*
* x3 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
+#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
#define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
{ "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." },
{ "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." },
{ "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." },
{ "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." },
{ "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." },
{ "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." },
return 0;
}
- if(strlen(handle) > 15)
+ if(strlen(handle) > 30)
{
if(user)
- send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15);
+ send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30);
return 0;
}
if (settee && !no_auth)
set_user_handle_info(settee, hi, 1);
- if (user && user != settee)
+ if (user != settee) {
+ if(user)
send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS");
- else if (user && nickserv_conf.disable_nicks)
+ }
+ else if (nickserv_conf.disable_nicks) {
+ if(user) {
send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS");
- else if (user && (ni = dict_find(nickserv_nick_dict, user->nick, NULL)))
+ }
+ }
+ else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) {
+ if(user) {
send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER");
+ }
+ }
else {
- register_nick(user->nick, hi);
- if(user)
- send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ if(user) {
+ if (is_registerable_nick(user->nick)) {
+ register_nick(user->nick, hi);
+ send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ }
+ }
}
- if (user && settee && (user != settee))
+ if (settee && (user != settee)) {
+ if(user) {
send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle);
+ }
+ }
return hi;
}
else
fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle);
+ first_time = 0;
break;
case EMAIL_CHANGE:
misc = hi->email_addr;
sendmail(nickserv, hi, subject, body, 1);
fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr);
+ first_time = 1;
} else {
#endif
send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1");
reply("NSMSG_HANDLE_EXISTS", argv[2]);
return 0;
}
- if(strlen(argv[2]) > 15)
+ if(strlen(argv[2]) > 30)
{
- reply("NMSG_HANDLE_TOLONG", argv[2], 15);
+ reply("NMSG_HANDLE_TOLONG", argv[2], 30);
return 0;
}
#ifdef WITH_LDAP
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
#ifdef WITH_LDAP
int ldap_result = LDAP_SUCCESS;
char *email = NULL;
-
#endif
hi = dict_find(nickserv_handle_dict, handle, NULL);
return NULL;
}
}
-// else
#else
+ if (!hi) {
+ return NULL;
+ }
+
if (!checkpass(password, hi->passwd)) {
return NULL;
}
#endif
#ifdef WITH_LDAP
- if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* ldap libs are present but we are not using them... */
+ if( !nickserv_conf.ldap_enable ) {
+ if (!hi) {
+ return NULL;
+ }
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+ }
+ else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
/* user not found, but authed to ldap successfully..
* create the account.
*/
int rc;
/* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
if(nickserv_conf.default_hostmask)
mask = "*@*";
else
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident;
+ char *realhost;
+ char *ip;
+ char *uh;
+ char *ui;
+
+ buf = strdup(userhost);
+ ident = mysep(&buf, "@");
+ realhost = mysep(&buf, ":");
+ ip = mysep(&buf, ":");
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
#endif
hi = dict_find(nickserv_handle_dict, argv[1], NULL);
pw_arg = 2;
- } else if (argc == 2) {
+ } else if (argc == 2 && !nickserv_conf.ldap_enable) {
if (nickserv_conf.disable_nicks) {
if (!(hi = get_handle_info(user->nick))) {
reply("NSMSG_HANDLE_NOT_FOUND");
}
#ifdef WITH_LDAP
if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
- ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) {
+ ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) {
#else
if (!checkpass(passwd, hi->passwd)) {
#endif
static OPTION_FUNC(opt_password)
{
char crypted[MD5_CRYPT_LENGTH+1];
- if(argc < 1) {
+ if(argc < 2) {
return 0;
}
if (!override) {
return 0;
}
#ifdef WITH_LDAP
- if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) {
+ if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) {
int rc;
- if(new_level > 0)
+ if(new_level > nickserv_conf.ldap_oper_group_level)
rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
else
rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
- if(rc != LDAP_SUCCESS) {
+ if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) {
send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
const char *hostmask;
const char *handlemask;
const char *emailmask;
+#ifdef WITH_LDAP
+ unsigned int inldap;
+#endif
};
typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi);
discrim->min_registered = 0;
discrim->max_registered = INT_MAX;
discrim->lastseen = now;
+#ifdef WITH_LDAP
+ discrim->inldap = 2;
+#endif
for (i=0; i<argc; i++) {
if (i == argc - 1) {
discrim->hostmask_type = SUPERSET;
}
discrim->hostmask = argv[++i];
- } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) {
+ } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) {
if (!irccasecmp(argv[++i], "*")) {
discrim->handlemask = 0;
} else {
} else {
reply("MSG_INVALID_CRITERIA", cmp);
}
- } else {
+#ifdef WITH_LDAP
+ } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
+ i++;
+ if(true_string(argv[i])) {
+ discrim->inldap = 1;
+ }
+ else if (false_string(argv[i])) {
+ discrim->inldap = 0;
+ }
+ else {
+ reply("MSG_INVALID_BINARY", argv[i]);
+ }
+#endif
+ } else {
reply("MSG_INVALID_CRITERIA", argv[i]);
goto fail;
}
}
if (!nick) return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && discrim->inldap != 2) {
+ int rc;
+ rc = ldap_get_user_info(hi->handle, NULL);
+ if(discrim->inldap == 1 && rc != LDAP_SUCCESS)
+ return 0;
+ if(discrim->inldap == 0 && rc == LDAP_SUCCESS)
+ return 0;
+ }
+
+#endif
return 1;
}
nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded
}
+#ifdef WITH_LDAP
+static void
+search_add2ldap_func (struct userNode *source, struct handle_info *match)
+{
+ int rc;
+ if(match->email_addr && match->passwd && match->handle) {
+ rc = ldap_do_add(match->handle, match->passwd, match->email_addr);
+ if(rc != LDAP_SUCCESS) {
+ send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc));
+ }
+ }
+}
+#endif
+
static int
nickserv_sort_accounts_by_access(const void *a, const void *b)
{
action = search_count_func;
else if (!irccasecmp(argv[1], "unregister"))
action = search_unregister_func;
+#ifdef WITH_LDAP
+ else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap"))
+ action = search_add2ldap_func;
+#endif
else {
reply("NSMSG_INVALID_ACTION", argv[1]);
return 0;
str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING);
nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0;
+ str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING);
+ nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5;
+
str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING);
nickserv_conf.ldap_admin_dn = str ? str : "";
str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
nickserv_conf.ldap_oper_group_dn = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
nickserv_conf.ldap_field_group_member = str ? str : "";
hi = dict_find(nickserv_handle_dict, stamp, NULL);
if(hi && timestamp && hi->registered != timestamp)
{
- log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered);
+ log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp),
+ctime(&hi->registered));
return;
}
#else
regfree(&nickserv_conf.valid_nick_regex);
}
+void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle)) {
+ if (!*nickserv_conf.auto_oper || !user->handle_info)
+ return;
+
+ if (!IsOper(user)) {
+ if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) {
+ irc_umode(user, nickserv_conf.auto_admin);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator",
+ user->nick, user->ident, user->hostname);
+ } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) {
+ irc_umode(user, nickserv_conf.auto_oper);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Operator",
+ user->nick, user->ident, user->hostname);
+ }
+ }
+}
+
void
init_nickserv(const char *nick)
{
reg_nick_change_func(handle_nick_change);
reg_del_user_func(nickserv_remove_user);
reg_account_func(handle_account);
+ reg_auth_func(handle_loc_auth_oper);
/* set up handle_inverse_flags */
memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags));