Merge pull request #28 from klondi/unrestricted_users
Allow unrestricted users on uhub
This commit is contained in:
commit
dc80644471
|
@ -159,6 +159,7 @@ typedef uint32_t fourcc_t;
|
||||||
#define ADC_CLIENT_TYPE_BOT "1"
|
#define ADC_CLIENT_TYPE_BOT "1"
|
||||||
#define ADC_CLIENT_TYPE_REGISTERED_USER "2"
|
#define ADC_CLIENT_TYPE_REGISTERED_USER "2"
|
||||||
#define ADC_CLIENT_TYPE_OPERATOR "4"
|
#define ADC_CLIENT_TYPE_OPERATOR "4"
|
||||||
|
#define ADC_CLIENT_TYPE_HUBBOT "5" /* 1 + 4 */
|
||||||
#define ADC_CLIENT_TYPE_SUPER_USER "12" /* 8 + 4 */
|
#define ADC_CLIENT_TYPE_SUPER_USER "12" /* 8 + 4 */
|
||||||
#define ADC_CLIENT_TYPE_ADMIN "20" /* 16 + 4 = hub owner */
|
#define ADC_CLIENT_TYPE_ADMIN "20" /* 16 + 4 = hub owner */
|
||||||
#define ADC_CLIENT_TYPE_HUB "32" /* the hub itself */
|
#define ADC_CLIENT_TYPE_HUB "32" /* the hub itself */
|
||||||
|
|
|
@ -310,7 +310,7 @@ struct adc_message* adc_msg_parse_verify(struct hub_user* u, const char* line, s
|
||||||
if (!command)
|
if (!command)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (command->source && (!u || command->source != u->id.sid))
|
if (command->source && (!u || (command->source != u->id.sid && !auth_cred_is_unrestricted(u->credentials))))
|
||||||
{
|
{
|
||||||
LOG_DEBUG("Command does not match user's SID (command->source=%d, user->id.sid=%d)", command->source, (u ? u->id.sid : 0));
|
LOG_DEBUG("Command does not match user's SID (command->source=%d, user->id.sid=%d)", command->source, (u ? u->id.sid : 0));
|
||||||
adc_msg_free(command);
|
adc_msg_free(command);
|
||||||
|
|
|
@ -170,6 +170,9 @@ static int acl_parse_line(char* line, int line_count, void* ptr_data)
|
||||||
LOG_DEBUG("acl_parse_line: '%s'", line);
|
LOG_DEBUG("acl_parse_line: '%s'", line);
|
||||||
|
|
||||||
ACL_ADD_USER("bot", handle->users, auth_cred_bot);
|
ACL_ADD_USER("bot", handle->users, auth_cred_bot);
|
||||||
|
ACL_ADD_USER("ubot", handle->users, auth_cred_ubot);
|
||||||
|
ACL_ADD_USER("opbot", handle->users, auth_cred_opbot);
|
||||||
|
ACL_ADD_USER("opubot", handle->users, auth_cred_opubot);
|
||||||
ACL_ADD_USER("user_admin", handle->users, auth_cred_admin);
|
ACL_ADD_USER("user_admin", handle->users, auth_cred_admin);
|
||||||
ACL_ADD_USER("user_super", handle->users, auth_cred_super);
|
ACL_ADD_USER("user_super", handle->users, auth_cred_super);
|
||||||
ACL_ADD_USER("user_op", handle->users, auth_cred_operator);
|
ACL_ADD_USER("user_op", handle->users, auth_cred_operator);
|
||||||
|
|
|
@ -23,7 +23,7 @@ struct hub_info* g_hub = 0;
|
||||||
|
|
||||||
/* FIXME: Flood control should be done in a plugin! */
|
/* FIXME: Flood control should be done in a plugin! */
|
||||||
#define CHECK_FLOOD(TYPE, WARN) \
|
#define CHECK_FLOOD(TYPE, WARN) \
|
||||||
if (flood_control_check(&u->flood_ ## TYPE , hub->config->flood_ctl_ ## TYPE, hub->config->flood_ctl_interval, net_get_time())) \
|
if (flood_control_check(&u->flood_ ## TYPE , hub->config->flood_ctl_ ## TYPE, hub->config->flood_ctl_interval, net_get_time()) && !auth_cred_is_unrestricted(u->credentials)) \
|
||||||
{ \
|
{ \
|
||||||
if (WARN) \
|
if (WARN) \
|
||||||
{ \
|
{ \
|
||||||
|
|
|
@ -571,6 +571,10 @@ static int set_credentials(struct hub_info* hub, struct hub_user* user, struct a
|
||||||
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT);
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case auth_cred_ubot:
|
||||||
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT);
|
||||||
|
break;
|
||||||
|
|
||||||
case auth_cred_guest:
|
case auth_cred_guest:
|
||||||
/* Nothing to be added to the info message */
|
/* Nothing to be added to the info message */
|
||||||
break;
|
break;
|
||||||
|
