From 490c9d04d71433982b848c032acee546e2d411f2 Mon Sep 17 00:00:00 2001 From: Alexander Barton Date: Wed, 2 Mar 2005 16:07:30 +0000 Subject: [PATCH] New configuration option "Mask" for [Operator] sections to limit OPER command. --- ChangeLog | 4 +++- NEWS | 4 +++- doc/sample-ngircd.conf | 5 ++++- man/ngircd.conf.5 | 6 +++++- src/ngircd/conf.c | 26 ++++++++++++++++++++++---- src/ngircd/conf.h | 3 ++- src/ngircd/irc-oper.c | 9 ++++++++- 7 files changed, 47 insertions(+), 10 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7d134b6f..13929d53 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ ngIRCd CVSHEAD + - New configuration option "Mask" for [Operator] sections to limit OPER + commands to ussers with a specific IRC mask. Patch from Florian Westphal. - Write "error file" (/tmp/ngircd-XXX.err) only if compiled with debug code ("--enable-debug") and running as daemon process. - Don't create version information string each time a client connects @@ -586,4 +588,4 @@ ngIRCd 0.0.1, 31.12.2001 -- -$Id: ChangeLog,v 1.261 2005/02/10 12:49:04 alex Exp $ +$Id: ChangeLog,v 1.262 2005/03/02 16:07:30 alex Exp $ diff --git a/NEWS b/NEWS index 9b1efedf..4778cd7d 100644 --- a/NEWS +++ b/NEWS @@ -12,6 +12,8 @@ ngIRCd CVSHEAD + - New configuration option "Mask" for [Operator] sections to limit OPER + commands to ussers with a specific IRC mask. Patch from Florian Westphal. - New configuration variable "PidFile", section "[Global]": if defined, the server writes its process ID (PID) to this file. Default: off. Idea of Florian Westphal, . @@ -198,4 +200,4 @@ ngIRCd 0.0.1, 31.12.2001 -- -$Id: NEWS,v 1.68 2005/02/04 14:24:20 alex Exp $ +$Id: NEWS,v 1.69 2005/03/02 16:07:30 alex Exp $ diff --git a/doc/sample-ngircd.conf b/doc/sample-ngircd.conf index a34f0480..72d2e467 100644 --- a/doc/sample-ngircd.conf +++ b/doc/sample-ngircd.conf @@ -1,4 +1,4 @@ -# $Id: sample-ngircd.conf,v 1.30 2005/02/04 14:24:21 alex Exp $ +# $Id: sample-ngircd.conf,v 1.31 2005/03/02 16:07:30 alex Exp $ # # This is a sample configuration file for the ngIRCd, which must be adepted @@ -110,6 +110,9 @@ # Password of the IRC operator ;Password = ThePwd + # Optional Mask from which /OPER will be accepted + ;Mask = *!ident@somewhere.example.com + [Operator] # More [Operator] sections, if you like ... diff --git a/man/ngircd.conf.5 b/man/ngircd.conf.5 index 49efafde..e7f44c6d 100644 --- a/man/ngircd.conf.5 +++ b/man/ngircd.conf.5 @@ -1,5 +1,5 @@ .\" -.\" $Id: ngircd.conf.5,v 1.14 2005/02/14 00:42:41 alex Exp $ +.\" $Id: ngircd.conf.5,v 1.15 2005/03/02 16:07:31 alex Exp $ .\" .TH ngircd.conf 5 "February 2005" ngircd "ngIRCd Manual" .SH NAME @@ -160,6 +160,10 @@ ID of the operator (may be different of the nick name). .TP \fBPassword\fR Password of the IRC operator. +.TP +\fBMask\fR +Mask that is to be checked before an /OPER for this account is accepted. +Example: nick!ident@*.example.com .SH [SERVER] Other servers are configured in .I [Server] diff --git a/src/ngircd/conf.c b/src/ngircd/conf.c index 17090d8a..312ebff9 100644 --- a/src/ngircd/conf.c +++ b/src/ngircd/conf.