X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/c79ab0d90977621ebe25ae16f4c7db7187d57397..a3da4b66b05fa77dec803e29b525c464cbd5d37c:/src/nickserv.c?ds=sidebyside

diff --git a/src/nickserv.c b/src/nickserv.c
index b2518dc..b85d5ad 100644
--- a/src/nickserv.c
+++ b/src/nickserv.c
@@ -264,7 +264,7 @@ static const struct message_entry msgtab[] = {
     { "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" },
     { "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" },
     { "NSMSG_HANDLEINFO_MASKS", "Hostmask(s): %s" },
-    { "NSMSG_HANDLEINFO_SSLFPS", "SSL Fingerprints(s): %s" },
+    { "NSMSG_HANDLEINFO_SSLFPS", "Client Certificate Fingerprints(s): %s" },
     { "NSMSG_HANDLEINFO_IGNORES", "Ignore(s): %s" },
     { "NSMSG_HANDLEINFO_CHANNELS", "Channel(s): %s" },
     { "NSMSG_HANDLEINFO_CURRENT", "Current nickname(s): %s" },
@@ -299,13 +299,13 @@ static const struct message_entry msgtab[] = {
     { "NSMSG_ADDMASK_SUCCESS", "Hostmask %s added." },
     { "NSMSG_ADDIGNORE_ALREADY", "$b%s$b is already an ignored hostmask in your account." },
     { "NSMSG_ADDIGNORE_SUCCESS", "Hostmask %s added." },
-    { "NSMSG_ADDSSLFP_ALREADY", "$b%s$b is already an SSL fingerprint in your account." },
-    { "NSMSG_ADDSSLFP_SUCCESS", "SSL fingerprint %s added." },
+    { "NSMSG_ADDSSLFP_ALREADY", "$b%s$b is already a client certificate fingerprint in your account." },
+    { "NSMSG_ADDSSLFP_SUCCESS", "Client certificate fingerprint %s added." },
     { "NSMSG_DELMASK_NOTLAST", "You may not delete your last hostmask." },
     { "NSMSG_DELMASK_SUCCESS", "Hostmask %s deleted." },
     { "NSMSG_DELMASK_NOT_FOUND", "Unable to find mask to be deleted." },
-    { "NSMSG_DELSSLFP_SUCCESS", "SSL fingerprint %s deleted." },
-    { "NSMSG_DELSSLFP_NOT_FOUND", "Unable to find SSL fingerprint to be deleted." },
+    { "NSMSG_DELSSLFP_SUCCESS", "Client certificate fingerprint %s deleted." },
+    { "NSMSG_DELSSLFP_NOT_FOUND", "Unable to find client certificate fingerprint to be deleted." },
     { "NSMSG_OPSERV_LEVEL_BAD", "You may not promote another oper above your level." },
     { "NSMSG_USE_CMD_PASS", "Please use the PASS command to change your password." },
     { "NSMSG_UNKNOWN_NICK", "I know nothing about nick $b%s$b." },
@@ -2127,6 +2127,10 @@ struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *us
             handle = hi->handle;
     }
     
+    /* Ensure handle is valid if not found in internal DB */
+    if (!hi && (!handle || !is_valid_handle(handle)))
+        return 0;
+
 #ifdef WITH_LDAP
     if (nickserv_conf.ldap_enable && (password != NULL)) {
         ldap_result = ldap_check_auth(handle, password);
@@ -2290,6 +2294,71 @@ struct handle_info *loc_auth(char *sslfp, char *handle, char *password, char *us
     return hi;
 }
 
+void nickserv_do_autoauth(struct userNode *user)
+{
+    struct handle_info *hi;
+    struct userNode *other;
+    int used, maxlogins;
+
+    /* Already authed, nothing to do */
+    if (user->handle_info)
+        return;
+
+    /* No client certificate fingerprint, cant auto auth */
+    if (!user->sslfp)
+        return;
+
+    hi = find_handleinfo_by_sslfp(user->sslfp);
+    if (!hi)
+        return;
+
+    /* User doesn't match host masks */
+    if (!valid_user_for(user, hi)) {
+        if (hi->email_addr && nickserv_conf.email_enabled)
+            send_message_type(4, user, nickserv,
+                              handle_find_message(hi, "NSMSG_USE_AUTHCOOKIE"),
+                              hi->handle);
+        else
+            send_message_type(4, user, nickserv,
+                              handle_find_message(hi, "NSMSG_HOSTMASK_INVALID"),
+                              hi->handle);
+        return;
+    }
+
+    /* Account suspended? */
+    if (HANDLE_FLAGGED(hi, SUSPENDED)) {
+        send_message_type(4, user, nickserv,
+                          handle_find_message(hi, "NSMSG_HANDLE_SUSPENDED"));
+        return;
+    }
+
+    maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins;
+    for (used = 0, other = hi->users; other; other = other->next_authed) {
+        if (++used >= maxlogins) {
+            send_message_type(4, user, nickserv,
+                              handle_find_message(hi, "NSMSG_MAX_LOGINS"),
+                              maxlogins);
+            return;
+        }
+    }
+
+    set_user_handle_info(user, hi, 1);
+    if (nickserv_conf.email_required && !hi->email_addr)
+        send_message_type(4, user, nickserv,
+                          handle_find_message(hi, "NSMSG_PLEASE_SET_EMAIL"));
+
+   /* If a channel was waiting for this user to auth,
+    * finish adding them */
+    process_adduser_pending(user);
+
+    send_message_type(4, user, nickserv,
+                      handle_find_message(hi, "NSMSG_AUTH_SUCCESS"));
+
+    /* Set +x if autohide is on */
+    if(HANDLE_FLAGGED(hi, AUTOHIDE))
+        irc_umode(user, "+x");
+}
+
 static NICKSERV_FUNC(cmd_auth)
 {
     int pw_arg, used, maxlogins;
@@ -3890,12 +3959,10 @@ static OPTION_FUNC(opt_note)
 
