*
* x3 is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
+ * the Free Software Foundation; either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
#include "modcmd.h"
#include "opserv.h" /* for gag_create(), opserv_bad_channel() */
#include "saxdb.h"
-#include "sendmail.h"
+#include "mail.h"
#include "timeq.h"
#include "x3ldap.h"
#include <tre/regex.h>
#ifdef WITH_LDAP
-#include <ldap.h> /* just needed for default LDAP_PORT */
+#include <ldap.h>
#endif
#define NICKSERV_CONF_NAME "services/nickserv"
#define KEY_ACCOUNTS_PER_EMAIL "accounts_per_email"
#define KEY_EMAIL_SEARCH_LEVEL "email_search_level"
#define KEY_DEFAULT_STYLE "default_style"
+#define KEY_OUNREGISTER_INACTIVE "ounregister_inactive"
+#define KEY_OUNREGISTER_FLAGS "ounregister_flags"
#define KEY_ID "id"
#define KEY_PASSWD "passwd"
#define KEY_NOTE_NOTE "note"
#define KEY_NOTE_SETTER "setter"
#define KEY_NOTE_DATE "date"
+#define KEY_KARMA "karma"
+#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase"
#define KEY_LDAP_ENABLE "ldap_enable"
#ifdef WITH_LDAP
-#define KEY_LDAP_HOST "ldap_host"
-#define KEY_LDAP_PORT "ldap_port"
+#define KEY_LDAP_URI "ldap_uri"
#define KEY_LDAP_BASE "ldap_base"
#define KEY_LDAP_DN_FMT "ldap_dn_fmt"
#define KEY_LDAP_VERSION "ldap_version"
#define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account"
#define KEY_LDAP_FIELD_PASSWORD "ldap_field_password"
#define KEY_LDAP_FIELD_EMAIL "ldap_field_email"
+#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes"
+#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn"
+#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level"
+#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member"
+#define KEY_LDAP_TIMEOUT "ldap_timeout"
#endif
#define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_"
#define OPTION_FUNC(NAME) int NAME(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[])
typedef OPTION_FUNC(option_func_t);
-DEFINE_LIST(handle_info_list, struct handle_info*);
+DEFINE_LIST(handle_info_list, struct handle_info*)
#define NICKSERV_MIN_PARMS(N) do { \
if (argc < N) { \
static char handle_inverse_flags[256];
static unsigned int flag_access_levels[32];
static const struct message_entry msgtab[] = {
+ { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." },
{ "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." },
- { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."},
+ { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."},
{ "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." },
{ "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." },
{ "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." },
{ "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." },
{ "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." },
+ { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." },
+ { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." },
{ "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." },
{ "NSMSG_OREGISTER_VICTIM", "%s has registered a new account for you (named %s)." },
{ "NSMSG_OREGISTER_H_SUCCESS", "Account has been registered." },
{ "NSMSG_HANDLEINFO_REGGED", "Registered on: %s" },
{ "NSMSG_HANDLEINFO_LASTSEEN", "Last seen: %s" },
{ "NSMSG_HANDLEINFO_LASTSEEN_NOW", "Last seen: Right now!" },
+ { "NSMSG_HANDLEINFO_KARMA", " Karma: %d" },
{ "NSMSG_HANDLEINFO_VACATION", "On vacation." },
{ "NSMSG_HANDLEINFO_EMAIL_ADDR", "Email address: %s" },
{ "NSMSG_HANDLEINFO_COOKIE_ACTIVATION", "Cookie: There is currently an activation cookie issued for this account" },
{ "NSMSG_HANDLEINFO_EPITHET", "Epithet: %s" },
{ "NSMSG_HANDLEINFO_NOTE", "Note (by %s on %s): %s " },
{ "NSMSG_HANDLEINFO_FAKEHOST", "Fake host: %s" },
+ { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." },
+ { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" },
{ "NSMSG_HANDLEINFO_LAST_HOST", "Last quit hostmask: %s" },
{ "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" },
{ "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" },
{ "NSMSG_UNREGNICK_SUCCESS", "Nick $b%s$b has been unregistered." },
{ "NSMSG_UNREGISTER_SUCCESS", "Account $b%s$b has been unregistered." },
{ "NSMSG_UNREGISTER_NICKS_SUCCESS", "Account $b%s$b and all its nicks have been unregistered." },
+ { "NSMSG_UNREGISTER_MUST_FORCE", "Account $b%s$b is not inactive or has special flags set; use FORCE to unregister it." },
+ { "NSMSG_UNREGISTER_CANNOT_FORCE", "Account $b%s$b is not inactive or has special flags set; have an IRCOp use FORCE to unregister it." },
+ { "NSMSG_UNREGISTER_NODELETE", "Account $b%s$b is protected from unregistration." },
{ "NSMSG_HANDLE_STATS", "There are %d nicks registered to your account." },
{ "NSMSG_HANDLE_NONE", "You are not authenticated against any account." },
{ "NSMSG_GLOBAL_STATS", "There are %d accounts and %d nicks registered globally." },
{ "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." },
{ "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." },
{ "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." },
- { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." },
+ { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." },
{ "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." },
{ "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." },
{ "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." },
{ "NSMSG_NOT_VALID_FAKEHOST_REGEX", "$b%s$b is not allowed by the admin, consult the valid vhost regex pattern in the config file under nickserv/valid_fakehost_regex." },
{ "CHECKPASS_YES", "Yes." },
{ "CHECKPASS_NO", "No." },
+ { "CHECKEMAIL_NOT_SET", "No email set." },
+ { "CHECKEMAIL_YES", "Yes." },
+ { "CHECKEMAIL_NO", "No." },
{ "NSMSG_DEFCON_NO_NEW_NICKS", "You cannot register new %s at this time, please try again soon" },
{ NULL, NULL }
};
static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action);
static void nickserv_reclaim_p(void *data);
+static int nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask);
struct nickserv_config nickserv_conf;
struct handle_info *hi;
hi = calloc(1, sizeof(*hi));
- hi->userlist_style = HI_DEFAULT_STYLE;
+ hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE;
hi->announcements = '?';
hi->handle = strdup(handle);
