#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
#ifdef WITH_LDAP
int ldap_result = LDAP_SUCCESS;
char *email = NULL;
-
#endif
hi = dict_find(nickserv_handle_dict, handle, NULL);
return NULL;
}
}
-// else
#else
if (!hi) {
return NULL;
}
#endif
#ifdef WITH_LDAP
- if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* ldap libs are present but we are not using them... */
+ if( !nickserv_conf.ldap_enable ) {
+ if (!hi) {
+ return NULL;
+ }
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+ }
+ else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
/* user not found, but authed to ldap successfully..
* create the account.
*/
int rc;
/* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
if(nickserv_conf.default_hostmask)
mask = "*@*";
else
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident;
+ char *realhost;
+ char *ip;
+ char *uh;
+ char *ui;
+
+ buf = strdup(userhost);
+ ident = mysep(&buf, "@");
+ realhost = mysep(&buf, ":");
+ ip = mysep(&buf, ":");
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
#endif
hi = dict_find(nickserv_handle_dict, argv[1], NULL);
pw_arg = 2;
-#ifndef WITH_LDAP
} else if (argc == 2 && !nickserv_conf.ldap_enable) {
if (nickserv_conf.disable_nicks) {
if (!(hi = get_handle_info(user->nick))) {
hi = ni->owner;
}
pw_arg = 1;
-#endif
} else {
reply("MSG_MISSING_PARAMS", argv[0]);
svccmd_send_help_brief(user, nickserv, cmd);
static OPTION_FUNC(opt_password)
{
char crypted[MD5_CRYPT_LENGTH+1];
- if(argc < 1) {
+ if(argc < 2) {
return 0;
}
if (!override) {
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) {
int rc;
- if(new_level > 0)
+ if(new_level > nickserv_conf.ldap_oper_group_level)
rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
else
rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
nickserv_conf.ldap_oper_group_dn = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
nickserv_conf.ldap_field_group_member = str ? str : "";