X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/0f6fe38cf6a842e638aa35ac7641e1e792634e2c..59b38cc02dd57c5a072cf206794548fbb37e0571:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index 1c7def2..4e0d1bd 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -128,6 +128,7 @@ #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" #define KEY_LDAP_TIMEOUT "ldap_timeout" #endif @@ -1062,10 +1063,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { if(user) - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1874,9 +1875,9 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } #ifdef WITH_LDAP @@ -1934,7 +1935,7 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; @@ -1944,7 +1945,6 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1957,7 +1957,6 @@ struct handle_info *loc_auth(char *handle, char *password) return NULL; } } -// else #else if (!hi) { return NULL; @@ -1968,7 +1967,16 @@ struct handle_info *loc_auth(char *handle, char *password) } #endif #ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ @@ -1976,6 +1984,7 @@ struct handle_info *loc_auth(char *handle, char *password) int rc; /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ if(nickserv_conf.default_hostmask) mask = "*@*"; else @@ -2012,14 +2021,52 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2093,8 +2140,7 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; -#ifdef notdef - } else if (argc == 2) { + } else if (argc == 2 && !nickserv_conf.ldap_enable) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { reply("NSMSG_HANDLE_NOT_FOUND"); @@ -2112,7 +2158,6 @@ static NICKSERV_FUNC(cmd_auth) hi = ni->owner; } pw_arg = 1; -#endif } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); @@ -3065,7 +3110,7 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3221,7 +3266,7 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); @@ -4757,6 +4802,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : "";