Project

General

Profile

Actions

Idea-acl » History » Revision 1

Revision 1/5 | Next »
David Demelier, 01/08/2019 12:40 PM


Idea: RPC

  • Impact : irccd (rules mostly)
  • Status : draft
  • Target version : 3.1.0

Background

At the time of writing, irccd has no support to authenticate users and trust them. This prevents creation of "super" plugins like operator to kick, ban someone. It also prevents additional rules based on trusted users.

Synopsis

The idea is to implement a mechanism where users are able to send a special command to irccd to authenticate itself. Then irccd will remember I'm authenticated.

Proposed configuration

We add a new [acl] section which consists of a triplet nickname/mask/password. Only password is required, setting other information improve the security attempts. If multiple passwords are wanted, it's possible to add a prefix which is only there as informative group.

[acl]
#
# With this, everybody can authenticate with password "bonjour" 
#
all.password = "bonjour" 

#
# With this, only a nickname "jean" can authenticate with "au-revoir" 
#
jean.nickname = "jean" 
jean.password = "au-revoir" 

#
# With this, only a nickname "francis" with a mask "unaffiliated/francis" can authenticate with "wonderful" 
#
francis.nickname = "francis" 
francis.hostname = "unaffiliated/francis" 
francis.password = "wonderful" 

Proposed rule change

In the rule section, it will be possible to filter (un)authenticated user. I propose to add @ as origin suffix to mark a user as authenticated.

For this example, we will disable the plugin "reboot" and enable it only for user francis as authenticated.

[rule]
plugins = "reboot" 
action = drop

[rule]
plugins = "reboot" 
origins = "francis@" 
action = accept

Proposal API support

To be defined.

Updated by David Demelier about 1 year ago · 1 revisions