X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/d76ed9a966ee3d955c8ef00ecc02e643c2005e2e..9b2d838a3f6c15287a36caed1c8e10ff8d74613d:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index 4d7b374..593e112 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -130,6 +130,7 @@ static char handle_inverse_flags[256]; static unsigned int flag_access_levels[32]; static const struct message_entry msgtab[] = { { "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." }, + { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."}, { "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." }, { "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." }, { "NSMSG_PASSWORD_DICTIONARY", "Your password should not be the word \"password\", or any other dictionary word." }, @@ -179,6 +180,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_STAMPED_RESETPASS", "You have already authenticated to an account once this session; you may not reset your password to authenticate again." }, { "NSMSG_STAMPED_AUTHCOOKIE", "You have already authenticated to an account once this session; you may not use a cookie to authenticate to another account." }, { "NSMSG_TITLE_INVALID", "Titles cannot contain any dots; please choose another." }, + { "NSMSG_TITLE_TRUNCATED", "That title combined with the user's account name would result in a truncated host; please choose a shorter title." }, { "NSMSG_FAKEHOST_INVALID", "Fake hosts must be shorter than %d characters and cannot start with a dot." }, { "NSMSG_HANDLEINFO_ON", "Account information for $b%s$b:" }, { "NSMSG_HANDLEINFO_ID", " Account ID: %lu" }, @@ -427,13 +429,6 @@ register_nick(const char *nick, struct handle_info *owner) dict_insert(nickserv_nick_dict, ni->nick, ni); } -static void -free_nick_info(void *vni) -{ - struct nick_info *ni = vni; - free(ni); -} - static void delete_nick(struct nick_info *ni) { @@ -936,7 +931,7 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) } } } - StampUser(user, id); + StampUser(user, id, hi->registered); } if ((ni = get_nick_info(user->nick)) && (ni->owner == hi)) @@ -959,6 +954,12 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; } + if(strlen(handle) > 15) + { + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + return 0; + } + if (!is_secure_password(handle, passwd, user)) return 0; @@ -1491,6 +1492,11 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } + if(strlen(argv[2]) > 15) + { + reply("NMSG_HANDLE_TOLONG", argv[2], 15); + return 0; + } dict_remove2(nickserv_handle_dict, old_handle = hi->handle, 1); hi->handle = strdup(argv[2]); @@ -1522,6 +1528,57 @@ reg_failpw_func(failpw_func_t func) failpw_func_list[failpw_func_used++] = func; } +/* + * Return hi if the handle/pass pair matches, NULL if it doesnt. + * + * called by nefariouses enhanced AC login-on-connect code + * + */ +struct handle_info *loc_auth(char *handle, char *password) +{ + int pw_arg, used, maxlogins; + unsigned int ii; + int wildmask = 0; + struct handle_info *hi; + struct userNode *other; + + hi = dict_find(nickserv_handle_dict, handle, NULL); + pw_arg = 2; + if (!hi) { + return NULL; + } + + /* We don't know the users hostname, or anything because they + * havn't registered yet. So we can only allow LOC if your + * account has *@* as a hostmask. + */ + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } + if(wildmask < 1) + return NULL; + + /* Responses from here on look up the language used by the handle they asked about. */ + if (!checkpass(password, hi->passwd)) { + return NULL; + } + if (HANDLE_FLAGGED(hi, SUSPENDED)) { + return NULL; + } + maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins; + for (used = 0, other = hi->users; other; other = other->next_authed) { + if (++used >= maxlogins) { + return NULL; + } + } + return hi; +} + static NICKSERV_FUNC(cmd_auth) { int pw_arg, used, maxlogins; @@ -2443,6 +2500,12 @@ static OPTION_FUNC(opt_title) send_message(user, nickserv, "NSMSG_TITLE_INVALID"); return 0; } + if ((strlen(user->handle_info->handle) + strlen(title) + + strlen(nickserv_conf.titlehost_suffix) + 2) > HOSTLEN) { + send_message(user, nickserv, "NSMSG_TITLE_TRUNCATED"); + return 0; + } + free(hi->fakehost); if (!strcmp(title, "*")) { hi->fakehost = NULL; @@ -2474,7 +2537,7 @@ static OPTION_FUNC(opt_fakehost) if ((argc > 1) && oper_has_access(user, nickserv, nickserv_conf.set_fakehost_level, 0)) { fake = argv[1]; if ((strlen(fake) > HOSTLEN) || (fake[0] == '.')) { - send_message(user, nickserv, "NSMSG_FAKEHOST_INVALID"); + send_message(user, nickserv, "NSMSG_FAKEHOST_INVALID", HOSTLEN); return 0; } free(hi->fakehost); @@ -2595,7 +2658,7 @@ static NICKSERV_FUNC(cmd_ounregister) if (!