diff options
| author | Peter Powell <petpow@saberuk.com> | 2017-08-05 18:33:04 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2017-08-05 18:33:04 +0100 |
| commit | 02497bfa999da26c19a92d8620c35bb97f1da711 (patch) | |
| tree | 084ec771864163a4e93077a94895660c927903c5 /src/modules/m_cgiirc.cpp | |
| parent | 0b60166d8a9ca1c461f014b9dcb03312f2e487d7 (diff) | |
| parent | 62fe5b32bcdc86aa4eb67bbe8dee214066382eeb (diff) | |
Merge pull request #1351 from SaberUK/master+webirc
Allow filtering WebIRC connections into a connect class by gateway.
Diffstat (limited to 'src/modules/m_cgiirc.cpp')
| -rw-r--r-- | src/modules/m_cgiirc.cpp | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 5eba5ce35..3fd9bf250 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -56,8 +56,8 @@ typedef std::vector<CGIhost> CGIHostlist; /* * WEBIRC * This is used for the webirc method of CGIIRC auth, and is (really) the best way to do these things. - * Syntax: WEBIRC password client hostname ip - * Where password is a shared key, client is the name of the "client" and version (e.g. cgiirc), hostname + * Syntax: WEBIRC password gateway hostname ip + * Where password is a shared key, gateway is the name of the WebIRC gateway and version (e.g. cgiirc), hostname * is the resolved host of the client issuing the command and IP is the real IP of the client. * * How it works: @@ -68,18 +68,20 @@ class CommandWebirc : public Command { public: bool notify; + StringExtItem gateway; StringExtItem realhost; StringExtItem realip; CGIHostlist Hosts; CommandWebirc(Module* Creator) - : Command(Creator, "WEBIRC", 4), - realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) - , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) + : Command(Creator, "WEBIRC", 4) + , gateway("cgiirc_gateway", ExtensionItem::EXT_USER, Creator) + , realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) + , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) { allow_empty_last_param = false; works_before_reg = true; - this->syntax = "password client hostname ip"; + this->syntax = "password gateway hostname ip"; } CmdResult Handle(const std::vector<std::string> ¶meters, User *user) { @@ -100,6 +102,7 @@ class CommandWebirc : public Command { if(iter->type == WEBIRC && parameters[0] == iter->password) { + gateway.set(user, parameters[1]); realhost.set(user, user->host); realip.set(user, user->GetIPString()); @@ -314,6 +317,24 @@ public: return MOD_RES_PASSTHRU; } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE + { + // If <connect:webirc> is not set then we have nothing to do. + const std::string webirc = myclass->config->getString("webirc"); + if (webirc.empty()) + return MOD_RES_PASSTHRU; + + // If the user is not connecting via a WebIRC gateway then they + // cannot match this connect class. + const std::string* gateway = cmd.gateway.get(user); + if (!gateway) + return MOD_RES_DENY; + + // If the gateway matches the <connect:webirc> constraint then + // allow the check to continue. Otherwise, reject it. + return InspIRCd::Match(*gateway, webirc) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + } + ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { for(CGIHostlist::iterator iter = cmd.Hosts.begin(); iter != cmd.Hosts.end(); iter++) |