X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/1ef37f9e521eaa2673d792badff62c25681a009e..417fb317ef06ddb2acee66d28b368319f6b71529:/src/nickserv.c?ds=sidebyside

diff --git a/src/nickserv.c b/src/nickserv.c
index 7435a45..c9d2e52 100644
--- a/src/nickserv.c
+++ b/src/nickserv.c
@@ -254,6 +254,7 @@ static const struct message_entry msgtab[] = {
     { "NSMSG_HANDLEINFO_COOKIE_EMAIL_DATA", "Cookie: New email address: %s" },
     { "NSMSG_HANDLEINFO_INFOLINE", "Infoline: %s" },
     { "NSMSG_HANDLEINFO_FLAGS", "Flags: %s" },
+    { "NSMSG_HANDLEINFO_OPSERV_LEVEL", "Opserv level: %d " },
     { "NSMSG_HANDLEINFO_EPITHET", "Epithet: %s" },
     { "NSMSG_HANDLEINFO_NOTE", "Note (by %s on %s): %s " },
     { "NSMSG_HANDLEINFO_FAKEHOST", "Fake host: %s" },
@@ -1795,6 +1796,10 @@ static NICKSERV_FUNC(cmd_handleinfo)
 	reply("NSMSG_HANDLEINFO_FLAGS", nsmsg_none);
     }
 
+    if (hi->opserv_level > 0) {
+        reply("NSMSG_HANDLEINFO_OPSERV_LEVEL", hi->opserv_level);
+    }
+
     if (HANDLE_FLAGGED(hi, SUPPORT_HELPER)
         || HANDLE_FLAGGED(hi, NETWORK_HELPER)
         || (hi->opserv_level > 0)) {
@@ -2122,6 +2127,10 @@ struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *us
             handle = hi->handle;
     }
     
+    /* Ensure handle is valid if not found in internal DB */
+    if (!hi && (!handle || !is_valid_handle(handle)))
+        return 0;
+
 #ifdef WITH_LDAP
     if (nickserv_conf.ldap_enable && (password != NULL)) {
         ldap_result = ldap_check_auth(handle, password);
@@ -2288,6 +2297,7 @@ struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *us
 static NICKSERV_FUNC(cmd_auth)
 {
     int pw_arg, used, maxlogins;
+    int sslfpauth = 0;
     struct handle_info *hi;
     const char *passwd;
     const char *handle;
@@ -2419,11 +2429,15 @@ static NICKSERV_FUNC(cmd_auth)
         argv[pw_arg] = "BADMASK";
         return 1;
     }
+
+    if (valid_user_sslfp(user, hi))
+        sslfpauth = 1;
+
 #ifdef WITH_LDAP
     if(( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS )  ||
-        ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) && !valid_user_sslfp(user, hi)) {
+        ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) && !sslfpauth) {
 #else
-    if (!checkpass(passwd, hi->passwd) && !valid_user_sslfp(user, hi)) {
+    if (!checkpass(passwd, hi->passwd) && !sslfpauth) {
 #endif
         unsigned int n;
         send_message_type(4, user, cmd->parent->bot,
@@ -2467,9 +2481,9 @@ static NICKSERV_FUNC(cmd_auth)
     set_user_handle_info(user, hi, 1);
     if (nickserv_conf.email_required && !hi->email_addr)
         reply("NSMSG_PLEASE_SET_EMAIL");
-    if (!is_secure_password(hi->handle, passwd, NULL))
+    if (!sslfpauth && !is_secure_password(hi->handle, passwd, NULL))
         reply("NSMSG_WEAK_PASSWORD");
-    if (hi->passwd[0] != '$')
+    if (!sslfpauth && (hi->passwd[0] != '$'))
         cryptpass(passwd, hi->passwd);
 
    /* If a channel was waiting for this user to auth, 
@@ -5317,8 +5331,9 @@ nickserv_conf_read(void)
     if(nickserv_conf.ldap_enable > 0) {
         /* ldap is enabled but not compiled in - error out */
         log_module(MAIN_LOG, LOG_ERROR, "ldap is enabled in config, but not compiled in!");
-        nickserv_conf.ldap_enable = 0;
-        sleep(5);
+        exit(2);
+        /* nickserv_conf.ldap_enable = 0; */
+        /* sleep(5); */
     }
 #endif 
 
@@ -5426,6 +5441,7 @@ static int
 check_user_nick(struct userNode *user, UNUSED_ARG(void *extra)) {
     struct nick_info *ni;
     user->modes &= ~FLAGS_REGNICK;
+
     if (!(ni = get_nick_info(user->nick)))
         return 0;
     if (user->handle_info == ni->owner) {
@@ -5446,6 +5462,21 @@ check_user_nick(struct userNode *user, UNUSED_ARG(void *extra)) {
     return 0;
 }
 
+static int
+new_user_event(struct userNode *user, void *extra) {
+    /* If the user's server is not bursting,
+     * the user is authed, the account has autohide set
+     * and the user doesn't have user mode +x then apply
+     * the autohide setting.
+     */
+    if (!user->uplink->burst && user->handle_info &&
+        HANDLE_FLAGGED(user->handle_info, AUTOHIDE) &&
+        !IsHiddenHost(user))
+        irc_umode(user, "+x");
+
+    return check_user_nick(user, extra);
+}
+
 void
 handle_account(struct userNode *user, const char *stamp)
 {
@@ -5764,7 +5795,7 @@ sasl_packet(struct SASLSession *session)
 
         log_module(NS_LOG, LOG_DEBUG, "SASL: Checking supplied credentials");
 
-        if (c != 2)
+        if ((c != 2) || !(*authcid))
         {
             log_module(NS_LOG, LOG_DEBUG, "SASL: Incomplete credentials supplied");
             irc_sasl(session->source, session->uid, "D", "F");
@@ -5778,10 +5809,18 @@ sasl_packet(struct SASLSession *session)
             }
             else
             {
-                if (*authzid && irccasecmp(authzid, authcid) && HANDLE_FLAGGED(hi, IMPERSONATE))
+                if (*authzid && irccasecmp(authzid, authcid))
                 {
-                    hii = hi;
-                    hi = get_handle_info(authzid);
+                    if (HANDLE_FLAGGED(hi, IMPERSONATE))
+                    {
+                        hii = hi;
+                        hi = get_handle_info(authzid);
+                    }
+                    else
+                    {
+                        log_module(NS_LOG, LOG_DEBUG, "SASL: Impersonation unauthorized");
+                        hi = NULL;
+                    }
                 }
                 if (hi)
                 {
@@ -5951,7 +5990,7 @@ init_nickserv(const char *nick)
     struct chanNode *chan;
     unsigned int i;
     NS_LOG = log_register_type("NickServ", "file:nickserv.log");
-    reg_new_user_func(check_user_nick, NULL);
+    reg_new_user_func(new_user_event, NULL);
     reg_nick_change_func(handle_nick_change, NULL);
     reg_del_user_func(nickserv_remove_user, NULL);
     reg_account_func(handle_account);