* Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
*/
+#include "base64.h"
#include "chanserv.h"
#include "conf.h"
#include "config.h"
#define KEY_TITLEHOST_SUFFIX "titlehost_suffix"
#define KEY_AUTO_OPER "auto_oper"
#define KEY_AUTO_ADMIN "auto_admin"
+#define KEY_AUTO_OPER_PRIVS "auto_oper_privs"
+#define KEY_AUTO_ADMIN_PRIVS "auto_admin_privs"
#define KEY_FLAG_LEVELS "flag_levels"
#define KEY_HANDLE_EXPIRE_FREQ "handle_expire_freq"
#define KEY_ACCOUNT_EXPIRE_FREQ "account_expire_freq"
#define KEY_HANDLE_EXPIRE_DELAY "handle_expire_delay"
+#define KEY_NICK_EXPIRE_FREQ "nick_expire_freq"
+#define KEY_NICK_EXPIRE_DELAY "nick_expire_delay"
#define KEY_ACCOUNT_EXPIRE_DELAY "account_expire_delay"
#define KEY_NOCHAN_HANDLE_EXPIRE_DELAY "nochan_handle_expire_delay"
#define KEY_NOCHAN_ACCOUNT_EXPIRE_DELAY "nochan_account_expire_delay"
#define KEY_COOKIE_TIMEOUT "cookie_timeout"
#define KEY_ACCOUNTS_PER_EMAIL "accounts_per_email"
#define KEY_EMAIL_SEARCH_LEVEL "email_search_level"
+#define KEY_DEFAULT_STYLE "default_style"
#define KEY_OUNREGISTER_INACTIVE "ounregister_inactive"
#define KEY_OUNREGISTER_FLAGS "ounregister_flags"
-#define KEY_DEFAULT_STYLE "default_style"
#define KEY_ID "id"
#define KEY_PASSWD "passwd"
#define KEY_NICKS "nicks"
+#define KEY_NICKS_EX "nicks_ex"
#define KEY_MASKS "masks"
+#define KEY_SSLFPS "sslfps"
#define KEY_IGNORES "ignores"
#define KEY_OPSERV_LEVEL "opserv_level"
#define KEY_FLAGS "flags"
#define KEY_ALLOWAUTH "allowauth"
#define KEY_EPITHET "epithet"
#define KEY_TABLE_WIDTH "table_width"
+#define KEY_ANNOUNCEMENTS "announcements"
#define KEY_MAXLOGINS "maxlogins"
#define KEY_FAKEHOST "fakehost"
-#define KEY_NOTES "notes"
-#define KEY_NOTE_EXPIRES "expires"
-#define KEY_NOTE_SET "set"
-#define KEY_NOTE_SETTER "setter"
#define KEY_NOTE_NOTE "note"
+#define KEY_NOTE_SETTER "setter"
+#define KEY_NOTE_DATE "date"
#define KEY_KARMA "karma"
#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase"
#define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account"
#define KEY_LDAP_FIELD_PASSWORD "ldap_field_password"
#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
+#define KEY_LDAP_FIELD_OSLEVEL "ldap_field_oslevel"
#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
#define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
#define NICKSERV_FUNC(NAME) MODCMD_FUNC(NAME)
-#define OPTION_FUNC(NAME) int NAME(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[])
+#define OPTION_FUNC(NAME) int NAME(UNUSED_ARG(struct svccmd *cmd), struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), int noreply, unsigned int argc, char *argv[])
typedef OPTION_FUNC(option_func_t);
-DEFINE_LIST(handle_info_list, struct handle_info*);
+DEFINE_LIST(handle_info_list, struct handle_info*)
#define NICKSERV_MIN_PARMS(N) do { \
if (argc < N) { \
static struct module *nickserv_module;
static struct service *nickserv_service;
static struct log_type *NS_LOG;
-static dict_t nickserv_handle_dict; /* contains struct handle_info* */
+dict_t nickserv_handle_dict; /* contains struct handle_info* */
static dict_t nickserv_id_dict; /* contains struct handle_info* */
static dict_t nickserv_nick_dict; /* contains struct nick_info* */
static dict_t nickserv_opt_dict; /* contains option_func_t* */
{ "NSMSG_NICK_NOT_REGISTERED", "Nick $b%s$b has not been registered to any account." },
{ "NSMSG_HANDLE_NOT_FOUND", "Could not find your account -- did you register yet?" },
{ "NSMSG_ALREADY_AUTHED", "You are already authed to account $b%s$b; you must reconnect to auth to a different account." },
- { "NSMSG_USE_AUTHCOOKIE", "Your hostmask is not valid for account $b%1$s$b. Please use the $bauthcookie$b command to grant yourself access. (/msg $S authcookie %1$s)" },
+ { "NSMSG_USE_AUTHCOOKIE", "Your hostmask is not valid for account $b%1$s$b. Please use the $bauthcookie$b command to grant yourself access. (/msg $N authcookie %1$s)" },
{ "NSMSG_HOSTMASK_INVALID", "Your hostmask is not valid for account $b%s$b." },
{ "NSMSG_USER_IS_SERVICE", "$b%s$b is a network service; you can only use that command on real users." },
{ "NSMSG_USER_PREV_AUTH", "$b%s$b is already authenticated." },
{ "NSMSG_HANDLEINFO_REGGED", "Registered on: %s" },
{ "NSMSG_HANDLEINFO_LASTSEEN", "Last seen: %s" },
{ "NSMSG_HANDLEINFO_LASTSEEN_NOW", "Last seen: Right now!" },
- { "NSMSG_HANDLEINFO_KARMA", " Karma: %d" },
+ { "NSMSG_HANDLEINFO_KARMA", "Karma: %d" },
{ "NSMSG_HANDLEINFO_VACATION", "On vacation." },
{ "NSMSG_HANDLEINFO_EMAIL_ADDR", "Email address: %s" },
{ "NSMSG_HANDLEINFO_COOKIE_ACTIVATION", "Cookie: There is currently an activation cookie issued for this account" },
{ "NSMSG_HANDLEINFO_COOKIE_EMAIL", "Cookie: There is currently an email change cookie issued for this account" },
{ "NSMSG_HANDLEINFO_COOKIE_ALLOWAUTH", "Cookie: There is currently an allowauth cookie issued for this account" },
{ "NSMSG_HANDLEINFO_COOKIE_UNKNOWN", "Cookie: There is currently an unknown cookie issued for this account" },
+ { "NSMSG_HANDLEINFO_COOKIE_EMAIL_DATA", "Cookie: New email address: %s" },
{ "NSMSG_HANDLEINFO_INFOLINE", "Infoline: %s" },
{ "NSMSG_HANDLEINFO_FLAGS", "Flags: %s" },
+ { "NSMSG_HANDLEINFO_OPSERV_LEVEL", "Opserv level: %d " },
{ "NSMSG_HANDLEINFO_EPITHET", "Epithet: %s" },
+ { "NSMSG_HANDLEINFO_NOTE", "Note (by %s on %s): %s " },
{ "NSMSG_HANDLEINFO_FAKEHOST", "Fake host: %s" },
+ { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." },
+ { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" },
{ "NSMSG_HANDLEINFO_LAST_HOST", "Last quit hostmask: %s" },
{ "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" },
- { "NSMSG_HANDLEINFO_NO_NOTES", " Notes: None" },
- { "NSMSG_HANDLEINFO_NOTE_EXPIRES", " Note %d (%s ago by %s, expires %s): %s" },
- { "NSMSG_HANDLEINFO_NOTE", " Note %d (%s ago by %s): %s" },
{ "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" },
{ "NSMSG_HANDLEINFO_MASKS", "Hostmask(s): %s" },
+ { "NSMSG_HANDLEINFO_SSLFPS", "Client Certificate Fingerprints(s): %s" },
{ "NSMSG_HANDLEINFO_IGNORES", "Ignore(s): %s" },
{ "NSMSG_HANDLEINFO_CHANNELS", "Channel(s): %s" },
{ "NSMSG_HANDLEINFO_CURRENT", "Current nickname(s): %s" },
{ "NSMSG_HANDLEINFO_DNR", "Do-not-register (by %s): %s" },
{ "NSMSG_USERINFO_AUTHED_AS", "$b%s$b is authenticated to account $b%s$b." },
{ "NSMSG_USERINFO_NOT_AUTHED", "$b%s$b is not authenticated to any account." },
- { "NSMSG_NICKINFO_OWNER", "Nick $b%s$b is owned by account $b%s$b." },
- { "NSMSG_NOTE_EXPIRES", "Note %d (%s ago by %s, expires %s): %s" },
- { "NSMSG_NOTE", "Note %d (%s ago by %s): %s" },
- { "NSMSG_NOTE_COUNT", "%u note(s) for %s." },
+ { "NSMSG_NICKINFO_ON", "$bNick Information for %s$b" },
+ { "NSMSG_NICKINFO_END", "----------End of Nick Info-----------" },
+ { "NSMSG_NICKINFO_REGGED", "Registered on: %s" },
+ { "NSMSG_NICKINFO_LASTSEEN", "Last seen: %s" },
+ { "NSMSG_NICKINFO_LASTSEEN_NOW", "Last seen: Right now!" },
+ { "NSMSG_NICKINFO_OWNER", "Account: %s." },
{ "NSMSG_PASSWORD_INVALID", "Incorrect password; please try again." },
{ "NSMSG_PLEASE_SET_EMAIL", "We now require email addresses for users. Please use the $bset email$b command to set your email address!" },
{ "NSMSG_WEAK_PASSWORD", "WARNING: You are using a password that is considered weak (easy to guess). It is STRONGLY recommended you change it (now, if not sooner) by typing \"/msg $S@$s PASS oldpass newpass\" (with your current password and a new password)." },
{ "NSMSG_ADDMASK_SUCCESS", "Hostmask %s added." },
{ "NSMSG_ADDIGNORE_ALREADY", "$b%s$b is already an ignored hostmask in your account." },
{ "NSMSG_ADDIGNORE_SUCCESS", "Hostmask %s added." },
+ { "NSMSG_ADDSSLFP_ALREADY", "$b%s$b is already a client certificate fingerprint in your account." },
+ { "NSMSG_ADDSSLFP_SUCCESS", "Client certificate fingerprint %s added." },
{ "NSMSG_DELMASK_NOTLAST", "You may not delete your last hostmask." },
{ "NSMSG_DELMASK_SUCCESS", "Hostmask %s deleted." },
{ "NSMSG_DELMASK_NOT_FOUND", "Unable to find mask to be deleted." },
+ { "NSMSG_DELSSLFP_SUCCESS", "Client certificate fingerprint %s deleted." },
+ { "NSMSG_DELSSLFP_NOT_FOUND", "Unable to find client certificate fingerprint to be deleted." },
{ "NSMSG_OPSERV_LEVEL_BAD", "You may not promote another oper above your level." },
{ "NSMSG_USE_CMD_PASS", "Please use the PASS command to change your password." },
{ "NSMSG_UNKNOWN_NICK", "I know nothing about nick $b%s$b." },
{ "NSMSG_CANNOT_GHOST_USER", "$b%s$b is not authed to your account; you may not ghost-kill them." },
{ "NSMSG_GHOST_KILLED", "$b%s$b has been killed as a ghost." },
{ "NSMSG_ON_VACATION", "You are now on vacation. Your account will be preserved until you authenticate again." },
- { "NSMSG_EXCESSIVE_DURATION", "$b%s$b is too long for this command." },
- { "NSMSG_NOTE_ADDED", "Note $b%d$b added to $b%s$b." },
- { "NSMSG_NOTE_REMOVED", "Note $b%d$b removed from $b%s$b." },
- { "NSMSG_NO_SUCH_NOTE", "Account $b%s$b does not have a note with ID $b%d$b." },
{ "NSMSG_NO_ACCESS", "Access denied." },
{ "NSMSG_INVALID_FLAG", "$b%c$b is not a valid $N account flag." },
{ "NSMSG_SET_FLAG", "Applied flags $b%s$b to %s's $N account." },
{ "NSMSG_CANNOT_MERGE_SELF", "You cannot merge account $b%s$b with itself." },
{ "NSMSG_HANDLES_MERGED", "Merged account $b%s$b into $b%s$b." },
{ "NSMSG_RECLAIM_WARN", "%s is a registered nick - you must auth to account %s or change your nick." },
+ { "NSMSG_RECLAIM_HOWTO", "To auth to account %s you must use /msg %s@%s AUTH %s <password>" },
{ "NSMSG_RECLAIM_KILL", "Unauthenticated user of nick." },
{ "NSMSG_RECLAIMED_NONE", "You cannot manually reclaim a nick." },
{ "NSMSG_RECLAIMED_WARN", "Sent a request for %s to change their nick." },
{ "NSMSG_SETTING_LIST_HEADER", "----------------------------------------" },
{ "NSMSG_SETTING_LIST_END", "-------------End Of Settings------------" },
{ "NSMSG_INVALID_OPTION", "$b%s$b is an invalid account setting." },
+ { "NSMSG_INVALID_ANNOUNCE", "$b%s$b is an invalid announcements value." },
{ "NSMSG_SET_INFO", "$bINFO: $b%s" },
{ "NSMSG_SET_WIDTH", "$bWIDTH: $b%d" },
{ "NSMSG_SET_TABLEWIDTH", "$bTABLEWIDTH: $b%d" },
{ "NSMSG_SET_COLOR", "$bCOLOR: $b%s" },
{ "NSMSG_SET_PRIVMSG", "$bPRIVMSG: $b%s" },
{ "NSMSG_SET_STYLE", "$bSTYLE: $b%s" },
+ { "NSMSG_SET_ANNOUNCEMENTS", "$bANNOUNCEMENTS: $b%s" },
{ "NSMSG_SET_AUTOHIDE", "$bAUTOHIDE: $b%s" },
{ "NSMSG_SET_PASSWORD", "$bPASSWORD: $b%s" },
{ "NSMSG_SET_FLAGS", "$bFLAGS: $b%s" },
{ "NSMSG_SET_EMAIL", "$bEMAIL: $b%s" },
{ "NSMSG_SET_MAXLOGINS", "$bMAXLOGINS: $b%d" },
- { "NSMSG_SET_ADVANCED", "$bADVANCED: $b%s" },
+ { "NSMSG_SET_ADVANCED", "$bADVANCED: $b%s" },
{ "NSMSG_SET_LANGUAGE", "$bLANGUAGE: $b%s" },
{ "NSMSG_SET_LEVEL", "$bLEVEL: $b%d" },
{ "NSMSG_SET_EPITHET", "$bEPITHET: $b%s" },
+ { "NSMSG_SET_NOTE", "$bNOTE: $b%s"},
{ "NSMSG_SET_TITLE", "$bTITLE: $b%s" },
- { "NSMSG_SET_FAKEHOST", "$bFAKEHOST: $b%s" },
- { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" },
-
- { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." },
+ { "NSMSG_SET_FAKEHOST", "$bFAKEHOST: $b%s" },
{ "NSMSG_AUTO_OPER", "You have been auto-opered" },
{ "NSMSG_AUTO_OPER_ADMIN", "You have been auto-admined" },
{ "NSMSG_NOT_VALID_FAKEHOST_REGEX", "$b%s$b is not allowed by the admin, consult the valid vhost regex pattern in the config file under nickserv/valid_fakehost_regex." },
{ "CHECKPASS_YES", "Yes." },
{ "CHECKPASS_NO", "No." },
+ { "CHECKEMAIL_NOT_SET", "No email set." },
+ { "CHECKEMAIL_YES", "Yes." },
+ { "CHECKEMAIL_NO", "No." },
{ "NSMSG_DEFCON_NO_NEW_NICKS", "You cannot register new %s at this time, please try again soon" },
{ NULL, NULL }
};
static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action);
static void nickserv_reclaim_p(void *data);
-static int nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask);
+static int nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask);
struct nickserv_config nickserv_conf;
/* We have 2^32 unique account IDs to use. */
unsigned long int highest_id = 0;
-#define WALK_NOTES(HANDLE, PREV, NOTE) \
- for (PREV = NULL, NOTE = (HANDLE)->notes; NOTE != NULL; PREV = NOTE, NOTE = NOTE->next) \
- if (NOTE->expires && NOTE->expires < now) { \
- if (PREV) PREV->next = NOTE->next; else (HANDLE)->notes = NOTE->next; \
- free(NOTE); \
- if (!(NOTE = PREV ? PREV : (HANDLE)->notes)) break; \
- } else
-
static char *
canonicalize_hostmask(char *mask)
{
return mask;
}
+static struct handle_note *
+nickserv_add_note(const char *setter, time_t date, const char *text)
+{
+ struct handle_note *note = calloc(1, sizeof(*note) + strlen(text));
+
+ strncpy(note->setter, setter, sizeof(note->setter)-1);
+ note->date = date;
+ memcpy(note->note, text, strlen(text));
+ return note;
+}
+
static struct handle_info *
register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long id))
{
hi = calloc(1, sizeof(*hi));
hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE;
+ hi->announcements = '?';
hi->handle = strdup(handle);
safestrncpy(hi->passwd, passwd, sizeof(hi->passwd));
hi->infoline = NULL;
