*
* x3 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
#include <tre/regex.h>
#ifdef WITH_LDAP
-#include <ldap.h> /* just needed for default LDAP_PORT */
+#include <ldap.h>
#endif
#define NICKSERV_CONF_NAME "services/nickserv"
#define KEY_NOTE_NOTE "note"
#define KEY_NOTE_SETTER "setter"
#define KEY_NOTE_DATE "date"
+#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase"
#define KEY_LDAP_ENABLE "ldap_enable"
#ifdef WITH_LDAP
-#define KEY_LDAP_HOST "ldap_host"
-#define KEY_LDAP_PORT "ldap_port"
+#define KEY_LDAP_URI "ldap_uri"
#define KEY_LDAP_BASE "ldap_base"
#define KEY_LDAP_DN_FMT "ldap_dn_fmt"
#define KEY_LDAP_VERSION "ldap_version"
#define KEY_LDAP_FIELD_PASSWORD "ldap_field_password"
#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
+#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
+#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
+#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
#define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
static char handle_inverse_flags[256];
static unsigned int flag_access_levels[32];
static const struct message_entry msgtab[] = {
+ { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." },
{ "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." },
- { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."},
+ { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."},
{ "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." },
{ "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." },
{ "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." },
{ "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." },
{ "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." },
- { "NSMSG_LDAP_FAIL_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." },
+ { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." },
{ "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." },
{ "NSMSG_OREGISTER_VICTIM", "%s has registered a new account for you (named %s)." },
{ "NSMSG_OREGISTER_H_SUCCESS", "Account has been registered." },
{ "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." },
{ "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." },
{ "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." },
- { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." },
+ { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." },
{ "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." },
{ "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." },
{ "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." },
struct handle_info *hi;
hi = calloc(1, sizeof(*hi));
- hi->userlist_style = HI_DEFAULT_STYLE;
+ hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE;
hi->announcements = '?';
hi->handle = strdup(handle);
safestrncpy(hi->passwd, passwd, sizeof(hi->passwd));
struct userNode *uNode;
#ifdef WITH_LDAP
- int rc;
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
- if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) {
- send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
- return false;
+ int rc;
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) {
+ if(notify) {
+ send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ }
+ if(rc != LDAP_NO_SUCH_OBJECT)
+ return false; /* if theres noone there to delete, its kinda ok, right ?:) */
+ }
}
}
#endif
static int
is_registerable_nick(const char *nick)
{
- /* make sure it could be used as an account name */
- if (!is_valid_handle(nick))
+ struct userNode *user;
+ /* cant register a juped nick/service nick as nick, to prevent confusion */
+ user = GetUserH(nick);
+ if (user && IsLocal(user))
+ return 0;
+ /* for consistency, only allow nicks names that could be nicks */
+ if (!is_valid_nick(nick))
+ return 0;
+ /* disallow nicks that look like bad words */
+ if (opserv_bad_channel(nick))
return 0;
/* check length */
if (strlen(nick) > NICKLEN)
char crypted[MD5_CRYPT_LENGTH];
if ((hi = dict_find(nickserv_handle_dict, handle, NULL))) {
- send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle);
+ if(user)
+ send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle);
return 0;
}
- if(strlen(handle) > 15)
+ if(strlen(handle) > 30)
{
