3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-01 17:29:21 +01:00

Allow limiting login blocks to opers & certain hosts

Closes #502.

(backported from commit f439267129)

This also fixes the previous commit "Allow specifying login blocks that are local to certain networks" for 1.3.
This commit is contained in:
James Lu 2018-03-30 11:30:26 -07:00
parent c5970ba26d
commit 79143a1e40
2 changed files with 20 additions and 1 deletions

View File

@ -18,10 +18,22 @@ def _login(irc, source, username):
logindata = conf.conf['login'].get('accounts', {}).get(username, {}) logindata = conf.conf['login'].get('accounts', {}).get(username, {})
network_filter = logindata.get('networks') network_filter = logindata.get('networks')
require_oper = logindata.get('require_oper', False)
hosts_filter = logindata.get('hosts', [])
if network_filter and irc.name not in network_filter: if network_filter and irc.name not in network_filter:
irc.error("You are not authorized to log in to %r on this network." % username) irc.error("You are not authorized to log in to %r on this network." % username)
log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.get_hostmask(source), ', '.join(network_filter), irc.name) log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.getHostmask(source), ', '.join(network_filter), irc.name)
return
elif require_oper and not irc.isOper(source, allowAuthed=False):
irc.error("You must be opered up to log in to %r." % username)
log.warning("(%s) Failed login to %r from %s (needs oper)", irc.name, username, irc.getHostmask(source))
return
elif hosts_filter and not any(irc.matchHost(host, source) for host in hosts_filter):
irc.error("Failed to log in to %r: hostname mismatch." % username)
log.warning("(%s) Failed login to %r from %s (hostname mismatch)", irc.name, username, irc.getHostmask(source))
return return
irc.users[source].account = username irc.users[source].account = username

View File

@ -95,6 +95,13 @@ login:
# Optional: allows limiting this login to users from certain networks only (case sensitive). # Optional: allows limiting this login to users from certain networks only (case sensitive).
#networks: ["network1", "network2"] #networks: ["network1", "network2"]
# Optional: allows limiting this login to opered users
#require_oper: false
# Optional: requires the user to match any of the following hosts. Extended targets
# are supported here as well.
#hosts: ["*!*@localhost", "*!*@trusted.isp"]
permissions: permissions:
# Permissions are described in more detail in example-permissions.yml, if you want to # Permissions are described in more detail in example-permissions.yml, if you want to
# customize permissions further. # customize permissions further.