Historical:Development/Roadmap/account

From the makers of InspIRCd.
(Redirected from Development/Roadmap/account)
Jump to: navigation, search

Account subsystem

  • m_account - account information storage (replaces m_services_account)
    • METADATA <uid> account :<acctname> <tag> -- logs in an existing user
    • METADATA <uid> account : -- logs them out
    • ACCOUNT <acctname> SET <ts> <key> <value> -- stores a simple key/value pair in database
    • ACCOUNT <acctname> ADDM <ts> <key> <value> -- adds a value to a list in the database
    • ACCOUNT <acctname> DELM <key> <value> -- removes a value from the database
    • Database is propagated on burst and optionally saved to disk on the ircd
    • Collisions on values are resolved by the timestamp (most recent timestamp wins) or by string compare if timestamp equal
    • Services is responsible for deleting stale settings on an incoming burst. Recovery from stale entries must be possible.
  • m_account_auth
    • Gets username/password from user, and logs them in if it matches
      • Server PASS, combined with USER, NICK, or a "username:password" password
      • SASL fallback target (used when services server is not linked)
      • SSL fingerprint
      • (planned) /IDENTIFY <username> <password>
    • DB entry for authcache contains "hashtype value tag"; fingerprint is just raw fingerprint. If tag is not specified, value is used as the tag.
    • Example DB entries:
      • ACCOUNT phil SET 12345 authcache :hmac-sha256 Kf98aJi9$D+uryGhrOiML31fqLNdGERvA6Mk1LVucoUtUw5K9IGg pw789
      • ACCOUNT rob SET 12345 authcache :posix $1$kupqdv$TZqDU.gh6qomB6f9bixI71
      • ACCOUNT phil ADDM 12346 fingerprint :e098f04187db2ad332294640a16d2576
      • ACCOUNT phil ADDM 12347 fingerprint :d14ffd41334ec4b4b3f2c0d55c38be6f
    • When the user 137AAAAAB logs in with phil/test, "METADATA 137AAAAAB :phil pw789" will be sent
    • When the user 137AAAAAC logs in with rob/test, "METADATA 137AAAAAB :phil $1$kupqdv$TZqDU.gh6qomB6f9bixI71" will be sent
    • If phil logs in with client cert, "METADATA 137AAAAAB account :phil d14ffd41334ec4b4b3f2c0d55c38be6f" will be sent
  • m_account_modes
    • Implement user/channel +R, +M
  • m_hash_posix - implements the posix hash type, which is the one used by /etc/shadow and atheme
  • m_sqlauth can log people in to their account
  • m_account_nicks
    • Restricts a nick to an account, similar to Q:line.
    • ACCOUNT phil ADDM 12347 nick :phil
    • ACCOUNT phil ADDM 12348 nick :phil-away
    • Catch /NICK <user> <password> to log in, force-UID the occupant, and change nicks
    • If multiple accounts try to reserve a nick, most recent timestamp wins.
  • m_account_vhost
    • Sets a vhost when you log in
    • ACCOUNT SET phil vhost phil.is.cool
  • Other user state persistence - SILENCE, WATCH, channel join list
  • m_ghost - BNC-style replacement of ghosts. Ties to m_account_nicks
    • User command /GHOST <nick> [<password>]
      • Password, if specified, will ask authcache to identify to the nick's account
    • Only works if the source and target are both signed in to the same account
    • May also copy user state such as modes, SILENCE, WATCH, ACCEPT
    • Example:
      • bob is the existing user (197AAAAAB), signed in as bob, sitting in #foo,@#bar
      • User 197AAAAAC connects and sends /GHOST bob password
      • User 197AAAAAC sees themselves change nick to "bob", join #foo,@#bar
      • User 197AAAAAB sees themselves change nick to 197AAAAAB and part all channels. They also get a server notice explaining that they were ghosted
      • Other users in the channel see a quit-join-mode if enabled, otherwise nothing
      • Channel history replay possible, similar to +H. Should prevent seeing anything older than when the ghosted user joined.
  • Allow LDAP to set account information