Skip to content

User permissions

Jump to bottom
JR edited this page Oct 27, 2022 · 2 revisions

When a user tries to evoke any bot response, such as with a chat command, normally the bot queries the server for what services account the user is logged onto. Logging onto these is generally done when connecting. This account name is then compared with first the list of administrators in the main kameloso.conf file, and then the relevant sections of the users.json, to determine what permissions class the user belongs to. These are:

  • admin, or administrators of the bot (program-wide, channel-independent)
  • staff, or the owners of a channel
  • operator, or the moderators of a channel, not necessarily those with +o operator privileges
  • elevated, or elevated normal users of a channel; known-good users
  • whitelist, or slightly-above-average normal users of a channel, but not as privileged as elevated
  • anyone, or any user without any special privileges
  • blacklist, or users specifically banned from using the bot (conditions apply)

Many servers don't offer services though, leaving the bot unable to uniquely identify one user with one nickname from another who simply renamed to that nickname (spoofing).

Hostmasks; on servers without services (e.g. no NickServ)

Historically, before services, identification was done by examining the ident and the address the user is connecting from. To spoof the nickname of someone whose address was known and recorded, you would then have to be connecting from the same IP, which is a lot more difficult than a simple rename.

The bot supports such alternative ident/host (hostmask) identification, and it is toggled by enabling preferHostmasks under [Core]. You can then map hostmasks to what the bot will treat as accounts, such as if they had been queried from the server's services.

One account may have any number of hostmasks. Globs work, like 192.168.*. All addresses are compared as strings, so IPv6 addresses that can be shortened must appear as the server reports them.

The file with these definitions is the aptly-named hostmasks.json, but you can also hot-add hostmasks with the !hostmask command of the Admin plugin.

Example hostmasks.json 

{
    "kameloso*!~kameloso@2001:41d0:*": "kameloso",
    "ray*!*@123.123.*": "ray",
    "steve*!~bim@132.132.132.132": "steve",
    "steve*!~bim@192.168.*": "steve",
}
Clone this wiki locally