3
0
mirror of https://github.com/ergochat/ergo.git synced 2025-01-21 01:34:20 +01:00
Add require-sasl support to KLINE / UBAN on NUH masks
This commit is contained in:
Shivaram Lingamneni 2025-01-13 19:20:47 -08:00 committed by GitHub
parent 36e5451aa5
commit 21ee867ebb
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 11 additions and 9 deletions

View File

@ -1637,7 +1637,7 @@ func klineHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
// get comment(s)
reason, operReason := getReasonsFromParams(msg.Params, currentArg)
err = server.klines.AddMask(mask, duration, reason, operReason, operName)
err = server.klines.AddMask(mask, duration, false, reason, operReason, operName)
if err != nil {
rb.Notice(fmt.Sprintf(client.t("Could not successfully save new K-LINE: %s"), err.Error()))
return false

View File

@ -66,11 +66,12 @@ func (km *KLineManager) AllBans() map[string]IPBanInfo {
}
// AddMask adds to the blocked list.
func (km *KLineManager) AddMask(mask string, duration time.Duration, reason, operReason, operName string) error {
func (km *KLineManager) AddMask(mask string, duration time.Duration, requireSASL bool, reason, operReason, operName string) error {
km.persistenceMutex.Lock()
defer km.persistenceMutex.Unlock()
info := IPBanInfo{
RequireSASL: requireSASL,
Reason: reason,
OperReason: operReason,
OperName: operName,
@ -208,13 +209,14 @@ func (km *KLineManager) CheckMasks(masks ...string) (isBanned bool, info IPBanIn
for _, entryInfo := range km.entries {
for _, mask := range masks {
if entryInfo.Matcher.MatchString(mask) {
return true, entryInfo.Info
// apply the most stringent ban (unconditional bans override require-sasl)
if !isBanned || info.RequireSASL {
isBanned, info = true, entryInfo.Info
}
}
}
}
// no matches!
isBanned = false
return
}

View File

@ -428,7 +428,7 @@ func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
// check KLINEs (#671: ignore KLINEs for loopback connections)
if !session.IP().IsLoopback() || session.isTor {
isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...)
if isBanned {
if isBanned && !(info.RequireSASL && session.client.Account() != "") {
c.setKlined()
c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil)
server.logger.Info("connect", session.connID, "Client rejected by k-line", c.NickMaskString())

View File

@ -163,7 +163,7 @@ func ubanAddHandler(client *Client, target ubanTarget, params []string, rb *Resp
case ubanCIDR:
err = ubanAddCIDR(client, target, duration, requireSASL, operReason, rb)
case ubanNickmask:
err = ubanAddNickmask(client, target, duration, operReason, rb)
err = ubanAddNickmask(client, target, duration, requireSASL, operReason, rb)
case ubanNick:
err = ubanAddAccount(client, target, duration, operReason, rb)
}
@ -242,8 +242,8 @@ func ubanAddCIDR(client *Client, target ubanTarget, duration time.Duration, requ
return
}
func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, operReason string, rb *ResponseBuffer) (err error) {
err = client.server.klines.AddMask(target.nickOrMask, duration, "", operReason, client.Oper().Name)
func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, requireSASL bool, operReason string, rb *ResponseBuffer) (err error) {
err = client.server.klines.AddMask(target.nickOrMask, duration, requireSASL, "", operReason, client.Oper().Name)
if err == nil {
rb.Notice(fmt.Sprintf(client.t("Successfully added UBAN for %s"), target.nickOrMask))
} else {