safestrncpy(hi->passwd, passwd, sizeof(hi->passwd));
static void set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp);
-static void
+static int
nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, struct userNode *bot)
{
unsigned int n;
struct userNode *uNode;
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) {
+ if(notify) {
+ send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ }
+ if(rc != LDAP_NO_SUCH_OBJECT)
+ return false; /* if theres noone there to delete, its kinda ok, right ?:) */
+ }
+ }
+ }
+#endif
for (n=0; n<unreg_func_used; n++)
unreg_func_list[n](notify, hi);
while (hi->users) {
SyncLog("UNREGISTER %s", hi->handle);
dict_remove(nickserv_handle_dict, hi->handle);
+ return true;
}
struct handle_info*
static int
is_registerable_nick(const char *nick)
{
- /* make sure it could be used as an account name */
- if (!is_valid_handle(nick))
+ struct userNode *user;
+ /* cant register a juped nick/service nick as nick, to prevent confusion */
+ user = GetUserH(nick);
+ if (user && IsLocal(user))
+ return 0;
+ /* for consistency, only allow nicks names that could be nicks */
+ if (!is_valid_nick(nick))
+ return 0;
+ /* disallow nicks that look like bad words */
+ if (opserv_bad_channel(nick))
return 0;
/* check length */
if (strlen(nick) > NICKLEN)
}
int
-oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) {
+oper_outranks(struct userNode *user, struct handle_info *hi) {
if (user->handle_info->opserv_level > hi->opserv_level)
return 1;
if (user->handle_info->opserv_level == hi->opserv_level) {
return 1;
}
}
- reply("MSG_USER_OUTRANKED", hi->handle);
+ send_message(user, nickserv, "MSG_USER_OUTRANKED", hi->handle);
return 0;
}
struct handle_info *
-get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target)
+get_victim_oper(struct userNode *user, const char *target)
{
struct handle_info *hi;
if (!(hi = smart_get_handle_info(nickserv, user, target)))
send_message(user, nickserv, "MSG_OPER_SUSPENDED");
return 0;
}
- return oper_outranks(cmd, user, hi) ? hi : NULL;
+ return oper_outranks(user, hi) ? hi : NULL;
}
static int
return 1;
/* If any hostmask matches, allow it. */
for (ii=0; ii<hi->masks->used; ii++)
- if (user_matches_glob(user, hi->masks->list[ii], 0))
+ if (user_matches_glob(user, hi->masks->list[ii], 0, 0))
return 1;
/* If they are allowauthed to this account, allow it (removing the aa). */
if (dict_find(nickserv_allow_auth_dict, user->nick, NULL) == hi) {
/* remove from next_authed linked list */
if (user->handle_info->users == user) {
user->handle_info->users = user->next_authed;
- } else {
+ } else if (user->handle_info->users != NULL) {
for (other = user->handle_info->users;
other->next_authed != user;
other = other->next_authed) ;
other->next_authed = user->next_authed;
+ } else {
+ /* No users authed to the account - can happen if they get
+ * killed for authing. */
}
/* if nobody left on old handle, and they're not an oper, remove !god */
if (!user->handle_info->users && !user->handle_info->opserv_level)
hi->users = user;
hi->lastseen = now;
/* Add to helpers list */
- if (IsHelper(user))
+ if (IsHelper(user) && !userList_contains(&curr_helpers, user))
userList_append(&curr_helpers, user);
/* Set the fakehost */
* account as registered nicks
* - Why not just this one? -rubin */
if (!nickserv_conf.disable_nicks) {
- struct nick_info *ni;
- for (ni = hi->nicks; ni; ni = ni->next) {
- if (!irccasecmp(user->nick, ni->nick)) {
+ struct nick_info *ni2;
+ for (ni2 = hi->nicks; ni2; ni2 = ni2->next) {
+ if (!irccasecmp(user->nick, ni2->nick)) {
user->modes |= FLAGS_REGNICK;
break;
}
/* Call auth handlers */
if (GetUserH(user->nick)) {
- for (n=0; n<auth_func_used; n++)
+ for (n=0; n<auth_func_used; n++) {
auth_func_list[n](user, old_info);
+ if (user->dead)
+ return;
+ }
}
}
char crypted[MD5_CRYPT_LENGTH];
if ((hi = dict_find(nickserv_handle_dict, handle, NULL))) {
- send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle);
+ if(user)
+ send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle);
return 0;
}
- if(strlen(handle) > 15)
+ if(strlen(handle) > 30)
{
- send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15);
+ if(user)
+ send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30);
return 0;
}
cryptpass(passwd, crypted);
#ifdef WITH_LDAP
- int rc;
- if(LDAP_SUCCESS != (rc = ldap_do_add(handle, passwd, NULL))) {
- send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
- return 0;
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ rc = ldap_do_add(handle, crypted, NULL);
+ if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) {
+ if(user)
+ send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
}
#endif
hi = register_handle(handle, crypted, 0);
if (settee && !no_auth)
set_user_handle_info(settee, hi, 1);
- if (user != settee)
+ if (user != settee) {
+ if(user)
send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS");
- else if (nickserv_conf.disable_nicks)
+ }
+ else if (nickserv_conf.disable_nicks) {
+ if(user) {
send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS");
- else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL)))
+ }
+ }
+ else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) {
+ if(user) {
send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER");
+ }
+ }
else {
- register_nick(user->nick, hi);
- send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ if(user) {
+ if (is_registerable_nick(user->nick)) {
+ register_nick(user->nick, hi);
+ send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS");
+ }
+ }
}
- if (settee && (user != settee))
+ if (settee && (user != settee)) {
+ if(user) {
send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle);
+ }
+ }
return hi;
}
else
fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle);
+ first_time = 0;
break;
case EMAIL_CHANGE:
misc = hi->email_addr;
snprintf(subject, sizeof(subject), fmt, netname);
fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_NEW");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie+COOKIELEN/2, nickserv->nick, self->name, hi->handle, COOKIELEN/2);
- sendmail(nickserv, hi, subject, body, 1);
+ mail_send(nickserv, hi, subject, body, 1);
fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr);
