mirror of
https://github.com/znc/znc.git
synced 2026-07-05 17:31:06 +02:00
Add "AuthOnlyViaModule" global/user setting
Setting AuthOnlyViaModule on a user causes CheckPass to never return true, causing all authentication attempts using the configured password to fail, both on IRC connections and for webadmin. This is useful in situations where an external module (cyrusauth, certauth, imapauth) handles authentication. Setting the global AuthOnlyViaModule option causes similar behavior across every user. If AuthOnlyViaModule is set to true globally, it cannot be overridden per-user. Close #1474 Close #331
This commit is contained in:
committed by
Alexey Sokolov
parent
3d874f6fe4
commit
42939c998f
@@ -108,6 +108,7 @@ class CAdminMod : public CModule {
|
||||
{"Admin", boolean},
|
||||
{"AppendTimestamp", boolean},
|
||||
{"PrependTimestamp", boolean},
|
||||
{"AuthOnlyViaModule", boolean},
|
||||
{"TimestampFormat", str},
|
||||
{"DCCBindHost", str},
|
||||
{"StatusPrefix", str},
|
||||
@@ -273,6 +274,9 @@ class CAdminMod : public CModule {
|
||||
else if (sVar == "prependtimestamp")
|
||||
PutModule("PrependTimestamp = " +
|
||||
CString(pUser->GetTimestampPrepend()));
|
||||
else if (sVar == "authonlyviamodule")
|
||||
PutModule("AuthOnlyViaModule = " +
|
||||
CString(pUser->AuthOnlyViaModule()));
|
||||
else if (sVar == "timestampformat")
|
||||
PutModule("TimestampFormat = " + pUser->GetTimestampFormat());
|
||||
else if (sVar == "dccbindhost")
|
||||
@@ -442,6 +446,14 @@ class CAdminMod : public CModule {
|
||||
bool b = sValue.ToBool();
|
||||
pUser->SetTimestampAppend(b);
|
||||
PutModule("AppendTimestamp = " + CString(b));
|
||||
} else if (sVar == "authonlyviamodule") {
|
||||
if (GetUser()->IsAdmin()) {
|
||||
bool b = sValue.ToBool();
|
||||
pUser->SetAuthOnlyViaModule(b);
|
||||
PutModule("AuthOnlyViaModule = " + CString(b));
|
||||
} else {
|
||||
PutModule(t_s("Access denied!"));
|
||||
}
|
||||
} else if (sVar == "timestampformat") {
|
||||
pUser->SetTimestampFormat(sValue);
|
||||
PutModule("TimestampFormat = " + sValue);
|
||||
|
||||
@@ -40,6 +40,12 @@
|
||||
<input id="password2" type="password" name="password2" class="half"
|
||||
title="<? FORMAT "Please re-type the above password." ?>"/>
|
||||
</div>
|
||||
<div class="subsection">
|
||||
<div class="inputlabel"><label for="authonlyviamodule"><? FORMAT "Auth Only Via Module:" ?></label></div>
|
||||
<input id="authonlyviamodule" type="checkbox" name="authonlyviamodule"
|
||||
title="<? FORMAT "Allow user authentication by external modules only, disabling built-in password authentication." ?>"
|
||||
<? IF AuthOnlyViaModule ?>checked="checked" <? ENDIF ?><? IF !ImAdmin ?>disabled="disabled" <? ENDIF ?>/>
|
||||
</div>
|
||||
<div class="subsection half">
|
||||
<div class="inputlabel"><label for="allowedips"><? FORMAT "Allowed IPs:" ?></label></div>
|
||||
<textarea id="allowedips" name="allowedips" cols="70" rows="5"><? LOOP AllowedHostLoop ?><? VAR Host ?>
|
||||
|
||||
@@ -147,6 +147,12 @@
|
||||
<label for="hideversion_checkbox"><? FORMAT "Hide version number from non-ZNC users" ?></label></div>
