Do not allow users to add certs that other users are using. Only allow adding certfps if the user is using it.

author: Adam <Adam@anope.org> 2014-03-13 20:07:50 -0400
committer: Adam <Adam@anope.org> 2014-03-13 20:07:50 -0400
commit: 296a75f2a9e29dc7f19f4286211fcc1eb7983b1d (patch)
tree: e02c7450ee3975020dbe3e9e53c9a5ee2880cd17
parent: bce7237d9f6b96c4be02c88f60d4c41b1e305836 (diff)
2 files changed, 30 insertions, 23 deletions
diff --git a/data/nickserv.example.conf b/data/nickserv.example.conf
index f6c47ad0c..a53a7146b 100644
--- a/data/nickserv.example.conf
+++ b/data/nickserv.example.conf
@@ -306,7 +306,7 @@ module
 	 * The maximum number of entries allowed on a nickname's certificate fingerprint list.
 	 * The default is 5. This number cannot be set to 0.
 	 */
-	accessmax = 5
+	max = 5
 }
 command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
 
diff --git a/modules/commands/ns_cert.cpp b/modules/commands/ns_cert.cpp
index 99ce7d6d1..81a782045 100644
--- a/modules/commands/ns_cert.cpp
+++ b/modules/commands/ns_cert.cpp
@@ -148,7 +148,9 @@ struct NSCertListImpl : NSCertList
 			Anope::string buf;
 			data["cert"] >> buf;
 			spacesepstream sep(buf);
-			c->ClearCert();
+			for (unsigned i = 0; i < c->certs.size(); ++i)
+				certmap.erase(c->certs[i]);
+			c->certs.clear();
 			while (sep.GetToken(buf))
 			{
 				c->certs.push_back(buf);
@@ -161,28 +163,28 @@ struct NSCertListImpl : NSCertList
 class CommandNSCert : public Command
 {
  private:
-	void DoAdd(CommandSource &source, NickCore *nc, const Anope::string &certfp)
+	void DoAdd(CommandSource &source, NickCore *nc, Anope::string certfp)
 	{
 		NSCertList *cl = nc->Require<NSCertList>("certificates");
+		unsigned max = Config->GetModule(this->owner)->Get<unsigned>("max", "5");
 
-		if (cl->GetCertCount() >= Config->GetModule(this->owner)->Get<unsigned>("accessmax", "5"))
+		if (cl->GetCertCount() >= max)
 		{
-			source.Reply(_("Sorry, the maximum of %d certificate entries has been reached."), Config->GetModule(this->owner)->Get<unsigned>("accessmax"));
+			source.Reply(_("Sorry, the maximum of %d certificate entries has been reached."), max);
 			return;
 		}
 
-		if (certfp.empty())
+		if (source.GetAccount() == nc)
 		{
-			if (source.GetUser() && !source.GetUser()->fingerprint.empty() && !cl->FindCert(source.GetUser()->fingerprint))
+			User *u = source.GetUser();
+
+			if (!u || u->fingerprint.empty())
 			{
-				cl->AddCert(source.GetUser()->fingerprint);
-				Log(LOG_COMMAND, source, this) << "to ADD its current certificate fingerprint " << source.GetUser()->fingerprint;
-				source.Reply(_("\002%s\002 added to your certificate list."), source.GetUser()->fingerprint.c_str());
+				source.Reply(_("You are not using a client certificate."));
+				return;
 			}
-			else
-				this->OnSyntaxError(source, "ADD");
 
-			return;
+			certfp = u->fingerprint;
 		}
 
 		if (cl->FindCert(certfp))
@@ -191,26 +193,31 @@ class CommandNSCert : public Command
 			return;
 		}
 
+		if (certmap.find(certfp) != certmap.end())
+		{
+			source.Reply(_("Fingerprint \002%s\002 is already in use."), certfp.c_str());
+			return;
+		}
+
 		cl->AddCert(certfp);
 		Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to ADD certificate fingerprint " << certfp << " to " << nc->display;
 		source.Reply(_("\002%s\002 added to %s's certificate list."), certfp.c_str(), nc->display.c_str());
 	}
 
-	void DoDel(CommandSource &source, NickCore *nc, const Anope::string &certfp)
+	void DoDel(CommandSource &source, NickCore *nc, Anope::string certfp)
 	{
 		NSCertList *cl = nc->Require<NSCertList>("certificates");
 
 		if (certfp.empty())
 		{
-			if (source.GetUser() && !source.GetUser()->fingerprint.empty() && cl->FindCert(source.GetUser()->fingerprint))
-			{
-				cl->EraseCert(source.GetUser()->fingerprint);
-				Log(LOG_COMMAND, source, this) << "to DELETE its current certificate fingerprint " << source.GetUser()->fingerprint;
-				source.Reply(_("\002%s\002 deleted from your certificate list."), source.GetUser()->fingerprint.c_str());
-			}
-			else
-				this->OnSyntaxError(source, "DEL");
+			User *u = source.GetUser();
+			if (u)
+				certfp = u->fingerprint;
+		}
 
+		if (certfp.empty())
+		{
+			this->OnSyntaxError(source, "DEL");
 			return;
 		}
 
@@ -248,7 +255,7 @@ class CommandNSCert : public Command
 	CommandNSCert(Module *creator) : Command(creator, "nickserv/cert", 1, 3)
 	{
 		this->SetDesc(_("Modify the nickname client certificate list"));
-		this->SetSyntax(_("ADD [\037nickname\037] \037fingerprint\037"));
+		this->SetSyntax(_("ADD [\037nickname\037] [\037fingerprint\037]"));
 		this->SetSyntax(_("DEL [\037nickname\037] \037fingerprint\037"));
 		this->SetSyntax(_("LIST [\037nickname\037]"));
 	}
author	Adam <Adam@anope.org>	2014-03-13 20:07:50 -0400
committer	Adam <Adam@anope.org>	2014-03-13 20:07:50 -0400
commit	296a75f2a9e29dc7f19f4286211fcc1eb7983b1d (patch)
tree	e02c7450ee3975020dbe3e9e53c9a5ee2880cd17
parent	bce7237d9f6b96c4be02c88f60d4c41b1e305836 (diff)