X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/1fe3e66c35da96898c54d5689d4ecb1456d0c22b..c73514ea1e6c286b2418e7b845c99a4d36601570:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index a28d687..01c6325 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -58,6 +58,8 @@ #define KEY_TITLEHOST_SUFFIX "titlehost_suffix" #define KEY_AUTO_OPER "auto_oper" #define KEY_AUTO_ADMIN "auto_admin" +#define KEY_AUTO_OPER_PRIVS "auto_oper_privs" +#define KEY_AUTO_ADMIN_PRIVS "auto_admin_privs" #define KEY_FLAG_LEVELS "flag_levels" #define KEY_HANDLE_EXPIRE_FREQ "handle_expire_freq" #define KEY_ACCOUNT_EXPIRE_FREQ "account_expire_freq" @@ -78,14 +80,15 @@ #define KEY_COOKIE_TIMEOUT "cookie_timeout" #define KEY_ACCOUNTS_PER_EMAIL "accounts_per_email" #define KEY_EMAIL_SEARCH_LEVEL "email_search_level" +#define KEY_DEFAULT_STYLE "default_style" #define KEY_OUNREGISTER_INACTIVE "ounregister_inactive" #define KEY_OUNREGISTER_FLAGS "ounregister_flags" -#define KEY_DEFAULT_STYLE "default_style" #define KEY_ID "id" #define KEY_PASSWD "passwd" #define KEY_NICKS "nicks" #define KEY_MASKS "masks" +#define KEY_SSLFPS "sslfps" #define KEY_IGNORES "ignores" #define KEY_OPSERV_LEVEL "opserv_level" #define KEY_FLAGS "flags" @@ -107,13 +110,12 @@ #define KEY_ALLOWAUTH "allowauth" #define KEY_EPITHET "epithet" #define KEY_TABLE_WIDTH "table_width" +#define KEY_ANNOUNCEMENTS "announcements" #define KEY_MAXLOGINS "maxlogins" #define KEY_FAKEHOST "fakehost" -#define KEY_NOTES "notes" -#define KEY_NOTE_EXPIRES "expires" -#define KEY_NOTE_SET "set" -#define KEY_NOTE_SETTER "setter" #define KEY_NOTE_NOTE "note" +#define KEY_NOTE_SETTER "setter" +#define KEY_NOTE_DATE "date" #define KEY_KARMA "karma" #define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase" @@ -130,8 +132,10 @@ #define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account" #define KEY_LDAP_FIELD_PASSWORD "ldap_field_password" #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" +#define KEY_LDAP_FIELD_OSLEVEL "ldap_field_oslevel" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" #define KEY_LDAP_TIMEOUT "ldap_timeout" #endif @@ -139,10 +143,10 @@ #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" #define NICKSERV_FUNC(NAME) MODCMD_FUNC(NAME) -#define OPTION_FUNC(NAME) int NAME(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[]) +#define OPTION_FUNC(NAME) int NAME(UNUSED_ARG(struct svccmd *cmd), struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[]) typedef OPTION_FUNC(option_func_t); -DEFINE_LIST(handle_info_list, struct handle_info*); +DEFINE_LIST(handle_info_list, struct handle_info*) #define NICKSERV_MIN_PARMS(N) do { \ if (argc < N) { \ @@ -159,7 +163,7 @@ extern struct string_list *autojoin_channels; static struct module *nickserv_module; static struct service *nickserv_service; static struct log_type *NS_LOG; -static dict_t nickserv_handle_dict; /* contains struct handle_info* */ +dict_t nickserv_handle_dict; /* contains struct handle_info* */ static dict_t nickserv_id_dict; /* contains struct handle_info* */ static dict_t nickserv_nick_dict; /* contains struct nick_info* */ static dict_t nickserv_opt_dict; /* contains option_func_t* */ @@ -235,7 +239,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_HANDLEINFO_REGGED", "Registered on: %s" }, { "NSMSG_HANDLEINFO_LASTSEEN", "Last seen: %s" }, { "NSMSG_HANDLEINFO_LASTSEEN_NOW", "Last seen: Right now!" }, - { "NSMSG_HANDLEINFO_KARMA", " Karma: %d" }, + { "NSMSG_HANDLEINFO_KARMA", "Karma: %d" }, { "NSMSG_HANDLEINFO_VACATION", "On vacation." }, { "NSMSG_HANDLEINFO_EMAIL_ADDR", "Email address: %s" }, { "NSMSG_HANDLEINFO_COOKIE_ACTIVATION", "Cookie: There is currently an activation cookie issued for this account" }, @@ -246,14 +250,15 @@ static const struct message_entry msgtab[] = { { "NSMSG_HANDLEINFO_INFOLINE", "Infoline: %s" }, { "NSMSG_HANDLEINFO_FLAGS", "Flags: %s" }, { "NSMSG_HANDLEINFO_EPITHET", "Epithet: %s" }, + { "NSMSG_HANDLEINFO_NOTE", "Note (by %s on %s): %s " }, { "NSMSG_HANDLEINFO_FAKEHOST", "Fake host: %s" }, + { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." }, + { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" }, { "NSMSG_HANDLEINFO_LAST_HOST", "Last quit hostmask: %s" }, { "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" }, - { "NSMSG_HANDLEINFO_NO_NOTES", " Notes: None" }, - { "NSMSG_HANDLEINFO_NOTE_EXPIRES", " Note %d (%s ago by %s, expires %s): %s" }, - { "NSMSG_HANDLEINFO_NOTE", " Note %d (%s ago by %s): %s" }, { "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" }, { "NSMSG_HANDLEINFO_MASKS", "Hostmask(s): %s" }, + { "NSMSG_HANDLEINFO_SSLFPS", "SSL Fingerprints(s): %s" }, { "NSMSG_HANDLEINFO_IGNORES", "Ignore(s): %s" }, { "NSMSG_HANDLEINFO_CHANNELS", "Channel(s): %s" }, { "NSMSG_HANDLEINFO_CURRENT", "Current nickname(s): %s" }, @@ -261,9 +266,6 @@ static const struct message_entry msgtab[] = { { "NSMSG_USERINFO_AUTHED_AS", "$b%s$b is authenticated to account $b%s$b." }, { "NSMSG_USERINFO_NOT_AUTHED", "$b%s$b is not authenticated to any account." }, { "NSMSG_NICKINFO_OWNER", "Nick $b%s$b is owned by account $b%s$b." }, - { "NSMSG_NOTE_EXPIRES", "Note %d (%s ago by %s, expires %s): %s" }, - { "NSMSG_NOTE", "Note %d (%s ago by %s): %s" }, - { "NSMSG_NOTE_COUNT", "%u note(s) for %s." }, { "NSMSG_PASSWORD_INVALID", "Incorrect password; please try again." }, { "NSMSG_PLEASE_SET_EMAIL", "We now require email addresses for users. Please use the $bset email$b command to set your email address!" }, { "NSMSG_WEAK_PASSWORD", "WARNING: You are using a password that is considered weak (easy to guess). It is STRONGLY recommended you change it (now, if not sooner) by typing \"/msg $S@$s PASS oldpass newpass\" (with your current password and a new password)." }, @@ -286,9 +288,13 @@ static const struct message_entry msgtab[] = { { "NSMSG_ADDMASK_SUCCESS", "Hostmask %s added." }, { "NSMSG_ADDIGNORE_ALREADY", "$b%s$b is already an ignored hostmask in your account." }, { "NSMSG_ADDIGNORE_SUCCESS", "Hostmask %s added." }, + { "NSMSG_ADDSSLFP_ALREADY", "$b%s$b is already an SSL fingerprint in your account." }, + { "NSMSG_ADDSSLFP_SUCCESS", "SSL fingerprint %s added." }, { "NSMSG_DELMASK_NOTLAST", "You may not delete your last hostmask." }, { "NSMSG_DELMASK_SUCCESS", "Hostmask %s deleted." }, { "NSMSG_DELMASK_NOT_FOUND", "Unable to find mask to be deleted." }, + { "NSMSG_DELSSLFP_SUCCESS", "SSL fingerprint %s deleted." }, + { "NSMSG_DELSSLFP_NOT_FOUND", "Unable to find SSL fingerprint to be deleted." }, { "NSMSG_OPSERV_LEVEL_BAD", "You may not promote another oper above your level." }, { "NSMSG_USE_CMD_PASS", "Please use the PASS command to change your password." }, { "NSMSG_UNKNOWN_NICK", "I know nothing about nick $b%s$b." }, @@ -308,10 +314,6 @@ static const struct message_entry msgtab[] = { { "NSMSG_CANNOT_GHOST_USER", "$b%s$b is not authed to your account; you may not ghost-kill them." }, { "NSMSG_GHOST_KILLED", "$b%s$b has been killed as a ghost." }, { "NSMSG_ON_VACATION", "You are now on vacation. Your account will be preserved until you authenticate again." }, - { "NSMSG_EXCESSIVE_DURATION", "$b%s$b is too long for this command." }, - { "NSMSG_NOTE_ADDED", "Note $b%d$b added to $b%s$b." }, - { "NSMSG_NOTE_REMOVED", "Note $b%d$b removed from $b%s$b." }, - { "NSMSG_NO_SUCH_NOTE", "Account $b%s$b does not have a note with ID $b%d$b." }, { "NSMSG_NO_ACCESS", "Access denied." }, { "NSMSG_INVALID_FLAG", "$b%c$b is not a valid $N account flag." }, { "NSMSG_SET_FLAG", "Applied flags $b%s$b to %s's $N account." }, @@ -329,6 +331,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_CANNOT_MERGE_SELF", "You cannot merge account $b%s$b with itself." }, { "NSMSG_HANDLES_MERGED", "Merged account $b%s$b into $b%s$b." }, { "NSMSG_RECLAIM_WARN", "%s is a registered nick - you must auth to account %s or change your nick." }, + { "NSMSG_RECLAIM_HOWTO", "To auth to account %s you must use /msg %s@%s AUTH %s " }, { "NSMSG_RECLAIM_KILL", "Unauthenticated user of nick." }, { "NSMSG_RECLAIMED_NONE", "You cannot manually reclaim a nick." }, { "NSMSG_RECLAIMED_WARN", "Sent a request for %s to change their nick." }, @@ -339,12 +342,14 @@ static const struct message_entry msgtab[] = { { "NSMSG_SETTING_LIST_HEADER", "----------------------------------------" }, { "NSMSG_SETTING_LIST_END", "-------------End Of Settings------------" }, { "NSMSG_INVALID_OPTION", "$b%s$b is an invalid account setting." }, + { "NSMSG_INVALID_ANNOUNCE", "$b%s$b is an invalid announcements value." }, { "NSMSG_SET_INFO", "$bINFO: $b%s" }, { "NSMSG_SET_WIDTH", "$bWIDTH: $b%d" }, { "NSMSG_SET_TABLEWIDTH", "$bTABLEWIDTH: $b%d" }, { "NSMSG_SET_COLOR", "$bCOLOR: $b%s" }, { "NSMSG_SET_PRIVMSG", "$bPRIVMSG: $b%s" }, { "NSMSG_SET_STYLE", "$bSTYLE: $b%s" }, + { "NSMSG_SET_ANNOUNCEMENTS", "$bANNOUNCEMENTS: $b%s" }, { "NSMSG_SET_AUTOHIDE", "$bAUTOHIDE: $b%s" }, { "NSMSG_SET_PASSWORD", "$bPASSWORD: $b%s" }, { "NSMSG_SET_FLAGS", "$bFLAGS: $b%s" }, @@ -354,11 +359,9 @@ static const struct message_entry msgtab[] = { { "NSMSG_SET_LANGUAGE", "$bLANGUAGE: $b%s" }, { "NSMSG_SET_LEVEL", "$bLEVEL: $b%d" }, { "NSMSG_SET_EPITHET", "$bEPITHET: $b%s" }, + { "NSMSG_SET_NOTE", "$bNOTE: $b%s"}, { "NSMSG_SET_TITLE", "$bTITLE: $b%s" }, { "NSMSG_SET_FAKEHOST", "$bFAKEHOST: $b%s" }, - { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" }, - - { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." }, { "NSMSG_AUTO_OPER", "You have been auto-opered" }, { "NSMSG_AUTO_OPER_ADMIN", "You have been auto-admined" }, @@ -414,27 +417,22 @@ static const struct message_entry msgtab[] = { { "NSMSG_NOT_VALID_FAKEHOST_REGEX", "$b%s$b is not allowed by the admin, consult the valid vhost regex pattern in the config file under nickserv/valid_fakehost_regex." }, { "CHECKPASS_YES", "Yes." }, { "CHECKPASS_NO", "No." }, + { "CHECKEMAIL_NOT_SET", "No email set." }, + { "CHECKEMAIL_YES", "Yes." }, + { "CHECKEMAIL_NO", "No." }, { "NSMSG_DEFCON_NO_NEW_NICKS", "You cannot register new %s at this time, please try again soon" }, { NULL, NULL } }; static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action); static void nickserv_reclaim_p(void *data); -static int nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask); +static int nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask); struct nickserv_config nickserv_conf; /* We have 2^32 unique account IDs to use. */ unsigned long int highest_id = 0; -#define WALK_NOTES(HANDLE, PREV, NOTE) \ - for (PREV = NULL, NOTE = (HANDLE)->notes; NOTE != NULL; PREV = NOTE, NOTE = NOTE->next) \ - if (NOTE->expires && NOTE->expires < now) { \ - if (PREV) PREV->next = NOTE->next; else (HANDLE)->notes = NOTE->next; \ - free(NOTE); \ - if (!(NOTE = PREV ? PREV : (HANDLE)->notes)) break; \ - } else - static char * canonicalize_hostmask(char *mask) { @@ -447,6 +445,17 @@ canonicalize_hostmask(char *mask) return mask; } +static struct handle_note * +nickserv_add_note(const char *setter, time_t date, const char *text) +{ + struct handle_note *note = calloc(1, sizeof(*note) + strlen(text)); + + strncpy(note->setter, setter, sizeof(note->setter)-1); + note->date = date; + memcpy(note->note, text, strlen(text)); + return note; +} + static struct handle_info * register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long id)) { @@ -454,6 +463,7 @@ register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long hi = calloc(1, sizeof(*hi)); hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE; + hi->announcements = '?'; hi->handle = strdup(handle); safestrncpy(hi->passwd, passwd, sizeof(hi->passwd)); hi->infoline = NULL; @@ -500,21 +510,25 @@ delete_nick(struct nick_info *ni) } static unreg_func_t *unreg_func_list; +static void **unreg_func_list_extra; static unsigned int unreg_func_size = 0, unreg_func_used = 0; void -reg_unreg_func(unreg_func_t func) +reg_unreg_func(unreg_func_t func, void *extra) { if (unreg_func_used == unreg_func_size) { if (unreg_func_size) { unreg_func_size <<= 1; unreg_func_list = realloc(unreg_func_list, unreg_func_size*sizeof(unreg_func_t)); + unreg_func_list_extra = realloc(unreg_func_list_extra, unreg_func_size*sizeof(void*)); } else { unreg_func_size = 8; unreg_func_list = malloc(unreg_func_size*sizeof(unreg_func_t)); + unreg_func_list_extra = malloc(unreg_func_size*sizeof(void*)); } } - unreg_func_list[unreg_func_used++] = func; + unreg_func_list[unreg_func_used] = func; + unreg_func_list_extra[unreg_func_used++] = extra; } static void @@ -532,6 +546,7 @@ free_handle_info(void *vhi) struct handle_info *hi = vhi; free_string_list(hi->masks); + free_string_list(hi->sslfps); free_string_list(hi->ignores); assert(!hi->users); @@ -539,16 +554,12 @@ free_handle_info(void *vhi) delete_nick(hi->nicks); free(hi->infoline); free(hi->epithet); + free(hi->note); free(hi->fakehost); if (hi->cookie) { timeq_del(hi->cookie->expires, nickserv_free_cookie, hi->cookie, 0); nickserv_free_cookie(hi->cookie); } - while (hi->notes) { - struct handle_note *note = hi->notes; - hi->notes = note->next; - free(note); - } if (hi->email_addr) { struct handle_info_list *hil = dict_find(nickserv_email_dict, hi->email_addr, NULL); handle_info_list_remove(hil, hi); @@ -581,7 +592,7 @@ nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, stru } #endif for (n=0; nusers) { if (nickserv_conf.sync_log) { uNode = GetUserH(hi->users->nick); @@ -777,7 +788,7 @@ smart_get_handle_info(struct userNode *service, struct userNode *user, const cha } int -oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) { +oper_outranks(struct userNode *user, struct handle_info *hi) { if (user->handle_info->opserv_level > hi->opserv_level) return 1; if (user->handle_info->opserv_level == hi->opserv_level) { @@ -789,12 +800,12 @@ oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) return 1; } } - reply("MSG_USER_OUTRANKED", hi->handle); + send_message(user, nickserv, "MSG_USER_OUTRANKED", hi->handle); return 0; } struct handle_info * -get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target) +get_victim_oper(struct userNode *user, const char *target) { struct handle_info *hi; if (!(hi = smart_get_handle_info(nickserv, user, target))) @@ -803,7 +814,7 @@ get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target) send_message(user, nickserv, "MSG_OPER_SUSPENDED"); return 0; } - return oper_outranks(cmd, user, hi) ? hi : NULL; + return oper_outranks(user, hi) ? hi : NULL; } static int @@ -816,7 +827,7 @@ valid_user_for(struct userNode *user, struct handle_info *hi) return 1; /* If any hostmask matches, allow it. */ for (ii=0; iimasks->used; ii++) - if (user_matches_glob(user, hi->masks->list[ii], 0)) + if (user_matches_glob(user, hi->masks->list[ii], 0, 0)) return 1; /* If they are allowauthed to this account, allow it (removing the aa). */ if (dict_find(nickserv_allow_auth_dict, user->nick, NULL) == hi) { @@ -827,6 +838,25 @@ valid_user_for(struct userNode *user, struct handle_info *hi) return 0; } +static int +valid_user_sslfp(struct userNode *user, struct handle_info *hi) +{ + unsigned int ii; + + if (!hi->sslfps->used) + return 0; + if (!(user->sslfp)) + return 0; + + /* If any SSL fingerprint matches, allow it. */ + for (ii=0; iisslfps->used; ii++) + if (!irccasecmp(user->sslfp, hi->sslfps->list[ii])) + return 1; + + /* No valid SSL fingerprint found. */ + return 0; +} + static int is_secure_password(const char *handle, const char *pass, struct userNode *user) { @@ -870,39 +900,47 @@ is_secure_password(const char *handle, const char *pass, struct userNode *user) } static auth_func_t *auth_func_list; +static void **auth_func_list_extra; static unsigned int auth_func_size = 0, auth_func_used = 0; void -reg_auth_func(auth_func_t func) +reg_auth_func(auth_func_t func, void *extra) { if (auth_func_used == auth_func_size) { if (auth_func_size) { auth_func_size <<= 1; auth_func_list = realloc(auth_func_list, auth_func_size*sizeof(auth_func_t)); + auth_func_list_extra = realloc(auth_func_list_extra, auth_func_size*sizeof(void*)); } else { auth_func_size = 8; auth_func_list = malloc(auth_func_size*sizeof(auth_func_t)); + auth_func_list_extra = malloc(auth_func_size*sizeof(void*)); } } - auth_func_list[auth_func_used++] = func; + auth_func_list[auth_func_used] = func; + auth_func_list_extra[auth_func_used++] = extra; } static handle_rename_func_t *rf_list; +static void **rf_list_extra; static unsigned int rf_list_size, rf_list_used; void -reg_handle_rename_func(handle_rename_func_t func) +reg_handle_rename_func(handle_rename_func_t func, void *extra) { if (rf_list_used == rf_list_size) { if (rf_list_size) { rf_list_size <<= 1; rf_list = realloc(rf_list, rf_list_size*sizeof(rf_list[0])); + rf_list_extra = realloc(rf_list_extra, rf_list_size*sizeof(void*)); } else { rf_list_size = 8; rf_list = malloc(rf_list_size*sizeof(rf_list[0])); + rf_list_extra = malloc(rf_list_size*sizeof(void*)); } } - rf_list[rf_list_used++] = func; + rf_list[rf_list_used] = func; + rf_list_extra[rf_list_used++] = extra; } static char * @@ -960,7 +998,7 @@ void send_func_list(struct userNode *user) old_info = user->handle_info; for (n=0; nhandle_info->users == user) { user->handle_info->users = user->next_authed; - } else { + } else if (user->handle_info->users != NULL) { for (other = user->handle_info->users; other->next_authed != user; other = other->next_authed) ; other->next_authed = user->next_authed; + } else { + /* No users authed to the account - can happen if they get + * killed for authing. */ } /* if nobody left on old handle, and they're not an oper, remove !god */ if (!user->handle_info->users && !user->handle_info->opserv_level) @@ -1022,7 +1063,7 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) hi->users = user; hi->lastseen = now; /* Add to helpers list */ - if (IsHelper(user)) + if (IsHelper(user) && !userList_contains(&curr_helpers, user)) userList_append(&curr_helpers, user); /* Set the fakehost */ @@ -1040,9 +1081,9 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) * account as registered nicks * - Why not just this one? -rubin */ if (!nickserv_conf.disable_nicks) { - struct nick_info *ni; - for (ni = hi->nicks; ni; ni = ni->next) { - if (!irccasecmp(user->nick, ni->nick)) { + struct nick_info *ni2; + for (ni2 = hi->nicks; ni2; ni2 = ni2->next) { + if (!irccasecmp(user->nick, ni2->nick)) { user->modes |= FLAGS_REGNICK; break; } @@ -1062,8 +1103,11 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) /* Call auth handlers */ if (GetUserH(user->nick)) { - for (n=0; ndead) + return; + } } } @@ -1080,10 +1124,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { if(user) - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1094,7 +1138,7 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { int rc; - rc = ldap_do_add(handle, crypted, NULL); + rc = ldap_do_add(handle, (no_auth ? NULL : crypted), NULL); if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) { if(user) send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); @@ -1104,6 +1148,7 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha #endif hi = register_handle(handle, crypted, 0); hi->masks = alloc_string_list(1); + hi->sslfps = alloc_string_list(1); hi->ignores = alloc_string_list(1); hi->users = NULL; hi->language = lang_C; @@ -1122,15 +1167,17 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); } } - else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + else if (user && (ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); } } else { if(user) { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if (is_registerable_nick(user->nick)) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } } if (settee && (user != settee)) { @@ -1222,6 +1269,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ else fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); + first_time = 0; break; case EMAIL_CHANGE: misc = hi->email_addr; @@ -1236,6 +1284,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ mail_send(nickserv, hi, subject, body, 1); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr); + first_time = 1; } else { #endif send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1"); @@ -1471,17 +1520,21 @@ static NICKSERV_FUNC(cmd_oregister) char* mask = NULL; char* nick = NULL; - NICKSERV_MIN_PARMS(3); + NICKSERV_MIN_PARMS(2); account = argv[1]; pass = argv[2]; if(nickserv_conf.force_handles_lowercase) irc_strtolower(account); + if (!is_valid_handle(argv[1])) { + reply("NSMSG_BAD_HANDLE", argv[1]); + return 0; + } if (nickserv_conf.email_required) { - NICKSERV_MIN_PARMS(4); + NICKSERV_MIN_PARMS(3); email = argv[3]; - if (argc >= 5) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */ - if (strchr(argv[4], '@') || argc >= 6) /* If @, its mask not nick */ + if (argc > 4) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */ + if (strchr(argv[4], '@')) mask = argv[4]; else nick = argv[4]; @@ -1491,8 +1544,8 @@ static NICKSERV_FUNC(cmd_oregister) } } else { - if (argc >= 4) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */ - if (strchr(argv[3], '@') || argc >= 5) /* If @, its mask not nick */ + if (argc > 3) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */ + if (strchr(argv[3], '@')) mask = argv[3]; else nick = argv[3]; @@ -1548,7 +1601,8 @@ static NICKSERV_FUNC(cmd_oregister) } if (mask) { char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); - string_list_append(hi->masks, mask_canonicalized); + if (mask_canonicalized) + string_list_append(hi->masks, mask_canonicalized); } if (nickserv_conf.sync_log) @@ -1590,7 +1644,7 @@ static NICKSERV_FUNC(cmd_oaddignore) struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; return nickserv_ignore(cmd, user, hi, argv[2]); @@ -1629,7 +1683,7 @@ static NICKSERV_FUNC(cmd_odelignore) { struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; return nickserv_delignore(cmd, user, hi, argv[2]); } @@ -1671,7 +1725,7 @@ static NICKSERV_FUNC(cmd_handleinfo) struct do_not_register *dnr; if ((dnr = chanserv_is_dnr(NULL, hi))) reply("NSMSG_HANDLEINFO_DNR", dnr->setter, dnr->reason); - if ((user->handle_info->opserv_level < 900) && !oper_outranks(cmd, user, hi)) + if ((user->handle_info->opserv_level < 900) && !oper_outranks(user, hi)) return 1; } else if (hi != user->handle_info) { reply("NSMSG_HANDLEINFO_END"); @@ -1696,26 +1750,6 @@ static NICKSERV_FUNC(cmd_handleinfo) reply(type); } - if (oper_has_access(user, cmd->parent->bot, 0, 1) || IsStaff(user)) { - if (!hi->notes) { - reply("NSMSG_HANDLEINFO_NO_NOTES"); - } else { - struct handle_note *prev, *note; - - WALK_NOTES(hi, prev, note) { - char set_time[INTERVALLEN]; - intervalString(set_time, now - note->set, user->handle_info); - if (note->expires) { - char exp_time[INTERVALLEN]; - intervalString(exp_time, note->expires - now, user->handle_info); - reply("NSMSG_HANDLEINFO_NOTE_EXPIRES", note->id, set_time, note->setter, exp_time, note->note); - } else { - reply("NSMSG_HANDLEINFO_NOTE", note->id, set_time, note->setter, note->note); - } - } - } - } - if (hi->flags) { unsigned long flen = 1; char flags[34]; /* 32 bits possible plus '+' and '\0' */ @@ -1735,6 +1769,16 @@ static NICKSERV_FUNC(cmd_handleinfo) reply("NSMSG_HANDLEINFO_EPITHET", (hi->epithet ? hi->epithet : nsmsg_none)); } + if (IsHelping(user) || IsOper(user)) + { + if (hi->note) + { + char date[64]; + strftime(date, 64, "%b %d %Y", localtime(&hi->note->date)); + reply("NSMSG_HANDLEINFO_NOTE", hi->note->setter, date, hi->note->note); + } + } + if (hi->fakehost) reply("NSMSG_HANDLEINFO_FAKEHOST", (hi->fakehost ? hi->fakehost : handle_find_message(hi, "MSG_NONE"))); @@ -1788,6 +1832,26 @@ static NICKSERV_FUNC(cmd_handleinfo) reply("NSMSG_HANDLEINFO_MASKS", nsmsg_none); } + if (hi->sslfps->used) { + for (i=0; i < hi->sslfps->used; i++) { + herelen = strlen(hi->sslfps->list[i]); + if (pos + herelen + 1 > ArrayLength(buff)) { + i--; + goto print_sslfp_buff; + } + memcpy(buff+pos, hi->sslfps->list[i], herelen); + pos += herelen; buff[pos++] = ' '; + if (i+1 == hi->sslfps->used) { + print_sslfp_buff: + buff[pos-1] = 0; + reply("NSMSG_HANDLEINFO_SSLFPS", buff); + pos = 0; + } + } + } else { + reply("NSMSG_HANDLEINFO_SSLFPS", nsmsg_none); + } + if (hi->ignores->used) { for (i=0; i < hi->ignores->used; i++) { herelen = strlen(hi->ignores->list[i]); @@ -1809,20 +1873,20 @@ static NICKSERV_FUNC(cmd_handleinfo) } if (hi->channels) { - struct userData *channel, *next; + struct userData *chan, *next; char *name; - for (channel = hi->channels; channel; channel = next) { - next = channel->u_next; - name = channel->channel->channel->name; + for (chan = hi->channels; chan; chan = next) { + next = chan->u_next; + name = chan->channel->channel->name; herelen = strlen(name); if (pos + herelen + 7 > ArrayLength(buff)) { - next = channel; + next = chan; goto print_chans_buff; } - if (IsUserSuspended(channel)) + if (IsUserSuspended(chan)) buff[pos++] = '-'; - pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(channel->access), name); + pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(chan->access), name); if (next == NULL) { print_chans_buff: buff[pos-1] = 0; @@ -1853,7 +1917,7 @@ static NICKSERV_FUNC(cmd_handleinfo) } reply("NSMSG_HANDLEINFO_END"); - return 1; + return 1 | ((hi != user->handle_info) ? CMD_LOG_STAFF : 0); } static NICKSERV_FUNC(cmd_userinfo) @@ -1885,32 +1949,6 @@ static NICKSERV_FUNC(cmd_nickinfo) return 1; } -static NICKSERV_FUNC(cmd_notes) -{ - struct handle_info *hi; - struct handle_note *prev, *note; - unsigned int hits; - - NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) - return 0; - hits = 0; - WALK_NOTES(hi, prev, note) { - char set_time[INTERVALLEN]; - intervalString(set_time, now - note->set, user->handle_info); - if (note->expires) { - char exp_time[INTERVALLEN]; - intervalString(exp_time, note->expires - now, user->handle_info); - reply("NSMSG_NOTE_EXPIRES", note->id, set_time, note->setter, exp_time, note->note); - } else { - reply("NSMSG_NOTE", note->id, set_time, note->setter, note->note); - } - ++hits; - } - reply("NSMSG_NOTE_COUNT", hits, argv[1]); - return 1; -} - static NICKSERV_FUNC(cmd_rename_handle) { struct handle_info *hi; @@ -1921,7 +1959,7 @@ static NICKSERV_FUNC(cmd_rename_handle) NICKSERV_MIN_PARMS(3); if(nickserv_conf.force_handles_lowercase) irc_strtolower(argv[2]); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (!is_valid_handle(argv[2])) { reply("NSMSG_FAIL_RENAME", argv[1], argv[2]); @@ -1931,9 +1969,9 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } #ifdef WITH_LDAP @@ -1950,7 +1988,7 @@ static NICKSERV_FUNC(cmd_rename_handle) hi->handle = strdup(argv[2]); dict_insert(nickserv_handle_dict, hi->handle, hi); for (nn=0; nnusers; uNode; uNode = uNode->next_authed) @@ -1968,21 +2006,25 @@ static NICKSERV_FUNC(cmd_rename_handle) } static failpw_func_t *failpw_func_list; +static void **failpw_func_list_extra; static unsigned int failpw_func_size = 0, failpw_func_used = 0; void -reg_failpw_func(failpw_func_t func) +reg_failpw_func(failpw_func_t func, void *extra) { if (failpw_func_used == failpw_func_size) { if (failpw_func_size) { failpw_func_size <<= 1; failpw_func_list = realloc(failpw_func_list, failpw_func_size*sizeof(failpw_func_t)); + failpw_func_list_extra = realloc(failpw_func_list_extra, failpw_func_size*sizeof(void*)); } else { failpw_func_size = 8; failpw_func_list = malloc(failpw_func_size*sizeof(failpw_func_t)); + failpw_func_list_extra = malloc(failpw_func_size*sizeof(void*)); } } - failpw_func_list[failpw_func_used++] = func; + failpw_func_list[failpw_func_used] = func; + failpw_func_list_extra[failpw_func_used++] = extra; } /* @@ -1991,92 +2033,144 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost) { - int pw_arg, used, maxlogins; + int wildmask = 0, auth = 0; + int used, maxlogins; unsigned int ii; - int wildmask = 0; struct handle_info *hi; struct userNode *other; #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif - + hi = dict_find(nickserv_handle_dict, handle, NULL); - pw_arg = 2; - + #ifdef WITH_LDAP - if(nickserv_conf.ldap_enable) { + if (nickserv_conf.ldap_enable) { ldap_result = ldap_check_auth(handle, password); - if(ldap_result != LDAP_SUCCESS) { - return NULL; + if (!hi && (ldap_result != LDAP_SUCCESS)) + return NULL; + if (ldap_result == LDAP_SUCCESS) { + /* Mark auth as successful */ + auth++; + } + + if (!hi && (ldap_result == LDAP_SUCCESS) && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + int rc; + + /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + return NULL; /* They dont have a *@* mask so they can't loc */ + + if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { + return 0; /* couldn't add the user for some reason */ + } + + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); } - } -// else -#else - if (!hi) { - return NULL; - } - - if (!checkpass(password, hi->passwd)) { - return NULL; } #endif -#ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { - /* user not found, but authed to ldap successfully.. - * create the account. - */ - char *mask; - int rc; - - /* Add a *@* mask */ - if(nickserv_conf.default_hostmask) - mask = "*@*"; - else - return NULL; /* They dont have a *@* mask so they can't loc */ - if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { - return 0; /* couldn't add the user for some reason */ - } + /* hi should now be a valid handle, if not return NULL */ + if (!hi) + return NULL; - if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) - { - if(nickserv_conf.email_required) { - return 0; +#ifdef WITH_LDAP + if (password && *password && !nickserv_conf.ldap_enable) { +#else + if (password && *password) { +#endif + if (checkpass(password, hi->passwd)) + auth++; + } + + if (!auth && sslfp && *sslfp && hi->sslfps->used) { + /* If any SSL fingerprint matches, allow it. */ + for (ii=0; iisslfps->used; ii++) { + if (!irccasecmp(sslfp, hi->sslfps->list[ii])) { + auth++; + break; } - } - if(email) { - nickserv_set_email_addr(hi, email); - free(email); - } - if(mask) { - char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); - string_list_append(hi->masks, mask_canonicalized); - } - if(nickserv_conf.sync_log) - SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); + } } -#endif - - /* Still no account, so just fail out */ - if (!hi) { + + /* Auth should have succeeded by this point */ + if (!auth) return NULL; - } /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2097,9 +2191,12 @@ struct handle_info *loc_auth(char *handle, char *password) static NICKSERV_FUNC(cmd_auth) { + char *privv[MAXNUMPARAMS]; + int privc, i; int pw_arg, used, maxlogins; struct handle_info *hi; const char *passwd; + const char *handle; struct userNode *other; #ifdef WITH_LDAP int ldap_result = LDAP_OTHER; @@ -2118,45 +2215,15 @@ static NICKSERV_FUNC(cmd_auth) return 0; } if (argc == 3) { -#ifdef WITH_LDAP - if(strchr(argv[1], '<') || strchr(argv[1], '>')) { - reply("NSMSG_NO_ANGLEBRACKETS"); - return 0; - } - if (!is_valid_handle(argv[1])) { - reply("NSMSG_BAD_HANDLE", argv[1]); - return 0; - } - - if(nickserv_conf.ldap_enable) { - ldap_result = ldap_check_auth(argv[1], argv[2]); - /* Get the users email address and update it */ - if(ldap_result == LDAP_SUCCESS) { - int rc; - if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS)) - { - if(nickserv_conf.email_required) { - reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc)); - return 0; - } - } - } - else if(ldap_result != LDAP_INVALID_CREDENTIALS) { - reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); - return 0; - } - } - -#endif - hi = dict_find(nickserv_handle_dict, argv[1], NULL); + passwd = argv[2]; + handle = argv[1]; pw_arg = 2; -#ifdef notdef + hi = dict_find(nickserv_handle_dict, argv[1], NULL); } else if (argc == 2) { + passwd = argv[1]; + pw_arg = 1; if (nickserv_conf.disable_nicks) { - if (!(hi = get_handle_info(user->nick))) { - reply("NSMSG_HANDLE_NOT_FOUND"); - return 0; - } + hi = get_handle_info(user->nick); } else { /* try to look up their handle from their nick */ /* TODO: handle ldap auth on nickserv style networks, too */ @@ -2168,13 +2235,47 @@ static NICKSERV_FUNC(cmd_auth) } hi = ni->owner; } - pw_arg = 1; -#endif + if (hi) { + handle = hi->handle; + } else { + handle = user->nick; + } } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); return 0; } + +#ifdef WITH_LDAP + if(strchr(argv[1], '<') || strchr(handle, '>')) { + reply("NSMSG_NO_ANGLEBRACKETS"); + return 0; + } + if (!is_valid_handle(handle)) { + reply("NSMSG_BAD_HANDLE", handle); + return 0; + } + + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(handle, passwd); + /* Get the users email address and update it */ + if(ldap_result == LDAP_SUCCESS) { + int rc; + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc)); + return 0; + } + } + } + else if(ldap_result != LDAP_INVALID_CREDENTIALS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + } +#endif + if (!hi) { #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { @@ -2212,7 +2313,6 @@ static NICKSERV_FUNC(cmd_auth) #endif } /* Responses from here on look up the language used by the handle they asked about. */ - passwd = argv[pw_arg]; if (!valid_user_for(user, hi)) { if (hi->email_addr && nickserv_conf.email_enabled) send_message_type(4, user, cmd->parent->bot, @@ -2226,16 +2326,17 @@ static NICKSERV_FUNC(cmd_auth) return 1; } #ifdef WITH_LDAP - if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { + if(( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) && !valid_user_sslfp(user, hi)) { #else - if (!checkpass(passwd, hi->passwd)) { + if (!checkpass(passwd, hi->passwd) && !valid_user_sslfp(user, hi)) { #endif unsigned int n; send_message_type(4, user, cmd->parent->bot, handle_find_message(hi, "NSMSG_PASSWORD_INVALID")); argv[pw_arg] = "BADPASS"; - for (n=0; nauth_policer.params) { user->auth_policer.last_req = now; @@ -2281,6 +2382,9 @@ static NICKSERV_FUNC(cmd_auth) * finish adding them */ process_adduser_pending(user); + reply("NSMSG_AUTH_SUCCESS"); + + /* Set +x if autohide is on */ if(HANDLE_FLAGGED(hi, AUTOHIDE)) irc_umode(user, "+x"); @@ -2290,16 +2394,32 @@ static NICKSERV_FUNC(cmd_auth) /* Auto Oper users with Opserv access -Life4Christ 8-10-2005 */ if( nickserv_conf.auto_admin[0] && hi->opserv_level >= opserv_conf_admin_level()) { + if (nickserv_conf.auto_admin_privs[0]) { + irc_raw_privs(user, nickserv_conf.auto_admin_privs); + privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv); + for (i = 0; i < privc; i++) { + client_modify_priv_by_name(user, privv[i], 1); + } + } irc_umode(user,nickserv_conf.auto_admin); reply("NSMSG_AUTO_OPER_ADMIN"); } else if (nickserv_conf.auto_oper[0] && hi->opserv_level > 0) { + if (nickserv_conf.auto_oper_privs[0]) { + irc_raw_privs(user, nickserv_conf.auto_oper_privs); + privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv); + for (i = 0; i < privc; i++) { + client_modify_priv_by_name(user, privv[i], 1); + } + } irc_umode(user,nickserv_conf.auto_oper); reply("NSMSG_AUTO_OPER"); } } + /* Wipe out the pass for the logs */ + if (!hi->masks->used) { irc_in_addr_t ip; string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); @@ -2307,30 +2427,30 @@ static NICKSERV_FUNC(cmd_auth) string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); } - /* Wipe out the pass for the logs */ argv[pw_arg] = "****"; - - reply("NSMSG_AUTH_SUCCESS"); - return 1; } static allowauth_func_t *allowauth_func_list; +static void **allowauth_func_list_extra; static unsigned int allowauth_func_size = 0, allowauth_func_used = 0; void -reg_allowauth_func(allowauth_func_t func) +reg_allowauth_func(allowauth_func_t func, void *extra) { if (allowauth_func_used == allowauth_func_size) { if (allowauth_func_size) { allowauth_func_size <<= 1; allowauth_func_list = realloc(allowauth_func_list, allowauth_func_size*sizeof(allowauth_func_t)); + allowauth_func_list_extra = realloc(allowauth_func_list_extra, allowauth_func_size*sizeof(void*)); } else { allowauth_func_size = 8; allowauth_func_list = malloc(allowauth_func_size*sizeof(allowauth_func_t)); + allowauth_func_list_extra = malloc(allowauth_func_size*sizeof(void*)); } } - allowauth_func_list[allowauth_func_used++] = func; + allowauth_func_list[allowauth_func_used] = func; + allowauth_func_list_extra[allowauth_func_used++] = extra; } static NICKSERV_FUNC(cmd_allowauth) @@ -2384,7 +2504,7 @@ static NICKSERV_FUNC(cmd_allowauth) reply("NSMSG_AUTH_UNSPECIAL", target->nick); } for (n=0; ncookie) { @@ -2455,39 +2575,26 @@ static NICKSERV_FUNC(cmd_odelcookie) switch (hi->cookie->type) { case ACTIVATION: safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); - if (nickserv_conf.sync_log) - SyncLog("ACCOUNTACC %s", hi->handle); - break; - case PASSWORD_CHANGE: - safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); - if (nickserv_conf.sync_log) - SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); - break; - case EMAIL_CHANGE: - if (!hi->email_addr && nickserv_conf.sync_log) { - if (nickserv_conf.sync_log) - SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); - } #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { int rc; - if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { - /* Falied to update email in ldap, but still + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update password in ldap, but still * updated it here.. what should we do? */ - reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); - } else { - nickserv_set_email_addr(hi, hi->cookie->data); + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; } } - else { - nickserv_set_email_addr(hi, hi->cookie->data); - } -#else - nickserv_set_email_addr(hi, hi->cookie->data); #endif if (nickserv_conf.sync_log) - SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); + SyncLog("ACCOUNTACC %s", hi->handle); + break; + case PASSWORD_CHANGE: + break; + case EMAIL_CHANGE: break; + case ALLOWAUTH: + break; default: reply("NSMSG_BAD_COOKIE_TYPE", hi->cookie->type); log_module(NS_LOG, LOG_ERROR, "Bad cookie type %d for account %s.", hi->cookie->type, hi->handle); @@ -2640,9 +2747,9 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); break; case ALLOWAUTH: { - char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); + char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); set_user_handle_info(user, hi, 1); - nickserv_addmask(cmd, user, hi, mask); + nickserv_addmask(user, hi, mask); reply("NSMSG_AUTH_SUCCESS"); free(mask); break; @@ -2760,19 +2867,19 @@ static NICKSERV_FUNC(cmd_pass) } static int -nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask) +nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask) { unsigned int i; char *new_mask = canonicalize_hostmask(strdup(mask)); for (i=0; imasks->used; i++) { if (!irccasecmp(new_mask, hi->masks->list[i])) { - reply("NSMSG_ADDMASK_ALREADY", new_mask); + send_message(user, nickserv, "NSMSG_ADDMASK_ALREADY", new_mask); free(new_mask); return 0; } } string_list_append(hi->masks, new_mask); - reply("NSMSG_ADDMASK_SUCCESS", new_mask); + send_message(user, nickserv, "NSMSG_ADDMASK_SUCCESS", new_mask); return 1; } @@ -2780,7 +2887,7 @@ static NICKSERV_FUNC(cmd_addmask) { if (argc < 2) { char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); - int res = nickserv_addmask(cmd, user, user->handle_info, mask); + int res = nickserv_addmask(user, user->handle_info, mask); free(mask); return res; } else { @@ -2788,7 +2895,7 @@ static NICKSERV_FUNC(cmd_addmask) reply("NSMSG_MASK_INVALID", argv[1]); return 0; } - return nickserv_addmask(cmd, user, user->handle_info, argv[1]); + return nickserv_addmask(user, user->handle_info, argv[1]); } } @@ -2797,9 +2904,9 @@ static NICKSERV_FUNC(cmd_oaddmask) struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; - return nickserv_addmask(cmd, user, hi, argv[2]); + return nickserv_addmask(user, hi, argv[2]); } static int @@ -2833,11 +2940,85 @@ static NICKSERV_FUNC(cmd_odelmask) { struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; return nickserv_delmask(cmd, user, hi, argv[2], 1); } +static int +nickserv_addsslfp(struct userNode *user, struct handle_info *hi, const char *sslfp) +{ + unsigned int i; + char *new_sslfp = strdup(sslfp); + for (i=0; isslfps->used; i++) { + if (!irccasecmp(new_sslfp, hi->sslfps->list[i])) { + send_message(user, nickserv, "NSMSG_ADDSSLFP_ALREADY", new_sslfp); + free(new_sslfp); + return 0; + } + } + string_list_append(hi->sslfps, new_sslfp); + send_message(user, nickserv, "NSMSG_ADDSSLFP_SUCCESS", new_sslfp); + return 1; +} + +static NICKSERV_FUNC(cmd_addsslfp) +{ + NICKSERV_MIN_PARMS((user->sslfp ? 1 : 2)); + if ((argc < 2) && (user->sslfp)) { + int res = nickserv_addsslfp(user, user->handle_info, user->sslfp); + return res; + } else { + return nickserv_addsslfp(user, user->handle_info, argv[1]); + } +} + +static NICKSERV_FUNC(cmd_oaddsslfp) +{ + struct handle_info *hi; + + NICKSERV_MIN_PARMS(3); + if (!(hi = get_victim_oper(user, argv[1]))) + return 0; + return nickserv_addsslfp(user, hi, argv[2]); +} + +static int +nickserv_delsslfp(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_sslfp) +{ + unsigned int i; + for (i=0; isslfps->used; i++) { + if (!irccasecmp(del_sslfp, hi->sslfps->list[i])) { + char *old_sslfp = hi->sslfps->list[i]; + hi->sslfps->list[i] = hi->sslfps->list[--hi->sslfps->used]; + reply("NSMSG_DELSSLFP_SUCCESS", old_sslfp); + free(old_sslfp); + return 1; + } + } + reply("NSMSG_DELSSLFP_NOT_FOUND"); + return 0; +} + +static NICKSERV_FUNC(cmd_delsslfp) +{ + NICKSERV_MIN_PARMS((user->sslfp ? 1 : 2)); + if ((argc < 2) && (user->sslfp)) { + return nickserv_delsslfp(cmd, user, user->handle_info, user->sslfp); + } else { + return nickserv_delsslfp(cmd, user, user->handle_info, argv[1]); + } +} + +static NICKSERV_FUNC(cmd_odelsslfp) +{ + struct handle_info *hi; + NICKSERV_MIN_PARMS(3); + if (!(hi = get_victim_oper(user, argv[1]))) + return 0; + return nickserv_delsslfp(cmd, user, hi, argv[2]); +} + int nickserv_modify_handle_flags(struct userNode *user, struct userNode *bot, const char *str, unsigned long *padded, unsigned long *premoved) { unsigned int nn, add = 1, pos; @@ -2888,14 +3069,10 @@ nickserv_apply_flags(struct userNode *user, struct handle_info *hi, const char * struct channelList *schannels; unsigned int ii; schannels = chanserv_support_channels(); - for (uNode = hi->users; uNode; uNode = uNode->next_authed) { - for (ii = 0; ii < schannels->used; ++ii) - if (GetUserMode(schannels->list[ii], uNode)) - break; - if (ii < schannels->used) + for (ii = 0; ii < schannels->used; ++ii) + if (find_handle_in_channel(schannels->list[ii], hi, NULL)) break; - } - if (!uNode) + if (ii == schannels->used) HANDLE_CLEAR_FLAG(hi, HELPING); } @@ -2919,7 +3096,7 @@ set_list(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, int unsigned int i; char *set_display[] = { "INFO", "WIDTH", "TABLEWIDTH", "COLOR", "PRIVMSG", "STYLE", - "EMAIL", "AUTOHIDE", "MAXLOGINS", "LANGUAGE", + "EMAIL", "ANNOUNCEMENTS", "AUTOHIDE", "MAXLOGINS", "LANGUAGE", "FAKEHOST", "TITLE", "EPITHET", "ADVANCED" }; @@ -2952,14 +3129,12 @@ static NICKSERV_FUNC(cmd_set) static NICKSERV_FUNC(cmd_oset) { - struct svccmd *subcmd; struct handle_info *hi; option_func_t *opt; - char cmdname[MAXLEN]; NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (argc < 3) { @@ -2972,11 +3147,6 @@ static NICKSERV_FUNC(cmd_oset) return 