+ first_time = 1;
} else {
#endif
send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1");
snprintf(subject, sizeof(subject), fmt, netname);
fmt = handle_find_message(hi, "NSEMAIL_EMAIL_VERIFY_BODY");
snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle);
- sendmail(nickserv, hi, subject, body, 1);
+ mail_send(nickserv, hi, subject, body, 1);
subject[0] = 0;
#ifdef stupid_verify_old_email
}
break;
}
if (subject[0])
- sendmail(nickserv, hi, subject, body, first_time);
+ mail_send(nickserv, hi, subject, body, first_time);
nickserv_bake_cookie(cookie);
}
NICKSERV_MIN_PARMS((unsigned)3 + nickserv_conf.email_required);
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(argv[1]);
if (!is_valid_handle(argv[1])) {
reply("NSMSG_BAD_HANDLE", argv[1]);
return 0;
}
/* .. and that we are allowed to send to it. */
- if ((str = sendmail_prohibited_address(email_addr))) {
+ if ((str = mail_prohibited_address(email_addr))) {
reply("NSMSG_EMAIL_PROHIBITED", email_addr, str);
return 0;
}
}
/* Set their email address. */
- if (email_addr)
+ if (email_addr) {
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
+ } else {
+ nickserv_set_email_addr(hi, email_addr);
+ }
+ }
+ else {
+ nickserv_set_email_addr(hi, email_addr);
+ }
+#else
nickserv_set_email_addr(hi, email_addr);
+#endif
+ }
/* If they need to do email verification, tell them. */
if (no_auth)
char* mask = NULL;
char* nick = NULL;
- NICKSERV_MIN_PARMS(3);
+ NICKSERV_MIN_PARMS(2);
account = argv[1];
pass = argv[2];
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(account);
if (nickserv_conf.email_required) {
- NICKSERV_MIN_PARMS(4);
+ NICKSERV_MIN_PARMS(3);
email = argv[3];
- if (argc >= 5) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */
- if (strchr(argv[4], '@') || argc >= 6) /* If @, its mask not nick */
+ if (argc >= 4) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */
+ if (argc < 4) {
+ mask = NULL;
+ settee = NULL;
+ } else if (strchr(argv[4], '@'))
mask = argv[4];
else
nick = argv[4];
}
else {
if (argc >= 4) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */
- if (strchr(argv[3], '@') || argc >= 5) /* If @, its mask not nick */
+ if (argc < 4) {
+ mask = NULL;
+ settee = NULL;
+ } else if (strchr(argv[3], '@'))
mask = argv[3];
else
nick = argv[3];
return 0; /* error reply handled by above */
}
if (email) {
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc));
+ } else {
+ nickserv_set_email_addr(hi, email);
+ }
+ }
+ else {
+ nickserv_set_email_addr(hi, email);
+ }
+#else
nickserv_set_email_addr(hi, email);
+#endif
}
if (mask) {
char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
- string_list_append(hi->masks, mask_canonicalized);
+ if (mask_canonicalized)
+ string_list_append(hi->masks, mask_canonicalized);
}
if (nickserv_conf.sync_log)
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
return nickserv_ignore(cmd, user, hi, argv[2]);
{
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
return nickserv_delignore(cmd, user, hi, argv[2]);
}
struct do_not_register *dnr;
if ((dnr = chanserv_is_dnr(NULL, hi)))
reply("NSMSG_HANDLEINFO_DNR", dnr->setter, dnr->reason);
- if (!oper_outranks(cmd, user, hi))
+ if ((user->handle_info->opserv_level < 900) && !oper_outranks(user, hi))
return 1;
} else if (hi != user->handle_info) {
reply("NSMSG_HANDLEINFO_END");
return 1;
}
+ if (IsOper(user))
+ reply("NSMSG_HANDLEINFO_KARMA", hi->karma);
+
if (nickserv_conf.email_enabled)
reply("NSMSG_HANDLEINFO_EMAIL_ADDR", visible_email_addr(user, hi));
}
if (hi->channels) {
- struct userData *channel, *next;
+ struct userData *chan, *next;
char *name;
- for (channel = hi->channels; channel; channel = next) {
- next = channel->u_next;
- name = channel->channel->channel->name;
+ for (chan = hi->channels; chan; chan = next) {
+ next = chan->u_next;
+ name = chan->channel->channel->name;
herelen = strlen(name);
if (pos + herelen + 7 > ArrayLength(buff)) {
- next = channel;
+ next = chan;
goto print_chans_buff;
}
- if (IsUserSuspended(channel))
+ if (IsUserSuspended(chan))
buff[pos++] = '-';
- pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(channel->access), name);
+ pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(chan->access), name);
if (next == NULL) {
print_chans_buff:
buff[pos-1] = 0;
}
reply("NSMSG_HANDLEINFO_END");
- return 1;
+ return 1 | ((hi != user->handle_info) ? CMD_LOG_STAFF : 0);
}
static NICKSERV_FUNC(cmd_userinfo)
unsigned int nn;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(argv[2]);
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (!is_valid_handle(argv[2])) {
reply("NSMSG_FAIL_RENAME", argv[1], argv[2]);
reply("NSMSG_HANDLE_EXISTS", argv[2]);
return 0;
}
- if(strlen(argv[2]) > 15)
+ if(strlen(argv[2]) > 30)
{
- reply("NMSG_HANDLE_TOLONG", argv[2], 15);
+ reply("NMSG_HANDLE_TOLONG", argv[2], 30);
return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if( (rc = ldap_rename_account(hi->handle, argv[2])) != LDAP_SUCCESS) {
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
dict_remove2(nickserv_handle_dict, old_handle = hi->handle, 1);
hi->handle = strdup(argv[2]);
* called by nefariouses enhanced AC login-on-connect code
*
*/
-struct handle_info *loc_auth(char *handle, char *password)
+struct handle_info *loc_auth(char *handle, char *password, char *userhost)
{
int pw_arg, used, maxlogins;
unsigned int ii;
int wildmask = 0;
struct handle_info *hi;
struct userNode *other;
+#ifdef WITH_LDAP
+ int ldap_result = LDAP_SUCCESS;
+ char *email = NULL;
+#endif
hi = dict_find(nickserv_handle_dict, handle, NULL);
- pw_arg = 2;
+ pw_arg = 2;
+
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable) {
+ ldap_result = ldap_check_auth(handle, password);
+ if(ldap_result != LDAP_SUCCESS) {
+ return NULL;
+ }
+ }
+#else
+ if (!hi) {
+ return NULL;
+ }
+
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+#endif
+#ifdef WITH_LDAP
+ /* ldap libs are present but we are not using them... */
+ if( !nickserv_conf.ldap_enable ) {
+ if (!hi) {
+ return NULL;
+ }
+ if (!checkpass(password, hi->passwd)) {
+ return NULL;
+ }
+ }
+ else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) {
+ /* user not found, but authed to ldap successfully..
+ * create the account.
