View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006096||unreal||ircd||public||2022-05-05 21:42||2022-05-13 11:42|
|Priority||normal||Severity||feature||Reproducibility||have not tried|
|Fixed in Version||6.0.4|
|Summary||0006096: Security Groups options modification|
|Description||So, as I understand it, when configuring a security group, the options identified, tls and webirc only currently have yes/no options where yes means "match only if this condition is true" and no means don't care, match both. So what I am proposing is an extra "exclude" option, where by if any of those 3 are set to "exclude" then the security group only matches a user if they do NOT match those types.|
For example it appears you can have a security group for webirc users, and a security group for webirc and non-webirc users, but you cant have a security group that doesn't include webirc users.
At least that's based on my understanding and a discussion with PeGaSuS on #unreal-support. Either way, "yes" and "no" seem insufficient to choose from all 3 of "match only if", match only if not" and "match both", where "no" would apparently be the current "match both" and "yes" is currently "match only if".
We also did discuss nesting security groups using extended server bans, however whilst that would allow you to use a "not webirc" security group extended ban as an include-mask (if its possible) that wouldn't then allow you to match non-webirc users from a list of specified host masks.
|Tags||No tags attached.|
|3rd party modules|
I knew when writing the security groups code there will be a request for this sooner or later... :D
I have now done this, see the updated documentation at https://www.unrealircd.org/docs/Security-group_block
I did not go for a VALUE of "exclude" but went for new NAMES exclude-xxx. The reason for that is that while a value works OK for things like "webirc" and "tls", they do not work for like "include-mask" which would then be "exclude-mask". That would still be OK, but then you have other things like "reputation-score" and later too with more items.
Still the same idea, of course!
commit 788c230bdc405a1777bd3b37be15d942eb598158 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD)
Author: Bram Matthys <firstname.lastname@example.org>
Date: Fri May 13 11:33:57 2022 +0200
Support exclusion criteria in security groups.
Suggested by Jobe in https://bugs.unrealircd.org/view.php?id=6096
Also add support for matching a reputation below a value ("<10").
See https://www.unrealircd.org/docs/Security-group_block for info
on all of these.