0; } - sprintf(cmdname, "%s %s", cmd->name, argv[2]); - subcmd = dict_find(cmd->parent->commands, cmdname, NULL); - if (subcmd && !svccmd_can_invoke(user, cmd->parent->bot, subcmd, NULL, SVCCMD_NOISY)) - return 0; - return opt(cmd, user, hi, 1, argc-2, argv+2); } @@ -3110,10 +3280,37 @@ static OPTION_FUNC(opt_style) return 1; } +static OPTION_FUNC(opt_announcements) +{ + const char *choice; + + if (argc > 1) { + if (enabled_string(argv[1])) + hi->announcements = 'y'; + else if (disabled_string(argv[1])) + hi->announcements = 'n'; + else if (!strcmp(argv[1], "?") || !irccasecmp(argv[1], "default")) + hi->announcements = '?'; + else { + reply("NSMSG_INVALID_ANNOUNCE", argv[1]); + return 0; + } + } + + switch (hi->announcements) { + case 'y': choice = user_find_message(user, "MSG_ON"); break; + case 'n': choice = user_find_message(user, "MSG_OFF"); break; + case '?': choice = "default"; break; + default: choice = "unknown"; break; + } + reply("NSMSG_SET_ANNOUNCEMENTS", choice); + return 1; +} + static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3262,7 +3459,7 @@ static OPTION_FUNC(opt_karma) } } - reply("NSMSG_SET_KARMA", hi->karma); + send_message(user, nickserv, "NSMSG_SET_KARMA", hi->karma); return 1; } @@ -3288,9 +3485,9 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i return 0; } #ifdef WITH_LDAP - if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { + if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); @@ -3299,6 +3496,13 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i return 0; } } + if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_field_oslevel) && *(nickserv_conf.ldap_admin_dn)) { + int rc; + if((rc = ldap_do_oslevel(target->handle, new_level, target->opserv_level)) != LDAP_SUCCESS) { + send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } #endif if (target->opserv_level == new_level) return 0; @@ -3535,6 +3739,31 @@ static OPTION_FUNC(opt_fakehost) return 1; } +static OPTION_FUNC(opt_note) +{ + if (!override) { + reply("MSG_SETTING_PRIVILEGED", argv[0]); + return 0; + } + + if (argc > 1) { + char *text = unsplit_string(argv + 1, argc - 1, NULL); + + if (hi->note) + free(hi->note); + + if ((text[0] == '*') && !text[1]) + hi->note = NULL; + else { + if (!(hi->note = nickserv_add_note(user->handle_info->handle, now, text))) + hi->note = NULL; + } + } + + reply("NSMSG_SET_NOTE", hi->note ? hi->note->note : user_find_message(user, "MSG_NONE")); + return 1; +} + static NICKSERV_FUNC(cmd_reclaim) { struct handle_info *hi; @@ -3602,8 +3831,8 @@ static NICKSERV_FUNC(cmd_ounregnick) reply("NSMSG_NICK_NOT_REGISTERED", argv[1]); return 0; } - if (!oper_outranks(cmd, user, ni->owner)) - return 0; + if (!oper_outranks(user, ni->owner)) + return 0; reply("NSMSG_UNREGNICK_SUCCESS", ni->nick); delete_nick(ni); return 1; @@ -3632,12 +3861,12 @@ static NICKSERV_FUNC(cmd_unregister) static NICKSERV_FUNC(cmd_ounregister) { + struct handle_info *hi; char reason[MAXLEN]; int force; - struct handle_info *hi; NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (HANDLE_FLAGGED(hi, NODELETE)) { @@ -3653,10 +3882,8 @@ static NICKSERV_FUNC(cmd_ounregister) reply((IsOper(user) ? "NSMSG_UNREGISTER_MUST_FORCE" : "NSMSG_UNREGISTER_CANNOT_FORCE"), hi->handle); return 0; } - snprintf(reason, sizeof(reason), "%s unregistered account %s.", user->handle_info->handle, hi->handle); global_message(MESSAGE_RECIPIENT_STAFF, reason); - if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) return 1; else @@ -3715,78 +3942,6 @@ static NICKSERV_FUNC(cmd_vacation) return 1; } -static NICKSERV_FUNC(cmd_addnote) -{ - struct handle_info *hi; - unsigned long duration; - char text[MAXLEN]; - unsigned int id; - struct handle_note *prev; - struct handle_note *note; - - /* Parse parameters and figure out values for note's fields. */ - NICKSERV_MIN_PARMS(4); - hi = get_victim_oper(cmd, user, argv[1]); - if (!hi) - return 0; - if(!strcmp(argv[2], "0")) - duration = 0; - else if(!(duration = ParseInterval(argv[2]))) - { - reply("MSG_INVALID_DURATION", argv[2]); - return 0; - } - if (duration > 2*365*86400) { - reply("NSMSG_EXCESSIVE_DURATION", argv[2]); - return 0; - } - unsplit_string(argv + 3, argc - 3, text); - WALK_NOTES(hi, prev, note) {} - id = prev ? (prev->id + 1) : 1; - - /* Create the new note structure. */ - note = calloc(1, sizeof(*note) + strlen(text)); - note->next = NULL; - note->expires = duration ? (now + duration) : 0; - note->set = now; - note->id = id; - safestrncpy(note->setter, user->handle_info->handle, sizeof(note->setter)); - strcpy(note->note, text); - if (prev) - prev->next = note; - else - hi->notes = note; - reply("NSMSG_NOTE_ADDED", id, hi->handle); - return 1; -} - -static NICKSERV_FUNC(cmd_delnote) -{ - struct handle_info *hi; - struct handle_note *prev; - struct handle_note *note; - int id; - - NICKSERV_MIN_PARMS(3); - hi = get_victim_oper(cmd, user, argv[1]); - if (!hi) - return 0; - id = strtoul(argv[2], NULL, 10); - WALK_NOTES(hi, prev, note) { - if (id == note->id) { - if (prev) - prev->next = note->next; - else - hi->notes = note->next; - free(note); - reply("NSMSG_NOTE_REMOVED", id, hi->handle); - return 1; - } - } - reply("NSMSG_NO_SUCH_NOTE", hi->handle, id); - return 0; -} - static int nickserv_saxdb_write(struct saxdb_context *ctx) { dict_iterator_t it; @@ -3796,6 +3951,11 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { for (it = dict_first(nickserv_handle_dict); it; it = iter_next(it)) { hi = iter_data(it); saxdb_start_record(ctx, iter_key(it), 0); + if (hi->announcements != '?') { + flags[0] = hi->announcements; + flags[1] = 0; + saxdb_write_string(ctx, KEY_ANNOUNCEMENTS, flags); + } if (hi->cookie) { struct handle_cookie *cookie = hi->cookie; char *type; @@ -3817,25 +3977,17 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { saxdb_end_record(ctx); } } - if (hi->notes) { - struct handle_note *prev, *note; - saxdb_start_record(ctx, KEY_NOTES, 0); - WALK_NOTES(hi, prev, note) { - snprintf(flags, sizeof(flags), "%d", note->id); - saxdb_start_record(ctx, flags, 0); - if (note->expires) - saxdb_write_int(ctx, KEY_NOTE_EXPIRES, note->expires); - saxdb_write_int(ctx, KEY_NOTE_SET, note->set); - saxdb_write_string(ctx, KEY_NOTE_SETTER, note->setter); - saxdb_write_string(ctx, KEY_NOTE_NOTE, note->note); - saxdb_end_record(ctx); - } - saxdb_end_record(ctx); - } if (hi->email_addr) saxdb_write_string(ctx, KEY_EMAIL_ADDR, hi->email_addr); if (hi->epithet) saxdb_write_string(ctx, KEY_EPITHET, hi->epithet); + if (hi->note) { + saxdb_start_record(ctx, KEY_NOTE_NOTE, 0); + saxdb_write_string(ctx, KEY_NOTE_SETTER, hi->note->setter); + saxdb_write_int(ctx, KEY_NOTE_DATE, hi->note->date); + saxdb_write_string(ctx, KEY_NOTE_NOTE, hi->note->note); + saxdb_end_record(ctx); + } if (hi->fakehost) saxdb_write_string(ctx, KEY_FAKEHOST, hi->fakehost); @@ -3857,6 +4009,8 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { saxdb_write_sint(ctx, KEY_KARMA, hi->karma); if (hi->masks->used) saxdb_write_string_list(ctx, KEY_MASKS, hi->masks); + if (hi->sslfps->used) + saxdb_write_string_list(ctx, KEY_SSLFPS, hi->sslfps); if (hi->ignores->used) saxdb_write_string_list(ctx, KEY_IGNORES, hi->ignores); if (hi->maxlogins) @@ -3891,21 +4045,25 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { } static handle_merge_func_t *handle_merge_func_list; +static void **handle_merge_func_list_extra; static unsigned int handle_merge_func_size = 0, handle_merge_func_used = 0; void -reg_handle_merge_func(handle_merge_func_t func) +reg_handle_merge_func(handle_merge_func_t func, void *extra) { if (handle_merge_func_used == handle_merge_func_size) { if (handle_merge_func_size) { handle_merge_func_size <<= 1; handle_merge_func_list = realloc(handle_merge_func_list, handle_merge_func_size*sizeof(handle_merge_func_t)); + handle_merge_func_list_extra = realloc(handle_merge_func_list_extra, handle_merge_func_size*sizeof(void*)); } else { handle_merge_func_size = 8; handle_merge_func_list = malloc(handle_merge_func_size*sizeof(handle_merge_func_t)); + handle_merge_func_list_extra = malloc(handle_merge_func_size*sizeof(void*)); } } - handle_merge_func_list[handle_merge_func_used++] = func; + handle_merge_func_list[handle_merge_func_used] = func; + handle_merge_func_list_extra[handle_merge_func_used++] = extra; } static NICKSERV_FUNC(cmd_merge) @@ -3917,9 +4075,9 @@ static NICKSERV_FUNC(cmd_merge) NICKSERV_MIN_PARMS(3); - if (!(hi_from = get_victim_oper(cmd, user, argv[1]))) + if (!(hi_from = get_victim_oper(user, argv[1]))) return 0; - if (!(hi_to = get_victim_oper(cmd, user, argv[2]))) + if (!