diff options
author | Peter Powell <petpow@saberuk.com> | 2017-06-22 12:24:11 +0100 |
---|---|---|
committer | Peter Powell <petpow@saberuk.com> | 2017-06-22 13:08:57 +0100 |
commit | 62fe5b32bcdc86aa4eb67bbe8dee214066382eeb (patch) | |
tree | c065177b0c9bde1339cd0961893116c236ba4109 /src/modules | |
parent | 127683c29e6eb33c21f85cf1ccba6fb85fc0cdec (diff) |
Allow filtering WebIRC connections into a connect class by gateway.
Diffstat (limited to 'src/modules')
-rw-r--r-- | src/modules/m_cgiirc.cpp | 33 |
1 files changed, 27 insertions, 6 deletions
diff --git a/src/modules/m_cgiirc.cpp b/src/modules/m_cgiirc.cpp index 09d6e5fdf..251773643 100644 --- a/src/modules/m_cgiirc.cpp +++ b/src/modules/m_cgiirc.cpp @@ -56,8 +56,8 @@ typedef std::vector<CGIhost> CGIHostlist; /* * WEBIRC * This is used for the webirc method of CGIIRC auth, and is (really) the best way to do these things. - * Syntax: WEBIRC password client hostname ip - * Where password is a shared key, client is the name of the "client" and version (e.g. cgiirc), hostname + * Syntax: WEBIRC password gateway hostname ip + * Where password is a shared key, gateway is the name of the WebIRC gateway and version (e.g. cgiirc), hostname * is the resolved host of the client issuing the command and IP is the real IP of the client. * * How it works: @@ -68,17 +68,19 @@ class CommandWebirc : public Command { public: bool notify; + StringExtItem gateway; StringExtItem realhost; StringExtItem realip; CGIHostlist Hosts; CommandWebirc(Module* Creator) - : Command(Creator, "WEBIRC", 4), - realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) - , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) + : Command(Creator, "WEBIRC", 4) + , gateway("cgiirc_gateway", ExtensionItem::EXT_USER, Creator) + , realhost("cgiirc_realhost", ExtensionItem::EXT_USER, Creator) + , realip("cgiirc_realip", ExtensionItem::EXT_USER, Creator) { works_before_reg = true; - this->syntax = "password client hostname ip"; + this->syntax = "password gateway hostname ip"; } CmdResult Handle(const std::vector<std::string> ¶meters, User *user) { @@ -91,6 +93,7 @@ class CommandWebirc : public Command { if(iter->type == WEBIRC && parameters[0] == iter->password) { + gateway.set(user, parameters[1]); realhost.set(user, user->host); realip.set(user, user->GetIPString()); @@ -304,6 +307,24 @@ public: return MOD_RES_PASSTHRU; } + ModResult OnSetConnectClass(LocalUser* user, ConnectClass* myclass) CXX11_OVERRIDE + { + // If <connect:webirc> is not set then we have nothing to do. + const std::string webirc = myclass->config->getString("webirc"); + if (webirc.empty()) + return MOD_RES_PASSTHRU; + + // If the user is not connecting via a WebIRC gateway then they + // cannot match this connect class. + const std::string* gateway = cmd.gateway.get(user); + if (!gateway) + return MOD_RES_DENY; + + // If the gateway matches the <connect:webirc> constraint then + // allow the check to continue. Otherwise, reject it. + return InspIRCd::Match(*gateway, webirc) ? MOD_RES_PASSTHRU : MOD_RES_DENY; + } + ModResult OnUserRegister(LocalUser* user) CXX11_OVERRIDE { for(CGIHostlist::iterator iter = cmd.Hosts.begin(); iter != cmd.Hosts.end(); iter++) |