+ */
+ char *mask;
+ int rc;
+
+ /* Add a *@* mask */
+ /* TODO if userhost is not null, build mask based on that. */
+ if(nickserv_conf.default_hostmask)
+ mask = "*@*";
+ else
+ return NULL; /* They dont have a *@* mask so they can't loc */
+
+ if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) {
+ return 0; /* couldn't add the user for some reason */
+ }
+
+ if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ return 0;
+ }
+ }
+ if(email) {
+ nickserv_set_email_addr(hi, email);
+ free(email);
+ }
+ if(mask) {
+ char* mask_canonicalized = canonicalize_hostmask(strdup(mask));
+ string_list_append(hi->masks, mask_canonicalized);
+ }
+ if(nickserv_conf.sync_log)
+ SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle);
+ }
+#endif
+
+ /* Still no account, so just fail out */
if (!hi) {
return NULL;
}
/* We don't know the users hostname, or anything because they
* havn't registered yet. So we can only allow LOC if your
* account has *@* as a hostmask.
+ *
+ * UPDATE: New nefarious LOC supports u@h
*/
- for (ii=0; ii<hi->masks->used; ii++)
- {
- if (!strcmp(hi->masks->list[ii], "*@*"))
- {
- wildmask++;
- break;
- }
+ if(userhost) {
+ char *buf;
+ char *ident;
+ char *realhost;
+ char *ip;
+ char *uh;
+ char *ui;
+
+ buf = strdup(userhost);
+ ident = mysep(&buf, "@");
+ realhost = mysep(&buf, ":");
+ ip = mysep(&buf, ":");
+ if(!ip || !realhost || !ident) {
+ free(buf);
+ return NULL; /* Invalid AC request, just quit */
+ }
+ uh = malloc(strlen(userhost));
+ ui = malloc(strlen(userhost));
+ sprintf(uh, "%s@%s", ident, realhost);
+ sprintf(ui, "%s@%s", ident, ip);
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if(match_ircglob(uh, hi->masks->list[ii])
+ || match_ircglob(ui, hi->masks->list[ii]))
+ {
+ wildmask++;
+ break;
+ }
+ }
+ free(buf);
+ free(uh);
+ free(ui);
+ }
+ else {
+
+ for (ii=0; ii<hi->masks->used; ii++)
+ {
+ if (!strcmp(hi->masks->list[ii], "*@*"))
+ {
+ wildmask++;
+ break;
+ }
+ }
}
if(wildmask < 1)
return NULL;
- /* Responses from here on look up the language used by the handle they asked about. */
- if (!checkpass(password, hi->passwd)) {
- return NULL;
- }
if (HANDLE_FLAGGED(hi, SUSPENDED)) {
return NULL;
}
+
maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins;
for (used = 0, other = hi->users; other; other = other->next_authed) {
if (++used >= maxlogins) {
return NULL;
}
}
+ /* TODO - Add LOGGING to this function so LOC's are logged.. */
return hi;
}
}
if (argc == 3) {
#ifdef WITH_LDAP
+ if(strchr(argv[1], '<') || strchr(argv[1], '>')) {
+ reply("NSMSG_NO_ANGLEBRACKETS");
+ return 0;
+ }
+ if (!is_valid_handle(argv[1])) {
+ reply("NSMSG_BAD_HANDLE", argv[1]);
+ return 0;
+ }
+
if(nickserv_conf.ldap_enable) {
ldap_result = ldap_check_auth(argv[1], argv[2]);
+ /* Get the users email address and update it */
if(ldap_result == LDAP_SUCCESS) {
- /* pull the users info from ldap:
- * * email
- * * name if available
- * *
- */
+ int rc;
+ if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS))
+ {
+ if(nickserv_conf.email_required) {
+ reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
}
else if(ldap_result != LDAP_INVALID_CREDENTIALS) {
reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result));
#endif
hi = dict_find(nickserv_handle_dict, argv[1], NULL);
pw_arg = 2;
- } else if (argc == 2) {
+ } else if (argc == 2 && !nickserv_conf.ldap_enable) {
if (nickserv_conf.disable_nicks) {
if (!(hi = get_handle_info(user->nick))) {
reply("NSMSG_HANDLE_NOT_FOUND");
}
if(email) {
nickserv_set_email_addr(hi, email);
+ free(email);
}
if(nickserv_conf.sync_log)
SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info);
}
#ifdef WITH_LDAP
if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) ||
- ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) )
+ ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) {
#else
if (!checkpass(passwd, hi->passwd)) {
#endif
}
/* Wipe out the pass for the logs */
+
+ if (!hi->masks->used) {
+ irc_in_addr_t ip;
+ string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
+ if (irc_in_addr_is_valid(user->ip) && irc_pton(&ip, NULL, user->hostname))
+ string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT));
+ }
+
argv[pw_arg] = "****";
return 1;
}
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (!hi->cookie) {
if (nickserv_conf.sync_log)
SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info);
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc));
+ } else {
+ nickserv_set_email_addr(hi, hi->cookie->data);
+ }
+ }
+ else {
+ nickserv_set_email_addr(hi, hi->cookie->data);
+ }
+#else
nickserv_set_email_addr(hi, hi->cookie->data);
+#endif
if (nickserv_conf.sync_log)
SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data);
break;
switch (hi->cookie->type) {
case ACTIVATION:
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
set_user_handle_info(user, hi, 1);
reply("NSMSG_HANDLE_ACTIVATED");
SyncLog("ACCOUNTACC %s", hi->handle);
break;
case PASSWORD_CHANGE:
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
set_user_handle_info(user, hi, 1);
safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd));
reply("NSMSG_PASSWORD_CHANGED");
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
break;
case EMAIL_CHANGE:
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) {
+ /* Falied to update email in ldap, but still
+ * updated it here.. what should we do? */
+ reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
if (!hi->email_addr && nickserv_conf.sync_log) {
/*
