Skip to content
Snippets Groups Projects
Commit ad7de570 authored by Rob Swindell's avatar Rob Swindell :speech_balloon:
Browse files

Add configurable "LoginRequirements" (ARS format) per-service in services.ini

In response to Reddit inquiry in /r/bbs by wts42:
"is there a possibility in sbbs to restrict access to services like IMAP by
level or flag?"

... now there is.

This only works for services that use the JS login() method to authenticate
the user.

If the services server's LoginRequirements are set in the sbbs.ini file, then
*both* sets of requirements must be met to successfully login to a service.
parent 9d1bbd97
No related branches found
No related tags found
No related merge requests found
......@@ -22,6 +22,7 @@ ListenBacklog=5
; Interface (default: network interface IP address specified in sbbs.ini [services])
; Host (default: unspecified) - only run on the specified hostname
; NotHost (default: unspecified) - do not run on the specified hostname
; LoginRequirements (default: none) - access requirements (ARS) for logging-into this service
; Advanced JavaScript execution keys:
; JavaScriptMaxBytes
......
......@@ -78,6 +78,7 @@ typedef struct {
struct in6_addr outgoing6;
char protocol[34];
char cmd[128];
char login_ars[LEN_ARSTR + 1];
uint max_clients;
uint32_t options;
int listen_backlog;
......@@ -449,6 +450,13 @@ js_login(JSContext *cx, uintN argc, jsval *arglist)
JS_RESUMEREQUEST(cx, rc);
return(JS_TRUE);
}
if(!chk_ars(&scfg, client->service->login_ars, &client->user, client->client)) {
lprintf(LOG_NOTICE,"%04d %s <%s> !Insufficient service access: %s"
,client->socket, client->service->protocol, client->user.alias, client->service->login_ars);
badlogin(client->socket, user, NULL, client->client, &client->addr);
JS_RESUMEREQUEST(cx, rc);
return(JS_TRUE);
}
JS_RESUMEREQUEST(cx, rc);
......@@ -1628,6 +1636,7 @@ static service_t* read_services_ini(const char* services_ini, service_t* service
char cmd[INI_MAX_VALUE_LEN];
char host[INI_MAX_VALUE_LEN];
char prot[INI_MAX_VALUE_LEN];
char value[INI_MAX_VALUE_LEN];
char portstr[INI_MAX_VALUE_LEN];
char** sec_list;
str_list_t list;
......@@ -1675,6 +1684,8 @@ static service_t* read_services_ini(const char* services_ini, service_t* service
serv.log_level=iniGetLogLevel(list,sec_list[i],"LogLevel",log_level);
serv.lowest_log_level=iniGetLogLevel(list,sec_list[i],"LowestLogLevel",0);
SAFECOPY(serv.cmd,iniGetString(list,sec_list[i],"Command","",cmd));
SAFECOPY(serv.login_ars
,iniGetString(list, sec_list[i], "LoginRequirements", "", value));
p=iniGetString(list,sec_list[i],"Port",serv.protocol,portstr);
if(IS_DIGIT(*p))
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment