Skip to content
Snippets Groups Projects
Open wishlist: tickfix restricted areas
  • View options
  • wishlist: tickfix restricted areas

  • View options
  • Open Issue created by Fernando Toledo

    First idea

    Tickfix needs a minimum of security for published areas.

    Currently all configured areas are available so that all links can connect through the "filefix@node" robot.

    The desired thing is that each link can see certain areas according to its permission

    My idea is that it is similar to the ECHOLIST that sbbsecho actualy handles

    Something very simple like a text file that lists the FileEcho TAG one per line

    image

    Then in each link you can add the list of KEYS that it has permission to

    image

    example sbbsecho.ini:

    ; fileechos definitions
    [filelist:/sbbs/fido/FILELIST.FIDOPUBLIC]
    Keys = FIDOPUBLIC
    
    [filelist:/sbbs/fido/FILELIST.FIDOZ4ADMINS]
    Keys = FIDOADMINS
    
    [filelist:/sbbs/fido/FILELIST.ZUDAKA]
    Keys = ZUDAKAFILES
    
    ;node examples:
    
    [node:4:902/26.10@fidonet]
    Name = Fido Point test
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC
    
    
    [node:4:902/30@fidonet]
    Name = some fido node sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC,FIDOADMINS
    
    [node:15:123/4@zudaka]
    Name = Zudaka node
    [...]
    Keys = ZDECHOS
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ZUDAKAFILES
    

    This prevents the problem of links not receiving file areas from any other networks, example:

    image

    Also when a link asks for the list of areas, you can only see and connect to the ones you have available according to the new "FileKeys" option.

    alternative implementation

    sbbsecho should only store the FileKeys (multiple possible values) for each link (no filelist definition):

    [node:4:902/30@fidonet]
    Name = some fido node sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC,FIDOADMINS
    
    [node:4:902/10.123@fidonet]
    Name = some fido point
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = FIDOPUBLIC
    
    
    [node:4:902/666@fidonet]
    Name = some super power sysop
    [...]
    Keys = FIDO,FIDOESP,FIDOBR
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ALL_FILE_ECHOS
    
    [node:15:123/4@zudaka]
    Name = Zudaka node
    [...]
    Keys = ZDECHOS
    Status = Normal
    LocalAddress = 4:902/26
    FileKeys = ZUDAKAFILES
    

    and inside tickit.ini for each area add a Keys option that can have an list of keys, for example:

    [Z4NODE]
    Dir=fidoz4node
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=4:902/26.3,4:930/1,4:902/26.17
    Keys=FIDOPUBLIC,ALL_FILE_ECHOS
    
    [Z4DAILY]
    Dir=fidoz4daily
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=4:902/26.3,2:280/464,4:930/1,4:902/26.17
    Keys=FIDOPUBLIC,ALL_FILE_ECHOS
    
    [ZSEGS]
    Dir=fidozsegs
    SourceAddress=4:902/26@fidonet
    AKAMatching=true
    ForceReplace=true
    links=1:/234/5, 2:345/6, 3:456/7
    Keys=FIDOADMINS,ALL_FILE_ECHOS
    
    [ZD_INFO]
    Dir=zd_info
    SourceAddress=15:1/1@zudaka
    Uploader=Ragnarok
    links=2:280/464,4:930/1
    Keys=ZUDAKAFILES,ALL_FILE_ECHOS
    
    [ZD_NODE]
    links=15:1/2,2:280/464,4:930/1
    Dir=zd_node
    SourceAddress=15:1/1@zudaka
    Uploader=Ragnarok
    ForceReplace=true
    Handler=tickit/nodelist_handler.js
    HandlerArg={"domain":"zudaka", "match":"zudaka.z*", "nlmatch":"zudaka.*"}
    Keys=ZUDAKAFILES,ALL_FILE_ECHOS

    The expected result would be the following:

    Node can view and connect to
    4:902/30 Z4NODE,Z4DAILY,ZSEGS
    4:902/10.123 Z4NODE,Z4DAILY
    4:902/666 Z4NODE,Z4DAILY,ZSEGS, ZD_INFO, ZD_NODE
    15:123/4 ZD_INFO, ZD_NODE

    I think this second option is more valid because the sbbsecho code would be minimally touched (just handling a new key/value per link) and nothing more

    The rest of the logic would be implemented on tickfix according to the FileKeys of the link:

    1. the return of the possible list of areas is restricted
    2. verification to add an area to the link, that you have permissions to do so.

    Saludos!

    Linked items 0

  • Link items together to show that they're related.

    Activity

    • All activity
    • Comments only
    • History only
    • Newest first
    • Oldest first