New configuration option "Mask" for [Operator] sections to limit OPER command.

ChangeLog

@@ -12,6 +12,8 @@
 
 ngIRCd CVSHEAD
 
+  - New configuration option "Mask" for [Operator] sections to limit OPER
+    commands to ussers with a specific IRC mask. Patch from Florian Westphal.
   - Write "error file" (/tmp/ngircd-XXX.err) only if compiled with debug
     code ("--enable-debug") and running as daemon process.
   - Don't create version information string each time a client connects
@@ -586,4 +588,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: ChangeLog,v 1.261 2005/02/10 12:49:04 alex Exp $
+$Id: ChangeLog,v 1.262 2005/03/02 16:07:30 alex Exp $

NEWS

@@ -12,6 +12,8 @@
 
 ngIRCd CVSHEAD
 
+  - New configuration option "Mask" for [Operator] sections to limit OPER
+    commands to ussers with a specific IRC mask. Patch from Florian Westphal.
   - New configuration variable "PidFile", section "[Global]": if defined,
     the server writes its process ID (PID) to this file. Default: off.
     Idea of Florian Westphal, <westphal@foo.fh-furtwangen.de>.
@@ -198,4 +200,4 @@ ngIRCd 0.0.1, 31.12.2001
 
 
 -- 
-$Id: NEWS,v 1.68 2005/02/04 14:24:20 alex Exp $
+$Id: NEWS,v 1.69 2005/03/02 16:07:30 alex Exp $

doc/sample-ngircd.conf

@@ -1,4 +1,4 @@
-# $Id: sample-ngircd.conf,v 1.30 2005/02/04 14:24:21 alex Exp $
+# $Id: sample-ngircd.conf,v 1.31 2005/03/02 16:07:30 alex Exp $
 
 #
 # This is a sample configuration file for the ngIRCd, which must be adepted
@@ -110,6 +110,9 @@
 	# Password of the IRC operator
 	;Password = ThePwd
 
+	# Optional Mask from which /OPER will be accepted
+	;Mask = *!ident@somewhere.example.com
+
 [Operator]
 	# More [Operator] sections, if you like ...
 

man/ngircd.conf.5

@@ -1,5 +1,5 @@
 .\"
-.\" $Id: ngircd.conf.5,v 1.14 2005/02/14 00:42:41 alex Exp $
+.\" $Id: ngircd.conf.5,v 1.15 2005/03/02 16:07:31 alex Exp $
 .\"
 .TH ngircd.conf 5 "February 2005" ngircd "ngIRCd Manual"
 .SH NAME
@@ -160,6 +160,10 @@ ID of the operator (may be different of the nick name).
 .TP
 \fBPassword\fR
 Password of the IRC operator.
+.TP
+\fBMask\fR
+Mask that is to be checked before an /OPER for this account is accepted.
+Example: nick!ident@*.example.com
 .SH [SERVER]
 Other servers are configured in
 .I [Server]

src/ngircd/conf.c

@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: conf.c,v 1.68 2005/02/04 14:24:21 alex Exp $";
+static char UNUSED id[] = "$Id: conf.c,v 1.69 2005/03/02 16:07:31 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -158,6 +158,7 @@ Conf_Test( VOID )
 		puts( "[OPERATOR]" );
 		printf( "  Name = %s\n", Conf_Oper[i].name );
 		printf( "  Password = %s\n", Conf_Oper[i].pwd );
+		if ( Conf_Oper[i].mask ) printf( "  Mask = %s\n", Conf_Oper[i].mask );
 		puts( "" );
 	}
 
