3
0
mirror of https://github.com/ergochat/ergo.git synced 2025-01-21 09:44:21 +01:00
Add require-sasl support to KLINE / UBAN on NUH masks
This commit is contained in:
Shivaram Lingamneni 2025-01-13 19:20:47 -08:00 committed by GitHub
parent 36e5451aa5
commit 21ee867ebb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 11 additions and 9 deletions

View File

@ -1637,7 +1637,7 @@ func klineHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
// get comment(s) // get comment(s)
reason, operReason := getReasonsFromParams(msg.Params, currentArg) reason, operReason := getReasonsFromParams(msg.Params, currentArg)
err = server.klines.AddMask(mask, duration, reason, operReason, operName) err = server.klines.AddMask(mask, duration, false, reason, operReason, operName)
if err != nil { if err != nil {
rb.Notice(fmt.Sprintf(client.t("Could not successfully save new K-LINE: %s"), err.Error())) rb.Notice(fmt.Sprintf(client.t("Could not successfully save new K-LINE: %s"), err.Error()))
return false return false

View File

@ -66,11 +66,12 @@ func (km *KLineManager) AllBans() map[string]IPBanInfo {
} }
// AddMask adds to the blocked list. // AddMask adds to the blocked list.
func (km *KLineManager) AddMask(mask string, duration time.Duration, reason, operReason, operName string) error { func (km *KLineManager) AddMask(mask string, duration time.Duration, requireSASL bool, reason, operReason, operName string) error {
km.persistenceMutex.Lock() km.persistenceMutex.Lock()
defer km.persistenceMutex.Unlock() defer km.persistenceMutex.Unlock()
info := IPBanInfo{ info := IPBanInfo{
RequireSASL: requireSASL,
Reason: reason, Reason: reason,
OperReason: operReason, OperReason: operReason,
OperName: operName, OperName: operName,
@ -208,13 +209,14 @@ func (km *KLineManager) CheckMasks(masks ...string) (isBanned bool, info IPBanIn
for _, entryInfo := range km.entries { for _, entryInfo := range km.entries {
for _, mask := range masks { for _, mask := range masks {
if entryInfo.Matcher.MatchString(mask) { if entryInfo.Matcher.MatchString(mask) {
return true, entryInfo.Info // apply the most stringent ban (unconditional bans override require-sasl)
if !isBanned || info.RequireSASL {
isBanned, info = true, entryInfo.Info
}
} }
} }
} }
// no matches!
isBanned = false
return return
} }

View File

@ -428,7 +428,7 @@ func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
// check KLINEs (#671: ignore KLINEs for loopback connections) // check KLINEs (#671: ignore KLINEs for loopback connections)
if !session.IP().IsLoopback() || session.isTor { if !session.IP().IsLoopback() || session.isTor {
isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...) isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...)
if isBanned { if isBanned && !(info.RequireSASL && session.client.Account() != "") {
c.setKlined() c.setKlined()
c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil) c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil)
server.logger.Info("connect", session.connID, "Client rejected by k-line", c.NickMaskString()) server.logger.Info("connect", session.connID, "Client rejected by k-line", c.NickMaskString())

View File

@ -163,7 +163,7 @@ func ubanAddHandler(client *Client, target ubanTarget, params []string, rb *Resp
case ubanCIDR: case ubanCIDR:
err = ubanAddCIDR(client, target, duration, requireSASL, operReason, rb) err = ubanAddCIDR(client, target, duration, requireSASL, operReason, rb)
case ubanNickmask: case ubanNickmask:
err = ubanAddNickmask(client, target, duration, operReason, rb) err = ubanAddNickmask(client, target, duration, requireSASL, operReason, rb)
case ubanNick: case ubanNick:
err = ubanAddAccount(client, target, duration, operReason, rb) err = ubanAddAccount(client, target, duration, operReason, rb)
} }
@ -242,8 +242,8 @@ func ubanAddCIDR(client *Client, target ubanTarget, duration time.Duration, requ
return return
} }
func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, operReason string, rb *ResponseBuffer) (err error) { func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, requireSASL bool, operReason string, rb *ResponseBuffer) (err error) {
err = client.server.klines.AddMask(target.nickOrMask, duration, "", operReason, client.Oper().Name) err = client.server.klines.AddMask(target.nickOrMask, duration, requireSASL, "", operReason, client.Oper().Name)
if err == nil { if err == nil {
rb.Notice(fmt.Sprintf(client.t("Successfully added UBAN for %s"), target.nickOrMask)) rb.Notice(fmt.Sprintf(client.t("Successfully added UBAN for %s"), target.nickOrMask))
} else { } else {