- Add usermode 'S' (client is connecte via SSL/TLS).

Allows services to keep track of what users are connected via SSL, and allows to see ssl-status of remote clients in a /whois git-svn-id: svn://svn.ircd-hybrid.org/svnroot/ircd-hybrid/branches/8.1.x@2247 82007160-df01-0410-b94d-b575c5fd34c7
author: michael <michael@82007160-df01-0410-b94d-b575c5fd34c7> 2013-06-16 10:58:28 +0000
committer: michael <michael@82007160-df01-0410-b94d-b575c5fd34c7> 2013-06-16 10:58:28 +0000
commit: ef672ecfcc78b21f04143c6f21c5450c972cdffc (patch)
tree: adce27fed3509a83aeabb97233b74f7290c3d300
parent: 6ba883ff9d3934eacf35d4dc6844052d9f1301ad (diff)
8 files changed, 21 insertions, 15 deletions
diff --git a/doc/modes.txt b/doc/modes.txt
index 1e7ed41..7b0f053 100644
--- a/doc/modes.txt
+++ b/doc/modes.txt
@@ -33,6 +33,7 @@ User Modes:
                     This mode can be set by servers and services only.
 +R - regonly      - Only registered clients may message you
 +s - servnotice   - See general server notices
++S - ssl          - Client is connected via SSL/TLS
 +u - unauth       - See unauthorized client notices
 +w - wallop       - See server generated WALLOPS
 +x - hiddenhost   - User's host has been spoofed by services.
diff --git a/help/umode b/help/umode
index f7b0c47..f6ce160 100644
--- a/help/umode
+++ b/help/umode
@@ -10,7 +10,6 @@ Usermodes: (* designates that the umode is oper only)
        * +w     - Can see server wallops.
        * +z     - Can see oper wallops.
        * +l     - Can see oper locops (local wallops).
-       * +s     - Can see generic server messages and oper kills.
        * +c     - Can see client connections and exits.
        * +u     - Can see unauthorized client connections.
        * +j     - Can see 'rejected' client notices.
@@ -25,6 +24,8 @@ Usermodes: (* designates that the umode is oper only)
          +r     - User has been registered and identified for its nick.
                   This mode can be set by servers and services only.
          +R     - Only registered clients may message you.
+       * +s     - Can see generic server messages and oper kills.
+         +S     - Client is connected via SSL/TLS
        * +e     - Can see new server introduction and split messages.
        * +b     - Can see possible bot / join flood warnings.
        * +a     - Is marked as a server admin in stats p/o.
diff --git a/include/client.h b/include/client.h
index f5b1dc3..33d0f98 100644
--- a/include/client.h
+++ b/include/client.h
@@ -128,6 +128,7 @@
 #define FLAGS_FLOOD_NOTICED  0x01000000 /**< Notice to opers about this flooder has been sent */
 #define FLAGS_SERVICE        0x02000000 /**< Client/server is a network service */
 #define FLAGS_AUTH_SPOOF     0x04000000 /**< user's hostname has been spoofed by an auth{} spoof*/
+#define FLAGS_SSL            0x08000000 /**< User is connected via TLS/SSL */
 
 #define HasFlag(x, y) ((x)->flags &   (y))
 #define AddFlag(x, y) ((x)->flags |=  (y))
@@ -161,6 +162,7 @@
 #define UMODE_ADMIN        0x00400000 /**< Admin on server */ 
 #define UMODE_FARCONNECT   0x00800000 /**< Can see remote client connects/exits */
 #define UMODE_HIDDENHOST   0x01000000 /**< User's host is hidden */
+#define UMODE_SSL          0x02000000 /**< User is connected via TLS/SSL */
 
 
 #define UMODE_ALL          UMODE_SERVNOTICE
@@ -171,7 +173,7 @@
 
 #define SEND_UMODES  (UMODE_INVISIBLE | UMODE_OPER | UMODE_WALLOP |\
                       UMODE_REGONLY | UMODE_REGISTERED | UMODE_ADMIN |\
-                      UMODE_HIDDEN)
+                      UMODE_HIDDEN | UMODE_SSL)
 
 
 
diff --git a/modules/m_svsmode.c b/modules/m_svsmode.c
index d54f664..77cfad6 100644
--- a/modules/m_svsmode.c
+++ b/modules/m_svsmode.c
@@ -146,6 +146,9 @@ ms_svsmode(struct Client *client_p, struct Client *source_p,
 
         break;
 