struct nick_info *ni;
ni = malloc(sizeof(struct nick_info));
safestrncpy(ni->nick, nick, sizeof(ni->nick));
+ ni->registered = now;
+ ni->lastseen = now;
ni->owner = owner;
ni->next = owner->nicks;
owner->nicks = ni;
}
static unreg_func_t *unreg_func_list;
+static void **unreg_func_list_extra;
static unsigned int unreg_func_size = 0, unreg_func_used = 0;
void
-reg_unreg_func(unreg_func_t func)
+reg_unreg_func(unreg_func_t func, void *extra)
{
if (unreg_func_used == unreg_func_size) {
if (unreg_func_size) {
unreg_func_size <<= 1;
unreg_func_list = realloc(unreg_func_list, unreg_func_size*sizeof(unreg_func_t));
+ unreg_func_list_extra = realloc(unreg_func_list_extra, unreg_func_size*sizeof(void*));
} else {
unreg_func_size = 8;
unreg_func_list = malloc(unreg_func_size*sizeof(unreg_func_t));
+ unreg_func_list_extra = malloc(unreg_func_size*sizeof(void*));
}
}
- unreg_func_list[unreg_func_used++] = func;
+ unreg_func_list[unreg_func_used] = func;
+ unreg_func_list_extra[unreg_func_used++] = extra;
}
static void
struct handle_info *hi = vhi;
free_string_list(hi->masks);
+ free_string_list(hi->sslfps);
free_string_list(hi->ignores);
assert(!hi->users);
delete_nick(hi->nicks);
free(hi->infoline);
free(hi->epithet);
+ free(hi->note);
free(hi->fakehost);
if (hi->cookie) {
timeq_del(hi->cookie->expires, nickserv_free_cookie, hi->cookie, 0);
nickserv_free_cookie(hi->cookie);
}
- while (hi->notes) {
- struct handle_note *note = hi->notes;
- hi->notes = note->next;
- free(note);
- }
if (hi->email_addr) {
struct handle_info_list *hil = dict_find(nickserv_email_dict, hi->email_addr, NULL);
handle_info_list_remove(hil, hi);
}
#endif
for (n=0; n<unreg_func_used; n++)
- unreg_func_list[n](notify, hi);
+ unreg_func_list[n](notify, hi, unreg_func_list_extra[n]);
while (hi->users) {
if (nickserv_conf.sync_log) {
uNode = GetUserH(hi->users->nick);
}
int
-oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) {
+oper_outranks(struct userNode *user, struct handle_info *hi) {
if (user->handle_info->opserv_level > hi->opserv_level)
return 1;
if (user->handle_info->opserv_level == hi->opserv_level) {
return 1;
}
}
- reply("MSG_USER_OUTRANKED", hi->handle);
+ send_message(user, nickserv, "MSG_USER_OUTRANKED", hi->handle);
return 0;
}
struct handle_info *
-get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target)
+get_victim_oper(struct userNode *user, const char *target)
{
struct handle_info *hi;
if (!(hi = smart_get_handle_info(nickserv, user, target)))
send_message(user, nickserv, "MSG_OPER_SUSPENDED");
return 0;
}
- return oper_outranks(cmd, user, hi) ? hi : NULL;
+ return oper_outranks(user, hi) ? hi : NULL;
}
static int
return 1;
/* If any hostmask matches, allow it. */
for (ii=0; ii<hi->masks->used; ii++)
- if (user_matches_glob(user, hi->masks->list[ii], 0))
+ if (user_matches_glob(user, hi->masks->list[ii], 0, 0))
return 1;
/* If they are allowauthed to this account, allow it (removing the aa). */
if (dict_find(nickserv_allow_auth_dict, user->nick, NULL) == hi) {
return 0;
}
+static int
+valid_user_sslfp(struct userNode *user, struct handle_info *hi)
+{
+ unsigned int ii;
+
+ if (!hi->sslfps->used)
+ return 0;
+ if (!(user->sslfp))
+ return 0;
+
+ /* If any SSL fingerprint matches, allow it. */
+ for (ii=0; ii<hi->sslfps->used; ii++)
+ if (!irccasecmp(user->sslfp, hi->sslfps->list[ii]))
+ return 1;
+
+ /* No valid SSL fingerprint found. */
+ return 0;
+}
+
static int
is_secure_password(const char *handle, const char *pass, struct userNode *user)
{
}
static auth_func_t *auth_func_list;
+static void **auth_func_list_extra;
static unsigned int auth_func_size = 0, auth_func_used = 0;
void
-reg_auth_func(auth_func_t func)
+reg_auth_func(auth_func_t func, void *extra)
{
if (auth_func_used == auth_func_size) {
if (auth_func_size) {
auth_func_size <<= 1;
auth_func_list = realloc(auth_func_list, auth_func_size*sizeof(auth_func_t));
+ auth_func_list_extra = realloc(auth_func_list_extra, auth_func_size*sizeof(void*));
} else {
auth_func_size = 8;
auth_func_list = malloc(auth_func_size*sizeof(auth_func_t));
+ auth_func_list_extra = malloc(auth_func_size*sizeof(void*));
}
}
- auth_func_list[auth_func_used++] = func;
+ auth_func_list[auth_func_used] = func;
+ auth_func_list_extra[auth_func_used++] = extra;
}
static handle_rename_func_t *rf_list;
+static void **rf_list_extra;
static unsigned int rf_list_size, rf_list_used;
void
-reg_handle_rename_func(handle_rename_func_t func)
+reg_handle_rename_func(handle_rename_func_t func, void *extra)
{
if (rf_list_used == rf_list_size) {
if (rf_list_size) {
rf_list_size <<= 1;
rf_list = realloc(rf_list, rf_list_size*sizeof(rf_list[0]));
+ rf_list_extra = realloc(rf_list_extra, rf_list_size*sizeof(void*));
} else {
rf_list_size = 8;
rf_list = malloc(rf_list_size*sizeof(rf_list[0]));
+ rf_list_extra = malloc(rf_list_size*sizeof(void*));
}
}
- rf_list[rf_list_used++] = func;
+ rf_list[rf_list_used] = func;
+ rf_list_extra[rf_list_used++] = extra;
}
static char *
if (data)
style = atoi(data);
- if (style == 1)
+ if ((style == 1) || (style == 3))
snprintf(buffer, sizeof(buffer), "%s.%s", handle->handle, hidden_host_suffix);
else if (style == 2) {
/* Due to the way fakehost is coded theres no way i can
for (target = handle->users; target; target = target->next_authed)
break;
- snprintf(buffer, sizeof(buffer), "%s", target->crypthost);
+ if (target)
+ snprintf(buffer, sizeof(buffer), "%s", target->crypthost);
+ else
+ strncpy(buffer, "none", sizeof(buffer));
}
return buffer;
} else if (handle->fakehost[0] == '.') {
old_info = user->handle_info;
for (n=0; n<auth_func_used; n++)
- auth_func_list[n](user, old_info);
+ auth_func_list[n](user, old_info, auth_func_list_extra[n]);
}
static void
if (user->handle_info) {
struct userNode *other;
+ struct nick_info* ni;
if (IsHelper(user))
userList_remove(&curr_helpers, user);
/* remove from next_authed linked list */
if (user->handle_info->users == user) {
user->handle_info->users = user->next_authed;
- } else {
+ } else if (user->handle_info->users != NULL) {
for (other = user->handle_info->users;
other->next_authed != user;
other = other->next_authed) ;
other->next_authed = user->next_authed;
+ } else {
+ /* No users authed to the account - can happen if they get
+ * killed for authing. */
}
/* if nobody left on old handle, and they're not an oper, remove !god */
if (!user->handle_info->users && !user->handle_info->opserv_level)
HANDLE_CLEAR_FLAG(user->handle_info, HELPING);
/* record them as being last seen at this time */
user->handle_info->lastseen = now;
+ if ((ni = get_nick_info(user->nick)))
+ ni->lastseen = now;
/* and record their hostmask */
snprintf(user->handle_info->last_quit_host, sizeof(user->handle_info->last_quit_host), "%s@%s", user->ident, user->hostname);
}
hi->users = user;
hi->lastseen = now;
/* Add to helpers list */
- if (IsHelper(user))
+ if (IsHelper(user) && !userList_contains(&curr_helpers, user))
userList_append(&curr_helpers, user);
/* Set the fakehost */
* account as registered nicks
* - Why not just this one? -rubin */
if (!nickserv_conf.disable_nicks) {
- struct nick_info *ni;
- for (ni = hi->nicks; ni; ni = ni->next) {
- if (!irccasecmp(user->nick, ni->nick)) {
+ struct nick_info *ni2;
+ for (ni2 = hi->nicks; ni2; ni2 = ni2->next) {
+ if (!irccasecmp(user->nick, ni2->nick)) {
user->modes |= FLAGS_REGNICK;
break;
}
}
/* Stop trying to kick this user off their nick */
- if ((ni = get_nick_info(user->nick)) && (ni->owner == hi))
+ if ((ni = get_nick_info(user->nick)) && (ni->owner == hi)) {
timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN);
+ ni->lastseen = now;
+ }
} else {
/* We cannot clear the user's account ID, unfortunately. */
user->next_authed = NULL;
/* Call auth handlers */
if (GetUserH(user->nick)) {
- for (n=0; n<auth_func_used; n++)
- auth_func_list[n](user, old_info);
+ for (n=0; n<auth_func_used; n++) {
+ auth_func_list[n](user, old_info, auth_func_list_extra[n]);
+ if (user->dead)
+ return;
+ }
}
}
{
struct handle_info *hi;
struct nick_info *ni;
- char crypted[MD5_CRYPT_LENGTH];
+ char crypted[MD5_CRYPT_LENGTH] = "";
if ((hi = dict_find(nickserv_handle_dict, handle, NULL))) {
if(user)
return 0;
}
- if(strlen(handle) > 15)
+ if(strlen(handle) > 30)
{
if(user)
- send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15);
+ send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30);
return 0;
}
- if (!is_secure_password(handle, passwd, user))
- return 0;
+ if (passwd)
+ {
+ if (!is_secure_password(handle, passwd, user))
+ return 0;
- cryptpass(passwd, crypted);
+ cryptpass(passwd, crypted);
+ }
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- rc = ldap_do_add(handle, crypted, NULL);
+ rc = ldap_do_add(handle, (no_auth || !passwd ? NULL : crypted), NULL);
if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) {
if(user)
send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
#endif
hi = register_handle(handle, crypted, 0);
hi->masks = alloc_string_list(1);
+ hi->sslfps = alloc_string_list(1);
hi->ignores = alloc_string_list(1);
hi->users = NULL;
hi->language = lang_C;
send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS");
}
}
- else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) {
+ else if (user && (ni = dict_find(nickserv_nick_dict, user->nick, NULL))) {
if(user) {
send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER");
}
}
else {
if(user) {
- register_nick(user->nick, hi);
- send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ if (is_registerable_nick(user->nick)) {
+ register_nick(user->nick, hi);
+ send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ }
+ }
+ else {
+ if (is_registerable_nick(handle)) {
+ register_nick(handle, hi);
+ }
}
}
if (settee && (user != settee)) {
else
fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle);
+ first_time = 0;
break;
case EMAIL_CHANGE:
misc = hi->email_addr;
mail_send(nickserv, hi, subject, body, 1);
fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr);
+ first_time = 1;
} else {
#endif
send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1");
pass = argv[2];
if(nickserv_conf.force_handles_lowercase)
irc_strtolower(account);
+ if (!is_valid_handle(argv[1])) {
+ reply("NSMSG_BAD_HANDLE", argv[1]);
+ return 0;
+ }
if (nickserv_conf.email_required) {
- NICKSERV_MIN_PARMS(4);
+ NICKSERV_MIN_PARMS(3);
email = argv[3];
- if (argc >= 5) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */
- if (strchr(argv[4], '@') || argc >= 6) /* If @, its mask not nick */
+ if (argc > 4) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */
+ if (strchr(argv[4], '@'))
mask = argv[4];
else
nick = argv[4];
}
}
else {
- if (argc >= 4) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */
- if (strchr(argv[3], '@') || argc >= 5) /* If @, its mask not nick */
+ if (argc > 3) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */
+ if (strchr(argv[3], '@'))
mask = argv[3];
else
nick = argv[3];
}
if (mask) {
char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
- string_list_append(hi->masks, mask_canonicalized);
+ if (mask_canonicalized)
+ string_list_append(hi->masks, mask_canonicalized);
}
+ argv[2] = "****";
+
if (nickserv_conf.sync_log)
SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info); /* Send just @ for email if none */
return 1;
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
return nickserv_ignore(cmd, user, hi, argv[2]);
{
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
return nickserv_delignore(cmd, user, hi, argv[2]);
}
struct do_not_register *dnr;
if ((dnr = chanserv_is_dnr(NULL, hi)))
reply("NSMSG_HANDLEINFO_DNR", dnr->setter, dnr->reason);
- if ((user->handle_info->opserv_level < 900) && !oper_outranks(cmd, user, hi))
+ if ((user->handle_info->opserv_level < 900) && !oper_outranks(user, hi))
return 1;
} else if (hi != user->handle_info) {
reply("NSMSG_HANDLEINFO_END");
default: type = "NSMSG_HANDLEINFO_COOKIE_UNKNOWN"; break;
}
reply(type);
- }
-
- if (oper_has_access(user, cmd->parent->bot, 0, 1) || IsStaff(user)) {
- if (!hi->notes) {
- reply("NSMSG_HANDLEINFO_NO_NOTES");
- } else {
- struct handle_note *prev, *note;
-
- WALK_NOTES(hi, prev, note) {
- char set_time[INTERVALLEN];
- intervalString(set_time, now - note->set, user->handle_info);
- if (note->expires) {
- char exp_time[INTERVALLEN];
- intervalString(exp_time, note->expires - now, user->handle_info);
- reply("NSMSG_HANDLEINFO_NOTE_EXPIRES", note->id, set_time, note->setter, exp_time, note->note);
- } else {
- reply("NSMSG_HANDLEINFO_NOTE", note->id, set_time, note->setter, note->note);
- }
- }
- }
+ if (IsOper(user) && (hi->cookie->type == EMAIL_CHANGE))
+ reply("NSMSG_HANDLEINFO_COOKIE_EMAIL_DATA", hi->cookie->data);
}
if (hi->flags) {
reply("NSMSG_HANDLEINFO_FLAGS", nsmsg_none);
}
+ if (hi->opserv_level > 0) {
+ reply("NSMSG_HANDLEINFO_OPSERV_LEVEL", hi->opserv_level);
+ }
+
if (HANDLE_FLAGGED(hi, SUPPORT_HELPER)
|| HANDLE_FLAGGED(hi, NETWORK_HELPER)
|| (hi->opserv_level > 0)) {
reply("NSMSG_HANDLEINFO_EPITHET", (hi->epithet ? hi->epithet : nsmsg_none));
