X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/eca6aa4f56d2678c30d21125be07ceabbfa89385..348683aa59f63ac110c129f808c91fc3156ee14f:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index de36d24..1b9ad5a 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -20,15 +20,21 @@ #include "chanserv.h" #include "conf.h" +#include "config.h" #include "global.h" #include "modcmd.h" #include "opserv.h" /* for gag_create(), opserv_bad_channel() */ #include "saxdb.h" #include "sendmail.h" #include "timeq.h" +#include "x3ldap.h" #include +#ifdef WITH_LDAP +#include +#endif + #define NICKSERV_CONF_NAME "services/nickserv" #define KEY_DISABLE_NICKS "disable_nicks" @@ -105,7 +111,26 @@ #define KEY_NOTE_NOTE "note" #define KEY_NOTE_SETTER "setter" #define KEY_NOTE_DATE "date" - +#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase" + +#define KEY_LDAP_ENABLE "ldap_enable" + +#ifdef WITH_LDAP +#define KEY_LDAP_URI "ldap_uri" +#define KEY_LDAP_BASE "ldap_base" +#define KEY_LDAP_DN_FMT "ldap_dn_fmt" +#define KEY_LDAP_VERSION "ldap_version" +#define KEY_LDAP_AUTOCREATE "ldap_autocreate" +#define KEY_LDAP_ADMIN_DN "ldap_admin_dn" +#define KEY_LDAP_ADMIN_PASS "ldap_admin_pass" +#define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account" +#define KEY_LDAP_FIELD_PASSWORD "ldap_field_password" +#define KEY_LDAP_FIELD_EMAIL "ldap_field_email" +#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" +#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" +#define KEY_LDAP_TIMEOUT "ldap_timeout" +#endif #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" @@ -139,12 +164,17 @@ static dict_t nickserv_email_dict; /* contains struct handle_info_list*, indexed static char handle_inverse_flags[256]; static unsigned int flag_access_levels[32]; static const struct message_entry msgtab[] = { + { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." }, { "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." }, - { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."}, + { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."}, { "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." }, { "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." }, { "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." }, { "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." }, + { "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." }, + { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." }, { "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." }, { "NSMSG_OREGISTER_VICTIM", "%s has registered a new account for you (named %s)." }, { "NSMSG_OREGISTER_H_SUCCESS", "Account has been registered." }, @@ -272,7 +302,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." }, { "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." }, { "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." }, - { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, + { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." }, { "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, { "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." }, { "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." }, @@ -371,62 +401,10 @@ static const struct message_entry msgtab[] = { { NULL, NULL } }; -enum reclaim_action { - RECLAIM_NONE, - RECLAIM_WARN, - RECLAIM_SVSNICK, - RECLAIM_KILL -}; static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action); static void nickserv_reclaim_p(void *data); -static struct { - unsigned int disable_nicks : 1; - unsigned int valid_handle_regex_set : 1; - unsigned int valid_nick_regex_set : 1; - unsigned int valid_fakehost_regex_set : 1; - unsigned int autogag_enabled : 1; - unsigned int email_enabled : 1; - unsigned int email_required : 1; - unsigned int default_hostmask : 1; - unsigned int warn_nick_owned : 1; - unsigned int warn_clone_auth : 1; - unsigned int sync_log : 1; - unsigned long nicks_per_handle; - unsigned long password_min_length; - unsigned long password_min_digits; - unsigned long password_min_upper; - unsigned long password_min_lower; - unsigned long db_backup_frequency; - unsigned long handle_expire_frequency; - unsigned long autogag_duration; - unsigned long email_visible_level; - unsigned long cookie_timeout; - unsigned long handle_expire_delay; - unsigned long nochan_handle_expire_delay; - unsigned long modoper_level; - unsigned long set_epithet_level; - unsigned long set_title_level; - unsigned long set_fakehost_level; - unsigned long handles_per_email; - unsigned long email_search_level; - const char *network_name; - const char *titlehost_suffix; - regex_t valid_handle_regex; - regex_t valid_nick_regex; - regex_t valid_fakehost_regex; - dict_t weak_password_dict; - struct policer_params *auth_policer_params; - enum reclaim_action reclaim_action; - enum reclaim_action