3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-30 23:09:23 +01:00

relay: add a whitelist mode for LINKACL (#394)

This commit is contained in:
James Lu 2018-05-09 23:29:56 -07:00
parent f1b3d8d0ad
commit 0ae4aea133

View File

@ -2262,7 +2262,9 @@ def link(irc, source, args):
irc.error('No such relay %r exists.' % args.channel) irc.error('No such relay %r exists.' % args.channel)
return return
else: else:
if irc.name in entry['blocked_nets']: whitelist_mode = entry.get('use_whitelist', False)
if ((not whitelist_mode) and irc.name in entry['blocked_nets']) or \
(whitelist_mode and irc.name not in entry.get('allowed_nets', set())):
irc.error('Access denied (target channel is not open to links).') irc.error('Access denied (target channel is not open to links).')
return return
for link in entry['links']: for link in entry['links']:
@ -2433,12 +2435,16 @@ linked = utils.add_cmd(linked, featured=True)
@utils.add_cmd @utils.add_cmd
def linkacl(irc, source, args): def linkacl(irc, source, args):
"""ALLOW|DENY|LIST <channel> <remotenet> """ALLOW|DENY <channel> <remotenet> [OR] LIST <channel> [OR] WHITELIST <channel> [true/false]
Allows blocking / unblocking certain networks from linking to a relayed channel, based on a blacklist. Allows managing link access control lists.
LINKACL LIST returns a list of blocked networks for a channel, while the ALLOW and DENY subcommands allow manipulating this blacklist.""" LINKACL LIST returns a list of whitelisted / blacklisted networks for a channel.
missingargs = "Not enough arguments. Needs 2-3: subcommand (ALLOW/DENY/LIST), channel, remote network (for ALLOW/DENY)."
LINKACL ALLOW and DENY allow manipulating the blacklist or whitelist for a channel.
LINKACL WHITELIST allows showing and setting whether the channel uses a blacklist or a whitelist for ACL management."""
missingargs = "Not enough arguments. Needs 2-3: subcommand (ALLOW/DENY/LIST/WHITELIST), channel, remote network (for ALLOW/DENY)."
try: try:
cmd = args[0].lower() cmd = args[0].lower()
@ -2446,16 +2452,42 @@ def linkacl(irc, source, args):
except IndexError: except IndexError:
irc.error(missingargs) irc.error(missingargs)
return return
if not irc.is_channel(channel): if not irc.is_channel(channel):
irc.error('Invalid channel %r.' % channel) irc.error('Invalid channel %r.' % channel)
return return
relay = get_relay(irc, channel) relay = get_relay(irc, channel)
if not relay: if not relay:
irc.error('No such relay %r exists.' % channel) irc.error('No such relay %r exists.' % channel)
return return
entry = db[relay]
whitelist = entry.get('use_whitelist', False)
if cmd == 'list': if cmd == 'list':
permissions.check_permissions(irc, source, ['relay.linkacl.view']) permissions.check_permissions(irc, source, ['relay.linkacl.view'])
s = 'Blocked networks for \x02%s\x02: \x02%s\x02' % (channel, ', '.join(db[relay]['blocked_nets']) or '(empty)') if whitelist:
s = 'Whitelisted networks for \x02%s\x02: \x02%s\x02' % (channel, ', '.join(entry['allowed_nets']) or '(empty)')
else:
s = 'Blocked networks for \x02%s\x02: \x02%s\x02' % (channel, ', '.join(entry.get('blocked_nets', set())) or '(empty)')
irc.reply(s)
return
elif cmd == 'whitelist':
s = 'Whitelist mode is currently \x02%s\x02 on \x02%s\x02.' % ('enabled' if whitelist else 'disabled', channel)
if len(args) >= 3:
setting = args[2].lower()
if setting in ('y', 'yes', 'true', '1', 'on'):
entry['use_whitelist'] = True
irc.reply('Done. Whitelist mode \x02enabled\x02 on \x02%r\x02.' % channel)
return
elif setting in ('n', 'np', 'false', '0', 'off'):
entry['use_whitelist'] = False
irc.reply('Done. Whitelist mode \x02disabled\x02 on \x02%s\x02.' % channel)
return
else:
irc.reply('Unknown option %r. %s' % (setting, s))
return
irc.reply(s) irc.reply(s)
return return
@ -2465,15 +2497,33 @@ def linkacl(irc, source, args):
except IndexError: except IndexError:
irc.error(missingargs) irc.error(missingargs)
return return
if cmd == 'deny': if cmd == 'deny':
if whitelist:
# In whitelist mode, DENY *removes* from the whitelist
try:
db[relay]['allowed_nets'].remove(remotenet)
except KeyError:
irc.error('Network %r is not on the whitelist for %r.' % (remotenet, channel))
return
else:
# In blacklist mode, DENY *adds* to the blacklist
db[relay]['blocked_nets'].add(remotenet) db[relay]['blocked_nets'].add(remotenet)
irc.reply('Done.') irc.reply('Done.')
elif cmd == 'allow': elif cmd == 'allow':
if whitelist:
# In whitelist mode, ALLOW *adds* to the whitelist
if 'allowed_nets' not in entry: # Upgrading from < 2.0-alpha4
entry['allowed_nets'] = set()
db[relay]['allowed_nets'].add(remotenet)
else:
# In blacklist mode, ALLOW *removes* from the blacklist
try: try:
db[relay]['blocked_nets'].remove(remotenet) db[relay]['blocked_nets'].remove(remotenet)
except KeyError: except KeyError:
irc.error('Network %r is not on the blacklist for %r.' % (remotenet, channel)) irc.error('Network %r is not on the blacklist for %r.' % (remotenet, channel))
else: return
irc.reply('Done.') irc.reply('Done.')
else: else:
irc.error('Unknown subcommand %r: valid ones are ALLOW, DENY, and LIST.' % cmd) irc.error('Unknown subcommand %r: valid ones are ALLOW, DENY, and LIST.' % cmd)