Project

General

Profile

Actions
History

Wiki »

Idea: ACL

  • Impact : irccd (rules mostly)
  • Status : draft
  • Target version : 3.1.0

Background

At the time of writing, irccd has no support to authenticate users and trust them. This prevents creation of "super" plugins like operator to kick, ban someone. It also prevents additional rules based on trusted users.

Synopsis

The idea is to implement a mechanism where users are able to send a special command to irccd to authenticate itself. Then irccd will remember I'm authenticated.

Proposed configuration

We add a new [acl] section which consists of a triplet nickname/mask/password. Only password is required, setting other information improve the security attempts. If multiple passwords are wanted, it's possible to add a prefix which is only there as informative group.

[acl]
#
# With this, everybody can authenticate with password "bonjour" 
#
all.password = "bonjour" 

#
# With this, only a nickname "jean" can authenticate with "au-revoir" 
#
jean.nickname = "jean" 
jean.password = "au-revoir" 

#
# With this, only a nickname "francis" with a mask "unaffiliated/francis" can authenticate with "wonderful" 
#
francis.nickname = "francis" 
francis.hostname = "unaffiliated/francis" 
francis.password = "wonderful"

Proposed rule change

In the rule section, it will be possible to filter (un)authenticated user. I propose to add @ as origin suffix to mark a user as authenticated.

For this example, we will disable the plugin "reboot" and enable it only for user francis as authenticated.

[rule]
plugins = "reboot" 
action = drop

[rule]
plugins = "reboot" 
origins = "francis@" 
action = accept

Proposal authentication message

To avoid interaction with plugins, when user wants to authenticate to irccd it can use a special command scheme in the form of __command__. I also propose to implement them as notices as it's not commonly used.

  • /notice irccd __authenticate__ bonjour
  • irccd answers either successful or error.

Problems

  • How to handle spoofing?
    • Solution 1: authentication must be done within a channel and required for every channel. Then PART/KICK of this person removes the authentication bit.

Proposal API support

To be defined.

Updated by David Demelier over 3 years ago · 5 revisions