}
+ if (IsHelping(user) || IsOper(user))
+ {
+ if (hi->note)
+ {
+ char date[64];
+ strftime(date, 64, "%b %d %Y", localtime(&hi->note->date));
+ reply("NSMSG_HANDLEINFO_NOTE", hi->note->setter, date, hi->note->note);
+ }
+ }
+
if (hi->fakehost)
reply("NSMSG_HANDLEINFO_FAKEHOST", (hi->fakehost ? hi->fakehost : handle_find_message(hi, "MSG_NONE")));
reply("NSMSG_HANDLEINFO_MASKS", nsmsg_none);
}
+ if (hi->sslfps->used) {
+ for (i=0; i < hi->sslfps->used; i++) {
+ herelen = strlen(hi->sslfps->list[i]);
+ if (pos + herelen + 1 > ArrayLength(buff)) {
+ i--;
+ goto print_sslfp_buff;
+ }
+ memcpy(buff+pos, hi->sslfps->list[i], herelen);
+ pos += herelen; buff[pos++] = ' ';
+ if (i+1 == hi->sslfps->used) {
+ print_sslfp_buff:
+ buff[pos-1] = 0;
+ reply("NSMSG_HANDLEINFO_SSLFPS", buff);
+ pos = 0;
+ }
+ }
+ } else {
+ reply("NSMSG_HANDLEINFO_SSLFPS", nsmsg_none);
+ }
+
if (hi->ignores->used) {
for (i=0; i < hi->ignores->used; i++) {
herelen = strlen(hi->ignores->list[i]);
}
if (hi->channels) {
- struct userData *channel, *next;
+ struct userData *chan, *next;
char *name;
- for (channel = hi->channels; channel; channel = next) {
- next = channel->u_next;
- name = channel->channel->channel->name;
+ for (chan = hi->channels; chan; chan = next) {
+ next = chan->u_next;
+ name = chan->channel->channel->name;
herelen = strlen(name);
if (pos + herelen + 7 > ArrayLength(buff)) {
- next = channel;
+ next = chan;
goto print_chans_buff;
}
- if (IsUserSuspended(channel))
+ if (IsUserSuspended(chan))
buff[pos++] = '-';
- pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(channel->access), name);
+ pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(chan->access), name);
if (next == NULL) {
print_chans_buff:
buff[pos-1] = 0;
}
reply("NSMSG_HANDLEINFO_END");
- return 1;
+ return 1 | ((hi != user->handle_info) ? CMD_LOG_STAFF : 0);
}
static NICKSERV_FUNC(cmd_userinfo)
static NICKSERV_FUNC(cmd_nickinfo)
{
struct nick_info *ni;
+ char buff[400];
NICKSERV_MIN_PARMS(2);
if (!(ni = get_nick_info(argv[1]))) {
reply("MSG_NICK_UNKNOWN", argv[1]);
return 0;
}
- reply("NSMSG_NICKINFO_OWNER", ni->nick, ni->owner->handle);
- return 1;
-}
-static NICKSERV_FUNC(cmd_notes)
-{
- struct handle_info *hi;
- struct handle_note *prev, *note;
- unsigned int hits;
+ reply("NSMSG_NICKINFO_ON", ni->nick);
+ reply("MSG_BAR");
+ reply("NSMSG_NICKINFO_REGGED", ctime(&ni->registered));
- NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
- return 0;
- hits = 0;
- WALK_NOTES(hi, prev, note) {
- char set_time[INTERVALLEN];
- intervalString(set_time, now - note->set, user->handle_info);
- if (note->expires) {
- char exp_time[INTERVALLEN];
- intervalString(exp_time, note->expires - now, user->handle_info);
- reply("NSMSG_NOTE_EXPIRES", note->id, set_time, note->setter, exp_time, note->note);
- } else {
- reply("NSMSG_NOTE", note->id, set_time, note->setter, note->note);
- }
- ++hits;
+ if (!GetUserH(ni->nick)) {
+ intervalString(buff, now - ni->lastseen, user->handle_info);
+ reply("NSMSG_NICKINFO_LASTSEEN", buff);
+ } else {
+ reply("NSMSG_NICKINFO_LASTSEEN_NOW");
}
- reply("NSMSG_NOTE_COUNT", hits, argv[1]);
+
+ reply("NSMSG_NICKINFO_OWNER", ni->owner->handle);
+
+ reply("NSMSG_NICKINFO_END");
+
return 1;
}
NICKSERV_MIN_PARMS(3);
if(nickserv_conf.force_handles_lowercase)
irc_strtolower(argv[2]);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (!is_valid_handle(argv[2])) {
reply("NSMSG_FAIL_RENAME", argv[1], argv[2]);
reply("NSMSG_HANDLE_EXISTS", argv[2]);
return 0;
}
- if(strlen(argv[2]) > 15)
+ if(strlen(argv[2]) > 30)
{
- reply("NMSG_HANDLE_TOLONG", argv[2], 15);
+ reply("NMSG_HANDLE_TOLONG", argv[2], 30);
return 0;
}
#ifdef WITH_LDAP
hi->handle = strdup(argv[2]);
dict_insert(nickserv_handle_dict, hi->handle, hi);
for (nn=0; nn<rf_list_used; nn++)
- rf_list[nn](hi, old_handle);
+ rf_list[nn](hi, old_handle, rf_list_extra[nn]);
if (nickserv_conf.sync_log) {
for (uNode = hi->users; uNode; uNode = uNode->next_authed)
}
static failpw_func_t *failpw_func_list;
+static void **failpw_func_list_extra;
static unsigned int failpw_func_size = 0, failpw_func_used = 0;
void
-reg_failpw_func(failpw_func_t func)
+reg_failpw_func(failpw_func_t func, void *extra)
{
if (failpw_func_used == failpw_func_size) {
if (failpw_func_size) {
failpw_func_size <<= 1;
failpw_func_list = realloc(failpw_func_list, failpw_func_size*sizeof(failpw_func_t));
+ failpw_func_list_extra = realloc(failpw_func_list_extra, failpw_func_size*sizeof(void*));
} else {
failpw_func_size = 8;
failpw_func_list = malloc(failpw_func_size*sizeof(failpw_func_t));
+ failpw_func_list_extra = malloc(failpw_func_size*sizeof(void*));
+ }
+ }
+ failpw_func_list[failpw_func_used] = func;
+ failpw_func_list_extra[failpw_func_used++] = extra;
+}
+
+/*
+ * Return hi for the first handle that has a matching SSL fingerprint.
+ */
+struct handle_info *find_handleinfo_by_sslfp(char *sslfp)
+{
+ dict_iterator_t it;
+ struct handle_info *hi;
+ unsigned int ii = 0;;
+
+ for (it = dict_first(nickserv_handle_dict); it; it = iter_next(it)) {
+ hi = iter_data(it);
+ for (ii=0; ii<hi->sslfps->used; ii++) {
+ if (!irccasecmp(sslfp, hi->sslfps->list[ii])) {
+ return hi;
+ }
}
}
- failpw_func_list[failpw_func_used++] = func;
+
+ return NULL;
}
/*
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost)
{
- int pw_arg, used, maxlogins;
+ int wildmask = 0, auth = 0;
+ int used, maxlogins;
unsigned int ii;
- int wildmask = 0;
- struct handle_info *hi;
+ struct handle_info *hi = NULL;
struct userNode *other;
#ifdef WITH_LDAP
int ldap_result = LDAP_SUCCESS;
char *email = NULL;
-
#endif
-
- hi = dict_find(nickserv_handle_dict, handle, NULL);
- pw_arg = 2;
+
+ if (handle != NULL)
+ hi = dict_find(nickserv_handle_dict, handle, NULL);
+ if (!hi && (sslfp != NULL)) {
+ hi = find_handleinfo_by_sslfp(sslfp);
+ if (!handle && (hi != NULL))
+ handle = hi->handle;
+ }
+
+ /* Ensure handle is valid if not found in internal DB */
+ if (!hi && (!handle || !is_valid_handle(handle)))
+ return 0;
#ifdef WITH_LDAP
- if(nickserv_conf.ldap_enable) {
+ if (nickserv_conf.ldap_enable && (password != NULL)) {
ldap_result = ldap_check_auth(handle, password);
- if(ldap_result != LDAP_SUCCESS) {
- return NULL;
+ if (!hi && (ldap_result != LDAP_SUCCESS))
+ return NULL;
+ if (ldap_result == LDAP_SUCCESS) {
+ /* Mark auth as successful */
+ auth++;
+ }
+
+ if (!hi && (ldap_result == LDAP_SUCCESS) && nickserv_conf.ldap_autocreate) {
+ /* user not found, but authed to ldap successfully..
+ * create the account.
+ */
+ char *mask;
+ int rc;
+
+ /* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
+ if(nickserv_conf.default_hostmask)
+ mask = "*@*";
+ else
+ return NULL; /* They dont have a *@* mask so they can't loc */
+
+ if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) {
+ return 0; /* couldn't add the user for some reason */
+ }
+
+ if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ return 0;
+ }
+ }
+ if(email) {
+ nickserv_set_email_addr(hi, email);
+ free(email);
+ }
+ if(mask) {
+ char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
+ string_list_append(hi->masks, mask_canonicalized);
+ }
+ if(nickserv_conf.sync_log)
+ SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle);
}
- }
-// else
-#else
- if (!hi) {
- return NULL;
- }
-
- if (!checkpass(password, hi->passwd)) {
- return NULL;
}
#endif
-#ifdef WITH_LDAP
- if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
- /* user not found, but authed to ldap successfully..
- * create the account.
- */
- char *mask;
- int rc;
-
- /* Add a *@* mask */
- if(nickserv_conf.default_hostmask)
- mask = "*@*";
- else
- return NULL; /* They dont have a *@* mask so they can't loc */
- if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) {
- return 0; /* couldn't add the user for some reason */
- }
+ /* hi should now be a valid handle, if not return NULL */
+ if (!hi)
+ return NULL;
- if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
- {
- if(nickserv_conf.email_required) {
- return 0;
+#ifdef WITH_LDAP
+ if (password && *password && !nickserv_conf.ldap_enable) {
+#else
+ if (password && *password) {
+#endif
+ if (checkpass(password, hi->passwd))
+ auth++;
+ }
+
+ if (!auth && sslfp && *sslfp && hi->sslfps->used) {
+ /* If any SSL fingerprint matches, allow it. */
+ for (ii=0; ii<hi->sslfps->used; ii++) {
+ if (!irccasecmp(sslfp, hi->sslfps->list[ii])) {
+ auth++;
+ break;
}
- }
- if(email) {
- nickserv_set_email_addr(hi, email);
- free(email);
- }
- if(mask) {
- char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
- string_list_append(hi->masks, mask_canonicalized);
- }
- if(nickserv_conf.sync_log)
- SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle);
+ }
}
-#endif
-
- /* Still no account, so just fail out */
- if (!hi) {
+
+ /* Auth should have succeeded by this point */
+ if (!auth)
return NULL;
- }
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident = NULL;
+ char *realhost = NULL;
+ char *ip = NULL;
+ char *uh;
+ char *ui;
+ char *c;
+ int bracket = 0;
+
+ buf = strdup(userhost);
+
+ ident = buf;
+ for (c = buf; *c; c++) {
+ if ((realhost == NULL) && (*c == '@')) {
+ *c++ = '\0';
+ if (*c == '[') {
+ bracket = 1;
+ *c++ = '\0';
+ }
+ realhost = c;
+ } else if (bracket && (ip == NULL) && (*c == ']')) {
+ bracket = 0;
+ *c = '\0';
+ } else if (!bracket && (ip == NULL) && (*c == ':')) {
+ *c++ = '\0';
+ ip = c;
+ break;
+ }
+ }
+
+ log_module(NS_LOG, LOG_DEBUG, "LOC: ident=%s host=%s ip=%s", ident, realhost, ip);
+
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
return hi;
}
+void nickserv_do_autoauth(struct userNode *user)
+{
+ struct handle_info *hi;
+ struct userNode *other;
+ int used, maxlogins;
+
+ /* Already authed, nothing to do */
+ if (user->handle_info)
+ return;
+
+ /* No client certificate fingerprint, cant auto auth */
+ if (!user->sslfp)
+ return;
+
+ hi = find_handleinfo_by_sslfp(user->sslfp);
+ if (!hi)
+ return;
+
+ /* User doesn't match host masks */
+ if (!valid_user_for(user, hi)) {
+ if (hi->email_addr && nickserv_conf.email_enabled)
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_USE_AUTHCOOKIE"),
+ hi->handle);
+ else
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_HOSTMASK_INVALID"),
+ hi->handle);
+ return;
+ }
+
+ /* Account suspended? */
+ if (HANDLE_FLAGGED(hi, SUSPENDED)) {
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_HANDLE_SUSPENDED"));
+ return;
+ }
+
+ maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins;
+ for (used = 0, other = hi->users; other; other = other->next_authed) {
+ if (++used >= maxlogins) {
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_MAX_LOGINS"),
+ maxlogins);
+ return;
+ }
+ }
+
+ set_user_handle_info(user, hi, 1);
+ if (nickserv_conf.email_required && !hi->email_addr)
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_PLEASE_SET_EMAIL"));
+
+ /* If a channel was waiting for this user to auth,
+ * finish adding them */
+ process_adduser_pending(user);
+
+ send_message_type(4, user, nickserv,
+ handle_find_message(hi, "NSMSG_AUTH_SUCCESS"));
+
+ /* Set +x if autohide is on */
+ if(HANDLE_FLAGGED(hi, AUTOHIDE))
+ irc_umode(user, "+x");
+}
+
static NICKSERV_FUNC(cmd_auth)
{
int pw_arg, used, maxlogins;
+ int sslfpauth = 0;
struct handle_info *hi;
const char *passwd;
+ const char *handle;
struct userNode *other;
#ifdef WITH_LDAP
int ldap_result = LDAP_OTHER;
return 0;
}
if (argc == 3) {
-#ifdef WITH_LDAP
- if(strchr(argv[1], '<') || strchr(argv[1], '>')) {
- reply("NSMSG_NO_ANGLEBRACKETS");
- return 0;
- }
- if (!is_valid_handle(argv[1])) {
- reply("NSMSG_BAD_HANDLE", argv[1]);
- return 0;
- }
-
- if(nickserv_conf.ldap_enable) {
- ldap_result = ldap_check_auth(argv[1], argv[2]);
- /* Get the users email address and update it */
- if(ldap_result == LDAP_SUCCESS) {
- int rc;
- if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS))
- {
- if(nickserv_conf.email_required) {
- reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc));
- return 0;
- }
- }
- }
- else if(ldap_result != LDAP_INVALID_CREDENTIALS) {
- reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result));
- return 0;
- }
- }
-
-#endif
- hi = dict_find(nickserv_handle_dict, argv[1], NULL);
+ passwd = argv[2];
+ handle = argv[1];
pw_arg = 2;
-#ifdef notdef
+ hi = dict_find(nickserv_handle_dict, argv[1], NULL);
} else if (argc == 2) {
+ passwd = argv[1];
+ pw_arg = 1;
if (nickserv_conf.disable_nicks) {
- if (!(hi = get_handle_info(user->nick))) {
- reply("NSMSG_HANDLE_NOT_FOUND");
- return 0;
- }
+ hi = get_handle_info(user->nick);
} else {
/* try to look up their handle from their nick */
/* TODO: handle ldap auth on nickserv style networks, too */
}
hi = ni->owner;
}
- pw_arg = 1;
-#endif
+ if (hi) {
+ handle = hi->handle;
+ } else {
+ handle = user->nick;
+ }
} else {
reply("MSG_MISSING_PARAMS", argv[0]);
svccmd_send_help_brief(user, nickserv, cmd);
return 0;
}
- if (!hi) {
+
#ifdef WITH_LDAP
- if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
- /* user not found, but authed to ldap successfully..
