Merge pull request #28 from klondi/unrestricted_users

Allow unrestricted users on uhub
This commit is contained in:
Jan Vidar Krey 2014-12-15 09:36:49 +01:00
commit dc80644471
8 changed files with 78 additions and 7 deletions

View File

@ -159,6 +159,7 @@ typedef uint32_t fourcc_t;
#define ADC_CLIENT_TYPE_BOT "1" #define ADC_CLIENT_TYPE_BOT "1"
#define ADC_CLIENT_TYPE_REGISTERED_USER "2" #define ADC_CLIENT_TYPE_REGISTERED_USER "2"
#define ADC_CLIENT_TYPE_OPERATOR "4" #define ADC_CLIENT_TYPE_OPERATOR "4"
#define ADC_CLIENT_TYPE_HUBBOT "5" /* 1 + 4 */
#define ADC_CLIENT_TYPE_SUPER_USER "12" /* 8 + 4 */ #define ADC_CLIENT_TYPE_SUPER_USER "12" /* 8 + 4 */
#define ADC_CLIENT_TYPE_ADMIN "20" /* 16 + 4 = hub owner */ #define ADC_CLIENT_TYPE_ADMIN "20" /* 16 + 4 = hub owner */
#define ADC_CLIENT_TYPE_HUB "32" /* the hub itself */ #define ADC_CLIENT_TYPE_HUB "32" /* the hub itself */

View File

@ -310,7 +310,7 @@ struct adc_message* adc_msg_parse_verify(struct hub_user* u, const char* line, s
if (!command) if (!command)
return 0; return 0;
if (command->source && (!u || command->source != u->id.sid)) if (command->source && (!u || (command->source != u->id.sid && !auth_cred_is_unrestricted(u->credentials))))
{ {
LOG_DEBUG("Command does not match user's SID (command->source=%d, user->id.sid=%d)", command->source, (u ? u->id.sid : 0)); LOG_DEBUG("Command does not match user's SID (command->source=%d, user->id.sid=%d)", command->source, (u ? u->id.sid : 0));
adc_msg_free(command); adc_msg_free(command);

View File

@ -170,6 +170,9 @@ static int acl_parse_line(char* line, int line_count, void* ptr_data)
LOG_DEBUG("acl_parse_line: '%s'", line); LOG_DEBUG("acl_parse_line: '%s'", line);
ACL_ADD_USER("bot", handle->users, auth_cred_bot); ACL_ADD_USER("bot", handle->users, auth_cred_bot);
ACL_ADD_USER("ubot", handle->users, auth_cred_ubot);
ACL_ADD_USER("opbot", handle->users, auth_cred_opbot);
ACL_ADD_USER("opubot", handle->users, auth_cred_opubot);
ACL_ADD_USER("user_admin", handle->users, auth_cred_admin); ACL_ADD_USER("user_admin", handle->users, auth_cred_admin);
ACL_ADD_USER("user_super", handle->users, auth_cred_super); ACL_ADD_USER("user_super", handle->users, auth_cred_super);
ACL_ADD_USER("user_op", handle->users, auth_cred_operator); ACL_ADD_USER("user_op", handle->users, auth_cred_operator);

View File

@ -23,7 +23,7 @@ struct hub_info* g_hub = 0;
/* FIXME: Flood control should be done in a plugin! */ /* FIXME: Flood control should be done in a plugin! */
#define CHECK_FLOOD(TYPE, WARN) \ #define CHECK_FLOOD(TYPE, WARN) \
if (flood_control_check(&u->flood_ ## TYPE , hub->config->flood_ctl_ ## TYPE, hub->config->flood_ctl_interval, net_get_time())) \ if (flood_control_check(&u->flood_ ## TYPE , hub->config->flood_ctl_ ## TYPE, hub->config->flood_ctl_interval, net_get_time()) && !auth_cred_is_unrestricted(u->credentials)) \
{ \ { \
if (WARN) \ if (WARN) \
{ \ { \

View File

@ -571,6 +571,10 @@ static int set_credentials(struct hub_info* hub, struct hub_user* user, struct a
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT); adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT);
break; break;
case auth_cred_ubot:
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_BOT);
break;
case auth_cred_guest: case auth_cred_guest:
/* Nothing to be added to the info message */ /* Nothing to be added to the info message */
break; break;
@ -583,6 +587,14 @@ static int set_credentials(struct hub_info* hub, struct hub_user* user, struct a
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_OPERATOR); adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_OPERATOR);
break; break;
case auth_cred_opbot:
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_HUBBOT);
break;
case auth_cred_opubot:
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_HUBBOT);
break;
case auth_cred_super: case auth_cred_super:
adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_SUPER_USER); adc_msg_add_argument(cmd, ADC_INF_FLAG_CLIENT_TYPE ADC_CLIENT_TYPE_SUPER_USER);
break; break;

View File

@ -101,7 +101,19 @@ static const char* validate_cred(const char* cred_str)
if (!strcmp(cred_str, "user")) if (!strcmp(cred_str, "user"))
return "user"; return "user";
fprintf(stderr, "Invalid user credentials. Must be one of: 'admin', 'super', 'op' or 'user'\n"); if (!strcmp(cred_str, "bot"))
return "bot";
if (!strcmp(cred_str, "ubot"))
return "ubot";
if (!strcmp(cred_str, "opbot"))
return "opbot";
if (!strcmp(cred_str, "opubot"))
return "opubot";
fprintf(stderr, "Invalid user credentials. Must be one of: 'bot', 'ubot', 'opbot', 'opubot', 'admin', 'super', 'op' or 'user'\n");
exit(1); exit(1);
} }

