X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/87677bd8129c49fd621f8fa2c00687c6e6a29a2f..ef5e03051fd86d66844d61f3fcc1c7a82957826a:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index fb420ef..7939a3d 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -128,6 +128,7 @@ #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" #define KEY_LDAP_TIMEOUT "ldap_timeout" #endif @@ -1062,10 +1063,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { if(user) - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1111,8 +1112,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha } else { if(user) { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if (is_registerable_nick(user->nick)) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } } if (settee && (user != settee)) { @@ -1204,6 +1207,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ else fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); + first_time = 0; break; case EMAIL_CHANGE: misc = hi->email_addr; @@ -1218,6 +1222,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ sendmail(nickserv, hi, subject, body, 1); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr); + first_time = 1; } else { #endif send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1"); @@ -1874,9 +1879,9 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } #ifdef WITH_LDAP @@ -1934,7 +1939,7 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; @@ -1944,7 +1949,6 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1957,14 +1961,26 @@ struct handle_info *loc_auth(char *handle, char *password) return NULL; } } -// else #else + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { return NULL; } #endif #ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ @@ -1972,6 +1988,7 @@ struct handle_info *loc_auth(char *handle, char *password) int rc; /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ if(nickserv_conf.default_hostmask) mask = "*@*"; else @@ -2008,14 +2025,52 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2089,7 +2144,7 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; - } else if (argc == 2) { + } else if (argc == 2 && !nickserv_conf.ldap_enable) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { reply("NSMSG_HANDLE_NOT_FOUND"); @@ -2164,7 +2219,7 @@ static NICKSERV_FUNC(cmd_auth) } #ifdef WITH_LDAP if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) { + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { #else if (!checkpass(passwd, hi->passwd)) { #endif @@ -3059,7 +3114,7 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3213,9 +3268,9 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i return 0; } #ifdef WITH_LDAP - if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { + if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); @@ -4032,6 +4087,7 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } +#ifdef WITH_LDAP } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { i++; if(true_string(argv[i])) { @@ -4043,6 +4099,7 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int else { reply("MSG_INVALID_BINARY", argv[i]); } +#endif } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; @@ -4141,10 +4198,10 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +#ifdef WITH_LDAP static void search_add2ldap_func (struct userNode *source, struct handle_info *match) { -#ifdef WITH_LDAP int rc; if(match->email_addr && match->passwd && match->handle) { rc = ldap_do_add(match->handle, match->passwd, match->email_addr); @@ -4152,8 +4209,8 @@ search_add2ldap_func (struct userNode *source, struct handle_info *match) send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); } } -#endif } +#endif static int nickserv_sort_accounts_by_access(const void *a, const void *b) @@ -4749,6 +4806,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : ""; @@ -4847,7 +4907,8 @@ handle_account(struct userNode *user, const char *stamp) hi = dict_find(nickserv_handle_dict, stamp, NULL); if(hi && timestamp && hi->registered != timestamp) { - log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp), +ctime(&hi->registered)); return; } #else @@ -4937,6 +4998,23 @@ nickserv_db_cleanup(void) regfree(&nickserv_conf.valid_nick_regex); } +void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle)) { + if (!*nickserv_conf.auto_oper || !user->handle_info) + return; + + if (!IsOper(user)) { + if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) { + irc_umode(user, nickserv_conf.auto_admin); + irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator", + user->nick, user->ident, user->hostname); + } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) { + irc_umode(user, nickserv_conf.auto_oper); + irc_sno(0x1, "%s (%s@%s) is now an IRC Operator", + user->nick, user->ident, user->hostname); + } + } +} + void init_nickserv(const char *nick) { @@ -4947,6 +5025,7 @@ init_nickserv(const char *nick) reg_nick_change_func(handle_nick_change); reg_del_user_func(nickserv_remove_user); reg_account_func(handle_account); + reg_auth_func(handle_loc_auth_oper); /* set up handle_inverse_flags */ memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags));