mirror of
https://github.com/unrealircd/unrealircd.git
synced 2026-07-09 11:53:13 +02:00
Add security group "websocket-users" and add security-group options
security-group::websocket and security-group::exclude-websocket, all similar to how security-group::webirc works but for websocket. Suggested by PeGaSuS in https://bugs.unrealircd.org/view.php?id=5598 and Nini in https://bugs.unrealircd.org/view.php?id=6222
This commit is contained in:
@@ -1993,6 +1993,7 @@ struct SecurityGroup {
|
||||
int reputation_score;
|
||||
long connect_time;
|
||||
int webirc;
|
||||
int websocket;
|
||||
int tls;
|
||||
NameList *ip;
|
||||
ConfigItem_mask *mask;
|
||||
@@ -2003,6 +2004,7 @@ struct SecurityGroup {
|
||||
int exclude_reputation_score;
|
||||
long exclude_connect_time;
|
||||
int exclude_webirc;
|
||||
int exclude_websocket;
|
||||
int exclude_tls;
|
||||
NameList *exclude_ip;
|
||||
ConfigItem_mask *exclude_mask;
|
||||
|
||||
@@ -168,6 +168,10 @@ int test_match_item(ConfigFile *conf, ConfigEntry *cep, int *errors)
|
||||
{
|
||||
CheckNullX(cep);
|
||||
} else
|
||||
if (!strcmp(cep->name, "websocket") || !strcmp(cep->name, "exclude-websocket"))
|
||||
{
|
||||
CheckNullX(cep);
|
||||
} else
|
||||
if (!strcmp(cep->name, "identified") || !strcmp(cep->name, "exclude-identified"))
|
||||
{
|
||||
CheckNullX(cep);
|
||||
@@ -365,6 +369,8 @@ int conf_match_item(ConfigFile *conf, ConfigEntry *cep, SecurityGroup **block)
|
||||
|
||||
if (!strcmp(cep->name, "webirc"))
|
||||
s->webirc = config_checkval(cep->value, CFG_YESNO);
|
||||
if (!strcmp(cep->name, "websocket"))
|
||||
s->websocket = config_checkval(cep->value, CFG_YESNO);
|
||||
else if (!strcmp(cep->name, "identified"))
|
||||
s->identified = config_checkval(cep->value, CFG_YESNO);
|
||||
else if (!strcmp(cep->name, "tls"))
|
||||
@@ -397,6 +403,8 @@ int conf_match_item(ConfigFile *conf, ConfigEntry *cep, SecurityGroup **block)
|
||||
}
|
||||
else if (!strcmp(cep->name, "exclude-webirc"))
|
||||
s->exclude_webirc = config_checkval(cep->value, CFG_YESNO);
|
||||
else if (!strcmp(cep->name, "exclude-websocket"))
|
||||
s->exclude_websocket = config_checkval(cep->value, CFG_YESNO);
|
||||
else if (!strcmp(cep->name, "exclude-identified"))
|
||||
s->exclude_identified = config_checkval(cep->value, CFG_YESNO);
|
||||
else if (!strcmp(cep->name, "exclude-tls"))
|
||||
@@ -596,6 +604,10 @@ void set_security_group_defaults(void)
|
||||
s = add_security_group("webirc-users", 50);
|
||||
s->webirc = 1;
|
||||
|
||||
/* Default group: websocket */
|
||||
s = add_security_group("websocket-users", 51);
|
||||
s->websocket = 1;
|
||||
|
||||
/* Default group: known-users */
|
||||
s = add_security_group("known-users", 100);
|
||||
s->identified = 1;
|
||||
@@ -725,6 +737,8 @@ int user_allowed_by_security_group(Client *client, SecurityGroup *s)
|
||||
goto user_not_allowed;
|
||||
if (s->exclude_webirc && moddata_client_get(client, "webirc"))
|
||||
goto user_not_allowed;
|
||||
if (s->exclude_websocket && moddata_client_get(client, "websocket"))
|
||||
goto user_not_allowed;
|
||||
if ((s->exclude_reputation_score > 0) && (GetReputation(client) >= s->exclude_reputation_score))
|
||||
goto user_not_allowed;
|
||||
if ((s->exclude_reputation_score < 0) && (GetReputation(client) < 0 - s->exclude_reputation_score))
|
||||
@@ -753,6 +767,8 @@ int user_allowed_by_security_group(Client *client, SecurityGroup *s)
|
||||
goto user_allowed;
|
||||
if (s->webirc && moddata_client_get(client, "webirc"))
|
||||
goto user_allowed;
|
||||
if (s->websocket && moddata_client_get(client, "websocket"))
|
||||
goto user_allowed;
|
||||
if ((s->reputation_score > 0) && (GetReputation(client) >= s->reputation_score))
|
||||
goto user_allowed;
|
||||
if ((s->reputation_score < 0) && (GetReputation(client) < 0 - s->reputation_score))
|
||||
|
||||
Reference in New Issue
Block a user