(hi_to = get_victim_oper(user, argv[2]))) return 0; if (hi_to == hi_from) { reply("NSMSG_CANNOT_MERGE_SELF", hi_to->handle); @@ -3927,7 +4085,7 @@ static NICKSERV_FUNC(cmd_merge) } for (n=0; nnicks) { @@ -3950,6 +4108,16 @@ static NICKSERV_FUNC(cmd_merge) string_list_append(hi_to->masks, strdup(mask)); } + /* Merge the SSL fingerprints. */ + for (ii=0; iisslfps->used; ii++) { + char *sslfp = hi_from->sslfps->list[ii]; + for (jj=0; jjsslfps->used; jj++) + if (!irccasecmp(hi_to->sslfps->list[jj], sslfp)) + break; + if (jj==hi_to->sslfps->used) /* Nothing from the "to" handle covered this sslfp, so add it. */ + string_list_append(hi_to->sslfps, strdup(sslfp)); + } + /* Merge the ignores. */ for (ii=0; iiignores->used; ii++) { char *ignore = hi_from->ignores->list[ii]; @@ -4050,7 +4218,6 @@ struct nickserv_discrim { enum { SUBSET, EXACT, SUPERSET, LASTQUIT } hostmask_type; const char *nickmask; const char *hostmask; - const char *fakehostmask; const char *handlemask; const char *emailmask; #ifdef WITH_LDAP @@ -4150,12 +4317,6 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim->hostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "fakehost")) { - if (!irccasecmp(argv[++i], "*")) { - discrim->fakehostmask = 0; - } else { - discrim->fakehostmask = argv[i]; - } } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; @@ -4191,19 +4352,6 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } -#ifdef WITH_LDAP - } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { - i++; - if(true_string(argv[i])) { - discrim->inldap = 1; - } - else if (false_string(argv[i])) { - discrim->inldap = 0; - } - else { - reply("MSG_INVALID_BINARY", argv[i]); - } -#endif } else if (!irccasecmp(argv[i], "karma")) { const char *cmp = argv[++i]; if (cmp[0] == '<') { @@ -4221,8 +4369,21 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim->min_karma = strtoul(cmp+1, NULL, 0) + 1; } } else { - reply("MSG_INVALID_CRITERIA", cmp); + send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp); } +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; @@ -4243,7 +4404,6 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) || (discrim->max_registered < hi->registered) || (discrim->lastseen < (hi->users?now:hi->lastseen)) || (discrim->handlemask && !match_ircglob(hi->handle, discrim->handlemask)) - || (discrim->fakehostmask && (!hi->fakehost || !match_ircglob(hi->fakehost, discrim->fakehostmask))) || (discrim->emailmask && (!hi->email_addr || !match_ircglob(hi->email_addr, discrim->emailmask))) || (discrim->min_level > hi->opserv_level) || (discrim->max_level < hi->opserv_level) @@ -4325,10 +4485,10 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +#ifdef WITH_LDAP static void search_add2ldap_func (struct userNode *source, struct handle_info *match) { -#ifdef WITH_LDAP int rc; if(match->email_addr && match->passwd && match->handle) { rc = ldap_do_add(match->handle, match->passwd, match->email_addr); @@ -4336,8 +4496,8 @@ search_add2ldap_func (struct userNode *source, struct handle_info *match) send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); } } -#endif } +#endif static int nickserv_sort_accounts_by_access(const void *a, const void *b) @@ -4452,17 +4612,36 @@ static MODCMD_FUNC(cmd_checkpass) return 1; } +static MODCMD_FUNC(cmd_checkemail) +{ + struct handle_info *hi; + + NICKSERV_MIN_PARMS(3); + if (!(hi = modcmd_get_handle_info(user, argv[1]))) { + return 0; + } + if (!hi->email_addr) + reply("CHECKEMAIL_NOT_SET"); + else if (!irccasecmp(argv[2], hi->email_addr)) + reply("CHECKEMAIL_YES"); + else + reply("CHECKEMAIL_NO"); + return 1; +} + static void nickserv_db_read_handle(char *handle, dict_t obj) { const char *str; - struct string_list *masks, *slist, *ignores; + struct string_list *masks, *sslfps, *slist, *ignores; struct handle_info *hi; struct userNode *authed_users; - struct userData *channels; + struct userData *channel_list; unsigned long int id; unsigned int ii; dict_t subdb; + char *setter, *note; + time_t date; str = database_get_data(obj, KEY_ID, RECDB_QSTRING); id = str ? strtoul(str, NULL, 0) : 0; @@ -4473,13 +4652,13 @@ nickserv_db_read_handle(char *handle, dict_t obj) } if ((hi = get_handle_info(handle))) { authed_users = hi->users; - channels = hi->channels; + channel_list = hi->channels; hi->users = NULL; hi->channels = NULL; dict_remove(nickserv_handle_dict, hi->handle); } else { authed_users = NULL; - channels = NULL; + channel_list = NULL; } if(nickserv_conf.force_handles_lowercase) irc_strtolower(handle); @@ -4491,9 +4670,11 @@ nickserv_db_read_handle(char *handle, dict_t obj) authed_users = authed_users->next_authed; } } - hi->channels = channels; + hi->channels = channel_list; masks = database_get_data(obj, KEY_MASKS, RECDB_STRING_LIST); hi->masks = masks ? string_list_copy(masks) : alloc_string_list(1); + sslfps = database_get_data(obj, KEY_SSLFPS, RECDB_STRING_LIST); + hi->sslfps = sslfps ? string_list_copy(sslfps) : alloc_string_list(1); ignores = database_get_data(obj, KEY_IGNORES, RECDB_STRING_LIST); hi->ignores = ignores ? string_list_copy(ignores) : alloc_string_list(1); str = database_get_data(obj, KEY_MAXLOGINS, RECDB_QSTRING); @@ -4525,6 +4706,8 @@ nickserv_db_read_handle(char *handle, dict_t obj) } str = database_get_data(obj, KEY_USERLIST_STYLE, RECDB_QSTRING); hi->userlist_style = str ? str[0] : HI_DEFAULT_STYLE; + str = database_get_data(obj, KEY_ANNOUNCEMENTS, RECDB_QSTRING); + hi->announcements = str ? str[0] : '?'; str = database_get_data(obj, KEY_SCREEN_WIDTH, RECDB_QSTRING); hi->screen_width = str ? strtoul(str, NULL, 0) : 0; str = database_get_data(obj, KEY_TABLE_WIDTH, RECDB_QSTRING); @@ -4540,6 +4723,18 @@ nickserv_db_read_handle(char *handle, dict_t obj) str = database_get_data(obj, KEY_EPITHET, RECDB_QSTRING); if (str) hi->epithet = strdup(str); + subdb = database_get_data(obj, KEY_NOTE_NOTE, RECDB_OBJECT); + if (subdb) { + setter = database_get_data(subdb, KEY_NOTE_SETTER, RECDB_QSTRING); + str = database_get_data(subdb, KEY_NOTE_DATE, RECDB_QSTRING); + date = str ? (time_t)strtoul(str, NULL, 0) : now; + note = database_get_data(subdb, KEY_NOTE_NOTE, RECDB_QSTRING); + if (setter && date && note) + { + if (!(hi->note = nickserv_add_note(setter, date, note))) + hi->note = NULL; + } + } str = database_get_data(obj, KEY_FAKEHOST, RECDB_QSTRING); if (str) @@ -4584,50 +4779,6 @@ nickserv_db_read_handle(char *handle, dict_t obj) else nickserv_free_cookie(cookie); } - /* Read the "notes" sub-database (if it exists). */ - subdb = database_get_data(obj, KEY_NOTES, RECDB_OBJECT); - if (subdb) { - dict_iterator_t it; - struct handle_note *last_note; - struct handle_note *note; - - last_note = NULL; - for (it = dict_first(subdb); it; it = iter_next(it)) { - const char *expires; - const char *setter; - const char *text; - const char *set; - const char *id; - dict_t notedb; - - id = iter_key(it); - notedb = GET_RECORD_OBJECT((struct record_data*)iter_data(it)); - if (!notedb) { - log_module(NS_LOG, LOG_ERROR, "Malformed note %s for account %s; ignoring note.", id, hi->handle); - continue; - } - expires = database_get_data(notedb, KEY_NOTE_EXPIRES, RECDB_QSTRING); - setter = database_get_data(notedb, KEY_NOTE_SETTER, RECDB_QSTRING); - text = database_get_data(notedb, KEY_NOTE_NOTE, RECDB_QSTRING); - set = database_get_data(notedb, KEY_NOTE_SET, RECDB_QSTRING); - if (!setter || !text || !set) { - log_module(NS_LOG, LOG_ERROR, "Missing field(s) from note %s for account %s; ignoring note.", id, hi->handle); - continue; - } - note = calloc(1, sizeof(*note) + strlen(text)); - note->next = NULL; - note->expires = expires ? strtoul(expires, NULL, 10) : 0; - note->set = strtoul(set, NULL, 10); - note->id = strtoul(id, NULL, 10); - safestrncpy(note->setter, setter, sizeof(note->setter)); - strcpy(note->note, text); - if (last_note) - last_note->next = note; - else - hi->notes = note; - last_note = note; - } - } } static int @@ -4705,8 +4856,7 @@ nickserv_load_dict(const char *fname) log_module(NS_LOG, LOG_ERROR, "Unable to open dictionary file %s: %s", fname, strerror(errno)); return; } - while (!feof(file)) { - fgets(line, sizeof(line), file); + while (fgets(line, sizeof(line), file)) { if (!line[0]) continue; if (line[strlen(line)-1] == '\n') @@ -4818,7 +4968,6 @@ nickserv_conf_read(void) str = database_get_data(conf_node, "default_maxlogins", RECDB_QSTRING); nickserv_conf.default_maxlogins = str ? strtoul(str, NULL, 0) : 2; str = database_get_data(conf_node, "hard_maxlogins", RECDB_QSTRING); - nickserv_conf.hard_maxlogins = str ? strtoul(str, NULL, 0) : 10; str = database_get_data(conf_node, KEY_OUNREGISTER_INACTIVE, RECDB_QSTRING); nickserv_conf.ounregister_inactive = str ? ParseInterval(str) : 