- * create the account.
- */
- char *mask;
- if(!(hi = nickserv_register(user, NULL, argv[1], argv[2], 0))) {
- reply("NSMSG_UNABLE_TO_ADD");
- return 0; /* couldn't add the user for some reason */
- }
- /* Add a *@* mask */
- if(nickserv_conf.default_hostmask)
+ if(strchr(handle, '<') || strchr(handle, '>')) {
+ reply("NSMSG_NO_ANGLEBRACKETS");
+ return 0;
+ }
+ if (!is_valid_handle(handle)) {
+ reply("NSMSG_BAD_HANDLE", handle);
+ return 0;
+ }
+
+ if(nickserv_conf.ldap_enable) {
+ ldap_result = ldap_check_auth(handle, passwd);
+ /* Get the users email address and update it */
+ if(ldap_result == LDAP_SUCCESS) {
+ int rc;
+ if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+ }
+ else if(ldap_result != LDAP_INVALID_CREDENTIALS) {
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result));
+ return 0;
+ }
+ }
+#endif
+
+ if (!hi) {
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* user not found, but authed to ldap successfully..
+ * create the account.
+ */
+ char *mask;
+ if(!(hi = nickserv_register(user, user, handle, passwd, 0))) {
+ reply("NSMSG_UNABLE_TO_ADD");
+ return 0; /* couldn't add the user for some reason */
+ }
+ /* Add a *@* mask */
+ if(nickserv_conf.default_hostmask)
mask = "*@*";
else
mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
#endif
}
/* Responses from here on look up the language used by the handle they asked about. */
- passwd = argv[pw_arg];
if (!valid_user_for(user, hi)) {
if (hi->email_addr && nickserv_conf.email_enabled)
send_message_type(4, user, cmd->parent->bot,
argv[pw_arg] = "BADMASK";
return 1;
}
+
+ if (valid_user_sslfp(user, hi))
+ sslfpauth = 1;
+
#ifdef WITH_LDAP
- if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
- ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) {
+ if(( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
+ ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) && !sslfpauth) {
#else
- if (!checkpass(passwd, hi->passwd)) {
+ if (!checkpass(passwd, hi->passwd) && !sslfpauth) {
#endif
unsigned int n;
send_message_type(4, user, cmd->parent->bot,
handle_find_message(hi, "NSMSG_PASSWORD_INVALID"));
argv[pw_arg] = "BADPASS";
- for (n=0; n<failpw_func_used; n++) failpw_func_list[n](user, hi);
+ for (n=0; n<failpw_func_used; n++)
+ failpw_func_list[n](user, hi, failpw_func_list_extra[n]);
if (nickserv_conf.autogag_enabled) {
if (!user->auth_policer.params) {
user->auth_policer.last_req = now;
set_user_handle_info(user, hi, 1);
if (nickserv_conf.email_required && !hi->email_addr)
reply("NSMSG_PLEASE_SET_EMAIL");
- if (!is_secure_password(hi->handle, passwd, NULL))
+ if (!sslfpauth && !is_secure_password(hi->handle, passwd, NULL))
reply("NSMSG_WEAK_PASSWORD");
- if (hi->passwd[0] != '$')
+ if (!sslfpauth && (hi->passwd[0] != '$'))
cryptpass(passwd, hi->passwd);
/* If a channel was waiting for this user to auth,
* finish adding them */
process_adduser_pending(user);
+ reply("NSMSG_AUTH_SUCCESS");
+
+
/* Set +x if autohide is on */
if(HANDLE_FLAGGED(hi, AUTOHIDE))
irc_umode(user, "+x");
- if(!IsOper(user)) /* If they arnt already opered.. */
- {
- /* Auto Oper users with Opserv access -Life4Christ 8-10-2005 */
- if( nickserv_conf.auto_admin[0] && hi->opserv_level >= opserv_conf_admin_level())
- {
- irc_umode(user,nickserv_conf.auto_admin);
- reply("NSMSG_AUTO_OPER_ADMIN");
- }
- else if (nickserv_conf.auto_oper[0] && hi->opserv_level > 0)
- {
- irc_umode(user,nickserv_conf.auto_oper);
- reply("NSMSG_AUTO_OPER");
- }
- }
-
if (!hi->masks->used) {
irc_in_addr_t ip;
string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
}
- /* Wipe out the pass for the logs */
+ /* Wipe out the pass for the logs */
argv[pw_arg] = "****";
-
- reply("NSMSG_AUTH_SUCCESS");
-
return 1;
}
static allowauth_func_t *allowauth_func_list;
+static void **allowauth_func_list_extra;
static unsigned int allowauth_func_size = 0, allowauth_func_used = 0;
void
-reg_allowauth_func(allowauth_func_t func)
+reg_allowauth_func(allowauth_func_t func, void *extra)
{
if (allowauth_func_used == allowauth_func_size) {
if (allowauth_func_size) {
allowauth_func_size <<= 1;
allowauth_func_list = realloc(allowauth_func_list, allowauth_func_size*sizeof(allowauth_func_t));
+ allowauth_func_list_extra = realloc(allowauth_func_list_extra, allowauth_func_size*sizeof(void*));
} else {
allowauth_func_size = 8;
allowauth_func_list = malloc(allowauth_func_size*sizeof(allowauth_func_t));
+ allowauth_func_list_extra = malloc(allowauth_func_size*sizeof(void*));
}
}
- allowauth_func_list[allowauth_func_used++] = func;
+ allowauth_func_list[allowauth_func_used] = func;
+ allowauth_func_list_extra[allowauth_func_used++] = extra;
}
static NICKSERV_FUNC(cmd_allowauth)
reply("NSMSG_AUTH_UNSPECIAL", target->nick);
}
for (n=0; n<allowauth_func_used; n++)
- allowauth_func_list[n](user, target, hi);
+ allowauth_func_list[n](user, target, hi, allowauth_func_list_extra[n]);
return 1;
}
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (!hi->cookie) {
switch (hi->cookie->type) {
case ACTIVATION:
safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
- if (nickserv_conf.sync_log)
- SyncLog("ACCOUNTACC %s", hi->handle);
- break;
- case PASSWORD_CHANGE:
- safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
- if (nickserv_conf.sync_log)
- SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
- break;
- case EMAIL_CHANGE:
- if (!hi->email_addr && nickserv_conf.sync_log) {
- if (nickserv_conf.sync_log)
- SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info);
- }
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
- /* Falied to update email in ldap, but still
+ if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) {
+ /* Falied to update password in ldap, but still
* updated it here.. what should we do? */
- reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc));
- } else {
- nickserv_set_email_addr(hi, hi->cookie->data);
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
}
}
- else {
- nickserv_set_email_addr(hi, hi->cookie->data);
- }
-#else
- nickserv_set_email_addr(hi, hi->cookie->data);
#endif
if (nickserv_conf.sync_log)
- SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data);
+ SyncLog("ACCOUNTACC %s", hi->handle);
+ break;
+ case PASSWORD_CHANGE:
break;
+ case EMAIL_CHANGE:
+ break;
+ case ALLOWAUTH:
+ break;
default:
reply("NSMSG_BAD_COOKIE_TYPE", hi->cookie->type);
log_module(NS_LOG, LOG_ERROR, "Bad cookie type %d for account %s.", hi->cookie->type, hi->handle);
SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data);
break;
case ALLOWAUTH: {
- char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
+ char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
set_user_handle_info(user, hi, 1);
- nickserv_addmask(cmd, user, hi, mask);
+ nickserv_addmask(user, hi, mask);
reply("NSMSG_AUTH_SUCCESS");
free(mask);
break;
}
static int
-nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask)
+nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask)
{
unsigned int i;
char *new_mask = canonicalize_hostmask(strdup(mask));
for (i=0; i<hi->masks->used; i++) {
if (!irccasecmp(new_mask, hi->masks->list[i])) {
- reply("NSMSG_ADDMASK_ALREADY", new_mask);
+ send_message(user, nickserv, "NSMSG_ADDMASK_ALREADY", new_mask);
free(new_mask);
return 0;
}
}
string_list_append(hi->masks, new_mask);
- reply("NSMSG_ADDMASK_SUCCESS", new_mask);
+ send_message(user, nickserv, "NSMSG_ADDMASK_SUCCESS", new_mask);
return 1;
}
{
if (argc < 2) {
char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
- int res = nickserv_addmask(cmd, user, user->handle_info, mask);
+ int res = nickserv_addmask(user, user->handle_info, mask);
free(mask);
return res;
} else {
reply("NSMSG_MASK_INVALID", argv[1]);
return 0;
}
- return nickserv_addmask(cmd, user, user->handle_info, argv[1]);
+ return nickserv_addmask(user, user->handle_info, argv[1]);
}
}
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
- return nickserv_addmask(cmd, user, hi, argv[2]);
+ return nickserv_addmask(user, hi, argv[2]);
}
static int
{
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
return nickserv_delmask(cmd, user, hi, argv[2], 1);
}
+static int
+nickserv_addsslfp(struct userNode *user, struct handle_info *hi, const char *sslfp)
+{
+ unsigned int i;
+ char *new_sslfp = strdup(sslfp);
+ for (i=0; i<hi->sslfps->used; i++) {
+ if (!irccasecmp(new_sslfp, hi->sslfps->list[i])) {
+ send_message(user, nickserv, "NSMSG_ADDSSLFP_ALREADY", new_sslfp);
+ free(new_sslfp);
+ return 0;
+ }
+ }
+ string_list_append(hi->sslfps, new_sslfp);
+ send_message(user, nickserv, "NSMSG_ADDSSLFP_SUCCESS", new_sslfp);
+ return 1;
+}
+
+static NICKSERV_FUNC(cmd_addsslfp)
+{
+ NICKSERV_MIN_PARMS((user->sslfp ? 1 : 2));
+ if ((argc < 2) && (user->sslfp)) {
+ int res = nickserv_addsslfp(user, user->handle_info, user->sslfp);
+ return res;
+ } else {
+ return nickserv_addsslfp(user, user->handle_info, argv[1]);
+ }
+}
+
+static NICKSERV_FUNC(cmd_oaddsslfp)
+{
+ struct handle_info *hi;
+
+ NICKSERV_MIN_PARMS(3);
+ if (!(hi = get_victim_oper(user, argv[1])))
+ return 0;
+ return nickserv_addsslfp(user, hi, argv[2]);
+}
+
+static int
+nickserv_delsslfp(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_sslfp)
+{
+ unsigned int i;
+ for (i=0; i<hi->sslfps->used; i++) {
+ if (!irccasecmp(del_sslfp, hi->sslfps->list[i])) {
+ char *old_sslfp = hi->sslfps->list[i];
+ hi->sslfps->list[i] = hi->sslfps->list[--hi->sslfps->used];
+ reply("NSMSG_DELSSLFP_SUCCESS", old_sslfp);
+ free(old_sslfp);
+ return 1;
+ }
+ }
+ reply("NSMSG_DELSSLFP_NOT_FOUND");
+ return 0;
+}
+
+static NICKSERV_FUNC(cmd_delsslfp)
+{
+ NICKSERV_MIN_PARMS((user->sslfp ? 1 : 2));
+ if ((argc < 2) && (user->sslfp)) {
+ return nickserv_delsslfp(cmd, user, user->handle_info, user->sslfp);
+ } else {
+ return nickserv_delsslfp(cmd, user, user->handle_info, argv[1]);
+ }
+}
+
+static NICKSERV_FUNC(cmd_odelsslfp)
+{
+ struct handle_info *hi;
+ NICKSERV_MIN_PARMS(3);
+ if (!(hi = get_victim_oper(user, argv[1])))
+ return 0;
+ return nickserv_delsslfp(cmd, user, hi, argv[2]);
+}
+
int
nickserv_modify_handle_flags(struct userNode *user, struct userNode *bot, const char *str, unsigned long *padded, unsigned long *premoved) {
unsigned int nn, add = 1, pos;
struct channelList *schannels;
unsigned int ii;
schannels = chanserv_support_channels();
- for (uNode = hi->users; uNode; uNode = uNode->next_authed) {
- for (ii = 0; ii < schannels->used; ++ii)
- if (GetUserMode(schannels->list[ii], uNode))
- break;
- if (ii < schannels->used)
+ for (ii = 0; ii < schannels->used; ++ii)
+ if (find_handle_in_channel(schannels->list[ii], hi, NULL))
break;
- }
- if (!uNode)
+ if (ii == schannels->used)
HANDLE_CLEAR_FLAG(hi, HELPING);
}
unsigned int i;
char *set_display[] = {
"INFO", "WIDTH", "TABLEWIDTH", "COLOR", "PRIVMSG", "STYLE",
- "EMAIL", "AUTOHIDE", "MAXLOGINS", "LANGUAGE",
+ "EMAIL", "ANNOUNCEMENTS", "AUTOHIDE", "MAXLOGINS", "LANGUAGE",
"FAKEHOST", "TITLE", "EPITHET", "ADVANCED"
