Add SecureOnly option to global tickit.ini config

This will only import tic files from the secure inbound. This is intended to be used with IgnorePassword to limit the attack surface.

Add SecureOnly option to global tickit.ini config
85cfcdf3 · deuce · a972cf5f · 85cfcdf3 · 85cfcdf3
Commit 85cfcdf3 authored 8 years ago by deuce
--- a/exec/load/fidocfg.js
+++ b/exec/load/fidocfg.js
@@ -23,6 +23,18 @@ function TickITCfg() {
 	var sects;
 	var i;

+	function get_bool(val) {
+		if (val === undefined)
+			return false;
+		switch(val.toUpperCase()) {
+		case 'YES':
+		case 'TRUE':
+		case 'ON':
+			return true;
+		}
+		return false;
+	}
+
 	function lcprops(obj)
 	{
 		var i;
@@ -49,6 +61,8 @@ function TickITCfg() {
 		lcprops(this.acfg[sects[i].toLowerCase()]);
 	}
 	tcfg.close();
+	this.gcfg.ignorepassword = get_bool(this.ignorepassword);
+	this.gcfg.secureonly = get_bool(this.secureonly);
 }
 TickITCfg.prototype.cset = '0123456789abcdefghijklmnopqrstuvwxyz-_';
 TickITCfg.prototype.basefn_to_num = function(num)

--- a/exec/tickit.js
+++ b/exec/tickit.js
@@ -504,10 +504,7 @@ function parse_ticfile(fname)
 		}
 	}

-	if (tickit.gcfg.ignorepassword === undefined ||
-	    tickit.gcfg.ignorepassword.toLowerCase() == 'no' ||
-	    tickit.gcfg.ignorepassword.toLowerCase() == 'off' ||
-	    tickit.gcfg.ignorepassword.toLowerCase() == 'false')
+	if (!tickit.gcfg.ignorepassword) {
 		if (!sbbsecho.match_pw(tic.from, tic.pw))
 			return false;
 	}
@@ -549,6 +546,10 @@ function main() {
 	var processed = 0;

 	for (i=0; i<sbbsecho.inb.length; i++) {
+		if (tickit.gcfg.secureonly) {
+			if (sbbsecho.inb[i] != sbbsecho.secure_inbound)
+				continue;
+		}
 		if (system.platform === 'Win32')
 			ticfiles = directory(sbbsecho.inb[i]+'/*.tic');
 		else