View File

@ -19,11 +19,33 @@
#include "uhub.h" #include "uhub.h"
/**
* Returns 1 if a user is unrestricted.
* Unrestricted users override the limits of flood and can send messages in
* the name of other users.
* This is useful for amongst other external chatrooms.
*/
int auth_cred_is_unrestricted(enum auth_credentials cred)
{
switch (cred)
{
case auth_cred_ubot:
case auth_cred_opubot:
return 1;
default:
break;
}
return 0;
}
int auth_cred_is_protected(enum auth_credentials cred) int auth_cred_is_protected(enum auth_credentials cred)
{ {
switch (cred) switch (cred)
{ {
case auth_cred_bot: case auth_cred_bot:
case auth_cred_ubot:
case auth_cred_opbot:
case auth_cred_opubot:
case auth_cred_operator: case auth_cred_operator:
case auth_cred_super: case auth_cred_super:
case auth_cred_admin: case auth_cred_admin:
@ -45,6 +67,9 @@ int auth_cred_is_registered(enum auth_credentials cred)
switch (cred) switch (cred)
{ {
case auth_cred_bot: case auth_cred_bot:
case auth_cred_ubot:
case auth_cred_opbot:
case auth_cred_opubot:
case auth_cred_user: case auth_cred_user:
case auth_cred_operator: case auth_cred_operator:
case auth_cred_super: case auth_cred_super:
@ -64,6 +89,9 @@ const char* auth_cred_to_string(enum auth_credentials cred)
{ {
case auth_cred_none: return "none"; case auth_cred_none: return "none";
case auth_cred_bot: return "bot"; case auth_cred_bot: return "bot";
case auth_cred_ubot: return "ubot";
case auth_cred_opbot: return "opbot";
case auth_cred_opubot: return "opubot";
case auth_cred_guest: return "guest"; case auth_cred_guest: return "guest";
case auth_cred_user: return "user"; case auth_cred_user: return "user";
case auth_cred_operator: return "operator"; case auth_cred_operator: return "operator";
@ -95,14 +123,20 @@ int auth_string_to_cred(const char* str, enum auth_credentials* out)
if (!strcasecmp(str, "none")) { *out = auth_cred_none; return 1; } if (!strcasecmp(str, "none")) { *out = auth_cred_none; return 1; }
if (!strcasecmp(str, "user")) { *out = auth_cred_user; return 1; } if (!strcasecmp(str, "user")) { *out = auth_cred_user; return 1; }
if (!strcasecmp(str, "link")) { *out = auth_cred_link; return 1; } if (!strcasecmp(str, "link")) { *out = auth_cred_link; return 1; }
if (!strcasecmp(str, "ubot")) { *out = auth_cred_ubot; return 1; }
return 0; return 0;
case 5: case 5:
if (!strcasecmp(str, "admin")) { *out = auth_cred_admin; return 1; } if (!strcasecmp(str, "admin")) { *out = auth_cred_admin; return 1; }
if (!strcasecmp(str, "super")) { *out = auth_cred_super; return 1; } if (!strcasecmp(str, "super")) { *out = auth_cred_super; return 1; }
if (!strcasecmp(str, "opbot")) { *out = auth_cred_opbot; return 1; }
if (!strcasecmp(str, "guest")) { *out = auth_cred_guest; return 1; } if (!strcasecmp(str, "guest")) { *out = auth_cred_guest; return 1; }
return 0; return 0;
case 6:
if (!strcasecmp(str, "opubot")) { *out = auth_cred_opubot; return 1; }
return 0;
case 8: case 8:
if (!strcasecmp(str, "operator")) { *out = auth_cred_operator; return 1; } if (!strcasecmp(str, "operator")) { *out = auth_cred_operator; return 1; }
return 0; return 0;

View File

@ -23,15 +23,24 @@
enum auth_credentials enum auth_credentials
{ {
auth_cred_none, /**<<< "User has no credentials (not yet logged in)" */ auth_cred_none, /**<<< "User has no credentials (not yet logged in)" */
auth_cred_bot, /**<<< "User is a robot" */
auth_cred_guest, /**<<< "User is a guest (unregistered user)" */ auth_cred_guest, /**<<< "User is a guest (unregistered user)" */
auth_cred_user, /**<<< "User is identified as a registered user" */ auth_cred_user, /**<<< "User is identified as a registered user" */
auth_cred_bot, /**<<< "User is a robot" */
auth_cred_ubot, /**<<< "User is an unrestricted robot" */
auth_cred_operator, /**<<< "User is identified as a hub operator" */ auth_cred_operator, /**<<< "User is identified as a hub operator" */
auth_cred_opbot, /**<<< "User is a operator robot" */
auth_cred_opubot, /**<<< "User is an unrestricted operator robot" */
auth_cred_super, /**<<< "User is a super user" (not used) */ auth_cred_super, /**<<< "User is a super user" (not used) */
auth_cred_link, /**<<< "User is a link (not used currently)" */ auth_cred_link, /**<<< "User is a link (not used currently)" */
auth_cred_admin, /**<<< "User is identified as a hub administrator/owner" */ auth_cred_admin, /**<<< "User is identified as a hub administrator/owner" */
}; };
/**
* Returns 1 if the credentials means that a user is unrestricted.
* Returns 0 otherwise.
*/
int auth_cred_is_unrestricted(enum auth_credentials cred);
/** /**
* Returns 1 if the credentials means that a user is protected. * Returns 1 if the credentials means that a user is protected.
* Returns 0 otherwise. * Returns 0 otherwise.