From 85cfcdf38d7c7bfff8ae384480780200de5f8a34 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Fri, 22 Jul 2016 01:40:27 +0000
Subject: [PATCH] Add SecureOnly option to global tickit.ini config
This will only import tic files from the secure inbound. This is intended to
be used with IgnorePassword to limit the attack surface.
---
exec/load/fidocfg.js | 14 ++++++++++++++
exec/tickit.js | 9 +++++----
2 files changed, 19 insertions(+), 4 deletions(-)
diff --git a/exec/load/fidocfg.js b/exec/load/fidocfg.js
index e5f791c086..079627eed3 100644
--- a/exec/load/fidocfg.js
+++ b/exec/load/fidocfg.js
@@ -23,6 +23,18 @@ function TickITCfg() {
var sects;
var i;
+ function get_bool(val) {
+ if (val === undefined)
+ return false;
+ switch(val.toUpperCase()) {
+ case 'YES':
+ case 'TRUE':
+ case 'ON':
+ return true;
+ }
+ return false;
+ }
+
function lcprops(obj)
{
var i;
@@ -49,6 +61,8 @@ function TickITCfg() {
lcprops(this.acfg[sects[i].toLowerCase()]);
}
tcfg.close();
+ this.gcfg.ignorepassword = get_bool(this.ignorepassword);
+ this.gcfg.secureonly = get_bool(this.secureonly);
}
TickITCfg.prototype.cset = '0123456789abcdefghijklmnopqrstuvwxyz-_';
TickITCfg.prototype.basefn_to_num = function(num)
diff --git a/exec/tickit.js b/exec/tickit.js
index 15f57fc4b1..8592abe0d9 100644
--- a/exec/tickit.js
+++ b/exec/tickit.js
@@ -504,10 +504,7 @@ function parse_ticfile(fname)
}
}
- if (tickit.gcfg.ignorepassword === undefined ||
- tickit.gcfg.ignorepassword.toLowerCase() == 'no' ||
- tickit.gcfg.ignorepassword.toLowerCase() == 'off' ||
- tickit.gcfg.ignorepassword.toLowerCase() == 'false')
+ if (!tickit.gcfg.ignorepassword) {
if (!sbbsecho.match_pw(tic.from, tic.pw))
return false;
}
@@ -549,6 +546,10 @@ function main() {
var processed = 0;
for (i=0; i<sbbsecho.inb.length; i++) {
+ if (tickit.gcfg.secureonly) {
+ if (sbbsecho.inb[i] != sbbsecho.secure_inbound)
+ continue;
+ }
if (system.platform === 'Win32')
ticfiles = directory(sbbsecho.inb[i]+'/*.tic');
else
--
GitLab