Idea-acl » History » Revision 1

Revision 1/5 | Next »
David Demelier, 01/08/2019 12:40 PM

Idea: RPC

  • Impact : irccd (rules mostly)
  • Status : draft
  • Target version : 3.1.0


At the time of writing, irccd has no support to authenticate users and trust them. This prevents creation of "super" plugins like operator to kick, ban someone. It also prevents additional rules based on trusted users.


The idea is to implement a mechanism where users are able to send a special command to irccd to authenticate itself. Then irccd will remember I'm authenticated.

Proposed configuration

We add a new [acl] section which consists of a triplet nickname/mask/password. Only password is required, setting other information improve the security attempts. If multiple passwords are wanted, it's possible to add a prefix which is only there as informative group.

# With this, everybody can authenticate with password "bonjour" 
all.password = "bonjour" 

# With this, only a nickname "jean" can authenticate with "au-revoir" 
jean.nickname = "jean" 
jean.password = "au-revoir" 

# With this, only a nickname "francis" with a mask "unaffiliated/francis" can authenticate with "wonderful" 
francis.nickname = "francis" 
francis.hostname = "unaffiliated/francis" 
francis.password = "wonderful" 

Proposed rule change

In the rule section, it will be possible to filter (un)authenticated user. I propose to add @ as origin suffix to mark a user as authenticated.

For this example, we will disable the plugin "reboot" and enable it only for user francis as authenticated.

plugins = "reboot" 
action = drop

plugins = "reboot" 
origins = "francis@" 
action = accept

Proposal API support

To be defined.

Updated by David Demelier over 1 year ago · 1 revisions