 static NICKSERV_FUNC(cmd_reclaim)
 {
-    struct handle_info *hi;
     struct nick_info *ni;
     struct userNode *victim;
 
     NICKSERV_MIN_PARMS(2);
-    hi = user->handle_info;
     ni = dict_find(nickserv_nick_dict, argv[1], 0);
     if (!ni) {
         reply("NSMSG_UNKNOWN_NICK", argv[1]);
@@ -5327,8 +5394,9 @@ nickserv_conf_read(void)
     if(nickserv_conf.ldap_enable > 0) {
         /* ldap is enabled but not compiled in - error out */
         log_module(MAIN_LOG, LOG_ERROR, "ldap is enabled in config, but not compiled in!");
-        nickserv_conf.ldap_enable = 0;
-        sleep(5);
+        exit(2);
+        /* nickserv_conf.ldap_enable = 0; */
+        /* sleep(5); */
     }
 #endif 
 
@@ -5444,9 +5512,10 @@ check_user_nick(struct userNode *user, UNUSED_ARG(void *extra)) {
         irc_regnick(user);
         return 0;
     }
-    if (nickserv_conf.warn_nick_owned)
+    if (nickserv_conf.warn_nick_owned) {
         send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle);
         send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle);
+    }
     if (nickserv_conf.auto_reclaim_action == RECLAIM_NONE)
         return 0;
     if (nickserv_conf.auto_reclaim_delay)
@@ -5773,7 +5842,7 @@ sasl_packet(struct SASLSession *session)
         base64_decode_alloc(session->buf, session->buflen, &raw, &rawlen);
 
         raw = (char *)realloc(raw, rawlen+1);
-	raw[rawlen] = '\0';
+        raw[rawlen] = '\0';
 
         authzid = raw;
         r = raw;
@@ -5790,7 +5859,7 @@ sasl_packet(struct SASLSession *session)
 
         log_module(NS_LOG, LOG_DEBUG, "SASL: Checking supplied credentials");
 
-        if (c != 2)
+        if ((c != 2) || !(*authcid))
         {
             log_module(NS_LOG, LOG_DEBUG, "SASL: Incomplete credentials supplied");
             irc_sasl(session->source, session->uid, "D", "F");
@@ -6024,10 +6093,10 @@ init_nickserv(const char *nick)
     nickserv_define_func("OADDMASK", cmd_oaddmask, 0, 1, 0);
     nickserv_define_func("DELMASK", cmd_delmask, -1, 1, 0);
     nickserv_define_func("ODELMASK", cmd_odelmask, 0, 1, 0);
-    nickserv_define_func("ADDSSLFP", cmd_addsslfp, -1, 1, 0);
-    nickserv_define_func("OADDSSLFP", cmd_oaddsslfp, 0, 1, 0);
-    nickserv_define_func("DELSSLFP", cmd_delsslfp, -1, 1, 0);
-    nickserv_define_func("ODELSSLFP", cmd_odelsslfp, 0, 1, 0);
+    nickserv_define_func("ADDCERTFP", cmd_addsslfp, -1, 1, 0);
+    nickserv_define_func("OADDCERTFP", cmd_oaddsslfp, 0, 1, 0);
+    nickserv_define_func("DELCERTFP", cmd_delsslfp, -1, 1, 0);
+    nickserv_define_func("ODELCERTFP", cmd_odelsslfp, 0, 1, 0);
     nickserv_define_func("PASS", cmd_pass, -1, 1, 0);
     nickserv_define_func("SET", cmd_set, -1, 1, 0);
     nickserv_define_func("OSET", cmd_oset, 0, 1, 0);