inspircd

A modular C++ IRC daemon (ircd). https://www.inspircd.org/
Log | Files | Refs | README

commit 2ee2e8b60d707d7a1bb644a16060654cb86c7b9f
parent e844a2cef9aeadbeea26531f98e5fe8b0b2f4dd1
Author: linuxdaemon <linuxdaemon@users.noreply.github.com>
Date:   Fri,  1 Feb 2019 03:47:20 -0600

Allow multiple fingerprints in an oper block (#1564)


Diffstat:
Minclude/hashcomp.h | 6++++++
Msrc/hashcomp.cpp | 10++++++++++
Msrc/modules/m_sslinfo.cpp | 9+++++++--
3 files changed, 23 insertions(+), 2 deletions(-)

diff --git a/include/hashcomp.h b/include/hashcomp.h @@ -148,6 +148,12 @@ namespace irc * @return True if the end of the stream has been reached, otherwise false */ bool StreamEnd(); + + /** Returns true if the specified value exists in the stream + * @param value The value to search for + * @return True if the value was found, False otherwise + */ + bool Contains(const std::string& value); }; /** A derived form of sepstream, which seperates on commas diff --git a/src/hashcomp.cpp b/src/hashcomp.cpp @@ -287,6 +287,16 @@ bool irc::sepstream::StreamEnd() return this->pos > this->tokens.length(); } +bool irc::sepstream::Contains(const std::string& value) +{ + std::string token; + while (GetToken(token)) + if (value == token) + return true; + + return false; +} + irc::portparser::portparser(const std::string &source, bool allow_overlapped) : sep(source), in_range(0), range_begin(0), range_end(0), overlapped(allow_overlapped) { diff --git a/src/modules/m_sslinfo.cpp b/src/modules/m_sslinfo.cpp @@ -188,6 +188,11 @@ class ModuleSSLInfo private: CommandSSLInfo cmd; + bool MatchFP(ssl_cert* const cert, const std::string& fp) const + { + return irc::spacesepstream(fp).Contains(cert->GetFingerprint()); + } + public: ModuleSSLInfo() : WebIRC::EventListener(this) @@ -231,7 +236,7 @@ class ModuleSSLInfo } std::string fingerprint; - if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || cert->GetFingerprint() != fingerprint)) + if (ifo->oper_block->readString("fingerprint", fingerprint) && (!cert || !MatchFP(cert, fingerprint))) { user->WriteNumeric(ERR_NOOPERHOST, "This oper login requires a matching SSL certificate fingerprint."); user->CommandFloodPenalty += 10000; @@ -275,7 +280,7 @@ class ModuleSSLInfo { OperInfo* ifo = i->second; std::string fp = ifo->oper_block->getString("fingerprint"); - if (fp == cert->fingerprint && ifo->oper_block->getBool("autologin")) + if (MatchFP(cert, fp) && ifo->oper_block->getBool("autologin")) user->Oper(ifo); } }