pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-12 19:14:47 +02:00
Code Activity

Do not allow users to add certs that other users are using. Only allow adding certfps if the user is using it.

Browse Source
This commit is contained in:
Adam
2014-03-13 20:07:50 -04:00
parent bce7237d9f
commit 296a75f2a9
2 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/nickserv.example.conf
+1 -1
View File
@@ -306,7 +306,7 @@ module
* The maximum number of entries allowed on a nickname's certificate fingerprint list.
* The default is 5. This number cannot be set to 0.
*/
accessmax = 5
max = 5
}
command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
modules/commands/ns_cert.cpp
+31 -24
View File
@@ -148,7 +148,9 @@ struct NSCertListImpl : NSCertList
Anope::string buf;
data["cert"] >> buf;
spacesepstream sep(buf);
c->ClearCert();
for (unsigned i = 0; i < c->certs.size(); ++i)
certmap.erase(c->certs[i]);
c->certs.clear();
while (sep.GetToken(buf))
{
c->certs.push_back(buf);
@@ -161,28 +163,28 @@ struct NSCertListImpl : NSCertList
class CommandNSCert : public Command
{
private:
void DoAdd(CommandSource &source, NickCore *nc, const Anope::string &certfp)
void DoAdd(CommandSource &source, NickCore *nc, Anope::string certfp)
{
NSCertList *cl = nc->Require<NSCertList>("certificates");
unsigned max = Config->GetModule(this->owner)->Get<unsigned>("max", "5");
if (cl->GetCertCount() >= Config->GetModule(this->owner)->Get<unsigned>("accessmax", "5"))
if (cl->GetCertCount() >= max)
{
source.Reply(_("Sorry, the maximum of %d certificate entries has been reached."), Config->GetModule(this->owner)->Get<unsigned>("accessmax"));
source.Reply(_("Sorry, the maximum of %d certificate entries has been reached."), max);
return;
}
if (certfp.empty())
if (source.GetAccount() == nc)
{
if (source.GetUser() && !source.GetUser()->fingerprint.empty() && !cl->FindCert(source.GetUser()->fingerprint))
{
cl->AddCert(source.GetUser()->fingerprint);
Log(LOG_COMMAND, source, this) << "to ADD its current certificate fingerprint " << source.GetUser()->fingerprint;
source.Reply(_("\002%s\002 added to your certificate list."), source.GetUser()->fingerprint.c_str());
}
else
this->OnSyntaxError(source, "ADD");
User *u = source.GetUser();
return;
if (!u || u->fingerprint.empty())
{
source.Reply(_("You are not using a client certificate."));
return;
}
certfp = u->fingerprint;
}
if (cl->FindCert(certfp))
@@ -191,26 +193,31 @@ class CommandNSCert : public Command
return;
}
if (certmap.find(certfp) != certmap.end())
{
source.Reply(_("Fingerprint \002%s\002 is already in use."), certfp.c_str());
return;
}
cl->AddCert(certfp);
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to ADD certificate fingerprint " << certfp << " to " << nc->display;
source.Reply(_("\002%s\002 added to %s's certificate list."), certfp.c_str(), nc->display.c_str());
}
void DoDel(CommandSource &source, NickCore *nc, const Anope::string &certfp)
void DoDel(CommandSource &source, NickCore *nc, Anope::string certfp)
{
NSCertList *cl = nc->Require<NSCertList>("certificates");
if (certfp.empty())
{
if (source.GetUser() && !source.GetUser()->fingerprint.empty() && cl->FindCert(source.GetUser()->fingerprint))
{
cl->EraseCert(source.GetUser()->fingerprint);
Log(LOG_COMMAND, source, this) << "to DELETE its current certificate fingerprint " << source.GetUser()->fingerprint;
source.Reply(_("\002%s\002 deleted from your certificate list."), source.GetUser()->fingerprint.c_str());
}
else
this->OnSyntaxError(source, "DEL");
User *u = source.GetUser();
if (u)
certfp = u->fingerprint;
}
if (certfp.empty())
{
this->OnSyntaxError(source, "DEL");
return;
}
@@ -248,7 +255,7 @@ class CommandNSCert : public Command
CommandNSCert(Module *creator) : Command(creator, "nickserv/cert", 1, 3)
{
this->SetDesc(_("Modify the nickname client certificate list"));
this->SetSyntax(_("ADD [\037nickname\037] \037fingerprint\037"));
this->SetSyntax(_("ADD [\037nickname\037] [\037fingerprint\037]"));
this->SetSyntax(_("DEL [\037nickname\037] \037fingerprint\037"));
this->SetSyntax(_("LIST [\037nickname\037]"));
}