(hi = get_victim_oper(user, argv[1]))) return 0; nickserv_unregister_handle(hi, user); - return 0; + return 1; } static NICKSERV_FUNC(cmd_status) @@ -3636,11 +3699,26 @@ void handle_account(struct userNode *user, const char *stamp) { struct handle_info *hi; + char *colon; #ifdef WITH_PROTOCOL_P10 + time_t timestamp = 0; + + colon = strchr(stamp, ':'); + if(colon && colon[1]) + { + *colon = 0; + timestamp = atoi(colon+1); + } hi = dict_find(nickserv_handle_dict, stamp, NULL); + if(hi && timestamp && hi->registered != timestamp) + { + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + return; + } #else hi = dict_find(nickserv_id_dict, stamp, NULL); + log_module(MAIN_LOG, LOG_WARNING, "Using non-P10 code in accounts, not tested at all!"); #endif if (hi) { @@ -3749,17 +3827,21 @@ init_nickserv(const char *nick) dict_set_free_data(nickserv_email_dict, nickserv_free_email_addr); nickserv_module = module_register("NickServ", NS_LOG, "nickserv.help", NULL); - modcmd_register(nickserv_module, "AUTH", cmd_auth, 2, MODCMD_KEEP_BOUND, "flags", "+qualified,+loghostmask", NULL); +/* Removed qualified_host as default requirement for AUTH, REGISTER, PASS, etc. nets + * can enable it per command using modcmd. (its a shitty default IMO, and now in 1.3 + * a big pain to disable since its nolonger in the config file. ) -Rubin + */ + modcmd_register(nickserv_module, "AUTH", cmd_auth, 2, MODCMD_KEEP_BOUND, "flags", "+loghostmask", NULL); nickserv_define_func("ALLOWAUTH", cmd_allowauth, 0, 1, 0); - nickserv_define_func("REGISTER", cmd_register, -1, 0, 1); + nickserv_define_func("REGISTER", cmd_register, -1, 0, 0); nickserv_define_func("OREGISTER", cmd_oregister, 0, 1, 0); - nickserv_define_func("UNREGISTER", cmd_unregister, -1, 1, 1); + nickserv_define_func("UNREGISTER", cmd_unregister, -1, 1, 0); nickserv_define_func("OUNREGISTER", cmd_ounregister, 0, 1, 0); nickserv_define_func("ADDMASK", cmd_addmask, -1, 1, 0); nickserv_define_func("OADDMASK", cmd_oaddmask, 0, 1, 0); nickserv_define_func("DELMASK", cmd_delmask, -1, 1, 0); nickserv_define_func("ODELMASK", cmd_odelmask, 0, 1, 0); - nickserv_define_func("PASS", cmd_pass, -1, 1, 1); + nickserv_define_func("PASS", cmd_pass, -1, 1, 0); nickserv_define_func("SET", cmd_set, -1, 1, 0); nickserv_define_func("OSET", cmd_oset, 0, 1, 0); nickserv_define_func("ACCOUNTINFO", cmd_handleinfo, -1, 0, 0); @@ -3778,8 +3860,8 @@ init_nickserv(const char *nick) } if (nickserv_conf.email_enabled) { nickserv_define_func("AUTHCOOKIE", cmd_authcookie, -1, 0, 0); - nickserv_define_func("RESETPASS", cmd_resetpass, -1, 0, 1); - nickserv_define_func("COOKIE", cmd_cookie, -1, 0, 1); + nickserv_define_func("RESETPASS", cmd_resetpass, -1, 0, 0); + nickserv_define_func("COOKIE", cmd_cookie, -1, 0, 0); nickserv_define_func("DELCOOKIE", cmd_delcookie, -1, 1, 0); dict_insert(nickserv_opt_dict, "EMAIL", opt_email); } @@ -3819,14 +3901,15 @@ init_nickserv(const char *nick) dict_set_free_keys(nickserv_id_dict, free); nickserv_nick_dict = dict_new(); - dict_set_free_data(nickserv_nick_dict, free_nick_info); + dict_set_free_data(nickserv_nick_dict, free); nickserv_allow_auth_dict = dict_new(); userList_init(&curr_helpers); if (nick) { - nickserv = AddService(nick, "Nick Services", NULL); + const char *modes = conf_get_data("services/nickserv/modes", RECDB_QSTRING); + nickserv = AddService(nick, modes ? modes : NULL, "Nick Services", NULL); nickserv_service = service_register(nickserv); } saxdb_register("NickServ", nickserv_saxdb_read, nickserv_saxdb_write);