};
/* Do this so options are presented in a consistent order. */
for (i = 0; i < ArrayLength(set_display); ++i)
if ((opt = dict_find(nickserv_opt_dict, set_display[i], NULL)))
- opt(cmd, user, hi, override, 0, NULL);
+ opt(cmd, user, hi, override, 0, 0, NULL);
reply("NSMSG_SETTING_LIST_END");
}
reply("NSMSG_INVALID_OPTION", argv[1]);
return 0;
}
- return opt(cmd, user, hi, 0, argc-1, argv+1);
+ return opt(cmd, user, hi, 0, 0, argc-1, argv+1);
}
static NICKSERV_FUNC(cmd_oset)
{
- struct svccmd *subcmd;
struct handle_info *hi;
option_func_t *opt;
- char cmdname[MAXLEN];
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (argc < 3) {
return 0;
}
- sprintf(cmdname, "%s %s", cmd->name, argv[2]);
- subcmd = dict_find(cmd->parent->commands, cmdname, NULL);
- if (subcmd && !svccmd_can_invoke(user, cmd->parent->bot, subcmd, NULL, SVCCMD_NOISY))
- return 0;
-
- return opt(cmd, user, hi, 1, argc-2, argv+2);
+ return opt(cmd, user, hi, 1, 0, argc-2, argv+2);
}
static OPTION_FUNC(opt_info)
}
info = hi->infoline ? hi->infoline : user_find_message(user, "MSG_NONE");
- reply("NSMSG_SET_INFO", info);
+ if (!(noreply))
+ reply("NSMSG_SET_INFO", info);
return 1;
}
else if (hi->screen_width > MAX_LINE_SIZE)
hi->screen_width = MAX_LINE_SIZE;
- reply("NSMSG_SET_WIDTH", hi->screen_width);
+ if (!(noreply))
+ reply("NSMSG_SET_WIDTH", hi->screen_width);
return 1;
}
else if (hi->screen_width > MAX_LINE_SIZE)
hi->table_width = MAX_LINE_SIZE;
- reply("NSMSG_SET_TABLEWIDTH", hi->table_width);
+ if (!(noreply))
+ reply("NSMSG_SET_TABLEWIDTH", hi->table_width);
return 1;
}
else if (disabled_string(argv[1]))
HANDLE_CLEAR_FLAG(hi, MIRC_COLOR);
else {
- reply("MSG_INVALID_BINARY", argv[1]);
+ if (!(noreply))
+ reply("MSG_INVALID_BINARY", argv[1]);
return 0;
}
}
- reply("NSMSG_SET_COLOR", user_find_message(user, HANDLE_FLAGGED(hi, MIRC_COLOR) ? "MSG_ON" : "MSG_OFF"));
+ if (!(noreply))
+ reply("NSMSG_SET_COLOR", user_find_message(user, HANDLE_FLAGGED(hi, MIRC_COLOR) ? "MSG_ON" : "MSG_OFF"));
return 1;
}
else if (disabled_string(argv[1]))
HANDLE_CLEAR_FLAG(hi, USE_PRIVMSG);
else {
- reply("MSG_INVALID_BINARY", argv[1]);
+ if (!(noreply))
+ reply("MSG_INVALID_BINARY", argv[1]);
return 0;
}
}
- reply("NSMSG_SET_PRIVMSG", user_find_message(user, HANDLE_FLAGGED(hi, USE_PRIVMSG) ? "MSG_ON" : "MSG_OFF"));
+ if (!(noreply))
+ reply("NSMSG_SET_PRIVMSG", user_find_message(user, HANDLE_FLAGGED(hi, USE_PRIVMSG) ? "MSG_ON" : "MSG_OFF"));
return 1;
}
else if (disabled_string(argv[1]))
HANDLE_CLEAR_FLAG(hi, AUTOHIDE);
else {
- reply("MSG_INVALID_BINARY", argv[1]);
+ if (!(noreply))
+ reply("MSG_INVALID_BINARY", argv[1]);
return 0;
}
}
- reply("NSMSG_SET_AUTOHIDE", user_find_message(user, HANDLE_FLAGGED(hi, AUTOHIDE) ? "MSG_ON" : "MSG_OFF"));
+ if (!(noreply))
+ reply("NSMSG_SET_AUTOHIDE", user_find_message(user, HANDLE_FLAGGED(hi, AUTOHIDE) ? "MSG_ON" : "MSG_OFF"));
return 1;
}
style = "Normal";
}
- reply("NSMSG_SET_STYLE", style);
+ if (!(noreply))
+ reply("NSMSG_SET_STYLE", style);
+ return 1;
+}
+
+static OPTION_FUNC(opt_announcements)
+{
+ const char *choice;
+
+ if (argc > 1) {
+ if (enabled_string(argv[1]))
+ hi->announcements = 'y';
+ else if (disabled_string(argv[1]))
+ hi->announcements = 'n';
+ else if (!strcmp(argv[1], "?") || !irccasecmp(argv[1], "default"))
+ hi->announcements = '?';
+ else {
+ if (!(noreply))
+ reply("NSMSG_INVALID_ANNOUNCE", argv[1]);
+ return 0;
+ }
+ }
+
+ switch (hi->announcements) {
+ case 'y': choice = user_find_message(user, "MSG_ON"); break;
+ case 'n': choice = user_find_message(user, "MSG_OFF"); break;
+ case '?': choice = "default"; break;
+ default: choice = "unknown"; break;
+ }
+ if (!(noreply))
+ reply("NSMSG_SET_ANNOUNCEMENTS", choice);
return 1;
}
static OPTION_FUNC(opt_password)
{
char crypted[MD5_CRYPT_LENGTH+1];
- if(argc < 1) {
+ if(argc < 2) {
return 0;
}
if (!override) {
- reply("NSMSG_USE_CMD_PASS");
+ if (!(noreply))
+ reply("NSMSG_USE_CMD_PASS");
return 0;
}
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) {
- reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
- return 0;
+ if (!(noreply))
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
}
}
#endif
if (nickserv_conf.sync_log)
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
- reply("NSMSG_SET_PASSWORD", "***");
+ if (!(noreply))
+ reply("NSMSG_SET_PASSWORD", "***");
return 1;
}
unsigned int ii, flen;
if (!override) {
- reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
if (hi->flags & (1 << ii))
flags[flen++] = handle_flags[ii];
flags[flen] = '\0';
- if (hi->flags)
- reply("NSMSG_SET_FLAGS", flags);
- else
- reply("NSMSG_SET_FLAGS", user_find_message(user, "MSG_NONE"));
+ if (!(noreply)) {
+ if (hi->flags)
+ reply("NSMSG_SET_FLAGS", flags);
+ else
+ reply("NSMSG_SET_FLAGS", user_find_message(user, "MSG_NONE"));
+ }
return 1;
}
if (argc > 1) {
const char *str;
if (!valid_email(argv[1])) {
- reply("NSMSG_BAD_EMAIL_ADDR");
+ if (!(noreply))
+ reply("NSMSG_BAD_EMAIL_ADDR");
return 0;
}
if ((str = mail_prohibited_address(argv[1]))) {
- reply("NSMSG_EMAIL_PROHIBITED", argv[1], str);
+ if (!(noreply))
+ reply("NSMSG_EMAIL_PROHIBITED", argv[1], str);
return 0;
}
- if (hi->email_addr && !irccasecmp(hi->email_addr, argv[1]))
- reply("NSMSG_EMAIL_SAME");
- else if (!override)
+ if (hi->email_addr && !irccasecmp(hi->email_addr, argv[1])) {
+ if (!(noreply))
+ reply("NSMSG_EMAIL_SAME");
+ } else if (!override)
nickserv_make_cookie(user, hi, EMAIL_CHANGE, argv[1], 0);
else {
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) {
- reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ if (!(noreply))
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
}
nickserv_set_email_addr(hi, argv[1]);
if (hi->cookie)
nickserv_eat_cookie(hi->cookie);
- reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi));
+ if (!(noreply))
+ reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi));
}
- } else
- reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi));
+ } else {
+ if (!(noreply))
+ reply("NSMSG_SET_EMAIL", visible_email_addr(user, hi));
+ }
return 1;
}
if (argc > 1) {
maxlogins = strtoul(argv[1], NULL, 0);
if ((maxlogins > nickserv_conf.hard_maxlogins) && !override) {
- reply("NSMSG_BAD_MAX_LOGINS", nickserv_conf.hard_maxlogins);
+ if (!(noreply))
+ reply("NSMSG_BAD_MAX_LOGINS", nickserv_conf.hard_maxlogins);
return 0;
}
hi->maxlogins = maxlogins;
}
maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins;
- reply("NSMSG_SET_MAXLOGINS", maxlogins);
+ if (!(noreply))
+ reply("NSMSG_SET_MAXLOGINS", maxlogins);
return 1;
}
else if (disabled_string(argv[1]))
HANDLE_CLEAR_FLAG(hi, ADVANCED);
else {
- reply("MSG_INVALID_BINARY", argv[1]);
+ if (!(noreply))
+ reply("MSG_INVALID_BINARY", argv[1]);
return 0;
}
}
- reply("NSMSG_SET_ADVANCED", user_find_message(user, HANDLE_FLAGGED(hi, ADVANCED) ? "MSG_ON" : "MSG_OFF"));
+ if (!(noreply))
+ reply("NSMSG_SET_ADVANCED", user_find_message(user, HANDLE_FLAGGED(hi, ADVANCED) ? "MSG_ON" : "MSG_OFF"));
return 1;
}
struct language *lang;
if (argc > 1) {
lang = language_find(argv[1]);
- if (irccasecmp(lang->name, argv[1]))
- reply("NSMSG_LANGUAGE_NOT_FOUND", argv[1], lang->name);
+ if (irccasecmp(lang->name, argv[1])) {
+ if (!(noreply))
+ reply("NSMSG_LANGUAGE_NOT_FOUND", argv[1], lang->name);
+ }
hi->language = lang;
}
- reply("NSMSG_SET_LANGUAGE", hi->language->name);
+ if (!(noreply))
+ reply("NSMSG_SET_LANGUAGE", hi->language->name);
return 1;
}
static OPTION_FUNC(opt_karma)
{
if (!override) {
- send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
} else if (argv[1][0] == '-' && isdigit(argv[1][1])) {
hi->karma -= strtoul(argv[1] + 1, NULL, 10);
} else {
- send_message(user, nickserv, "NSMSG_INVALID_KARMA", argv[1]);
+ if (!(noreply))
+ send_message(user, nickserv, "NSMSG_INVALID_KARMA", argv[1]);
}
}
- reply("NSMSG_SET_KARMA", hi->karma);
+ if (!(noreply))
+ send_message(user, nickserv, "NSMSG_SET_KARMA", hi->karma);
return 1;
}
return 0;
}
#ifdef WITH_LDAP
- if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) {
+ if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) {
int rc;
- if(new_level > 0)
+ if(new_level > nickserv_conf.ldap_oper_group_level)
rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
else
rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
return 0;
}
}
+ if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_field_oslevel) && *(nickserv_conf.ldap_admin_dn)) {
+ int rc;
+ if((rc = ldap_do_oslevel(target->handle, new_level, target->opserv_level)) != LDAP_SUCCESS) {
+ send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
#endif
if (target->opserv_level == new_level)
return 0;
int res;
if (!override) {
- reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
res = (argc > 1) ? oper_try_set_access(user, nickserv, hi, strtoul(argv[1], NULL, 0)) : 0;
- reply("NSMSG_SET_LEVEL", hi->opserv_level);
+ if (!(noreply))
+ reply("NSMSG_SET_LEVEL", hi->opserv_level);
return res;
}
struct userNode *target, *next_un;
if (!override) {
- reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
}
}
- if (hi->epithet)
- reply("NSMSG_SET_EPITHET", hi->epithet);
- else
- reply("NSMSG_SET_EPITHET", user_find_message(user, "MSG_NONE"));
+ if (!(noreply)) {
+ if (hi->epithet)
+ reply("NSMSG_SET_EPITHET", hi->epithet);
+ else
+ reply("NSMSG_SET_EPITHET", user_find_message(user, "MSG_NONE"));
+ }
return 1;
}
static OPTION_FUNC(opt_title)
{
char *title;
- const char *none;
+ const char *none = NULL;
char *sptr;
if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_title_level, 0)) {
if (!override) {
- reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
}
else {
if (strchr(title, '.')) {
- reply("NSMSG_TITLE_INVALID");
+ if (!(noreply))
+ reply("NSMSG_TITLE_INVALID");
return 0;
}
/* Alphanumeric titles only. */
for(sptr = title; *sptr; sptr++) {
if(!isalnum(*sptr) && *sptr != '-') {
- reply("NSMSG_TITLE_INVALID");
+ if (!(noreply))
+ reply("NSMSG_TITLE_INVALID");
return 0;
}
}
if ((strlen(user->handle_info->handle) + strlen(title) +
strlen(nickserv_conf.titlehost_suffix) + 2) > HOSTLEN) {
- reply("NSMSG_TITLE_TRUNCATED");
+ if (!(noreply))
+ reply("NSMSG_TITLE_TRUNCATED");
return 0;
}
free(hi->fakehost);
if (!title)
none = user_find_message(user, "MSG_NONE");
- send_message(user, nickserv, "NSMSG_SET_TITLE", title ? title : none);
+ if (!(noreply))
+ send_message(user, nickserv, "NSMSG_SET_TITLE", title ? title : none);
return 1;
}
if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_fakehost_level, 0)) {
if (!override) {
- reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
return 0;
}
fake = argv[1];
if ((strlen(fake) > HOSTLEN) || (fake[0] == '.')) {
- reply("NSMSG_FAKEHOST_INVALID", HOSTLEN);
+ if (!(noreply))
+ reply("NSMSG_FAKEHOST_INVALID", HOSTLEN);
return 0;
}
if (!strcmp(fake, "*")) {
/* Tell them we set the host */
if (!fake)
fake = user_find_message(user, "MSG_NONE");
- reply("NSMSG_SET_FAKEHOST", fake);
+ if (!(noreply))
