X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/bec5dd268000aadd61b567d4fb017d81c36469aa..06742a38f2b752d776bb3e35dc7d1f5061de9ceb:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index 5b7a2d4..dad3b87 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -128,7 +128,9 @@ #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" +#define KEY_LDAP_TIMEOUT "ldap_timeout" #endif #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" @@ -171,6 +173,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." }, { "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." }, { "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." }, { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." }, { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." }, { "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." }, @@ -1060,10 +1063,10 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { if(user) - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1093,19 +1096,33 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha if (settee && !no_auth) set_user_handle_info(settee, hi, 1); - if (user && user != settee) + if (user != settee) { + if(user) send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS"); - else if (user && nickserv_conf.disable_nicks) + } + else if (nickserv_conf.disable_nicks) { + if(user) { send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); - else if (user && (ni = dict_find(nickserv_nick_dict, user->nick, NULL))) + } + } + else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); + } + } else { - register_nick(user->nick, hi); - if(user) - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if(user) { + if (is_registerable_nick(user->nick)) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } + } } - if (user && settee && (user != settee)) + if (settee && (user != settee)) { + if(user) { send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle); + } + } return hi; } @@ -1190,6 +1207,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ else fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); + first_time = 0; break; case EMAIL_CHANGE: misc = hi->email_addr; @@ -1204,6 +1222,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ sendmail(nickserv, hi, subject, body, 1); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr); + first_time = 1; } else { #endif send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1"); @@ -1860,9 +1879,9 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } #ifdef WITH_LDAP @@ -1920,7 +1939,7 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; @@ -1930,7 +1949,6 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; char *email = NULL; - #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1943,14 +1961,26 @@ struct handle_info *loc_auth(char *handle, char *password) return NULL; } } -// else #else + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { return NULL; } #endif #ifdef WITH_LDAP - if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ @@ -1958,6 +1988,7 @@ struct handle_info *loc_auth(char *handle, char *password) int rc; /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ if(nickserv_conf.default_hostmask) mask = "*@*"; else @@ -1994,14 +2025,52 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; @@ -2075,7 +2144,7 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; - } else if (argc == 2) { + } else if (argc == 2 && !nickserv_conf.ldap_enable) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { reply("NSMSG_HANDLE_NOT_FOUND"); @@ -2150,7 +2219,7 @@ static NICKSERV_FUNC(cmd_auth) } #ifdef WITH_LDAP if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) { + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { #else if (!checkpass(passwd, hi->passwd)) { #endif @@ -3045,7 +3114,7 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { char crypted[MD5_CRYPT_LENGTH+1]; - if(argc < 1) { + if(argc < 2) { return 0; } if (!override) { @@ -3201,11 +3270,11 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { int rc; - if(new_level > 0) + if(new_level > nickserv_conf.ldap_oper_group_level) rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); - if(rc != LDAP_SUCCESS) { + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); return 0; } @@ -3888,6 +3957,9 @@ struct nickserv_discrim { const char *hostmask; const char *handlemask; const char *emailmask; +#ifdef WITH_LDAP + unsigned int inldap; +#endif }; typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi); @@ -3913,6 +3985,9 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim->min_registered = 0; discrim->max_registered = INT_MAX; discrim->lastseen = now; +#ifdef WITH_LDAP + discrim->inldap = 2; +#endif for (i=0; ihostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) { + } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; } else { @@ -4012,7 +4087,20 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } - } else { +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif + } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; } @@ -4060,6 +4148,17 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) } if (!nick) return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && discrim->inldap != 2) { + int rc; + rc = ldap_get_user_info(hi->handle, NULL); + if(discrim->inldap == 1 && rc != LDAP_SUCCESS) + return 0; + if(discrim->inldap == 0 && rc == LDAP_SUCCESS) + return 0; + } + +#endif return 1; } @@ -4099,6 +4198,20 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +#ifdef WITH_LDAP +static void +search_add2ldap_func (struct userNode *source, struct handle_info *match) +{ + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } + } +} +#endif + static int nickserv_sort_accounts_by_access(const void *a, const void *b) { @@ -4163,6 +4276,10 @@ static NICKSERV_FUNC(cmd_search) action = search_count_func; else if (!irccasecmp(argv[1], "unregister")) action = search_unregister_func; +#ifdef WITH_LDAP + else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap")) + action = search_add2ldap_func; +#endif else { reply("NSMSG_INVALID_ACTION", argv[1]); return 0; @@ -4668,6 +4785,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING); nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0; + str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING); + nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5; + str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING); nickserv_conf.ldap_admin_dn = str ? str : ""; @@ -4686,6 +4806,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); nickserv_conf.ldap_oper_group_dn = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); nickserv_conf.ldap_field_group_member = str ? str : ""; @@ -4784,7 +4907,8 @@ handle_account(struct userNode *user, const char *stamp) hi = dict_find(nickserv_handle_dict, stamp, NULL); if(hi && timestamp && hi->registered != timestamp) { - log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp), +ctime(&hi->registered)); return; } #else