X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/964a842d8f29eb5767e64d2028a36cc40ccec911..06742a38f2b752d776bb3e35dc7d1f5061de9ceb:/src/nickserv.c?ds=sidebyside diff --git a/src/nickserv.c b/src/nickserv.c index 2acd16e..dad3b87 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -128,6 +128,7 @@ #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" #define KEY_LDAP_TIMEOUT "ldap_timeout" #endif @@ -1111,8 +1112,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha } else { if(user) { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if (is_registerable_nick(user->nick)) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } } if (settee && (user != settee)) { @@ -1204,6 +1207,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ else fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); + first_time = 0; break; case EMAIL_CHANGE: misc = hi->email_addr; @@ -1218,6 +1222,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ sendmail(nickserv, hi, subject, body, 1); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr); + first_time = 1; } else { #endif send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1"); @@ -1934,7 +1939,7 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; @@ -1944,7 +1949,6 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1957,7 +1961,6 @@ struct handle_info *loc_auth(char *handle, char *password) return NULL; } } -// else #else if (!hi) { return NULL; @@ -1968,7 +1971,16 @@ struct handle_info *loc_auth(char *handle, char *password) } #endif #ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ @@ -1976,6 +1988,7 @@ struct handle_info *loc_auth(char *handle, char *password) int rc; /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ if(nickserv_conf.default_hostmask) mask = "*@*"; else @@ -2012,14 +2025,52 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2093,7 +2144,6 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; -#ifndef WITH_LDAP } else if (argc == 2 && !nickserv_conf.ldap_enable) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { @@ -2112,7 +2162,6 @@ static NICKSERV_FUNC(cmd_auth) hi = ni->owner; } pw_arg = 1; -#endif } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); @@ -3065,7 +3114,7 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3221,7 +3270,7 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); @@ -4149,10 +4198,10 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +#ifdef WITH_LDAP static void search_add2ldap_func (struct userNode *source, struct handle_info *match) { -#ifdef WITH_LDAP int rc; if(match->email_addr && match->passwd && match->handle) { rc = ldap_do_add(match->handle, match->passwd, match->email_addr); @@ -4160,8 +4209,8 @@ search_add2ldap_func (struct userNode *source, struct handle_info *match) send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); } } -#endif } +#endif static int nickserv_sort_accounts_by_access(const void *a, const void *b) @@ -4757,6 +4806,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : ""; @@ -4855,7 +4907,8 @@ handle_account(struct userNode *user, const char *stamp) hi = dict_find(nickserv_handle_dict, stamp, NULL); if(hi && timestamp && hi->registered != timestamp) { - log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp), +ctime(&hi->registered)); return; } #else