diff options
| author |  jesopo | 2019-11-21 16:31:23 +0000 |
|---|---|---|
| committer | jesopo | 2019-11-21 16:31:23 +0000 |
| commit | 50d12e7e1f4dd9513832968e8c3031c92d207732 (patch) | |
| tree | d104819785eec0fba42ce2ac21ad6bef018d220c | |
| parent | `authenticated` is expected to be a boolean (diff) | |
| signature | ||
implement master-password/master-login in permissions module
| -rw-r--r-- | modules/permissions/__init__.py | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/permissions/__init__.py b/modules/permissions/__init__.py index fbdfad1a..a4c052f2 100644 --- a/modules/permissions/__init__.py +++ b/modules/permissions/__init__.py @@ -32,6 +32,16 @@ class Module(ModuleManager.BaseModule): (None, None)) return hash, salt + def _master_password(self): + master_password = self._random_password() + hash, salt = self._make_hash(master_password) + self.bot.set_setting("master-password", [hash, salt]) + return master_password + @utils.hook("control.master-password") + def command_line(self, event): + master_password = self._master_password() + return "One-time master password: %s" % master_password + def _has_identified(self, server, user, account): user._id_override = server.get_user_id(account) def _is_identified(self, user): @@ -66,6 +76,7 @@ class Module(ModuleManager.BaseModule): def new_user(self, event): event["user"]._hostmask_account = None event["user"]._account_override = None + event["user"]._master_admin = False def _set_hostmask(self, server, user): account = self._find_hostmask(server, user) @@ -98,6 +109,9 @@ class Module(ModuleManager.BaseModule): return [] def _has_permission(self, user, permission): + if user._master_admin: + return True + permissions = self._get_permissions(user) if permission in permissions: return True @@ -118,6 +132,21 @@ class Module(ModuleManager.BaseModule): return True return False + @utils.hook("received.command.masterlogin") + @utils.kwarg("min_args", 1) + @utils.kwarg("private_only", True) + def master_login(self, event): + saved_hash, saved_salt = self.bot.get_setting("master-password", + (None, None)) + if saved_hash and saved_salt: + given_hash, _ = self._make_hash(event["args"], saved_salt) + if utils.security.constant_time_compare(given_hash, saved_hash): + self.bot.del_setting("master-password") + event["user"]._master_admin = True + event["stdout"].write("Master login successful") + return + event["stderr"].write("Master login failed") + @utils.hook("received.command.mypermissions") @utils.kwarg("authenticated", True) def my_permissions(self, event): |