Project

General

Profile

Idea-acl » History » Version 1

David Demelier, 01/08/2019 12:40 PM

1 1 David Demelier
h1. Idea: RPC
2
3
* *Impact* : irccd (rules mostly)
4
* *Status* : draft
5
* *Target version* : 3.1.0
6
7
h1. Background
8
9
At the time of writing, irccd has no support to authenticate users and trust them. This prevents creation of "super" plugins like operator to kick, ban someone. It also prevents additional rules based on trusted users.
10
11
h1. Synopsis
12
13
The idea is to implement a mechanism where users are able to send a special command to irccd to authenticate itself. Then irccd will remember I'm authenticated.
14
15
h1. Proposed configuration
16
17
We add a new [acl] section which consists of a triplet nickname/mask/password. Only password is required, setting other information improve the security attempts. If multiple passwords are wanted, it's possible to add a prefix which is only there as informative group.
18
19
<pre><code class="ini">
20
[acl]
21
#
22
# With this, everybody can authenticate with password "bonjour"
23
#
24
all.password = "bonjour"
25
26
#
27
# With this, only a nickname "jean" can authenticate with "au-revoir"
28
#
29
jean.nickname = "jean"
30
jean.password = "au-revoir"
31
32
#
33
# With this, only a nickname "francis" with a mask "unaffiliated/francis" can authenticate with "wonderful"
34
#
35
francis.nickname = "francis"
36
francis.hostname = "unaffiliated/francis"
37
francis.password = "wonderful"
38
</code></pre>
39
40
h1. Proposed rule change
41
42
In the rule section, it will be possible to filter (un)authenticated user. I propose to add @ as origin suffix to mark a user as authenticated.
43
44
For this example, we will disable the plugin "reboot" and enable it *only* for user francis as authenticated.
45
46
<pre><code class="ini">
47
[rule]
48
plugins = "reboot"
49
action = drop
50
51
[rule]
52
plugins = "reboot"
53
origins = "francis@"
54
action = accept
55
</code></pre>
56
57
h1. Proposal API support
58
59
To be defined.