diff options
| -rw-r--r-- | docs/conf/inspircd.conf.example | 4 | ||||
| -rw-r--r-- | src/modules/m_cgiirc.cpp | 33 |
2 files changed, 31 insertions, 6 deletions
diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 7ba324e47..2d22f3160 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -287,6 +287,10 @@ # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 5eba5ce35..3fd9bf250 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -56,8 +56,8 @@ typedef std::vector<CGIhost> CGIHostlist; /* * WEBIRC * This is used for the webirc method of CGIIRC auth, and is (really) the best way to do these things. - * Syntax: WEBIRC password client hostname ip - * Where password is a shared key, client is the name of the "client" and version (e.g. cgiirc), hostname + * Syntax: WEBIRC password gateway hostname ip + * Where password is a shared key, gateway is the name of the WebIRC gateway and version (e.g. cgiirc), hostname * is the resolved host of the client issuing the command and IP is the real IP of the client. * * How it works: @@ -68,18 +68,20 @@ class CommandWebirc : public Command { public: bool notify; + StringExtItem gateway; StringExtItem realhost; StringExtItem realip; CGIHostlist Hosts; CommandWebirc(Module* Creator) - : Command(Creator, "WEBIRC", 4), - realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) - , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) + : Command(Creator, "WEBIRC", 4) + , gateway("cgiirc_gateway", ExtensionItem::EXT_USER, Creator) + , realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) + , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) { allow_empty_last_param = false; works_before_reg = true; - this->syntax = "password client hostname ip"; + this->syntax = "password gateway hostname ip"; } CmdResult Handle(const std::vector<std::string> ¶meters, User *user) { @@ -100,6 +102,7 @@ class CommandWebirc : public Command { if(iter->type == WEBIRC && parameters[0] == iter->password) { + gateway.set(user, parameters[1]); realhost.set(user, user->host); realip.set(user, user->GetIPString()); @@ -314,6 +317,24 @@ public: return MOD_RES_PASSTHRU; } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE + { + // If <connect:webirc> is not set then we have nothing to do. + const std::string webirc = myclass->config->getString("webirc"); + if (webirc.empty()) + return MOD_RES_PASSTHRU; + + // If the user is not connecting via a WebIRC gateway then they + // cannot match this connect class. + const std::string* gateway = cmd.gateway.get(user); + if (!gateway) + return MOD_RES_DENY; + + // If the gateway matches the <connect:webirc> constraint then + // allow the check to continue. Otherwise, reject it. + return InspIRCd::Match(*gateway, webirc) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + } + ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { for(CGIHostlist::iterator iter = cmd.Hosts.begin(); iter != cmd.Hosts.end(); iter++) |