X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/dc46f772104ded3e3c708f638ee8700927fc0ae6..348683aa59f63ac110c129f808c91fc3156ee14f:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index 5a01d35..1b9ad5a 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -116,8 +116,7 @@ #define KEY_LDAP_ENABLE "ldap_enable" #ifdef WITH_LDAP -#define KEY_LDAP_HOST "ldap_host" -#define KEY_LDAP_PORT "ldap_port" +#define KEY_LDAP_URI "ldap_uri" #define KEY_LDAP_BASE "ldap_base" #define KEY_LDAP_DN_FMT "ldap_dn_fmt" #define KEY_LDAP_VERSION "ldap_version" @@ -130,6 +129,7 @@ #define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" #define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" #define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" +#define KEY_LDAP_TIMEOUT "ldap_timeout" #endif #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" @@ -164,6 +164,7 @@ static dict_t nickserv_email_dict; /* contains struct handle_info_list*, indexed static char handle_inverse_flags[256]; static unsigned int flag_access_levels[32]; static const struct message_entry msgtab[] = { + { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." }, { "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." }, { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."}, { "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." }, @@ -171,6 +172,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." }, { "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." }, { "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." }, { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." }, { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." }, { "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." }, @@ -300,7 +302,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." }, { "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." }, { "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." }, - { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, + { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." }, { "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, { "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." }, { "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." }, @@ -436,7 +438,7 @@ register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long struct handle_info *hi; hi = calloc(1, sizeof(*hi)); - hi->userlist_style = HI_DEFAULT_STYLE; + hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE; hi->announcements = '?'; hi->handle = strdup(handle); safestrncpy(hi->passwd, passwd, sizeof(hi->passwd)); @@ -1055,13 +1057,15 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha char crypted[MD5_CRYPT_LENGTH]; if ((hi = dict_find(nickserv_handle_dict, handle, NULL))) { - send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle); return 0; } if(strlen(handle) > 15) { - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); return 0; } @@ -1074,7 +1078,8 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha int rc; rc = ldap_do_add(handle, crypted, NULL); if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) { - send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + if(user) + send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); return 0; } } @@ -1090,18 +1095,31 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha if (settee && !no_auth) set_user_handle_info(settee, hi, 1); - if (user != settee) + if (user != settee) { + if(user) send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS"); - else if (nickserv_conf.disable_nicks) + } + else if (nickserv_conf.disable_nicks) { + if(user) { send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); - else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) + } + } + else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); + } + } else { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if(user) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } - if (settee && (user != settee)) + if (settee && (user != settee)) { + if(user) { send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle); + } + } return hi; } @@ -1925,6 +1943,8 @@ struct handle_info *loc_auth(char *handle, char *password) struct userNode *other; #ifdef WITH_LDAP int ldap_result = LDAP_SUCCESS; + char *email = NULL; + #endif hi = dict_find(nickserv_handle_dict, handle, NULL); @@ -1933,29 +1953,23 @@ struct handle_info *loc_auth(char *handle, char *password) #ifdef WITH_LDAP if(nickserv_conf.ldap_enable) { ldap_result = ldap_check_auth(handle, password); - if(ldap_result == LDAP_SUCCESS) { - /* pull the users info from ldap: - * * email - * * name if available - * * - */ - } - else { + if(ldap_result != LDAP_SUCCESS) { return NULL; } } - else +// else #else if (!checkpass(password, hi->passwd)) { return NULL; } #endif #ifdef WITH_LDAP - if(!hi && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { /* user not found, but authed to ldap successfully.. * create the account. */ char *mask; + int rc; /* Add a *@* mask */ if(nickserv_conf.default_hostmask) @@ -1967,6 +1981,16 @@ struct handle_info *loc_auth(char *handle, char *password) return 0; /* couldn't add the user for some reason */ } + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } if(mask) { char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); string_list_append(hi->masks, mask_canonicalized); @@ -2034,6 +2058,15 @@ static NICKSERV_FUNC(cmd_auth) } if (argc == 3) { #ifdef WITH_LDAP + if(strchr(argv[1], '<') || strchr(argv[1], '>')) { + reply("NSMSG_NO_ANGLEBRACKETS"); + return 0; + } + if (!is_valid_handle(argv[1])) { + reply("NSMSG_BAD_HANDLE", argv[1]); + return 0; + } + if(nickserv_conf.ldap_enable) { ldap_result = ldap_check_auth(argv[1], argv[2]); /* Get the users email address and update it */ @@ -2056,6 +2089,7 @@ static NICKSERV_FUNC(cmd_auth) #endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; +#ifdef notdef } else if (argc == 2) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { @@ -2074,6 +2108,7 @@ static NICKSERV_FUNC(cmd_auth) hi = ni->owner; } pw_arg = 1; +#endif } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); @@ -2131,7 +2166,7 @@ static NICKSERV_FUNC(cmd_auth) } #ifdef WITH_LDAP if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) { + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { #else if (!checkpass(passwd, hi->passwd)) { #endif @@ -3186,7 +3221,7 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); else rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); - if(rc != LDAP_SUCCESS) { + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); return 0; } @@ -3869,6 +3904,9 @@ struct nickserv_discrim { const char *hostmask; const char *handlemask; const char *emailmask; +#ifdef WITH_LDAP + unsigned int inldap; +#endif }; typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi); @@ -3894,6 +3932,9 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim->min_registered = 0; discrim->max_registered = INT_MAX; discrim->lastseen = now; +#ifdef WITH_LDAP + discrim->inldap = 2; +#endif for (i=0; ihostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) { + } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; } else { @@ -3993,7 +4034,20 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } - } else { +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif + } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; } @@ -4041,6 +4095,17 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) } if (!nick) return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && discrim->inldap != 2) { + int rc; + rc = ldap_get_user_info(hi->handle, NULL); + if(discrim->inldap == 1 && rc != LDAP_SUCCESS) + return 0; + if(discrim->inldap == 0 && rc == LDAP_SUCCESS) + return 0; + } + +#endif return 1; } @@ -4080,6 +4145,20 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +static void +search_add2ldap_func (struct userNode *source, struct handle_info *match) +{ +#ifdef WITH_LDAP + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } + } +#endif +} + static int nickserv_sort_accounts_by_access(const void *a, const void *b) { @@ -4144,6 +4223,10 @@ static NICKSERV_FUNC(cmd_search) action = search_count_func; else if (!irccasecmp(argv[1], "unregister")) action = search_unregister_func; +#ifdef WITH_LDAP + else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap")) + action = search_add2ldap_func; +#endif else { reply("NSMSG_INVALID_ACTION", argv[1]); return 0; @@ -4634,12 +4717,9 @@ nickserv_conf_read(void) #endif #ifdef WITH_LDAP - str = database_get_data(conf_node, KEY_LDAP_HOST, RECDB_QSTRING); - nickserv_conf.ldap_host = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING); + nickserv_conf.ldap_uri = str ? str : ""; - str = database_get_data(conf_node, KEY_LDAP_PORT, RECDB_QSTRING); - nickserv_conf.ldap_port = str ? strtoul(str, NULL, 0) : LDAP_PORT; - str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING); nickserv_conf.ldap_base = str ? str : ""; @@ -4652,6 +4732,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING); nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0; + str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING); + nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5; + str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING); nickserv_conf.ldap_admin_dn = str ? str : "";