* This should only happen if an OREGISTER was sent. Require
if (nickserv_conf.sync_log)
SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info);
}
+
nickserv_set_email_addr(hi, hi->cookie->data);
reply("NSMSG_EMAIL_CHANGED");
if (nickserv_conf.sync_log)
SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data);
break;
- case ALLOWAUTH:
+ case ALLOWAUTH: {
+ char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
set_user_handle_info(user, hi, 1);
+ nickserv_addmask(user, hi, mask);
reply("NSMSG_AUTH_SUCCESS");
+ free(mask);
break;
+ }
default:
reply("NSMSG_BAD_COOKIE_TYPE", hi->cookie->type);
log_module(NS_LOG, LOG_ERROR, "Bad cookie type %d for account %s.", hi->cookie->type, hi->handle);
static NICKSERV_FUNC(cmd_pass)
{
struct handle_info *hi;
- const char *old_pass, *new_pass;
+ char *old_pass, *new_pass;
+ char crypted[MD5_CRYPT_LENGTH+1];
+#ifdef WITH_LDAP
+ int ldap_result;
+#endif
NICKSERV_MIN_PARMS(3);
hi = user->handle_info;
new_pass = argv[2];
argv[2] = "****";
if (!is_secure_password(hi->handle, new_pass, user)) return 0;
+
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable) {
+ ldap_result = ldap_check_auth(hi->handle, old_pass);
+ if(ldap_result != LDAP_SUCCESS) {
+ if(ldap_result == LDAP_INVALID_CREDENTIALS)
+ reply("NSMSG_PASSWORD_INVALID");
+ else
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result));
+ return 0;
+ }
+ }else
+#endif
if (!checkpass(old_pass, hi->passwd)) {
argv[1] = "BADPASS";
reply("NSMSG_PASSWORD_INVALID");
return 0;
}
- cryptpass(new_pass, hi->passwd);
+ cryptpass(new_pass, crypted);
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) {
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
+ //cryptpass(new_pass, hi->passwd);
+ strcpy(hi->passwd, crypted);
if (nickserv_conf.sync_log)
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
argv[1] = "****";
}
static int
-nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask)
+nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask)
{
unsigned int i;
char *new_mask = canonicalize_hostmask(strdup(mask));
for (i=0; i<hi->masks->used; i++) {
if (!irccasecmp(new_mask, hi->masks->list[i])) {
- reply("NSMSG_ADDMASK_ALREADY", new_mask);
+ send_message(user, nickserv, "NSMSG_ADDMASK_ALREADY", new_mask);
free(new_mask);
return 0;
}
}
string_list_append(hi->masks, new_mask);
- reply("NSMSG_ADDMASK_SUCCESS", new_mask);
+ send_message(user, nickserv, "NSMSG_ADDMASK_SUCCESS", new_mask);
return 1;
}
{
if (argc < 2) {
char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT);
- int res = nickserv_addmask(cmd, user, user->handle_info, mask);
+ int res = nickserv_addmask(user, user->handle_info, mask);
free(mask);
return res;
} else {
reply("NSMSG_MASK_INVALID", argv[1]);
return 0;
}
- return nickserv_addmask(cmd, user, user->handle_info, argv[1]);
+ return nickserv_addmask(user, user->handle_info, argv[1]);
}
}
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
- return nickserv_addmask(cmd, user, hi, argv[2]);
+ return nickserv_addmask(user, hi, argv[2]);
}
static int
-nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_mask)
+nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_mask, int force)
{
unsigned int i;
for (i=0; i<hi->masks->used; i++) {
if (!strcmp(del_mask, hi->masks->list[i])) {
char *old_mask = hi->masks->list[i];
- if (hi->masks->used == 1) {
+ if (hi->masks->used == 1 && !force) {
reply("NSMSG_DELMASK_NOTLAST");
return 0;
}
static NICKSERV_FUNC(cmd_delmask)
{
NICKSERV_MIN_PARMS(2);
- return nickserv_delmask(cmd, user, user->handle_info, argv[1]);
+ return nickserv_delmask(cmd, user, user->handle_info, argv[1], 0);
}
static NICKSERV_FUNC(cmd_odelmask)
{
struct handle_info *hi;
NICKSERV_MIN_PARMS(3);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
- return nickserv_delmask(cmd, user, hi, argv[2]);
+ return nickserv_delmask(cmd, user, hi, argv[2], 1);
}
int
struct channelList *schannels;
unsigned int ii;
schannels = chanserv_support_channels();
- for (uNode = hi->users; uNode; uNode = uNode->next_authed) {
- for (ii = 0; ii < schannels->used; ++ii)
- if (GetUserMode(schannels->list[ii], uNode))
- break;
- if (ii < schannels->used)
+ for (ii = 0; ii < schannels->used; ++ii)
+ if (find_handle_in_channel(schannels->list[ii], hi, NULL))
break;
- }
- if (!uNode)
+ if (ii == schannels->used)
HANDLE_CLEAR_FLAG(hi, HELPING);
}
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
return 0;
if (argc < 3) {
static OPTION_FUNC(opt_password)
{
+ char crypted[MD5_CRYPT_LENGTH+1];
+ if(argc < 2) {
+ return 0;
+ }
if (!override) {
reply("NSMSG_USE_CMD_PASS");
return 0;
}
- if (argc > 1)
- cryptpass(argv[1], hi->passwd);
-
+ cryptpass(argv[1], crypted);
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) {
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
+ strcpy(hi->passwd, crypted);
if (nickserv_conf.sync_log)
SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd);
reply("NSMSG_BAD_EMAIL_ADDR");
return 0;
}
- if ((str = sendmail_prohibited_address(argv[1]))) {
+ if ((str = mail_prohibited_address(argv[1]))) {
reply("NSMSG_EMAIL_PROHIBITED", argv[1], str);
return 0;
}
else if (!override)
nickserv_make_cookie(user, hi, EMAIL_CHANGE, argv[1], 0);
else {
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) {
+ int rc;
+ if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) {
+ reply("NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
nickserv_set_email_addr(hi, argv[1]);
if (hi->cookie)
nickserv_eat_cookie(hi->cookie);
return 1;
}
+static OPTION_FUNC(opt_karma)
+{
+ if (!override) {