+ reply("NSMSG_SET_FAKEHOST", fake);
+ return 1;
+}
+
+static OPTION_FUNC(opt_note)
+{
+ if (!override) {
+ if (!(noreply))
+ reply("MSG_SETTING_PRIVILEGED", argv[0]);
+ return 0;
+ }
+
+ if (argc > 1) {
+ char *text = unsplit_string(argv + 1, argc - 1, NULL);
+
+ if (hi->note)
+ free(hi->note);
+
+ if ((text[0] == '*') && !text[1])
+ hi->note = NULL;
+ else {
+ if (!(hi->note = nickserv_add_note(user->handle_info->handle, now, text)))
+ hi->note = NULL;
+ }
+ }
+
+ if (!(noreply))
+ reply("NSMSG_SET_NOTE", hi->note ? hi->note->note : user_find_message(user, "MSG_NONE"));
return 1;
}
static NICKSERV_FUNC(cmd_reclaim)
{
- struct handle_info *hi;
struct nick_info *ni;
struct userNode *victim;
NICKSERV_MIN_PARMS(2);
- hi = user->handle_info;
ni = dict_find(nickserv_nick_dict, argv[1], 0);
if (!ni) {
reply("NSMSG_UNKNOWN_NICK", argv[1]);
reply("NSMSG_NICK_NOT_REGISTERED", argv[1]);
return 0;
}
- if (!oper_outranks(cmd, user, ni->owner))
- return 0;
+ if (!oper_outranks(user, ni->owner))
+ return 0;
reply("NSMSG_UNREGNICK_SUCCESS", ni->nick);
delete_nick(ni);
return 1;
static NICKSERV_FUNC(cmd_ounregister)
{
+ struct handle_info *hi;
char reason[MAXLEN];
int force;
- struct handle_info *hi;
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (HANDLE_FLAGGED(hi, NODELETE)) {
reply((IsOper(user) ? "NSMSG_UNREGISTER_MUST_FORCE" : "NSMSG_UNREGISTER_CANNOT_FORCE"), hi->handle);
return 0;
}
-
snprintf(reason, sizeof(reason), "%s unregistered account %s.", user->handle_info->handle, hi->handle);
global_message(MESSAGE_RECIPIENT_STAFF, reason);
-
if(nickserv_unregister_handle(hi, user, cmd->parent->bot))
return 1;
else
return 1;
}
-static NICKSERV_FUNC(cmd_addnote)
-{
- struct handle_info *hi;
- unsigned long duration;
- char text[MAXLEN];
- unsigned int id;
- struct handle_note *prev;
- struct handle_note *note;
-
- /* Parse parameters and figure out values for note's fields. */
- NICKSERV_MIN_PARMS(4);
- hi = get_victim_oper(cmd, user, argv[1]);
- if (!hi)
- return 0;
- if(!strcmp(argv[2], "0"))
- duration = 0;
- else if(!(duration = ParseInterval(argv[2])))
- {
- reply("MSG_INVALID_DURATION", argv[2]);
- return 0;
- }
- if (duration > 2*365*86400) {
- reply("NSMSG_EXCESSIVE_DURATION", argv[2]);
- return 0;
- }
- unsplit_string(argv + 3, argc - 3, text);
- WALK_NOTES(hi, prev, note) {}
- id = prev ? (prev->id + 1) : 1;
-
- /* Create the new note structure. */
- note = calloc(1, sizeof(*note) + strlen(text));
- note->next = NULL;
- note->expires = duration ? (now + duration) : 0;
- note->set = now;
- note->id = id;
- safestrncpy(note->setter, user->handle_info->handle, sizeof(note->setter));
- strcpy(note->note, text);
- if (prev)
- prev->next = note;
- else
- hi->notes = note;
- reply("NSMSG_NOTE_ADDED", id, hi->handle);
- return 1;
-}
-
-static NICKSERV_FUNC(cmd_delnote)
-{
- struct handle_info *hi;
- struct handle_note *prev;
- struct handle_note *note;
- int id;
-
- NICKSERV_MIN_PARMS(3);
- hi = get_victim_oper(cmd, user, argv[1]);
- if (!hi)
- return 0;
- id = strtoul(argv[2], NULL, 10);
- WALK_NOTES(hi, prev, note) {
- if (id == note->id) {
- if (prev)
- prev->next = note->next;
- else
- hi->notes = note->next;
- free(note);
- reply("NSMSG_NOTE_REMOVED", id, hi->handle);
- return 1;
- }
- }
- reply("NSMSG_NO_SUCH_NOTE", hi->handle, id);
- return 0;
-}
-
static int
nickserv_saxdb_write(struct saxdb_context *ctx) {
dict_iterator_t it;
for (it = dict_first(nickserv_handle_dict); it; it = iter_next(it)) {
hi = iter_data(it);
saxdb_start_record(ctx, iter_key(it), 0);
+ if (hi->announcements != '?') {
+ flags[0] = hi->announcements;
+ flags[1] = 0;
+ saxdb_write_string(ctx, KEY_ANNOUNCEMENTS, flags);
+ }
if (hi->cookie) {
struct handle_cookie *cookie = hi->cookie;
char *type;
saxdb_end_record(ctx);
}
}
- if (hi->notes) {
- struct handle_note *prev, *note;
- saxdb_start_record(ctx, KEY_NOTES, 0);
- WALK_NOTES(hi, prev, note) {
- snprintf(flags, sizeof(flags), "%d", note->id);
- saxdb_start_record(ctx, flags, 0);
- if (note->expires)
- saxdb_write_int(ctx, KEY_NOTE_EXPIRES, note->expires);
- saxdb_write_int(ctx, KEY_NOTE_SET, note->set);
- saxdb_write_string(ctx, KEY_NOTE_SETTER, note->setter);
- saxdb_write_string(ctx, KEY_NOTE_NOTE, note->note);
- saxdb_end_record(ctx);
- }
- saxdb_end_record(ctx);
- }
if (hi->email_addr)
saxdb_write_string(ctx, KEY_EMAIL_ADDR, hi->email_addr);
if (hi->epithet)
saxdb_write_string(ctx, KEY_EPITHET, hi->epithet);
+ if (hi->note) {
+ saxdb_start_record(ctx, KEY_NOTE_NOTE, 0);
+ saxdb_write_string(ctx, KEY_NOTE_SETTER, hi->note->setter);
+ saxdb_write_int(ctx, KEY_NOTE_DATE, hi->note->date);
+ saxdb_write_string(ctx, KEY_NOTE_NOTE, hi->note->note);
+ saxdb_end_record(ctx);
+ }
if (hi->fakehost)
saxdb_write_string(ctx, KEY_FAKEHOST, hi->fakehost);
saxdb_write_sint(ctx, KEY_KARMA, hi->karma);
if (hi->masks->used)
saxdb_write_string_list(ctx, KEY_MASKS, hi->masks);
+ if (hi->sslfps->used)
+ saxdb_write_string_list(ctx, KEY_SSLFPS, hi->sslfps);
if (hi->ignores->used)
saxdb_write_string_list(ctx, KEY_IGNORES, hi->ignores);
if (hi->maxlogins)
saxdb_write_int(ctx, KEY_MAXLOGINS, hi->maxlogins);
if (hi->nicks) {
- struct string_list *slist;
struct nick_info *ni;
- slist = alloc_string_list(nickserv_conf.nicks_per_handle);
- for (ni = hi->nicks; ni; ni = ni->next) string_list_append(slist, ni->nick);
- saxdb_write_string_list(ctx, KEY_NICKS, slist);
- free(slist->list);
- free(slist);
+ saxdb_start_record(ctx, KEY_NICKS_EX, 0);
+ for (ni = hi->nicks; ni; ni = ni->next) {
+ saxdb_start_record(ctx, ni->nick, 0);
+ saxdb_write_int(ctx, KEY_REGISTER_ON, ni->registered);
+ saxdb_write_int(ctx, KEY_LAST_SEEN, ni->lastseen);
+ saxdb_end_record(ctx);
+ }
+ saxdb_end_record(ctx);
}
if (hi->opserv_level)
saxdb_write_int(ctx, KEY_OPSERV_LEVEL, hi->opserv_level);
}
static handle_merge_func_t *handle_merge_func_list;
+static void **handle_merge_func_list_extra;
static unsigned int handle_merge_func_size = 0, handle_merge_func_used = 0;
void
-reg_handle_merge_func(handle_merge_func_t func)
+reg_handle_merge_func(handle_merge_func_t func, void *extra)
{
if (handle_merge_func_used == handle_merge_func_size) {
if (handle_merge_func_size) {
handle_merge_func_size <<= 1;
handle_merge_func_list = realloc(handle_merge_func_list, handle_merge_func_size*sizeof(handle_merge_func_t));
+ handle_merge_func_list_extra = realloc(handle_merge_func_list_extra, handle_merge_func_size*sizeof(void*));
} else {
handle_merge_func_size = 8;
handle_merge_func_list = malloc(handle_merge_func_size*sizeof(handle_merge_func_t));
+ handle_merge_func_list_extra = malloc(handle_merge_func_size*sizeof(void*));
}
}
- handle_merge_func_list[handle_merge_func_used++] = func;
+ handle_merge_func_list[handle_merge_func_used] = func;
+ handle_merge_func_list_extra[handle_merge_func_used++] = extra;
}
static NICKSERV_FUNC(cmd_merge)
NICKSERV_MIN_PARMS(3);
- if (!(hi_from = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi_from = get_victim_oper(user, argv[1])))
return 0;
- if (!(hi_to = get_victim_oper(cmd, user, argv[2])))
+ if (!(hi_to = get_victim_oper(user, argv[2])))
return 0;
if (hi_to == hi_from) {
reply("NSMSG_CANNOT_MERGE_SELF", hi_to->handle);
}
for (n=0; n<handle_merge_func_used; n++)
- handle_merge_func_list[n](user, hi_to, hi_from);
+ handle_merge_func_list[n](user, hi_to, hi_from, handle_merge_func_list_extra[n]);
/* Append "from" handle's nicks to "to" handle's nick list. */
if (hi_to->nicks) {
string_list_append(hi_to->masks, strdup(mask));
}
+ /* Merge the SSL fingerprints. */
+ for (ii=0; ii<hi_from->sslfps->used; ii++) {
+ char *sslfp = hi_from->sslfps->list[ii];
+ for (jj=0; jj<hi_to->sslfps->used; jj++)
+ if (!irccasecmp(hi_to->sslfps->list[jj], sslfp))
+ break;
+ if (jj==hi_to->sslfps->used) /* Nothing from the "to" handle covered this sslfp, so add it. */
+ string_list_append(hi_to->sslfps, strdup(sslfp));
+ }
+
/* Merge the ignores. */
for (ii=0; ii<hi_from->ignores->used; ii++) {
char *ignore = hi_from->ignores->list[ii];
enum { SUBSET, EXACT, SUPERSET, LASTQUIT } hostmask_type;
const char *nickmask;
const char *hostmask;
- const char *fakehostmask;
const char *handlemask;
const char *emailmask;
+ const char *titlemask;
+ const char *setwhat;
+ const char *setval;
+ struct svccmd *cmd;
#ifdef WITH_LDAP
unsigned int inldap;
#endif
};
-typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi);
+typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi, struct nickserv_discrim *discrim);
struct discrim_apply_info {
struct nickserv_discrim *discrim;
discrim->lastseen = LONG_MAX;
discrim->min_karma = INT_MIN;
discrim->max_karma = INT_MAX;
+ discrim->cmd = cmd;
#ifdef WITH_LDAP
discrim->inldap = 2;
#endif
discrim->lastseen = now - ParseInterval(argv[++i]);
} else if (!nickserv_conf.disable_nicks && !irccasecmp(argv[i], "nickmask")) {
discrim->nickmask = argv[++i];
+ } else if (!irccasecmp(argv[i], "setwhat")) {
+ discrim->setwhat = argv[++i];
+ if (!(dict_find(nickserv_opt_dict, discrim->setwhat, NULL))) {
+ reply("NSMSG_INVALID_OPTION", discrim->setwhat);
+ goto fail;
+ }
+ } else if (!irccasecmp(argv[i], "setvalue")) {
+ discrim->setval = argv[++i];
} else if (!irccasecmp(argv[i], "hostmask")) {
i++;
if (!irccasecmp(argv[i], "exact")) {
discrim->hostmask_type = SUPERSET;
}
discrim->hostmask = argv[++i];
- } else if (!irccasecmp(argv[i], "fakehost")) {
- if (!irccasecmp(argv[++i], "*")) {
- discrim->fakehostmask = 0;
- } else {
- discrim->fakehostmask = argv[i];
- }
} else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) {
if (!irccasecmp(argv[++i], "*")) {
discrim->handlemask = 0;
} else {
discrim->emailmask = argv[i];
}
+ } else if (!irccasecmp(argv[i], "title")) {
+ if (!irccasecmp(argv[++i], "*")) {
+ discrim->titlemask = 0;
+ } else {
+ discrim->titlemask = argv[i];
+ }
} else if (!irccasecmp(argv[i], "access")) {
const char *cmp = argv[++i];
if (cmp[0] == '<') {
} else {
reply("MSG_INVALID_CRITERIA", cmp);
}
-#ifdef WITH_LDAP
- } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
- i++;
- if(true_string(argv[i])) {
- discrim->inldap = 1;
- }
- else if (false_string(argv[i])) {
- discrim->inldap = 0;
- }
- else {
- reply("MSG_INVALID_BINARY", argv[i]);
- }
-#endif
} else if (!irccasecmp(argv[i], "karma")) {
const char *cmp = argv[++i];
if (cmp[0] == '<') {
discrim->min_karma = strtoul(cmp+1, NULL, 0) + 1;
}
} else {
- reply("MSG_INVALID_CRITERIA", cmp);
+ send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp);
}
+#ifdef WITH_LDAP
+ } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
+ i++;
+ if(true_string(argv[i])) {
+ discrim->inldap = 1;
+ }
+ else if (false_string(argv[i])) {
+ discrim->inldap = 0;
+ }
+ else {
+ reply("MSG_INVALID_BINARY", argv[i]);
+ }
+#endif
} else {
reply("MSG_INVALID_CRITERIA", argv[i]);
goto fail;
static int
nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi)
{
+ char *title = NULL;
+
+ if (hi->fakehost && (hi->fakehost[0] == '.'))
+ title = hi->fakehost + 1;
+
if (((discrim->flags_on & hi->flags) != discrim->flags_on)
|| (discrim->flags_off & hi->flags)
|| (discrim->min_registered > hi->registered)
|| (discrim->max_registered < hi->registered)
|| (discrim->lastseen < (hi->users?now:hi->lastseen))
|| (discrim->handlemask && !match_ircglob(hi->handle, discrim->handlemask))
- || (discrim->fakehostmask && (!hi->fakehost || !match_ircglob(hi->fakehost, discrim->fakehostmask)))
|| (discrim->emailmask && (!hi->email_addr || !match_ircglob(hi->email_addr, discrim->emailmask)))
+ || (discrim->titlemask && (!title || !match_ircglob(title, discrim->titlemask)))
|| (discrim->min_level > hi->opserv_level)
|| (discrim->max_level < hi->opserv_level)
|| (discrim->min_karma > hi->karma)
it = next) {
next = iter_next(it);
if (nickserv_discrim_match(discrim, iter_data(it))) {
- dsf(source, iter_data(it));
+ dsf(source, iter_data(it), discrim);
matched++;
}
}
}
static void
-search_print_func(struct userNode *source, struct handle_info *match)
+search_print_func(struct userNode *source, struct handle_info *match, UNUSED_ARG(struct nickserv_discrim *discrim))
{
send_message(source, nickserv, "NSMSG_SEARCH_MATCH", match->handle);
}
static void
-search_count_func(UNUSED_ARG(struct userNode *source), UNUSED_ARG(struct handle_info *match))
+search_count_func(UNUSED_ARG(struct userNode *source), UNUSED_ARG(struct handle_info *match), UNUSED_ARG(struct nickserv_discrim *discrim))
{
}
static void
-search_unregister_func (struct userNode *source, struct handle_info *match)
+search_unregister_func (struct userNode *source, struct handle_info *match, UNUSED_ARG(struct nickserv_discrim *discrim))
{
if (oper_has_access(source, nickserv, match->opserv_level, 0))
nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded
}
+#ifdef WITH_LDAP
static void
-search_add2ldap_func (struct userNode *source, struct handle_info *match)
+search_add2ldap_func (struct userNode *source, struct handle_info *match, UNUSED_ARG(struct nickserv_discrim *discrim))
{
-#ifdef WITH_LDAP
int rc;
if(match->email_addr && match->passwd && match->handle) {
rc = ldap_do_add(match->handle, match->passwd, match->email_addr);
send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc));
}
}
+}
#endif
+
+static void
+search_set_func (struct userNode *source, struct handle_info *match, struct nickserv_discrim *discrim)
+{
+ option_func_t *opt;
+ char *oargv[2];
+
+ if (!(opt = dict_find(nickserv_opt_dict, discrim->setwhat, NULL))) {
+ return;
+ }
+
+ oargv[0] = (char *)discrim->setwhat;
+ oargv[1] = (char *)discrim->setval;
+
+ opt(discrim->cmd, source, match, 1, 1, 2, oargv);
}
static int
action = search_count_func;
else if (!irccasecmp(argv[1], "unregister"))
action = search_unregister_func;
+ else if (!irccasecmp(argv[1], "set"))
+ action = search_set_func;
#ifdef WITH_LDAP
else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap"))
action = search_add2ldap_func;
reply("NSMSG_ACCOUNT_SEARCH_RESULTS");
else if (action == search_count_func)
discrim->limit = INT_MAX;
+ else if ((action == search_set_func) && (!(discrim->setwhat) || !(discrim->setval)))
+ return reply("MSG_MISSING_PARAMS", argv[1]);
matches = nickserv_discrim_search(discrim, action, user);
return 1;
}
+static MODCMD_FUNC(cmd_checkemail)
+{
+ struct handle_info *hi;
+
+ NICKSERV_MIN_PARMS(3);
+ if (!(hi = modcmd_get_handle_info(user, argv[1]))) {
+ return 0;
+ }
+ if (!hi->email_addr)
+ reply("CHECKEMAIL_NOT_SET");
+ else if (!irccasecmp(argv[2], hi->email_addr))
+ reply("CHECKEMAIL_YES");
+ else
+ reply("CHECKEMAIL_NO");
+ return 1;
+}
+
static void
nickserv_db_read_handle(char *handle, dict_t obj)
{
const char *str;
- struct string_list *masks, *slist, *ignores;
+ struct string_list *masks, *sslfps, *slist, *ignores;
struct handle_info *hi;
struct userNode *authed_users;
- struct userData *channels;
+ struct userData *channel_list;
+ struct dict *obj2;
+ dict_iterator_t it;
unsigned long int id;
unsigned int ii;
dict_t subdb;
+ char *setter, *note;
+ time_t date;
str = database_get_data(obj, KEY_ID, RECDB_QSTRING);
id = str ? strtoul(str, NULL, 0) : 0;
}
if ((hi = get_handle_info(handle))) {
authed_users = hi->users;
- channels = hi->channels;
+ channel_list = hi->channels;
hi->users = NULL;
hi->channels = NULL;
dict_remove(nickserv_handle_dict, hi->handle);
} else {
authed_users = NULL;
- channels = NULL;
+ channel_list = NULL;
}
if(nickserv_conf.force_handles_lowercase)
irc_strtolower(handle);
authed_users = authed_users->next_authed;
}
}
- hi->channels = channels;
+ hi->channels = channel_list;
masks = database_get_data(obj, KEY_MASKS, RECDB_STRING_LIST);
hi->masks = masks ? string_list_copy(masks) : alloc_string_list(1);
+ sslfps = database_get_data(obj, KEY_SSLFPS, RECDB_STRING_LIST);
+ hi->sslfps = sslfps ? string_list_copy(sslfps) : alloc_string_list(1);
ignores = database_get_data(obj, KEY_IGNORES, RECDB_STRING_LIST);
hi->ignores = ignores ? string_list_copy(ignores) : alloc_string_list(1);
str = database_get_data(obj, KEY_MAXLOGINS, RECDB_QSTRING);
hi->karma = str ? strtoul(str, NULL, 0) : 0;
/* We want to read the nicks even if disable_nicks is set. This is so
* that we don't lose the nick data entirely. */
- slist = database_get_data(obj, KEY_NICKS, RECDB_STRING_LIST);
- if (slist) {
- for (ii=0; ii<slist->used; ii++)
- register_nick(slist->list[ii], hi);
+ obj2 = database_get_data(obj, KEY_NICKS_EX, RECDB_OBJECT);
+ for(it = dict_first(obj2); it; it = iter_next(it))
+ {
+ struct record_data *rd = iter_data(it);
+ struct nick_info* ni;
+
+ register_nick(iter_key(it), hi);
+ ni = get_nick_info(iter_key(it));
+
+ if (!(ni))
+ continue;
+
+ str = database_get_data(rd->d.object, KEY_REGISTER_ON, RECDB_QSTRING);
+ ni->registered = str ? (time_t)strtoul(str, NULL, 0) : now;
+ str = database_get_data(rd->d.object, KEY_LAST_SEEN, RECDB_QSTRING);
+ ni->lastseen = str ? (time_t)strtoul(str, NULL, 0) : ni->registered;
+ }
+ if (!obj2) {
+ slist = database_get_data(obj, KEY_NICKS, RECDB_STRING_LIST);
+ if (slist) {
+ for (ii=0; ii<slist->used; ii++) {
+ struct nick_info* ni;
+
+ register_nick(slist->list[ii], hi);
+ ni = get_nick_info(slist->list[ii]);
+
+ if (!(ni))
+ continue;
+
+ ni->registered = hi->registered;
+ ni->lastseen = ni->registered;
+ }
+ }
}
str = database_get_data(obj, KEY_FLAGS, RECDB_QSTRING);
if (str) {
}
str = database_get_data(obj, KEY_USERLIST_STYLE, RECDB_QSTRING);
hi->userlist_style = str ? str[0] : HI_DEFAULT_STYLE;
+ str = database_get_data(obj, KEY_ANNOUNCEMENTS, RECDB_QSTRING);
+ hi->announcements = str ? str[0] : '?';
str = database_get_data(obj, KEY_SCREEN_WIDTH, RECDB_QSTRING);
hi->screen_width = str ? strtoul(str, NULL, 0) : 0;
str = database_get_data(obj, KEY_TABLE_WIDTH, RECDB_QSTRING);
str = database_get_data(obj, KEY_EPITHET, RECDB_QSTRING);
if (str)
hi->epithet = strdup(str);
+ subdb = database_get_data(obj, KEY_NOTE_NOTE, RECDB_OBJECT);
+ if (subdb) {
+ setter = database_get_data(subdb, KEY_NOTE_SETTER, RECDB_QSTRING);
+ str = database_get_data(subdb, KEY_NOTE_DATE, RECDB_QSTRING);
+ date = str ? (time_t)strtoul(str, NULL, 0) : now;
+ note = database_get_data(subdb, KEY_NOTE_NOTE, RECDB_QSTRING);
+ if (setter && date && note)
+ {
+ if (!(hi->note = nickserv_add_note(setter, date, note)))
+ hi->note = NULL;
+ }
+ }
str = database_get_data(obj, KEY_FAKEHOST, RECDB_QSTRING);
if (str)
else
nickserv_free_cookie(cookie);
}
- /* Read the "notes" sub-database (if it exists). */
- subdb = database_get_data(obj, KEY_NOTES, RECDB_OBJECT);
- if (subdb) {
- dict_iterator_t it;
- struct handle_note *last_note;
- struct handle_note *note;
-
- last_note = NULL;
- for (it = dict_first(subdb); it; it = iter_next(it)) {
- const char *expires;
- const char *setter;
- const char *text;
- const char *set;
- const char *id;
- dict_t notedb;
-
- id = iter_key(it);
- notedb = GET_RECORD_OBJECT((struct record_data*)iter_data(it));
- if (!notedb) {
- log_module(NS_LOG, LOG_ERROR, "Malformed note %s for account %s; ignoring note.", id, hi->handle);
- continue;
- }
- expires = database_get_data(notedb, KEY_NOTE_EXPIRES, RECDB_QSTRING);
- setter = database_get_data(notedb, KEY_NOTE_SETTER, RECDB_QSTRING);
- text = database_get_data(notedb, KEY_NOTE_NOTE, RECDB_QSTRING);
- set = database_get_data(notedb, KEY_NOTE_SET, RECDB_QSTRING);
- if (!setter || !text || !set) {
- log_module(NS_LOG, LOG_ERROR, "Missing field(s) from note %s for account %s; ignoring note.", id, hi->handle);
- continue;
- }
- note = calloc(1, sizeof(*note) + strlen(text));
- note->next = NULL;
- note->expires = expires ? strtoul(expires, NULL, 10) : 0;
- note->set = strtoul(set, NULL, 10);
- note->id = strtoul(id, NULL, 10);
- safestrncpy(note->setter, setter, sizeof(note->setter));
- strcpy(note->note, text);
- if (last_note)
- last_note->next = note;
- else
- hi->notes = note;
- last_note = note;
- }
- }
}
static int
timeq_add(now + nickserv_conf.handle_expire_frequency, expire_handles, NULL);
}
+static void
+expire_nicks(UNUSED_ARG(void *data))
+{
+ dict_iterator_t it, next;
+ time_t expiry = nickserv_conf.nick_expire_delay;
+ struct nick_info *ni;
+ struct userNode *ui;
+
+ if (!(nickserv_conf.expire_nicks))
+ return;
+
+ for (it=dict_first(nickserv_nick_dict); it; it=next) {
+ next = iter_next(it);
+ ni = iter_data(it);
+ if ((ni->owner->opserv_level > 0)
+ || ((ui = GetUserH(ni->nick)) && (ui->handle_info) && (ui->handle_info == ni->owner))
+ || HANDLE_FLAGGED(ni->owner, FROZEN)
+ || HANDLE_FLAGGED(ni->owner, NODELETE)) {
+ continue;
+ }
+ if ((now - ni->lastseen) > expiry) {
+ log_module(NS_LOG, LOG_INFO, "Expiring nick %s for inactivity.", ni->nick);
+ delete_nick(ni);
+ }
+ }
+
+ if (nickserv_conf.nick_expire_frequency && nickserv_conf.expire_nicks)
+ timeq_add(now + nickserv_conf.nick_expire_frequency, expire_nicks, NULL);
+}
+
static void
nickserv_load_dict(const char *fname)
{
log_module(NS_LOG, LOG_ERROR, "Unable to open dictionary file %s: %s", fname, strerror(errno));
return;
}
- while (!feof(file)) {
- fgets(line, sizeof(line), file);
+ while (fgets(line, sizeof(line), file)) {
if (!line[0])
continue;
if (line[strlen(line)-1] == '\n')
nickserv_conf.auto_reclaim_action = str ? reclaim_action_from_string(str) : RECLAIM_NONE;
str = database_get_data(conf_node, "auto_reclaim_delay", RECDB_QSTRING);
nickserv_conf.auto_reclaim_delay = str ? ParseInterval(str) : 0;
+ str = database_get_data(conf_node, KEY_NICK_EXPIRE_FREQ, RECDB_QSTRING);
+ nickserv_conf.nick_expire_frequency = str ? ParseInterval(str) : 86400;
+ str = database_get_data(conf_node, KEY_NICK_EXPIRE_DELAY, RECDB_QSTRING);
+ nickserv_conf.nick_expire_delay = str ? ParseInterval(str) : 86400*30;
+ str = database_get_data(conf_node, "expire_nicks", RECDB_QSTRING);
+ nickserv_conf.expire_nicks = str ? enabled_string(str) : 0;
}
child = database_get_data(conf_node, KEY_FLAG_LEVELS, RECDB_OBJECT);
for (it=dict_first(child); it; it=iter_next(it)) {
str = database_get_data(conf_node, KEY_AUTO_ADMIN, RECDB_QSTRING);
nickserv_conf.auto_admin = str ? str : "";
+ str = database_get_data(conf_node, KEY_AUTO_OPER_PRIVS, RECDB_QSTRING);
+ nickserv_conf.auto_oper_privs = str ? str : "";
+
+ str = database_get_data(conf_node, KEY_AUTO_ADMIN_PRIVS, RECDB_QSTRING);
+ nickserv_conf.auto_admin_privs = str ? str : "";
+
str = conf_get_data("server/network", RECDB_QSTRING);
nickserv_conf.network_name = str ? str : "some IRC network";
if (!nickserv_conf.auth_policer_params) {
if(nickserv_conf.ldap_enable > 0) {
/* ldap is enabled but not compiled in - error out */
log_module(MAIN_LOG, LOG_ERROR, "ldap is enabled in config, but not compiled in!");
- nickserv_conf.ldap_enable = 0;
- sleep(5);
+ exit(2);
+ /* nickserv_conf.ldap_enable = 0; */
+ /* sleep(5); */
}
#endif
str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING);
nickserv_conf.ldap_field_email = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_FIELD_OSLEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_field_oslevel = str ? str : "";
+
str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
nickserv_conf.ldap_oper_group_dn = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
nickserv_conf.ldap_field_group_member = str ? str : "";
assert(user);
assert(ni);
+
+ if (IsLocal(user))
+ return;
+
switch (action) {
case RECLAIM_NONE:
/* do nothing */
break;
case RECLAIM_WARN:
send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle);
+ send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle);
break;
case RECLAIM_SVSNICK:
do {
}
static int
-check_user_nick(struct userNode *user) {
+check_user_nick(struct userNode *user, UNUSED_ARG(void *extra)) {
struct nick_info *ni;
user->modes &= ~FLAGS_REGNICK;
+
if (!(ni = get_nick_info(user->nick)))
return 0;
if (user->handle_info == ni->owner) {
irc_regnick(user);
return 0;
}
- if (nickserv_conf.warn_nick_owned)
+ if (nickserv_conf.warn_nick_owned) {
send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle);
+ send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle);
+ }
if (nickserv_conf.auto_reclaim_action == RECLAIM_NONE)
return 0;
if (nickserv_conf.auto_reclaim_delay)
timeq_add(now + nickserv_conf.auto_reclaim_delay, nickserv_reclaim_p, user);
else
nickserv_reclaim(user, ni, nickserv_conf.auto_reclaim_action);
+
return 0;
}
-int
-handle_new_user(struct userNode *user)
-{
- return check_user_nick(user);
+static int
+new_user_event(struct userNode *user, void *extra) {
+ /* If the user's server is not bursting,
+ * the user is authed, the account has autohide set
+ * and the user doesn't have user mode +x then apply
+ * the autohide setting.