@ -583,6 +587,14 @@ static int set_credentials(struct hub_info* hub, struct hub_user* user, struct a
|
||||||
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_OPERATOR);
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_OPERATOR);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case auth_cred_opbot:
|
||||||
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_HUBBOT);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case auth_cred_opubot:
|
||||||
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_HUBBOT);
|
||||||
|
break;
|
||||||
|
|
||||||
case auth_cred_super:
|
case auth_cred_super:
|
||||||
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_SUPER_USER);
|
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_SUPER_USER);
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -101,7 +101,19 @@ static const char* validate_cred(const char* cred_str)
|
||||||
if (!strcmp(cred_str, "user"))
|
if (!strcmp(cred_str, "user"))
|
||||||
return "user";
|
return "user";
|
||||||
|
|
||||||
fprintf(stderr, "Invalid user credentials. Must be one of: 'admin', 'super', 'op' or 'user'\n");
|
if (!strcmp(cred_str, "bot"))
|
||||||
|
return "bot";
|
||||||
|
|
||||||
|
if (!strcmp(cred_str, "ubot"))
|
||||||
|
return "ubot";
|
||||||
|
|
||||||
|
if (!strcmp(cred_str, "opbot"))
|
||||||
|
return "opbot";
|
||||||
|
|
||||||
|
if (!strcmp(cred_str, "opubot"))
|
||||||
|
return "opubot";
|
||||||
|
|
||||||
|
fprintf(stderr, "Invalid user credentials. Must be one of: 'bot', 'ubot', 'opbot', 'opubot', 'admin', 'super', 'op' or 'user'\n");
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,11 +19,33 @@
|
||||||
|
|
||||||
#include "uhub.h"
|
#include "uhub.h"
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns 1 if a user is unrestricted.
|
||||||
|
* Unrestricted users override the limits of flood and can send messages in
|
||||||
|
* the name of other users.
|
||||||
|
* This is useful for amongst other external chatrooms.
|
||||||
|
*/
|
||||||
|
int auth_cred_is_unrestricted(enum auth_credentials cred)
|
||||||
|
{
|
||||||
|
switch (cred)
|
||||||
|
{
|
||||||
|
case auth_cred_ubot:
|
||||||
|
case auth_cred_opubot:
|
||||||
|
return 1;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
int auth_cred_is_protected(enum auth_credentials cred)
|
int auth_cred_is_protected(enum auth_credentials cred)
|
||||||
{
|
{
|
||||||
switch (cred)
|
switch (cred)
|
||||||
{
|
{
|
||||||
case auth_cred_bot:
|
case auth_cred_bot:
|
||||||
|
case auth_cred_ubot:
|
||||||
|
case auth_cred_opbot:
|
||||||
|
case auth_cred_opubot:
|
||||||
case auth_cred_operator:
|
case auth_cred_operator:
|
||||||
case auth_cred_super:
|
case auth_cred_super:
|
||||||
case auth_cred_admin:
|
case auth_cred_admin:
|
||||||
|
@ -45,6 +67,9 @@ int auth_cred_is_registered(enum auth_credentials cred)
|
||||||
switch (cred)
|
switch (cred)
|
||||||
{
|
{
|
||||||
case auth_cred_bot:
|
case auth_cred_bot:
|
||||||
|
case auth_cred_ubot:
|
||||||
|
case auth_cred_opbot:
|
||||||
|
case auth_cred_opubot:
|
||||||
case auth_cred_user:
|
case auth_cred_user:
|
||||||
case auth_cred_operator:
|
case auth_cred_operator:
|
||||||
case auth_cred_super:
|
case auth_cred_super:
|
||||||
|
@ -64,6 +89,9 @@ const char* auth_cred_to_string(enum auth_credentials cred)
|
||||||
{
|
{
|
||||||
case auth_cred_none: return "none";
|
case auth_cred_none: return "none";
|
||||||
case auth_cred_bot: return "bot";
|
case auth_cred_bot: return "bot";
|
||||||
|
case auth_cred_ubot: return "ubot";
|
||||||
|
case auth_cred_opbot: return "opbot";
|
||||||
|
case auth_cred_opubot: return "opubot";
|
||||||
case auth_cred_guest: return "guest";
|
case auth_cred_guest: return "guest";
|
||||||
case auth_cred_user: return "user";
