diff options
Diffstat (limited to 'lib/access.sh')
| -rw-r--r-- | lib/access.sh | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/lib/access.sh b/lib/access.sh new file mode 100644 index 0000000..28fa358 --- /dev/null +++ b/lib/access.sh @@ -0,0 +1,99 @@ +#!/bin/bash +# -*- coding: utf-8 -*- +########################################################################### +# # +# envbot - an IRC bot in bash # +# Copyright (C) 2007-2008 Arvid Norlander # +# # +# This program is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License as published by # +# the Free Software Foundation, either version 3 of the License, or # +# (at your option) any later version. # +# # +# This program is distributed in the hope that it will be useful, # +# but WITHOUT ANY WARRANTY; without even the implied warranty of # +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # +# GNU General Public License for more details. # +# # +# You should have received a copy of the GNU General Public License # +# along with this program. If not, see <http://www.gnu.org/licenses/>. # +# # +########################################################################### +#--------------------------------------------------------------------- +## Access control library. +#--------------------------------------------------------------------- + + +#--------------------------------------------------------------------- +## Check for owner access. +## @Type API +## @param n!u@h mask +## @return 0 If access was granted +## @return 1 If access was denied. +#--------------------------------------------------------------------- +access_check_owner() { + debug_log_caller "$@" + security_assert_argc 1 1 "$@" || { + log_error "Aiie! Access denied because of incorrect function call!" + return 1 + } + local index + for index in ${!config_access_mask[*]}; do + if [[ "$1" =~ ${config_access_mask[$index]} ]] && list_contains "config_access_capab[$index]" 'owner'; then + return 0 + fi + done + return 1 +} + +#--------------------------------------------------------------------- +## Check for access in scope. +## @Type API +## @param Capability to check for. +## @param n!u@h mask +## @param What scope +## @return 0 If access was granted +## @return 1 If access was denied. +#--------------------------------------------------------------------- +access_check_capab() { + debug_log_caller "$@" + security_assert_argc 3 3 "$@" || { + log_error "Aiie! Access denied because of incorrect function call!" + return 1 + } + local index + for index in ${!config_access_mask[*]}; do + if [[ "$2" =~ ${config_access_mask[$index]} ]] && \ + [[ "$3" =~ ${config_access_scope[$index]} ]]; then + if list_contains "config_access_capab[$index]" "$1" || \ + list_contains "config_access_capab[$index]" "owner"; then + return 0 + fi + fi + done + return 1 +} + +#--------------------------------------------------------------------- +## Used to log actions like "did a rehash" if access was granted. +## @Type API +## @param n!u@h mask +## @param What happened. +#--------------------------------------------------------------------- +access_log_action() { + log_info_file owner.log "$1 performed the restricted action: $2" +} + +#--------------------------------------------------------------------- +## Return error message about failed access to someone, and log it +## @Type API +## @param n!u@h mask +## @param What they tried to do +## @param What capability they need +#--------------------------------------------------------------------- +access_fail() { + log_error_file access.log "$1 tried to \"$2\" but lacks access." + local nick= + parse_hostmask_nick "$sender" 'nick' + send_notice "$nick" "Permission denied. You need the capability \"$3\" to do this action." +} |