Page 1 of 1
Restrict allowed client connections / Additional whois info
Posted: Thu Jul 22, 2004 3:36 pm
First off I want to thank everyone involved for the updates to allow win32 to use dll modules!
Now for the modules / general help requests
I'm working on an intranet project using unreal on a windows(2k) platform and what I'm wanting to do is restrict clients joining to those who have gone through the hosted(on the same server) java client. Basically i'm wanting to restrict any third party IRC applications. Conference room(what im trying to replace) has some trickery used to authenticate the client and verify it was loaded from the same server.. and I need to replicate that if at all possible. I'm currently using PJIRC ( http://www.pjirc.com/main.php
) Which is a great applet and im sure i'm going to have to tinker with it quite a bit to get the authentication going.. im just not sure how involved the unreal server is going to get in the situtation.
I sadly had to move from apache to IIS so that i could pull NT login information to match the webpage visitor to their corporate identity- but I'm hung as what would be a good method to integrate that information so that it is available from the irc server- possibly in a /whois or the like.
Posted: Thu Jul 22, 2004 4:02 pm
Look at PJIRC's on connect commands, perhaps use one to identify to a vhost or similar? Then anyone without that vhost should be /killed
Posted: Thu Jul 22, 2004 4:06 pm
PJIRC is capable of logging in to passworded IRC servers. Configure a password in the ALLOW block. Then set PJIRC to use that password
Anyone can of course, read the source code and retreive the password. But if you change often enough, it will be a nusance not to use your JavaChat
Posted: Thu Jul 22, 2004 7:29 pm
hmm, good idea.
I'm wondering if there's some transparent(to the user) way i could do it- I'm sure there's an advantage to having the webserver running on the same box the ircd is..
Posted: Thu Jul 22, 2004 7:34 pm
The PASSWORD method is transparent to the user, in the PJIRC readme using a password is described. It is a configuration option in the HTML
There isnt, the connection will still come from the remote box. Maybe CGI-IRC is for you (the connection will then be from 127.0.0.1 or whatever the webserver IP is. However then you cant GLINE by IP. I suppose you could still do it by user though
AFTERTHOUGHT: A mod should move this to support, it isnt really a module question
Posted: Thu Jul 22, 2004 8:07 pm
If i could pass along the value which im getting of their NT domain login, then i could use that to ban/block etc and cgi-irc would work fine.
Posted: Thu Jul 22, 2004 9:44 pm
Are you using ASP or PHP or some server side scripting language?
I have never used CGI-IRC but perhaps you could configure so that their ident is their login name
Posted: Fri Jul 23, 2004 3:55 pm
Using PHP on IIS now.(and missing apache
I checked CGI-IRC out, it just doesnt have the flexibility i want of a java client. I will be sticking with PJIRC.
Also, ident is a bit too short for use as the nt login.. however, i think i might just stick it into a finger reply. I've got privdef running on the server, so regular users cant use any privmsg or commands, which would limit it to IRCops. Preferrably I would like to include "user login" into my /whois
Posted: Fri Jul 23, 2004 5:25 pm
All I can think of in for putting it in the whois is a vhost
Posted: Sun Jul 25, 2004 5:22 pm
I created a module to add a new chmode +j which would stop people joining the channel in under X seconds of connecting (read my thread). As an afterthought, i decided to add a umode +f to which was unsettable by any user including ircops, but could only be set by logging in with a new command which had to be sent within the first 15 seconds of being connected. This +f umode allows the user to bypass the +j chmode and also adds a new whois line stating the user 'is connecting from the website' using numeric 336 (not wanting to use the swhois line).
However, to complete my task i had to edit the source codes to (a) stop it being setable by anyone at all and (b) add a new whois line. This means its completely unsupported by the unreal team. What i want to know however, is, is it possible to inject a new line into the whois reply without having to edit the source code so i can add a supportable module or would it have to override the default whois code?
If this is possible, it will help with your request too Ian.
Posted: Sun Jul 25, 2004 6:12 pm
To complete the (a) point you don't have to edit the main source code. Both UmodeAdd
allows you to deny everyone from setting the modes (in case of channel modes you do it with the is_ok
member of the CmodeInfo
Posted: Sun Jul 25, 2004 6:25 pm
The (b) point indeed can't be done without modifying the code of /whois or adding an override on the command, both ways are ugly.
Posted: Sun Jul 25, 2004 8:27 pm
Thanks for the reply Angrywolf. I'm against ugly methods, although the method i used was ugly too.
The problem with adding to the whois is that looking for a new umode means its looking for something that doesn't exist until the module is compiled, which will fail. This then means you have to add the umode to the initial source codes and change the whois, or duplicate the whois command in a module, overriding the whole thing with your addition in place. Both methods i didn't really want to do, but oh well, can't have everything i guess.
Maybe this could be looked at in the next module system -- a method of adding lines to the whois or other commands?
Posted: Mon Aug 30, 2004 8:50 am
I'm actually looking for exactly the same thing. We are moving from Conference Room to UnrealIRCd and i want to be able to forbid anyone not using my Java applet to be able to user the server.
I had planned on adding a version ban on * and then making a version ban except for my Javapplet, but i noticed there is no version ban except. The ban except itself also doesn't work for version except so thats not a way i can go i guess.
What your making now Theos, seems like something that could work, i'd love to be able to get that module, or possible a version except module. (Or the ban except to work with version bans)