unrealircd

- supernets unrealircd source & configuration
git clone git://git.acid.vegas/unrealircd.git
Log | Files | Refs | Archive | README | LICENSE

sts.c (2622B)

      1 /*
      2  *   IRC - Internet Relay Chat, src/modules/sts.c
      3  *   (C) 2017 Syzop & The UnrealIRCd Team
      4  *
      5  *   See file AUTHORS in IRC package for additional names of
      6  *   the programmers.
      7  *
      8  *   This program is free software; you can redistribute it and/or modify
      9  *   it under the terms of the GNU General Public License as published by
     10  *   the Free Software Foundation; either version 1, or (at your option)
     11  *   any later version.
     12  *
     13  *   This program is distributed in the hope that it will be useful,
     14  *   but WITHOUT ANY WARRANTY; without even the implied warranty of
     15  *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
     16  *   GNU General Public License for more details.
     17  *
     18  *   You should have received a copy of the GNU General Public License
     19  *   along with this program; if not, write to the Free Software
     20  *   Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
     21  */
     22 
     23 #include "unrealircd.h"
     24 
     25 ModuleHeader MOD_HEADER
     26   = {
     27 	"sts",
     28 	"5.0",
     29 	"Strict Transport Security CAP", 
     30 	"UnrealIRCd Team",
     31 	"unrealircd-6",
     32 	};
     33 
     34 MOD_INIT()
     35 {
     36 	MARK_AS_OFFICIAL_MODULE(modinfo);
     37 
     38 	return MOD_SUCCESS;
     39 }
     40 
     41 void init_sts(ModuleInfo *modinfo);
     42 
     43 MOD_LOAD()
     44 {
     45 	/* init_sts is delayed to MOD_LOAD due to configuration dependency */
     46 	init_sts(modinfo);
     47 	return MOD_SUCCESS;
     48 }
     49 
     50 MOD_UNLOAD()
     51 {
     52 	return MOD_SUCCESS;
     53 }
     54 
     55 /** Check if this capability should be visible.
     56  * Note that 'client' may be NULL.
     57  */
     58 int sts_capability_visible(Client *client)
     59 {
     60 	TLSOptions *ssl;
     61 
     62 	/* This is possible if queried from the CAP NEW/DEL code */
     63 	if (client == NULL)
     64 		return (iConf.tls_options && iConf.tls_options->sts_port) ? 1 : 0;
     65 
     66 	if (!IsSecure(client))
     67 	{
     68 		if (iConf.tls_options && iConf.tls_options->sts_port)
     69 			return 1; /* YES, non-TLS user and set::tls::sts-policy configured */
     70 		return 0; /* NO, there is no sts-policy */
     71 	}
     72 
     73 	ssl = FindTLSOptionsForUser(client);
     74 
     75 	if (ssl && ssl->sts_port)
     76 		return 1;
     77 
     78 	return 0;
     79 }
     80 
     81 const char *sts_capability_parameter(Client *client)
     82 {
     83 	TLSOptions *ssl;
     84 	static char buf[256];
     85 
     86 	if (IsSecure(client))
     87 		ssl = FindTLSOptionsForUser(client);
     88 	else
     89 		ssl = iConf.tls_options;
     90 
     91 	if (!ssl)
     92 		return ""; /* This would be odd. */
     93 
     94 	snprintf(buf, sizeof(buf), "port=%d,duration=%ld", ssl->sts_port, ssl->sts_duration);
     95 	if (ssl->sts_preload)
     96 		strlcat(buf, ",preload", sizeof(buf));
     97 
     98 	return buf;
     99 }
    100 
    101 void init_sts(ModuleInfo *modinfo)
    102 {
    103 	ClientCapabilityInfo cap;
    104 
    105 	memset(&cap, 0, sizeof(cap));
    106 	cap.name = "sts";
    107 	cap.flags = CLICAP_FLAGS_ADVERTISE_ONLY;
    108 	cap.visible = sts_capability_visible;
    109 	cap.parameter = sts_capability_parameter;
    110 	ClientCapabilityAdd(modinfo->handle, &cap, NULL);
    111 }