From 79143a1e40ad4d9bafa0986f27a3ab6111daf137 Mon Sep 17 00:00:00 2001
From: James Lu <james@overdrivenetworks.com>
Date: Fri, 30 Mar 2018 11:30:26 -0700
Subject: [PATCH] Allow limiting login blocks to opers & certain hosts

Closes #502.

(backported from commit f439267129f88b8bd6f52f6b80483cf1d7853762)

This also fixes the previous commit "Allow specifying login blocks that are local to certain networks" for 1.3.
---
 coremods/corecommands.py | 14 +++++++++++++-
 example-conf.yml         |  7 +++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/coremods/corecommands.py b/coremods/corecommands.py
index 0c30d9f..3ad01d7 100644
--- a/coremods/corecommands.py
+++ b/coremods/corecommands.py
@@ -18,10 +18,22 @@ def _login(irc, source, username):
 
     logindata = conf.conf['login'].get('accounts', {}).get(username, {})
     network_filter = logindata.get('networks')
+    require_oper = logindata.get('require_oper', False)
+    hosts_filter = logindata.get('hosts', [])
 
     if network_filter and irc.name not in network_filter:
         irc.error("You are not authorized to log in to %r on this network." % username)
-        log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.get_hostmask(source), ', '.join(network_filter), irc.name)
+        log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.getHostmask(source), ', '.join(network_filter), irc.name)
+        return
+
+    elif require_oper and not irc.isOper(source, allowAuthed=False):
+        irc.error("You must be opered up to log in to %r." % username)
+        log.warning("(%s) Failed login to %r from %s (needs oper)", irc.name, username, irc.getHostmask(source))
+        return
+
+    elif hosts_filter and not any(irc.matchHost(host, source) for host in hosts_filter):
+        irc.error("Failed to log in to %r: hostname mismatch." % username)
+        log.warning("(%s) Failed login to %r from %s (hostname mismatch)", irc.name, username, irc.getHostmask(source))
         return
 
     irc.users[source].account = username
diff --git a/example-conf.yml b/example-conf.yml
index 9f27718..393a0d0 100644
--- a/example-conf.yml
+++ b/example-conf.yml
@@ -95,6 +95,13 @@ login:
             # Optional: allows limiting this login to users from certain networks only (case sensitive).
             #networks: ["network1", "network2"]
 
+            # Optional: allows limiting this login to opered users
+            #require_oper: false
+
+            # Optional: requires the user to match any of the following hosts. Extended targets
+            # are supported here as well.
+            #hosts: ["*!*@localhost", "*!*@trusted.isp"]
+
 permissions:
     # Permissions are described in more detail in example-permissions.yml, if you want to
     # customize permissions further.