+ */
+ if (!user->uplink->burst && user->handle_info &&
+ HANDLE_FLAGGED(user->handle_info, AUTOHIDE) &&
+ !IsHiddenHost(user))
+ irc_umode(user, "+x");
+
+ return check_user_nick(user, extra);
}
void
hi = dict_find(nickserv_handle_dict, stamp, NULL);
if(hi && timestamp && hi->registered != timestamp)
{
- log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered);
+ log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp),
+ctime(&hi->registered));
return;
}
#else
log_module(MAIN_LOG, LOG_WARNING, "Using non-P10 code in accounts, not tested at all!");
#endif
+#ifdef WITH_LDAP
+ if(!hi && nickserv_conf.ldap_enable && nickserv_conf.ldap_autocreate &&
+ (ldap_user_exists(stamp) == LDAP_SUCCESS)) {
+ int rc = 0;
+ int cont = 1;
+ char *email = NULL;
+ char *mask;
+
+ /* First attempt to get the email address from LDAP */
+ if((rc = ldap_get_user_info(stamp, &email) != LDAP_SUCCESS))
+ if(nickserv_conf.email_required)
+ cont = 0;
+
+ /* Now try to register the handle */
+ if (cont && (hi = nickserv_register(user, user, stamp, NULL, 1))) {
+ if(nickserv_conf.default_hostmask)
+ mask = "*@*";
+ else
+ mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
+
+ if(mask) {
+ char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
+ string_list_append(hi->masks, mask_canonicalized);
+ }
+
+ if(email) {
+ nickserv_set_email_addr(hi, email);
+ free(email);
+ }
+ }
+ }
+#endif
+
if (hi) {
if (HANDLE_FLAGGED(hi, SUSPENDED)) {
return;
}
void
-handle_nick_change(struct userNode *user, const char *old_nick)
+handle_nick_change(struct userNode *user, const char *old_nick, UNUSED_ARG(void *extra))
{
struct handle_info *hi;
dict_insert(nickserv_allow_auth_dict, user->nick, hi);
}
timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN);
- check_user_nick(user);
+ check_user_nick(user, NULL);
}
void
-nickserv_remove_user(struct userNode *user, UNUSED_ARG(struct userNode *killer), UNUSED_ARG(const char *why))
+nickserv_remove_user(struct userNode *user, UNUSED_ARG(struct userNode *killer), UNUSED_ARG(const char *why), UNUSED_ARG(void *extra))
{
dict_remove(nickserv_allow_auth_dict, user->nick);
timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN);
}
}
+#define SDFLAG_STALE 0x01 /**< SASL session data is stale, delete on next pass. */
+
+struct SASLSession
+{
+ struct SASLSession *next;
+ struct SASLSession *prev;
+ struct server* source;
+ char *buf, *p;
+ int buflen;
+ char uid[128];
+ char mech[10];
+ char *sslclifp;
+ char *hostmask;
+ int flags;
+};
+
+struct SASLSession *saslsessions = NULL;
+
+void
+sasl_delete_session(struct SASLSession *session)
+{
+ if (!session)
+ return;
+
+ if (session->buf)
+ free(session->buf);
+ session->buf = NULL;
+
+ if (session->sslclifp)
+ free(session->sslclifp);
+ session->sslclifp = NULL;
+
+ if (session->hostmask)
+ free(session->hostmask);
+ session->hostmask = NULL;
+
+ if (session->next)
+ session->next->prev = session->prev;
+ if (session->prev)
+ session->prev->next = session->next;
+ else
+ saslsessions = session->next;
+
+ free(session);
+}
+
+void
+sasl_delete_stale(UNUSED_ARG(void *data))
+{
+ int delcount = 0;
+ int remcount = 0;
+ struct SASLSession *sess = NULL;
+ struct SASLSession *nextsess = NULL;
+
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Checking for stale sessions");
+
+ for (sess = saslsessions; sess; sess = nextsess)
+ {
+ nextsess = sess->next;
+
+ if (sess->flags & SDFLAG_STALE)
+ {
+ delcount++;
+ sasl_delete_session(sess);
+ }
+ else
+ {
+ remcount++;
+ sess->flags |= SDFLAG_STALE;
+ }
+ }
+
+ if (delcount)
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Deleted %d stale sessions, %d remaining", delcount, remcount);
+ if (remcount)
+ timeq_add(now + 30, sasl_delete_stale, NULL);
+}
+
+struct SASLSession*
+sasl_get_session(const char *uid)
+{
+ struct SASLSession *sess;
+
+ for (sess = saslsessions; sess; sess = sess->next)
+ {
+ if (!strncmp(sess->uid, uid, 128))
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Found session for %s", sess->uid);
+ return sess;
+ }
+ }
+
+ sess = malloc(sizeof(struct SASLSession));
+ memset(sess, 0, sizeof(struct SASLSession));
+
+ strncpy(sess->uid, uid, 128);
+
+ if (!saslsessions)
+ timeq_add(now + 30, sasl_delete_stale, NULL);
+
+ if (saslsessions)
+ saslsessions->prev = sess;
+ sess->next = saslsessions;
+ saslsessions = sess;
+
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Created session for %s", sess->uid);
+ return sess;
+}
+
+void
+sasl_packet(struct SASLSession *session)
+{
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Got packet containing: %s", session->buf);
+
+ if (!session->mech[0])
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: No mechanism stored yet, using %s", session->buf);
+ if (strcmp(session->buf, "PLAIN") && (strcmp(session->buf, "EXTERNAL") || !session->sslclifp)) {
+ if (!session->sslclifp)
+ irc_sasl(session->source, session->uid, "M", "PLAIN");
+ else
+ irc_sasl(session->source, session->uid, "M", "PLAIN,EXTERNAL");
+ irc_sasl(session->source, session->uid, "D", "F");
+ sasl_delete_session(session);
+ return;
+ }
+
+ strncpy(session->mech, session->buf, 10);
+ irc_sasl(session->source, session->uid, "C", "+");
+ }
+ else if (!strcmp(session->mech, "EXTERNAL"))
+ {
+ char *raw = NULL;
+ size_t rawlen = 0;
+ char *authzid = NULL;
+ struct handle_info *hi = NULL;
+ static char buffer[256];
+
+ base64_decode_alloc(session->buf, session->buflen, &raw, &rawlen);
+
+ if (rawlen != 0)
+ authzid = raw;
+
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Checking supplied credentials");
+
+ if (!session->sslclifp) {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Incomplete credentials supplied");
+ irc_sasl(session->source, session->uid, "D", "F");
+ } else {
+ if (!(hi = loc_auth(session->sslclifp, authzid, NULL, session->hostmask)))
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Invalid credentials supplied");
+ irc_sasl(session->source, session->uid, "D", "F");
+ }
+ else
+ {
+ snprintf(buffer, sizeof(buffer), "%s "FMT_TIME_T, hi->handle, hi->registered);
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Valid credentials supplied");
+ irc_sasl(session->source, session->uid, "L", buffer);
+ irc_sasl(session->source, session->uid, "D", "S");
+ }
+ }
+
+ sasl_delete_session(session);
+
+ free(raw);
+ return;
+ }
+ else
+ {
+ char *raw = NULL;
+ size_t rawlen = 0;
+ char *authzid = NULL;
+ char *authcid = NULL;
+ char *passwd = NULL;
+ char *r = NULL;
+ unsigned int i = 0, c = 0;
+ struct handle_info *hi = NULL;
+ struct handle_info *hii = NULL;
+ static char buffer[256];
+
+ base64_decode_alloc(session->buf, session->buflen, &raw, &rawlen);
+
+ raw = (char *)realloc(raw, rawlen+1);
+ raw[rawlen] = '\0';
+
+ authzid = raw;
+ r = raw;
+ for (i=0; i<rawlen; i++)
+ {
+ if (!*r++)
+ {
+ if (c++)
+ passwd = r;
+ else
+ authcid = r;
+ }
+ }
+
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Checking supplied credentials");
+
+ if ((c != 2) || !(*authcid))
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Incomplete credentials supplied");
+ irc_sasl(session->source, session->uid, "D", "F");
+ }
+ else
+ {
+ if (!(hi = loc_auth(session->sslclifp, authcid, passwd, session->hostmask)))
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Invalid credentials supplied");
+ irc_sasl(session->source, session->uid, "D", "F");
+ }
+ else
+ {
+ if (*authzid && irccasecmp(authzid, authcid))
+ {
+ if (HANDLE_FLAGGED(hi, IMPERSONATE))
+ {
+ hii = hi;
+ hi = get_handle_info(authzid);
+ }
+ else
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Impersonation unauthorized");
+ hi = NULL;
+ }
+ }
+ if (hi)
+ {
+ if (hii)
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: %s is ipersonating %s", hii->handle, hi->handle);
+ snprintf(buffer, sizeof(buffer), "%s "FMT_TIME_T, hii->handle, hii->registered);
+ irc_sasl(session->source, session->uid, "I", buffer);
+ }
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Valid credentials supplied");
+ snprintf(buffer, sizeof(buffer), "%s "FMT_TIME_T, hi->handle, hi->registered);
+ irc_sasl(session->source, session->uid, "L", buffer);
+ irc_sasl(session->source, session->uid, "D", "S");
+ }
+ else
+ {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Invalid credentials supplied");
+ irc_sasl(session->source, session->uid, "D", "F");
+ }
+ }
+ }
+
+ sasl_delete_session(session);
+
+ free(raw);
+ return;
+ }
+
+ /* clear stale state */
+ session->flags &= ~SDFLAG_STALE;
+}
+
+void
+handle_sasl_input(struct server* source ,const char *uid, const char *subcmd, const char *data, const char *ext, UNUSED_ARG(void *extra))
+{
+ struct SASLSession* sess = sasl_get_session(uid);
+ int len = strlen(data);
+
+ sess->source = source;
+
+ if (!strcmp(subcmd, "D"))
+ {
+ sasl_delete_session(sess);
+ return;
+ }
+
+ if (!strcmp(subcmd, "H")) {
+ log_module(NS_LOG, LOG_DEBUG, "SASL: Storing host mask %s", data);
+ sess->hostmask = strdup(data);
+ return ;
+ }
+
+ if (strcmp(subcmd, "S") && strcmp(subcmd, "C"))
+ return;
+
+ if (len == 0)
+ return;
+
+ if (sess->p == NULL)
+ {
+ sess->buf = (char *)malloc(len + 1);
+ sess->p = sess->buf;
+ sess->buflen = len;
+ }
+ else
+ {
+ if (sess->buflen + len + 1 > 8192) /* This is a little much... */
+ {
+ irc_sasl(source, uid, "D", "F");
+ sasl_delete_session(sess);
+ return;
+ }
+
+ sess->buf = (char *)realloc(sess->buf, sess->buflen + len + 1);
+ sess->p = sess->buf + sess->buflen;
+ sess->buflen += len;
+ }
+
+ memcpy(sess->p, data, len);
+ sess->buf[len] = '\0';
+
+ if (ext != NULL)
+ sess->sslclifp = strdup(ext);
+
+ /* Messages not exactly 400 bytes are the end of a packet. */
+ if(len < 400)
+ {
+ sasl_packet(sess);
+ sess->buflen = 0;
+ if (sess->buf != NULL)
+ free(sess->buf);
+ sess->buf = sess->p = NULL;
+ }
+}
+
static void
-nickserv_db_cleanup(void)
+nickserv_db_cleanup(UNUSED_ARG(void* extra))
{
- unreg_del_user_func(nickserv_remove_user);
+ unreg_del_user_func(nickserv_remove_user, NULL);
+ unreg_sasl_input_func(handle_sasl_input, NULL);
userList_clean(&curr_helpers);
policer_params_delete(nickserv_conf.auth_policer_params);
dict_delete(nickserv_handle_dict);
dict_delete(nickserv_id_dict);
dict_delete(nickserv_conf.weak_password_dict);
free(auth_func_list);
+ free(auth_func_list_extra);
free(unreg_func_list);
+ free(unreg_func_list_extra);
free(rf_list);
+ free(rf_list_extra);
free(allowauth_func_list);
+ free(allowauth_func_list_extra);
free(handle_merge_func_list);
+ free(handle_merge_func_list_extra);
free(failpw_func_list);
+ free(failpw_func_list_extra);
if (nickserv_conf.valid_handle_regex_set)
regfree(&nickserv_conf.valid_handle_regex);
if (nickserv_conf.valid_nick_regex_set)
regfree(&nickserv_conf.valid_nick_regex);
}
+void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle), UNUSED_ARG(void *extra)) {
+ char *privv[MAXNUMPARAMS];
+ int privc, i;
+
+ if (!*nickserv_conf.auto_oper || !user->handle_info)
+ return;
+
+ if (!IsOper(user)) {
+ if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) {
+ if (nickserv_conf.auto_admin_privs[0]) {
+ irc_raw_privs(user, nickserv_conf.auto_admin_privs);
+ privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv);
+ for (i = 0; i < privc; i++) {
+ client_modify_priv_by_name(user, privv[i], 1);
+ }
+ }
+ irc_umode(user, nickserv_conf.auto_admin);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator",
+ user->nick, user->ident, user->hostname);
+ send_message(user, nickserv, "NSMSG_AUTO_OPER_ADMIN");
+ } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) {
+ if (nickserv_conf.auto_oper_privs[0]) {
+ irc_raw_privs(user, nickserv_conf.auto_oper_privs);
+ privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv);
+ for (i = 0; i < privc; i++) {
+ client_modify_priv_by_name(user, privv[i], 1);
+ }
+ }
+ irc_umode(user, nickserv_conf.auto_oper);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Operator",
+ user->nick, user->ident, user->hostname);
+ send_message(user, nickserv, "NSMSG_AUTO_OPER");
+ }
+ }
+}
+
void
init_nickserv(const char *nick)
{
struct chanNode *chan;
unsigned int i;
NS_LOG = log_register_type("NickServ", "file:nickserv.log");
- reg_new_user_func(handle_new_user);
- reg_nick_change_func(handle_nick_change);
- reg_del_user_func(nickserv_remove_user);
+ reg_new_user_func(new_user_event, NULL);
+ reg_nick_change_func(handle_nick_change, NULL);
+ reg_del_user_func(nickserv_remove_user, NULL);
reg_account_func(handle_account);
+ reg_auth_func(handle_loc_auth_oper, NULL);
+ reg_sasl_input_func(handle_sasl_input, NULL);
/* set up handle_inverse_flags */
memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags));
for (i=0; handle_flags[i]; i++) {
handle_inverse_flags[(unsigned char)handle_flags[i]] = i + 1;
flag_access_levels[i] = 0;
+ /* ensure flag I requires a minimum of 999 if not set in the config */
+ if ((unsigned char)handle_flags[i] == 'I')
+ flag_access_levels[i] = 999;
}
conf_register_reload(nickserv_conf_read);
nickserv_define_func("OADDMASK", cmd_oaddmask, 0, 1, 0);
nickserv_define_func("DELMASK", cmd_delmask, -1, 1, 0);
nickserv_define_func("ODELMASK", cmd_odelmask, 0, 1, 0);
+ nickserv_define_func("ADDCERTFP", cmd_addsslfp, -1, 1, 0);
+ nickserv_define_func("OADDCERTFP", cmd_oaddsslfp, 0, 1, 0);
+ nickserv_define_func("DELCERTFP", cmd_delsslfp, -1, 1, 0);
+ nickserv_define_func("ODELCERTFP", cmd_odelsslfp, 0, 1, 0);
nickserv_define_func("PASS", cmd_pass, -1, 1, 0);
nickserv_define_func("SET", cmd_set, -1, 1, 0);
nickserv_define_func("OSET", cmd_oset, 0, 1, 0);
nickserv_define_func("RENAME", cmd_rename_handle, -1, 1, 0);
nickserv_define_func("VACATION", cmd_vacation, -1, 1, 0);
nickserv_define_func("MERGE", cmd_merge, 750, 1, 0);
- nickserv_define_func("ADDNOTE", cmd_addnote, 0, 1, 0);
- nickserv_define_func("DELNOTE", cmd_delnote, 0, 1, 0);
- nickserv_define_func("NOTES", cmd_notes, 0, 1, 0);
if (!nickserv_conf.disable_nicks) {
/* nick management commands */
nickserv_define_func("REGNICK", cmd_regnick, -1, 1, 0);
nickserv_define_func("SEARCH UNREGISTER", NULL, 800, 1, 0);
nickserv_define_func("MERGEDB", cmd_mergedb, 999, 1, 0);
nickserv_define_func("CHECKPASS", cmd_checkpass, 601, 1, 0);
+ nickserv_define_func("CHECKEMAIL", cmd_checkemail, 0, 1, 0);
/* other options */
dict_insert(nickserv_opt_dict, "INFO", opt_info);
dict_insert(nickserv_opt_dict, "WIDTH", opt_width);
dict_insert(nickserv_opt_dict, "ACCESS", opt_level);
dict_insert(nickserv_opt_dict, "LEVEL", opt_level);
dict_insert(nickserv_opt_dict, "EPITHET", opt_epithet);
+ dict_insert(nickserv_opt_dict, "NOTE", opt_note);
if (nickserv_conf.titlehost_suffix) {
dict_insert(nickserv_opt_dict, "TITLE", opt_title);
dict_insert(nickserv_opt_dict, "FAKEHOST", opt_fakehost);
}
+ dict_insert(nickserv_opt_dict, "ANNOUNCEMENTS", opt_announcements);
dict_insert(nickserv_opt_dict, "MAXLOGINS", opt_maxlogins);
dict_insert(nickserv_opt_dict, "ADVANCED", opt_advanced);
dict_insert(nickserv_opt_dict, "LANGUAGE", opt_language);
dict_insert(nickserv_opt_dict, "KARMA", opt_karma);
- nickserv_define_func("OSET KARMA", NULL, 0, 1, 0);
nickserv_handle_dict = dict_new();
dict_set_free_keys(nickserv_handle_dict, free);
nickserv_service = service_register(nickserv);
}
saxdb_register("NickServ", nickserv_saxdb_read, nickserv_saxdb_write);
- reg_exit_func(nickserv_db_cleanup);
+ reg_exit_func(nickserv_db_cleanup, NULL);
if(nickserv_conf.handle_expire_frequency)
timeq_add(now + nickserv_conf.handle_expire_frequency, expire_handles, NULL);
+ if(nickserv_conf.nick_expire_frequency && nickserv_conf.expire_nicks)
+ timeq_add(now + nickserv_conf.nick_expire_frequency, expire_nicks, NULL);
if(autojoin_channels && nickserv) {
for (i = 0; i < autojoin_channels->used; i++) {
AddChannelUser(nickserv, chan)->modes |= MODE_CHANOP;
}
}
+
#ifdef WITH_LDAP
ldap_do_init(nickserv_conf);
#endif