Implemented new "secure clients only" channel mode: +z

Only clients using a SSL encrypted connection to the server are
allowed to join such a channel.

But please note three things:

a) already joined clients are not checked when setting this mode,
b) IRC operators are always allowed to join every channel, and
c) remote clients using a server not supporting this mode are not
   checked either and therefore always allowed to join.

diff --git a/NEWS b/NEWS
index 5a0a9dd5a7001f6defbdb6359bc2ef5cfb0da834..3457312b2d593f81c7cc1926bb31594595614c90 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,7 +1,7 @@
 
                      ngIRCd - Next Generation IRC Server
 
 
                      ngIRCd - Next Generation IRC Server
 

-                        (c)2001-2009 Alexander Barton,
+                        (c)2001-2010 Alexander Barton,

                     alex@barton.de, http://www.barton.de/
 
                ngIRCd is free software and published under the
                     alex@barton.de, http://www.barton.de/
 
                ngIRCd is free software and published under the


@@ -10,6 +10,16 @@
                                   -- NEWS --
 
 
                                   -- NEWS --
 
 

+ngIRCd Release 16
+
+  - A new channel mode "secure connections only" (+z) has been implemented:
+    Only clients using a SSL encrypted connection to the server are allowed
+    to join such a channel.
+    But please note three things: a) already joined clients are not checked
+    when setting this mode, b) IRC operators are always allowed to join
+    every channel, and c) remote clients using a server not supporting this
+    mode are not checked either and therefore always allowed to join.
+

 ngIRCd Release 15 (2009-11-07)
 
   ngIRCd 15~rc1 (2009-10-15)
 ngIRCd Release 15 (2009-11-07)
 
   ngIRCd 15~rc1 (2009-10-15)

diff --git a/src/ngircd/defines.h b/src/ngircd/defines.h
index 010dd8ea4ee84ff906768f69c1b8eb5a1102f54c..94c7dd1e92a393ae24478cb037af1755cb25e334 100644 (file)
--- a/src/ngircd/defines.h
+++ b/src/ngircd/defines.h
@@ -81,7 +81,7 @@
                                           in seconds. */
 
 #define USERMODES "aiorsw"             /* Supported user modes. */
                                           in seconds. */
 
 #define USERMODES "aiorsw"             /* Supported user modes. */

-#define CHANMODES "biIklmnoPstv"       /* Supported channel modes. */
+#define CHANMODES "biIklmnoPstvz"      /* Supported channel modes. */

 
 #define CONNECTED true                 /* Internal status codes. */
 #define DISCONNECTED false
 
 #define CONNECTED true                 /* Internal status codes. */
 #define DISCONNECTED false

diff --git a/src/ngircd/irc-channel.c b/src/ngircd/irc-channel.c
index 010be3520d42b42f366e3bdabde946334cc48957..1014d3aa469f4b158b2e66842def42a66fba6878 100644 (file)
--- a/src/ngircd/irc-channel.c
+++ b/src/ngircd/irc-channel.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
 /*
  * ngIRCd -- The Next Generation IRC Daemon

- * Copyright (c)2001-2008 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)

  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by


@@ -93,7 +93,7 @@ join_allowed(CLIENT *Client, CHANNEL *chan, const char *channame,
        }
 
        channel_modes = Channel_Modes(chan);
        }
 
        channel_modes = Channel_Modes(chan);

-       if ((strchr(channel_modes, 'i')) && !is_invited) {
+       if (strchr(channel_modes, 'i') && !is_invited) {

                /* Channel is "invite-only" and client is not on invite list */
                IRC_WriteStrClient(Client, ERR_INVITEONLYCHAN_MSG,
                                   Client_ID(Client), channame);
                /* Channel is "invite-only" and client is not on invite list */
                IRC_WriteStrClient(Client, ERR_INVITEONLYCHAN_MSG,
                                   Client_ID(Client), channame);


@@ -108,7 +108,7 @@ join_allowed(CLIENT *Client, CHANNEL *chan, const char *channame,
                return false;
        }
 
                return false;
        }
 

-       if ((strchr(channel_modes, 'l')) &&
+       if (strchr(channel_modes, 'l') &&

