View Issue Details

IDProjectCategoryView StatusLast Update
0004231unrealircdpublic2018-06-11 08:34
ReporterKindOneAssigned Tosyzop 
PrioritynormalSeverityfeatureReproducibilityN/A
Status resolvedResolutionfixed 
Product Version 
Target VersionFixed in Version4.0.18 
Summary0004231: Create flags options in allow { }.
DescriptionWould be nice to have some flags options for the allow { } blocks.

These are some I copied from charybdis that I would like to see.

need_ssl -- require people to use ssl to connect.
need_sasl -- require people to use sasl to connect, this can be used in order to help stop bots/people on abusive IP ranges without having to ban the innocent people. The majority of popular IRC clients have built in sasl support or you might have to use a script.

I'm sure some other flags might benefit.

// Example of what I would like to see.
allow {
    // Abusive IP range
    ip *@50.50.*.*;
    hostname *@*;
    class clients;
    maxperip 5;
    flags need_sasl;
};
 
TagsNo tags attached.
3rd party modules

Activities

katsklaw

2013-08-09 17:35

reporter   ~0017741

+1

Jobe1986

2013-08-10 00:49

reporter   ~0017743

+1 from me too, however I think instead of an additional allow::flags option/block, why not have them as additional options in the already existing allow::options sub block?

This idea could also be expanded as "exception" flags to ban * {} blocks, eg if you match say a ban ip block, and it has the sasl exception option in the ban ip block, then the ban ip block would be ignored.

bekarfel

2013-12-09 19:04

reporter   ~0017858

doesn't allow::options::ssl work for allow::flags::need_ssl ?

NoMiaus

2016-06-13 03:42

reporter   ~0019319

Any news about this? It is a really good idea.

GTAXL

2016-06-13 22:18

reporter   ~0019324

It'd be nice if that allow block for the IP part would allow IP blocks (CIDR notation). You mention SASL only, some networks find that useful to restrict cellular 3G/4G networks to SASL auth only to prevent abuse, and I feel CIDR notation would be easier and a better representation of said IP ranges.

syzop

2018-06-11 08:34

administrator   ~0020140

After 4.5 years... ;)

allow::options::ssl already was there but this adds allow::options::sasl

Also, and this was before I had read this bug report, I have made two synonyms so that 'ssl' also exists as 'require-ssl' and 'sasl' exists as 'require-sasl'. We may want to phase out the ones without require in the docs and everywhere sometime... the require-* makes it a bit more clear.

commit cd6d7a2bb7967092f303dfd7fe09cf8748c12d39
Author: Bram Matthys <syzop@vulnscan.org>
Date: Mon Jun 11 08:22:29 2018 +0200

    Add allow::options::sasl (or require-sasl) to require SASL authentication
    as suggested in https://bugs.unrealircd.org/view.php?id=5098
    The allow block documentation has been updated, including an example at
    the end of the page - https://www.unrealircd.org/docs/Allow_block

Issue History

Date Modified Username Field Change
2013-08-08 18:53 KindOne New Issue
2013-08-09 17:35 katsklaw Note Added: 0017741
2013-08-10 00:49 Jobe1986 Note Added: 0017743
2013-12-09 19:04 bekarfel Note Added: 0017858
2014-03-14 01:14 peterkingalexander Issue cloned: 0004273
2016-06-13 03:42 NoMiaus Note Added: 0019319
2016-06-13 22:18 GTAXL Note Added: 0019324
2018-06-11 08:34 syzop Assigned To => syzop
2018-06-11 08:34 syzop Status new => resolved
2018-06-11 08:34 syzop Resolution open => fixed
2018-06-11 08:34 syzop Note Added: 0020140
2018-06-11 08:34 syzop Fixed in Version => 4.0.18