*
* x3 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
{ "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." },
{ "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." },
{ "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." },
{ "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." },
{ "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." },
{ "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." },
return 0;
}
- if(strlen(handle) > 15)
+ if(strlen(handle) > 30)
{
if(user)
- send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15);
+ send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30);
return 0;
}
reply("NSMSG_HANDLE_EXISTS", argv[2]);
return 0;
}
- if(strlen(argv[2]) > 15)
+ if(strlen(argv[2]) > 30)
{
- reply("NMSG_HANDLE_TOLONG", argv[2], 15);
+ reply("NMSG_HANDLE_TOLONG", argv[2], 30);
return 0;
}
#ifdef WITH_LDAP
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
#ifdef WITH_LDAP
int ldap_result = LDAP_SUCCESS;
char *email = NULL;
-
#endif
hi = dict_find(nickserv_handle_dict, handle, NULL);
return NULL;
}
}
-// else
#else
+ if (!hi) {
+ return NULL;
+ }
+
if (!checkpass(password, hi->passwd)) {
return NULL;
}
#endif
#ifdef WITH_LDAP
- if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* ldap libs are present but we are not using them... */
+ if( !nickserv_conf.ldap_enable ) {
+ if (!hi) {
+ return NULL;
+ }
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+ }
+ else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
/* user not found, but authed to ldap successfully..
* create the account.
*/
int rc;
/* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
if(nickserv_conf.default_hostmask)
mask = "*@*";
else
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident;
+ char *realhost;
+ char *ip;
+ char *uh;
+ char *ui;
+
+ buf = strdup(userhost);
+ ident = mysep(&buf, "@");
+ realhost = mysep(&buf, ":");
+ ip = mysep(&buf, ":");
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
#endif
hi = dict_find(nickserv_handle_dict, argv[1], NULL);
pw_arg = 2;
- } else if (argc == 2) {
+ } else if (argc == 2 && !nickserv_conf.ldap_enable) {
if (nickserv_conf.disable_nicks) {
if (!(hi = get_handle_info(user->nick))) {
reply("NSMSG_HANDLE_NOT_FOUND");
}
#ifdef WITH_LDAP
if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
- ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) {
+ ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) {
#else
if (!checkpass(passwd, hi->passwd)) {
#endif
static OPTION_FUNC(opt_password)
{
char crypted[MD5_CRYPT_LENGTH+1];
- if(argc < 1) {
+ if(argc < 2) {
return 0;
}
if (!override) {
#ifdef WITH_LDAP
if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) {
int rc;
- if(new_level > 0)
+ if(new_level > nickserv_conf.ldap_oper_group_level)
rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
else
rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
- if(rc != LDAP_SUCCESS) {
+ if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) {
send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
return 0;
}
const char *hostmask;
const char *handlemask;
const char *emailmask;
+#ifdef WITH_LDAP
+ unsigned int inldap;
+#endif
};
typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi);
discrim->min_registered = 0;
discrim->max_registered = INT_MAX;
discrim->lastseen = now;
+#ifdef WITH_LDAP
+ discrim->inldap = 2;
+#endif
for (i=0; i<argc; i++) {
if (i == argc - 1) {
discrim->hostmask_type = SUPERSET;
}
discrim->hostmask = argv[++i];
- } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) {
+ } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) {
if (!irccasecmp(argv[++i], "*")) {
discrim->handlemask = 0;
} else {
} else {
reply("MSG_INVALID_CRITERIA", cmp);
}
- } else {
+#ifdef WITH_LDAP
+ } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
+ i++;
+ if(true_string(argv[i])) {
+ discrim->inldap = 1;
+ }
+ else if (false_string(argv[i])) {
+ discrim->inldap = 0;
+ }
+ else {
+ reply("MSG_INVALID_BINARY", argv[i]);
+ }
+#endif
+ } else {
reply("MSG_INVALID_CRITERIA", argv[i]);
goto fail;
}
}
if (!nick) return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && discrim->inldap != 2) {
+ int rc;
+ rc = ldap_get_user_info(hi->handle, NULL);
+ if(discrim->inldap == 1 && rc != LDAP_SUCCESS)
+ return 0;
+ if(discrim->inldap == 0 && rc == LDAP_SUCCESS)
+ return 0;
+ }
+
+#endif
return 1;
}
nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded
}
+static void
+search_add2ldap_func (struct userNode *source, struct handle_info *match)
+{
+#ifdef WITH_LDAP
+ int rc;
+ if(match->email_addr && match->passwd && match->handle) {
+ rc = ldap_do_add(match->handle, match->passwd, match->email_addr);
+ if(rc != LDAP_SUCCESS) {
+ send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc));
+ }
+ }
+#endif
+}
+
static int
nickserv_sort_accounts_by_access(const void *a, const void *b)
{
action = search_count_func;
else if (!irccasecmp(argv[1], "unregister"))
action = search_unregister_func;
+#ifdef WITH_LDAP
+ else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap"))
+ action = search_add2ldap_func;
+#endif
else {
reply("NSMSG_INVALID_ACTION", argv[1]);
return 0;
str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
nickserv_conf.ldap_oper_group_dn = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
nickserv_conf.ldap_field_group_member = str ? str : "";