				IsGotId(client_p) ? client_p->username : "webirc",
@ -125,6 +127,27 @@ mr_webirc(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *sourc

 	source_p->localClient->ip = addr;

+	if (parc >= 6)
+	{
+		char *s;
+		for (s = strtok(parv[5], " "); s != NULL; s = strtok(NULL, " "))
+		{
+			if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == '\0'))
+				secure = 1;
+		}
+	}
+
+	if (secure && !IsSSL(source_p))
+	{
+		sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure");
+		return 0;
+	}
+
+	if (!secure)
+	{
+		SetInsecure(source_p);
+	}
+
 	rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));

 	if(strlen(parv[3]) <= HOSTLEN)
--- a/include/client.h
+++ b/include/client.h
@ -439,6 +439,7 @@ struct ListClient
 #define LFLAGS_FLUSH		0x00000002
 #define LFLAGS_CORK		0x00000004
 #define LFLAGS_SCTP		0x00000008
+#define LFLAGS_INSECURE	0x00000010	/* for marking SSL clients as insecure before registration */

 /* umodes, settable flags */
 /* lots of this moved to snomask -- jilles */
@ -513,6 +514,10 @@ struct ListClient
 #define SetSCTP(x)		((x)->localClient->localflags |= LFLAGS_SCTP)
 #define ClearSCTP(x)		((x)->localClient->localflags &= ~LFLAGS_SCTP)

+#define IsInsecure(x)		((x)->localClient->localflags & LFLAGS_INSECURE)
+#define SetInsecure(x)		((x)->localClient->localflags |= LFLAGS_INSECURE)
+#define ClearInsecure(x)	((x)->localClient->localflags &= ~LFLAGS_INSECURE)
+
 /* oper flags */
 #define MyOper(x)               (MyConnect(x) && IsOper(x))

--- a/ircd/s_user.c
+++ b/ircd/s_user.c
@ -632,7 +632,7 @@ register_local_user(struct Client *client_p, struct Client *source_p)
 		add_to_id_hash(source_p->id, source_p);
 	}

-	if (IsSSL(source_p))
+	if (IsSSL(source_p) && !IsInsecure(source_p))
 		source_p->umodes |= UMODE_SSLCLIENT;

 	if (source_p->umodes & UMODE_INVISIBLE)