ircu api - privileges

Access control becomes more of a problem as you have more and more users that need to access certain features. As it stands, ircu has only 3 access levels: ordinary user, local operator, and global operator. This is hardly enough control, especially over some of the more advanced and powerful features, such as G-lines.

Since u2.10.11, ircu includes the concept of privileges. Privileges are basically an arbitrarily long bit string. Access to particular features is governed by the value of a particular bit of that bit string--in other words, privileges are a form of Access Control List. This document covers the basic structures and macros used by the privileges system.

struct Privs;

The Privs structure stores a privileges bit string and represents a user's entire privilege set. This is implemented as a structure, rather than as an array of integers, in order to leverage C's structure copy.

void PrivSet(struct Privs pset, int priv);

This macro sets the privilege specified by _priv_ in the privileges structure. This macro evaluates the _priv_ argument twice.

void PrivClr(struct Privs pset, int priv);

This macro clears the privilege specified by _priv_ in the privileges structure. This macro evaluates the _priv_ argument twice.

int PrivHas(struct Privs pset, int priv);

This macro tests whether the privilege specified by _priv_ is set in the privileges structure, returning non-zero if it is. This macro evaluates the _priv_ argument twice.

void GrantPriv(struct Client* cli, int priv);

This macro grants a particular client, specified by _cli_, the privilege specified by _priv_. This macro evaluates the _priv_ argument twice.

void RevokePriv(struct Client* cli, int priv);

This macro revokes the privilege specified by _priv_ from the client. This macro evaluates the _priv_ argument twice.

int HasPriv(struct Client* cli, int priv);

This macro tests whether the client specified by _cli_ has the privilege specified by _priv_, returning non-zero if so. This macro evaluates the _priv_ argument twice.

void client_set_privs(struct Client* client);

The ircu configuration file does not yet support privileges. This function thus sets the appropriate privileges for an operator, based upon various feature settings. It should be called whenever there is a change in a user's IRC operator status.

int client_report_privs(struct Client *to, struct Client *client);

This function sends the client specified by _to_ a list of the privileges that another client has. It returns a value of 0 for the convenience of other functions that must return an integer value.

Kev 

[2001-6-15 Kev] Initial documentation of the privileges system.