+ send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]);
+ return 0;
+ }
+
+ if (argc > 1) {
+ if (argv[1][0] == '+' && isdigit(argv[1][1])) {
+ hi->karma += strtoul(argv[1] + 1, NULL, 10);
+ } else if (argv[1][0] == '-' && isdigit(argv[1][1])) {
+ hi->karma -= strtoul(argv[1] + 1, NULL, 10);
+ } else {
+ send_message(user, nickserv, "NSMSG_INVALID_KARMA", argv[1]);
+ }
+ }
+
+ send_message(user, nickserv, "NSMSG_SET_KARMA", hi->karma);
+ return 1;
+}
+
+/* Called from opserv from cmd_access */
int
oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_info *target, unsigned int new_level) {
if (!oper_has_access(user, bot, nickserv_conf.modoper_level, 0))
send_message(user, bot, "MSG_STUPID_ACCESS_CHANGE");
return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) {
+ int rc;
+ if(new_level > nickserv_conf.ldap_oper_group_level)
+ rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn);
+ else
+ rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn);
+ if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) {
+ send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc));
+ return 0;
+ }
+ }
+#endif
if (target->opserv_level == new_level)
return 0;
log_module(NS_LOG, LOG_INFO, "Account %s setting oper level for account %s to %d (from %d).",
reply("NSMSG_NICK_NOT_REGISTERED", argv[1]);
return 0;
}
- if (ni->owner->opserv_level >= user->handle_info->opserv_level) {
- reply("MSG_USER_OUTRANKED", ni->nick);
- return 0;
- }
+ if (!oper_outranks(user, ni->owner))
+ return 0;
reply("NSMSG_UNREGNICK_SUCCESS", ni->nick);
delete_nick(ni);
return 1;
passwd = argv[1];
argv[1] = "****";
if (checkpass(passwd, hi->passwd)) {
- nickserv_unregister_handle(hi, user, cmd->parent->bot);
- return 1;
+ if(nickserv_unregister_handle(hi, user, cmd->parent->bot))
+ return 1;
+ else
+ return 0;
} else {
log_module(NS_LOG, LOG_INFO, "Account '%s' tried to unregister with the wrong password.", hi->handle);
reply("NSMSG_PASSWORD_INVALID");
static NICKSERV_FUNC(cmd_ounregister)
{
struct handle_info *hi;
+ char reason[MAXLEN];
+ int force;
NICKSERV_MIN_PARMS(2);
- if (!(hi = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi = get_victim_oper(user, argv[1])))
+ return 0;
+
+ if (HANDLE_FLAGGED(hi, NODELETE)) {
+ reply("NSMSG_UNREGISTER_NODELETE", hi->handle);
+ return 0;
+ }
+
+ force = IsOper(user) && (argc > 2) && !irccasecmp(argv[2], "force");
+ if (!force &&
+ ((hi->flags & nickserv_conf.ounregister_flags)
+ || hi->users
+ || (hi->last_quit_host[0] && ((unsigned)(now - hi->lastseen) < nickserv_conf.ounregister_inactive)))) {
+ reply((IsOper(user) ? "NSMSG_UNREGISTER_MUST_FORCE" : "NSMSG_UNREGISTER_CANNOT_FORCE"), hi->handle);
+ return 0;
+ }
+ snprintf(reason, sizeof(reason), "%s unregistered account %s.", user->handle_info->handle, hi->handle);
+ global_message(MESSAGE_RECIPIENT_STAFF, reason);
+ if(nickserv_unregister_handle(hi, user, cmd->parent->bot))
+ return 1;
+ else
return 0;
- nickserv_unregister_handle(hi, user, cmd->parent->bot);
- return 1;
}
static NICKSERV_FUNC(cmd_status)
if (hi->last_quit_host[0])
saxdb_write_string(ctx, KEY_LAST_QUIT_HOST, hi->last_quit_host);
saxdb_write_int(ctx, KEY_LAST_SEEN, hi->lastseen);
+ if (hi->karma != 0)
+ saxdb_write_sint(ctx, KEY_KARMA, hi->karma);
if (hi->masks->used)
saxdb_write_string_list(ctx, KEY_MASKS, hi->masks);
if (hi->ignores->used)
NICKSERV_MIN_PARMS(3);
- if (!(hi_from = get_victim_oper(cmd, user, argv[1])))
+ if (!(hi_from = get_victim_oper(user, argv[1])))
return 0;
- if (!(hi_to = get_victim_oper(cmd, user, argv[2])))
+ if (!(hi_to = get_victim_oper(user, argv[2])))
return 0;
if (hi_to == hi_from) {
reply("NSMSG_CANNOT_MERGE_SELF", hi_to->handle);
if (hi_from->lastseen > hi_to->lastseen)
hi_to->lastseen = hi_from->lastseen;
+ /* New karma is the sum of the two original karmas. */
+ hi_to->karma += hi_from->karma;
+
/* Does a fakehost carry over? (This intentionally doesn't set it
* for users previously attached to hi_to. They'll just have to
* reconnect.)
/* Unregister the "from" handle. */
nickserv_unregister_handle(hi_from, NULL, cmd->parent->bot);
+ /* TODO: fix it so that if the ldap delete in nickserv_unregister_handle fails,
+ * the process isn't completed.
+ */
return 1;
}
struct nickserv_discrim {
- unsigned int limit, min_level, max_level;
unsigned long flags_on, flags_off;
time_t min_registered, max_registered;
time_t lastseen;
+ unsigned int limit;
+ int min_level, max_level;
+ int min_karma, max_karma;
enum { SUBSET, EXACT, SUPERSET, LASTQUIT } hostmask_type;
const char *nickmask;
const char *hostmask;
const char *handlemask;
const char *emailmask;
+#ifdef WITH_LDAP
+ unsigned int inldap;
+#endif
};
typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi);
discrim = malloc(sizeof(*discrim));
memset(discrim, 0, sizeof(*discrim));
discrim->min_level = 0;
- discrim->max_level = ~0;
+ discrim->max_level = INT_MAX;
discrim->limit = 50;
discrim->min_registered = 0;
discrim->max_registered = INT_MAX;
- discrim->lastseen = now;
+ discrim->lastseen = LONG_MAX;
+ discrim->min_karma = INT_MIN;
+ discrim->max_karma = INT_MAX;
+#ifdef WITH_LDAP
+ discrim->inldap = 2;
+#endif
for (i=0; i<argc; i++) {
if (i == argc - 1) {
discrim->hostmask_type = SUPERSET;
}
discrim->hostmask = argv[++i];
- } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) {
+ } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) {
if (!irccasecmp(argv[++i], "*")) {
discrim->handlemask = 0;
} else {
} else {
reply("MSG_INVALID_CRITERIA", cmp);
}
- } else {
