extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret channels, which prevents trivial ban evasion by setting the target channel +s. Information leak due to this change is unlikely since the attacker would have to know that the target channel exists, the name of the channel (or guess it), have a specific user they wanted to know whether was in the channel (and not know already), and the target user would need to have something like autojoin-on-invite enabled (or any of the other various ways hostname cloaking is attacked).
This commit is contained in:
parent
28f877462d
commit
1175ff837d
2 changed files with 2 additions and 9 deletions
|
@ -1,5 +1,5 @@
|
||||||
/*
|
/*
|
||||||
* Channel extban type: matches users who are in a certain public channel
|
* Channel extban type: matches users who are in a certain channel
|
||||||
* -- jilles
|
* -- jilles
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
@ -47,8 +47,5 @@ static int eb_channel(const char *data, struct Client *client_p,
|
||||||
/* require consistent target */
|
/* require consistent target */
|
||||||
if (chptr->chname[0] == '#' && data[0] == '&')
|
if (chptr->chname[0] == '#' && data[0] == '&')
|
||||||
return EXTBAN_INVALID;
|
return EXTBAN_INVALID;
|
||||||
/* privacy! don't allow +s/+p channels to influence another channel */
|
|
||||||
if (!PubChannel(chptr2) && chptr2 != chptr)
|
|
||||||
return EXTBAN_INVALID;
|
|
||||||
return IsMember(client_p, chptr2) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
|
return IsMember(client_p, chptr2) ? EXTBAN_MATCH : EXTBAN_NOMATCH;
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,11 +18,7 @@ Unless noted below, all types can be used with +b, +q, +e and +I.
|
||||||
$a - Matches all logged in users
|
$a - Matches all logged in users
|
||||||
$a:<mask> - Matches users logged in with a username matching the mask
|
$a:<mask> - Matches users logged in with a username matching the mask
|
||||||
(* and ? wildcards)
|
(* and ? wildcards)
|
||||||
$c:<chan> - Matches users who are on the given channel; this is only
|
$c:<chan> - Matches users who are on the given channel
|
||||||
valid if the channel exists and is not +s or +p. (The ops
|
|
||||||
of the channel the ban is on cannot necessarily see whether
|
|
||||||
the user is in the target channel, so it should not
|
|
||||||
influence whether they can join either.)
|
|
||||||
$o - Matches opers (most useful with +I)
|
$o - Matches opers (most useful with +I)
|
||||||
$r:<mask> - Matches users with a realname (gecos) matching the mask
|
$r:<mask> - Matches users with a realname (gecos) matching the mask
|
||||||
(* and ? wildcards); this can only be used with +b and +q
|
(* and ? wildcards); this can only be used with +b and +q
|
||||||
|
|
Loading…
Reference in a new issue