Skip to content

Commit

Permalink
fix #2198 (#2199)
Browse files Browse the repository at this point in the history
Add require-sasl support to KLINE / UBAN on NUH masks
  • Loading branch information
slingamn authored Jan 14, 2025
1 parent 36e5451 commit 21ee867
Show file tree
Hide file tree
Showing 4 changed files with 11 additions and 9 deletions.
2 changes: 1 addition & 1 deletion irc/handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -1637,7 +1637,7 @@ func klineHandler(server *Server, client *Client, msg ircmsg.Message, rb *Respon
// get comment(s)
reason, operReason := getReasonsFromParams(msg.Params, currentArg)

err = server.klines.AddMask(mask, duration, reason, operReason, operName)
err = server.klines.AddMask(mask, duration, false, reason, operReason, operName)
if err != nil {
rb.Notice(fmt.Sprintf(client.t("Could not successfully save new K-LINE: %s"), err.Error()))
return false
Expand Down
10 changes: 6 additions & 4 deletions irc/kline.go
Original file line number Diff line number Diff line change
Expand Up @@ -66,11 +66,12 @@ func (km *KLineManager) AllBans() map[string]IPBanInfo {
}

// AddMask adds to the blocked list.
func (km *KLineManager) AddMask(mask string, duration time.Duration, reason, operReason, operName string) error {
func (km *KLineManager) AddMask(mask string, duration time.Duration, requireSASL bool, reason, operReason, operName string) error {
km.persistenceMutex.Lock()
defer km.persistenceMutex.Unlock()

info := IPBanInfo{
RequireSASL: requireSASL,
Reason: reason,
OperReason: operReason,
OperName: operName,
Expand Down Expand Up @@ -208,13 +209,14 @@ func (km *KLineManager) CheckMasks(masks ...string) (isBanned bool, info IPBanIn
for _, entryInfo := range km.entries {
for _, mask := range masks {
if entryInfo.Matcher.MatchString(mask) {
return true, entryInfo.Info
// apply the most stringent ban (unconditional bans override require-sasl)
if !isBanned || info.RequireSASL {
isBanned, info = true, entryInfo.Info
}
}
}
}

// no matches!
isBanned = false
return
}

Expand Down
2 changes: 1 addition & 1 deletion irc/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -428,7 +428,7 @@ func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
// check KLINEs (#671: ignore KLINEs for loopback connections)
if !session.IP().IsLoopback() || session.isTor {
isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...)
if isBanned {
if isBanned && !(info.RequireSASL && session.client.Account() != "") {
c.setKlined()
c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil)
server.logger.Info("connect", session.connID, "Client rejected by k-line", c.NickMaskString())
Expand Down
6 changes: 3 additions & 3 deletions irc/uban.go
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@ func ubanAddHandler(client *Client, target ubanTarget, params []string, rb *Resp
case ubanCIDR:
err = ubanAddCIDR(client, target, duration, requireSASL, operReason, rb)
case ubanNickmask:
err = ubanAddNickmask(client, target, duration, operReason, rb)
err = ubanAddNickmask(client, target, duration, requireSASL, operReason, rb)
case ubanNick:
err = ubanAddAccount(client, target, duration, operReason, rb)
}
Expand Down Expand Up @@ -242,8 +242,8 @@ func ubanAddCIDR(client *Client, target ubanTarget, duration time.Duration, requ
return
}

func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, operReason string, rb *ResponseBuffer) (err error) {
err = client.server.klines.AddMask(target.nickOrMask, duration, "", operReason, client.Oper().Name)
func ubanAddNickmask(client *Client, target ubanTarget, duration time.Duration, requireSASL bool, operReason string, rb *ResponseBuffer) (err error) {
err = client.server.klines.AddMask(target.nickOrMask, duration, requireSASL, "", operReason, client.Oper().Name)
if err == nil {
rb.Notice(fmt.Sprintf(client.t("Successfully added UBAN for %s"), target.nickOrMask))
} else {
Expand Down

0 comments on commit 21ee867

Please sign in to comment.