X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/b96027ad8b800e3346f51f7dfe07bed814487681..625ccd4e28eb61b229663b3dc531a649762012bb:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index 092d237..4e0d1bd 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -128,6 +128,7 @@ #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" #define KEY_LDAP_TIMEOUT "ldap_timeout" #endif @@ -1062,10 +1063,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { if(user) - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1874,9 +1875,9 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } #ifdef WITH_LDAP @@ -1934,7 +1935,7 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; @@ -1944,7 +1945,6 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1957,14 +1957,26 @@ struct handle_info *loc_auth(char *handle, char *password) return NULL; } } -// else #else + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { return NULL; } #endif #ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ @@ -1972,6 +1984,7 @@ struct handle_info *loc_auth(char *handle, char *password) int rc; /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ if(nickserv_conf.default_hostmask) mask = "*@*"; else @@ -2008,14 +2021,52 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2089,7 +2140,7 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; - } else if (argc == 2) { + } else if (argc == 2 && !nickserv_conf.ldap_enable) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { reply("NSMSG_HANDLE_NOT_FOUND"); @@ -2164,7 +2215,7 @@ static NICKSERV_FUNC(cmd_auth) } #ifdef WITH_LDAP if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) { + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { #else if (!checkpass(passwd, hi->passwd)) { #endif @@ -3059,7 +3110,7 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3215,11 +3266,11 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); - if(rc != LDAP_SUCCESS) { + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); return 0; } @@ -4032,6 +4083,7 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } +#ifdef WITH_LDAP } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { i++; if(true_string(argv[i])) { @@ -4043,6 +4095,7 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int else { reply("MSG_INVALID_BINARY", argv[i]); } +#endif } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; @@ -4145,9 +4198,12 @@ static void search_add2ldap_func (struct userNode *source, struct handle_info *match) { #ifdef WITH_LDAP - int rc = ldap_do_add(match->handle, match->passwd, match->email_addr); - if(rc != LDAP_SUCCESS) { - send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } } #endif } @@ -4746,6 +4802,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : "";