92 lines
2.9 KiB
Plaintext
92 lines
2.9 KiB
Plaintext
Access control becomes more of a problem as you have more and more
|
|
users that need to access certain features. As it stands, ircu has
|
|
only 3 access levels: ordinary user, local operator, and global
|
|
operator. This is hardly enough control, especially over some of the
|
|
more advanced and powerful features, such as G-lines.
|
|
|
|
Since u2.10.11, ircu includes the concept of privileges. Privileges
|
|
are basically an arbitrarily long bit string. Access to particular
|
|
features is governed by the value of a particular bit of that bit
|
|
string--in other words, privileges are a form of Access Control List.
|
|
This document covers the basic structures and macros used by the
|
|
privileges system.
|
|
|
|
<struct>
|
|
struct Privs;
|
|
|
|
The Privs structure stores a privileges bit string and represents a
|
|
user's entire privilege set. This is implemented as a structure,
|
|
rather than as an array of integers, in order to leverage C's
|
|
structure copy.
|
|
</struct>
|
|
|
|
<function>
|
|
void PrivSet(struct Privs pset, int priv);
|
|
|
|
This macro sets the privilege specified by _priv_ in the privileges
|
|
structure. This macro evaluates the _priv_ argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
void PrivClr(struct Privs pset, int priv);
|
|
|
|
This macro clears the privilege specified by _priv_ in the privileges
|
|
structure. This macro evaluates the _priv_ argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
int PrivHas(struct Privs pset, int priv);
|
|
|
|
This macro tests whether the privilege specified by _priv_ is set in
|
|
the privileges structure, returning non-zero if it is. This macro
|
|
evaluates the _priv_ argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
void GrantPriv(struct Client* cli, int priv);
|
|
|
|
This macro grants a particular client, specified by _cli_, the
|
|
privilege specified by _priv_. This macro evaluates the _priv_
|
|
argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
void RevokePriv(struct Client* cli, int priv);
|
|
|
|
This macro revokes the privilege specified by _priv_ from the client.
|
|
This macro evaluates the _priv_ argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
int HasPriv(struct Client* cli, int priv);
|
|
|
|
This macro tests whether the client specified by _cli_ has the
|
|
privilege specified by _priv_, returning non-zero if so. This macro
|
|
evaluates the _priv_ argument twice.
|
|
</function>
|
|
|
|
<function>
|
|
void client_set_privs(struct Client* client);
|
|
|
|
The ircu configuration file does not yet support privileges. This
|
|
function thus sets the appropriate privileges for an operator, based
|
|
upon various feature settings. It should be called whenever there is
|
|
a change in a user's IRC operator status.
|
|
</function>
|
|
|
|
<function>
|
|
int client_report_privs(struct Client *to, struct Client *client);
|
|
|
|
This function sends the client specified by _to_ a list of the
|
|
privileges that another client has. It returns a value of 0 for the
|
|
convenience of other functions that must return an integer value.
|
|
</function>
|
|
|
|
<authors>
|
|
Kev <klmitch@mit.edu>
|
|
</authors>
|
|
|
|
<changelog>
|
|
[2001-6-15 Kev] Initial documentation of the privileges system.
|
|
</changelog>
|