- send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15);
+ if(user)
+ send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30);
return 0;
}
if (!is_secure_password(handle, passwd, user))
return 0;
+ cryptpass(passwd, crypted);
#ifdef WITH_LDAP
- int rc;
- rc = ldap_do_add(handle, passwd, NULL);
- if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) {
- send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
- return 0;
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ rc = ldap_do_add(handle, crypted, NULL);
+ if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) {
+ if(user)
+ send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
}
#endif
- cryptpass(passwd, crypted);
hi = register_handle(handle, crypted, 0);
hi->masks = alloc_string_list(1);
hi->ignores = alloc_string_list(1);
if (settee && !no_auth)
set_user_handle_info(settee, hi, 1);
- if (user != settee)
+ if (user != settee) {
+ if(user)
send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS");
- else if (nickserv_conf.disable_nicks)
+ }
+ else if (nickserv_conf.disable_nicks) {
+ if(user) {
send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS");
- else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL)))
+ }
+ }
+ else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) {
+ if(user) {
send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER");
+ }
+ }
else {
- register_nick(user->nick, hi);
- send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ if(user) {
+ register_nick(user->nick, hi);
+ send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ }
}
- if (settee && (user != settee))
+ if (settee && (user != settee)) {
+ if(user) {
send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle);
+ }
+ }
return hi;
}
NICKSERV_MIN_PARMS((unsigned)3 + nickserv_conf.email_required);
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(argv[1]);
if (!is_valid_handle(argv[1])) {
reply("NSMSG_BAD_HANDLE", argv[1]);
return 0;
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) {
/* Falied to update email in ldap, but still
* updated it here.. what should we do? */
reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
account = argv[1];
pass = argv[2];
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(account);
if (nickserv_conf.email_required) {
NICKSERV_MIN_PARMS(4);
email = argv[3];
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) {
/* Falied to update email in ldap, but still
* updated it here.. what should we do? */
reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
unsigned int nn;
NICKSERV_MIN_PARMS(3);
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(argv[2]);
if (!(hi = get_victim_oper(cmd, user, argv[1])))
return 0;
if (!is_valid_handle(argv[2])) {
reply("NSMSG_HANDLE_EXISTS", argv[2]);
return 0;
}
- if(strlen(argv[2]) > 15)
+ if(strlen(argv[2]) > 30)
{
- reply("NMSG_HANDLE_TOLONG", argv[2], 15);
+ reply("NMSG_HANDLE_TOLONG", argv[2], 30);
return 0;
}
#ifdef WITH_LDAP
- int rc;
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
if( (rc = ldap_rename_account(hi->handle, argv[2])) != LDAP_SUCCESS) {
reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
struct handle_info *hi;
struct userNode *other;
#ifdef WITH_LDAP
- int ldap_result;
+ int ldap_result = LDAP_SUCCESS;
+ char *email = NULL;
#endif
hi = dict_find(nickserv_handle_dict, handle, NULL);
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable) {
ldap_result = ldap_check_auth(handle, password);
- if(ldap_result == LDAP_SUCCESS) {
- /* pull the users info from ldap:
- * * email
- * * name if available
- * *
- */
- }
- else if(ldap_result != LDAP_INVALID_CREDENTIALS) {
+ if(ldap_result != LDAP_SUCCESS) {
return NULL;
}
}
- else
#else
+ if (!hi) {
+ return NULL;
+ }
+
if (!checkpass(password, hi->passwd)) {
return NULL;
}
#endif
#ifdef WITH_LDAP
- if(!hi && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* ldap libs are present but we are not using them... */
+ if( !nickserv_conf.ldap_enable ) {
+ if (!hi) {
+ return NULL;
+ }
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+ }
+ else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
/* user not found, but authed to ldap successfully..
* create the account.