+      case 'S':  /* Only servers may set +S in a burst */
+        break;
+
       default:
         if ((flag = user_modes[(unsigned char)*m]))
         {
diff --git a/modules/m_whois.c b/modules/m_whois.c
index 85531a2..764e458 100644
--- a/modules/m_whois.c
+++ b/modules/m_whois.c
@@ -136,6 +136,10 @@ whois_person(struct Client *source_p, struct Client *target_p)
                show_ip ? target_p->sockhost : "255.255.255.255");
   }
 
+  if (HasUMode(target_p, UMODE_SSL))
+    sendto_one(source_p, form_str(RPL_WHOISSECURE), me.name,
+               source_p->name, target_p->name);
+
   if (!EmptyString(target_p->certfp))
     if (target_p == source_p || HasUMode(source_p, UMODE_OPER))
       sendto_one(source_p, form_str(RPL_WHOISCERTFP), me.name,
@@ -143,11 +147,6 @@ whois_person(struct Client *source_p, struct Client *target_p)
 
   if (MyConnect(target_p))
   {
-#ifdef HAVE_LIBCRYPTO
-    if (target_p->localClient->fd.ssl)
-      sendto_one(source_p, form_str(RPL_WHOISSECURE),
-                 me.name, source_p->name, target_p->name);
-#endif
     sendto_one(source_p, form_str(RPL_WHOISIDLE),
                me.name, source_p->name, target_p->name,
                idle_time_get(source_p, target_p),
diff --git a/src/channel.c b/src/channel.c
index 1c04488..e588add 100644
--- a/src/channel.c
+++ b/src/channel.c
@@ -641,13 +641,8 @@ is_banned(const struct Channel *chptr, const struct Client *who)
 int
 can_join(struct Client *source_p, struct Channel *chptr, const char *key)
 {
-#ifdef HAVE_LIBCRYPTO
-  if ((chptr->mode.mode & MODE_SSLONLY) && !source_p->localClient->fd.ssl)
+  if ((chptr->mode.mode & MODE_SSLONLY) && !HasUMode(source_p, UMODE_SSL))
     return ERR_SSLONLYCHAN;
-#else
-  if ((chptr->mode.mode & MODE_SSLONLY))
-    return ERR_SSLONLYCHAN;
-#endif
 
   if ((chptr->mode.mode & MODE_REGONLY) && !HasUMode(source_p, UMODE_REGISTERED))
     return ERR_NEEDREGGEDNICK;
diff --git a/src/s_bsd.c b/src/s_bsd.c
index e0b8173..903741e 100644
--- a/src/s_bsd.c
+++ b/src/s_bsd.c
@@ -368,6 +368,7 @@ add_connection(struct Listener *listener, struct irc_ssaddr *irn, int fd)
       return;
     }
 
+    AddFlag(new_client, FLAGS_SSL);
     SSL_set_fd(new_client->localClient->fd.ssl, fd);
     ssl_handshake(0, new_client);
   }
diff --git a/src/s_user.c b/src/s_user.c
index ebbeecd..97ad2c1 100644
--- a/src/s_user.c
+++ b/src/s_user.c
@@ -101,7 +101,7 @@ const unsigned int user_modes[256] =
   0,                  /* P */
   0,                  /* Q */
   UMODE_REGONLY,      /* R */
-  0,                  /* S */
+  UMODE_SSL,          /* S */
   0,                  /* T */
   0,                  /* U */
   0,                  /* V */
@@ -895,6 +895,7 @@ set_user_mode(struct Client *client_p, struct Client *source_p,
 
           break;
 
+        case 'S':  /* Only servers may set +S in a burst */
         case 'r':  /* Only services may set +r */
         case 'x':  /* Only services may set +x */
           break;
@@ -1143,10 +1144,13 @@ user_welcome(struct Client *source_p)
 #endif
 
 #ifdef HAVE_LIBCRYPTO
-  if (source_p->localClient->fd.ssl != NULL)
+  if (HasFlag(source_p, FLAGS_SSL))
+  {
+    AddUMode(source_p, UMODE_SSL);
     sendto_one(source_p, ":%s NOTICE %s :*** Connected securely via %s",
                me.name, source_p->name,
                ssl_get_cipher(source_p->localClient->fd.ssl));
+  }
 #endif
 
   sendto_one(source_p, form_str(RPL_WELCOME), me.name, source_p->name,
author	michael <michael@82007160-df01-0410-b94d-b575c5fd34c7>	2013-06-16 10:58:28 +0000
committer	michael <michael@82007160-df01-0410-b94d-b575c5fd34c7>	2013-06-16 10:58:28 +0000
commit	ef672ecfcc78b21f04143c6f21c5450c972cdffc (patch)
tree	adce27fed3509a83aeabb97233b74f7290c3d300
parent	6ba883ff9d3934eacf35d4dc6844052d9f1301ad (diff)