|
||||
</div>
|
||||
|
||||
<div class="subsection">
|
||||
<div class="inputlabel"><? FORMAT "Auth Only Via Module:" ?></div>
|
||||
<div class="checkbox"><input type="checkbox" name="authonlyviamodule" id="authonlyviamodule_checkbox"<? IF AuthOnlyViaModule ?> checked="checked"<? ENDIF ?> />
|
||||
<label for="authonlyviamodule_checkbox"><? FORMAT "Allow user authentication by external modules only" ?></label></div>
|
||||
</div>
|
||||
|
||||
|
||||
<div class="subsection twothird">
|
||||
<div class="inputlabel"><label for="motd"><? FORMAT "MOTD:" ?></label></div>
|
||||
|
||||
@@ -210,6 +210,15 @@ class CWebAdminMod : public CModule {
|
||||
pNewUser->SetPass(sHash, CUser::HASH_DEFAULT, sSalt);
|
||||
}
|
||||
|
||||
sArg = WebSock.GetParam("authonlyviamodule");
|
||||
if (spSession->IsAdmin()) {
|
||||
if (!sArg.empty()) {
|
||||
pNewUser->SetAuthOnlyViaModule(sArg.ToBool());
|
||||
}
|
||||
} else if (pUser) {
|
||||
pNewUser->SetAuthOnlyViaModule(pUser->AuthOnlyViaModule());
|
||||
}
|
||||
|
||||
VCString vsArgs;
|
||||
|
||||
WebSock.GetRawParam("allowedips").Split("\n", vsArgs);
|
||||
@@ -344,11 +353,14 @@ class CWebAdminMod : public CModule {
|
||||
pNewUser->SetDenyLoadMod(WebSock.GetParam("denyloadmod").ToBool());
|
||||
pNewUser->SetDenySetBindHost(
|
||||
WebSock.GetParam("denysetbindhost").ToBool());
|
||||
pNewUser->SetAuthOnlyViaModule(
|
||||
WebSock.GetParam("authonlyviamodule").ToBool());
|
||||
sArg = WebSock.GetParam("maxnetworks");
|
||||
if (!sArg.empty()) pNewUser->SetMaxNetworks(sArg.ToUInt());
|
||||
} else if (pUser) {
|
||||
pNewUser->SetDenyLoadMod(pUser->DenyLoadMod());
|
||||
pNewUser->SetDenySetBindHost(pUser->DenySetBindHost());
|
||||
pNewUser->SetAuthOnlyViaModule(pUser->AuthOnlyViaModule());
|
||||
pNewUser->SetMaxNetworks(pUser->MaxNetworks());
|
||||
}
|
||||
|
||||
@@ -1327,6 +1339,7 @@ class CWebAdminMod : public CModule {
|
||||
Tmpl["ImAdmin"] = CString(spSession->IsAdmin());
|
||||
|
||||
Tmpl["Username"] = pUser->GetUserName();
|
||||
Tmpl["AuthOnlyViaModule"] = CString(pUser->AuthOnlyViaModule());
|
||||
Tmpl["Nick"] = pUser->GetNick();
|
||||
Tmpl["AltNick"] = pUser->GetAltNick();
|
||||
Tmpl["StatusPrefix"] = pUser->GetStatusPrefix();
|
||||
@@ -1872,6 +1885,7 @@ class CWebAdminMod : public CModule {
|
||||
Tmpl["ProtectWebSessions"] =
|
||||
CString(CZNC::Get().GetProtectWebSessions());
|
||||
Tmpl["HideVersion"] = CString(CZNC::Get().GetHideVersion());
|
||||
Tmpl["AuthOnlyViaModule"] = CString(CZNC::Get().GetAuthOnlyViaModule());
|
||||
|
||||
const VCString& vsMotd = CZNC::Get().GetMotd();
|
||||
for (const CString& sMotd : vsMotd) {
|
||||
@@ -2018,6 +2032,8 @@ class CWebAdminMod : public CModule {
|
||||
CZNC::Get().SetProtectWebSessions(sArg.ToBool());
|
||||
sArg = WebSock.GetParam("hideversion");
|
||||
CZNC::Get().SetHideVersion(sArg.ToBool());
|
||||
sArg = WebSock.GetParam("authonlyviamodule");
|
||||
CZNC::Get().SetAuthOnlyViaModule(sArg.ToBool());
|
||||
|
||||
VCString vsArgs;
|
||||
WebSock.GetRawParam("motd").Split("\n", vsArgs);
|
||||
|
||||
Reference in New Issue
Block a user