+ } else if (!irccasecmp(argv[i], "karma")) {
+ const char *cmp = argv[++i];
+ if (cmp[0] == '<') {
+ if (cmp[1] == '=') {
+ discrim->max_karma = strtoul(cmp+2, NULL, 0);
+ } else {
+ discrim->max_karma = strtoul(cmp+1, NULL, 0) - 1;
+ }
+ } else if (cmp[0] == '=') {
+ discrim->min_karma = discrim->max_karma = strtoul(cmp+1, NULL, 0);
+ } else if (cmp[0] == '>') {
+ if (cmp[1] == '=') {
+ discrim->min_karma = strtoul(cmp+2, NULL, 0);
+ } else {
+ discrim->min_karma = strtoul(cmp+1, NULL, 0) + 1;
+ }
+ } else {
+ send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp);
+ }
+#ifdef WITH_LDAP
+ } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) {
+ i++;
+ if(true_string(argv[i])) {
+ discrim->inldap = 1;
+ }
+ else if (false_string(argv[i])) {
+ discrim->inldap = 0;
+ }
+ else {
+ reply("MSG_INVALID_BINARY", argv[i]);
+ }
+#endif
+ } else {
reply("MSG_INVALID_CRITERIA", argv[i]);
goto fail;
}
|| (discrim->handlemask && !match_ircglob(hi->handle, discrim->handlemask))
|| (discrim->emailmask && (!hi->email_addr || !match_ircglob(hi->email_addr, discrim->emailmask)))
|| (discrim->min_level > hi->opserv_level)
- || (discrim->max_level < hi->opserv_level)) {
+ || (discrim->max_level < hi->opserv_level)
+ || (discrim->min_karma > hi->karma)
+ || (discrim->max_karma < hi->karma)
+ ) {
return 0;
}
if (discrim->hostmask) {
}
if (!nick) return 0;
}
+#ifdef WITH_LDAP
+ if(nickserv_conf.ldap_enable && discrim->inldap != 2) {
+ int rc;
+ rc = ldap_get_user_info(hi->handle, NULL);
+ if(discrim->inldap == 1 && rc != LDAP_SUCCESS)
+ return 0;
+ if(discrim->inldap == 0 && rc == LDAP_SUCCESS)
+ return 0;
+ }
+
+#endif
return 1;
}
nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded
}
+#ifdef WITH_LDAP
+static void
+search_add2ldap_func (struct userNode *source, struct handle_info *match)
+{
+ int rc;
+ if(match->email_addr && match->passwd && match->handle) {
+ rc = ldap_do_add(match->handle, match->passwd, match->email_addr);
+ if(rc != LDAP_SUCCESS) {
+ send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc));
+ }
+ }
+}
+#endif
+
static int
nickserv_sort_accounts_by_access(const void *a, const void *b)
{
action = search_count_func;
else if (!irccasecmp(argv[1], "unregister"))
action = search_unregister_func;
+#ifdef WITH_LDAP
+ else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap"))
+ action = search_add2ldap_func;
+#endif
else {
reply("NSMSG_INVALID_ACTION", argv[1]);
return 0;
return 1;
}
+static MODCMD_FUNC(cmd_checkemail)
+{
+ struct handle_info *hi;
+
+ NICKSERV_MIN_PARMS(3);
+ if (!(hi = modcmd_get_handle_info(user, argv[1]))) {
+ return 0;
+ }
+ if (!hi->email_addr)
+ reply("CHECKEMAIL_NOT_SET");
+ else if (!irccasecmp(argv[2], hi->email_addr))
+ reply("CHECKEMAIL_YES");
+ else
+ reply("CHECKEMAIL_NO");
+ return 1;
+}
+
static void
-nickserv_db_read_handle(const char *handle, dict_t obj)
+nickserv_db_read_handle(char *handle, dict_t obj)
{
const char *str;
struct string_list *masks, *slist, *ignores;
struct handle_info *hi;
struct userNode *authed_users;
- struct userData *channels;
+ struct userData *channel_list;
unsigned long int id;
unsigned int ii;
dict_t subdb;
}
if ((hi = get_handle_info(handle))) {
authed_users = hi->users;
- channels = hi->channels;
+ channel_list = hi->channels;
hi->users = NULL;
hi->channels = NULL;
dict_remove(nickserv_handle_dict, hi->handle);
} else {
authed_users = NULL;
- channels = NULL;
+ channel_list = NULL;
}
+ if(nickserv_conf.force_handles_lowercase)
+ irc_strtolower(handle);
hi = register_handle(handle, str, id);
if (authed_users) {
hi->users = authed_users;
authed_users = authed_users->next_authed;
}
}
- hi->channels = channels;
+ hi->channels = channel_list;
masks = database_get_data(obj, KEY_MASKS, RECDB_STRING_LIST);
hi->masks = masks ? string_list_copy(masks) : alloc_string_list(1);
ignores = database_get_data(obj, KEY_IGNORES, RECDB_STRING_LIST);
hi->registered = str ? (time_t)strtoul(str, NULL, 0) : now;
str = database_get_data(obj, KEY_LAST_SEEN, RECDB_QSTRING);
hi->lastseen = str ? (time_t)strtoul(str, NULL, 0) : hi->registered;
+ str = database_get_data(obj, KEY_KARMA, RECDB_QSTRING);
+ hi->karma = str ? strtoul(str, NULL, 0) : 0;
/* We want to read the nicks even if disable_nicks is set. This is so
* that we don't lose the nick data entirely. */
slist = database_get_data(obj, KEY_NICKS, RECDB_STRING_LIST);
nickserv_saxdb_read(dict_t db) {
dict_iterator_t it;
struct record_data *rd;
+ char *handle;
for (it=dict_first(db); it; it=iter_next(it)) {
rd = iter_data(it);
- nickserv_db_read_handle(iter_key(it), rd->d.object);
+ handle = strdup(iter_key(it));
+ nickserv_db_read_handle(handle, rd->d.object);
+ free(handle);
}
return 0;
}
log_module(NS_LOG, LOG_ERROR, "Unable to open dictionary file %s: %s", fname, strerror(errno));
return;
}
- while (!feof(file)) {
- fgets(line, sizeof(line), file);
+ while (fgets(line, sizeof(line), file)) {
if (!line[0])
continue;
if (line[strlen(line)-1] == '\n')
str = database_get_data(conf_node, "default_maxlogins", RECDB_QSTRING);
nickserv_conf.default_maxlogins = str ? strtoul(str, NULL, 0) : 2;
str = database_get_data(conf_node, "hard_maxlogins", RECDB_QSTRING);
+ str = database_get_data(conf_node, KEY_OUNREGISTER_INACTIVE, RECDB_QSTRING);
+ nickserv_conf.ounregister_inactive = str ? ParseInterval(str) : 86400*28;
+ str = database_get_data(conf_node, KEY_OUNREGISTER_FLAGS, RECDB_QSTRING);
+ if (!str)
+ str = "ShgsfnHbu";
+ nickserv_conf.ounregister_flags = 0;
+ while(*str) {
