3
0
mirror of https://github.com/jlu5/PyLink.git synced 2024-11-23 19:19:31 +01:00

Allow limiting login blocks to opers & certain hosts

Closes #502.
This commit is contained in:
James Lu 2017-08-07 21:44:15 -07:00
parent 716bb6da5e
commit f439267129
2 changed files with 19 additions and 0 deletions

View File

@ -22,12 +22,24 @@ def _login(irc, source, username):
logindata = conf.conf['login'].get('accounts', {}).get(username, {})
network_filter = logindata.get('networks')
require_oper = logindata.get('require_oper', False)
hosts_filter = logindata.get('hosts', [])
if network_filter and irc.name not in network_filter:
irc.error("You are not authorized to log in to %r on this network." % username)
log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.get_hostmask(source), ', '.join(network_filter), irc.name)
return
elif require_oper and not irc.is_oper(source, allowAuthed=False):
irc.error("You must be opered up to log in to %r." % username)
log.warning("(%s) Failed login to %r from %s (needs oper)", irc.name, username, irc.get_hostmask(source))
return
elif hosts_filter and not any(irc.match_host(host, source) for host in hosts_filter):
irc.error("Failed to log in to %r: hostname mismatch." % username)
log.warning("(%s) Failed login to %r from %s (hostname mismatch)", irc.name, username, irc.get_hostmask(source))
return
irc.users[source].account = username
irc.reply('Successfully logged in as %s.' % username)
log.info("(%s) Successful login to %r by %s",

View File

@ -95,6 +95,13 @@ login:
# Optional: allows limiting this login to users from certain networks only (case sensitive).
#networks: ["network1", "network2"]
# Optional: allows limiting this login to opered users
#require_oper: false
# Optional: requires the user to match any of the following hosts. Extended targets
# are supported here as well.
#hosts: ["*!*@localhost", "*!*@trusted.isp"]
permissions:
# Permissions are described in more detail in example-permissions.yml, if you want to
# customize permissions further.