0000178: ACL handling does not work properly

Notes
(0000641) janvidar (administrator) 2012-04-23 12:38	Some thoughts about ACL model and how it could be structured: ACL: - Mode: Inclusive: Allow all with exceptions Exclusive: Allow nobody with exceptions - Registered users allowed (despite being banned) ? i.e. check ban-records after login have been attempted. SQL tables: CREATE TABLE acl ( id INTEGER PRIMARY KEY ASC, description CHAR NOT NULL, action CHAR NOT NULL DEFAULT 'Reject', mode CHAR NOT NULL DEFAULT 'OR', who CHAR NOT NULL DEFAULT 'Administrator', created TIMESTAMP DEFAULT (DATETIME('NOW')), expires TIMESTAMP DEFAULT (DATETIME('NOW')) ); CREATE TABLE rules ( id INTEGER PRIMARY KEY ASC, type CHAR NOT NULL, data CHAR NOT NULL, acl_id INTEGER, FOREIGN KEY(acl_id) REFERENCES acl(id) ); # Ban some IPs: INSERT INTO acl ('description', 'action', 'mode') VALUES ("local networks", "Allow", 'OR'); $last_id = SELECT last_insert_rowid() FROM acl; INSERT INTO rules (type, data, acl_id) VALUES ("ipv4", "127.0.0.0/8", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("ipv4", "10.0.0.0/8", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("ipv4", "192.168.0.0/16", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("ipv4", "172.16.0.0/12", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("ipv6", "::1/16", $last_id); # Ban a spammer INSERT INTO acl ('description', 'action', 'mode') VALUES ("spammer", "Reject", 'AND'); $last_id = SELECT last_insert_rowid() FROM acl; INSERT INTO rules (type, data, acl_id) VALUES ("nick", "SpaMMer", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("cid", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAXXIIXY", $last_id); !banlist 1. Allow: local networks 2. Reject: spammer !baninfo 1 Allow: local networks: Created by: Administrator on <date>. Expires: <date> Allow if any of these matches: 1. ipv4 127.0.0.0/8 2. ipv4 10.0.0.0/8 3. ipv4 192.168.0.0/16 4. ipv4 172.168.0.0/12 5. ipv6 ::1/16 !baninfo 2 Reject: spammer Created by: <operator> on <date>. Expires: <date> Reject if all of these matches: 1. nickname equals "SpaMMer" 2. cid equals "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAXXIIXY" !ban <user> [<reason>] INSERT INTO acl ('description', 'action', 'mode', 'who') VALUES ("<user>", "Reject", 'OR', '<operator>'); $last_id = SELECT last_insert_rowid() FROM acl; INSERT INTO rules (type, data, acl_id) VALUES ("ipv4", "1.2.3.4", $last_id); INSERT INTO rules (type, data, acl_id) VALUES ("cid", "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAXXIIXY", $last_id);

(0000656) e8hffff (reporter) 2012-09-22 05:11	It should be easy to have a simple 32bit integer to store user flags in the same sql database or somehow represented in a user list text file. That way 1 bit can represent a ban, 1 bit for a warning, etc. Then logically allow or kick users as they try to join server. If a !kick is issued on user with warning, then flag for ban is set. A bit could hold a ip ban update trigger, as in when a username is used the ip used is added to the ip ranges if that user is banned, to get around dynamic ips with same username. A separate table could be used to store ip ranges. That would require varchar(16) to store ipv6 address. All ips could be converted to ipv6 for convenience of checking. Datetime for both add and expire. Flag integer for 1bit to tell if ip is ban or allow type.

Issue History
Date Modified	Username	Field	Change
2012-01-03 23:49	janvidar	New Issue
2012-04-23 12:38	janvidar	Note Added: 0000641
2012-05-07 10:30	janvidar	Relationship added	parent of 0000135
2012-05-07 10:30	janvidar	Relationship added	parent of 0000128
2012-05-07 10:31	janvidar	Relationship added	parent of 0000129
2012-09-22 05:11	e8hffff	Note Added: 0000656
2013-04-15 12:32	janvidar	Category	=> Unspecified