86400*28; str = database_get_data(conf_node, KEY_OUNREGISTER_FLAGS, RECDB_QSTRING); @@ -4831,6 +4980,7 @@ nickserv_conf_read(void) if(pos) nickserv_conf.ounregister_flags |= 1 << (pos - 1); } + nickserv_conf.hard_maxlogins = str ? strtoul(str, NULL, 0) : 10; if (!nickserv_conf.disable_nicks) { str = database_get_data(conf_node, "reclaim_action", RECDB_QSTRING); nickserv_conf.reclaim_action = str ? reclaim_action_from_string(str) : RECLAIM_NONE; @@ -4912,6 +5062,12 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_AUTO_ADMIN, RECDB_QSTRING); nickserv_conf.auto_admin = str ? str : ""; + str = database_get_data(conf_node, KEY_AUTO_OPER_PRIVS, RECDB_QSTRING); + nickserv_conf.auto_oper_privs = str ? str : ""; + + str = database_get_data(conf_node, KEY_AUTO_ADMIN_PRIVS, RECDB_QSTRING); + nickserv_conf.auto_admin_privs = str ? str : ""; + str = conf_get_data("server/network", RECDB_QSTRING); nickserv_conf.network_name = str ? str : "some IRC network"; if (!nickserv_conf.auth_policer_params) { @@ -4972,9 +5128,15 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING); nickserv_conf.ldap_field_email = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_FIELD_OSLEVEL, RECDB_QSTRING); + nickserv_conf.ldap_field_oslevel = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : ""; @@ -5005,6 +5167,7 @@ nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_actio break; case RECLAIM_WARN: send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle); + send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle); break; case RECLAIM_SVSNICK: do { @@ -5028,7 +5191,7 @@ nickserv_reclaim_p(void *data) { } static int -check_user_nick(struct userNode *user) { +check_user_nick(struct userNode *user, UNUSED_ARG(void *extra)) { struct nick_info *ni; user->modes &= ~FLAGS_REGNICK; if (!(ni = get_nick_info(user->nick))) @@ -5040,19 +5203,15 @@ check_user_nick(struct userNode *user) { } if (nickserv_conf.warn_nick_owned) send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle); + send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle); if (nickserv_conf.auto_reclaim_action == RECLAIM_NONE) return 0; if (nickserv_conf.auto_reclaim_delay) timeq_add(now + nickserv_conf.auto_reclaim_delay, nickserv_reclaim_p, user); else nickserv_reclaim(user, ni, nickserv_conf.auto_reclaim_action); - return 0; -} -int -handle_new_user(struct userNode *user) -{ - return check_user_nick(user); + return 0; } void @@ -5073,7 +5232,8 @@ handle_account(struct userNode *user, const char *stamp) hi = dict_find(nickserv_handle_dict, stamp, NULL); if(hi && timestamp && hi->registered != timestamp) { - log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp), +ctime(&hi->registered)); return; } #else @@ -5092,7 +5252,7 @@ handle_account(struct userNode *user, const char *stamp) } void -handle_nick_change(struct userNode *user, const char *old_nick) +handle_nick_change(struct userNode *user, const char *old_nick, UNUSED_ARG(void *extra)) { struct handle_info *hi; @@ -5101,11 +5261,11 @@ handle_nick_change(struct userNode *user, const char *old_nick) dict_insert(nickserv_allow_auth_dict, user->nick, hi); } timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN); - check_user_nick(user); + check_user_nick(user, NULL); } void -nickserv_remove_user(struct userNode *user, UNUSED_ARG(struct userNode *killer), UNUSED_ARG(const char *why)) +nickserv_remove_user(struct userNode *user, UNUSED_ARG(struct userNode *killer), UNUSED_ARG(const char *why), UNUSED_ARG(void *extra)) { dict_remove(nickserv_allow_auth_dict, user->nick); timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN); @@ -5139,9 +5299,9 @@ nickserv_define_func(const char *name, modcmd_func_t func, int min_level, int mu } static void -nickserv_db_cleanup(void) +nickserv_db_cleanup(UNUSED_ARG(void* extra)) { - unreg_del_user_func(nickserv_remove_user); + unreg_del_user_func(nickserv_remove_user, NULL); userList_clean(&curr_helpers); policer_params_delete(nickserv_conf.auth_policer_params); dict_delete(nickserv_handle_dict); @@ -5152,27 +5312,51 @@ nickserv_db_cleanup(void) dict_delete(nickserv_id_dict); dict_delete(nickserv_conf.weak_password_dict); free(auth_func_list); + free(auth_func_list_extra); free(unreg_func_list); + free(unreg_func_list_extra); free(rf_list); + free(rf_list_extra); free(allowauth_func_list); + free(allowauth_func_list_extra); free(handle_merge_func_list); + free(handle_merge_func_list_extra); free(failpw_func_list); + free(failpw_func_list_extra); if (nickserv_conf.valid_handle_regex_set) regfree(&nickserv_conf.valid_handle_regex); if (nickserv_conf.valid_nick_regex_set) regfree(&nickserv_conf.valid_nick_regex); } +void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle), UNUSED_ARG(void *extra)) { + if (!*nickserv_conf.auto_oper || !user->handle_info) + return; + + if (!IsOper(user)) { + if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) { + irc_umode(user, nickserv_conf.auto_admin); + irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator", + user->nick, user->ident, user->hostname); + } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) { + irc_umode(user, nickserv_conf.auto_oper); + irc_sno(0x1, "%s (%s@%s) is now an IRC Operator", + user->nick, user->ident, user->hostname); + } + } +} + void init_nickserv(const char *nick) { struct chanNode *chan; unsigned int i; NS_LOG = log_register_type("NickServ", "file:nickserv.log"); - reg_new_user_func(handle_new_user); - reg_nick_change_func(handle_nick_change); - reg_del_user_func(nickserv_remove_user); + reg_new_user_func(check_user_nick, NULL); + reg_nick_change_func(handle_nick_change, NULL); + reg_del_user_func(nickserv_remove_user, NULL); reg_account_func(handle_account); + reg_auth_func(handle_loc_auth_oper, NULL); /* set up handle_inverse_flags */ memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags)); @@ -5203,6 +5387,10 @@ init_nickserv(const char *nick) nickserv_define_func("OADDMASK", cmd_oaddmask, 0, 1, 0); nickserv_define_func("DELMASK", cmd_delmask, -1, 1, 0); nickserv_define_func("ODELMASK", cmd_odelmask, 0, 1, 0); + nickserv_define_func("ADDSSLFP", cmd_addsslfp, -1, 1, 0); + nickserv_define_func("OADDSSLFP", cmd_oaddsslfp, 0, 1, 0); + nickserv_define_func("DELSSLFP", cmd_delsslfp, -1, 1, 0); + nickserv_define_func("ODELSSLFP", cmd_odelsslfp, 0, 1, 0); nickserv_define_func("PASS", cmd_pass, -1, 1, 0); nickserv_define_func("SET", cmd_set, -1, 1, 0); nickserv_define_func("OSET", cmd_oset, 0, 1, 0); @@ -5211,9 +5399,6 @@ init_nickserv(const char *nick) nickserv_define_func("RENAME", cmd_rename_handle, -1, 1, 0); nickserv_define_func("VACATION", cmd_vacation, -1, 1, 0); nickserv_define_func("MERGE", cmd_merge, 750, 1, 0); - nickserv_define_func("ADDNOTE", cmd_addnote, 0, 1, 0); - nickserv_define_func("DELNOTE", cmd_delnote, 0, 1, 0); - nickserv_define_func("NOTES", cmd_notes, 0, 1, 0); if (!nickserv_conf.disable_nicks) { /* nick management commands */ nickserv_define_func("REGNICK", cmd_regnick, -1, 1, 0); @@ -5243,6 +5428,7 @@ init_nickserv(const char *nick) nickserv_define_func("SEARCH UNREGISTER", NULL, 800, 1, 0); nickserv_define_func("MERGEDB", cmd_mergedb, 999, 1, 0); nickserv_define_func("CHECKPASS", cmd_checkpass, 601, 1, 0); + nickserv_define_func("CHECKEMAIL", cmd_checkemail, 0, 1, 0); /* other options */ dict_insert(nickserv_opt_dict, "INFO", opt_info); dict_insert(nickserv_opt_dict, "WIDTH", opt_width); @@ -5257,15 +5443,16 @@ init_nickserv(const char *nick) dict_insert(nickserv_opt_dict, "ACCESS", opt_level); dict_insert(nickserv_opt_dict, "LEVEL", opt_level); dict_insert(nickserv_opt_dict, "EPITHET", opt_epithet); + dict_insert(nickserv_opt_dict, "NOTE", opt_note); if (nickserv_conf.titlehost_suffix) { dict_insert(nickserv_opt_dict, "TITLE", opt_title); dict_insert(nickserv_opt_dict, "FAKEHOST", opt_fakehost); } + dict_insert(nickserv_opt_dict, "ANNOUNCEMENTS", opt_announcements); dict_insert(nickserv_opt_dict, "MAXLOGINS", opt_maxlogins); dict_insert(nickserv_opt_dict, "ADVANCED", opt_advanced); dict_insert(nickserv_opt_dict, "LANGUAGE", opt_language); dict_insert(nickserv_opt_dict, "KARMA", opt_karma); - nickserv_define_func("OSET KARMA", NULL, 0, 1, 0); nickserv_handle_dict = dict_new(); dict_set_free_keys(nickserv_handle_dict, free); @@ -5287,7 +5474,7 @@ init_nickserv(const char *nick) nickserv_service = service_register(nickserv); } saxdb_register("NickServ", nickserv_saxdb_read, nickserv_saxdb_write); - reg_exit_func(nickserv_db_cleanup); + reg_exit_func(nickserv_db_cleanup, NULL); if(nickserv_conf.handle_expire_frequency) timeq_add(now + nickserv_conf.handle_expire_frequency, expire_handles, NULL);