@@ -466,8 +467,12 @@ Read_Config( VOID )
 				else
 				{
 					/* Initialize new operator structure */
-					strcpy( Conf_Oper[Conf_Oper_Count].name, "" );
-					strcpy( Conf_Oper[Conf_Oper_Count].pwd, "" );
+					Conf_Oper[Conf_Oper_Count].name[0] = '\0';
+					Conf_Oper[Conf_Oper_Count].pwd[0] = '\0';
+					if (Conf_Oper[Conf_Oper_Count].mask) {
+						free(Conf_Oper[Conf_Oper_Count].mask );
+						Conf_Oper[Conf_Oper_Count].mask = NULL;
+					}
 					Conf_Oper_Count++;
 				}
 				continue;
@@ -782,6 +787,7 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg )
 LOCAL VOID
 Handle_OPERATOR( INT Line, CHAR *Var, CHAR *Arg )
 {
+	unsigned int len;
 	assert( Line > 0 );
 	assert( Var != NULL );
 	assert( Arg != NULL );
@@ -799,7 +805,19 @@ Handle_OPERATOR( INT Line, CHAR *Var, CHAR *Arg )
 		if( strlcpy( Conf_Oper[Conf_Oper_Count - 1].pwd, Arg, sizeof( Conf_Oper[Conf_Oper_Count - 1].pwd )) >= sizeof( Conf_Oper[Conf_Oper_Count - 1].pwd )) Config_Error_TooLong( Line, Var );
 		return;
 	}
-	
+	if( strcasecmp( Var, "Mask" ) == 0 )
+	{
+		if (Conf_Oper[Conf_Oper_Count - 1].mask) return; /* Hostname already configured */
+		len = strlen( Arg ) + 1;
+		Conf_Oper[Conf_Oper_Count - 1].mask = malloc( len );
+		if (! Conf_Oper[Conf_Oper_Count - 1].mask) {
+			Config_Error( LOG_ERR, "%s, line %d: Cannot allocate memory for operator mask: %s", NGIRCd_ConfFile, Line, strerror(errno) );
+			return;
+		}
+
+		strlcpy( Conf_Oper[Conf_Oper_Count - 1].mask, Arg, len);
+		return;
+	}
 	Config_Error( LOG_ERR, "%s, line %d (section \"Operator\"): Unknown variable \"%s\"!", NGIRCd_ConfFile, Line, Var );
 } /* Handle_OPERATOR */
 

src/ngircd/conf.h

@@ -8,7 +8,7 @@
  * (at your option) any later version.
  * Please read the file COPYING, README and AUTHORS for more information.
  *
- * $Id: conf.h,v 1.30 2005/02/04 14:24:21 alex Exp $
+ * $Id: conf.h,v 1.31 2005/03/02 16:07:31 alex Exp $
  *
  * Configuration management (header)
  */
@@ -26,6 +26,7 @@ typedef struct _Conf_Oper
 {
 	CHAR name[CLIENT_PASS_LEN];	/* Name (ID) of IRC operator */
 	CHAR pwd[CLIENT_PASS_LEN];	/* Password */
+	char *mask;
 } CONF_OPER;
 
 typedef struct _Conf_Server

src/ngircd/irc-oper.c

@@ -14,7 +14,7 @@
 
 #include "portab.h"
 
-static char UNUSED id[] = "$Id: irc-oper.c,v 1.17 2002/12/31 16:10:55 alex Exp $";
+static char UNUSED id[] = "$Id: irc-oper.c,v 1.18 2005/03/02 16:07:31 alex Exp $";
 
 #include "imp.h"
 #include <assert.h>
@@ -65,6 +65,13 @@ IRC_OPER( CLIENT *Client, REQUEST *Req )
 		return IRC_WriteStrClient( Client, ERR_PASSWDMISMATCH_MSG, Client_ID( Client ));
 	}
 
+	/* Authorized Mask? */
+	if( Conf_Oper[i].mask && (! Match( Conf_Oper[i].mask, Client_Mask( Client ) ))) {
+		Log( LOG_WARNING, "Rejected valid OPER for \"%s\": Mask mismatch (got: \"%s\", want: \"%s\")!", Conf_Oper[i].name, Client_Mask( Client ), Conf_Oper[i].mask );
+		return IRC_WriteStrClient( Client, ERR_PASSWDMISMATCH_MSG, Client_ID( Client ));
+	}
+
+
 	if( ! Client_HasMode( Client, 'o' ))
 	{
 		/* noch kein o-Mode gesetzt */