            (Channel_MaxUsers(chan) <= Channel_MemberCount(chan))) {
                /* There are more clints joined to this channel than allowed */
                IRC_WriteStrClient(Client, ERR_CHANNELISFULL_MSG,
            (Channel_MaxUsers(chan) <= Channel_MemberCount(chan))) {
                /* There are more clints joined to this channel than allowed */
                IRC_WriteStrClient(Client, ERR_CHANNELISFULL_MSG,


@@ -116,6 +116,14 @@ join_allowed(CLIENT *Client, CHANNEL *chan, const char *channame,
                return false;
        }
 
                return false;
        }
 

+       if (strchr(channel_modes, 'z') && !Conn_UsesSSL(Client_Conn(Client))) {
+               /* Only "secure" clients are allowed, but clients doesn't
+                * use SSL encryption */
+               IRC_WriteStrClient(Client, ERR_SECURECHANNEL_MSG,
+                                  Client_ID(Client), channame);
+               return false;
+       }
+

        return true;
 }
 
        return true;
 }
 

diff --git a/src/ngircd/irc-mode.c b/src/ngircd/irc-mode.c
index 9509fb012bc615114cc9cd7dff97adbabdf01ad0..d22d32f01acc3c82a787ecc375a6fe041cc57e39 100644 (file)
--- a/src/ngircd/irc-mode.c
+++ b/src/ngircd/irc-mode.c
@@ -1,6 +1,6 @@
 /*
  * ngIRCd -- The Next Generation IRC Daemon
 /*
  * ngIRCd -- The Next Generation IRC Daemon

- * Copyright (c)2001-2008 Alexander Barton (alex@barton.de)
+ * Copyright (c)2001-2010 Alexander Barton (alex@barton.de)

  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by
  *
  * This program is free software; you can redistribute it and/or modify
  * it under the terms of the GNU General Public License as published by


@@ -401,6 +401,7 @@ Channel_Mode(CLIENT *Client, REQUEST *Req, CLIENT *Origin, CHANNEL *Channel)
                case 'n': /* Only members can write */
                case 's': /* Secret channel */
                case 't': /* Topic locked */
                case 'n': /* Only members can write */
                case 's': /* Secret channel */
                case 't': /* Topic locked */

+               case 'z': /* Secure connections only */

                        if (modeok)
                                x[0] = *mode_ptr;
                        else
                        if (modeok)
                                x[0] = *mode_ptr;
                        else

diff --git a/src/ngircd/messages.h b/src/ngircd/messages.h
index 59c6cdb91623aae327671252da3e77dd08387feb..e15bf166e3ff0bf80a8a317a72490734eeb13802 100644 (file)
--- a/src/ngircd/messages.h
+++ b/src/ngircd/messages.h
@@ -113,6 +113,7 @@
 #define ERR_ALREADYREGISTRED_MSG       "462 %s :Connection already registered"
 #define ERR_PASSWDMISMATCH_MSG         "464 %s :Invalid password"
 #define ERR_CHANNELISFULL_MSG          "471 %s %s :Cannot join channel (+l)"
 #define ERR_ALREADYREGISTRED_MSG       "462 %s :Connection already registered"
 #define ERR_PASSWDMISMATCH_MSG         "464 %s :Invalid password"
 #define ERR_CHANNELISFULL_MSG          "471 %s %s :Cannot join channel (+l)"

+#define ERR_SECURECHANNEL_MSG          "471 %s %s :Cannot join channel (+z)"

 #define ERR_UNKNOWNMODE_MSG            "472 %s: %c :is unknown mode char for %s"
 #define ERR_INVITEONLYCHAN_MSG         "473 %s %s :Cannot join channel (+i)"
 #define ERR_BANNEDFROMCHAN_MSG         "474 %s %s :Cannot join channel (+b)"
 #define ERR_UNKNOWNMODE_MSG            "472 %s: %c :is unknown mode char for %s"
 #define ERR_INVITEONLYCHAN_MSG         "473 %s %s :Cannot join channel (+i)"
 #define ERR_BANNEDFROMCHAN_MSG         "474 %s %s :Cannot join channel (+b)"