const char *encr;
struct rb_sockaddr_storage addr;
+ int secure = 0;
+
aconf = find_address_conf(client_p->host, client_p->sockhost,
IsGotId(client_p) ? client_p->username : "webirc",
IsGotId(client_p) ? client_p->username : "webirc",
sendto_one(source_p, "NOTICE * :CGI:IRC auth blocks must have a password");
return;
}
+ if (!IsSSL(source_p) && aconf->flags & CONF_FLAGS_NEED_SSL)
+ {
+ sendto_one(source_p, "NOTICE * :Your CGI:IRC block requires TLS");
+ return;
+ }
if (EmptyString(parv[1]))
encr = "";
source_p->localClient->ip = addr;
+ if (parc >= 6)
+ {
+ const char *s;
+ for (s = parv[5]; s != NULL; (s = strchr(s, ' ')) && s++)
+ {
+ if (!ircncmp(s, "secure", 6) && (s[6] == '=' || s[6] == ' ' || s[6] == '\0'))
+ secure = 1;
+ }
+ }
+
+ if (secure && !IsSSL(source_p))
+ {
+ sendto_one(source_p, "NOTICE * :CGI:IRC is not connected securely; marking you as insecure");
+ secure = 0;
+ }
+
+ if (!secure)
+ {
+ SetInsecure(source_p);
+ }
+
rb_inet_ntop_sock((struct sockaddr *)&source_p->localClient->ip, source_p->sockhost, sizeof(source_p->sockhost));
if(strlen(parv[3]) <= HOSTLEN)
#define LFLAGS_FLUSH 0x00000002
#define LFLAGS_CORK 0x00000004
#define LFLAGS_SCTP 0x00000008
+#define LFLAGS_INSECURE 0x00000010 /* for marking SSL clients as insecure before registration */
/* umodes, settable flags */
/* lots of this moved to snomask -- jilles */
#define SetSCTP(x) ((x)->localClient->localflags |= LFLAGS_SCTP)
#define ClearSCTP(x) ((x)->localClient->localflags &= ~LFLAGS_SCTP)
+#define IsInsecure(x) ((x)->localClient->localflags & LFLAGS_INSECURE)
+#define SetInsecure(x) ((x)->localClient->localflags |= LFLAGS_INSECURE)
+#define ClearInsecure(x) ((x)->localClient->localflags &= ~LFLAGS_INSECURE)
+
/* oper flags */
#define MyOper(x) (MyConnect(x) && IsOper(x))
add_to_id_hash(source_p->id, source_p);
}
- if (IsSSL(source_p))
+ if (IsSSL(source_p) && !IsInsecure(source_p))
source_p->umodes |= UMODE_SSLCLIENT;
if (source_p->umodes & UMODE_INVISIBLE)