From: pdbogen Date: Mon, 1 Jun 2009 20:49:03 +0000 (+0000) Subject: Fix the potential for loops in linked nicks. Pass along the 'trusted' bit from the... X-Git-Url: http://git.mmlx.us/?a=commitdiff_plain;h=89572d1a5e707cb7567223d7ef7480fa25cf03ea;p=destult.git Fix the potential for loops in linked nicks. Pass along the 'trusted' bit from the IRC module, where appropriate. Utilize it to reject access to commands requiring authentication if the nick cannot be trusted. Additionally, add a 'high security' mode where all use must originate from identified users. git-svn-id: https://www.cernu.us/~pdbogen/svn/destult2@95 088b83a4-0077-4247-935c-42ec02c2848b --- diff --git a/core.pl b/core.pl index 8923ba9..3fc4042 100644 --- a/core.pl +++ b/core.pl @@ -127,8 +127,8 @@ sub on_start { } sub cmd { - my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) = - ( $_[KERNEL], $_[HEAP], $_[ARG0], $_[ARG1], $_[ARG2], $_[ARG3], $_[ARG4] ); + my( $kernel, $heap, $who, $what, $src, $dest, $replypath, $trusted ) = + ( $_[KERNEL], $_[HEAP], $_[ARG0], $_[ARG1], $_[ARG2], $_[ARG3], $_[ARG4], $_[ARG5] ); $what =~ s/^[~]//; my( $cmd, $subj ) = ( split( / /, $what, 2 ) ); $subj = "" unless $subj; @@ -151,7 +151,27 @@ sub cmd { $cmd = substr( $cmd, 1 ); } + if( $Destult::config{ 'SECURITY' } =~ /high/i && + !exists $heap->{ 'identified' }->{ $src.uc( $who ) } && + $cmd !~ /identify|register/i ) { + $kernel->post( $src, + $replypath, + "$who: Destult is operating in high security mode; all use must be from identified users. Please REGISTER and then IDENTIFY.", + { dest=>$dest, src=>$who, no_throttle=>$no_throttle } + ); + return; + } + if( exists( $heap->{ 'commands' }->{ uc( $cmd ) } ) ) { + if( ( $Destult::config{ 'SECURITY' } =~ /high/i || + exists $heap->{ 'cmdaccess' }->{ uc( $cmd ) } ) && !$trusted ) { + $kernel->post( $src, + $replypath, + "$who: Use of access-controled commands is not allowed from untrusted sources.", + { dest=>$dest, src=>$who, no_throttle=>$no_throttle } + ); + return; + } if( !exists $heap->{ 'cmdaccess' }->{ uc( $cmd ) } || ( exists $heap->{ 'identified' }->{ $src.uc( $who ) } && accessLevel( $kernel, $heap, uc( $who ), $src ) >= $heap->{ 'cmdaccess' }->{ uc( $cmd ) } ) ) { @@ -184,8 +204,13 @@ sub access2 { return $access->{ uc( $whom ) }; } elsif( substr( $access->{ uc( $whom ) }, 0, 1 ) eq "~" ) { print( "ACC: $whom -> ".substr( $access->{ uc( $whom ) }, 1 ), "\n" ); - $visited->{ uc( $whom ) } = 1; - return access2( $access, substr( $access->{ uc( $whom ) }, 1 ), $visited ); + if( exists $visited->{ uc( $whom ) } ) { + print( "ACC: Redirection loop; aborting.\n" ); + return 0; + } else { + $visited->{ uc( $whom ) } = 1; + return access2( $access, substr( $access->{ uc( $whom ) }, 1 ), $visited ); + } } } print( "ACC: $whom has no access.\n" ); @@ -212,25 +237,25 @@ sub advertise { # This is called whenever a public message is received, from any source. In the future, # this should check for hooks stored on the heap. TODO. sub on_public { - my( $kernel, $heap, $who, $what, $src, $dest, $replypath ) = @_[ KERNEL, HEAP, ARG0, ARG1, ARG2, ARG3, ARG4 ]; + my( $kernel, $heap, $who, $what, $src, $dest, $replypath, $trusted ) = @_[ KERNEL, HEAP, ARG0, ARG1, ARG2, ARG3, ARG4, ARG5 ]; $kernel->yield( "seen", $who, $what, $src, $dest, $replypath ); my $cmd = ( split( / /, $what, 2 ) )[0]; # Check for the presence of a command if( $cmd =~ /^~.*/ ) { - $kernel->yield( "cmd", $who, $what, $src, $dest, $replypath ); + $kernel->yield( "cmd", $who, $what, $src, $dest, $replypath, $trusted ); } else { # Handle URLs # TODO: Find a new place to put trap config if( $what =~ m!(https?://[^[:space:]]+)!i ) { print( "IRC : URL Trapped: '$1' from $who\n" ); my $url = $1; - $kernel->yield( "cmd", $who, "TITLE $url", $src, $dest, $replypath ); + $kernel->yield( "cmd", $who, "TITLE $url", $src, $dest, $replypath, $trusted ); } # Handle Karma if( $what =~ m/^([^ ]+)--$/ ) { - $kernel->yield( "cmd", $who, "KARMADOWN $1", $src, $dest, $replypath ); + $kernel->yield( "cmd", $who, "KARMADOWN $1", $src, $dest, $replypath, $trusted ); } elsif( $what =~ m/^([^ ]+)\+\+$/ && $what !~ m/DC\+\+$/i ) { - $kernel->yield( "cmd", $who, "KARMAUP $1", $src, $dest, $replypath ); + $kernel->yield( "cmd", $who, "KARMAUP $1", $src, $dest, $replypath, $trusted ); } } }