*/
char *mask;
+ int rc;
/* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
if(nickserv_conf.default_hostmask)
mask = "*@*";
else
return 0; /* couldn't add the user for some reason */
}
+ if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ return 0;
+ }
+ }
+ if(email) {
+ nickserv_set_email_addr(hi, email);
+ free(email);
+ }
if(mask) {
char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
string_list_append(hi->masks, mask_canonicalized);
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident;
+ char *realhost;
+ char *ip;
+ char *uh;
+ char *ui;
+
+ buf = strdup(userhost);
+ ident = mysep(&buf, "@");
+ realhost = mysep(&buf, ":");
+ ip = mysep(&buf, ":");
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
return NULL;
}
}
+ /* TODO - Add LOGGING to this function so LOC's are logged.. */
return hi;
}
}
if (argc == 3) {
#ifdef WITH_LDAP
+ if(strchr(argv[1], '<') || strchr(argv[1], '>')) {
+ reply("NSMSG_NO_ANGLEBRACKETS");
+ return 0;
+ }
+ if (!is_valid_handle(argv[1])) {
+ reply("NSMSG_BAD_HANDLE", argv[1]);
+ return 0;
+ }
+
if(nickserv_conf.ldap_enable) {
ldap_result = ldap_check_auth(argv[1], argv[2]);
/* Get the users email address and update it */
int rc;
if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS))
{
- reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
- return 0;
+ if(nickserv_conf.email_required) {
+ reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc));
+ return 0;
+ }
}
}
else if(ldap_result != LDAP_INVALID_CREDENTIALS) {
#endif
hi = dict_find(nickserv_handle_dict, argv[1], NULL);
pw_arg = 2;
- } else if (argc == 2) {
+ } else if (argc == 2 && !nickserv_conf.ldap_enable) {
if (nickserv_conf.disable_nicks) {
if (!(hi = get_handle_info(user->nick))) {
reply("NSMSG_HANDLE_NOT_FOUND");
}
#ifdef WITH_LDAP
if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
- ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) {
+ ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) {
#else
if (!checkpass(passwd, hi->passwd)) {
#endif
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
/* Falied to update email in ldap, but still
* updated it here.. what should we do? */
- reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
+ reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc));
} else {
nickserv_set_email_addr(hi, hi->cookie->data);
}
switch (hi->cookie->type) {
case ACTIVATION:
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
set_user_handle_info(user, hi, 1);
reply("NSMSG_HANDLE_ACTIVATED");
SyncLog("ACCOUNTACC %s", hi->handle);
break;
case PASSWORD_CHANGE:
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
set_user_handle_info(user, hi, 1);
safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
reply("NSMSG_PASSWORD_CHANGED");
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
/* Falied to update email in ldap, but still
* updated it here.. what should we do? */
- reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
+ reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc));
return 0;
}
}
{
struct handle_info *hi;
char *old_pass, *new_pass;
+ char crypted[MD5_CRYPT_LENGTH+1];
#ifdef WITH_LDAP
int ldap_result;
#endif
reply("NSMSG_PASSWORD_INVALID");
return 0;
}
+ cryptpass(new_pass, crypted);
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, new_pass, NULL)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) {
reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
}
#endif
- cryptpass(new_pass, hi->passwd);
+ //cryptpass(new_pass, hi->passwd);
+ strcpy(hi->passwd, crypted);
if (nickserv_conf.sync_log)
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
argv[1] = "****";
static OPTION_FUNC(opt_password)
{
+ char crypted[MD5_CRYPT_LENGTH+1];
+ if(argc < 2) {
+ return 0;
+ }
if (!override) {
reply("NSMSG_USE_CMD_PASS");
return 0;
}
+ cryptpass(argv[1], crypted);
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, argv[1], NULL)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) {
reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
}
#endif
- if (argc > 1)
- cryptpass(argv[1], hi->passwd);
-
+ strcpy(hi->passwd, crypted);
if (nickserv_conf.sync_log)
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
int rc;
- if((rc == ldap_do_modify(hi->handle, argv[1], NULL)) != LDAP_SUCCESS) {
+ if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) {
reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
return 1;
}
+/* Called from opserv from cmd_access */
int
oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_info *target, unsigned int new_level) {
if (!oper_has_access(user, bot, nickserv_conf.modoper_level, 0))
send_message(user, bot, "MSG_STUPID_ACCESS_CHANGE");
return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if(new_level > nickserv_conf.ldap_oper_group_level)
+ rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
+ else
+ rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
+ if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) {
+ send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
if (target->opserv_level == new_level)
return 0;
log_module(NS_LOG, LOG_INFO, "Account %s setting oper level for account %s to %d (from %d).",
const char *hostmask;
const char *handlemask;
const char *emailmask;
+#ifdef WITH_LDAP
+ unsigned int inldap;
+#endif
};
typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi);
discrim->min_registered = 0;
discrim->max_registered = INT_MAX;
discrim->lastseen = now;
+#ifdef WITH_LDAP
+ discrim->inldap = 2;
+#endif
for (i=0; i<argc; i++) {
if (i == argc - 1) {
discrim->hostmask_type = SUPERSET;
}
discrim->hostmask = argv[++i];
- } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) {
+ } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) {
if (!irccasecmp(argv[++i], "*")) {
discrim->handlemask = 0;
} else {
} else {
reply("MSG_INVALID_CRITERIA", cmp);
}
- } else {
+#ifdef WITH_LDAP
+ } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
+ i++;
+ if(true_string(argv[i])) {
+ discrim->inldap = 1;
+ }
+ else if (false_string(argv[i])) {
+ discrim->inldap = 0;
+ }
+ else {
+ reply("MSG_INVALID_BINARY", argv[i]);
+ }
+#endif
+ } else {
reply("MSG_INVALID_CRITERIA", argv[i]);
goto fail;
}
}
if (!nick) return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && discrim->inldap != 2) {
+ int rc;
+ rc = ldap_get_user_info(hi->handle, NULL);
+ if(discrim->inldap == 1 && rc != LDAP_SUCCESS)
+ return 0;
+ if(discrim->inldap == 0 && rc == LDAP_SUCCESS)
+ return 0;
+ }
+
+#endif
return 1;
}
nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded
}
+static void
+search_add2ldap_func (struct userNode *source, struct handle_info *match)
+{
+#ifdef WITH_LDAP
+ int rc;
+ if(match->email_addr && match->passwd && match->handle) {
+ rc = ldap_do_add(match->handle, match->passwd, match->email_addr);
+ if(rc != LDAP_SUCCESS) {
+ send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc));
+ }
+ }
+#endif
+}
+
static int
nickserv_sort_accounts_by_access(const void *a, const void *b)
{
action = search_count_func;
else if (!irccasecmp(argv[1], "unregister"))
action = search_unregister_func;
+#ifdef WITH_LDAP
+ else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap"))
+ action = search_add2ldap_func;
+#endif
else {
reply("NSMSG_INVALID_ACTION", argv[1]);
return 0;
}
static void
-nickserv_db_read_handle(const char *handle, dict_t obj)
+nickserv_db_read_handle(char *handle, dict_t obj)
{
const char *str;
struct string_list *masks, *slist, *ignores;
authed_users = NULL;
channels = NULL;
}
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(handle);
hi = register_handle(handle, str, id);
if (authed_users) {
hi->users = authed_users;
nickserv_saxdb_read(dict_t db) {
dict_iterator_t it;
struct record_data *rd;
+ char *handle;
for (it=dict_first(db); it; it=iter_next(it)) {
rd = iter_data(it);
- nickserv_db_read_handle(iter_key(it), rd->d.object);
+ handle = strdup(iter_key(it));
+ nickserv_db_read_handle(handle, rd->d.object);
+ free(handle);
}
return 0;
}
str = database_get_data(conf_node, KEY_LDAP_ENABLE, RECDB_QSTRING);
nickserv_conf.ldap_enable = str ? strtoul(str, NULL, 0) : 0;
+
+ str = database_get_data(conf_node, KEY_FORCE_HANDLES_LOWERCASE, RECDB_QSTRING);
+ nickserv_conf.force_handles_lowercase = str ? strtol(str, NULL, 0) : 0;
+
#ifndef WITH_LDAP
if(nickserv_conf.ldap_enable > 0) {
/* ldap is enabled but not compiled in - error out */
#endif
#ifdef WITH_LDAP
- str = database_get_data(conf_node, KEY_LDAP_HOST, RECDB_QSTRING);
- nickserv_conf.ldap_host = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING);
+ nickserv_conf.ldap_uri = str ? str : "";
- str = database_get_data(conf_node, KEY_LDAP_PORT, RECDB_QSTRING);
- nickserv_conf.ldap_port = str ? strtoul(str, NULL, 0) : LDAP_PORT;
-
str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING);
nickserv_conf.ldap_base = str ? str : "";
str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING);
nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0;
+ str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING);
+ nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5;
+
str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING);
nickserv_conf.ldap_admin_dn = str ? str : "";
str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING);
nickserv_conf.ldap_field_email = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_dn = str ? str : "";
+
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
+ str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
+ nickserv_conf.ldap_field_group_member = str ? str : "";
+
free_string_list(nickserv_conf.ldap_object_classes);
strlist = database_get_data(conf_node, KEY_LDAP_OBJECT_CLASSES, RECDB_STRING_LIST);
if(strlist)