}
sub cmd {
- my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) =
- ( $_[KERNEL], $_[HEAP], $_[ARG0], $_[ARG1], $_[ARG2], $_[ARG3], $_[ARG4] );
+ my( $kernel, $heap, $who, $what, $src, $dest, $replypath, $trusted ) =
+ ( $_[KERNEL], $_[HEAP], $_[ARG0], $_[ARG1], $_[ARG2], $_[ARG3], $_[ARG4], $_[ARG5] );
$what =~ s/^[~]//;
my( $cmd, $subj ) = ( split( / /, $what, 2 ) );
$subj = "" unless $subj;
$cmd = substr( $cmd, 1 );
}
+ if( $Destult::config{ 'SECURITY' } =~ /high/i &&
+ !exists $heap->{ 'identified' }->{ $src.uc( $who ) } &&
+ $cmd !~ /identify|register/i ) {
+ $kernel->post( $src,
+ $replypath,
+ "$who: Destult is operating in high security mode; all use must be from identified users. Please REGISTER and then IDENTIFY.",
+ { dest=>$dest, src=>$who, no_throttle=>$no_throttle }
+ );
+ return;
+ }
+
if( exists( $heap->{ 'commands' }->{ uc( $cmd ) } ) ) {
+ if( ( $Destult::config{ 'SECURITY' } =~ /high/i ||
+ exists $heap->{ 'cmdaccess' }->{ uc( $cmd ) } ) && !$trusted ) {
+ $kernel->post( $src,
+ $replypath,
+ "$who: Use of access-controled commands is not allowed from untrusted sources.",
+ { dest=>$dest, src=>$who, no_throttle=>$no_throttle }
+ );
+ return;
+ }
if( !exists $heap->{ 'cmdaccess' }->{ uc( $cmd ) } || (
exists $heap->{ 'identified' }->{ $src.uc( $who ) } &&
accessLevel( $kernel, $heap, uc( $who ), $src ) >= $heap->{ 'cmdaccess' }->{ uc( $cmd ) } ) ) {
return $access->{ uc( $whom ) };
} elsif( substr( $access->{ uc( $whom ) }, 0, 1 ) eq "~" ) {
print( "ACC: $whom -> ".substr( $access->{ uc( $whom ) }, 1 ), "\n" );
- $visited->{ uc( $whom ) } = 1;
- return access2( $access, substr( $access->{ uc( $whom ) }, 1 ), $visited );
+ if( exists $visited->{ uc( $whom ) } ) {
+ print( "ACC: Redirection loop; aborting.\n" );
+ return 0;
+ } else {
+ $visited->{ uc( $whom ) } = 1;
+ return access2( $access, substr( $access->{ uc( $whom ) }, 1 ), $visited );
+ }
}
}
print( "ACC: $whom has no access.\n" );
# This is called whenever a public message is received, from any source. In the future,
# this should check for hooks stored on the heap. TODO.
sub on_public {
- my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) = @_[ KERNEL, HEAP, ARG0, ARG1, ARG2, ARG3, ARG4 ];
+ my( $kernel, $heap, $who, $what, $src, $dest, $replypath, $trusted ) = @_[ KERNEL, HEAP, ARG0, ARG1, ARG2, ARG3, ARG4, ARG5 ];
$kernel->yield( "seen", $who, $what, $src, $dest, $replypath );
my $cmd = ( split( / /, $what, 2 ) )[0];
# Check for the presence of a command
if( $cmd =~ /^~.*/ ) {
- $kernel->yield( "cmd", $who, $what, $src, $dest, $replypath );
+ $kernel->yield( "cmd", $who, $what, $src, $dest, $replypath, $trusted );
} else {
# Handle URLs
# TODO: Find a new place to put trap config
if( $what =~ m!(https?://[^[:space:]]+)!i ) {
print( "IRC : URL Trapped: '$1' from $who\n" );
my $url = $1;
- $kernel->yield( "cmd", $who, "TITLE $url", $src, $dest, $replypath );
+ $kernel->yield( "cmd", $who, "TITLE $url", $src, $dest, $replypath, $trusted );
}
# Handle Karma
if( $what =~ m/^([^ ]+)--$/ ) {
- $kernel->yield( "cmd", $who, "KARMADOWN $1", $src, $dest, $replypath );
+ $kernel->yield( "cmd", $who, "KARMADOWN $1", $src, $dest, $replypath, $trusted );
} elsif( $what =~ m/^([^ ]+)\+\+$/ && $what !~ m/DC\+\+$/i ) {
- $kernel->yield( "cmd", $who, "KARMAUP $1", $src, $dest, $replypath );
+ $kernel->yield( "cmd", $who, "KARMAUP $1", $src, $dest, $replypath, $trusted );
}
}
}
projects / destult.git / commitdiff