* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password, char *userhost)
+struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost)
{
- int pw_arg, used, maxlogins;
+ int wildmask = 0, auth = 0;
+ int used, maxlogins;
unsigned int ii;
- int wildmask = 0;
struct handle_info *hi;
struct userNode *other;
#ifdef WITH_LDAP
int ldap_result = LDAP_SUCCESS;
char *email = NULL;
#endif
-
+
hi = dict_find(nickserv_handle_dict, handle, NULL);
- pw_arg = 2;
-
+
#ifdef WITH_LDAP
- if(nickserv_conf.ldap_enable) {
+ if (nickserv_conf.ldap_enable) {
ldap_result = ldap_check_auth(handle, password);
- if(ldap_result != LDAP_SUCCESS) {
- return NULL;
+ if (!hi && (ldap_result != LDAP_SUCCESS))
+ return NULL;
+ if (ldap_result == LDAP_SUCCESS) {
+ /* Mark auth as successful */
+ auth++;
+ }
+
+ if (!hi && (ldap_result == LDAP_SUCCESS) && nickserv_conf.ldap_autocreate) {
+ /* user not found, but authed to ldap successfully..
+ * create the account.
+ */
+ char *mask;
+ int rc;
+
+ /* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
+ if(nickserv_conf.default_hostmask)
+ mask = "*@*";
+ else
+ return NULL; /* They dont have a *@* mask so they can't loc */
+
+ if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) {
+ return 0; /* couldn't add the user for some reason */
+ }
+
+ if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ return 0;
+ }
+ }
+ if(email) {
+ nickserv_set_email_addr(hi, email);
+ free(email);
+ }
+ if(mask) {
+ char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
+ string_list_append(hi->masks, mask_canonicalized);
+ }
+ if(nickserv_conf.sync_log)
+ SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle);
}
}
-#else
- if (!hi) {
- return NULL;
- }
+#endif
- if (!checkpass(password, hi->passwd)) {
+ /* hi should now be a valid handle, if not return NULL */
+ if (!hi)
return NULL;
- }
-#endif
+
#ifdef WITH_LDAP
- /* ldap libs are present but we are not using them... */
- if( !nickserv_conf.ldap_enable ) {
- if (!hi) {
- return NULL;
- }
- if (!checkpass(password, hi->passwd)) {
- return NULL;
- }
+ if (password && *password && !nickserv_conf.ldap_enable) {
+#else
+ if (password && *password) {
+#endif
+ if (checkpass(password, hi->passwd))
+ auth++;
}
- else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
- /* user not found, but authed to ldap successfully..
- * create the account.
- */
- char *mask;
- int rc;
-
- /* Add a *@* mask */
- /* TODO if userhost is not null, build mask based on that. */
- if(nickserv_conf.default_hostmask)
- mask = "*@*";
- else
- return NULL; /* They dont have a *@* mask so they can't loc */
-
- if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) {
- return 0; /* couldn't add the user for some reason */
- }
-
- if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
- {
- if(nickserv_conf.email_required) {
- return 0;
+
+ if (!auth && sslfp && *sslfp && hi->sslfps->used) {
+ /* If any SSL fingerprint matches, allow it. */
+ for (ii=0; ii<hi->sslfps->used; ii++) {
+ if (!irccasecmp(sslfp, hi->sslfps->list[ii])) {
+ auth++;
+ break;
}
- }
- if(email) {
- nickserv_set_email_addr(hi, email);
- free(email);
- }
- if(mask) {
- char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
- string_list_append(hi->masks, mask_canonicalized);
- }
- if(nickserv_conf.sync_log)
- SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle);
+ }
}
-#endif
-
- /* Still no account, so just fail out */
- if (!hi) {
+
+ /* Auth should have succeeded by this point */
+ if (!auth)