|
case auth_cred_user: return "user";
|
||||||
case auth_cred_operator: return "operator";
|
case auth_cred_operator: return "operator";
|
||||||
|
@ -95,14 +123,20 @@ int auth_string_to_cred(const char* str, enum auth_credentials* out)
|
||||||
if (!strcasecmp(str, "none")) { *out = auth_cred_none; return 1; }
|
if (!strcasecmp(str, "none")) { *out = auth_cred_none; return 1; }
|
||||||
if (!strcasecmp(str, "user")) { *out = auth_cred_user; return 1; }
|
if (!strcasecmp(str, "user")) { *out = auth_cred_user; return 1; }
|
||||||
if (!strcasecmp(str, "link")) { *out = auth_cred_link; return 1; }
|
if (!strcasecmp(str, "link")) { *out = auth_cred_link; return 1; }
|
||||||
|
if (!strcasecmp(str, "ubot")) { *out = auth_cred_ubot; return 1; }
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
case 5:
|
case 5:
|
||||||
if (!strcasecmp(str, "admin")) { *out = auth_cred_admin; return 1; }
|
if (!strcasecmp(str, "admin")) { *out = auth_cred_admin; return 1; }
|
||||||
if (!strcasecmp(str, "super")) { *out = auth_cred_super; return 1; }
|
if (!strcasecmp(str, "super")) { *out = auth_cred_super; return 1; }
|
||||||
|
if (!strcasecmp(str, "opbot")) { *out = auth_cred_opbot; return 1; }
|
||||||
if (!strcasecmp(str, "guest")) { *out = auth_cred_guest; return 1; }
|
if (!strcasecmp(str, "guest")) { *out = auth_cred_guest; return 1; }
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
case 6:
|
||||||
|
if (!strcasecmp(str, "opubot")) { *out = auth_cred_opubot; return 1; }
|
||||||
|
return 0;
|
||||||
|
|
||||||
case 8:
|
case 8:
|
||||||
if (!strcasecmp(str, "operator")) { *out = auth_cred_operator; return 1; }
|
if (!strcasecmp(str, "operator")) { *out = auth_cred_operator; return 1; }
|
||||||
return 0;
|
return 0;
|
||||||
|
|
|
@ -23,15 +23,24 @@
|
||||||
enum auth_credentials
|
enum auth_credentials
|
||||||
{
|
{
|
||||||
auth_cred_none, /**<<< "User has no credentials (not yet logged in)" */
|
auth_cred_none, /**<<< "User has no credentials (not yet logged in)" */
|
||||||
auth_cred_bot, /**<<< "User is a robot" */
|
|
||||||
auth_cred_guest, /**<<< "User is a guest (unregistered user)" */
|
auth_cred_guest, /**<<< "User is a guest (unregistered user)" */
|
||||||
auth_cred_user, /**<<< "User is identified as a registered user" */
|
auth_cred_user, /**<<< "User is identified as a registered user" */
|
||||||
|
auth_cred_bot, /**<<< "User is a robot" */
|
||||||
|
auth_cred_ubot, /**<<< "User is an unrestricted robot" */
|
||||||
auth_cred_operator, /**<<< "User is identified as a hub operator" */
|
auth_cred_operator, /**<<< "User is identified as a hub operator" */
|
||||||
|
auth_cred_opbot, /**<<< "User is a operator robot" */
|
||||||
|
auth_cred_opubot, /**<<< "User is an unrestricted operator robot" */
|
||||||
auth_cred_super, /**<<< "User is a super user" (not used) */
|
auth_cred_super, /**<<< "User is a super user" (not used) */
|
||||||
auth_cred_link, /**<<< "User is a link (not used currently)" */
|
auth_cred_link, /**<<< "User is a link (not used currently)" */
|
||||||
auth_cred_admin, /**<<< "User is identified as a hub administrator/owner" */
|
auth_cred_admin, /**<<< "User is identified as a hub administrator/owner" */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Returns 1 if the credentials means that a user is unrestricted.
|
||||||
|
* Returns 0 otherwise.
|
||||||
|
*/
|
||||||
|
int auth_cred_is_unrestricted(enum auth_credentials cred);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns 1 if the credentials means that a user is protected.
|
* Returns 1 if the credentials means that a user is protected.
|
||||||
* Returns 0 otherwise.
|
* Returns 0 otherwise.
|
||||||
|
|
Loading…
Reference in New Issue