X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/2fa83595ce1f9c3137e093e50590c5485817c54b..c3915bdcd99a53975f47c56063602f0891999ce5:/src/nickserv.c?ds=sidebyside diff --git a/src/nickserv.c b/src/nickserv.c index 1809e8c..30ead1e 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -2033,88 +2033,94 @@ reg_failpw_func(failpw_func_t func, void *extra) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password, char *userhost) +struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *userhost) { - int pw_arg, used, maxlogins; + int wildmask = 0, auth = 0; + int used, maxlogins; unsigned int ii; - int wildmask = 0; struct handle_info *hi; struct userNode *other; #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; #endif - + hi = dict_find(nickserv_handle_dict, handle, NULL); - pw_arg = 2; - + #ifdef WITH_LDAP - if(nickserv_conf.ldap_enable) { + if (nickserv_conf.ldap_enable) { ldap_result = ldap_check_auth(handle, password); - if(ldap_result != LDAP_SUCCESS) { - return NULL; + if (!hi && (ldap_result != LDAP_SUCCESS)) + return NULL; + if (ldap_result == LDAP_SUCCESS) { + /* Mark auth as successful */ + auth++; + } + + if (!hi && (ldap_result == LDAP_SUCCESS) && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + int rc; + + /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + return NULL; /* They dont have a *@* mask so they can't loc */ + + if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { + return 0; /* couldn't add the user for some reason */ + } + + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); } } -#else - if (!hi) { - return NULL; - } +#endif - if (!checkpass(password, hi->passwd)) { + /* hi should now be a valid handle, if not return NULL */ + if (!hi) return NULL; - } -#endif + #ifdef WITH_LDAP - /* ldap libs are present but we are not using them... */ - if( !nickserv_conf.ldap_enable ) { - if (!hi) { - return NULL; - } - if (!checkpass(password, hi->passwd)) { - return NULL; - } + if (password && *password && !nickserv_conf.ldap_enable) { +#else + if (password && *password) { +#endif + if (checkpass(password, hi->passwd)) + auth++; } - else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { - /* user not found, but authed to ldap successfully.. - * create the account. - */ - char *mask; - int rc; - - /* Add a *@* mask */ - /* TODO if userhost is not null, build mask based on that. */ - if(nickserv_conf.default_hostmask) - mask = "*@*"; - else - return NULL; /* They dont have a *@* mask so they can't loc */ - - if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { - return 0; /* couldn't add the user for some reason */ - } - - if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) - { - if(nickserv_conf.email_required) { - return 0; + + if (!auth && sslfp && *sslfp && hi->sslfps->used) { + /* If any SSL fingerprint matches, allow it. */ + for (ii=0; iisslfps->used; ii++) { + if (!irccasecmp(sslfp, hi->sslfps->list[ii])) { + auth++; + break; } - } - if(email) { - nickserv_set_email_addr(hi, email); - free(email); - } - if(mask) { - char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); - string_list_append(hi->masks, mask_canonicalized); - } - if(nickserv_conf.sync_log) - SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); + } } -#endif - - /* Still no account, so just fail out */ - if (!hi) { + + /* Auth should have succeeded by this point */ + if (!auth) return NULL; - } /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your @@ -2142,7 +2148,7 @@ struct handle_info *loc_auth(char *handle, char *password, char *userhost) ui = malloc(strlen(userhost)); sprintf(uh, "%s@%s", ident, realhost); sprintf(ui, "%s@%s", ident, ip); - for (ii=0; iimasks->used; ii++) + for (ii=0; iimasks->used; ii++) { if(match_ircglob(uh, hi->masks->list[ii]) || match_ircglob(ui, hi->masks->list[ii])) @@ -2185,8 +2191,6 @@ struct handle_info *loc_auth(char *handle, char *password, char *userhost) static NICKSERV_FUNC(cmd_auth) { - char *privv[MAXNUMPARAMS]; - int privc, i; int pw_arg, used, maxlogins; struct handle_info *hi; const char *passwd; @@ -2383,37 +2387,6 @@ static NICKSERV_FUNC(cmd_auth) if(HANDLE_FLAGGED(hi, AUTOHIDE)) irc_umode(user, "+x"); - if(!IsOper(user)) /* If they arnt already opered.. */ - { - /* Auto Oper users with Opserv access -Life4Christ 8-10-2005 */ - if( nickserv_conf.auto_admin[0] && hi->opserv_level >= opserv_conf_admin_level()) - { - if (nickserv_conf.auto_admin_privs[0]) { - irc_raw_privs(user, nickserv_conf.auto_admin_privs); - privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv); - for (i = 0; i < privc; i++) { - client_modify_priv_by_name(user, privv[i], 1); - } - } - irc_umode(user,nickserv_conf.auto_admin); - reply("NSMSG_AUTO_OPER_ADMIN"); - } - else if (nickserv_conf.auto_oper[0] && hi->opserv_level > 0) - { - if (nickserv_conf.auto_oper_privs[0]) { - irc_raw_privs(user, nickserv_conf.auto_oper_privs); - privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv); - for (i = 0; i < privc; i++) { - client_modify_priv_by_name(user, privv[i], 1); - } - } - irc_umode(user,nickserv_conf.auto_oper); - reply("NSMSG_AUTO_OPER"); - } - } - - /* Wipe out the pass for the logs */ - if (!hi->masks->used) { irc_in_addr_t ip; string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); @@ -2421,6 +2394,7 @@ static NICKSERV_FUNC(cmd_auth) string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); } + /* Wipe out the pass for the logs */ argv[pw_arg] = "****"; return 1; } @@ -4102,6 +4076,16 @@ static NICKSERV_FUNC(cmd_merge) string_list_append(hi_to->masks, strdup(mask)); } + /* Merge the SSL fingerprints. */ + for (ii=0; iisslfps->used; ii++) { + char *sslfp = hi_from->sslfps->list[ii]; + for (jj=0; jjsslfps->used; jj++) + if (!irccasecmp(hi_to->sslfps->list[jj], sslfp)) + break; + if (jj==hi_to->sslfps->used) /* Nothing from the "to" handle covered this sslfp, so add it. */ + string_list_append(hi_to->sslfps, strdup(sslfp)); + } + /* Merge the ignores. */ for (ii=0; iiignores->used; ii++) { char *ignore = hi_from->ignores->list[ii]; @@ -5314,18 +5298,37 @@ nickserv_db_cleanup(UNUSED_ARG(void* extra)) } void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle), UNUSED_ARG(void *extra)) { + char *privv[MAXNUMPARAMS]; + int privc, i; + if (!*nickserv_conf.auto_oper || !user->handle_info) return; if (!IsOper(user)) { if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) { + if (nickserv_conf.auto_admin_privs[0]) { + irc_raw_privs(user, nickserv_conf.auto_admin_privs); + privc = split_line(strdup(nickserv_conf.auto_admin_privs), false, MAXNUMPARAMS, privv); + for (i = 0; i < privc; i++) { + client_modify_priv_by_name(user, privv[i], 1); + } + } irc_umode(user, nickserv_conf.auto_admin); irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator", user->nick, user->ident, user->hostname); + send_message(user, nickserv, "NSMSG_AUTO_OPER_ADMIN"); } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) { + if (nickserv_conf.auto_oper_privs[0]) { + irc_raw_privs(user, nickserv_conf.auto_oper_privs); + privc = split_line(strdup(nickserv_conf.auto_oper_privs), false, MAXNUMPARAMS, privv); + for (i = 0; i < privc; i++) { + client_modify_priv_by_name(user, privv[i], 1); + } + } irc_umode(user, nickserv_conf.auto_oper); irc_sno(0x1, "%s (%s@%s) is now an IRC Operator", user->nick, user->ident, user->hostname); + send_message(user, nickserv, "NSMSG_AUTO_OPER"); } } }