+ unsigned int pos = handle_inverse_flags[(unsigned char)*str];
+ str++;
+ if(pos)
+ nickserv_conf.ounregister_flags |= 1 << (pos - 1);
+ }
nickserv_conf.hard_maxlogins = str ? strtoul(str, NULL, 0) : 10;
if (!nickserv_conf.disable_nicks) {
str = database_get_data(conf_node, "reclaim_action", RECDB_QSTRING);
str = database_get_data(conf_node, KEY_LDAP_ENABLE, RECDB_QSTRING);
nickserv_conf.ldap_enable = str ? strtoul(str, NULL, 0) : 0;
+
+ str = database_get_data(conf_node, KEY_FORCE_HANDLES_LOWERCASE, RECDB_QSTRING);
+ nickserv_conf.force_handles_lowercase = str ? strtol(str, NULL, 0) : 0;
+
#ifndef WITH_LDAP
if(nickserv_conf.ldap_enable > 0) {
/* ldap is enabled but not compiled in - error out */
#endif
#ifdef WITH_LDAP
- str = database_get_data(conf_node, KEY_LDAP_HOST, RECDB_QSTRING);
- nickserv_conf.ldap_host = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING);
+ nickserv_conf.ldap_uri = str ? str : "";
- str = database_get_data(conf_node, KEY_LDAP_PORT, RECDB_QSTRING);
- nickserv_conf.ldap_port = str ? strtoul(str, NULL, 0) : LDAP_PORT;
-
str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING);
nickserv_conf.ldap_base = str ? str : "";
str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING);
nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0;
+ str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING);
+ nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5;
+
str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING);
nickserv_conf.ldap_admin_dn = str ? str : "";
str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING);
nickserv_conf.ldap_field_email = str ? str : "";
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_dn = str ? str : "";
+
+ str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING);
+ nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99;
+
+ str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING);
+ nickserv_conf.ldap_field_group_member = str ? str : "";
+
+ free_string_list(nickserv_conf.ldap_object_classes);
+ strlist = database_get_data(conf_node, KEY_LDAP_OBJECT_CLASSES, RECDB_STRING_LIST);
+ if(strlist)
+ strlist = string_list_copy(strlist);
+ else {
+ strlist = alloc_string_list(4);
+ string_list_append(strlist, strdup("top"));
+ }
+ nickserv_conf.ldap_object_classes = strlist;
+
#endif
}
break;
case RECLAIM_KILL:
msg = user_find_message(user, "NSMSG_RECLAIM_KILL");
- irc_kill(nickserv, user, msg);
+ DelUser(user, nickserv, 1, msg);
break;
}
}
timeq_add(now + nickserv_conf.auto_reclaim_delay, nickserv_reclaim_p, user);
else
nickserv_reclaim(user, ni, nickserv_conf.auto_reclaim_action);
- return 0;
-}
-int
-handle_new_user(struct userNode *user)
-{
- return check_user_nick(user);
+ return 0;
}
void
hi = dict_find(nickserv_handle_dict, stamp, NULL);
if(hi && timestamp && hi->registered != timestamp)
{
- log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered);
+ log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp),
+ctime(&hi->registered));
return;
}
#else
regfree(&nickserv_conf.valid_nick_regex);
}
+void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle)) {
+ if (!*nickserv_conf.auto_oper || !user->handle_info)
+ return;
+
+ if (!IsOper(user)) {
+ if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) {
+ irc_umode(user, nickserv_conf.auto_admin);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator",
+ user->nick, user->ident, user->hostname);
+ } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) {
+ irc_umode(user, nickserv_conf.auto_oper);
+ irc_sno(0x1, "%s (%s@%s) is now an IRC Operator",
+ user->nick, user->ident, user->hostname);
+ }
+ }
+}
+
void
init_nickserv(const char *nick)
{
struct chanNode *chan;
unsigned int i;
NS_LOG = log_register_type("NickServ", "file:nickserv.log");
- reg_new_user_func(handle_new_user);
+ reg_new_user_func(check_user_nick);
reg_nick_change_func(handle_nick_change);
reg_del_user_func(nickserv_remove_user);
reg_account_func(handle_account);
+ reg_auth_func(handle_loc_auth_oper);
/* set up handle_inverse_flags */
memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags));
nickserv_define_func("USERINFO", cmd_userinfo, -1, 1, 0);
nickserv_define_func("RENAME", cmd_rename_handle, -1, 1, 0);
nickserv_define_func("VACATION", cmd_vacation, -1, 1, 0);
- nickserv_define_func("MERGE", cmd_merge, 0, 1, 0);
+ nickserv_define_func("MERGE", cmd_merge, 750, 1, 0);
if (!nickserv_conf.disable_nicks) {
/* nick management commands */
nickserv_define_func("REGNICK", cmd_regnick, -1, 1, 0);
nickserv_define_func("SEARCH UNREGISTER", NULL, 800, 1, 0);
nickserv_define_func("MERGEDB", cmd_mergedb, 999, 1, 0);
nickserv_define_func("CHECKPASS", cmd_checkpass, 601, 1, 0);
+ nickserv_define_func("CHECKEMAIL", cmd_checkemail, 0, 1, 0);
/* other options */
dict_insert(nickserv_opt_dict, "INFO", opt_info);
dict_insert(nickserv_opt_dict, "WIDTH", opt_width);
dict_insert(nickserv_opt_dict, "MAXLOGINS", opt_maxlogins);
dict_insert(nickserv_opt_dict, "ADVANCED", opt_advanced);
dict_insert(nickserv_opt_dict, "LANGUAGE", opt_language);
+ dict_insert(nickserv_opt_dict, "KARMA", opt_karma);
nickserv_handle_dict = dict_new();
dict_set_free_keys(nickserv_handle_dict, free);
if (nick) {
const char *modes = conf_get_data("services/nickserv/modes", RECDB_QSTRING);
- nickserv = AddService(nick, modes ? modes : NULL, "Nick Services", NULL);
+ nickserv = AddLocalUser(nick, nick, NULL, "Nick Services", modes);
nickserv_service = service_register(nickserv);
}
saxdb_register("NickServ", nickserv_saxdb_read, nickserv_saxdb_write);