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: conf.c,v 1.68 2005/02/04 14:24:21 alex Exp $"; +static char UNUSED id[] = "$Id: conf.c,v 1.69 2005/03/02 16:07:31 alex Exp $"; #include "imp.h" #include @@ -158,6 +158,7 @@ Conf_Test( VOID ) puts( "[OPERATOR]" ); printf( " Name = %s\n", Conf_Oper[i].name ); printf( " Password = %s\n", Conf_Oper[i].pwd ); + if ( Conf_Oper[i].mask ) printf( " Mask = %s\n", Conf_Oper[i].mask ); puts( "" ); } @@ -466,8 +467,12 @@ Read_Config( VOID ) else { /* Initialize new operator structure */ - strcpy( Conf_Oper[Conf_Oper_Count].name, "" ); - strcpy( Conf_Oper[Conf_Oper_Count].pwd, "" ); + Conf_Oper[Conf_Oper_Count].name[0] = '\0'; + Conf_Oper[Conf_Oper_Count].pwd[0] = '\0'; + if (Conf_Oper[Conf_Oper_Count].mask) { + free(Conf_Oper[Conf_Oper_Count].mask ); + Conf_Oper[Conf_Oper_Count].mask = NULL; + } Conf_Oper_Count++; } continue; @@ -782,6 +787,7 @@ Handle_GLOBAL( INT Line, CHAR *Var, CHAR *Arg ) LOCAL VOID Handle_OPERATOR( INT Line, CHAR *Var, CHAR *Arg ) { + unsigned int len; assert( Line > 0 ); assert( Var != NULL ); assert( Arg != NULL ); @@ -799,7 +805,19 @@ Handle_OPERATOR( INT Line, CHAR *Var, CHAR *Arg ) if( strlcpy( Conf_Oper[Conf_Oper_Count - 1].pwd, Arg, sizeof( Conf_Oper[Conf_Oper_Count - 1].pwd )) >= sizeof( Conf_Oper[Conf_Oper_Count - 1].pwd )) Config_Error_TooLong( Line, Var ); return; } - + if( strcasecmp( Var, "Mask" ) == 0 ) + { + if (Conf_Oper[Conf_Oper_Count - 1].mask) return; /* Hostname already configured */ + len = strlen( Arg ) + 1; + Conf_Oper[Conf_Oper_Count - 1].mask = malloc( len ); + if (! Conf_Oper[Conf_Oper_Count - 1].mask) { + Config_Error( LOG_ERR, "%s, line %d: Cannot allocate memory for operator mask: %s", NGIRCd_ConfFile, Line, strerror(errno) ); + return; + } + + strlcpy( Conf_Oper[Conf_Oper_Count - 1].mask, Arg, len); + return; + } Config_Error( LOG_ERR, "%s, line %d (section \"Operator\"): Unknown variable \"%s\"!", NGIRCd_ConfFile, Line, Var ); } /* Handle_OPERATOR */ diff --git a/src/ngircd/conf.h b/src/ngircd/conf.h index 93c8ebf0..3c180160 100644 --- a/src/ngircd/conf.h +++ b/src/ngircd/conf.h @@ -8,7 +8,7 @@ * (at your option) any later version. * Please read the file COPYING, README and AUTHORS for more information. * - * $Id: conf.h,v 1.30 2005/02/04 14:24:21 alex Exp $ + * $Id: conf.h,v 1.31 2005/03/02 16:07:31 alex Exp $ * * Configuration management (header) */ @@ -26,6 +26,7 @@ typedef struct _Conf_Oper { CHAR name[CLIENT_PASS_LEN]; /* Name (ID) of IRC operator */ CHAR pwd[CLIENT_PASS_LEN]; /* Password */ + char *mask; } CONF_OPER; typedef struct _Conf_Server diff --git a/src/ngircd/irc-oper.c b/src/ngircd/irc-oper.c index a113f179..f1824c9b 100644 --- a/src/ngircd/irc-oper.c +++ b/src/ngircd/irc-oper.c @@ -14,7 +14,7 @@ #include "portab.h" -static char UNUSED id[] = "$Id: irc-oper.c,v 1.17 2002/12/31 16:10:55 alex Exp $"; +static char UNUSED id[] = "$Id: irc-oper.c,v 1.18 2005/03/02 16:07:31 alex Exp $"; #include "imp.h" #include @@ -65,6 +65,13 @@ IRC_OPER( CLIENT *Client, REQUEST *Req ) return IRC_WriteStrClient( Client, ERR_PASSWDMISMATCH_MSG, Client_ID( Client )); } + /* Authorized Mask? */ + if( Conf_Oper[i].mask && (! Match( Conf_Oper[i].mask, Client_Mask( Client ) ))) { + Log( LOG_WARNING, "Rejected valid OPER for \"%s\": Mask mismatch (got: \"%s\", want: \"%s\")!", Conf_Oper[i].name, Client_Mask( Client ), Conf_Oper[i].mask ); + return IRC_WriteStrClient( Client, ERR_PASSWDMISMATCH_MSG, Client_ID( Client )); + } + + if( ! Client_HasMode( Client, 'o' )) { /* noch kein o-Mode gesetzt */