return NULL;
- }
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
ui = malloc(strlen(userhost));
sprintf(uh, "%s@%s", ident, realhost);
sprintf(ui, "%s@%s", ident, ip);
- for (ii=0; ii<hi->masks->used; ii++)
+ for (ii=0; ii<hi->masks->used; ii++)
{
if(match_ircglob(uh, hi->masks->list[ii])
|| match_ircglob(ui, hi->masks->list[ii]))
static NICKSERV_FUNC(cmd_auth)
{
- char *privv[MAXNUMPARAMS];
- int privc, i;
int pw_arg, used, maxlogins;
struct handle_info *hi;
const char *passwd;
if(HANDLE_FLAGGED(hi, AUTOHIDE))
irc_umode(user, "+x");
- if(!IsOper(user)) /* If they arnt already opered.. */
- {
- /* Auto Oper users with Opserv access -Life4Christ 8-10-2005 */
- if( nickserv_conf.auto_admin[0] && hi->opserv_level >= opserv_conf_admin_level())
- {
- if (nickserv_conf.auto_admin_privs[0]) {
- irc_raw_privs(user, nickserv_conf.auto_admin_privs);
- privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv);
- for (i = 0; i < privc; i++) {
- client_modify_priv_by_name(user, privv[i], 1);
- }
- }
- irc_umode(user,nickserv_conf.auto_admin);
- reply("NSMSG_AUTO_OPER_ADMIN");
- }
- else if (nickserv_conf.auto_oper[0] && hi->opserv_level > 0)
- {
- if (nickserv_conf.auto_oper_privs[0]) {
- irc_raw_privs(user, nickserv_conf.auto_oper_privs);
- privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv);
- for (i = 0; i < privc; i++) {
- client_modify_priv_by_name(user, privv[i], 1);
- }
- }
- irc_umode(user,nickserv_conf.auto_oper);
- reply("NSMSG_AUTO_OPER");
- }
- }
-
- /* Wipe out the pass for the logs */
-
if (!hi->masks->used) {
irc_in_addr_t ip;
string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
}
+ /* Wipe out the pass for the logs */
argv[pw_arg] = "****";
return 1;
}
string_list_append(hi_to->masks, strdup(mask));
}
+ /* Merge the SSL fingerprints. */
+ for (ii=0; ii<hi_from->sslfps->used; ii++) {
+ char *sslfp = hi_from->sslfps->list[ii];
+ for (jj=0; jj<hi_to->sslfps->used; jj++)
+ if (!irccasecmp(hi_to->sslfps->list[jj], sslfp))
+ break;
+ if (jj==hi_to->sslfps->used) /* Nothing from the "to" handle covered this sslfp, so add it. */
+ string_list_append(hi_to->sslfps, strdup(sslfp));
+ }
+
/* Merge the ignores. */
for (ii=0; ii<hi_from->ignores->used; ii++) {
char *ignore = hi_from->ignores->list[ii];
}
void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle), UNUSED_ARG(void *extra)) {
+ char *privv[MAXNUMPARAMS];
+ int privc, i;
+
if (!*nickserv_conf.auto_oper || !user->handle_info)
return;
if (!IsOper(user)) {
if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) {
+ if (nickserv_conf.auto_admin_privs[0]) {
+ irc_raw_privs(user, nickserv_conf.auto_admin_privs);
+ privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv);
+ for (i = 0; i < privc; i++) {
+ client_modify_priv_by_name(user, privv[i], 1);
+ }
+ }
irc_umode(user, nickserv_conf.auto_admin);
irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator",
user->nick, user->ident, user->hostname);
+ send_message(user, nickserv, "NSMSG_AUTO_OPER_ADMIN");
} else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) {
+ if (nickserv_conf.auto_oper_privs[0]) {
+ irc_raw_privs(user, nickserv_conf.auto_oper_privs);
+ privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv);
+ for (i = 0; i < privc; i++) {
+ client_modify_priv_by_name(user, privv[i], 1);
+ }
+ }
irc_umode(user, nickserv_conf.auto_oper);
irc_sno(0x1, "%s (%s@%s) is now an IRC Operator",
user->nick, user->ident, user->hostname);
+ send_message(user, nickserv, "NSMSG_AUTO_OPER");
}
}
}