diff --git a/coremods/corecommands.py b/coremods/corecommands.py index b73d390..5e6361f 100644 --- a/coremods/corecommands.py +++ b/coremods/corecommands.py @@ -22,12 +22,24 @@ def _login(irc, source, username): logindata = conf.conf['login'].get('accounts', {}).get(username, {}) network_filter = logindata.get('networks') + require_oper = logindata.get('require_oper', False) + hosts_filter = logindata.get('hosts', []) if network_filter and irc.name not in network_filter: irc.error("You are not authorized to log in to %r on this network." % username) log.warning("(%s) Failed login to %r from %s (wrong network: networks filter says %r but we got %r)", irc.name, username, irc.get_hostmask(source), ', '.join(network_filter), irc.name) return + elif require_oper and not irc.is_oper(source, allowAuthed=False): + irc.error("You must be opered up to log in to %r." % username) + log.warning("(%s) Failed login to %r from %s (needs oper)", irc.name, username, irc.get_hostmask(source)) + return + + elif hosts_filter and not any(irc.match_host(host, source) for host in hosts_filter): + irc.error("Failed to log in to %r: hostname mismatch." % username) + log.warning("(%s) Failed login to %r from %s (hostname mismatch)", irc.name, username, irc.get_hostmask(source)) + return + irc.users[source].account = username irc.reply('Successfully logged in as %s.' % username) log.info("(%s) Successful login to %r by %s", diff --git a/example-conf.yml b/example-conf.yml index e3966d8..5a8397e 100644 --- a/example-conf.yml +++ b/example-conf.yml @@ -95,6 +95,13 @@ login: # Optional: allows limiting this login to users from certain networks only (case sensitive). #networks: ["network1", "network2"] + # Optional: allows limiting this login to opered users + #require_oper: false + + # Optional: requires the user to match any of the following hosts. Extended targets + # are supported here as well. + #hosts: ["*!*@localhost", "*!*@trusted.isp"] + permissions: # Permissions are described in more detail in example-permissions.yml, if you want to # customize permissions further.