auto_reclaim_action; - unsigned long auto_reclaim_delay; - unsigned char default_maxlogins; - unsigned char hard_maxlogins; - const char *auto_oper; - const char *auto_admin; - char default_style; - struct string_list *denied_fakehost_words; -} nickserv_conf; +struct nickserv_config nickserv_conf; /* We have 2^32 unique account IDs to use. */ unsigned long int highest_id = 0; @@ -460,7 +438,7 @@ register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long struct handle_info *hi; hi = calloc(1, sizeof(*hi)); - hi->userlist_style = HI_DEFAULT_STYLE; + hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE; hi->announcements = '?'; hi->handle = strdup(handle); safestrncpy(hi->passwd, passwd, sizeof(hi->passwd)); @@ -564,12 +542,26 @@ free_handle_info(void *vhi) static void set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp); -static void +static int nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, struct userNode *bot) { unsigned int n; struct userNode *uNode; +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) { + if(notify) { + send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + } + if(rc != LDAP_NO_SUCH_OBJECT) + return false; /* if theres noone there to delete, its kinda ok, right ?:) */ + } + } + } +#endif for (n=0; nusers) { @@ -591,6 +583,7 @@ nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, stru SyncLog("UNREGISTER %s", hi->handle); dict_remove(nickserv_handle_dict, hi->handle); + return true; } struct handle_info* @@ -682,8 +675,16 @@ is_valid_handle(const char *handle) static int is_registerable_nick(const char *nick) { - /* make sure it could be used as an account name */ - if (!is_valid_handle(nick)) + struct userNode *user; + /* cant register a juped nick/service nick as nick, to prevent confusion */ + user = GetUserH(nick); + if (user && IsLocal(user)) + return 0; + /* for consistency, only allow nicks names that could be nicks */ + if (!is_valid_nick(nick)) + return 0; + /* disallow nicks that look like bad words */ + if (opserv_bad_channel(nick)) return 0; /* check length */ if (strlen(nick) > NICKLEN) @@ -984,10 +985,8 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) if (hi && !hi->users && !hi->opserv_level) HANDLE_CLEAR_FLAG(hi, HELPING); - if (GetUserH(user->nick)) { - for (n=0; nnick)) user->loc = 1; if (hi) { @@ -1000,12 +999,15 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) send_message(other, nickserv, "NSMSG_CLONE_AUTH", user->nick, user->ident, user->hostname); } + /* Add this auth to users list of current auths */ user->next_authed = hi->users; hi->users = user; hi->lastseen = now; + /* Add to helpers list */ if (IsHelper(user)) userList_append(&curr_helpers, user); + /* Set the fakehost */ if (hi->fakehost || old_info) apply_fakehost(hi); @@ -1016,6 +1018,9 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) #else const char *id = "???"; #endif + /* Mark all the nicks registered to this + * account as registered nicks + * - Why not just this one? -rubin */ if (!nickserv_conf.disable_nicks) { struct nick_info *ni; for (ni = hi->nicks; ni; ni = ni->next) { @@ -1025,15 +1030,23 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) } } } + /* send the account to the ircd */ StampUser(user, id, hi->registered); } + /* Stop trying to kick this user off their nick */ if ((ni = get_nick_info(user->nick)) && (ni->owner == hi)) timeq_del(0, nickserv_reclaim_p, user, TIMEQ_IGNORE_WHEN); } else { /* We cannot clear the user's account ID, unfortunately. */ user->next_authed = NULL; } + + /* Call auth handlers */ + if (GetUserH(user->nick)) { + for (n=0; n 15) { - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); return 0; } @@ -1058,6 +1073,17 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha return 0; cryptpass(passwd, crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + rc = ldap_do_add(handle, crypted, NULL); + if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) { + if(user) + send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif hi = register_handle(handle, crypted, 0); hi->masks = alloc_string_list(1); hi->ignores = alloc_string_list(1); @@ -1069,18 +1095,31 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha if (settee && !no_auth) set_user_handle_info(settee, hi, 1); - if (user != settee) + if (user != settee) { + if(user) send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS"); - else if (nickserv_conf.disable_nicks) + } + else if (nickserv_conf.disable_nicks) { + if(user) { send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); - else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) + } + } + else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); + } + } else { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if(user) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } } - if (settee && (user != settee)) + if (settee && (user != settee)) { + if(user) { send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle); + } + } return hi; } @@ -1286,6 +1325,8 @@ static NICKSERV_FUNC(cmd_register) NICKSERV_MIN_PARMS((unsigned)3 + nickserv_conf.email_required); + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[1]); if (!is_valid_handle(argv[1])) { reply("NSMSG_BAD_HANDLE", argv[1]); return 0; @@ -1359,8 +1400,25 @@ static NICKSERV_FUNC(cmd_register) } /* Set their email address. */ - if (email_addr) + if (email_addr) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email_addr); + } + } + else { + nickserv_set_email_addr(hi, email_addr); + } +#else nickserv_set_email_addr(hi, email_addr); +#endif + } /* If they need to do email verification, tell them. */ if (no_auth) @@ -1399,6 +1457,8 @@ static NICKSERV_FUNC(cmd_oregister) account = argv[1]; pass = argv[2]; + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(account); if (nickserv_conf.email_required) { NICKSERV_MIN_PARMS(4); email = argv[3]; @@ -1450,7 +1510,23 @@ static NICKSERV_FUNC(cmd_oregister) return 0; /* error reply handled by above */ } if (email) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email); + } + } + else { + nickserv_set_email_addr(hi, email); + } +#else nickserv_set_email_addr(hi, email); +#endif } if (mask) { char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); @@ -1786,6 +1862,8 @@ static NICKSERV_FUNC(cmd_rename_handle) unsigned int nn; NICKSERV_MIN_PARMS(3); + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[2]); if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; if (!is_valid_handle(argv[2])) { @@ -1801,6 +1879,15 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NMSG_HANDLE_TOLONG", argv[2], 15); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if( (rc = ldap_rename_account(hi->handle, argv[2])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif dict_remove2(nickserv_handle_dict, old_handle = hi->handle, 1); hi->handle = strdup(argv[2]); @@ -1854,9 +1941,66 @@ struct handle_info *loc_auth(char *handle, char *password) int wildmask = 0; struct handle_info *hi; struct userNode *other; +#ifdef WITH_LDAP + int ldap_result = LDAP_SUCCESS; + char *email = NULL; + +#endif hi = dict_find(nickserv_handle_dict, handle, NULL); - pw_arg = 2; + pw_arg = 2; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(handle, password); + if(ldap_result != LDAP_SUCCESS) { + return NULL; + } + } +// else +#else + if (!checkpass(password, hi->passwd)) { + return NULL; + } +#endif +#ifdef WITH_LDAP + if( (!hi) && nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + int rc; + + /* Add a *@* mask */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + return NULL; /* They dont have a *@* mask so they can't loc */ + + if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { + return 0; /* couldn't add the user for some reason */ + } + + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); + } +#endif + + /* Still no account, so just fail out */ if (!hi) { return NULL; } @@ -1876,19 +2020,17 @@ struct handle_info *loc_auth(char *handle, char *password) if(wildmask < 1) return NULL; - /* Responses from here on look up the language used by the handle they asked about. */ - if (!checkpass(password, hi->passwd)) { - return NULL; - } if (HANDLE_FLAGGED(hi, SUSPENDED)) { return NULL; } + maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins; for (used = 0, other = hi->users; other; other = other->next_authed) { if (++used >= maxlogins) { return NULL; } } + /* TODO - Add LOGGING to this function so LOC's are logged.. */ return hi; } @@ -1898,6 +2040,10 @@ static NICKSERV_FUNC(cmd_auth) struct handle_info *hi; const char *passwd; struct userNode *other; +#ifdef WITH_LDAP + int ldap_result = LDAP_OTHER; + char *email = NULL; +#endif if (user->handle_info) { reply("NSMSG_ALREADY_AUTHED", user->handle_info->handle); @@ -1911,8 +2057,39 @@ static NICKSERV_FUNC(cmd_auth) return 0; } if (argc == 3) { +#ifdef WITH_LDAP + if(strchr(argv[1], '<') || strchr(argv[1], '>')) { + reply("NSMSG_NO_ANGLEBRACKETS"); + return 0; + } + if (!is_valid_handle(argv[1])) { + reply("NSMSG_BAD_HANDLE", argv[1]); + return 0; + } + + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(argv[1], argv[2]); + /* Get the users email address and update it */ + if(ldap_result == LDAP_SUCCESS) { + int rc; + if((rc = ldap_get_user_info(argv[1], &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc)); + return 0; + } + } + } + else if(ldap_result != LDAP_INVALID_CREDENTIALS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + } + +#endif hi = dict_find(nickserv_handle_dict, argv[1], NULL); pw_arg = 2; +#ifdef notdef } else if (argc == 2) { if (nickserv_conf.disable_nicks) { if (!(hi = get_handle_info(user->nick))) { @@ -1921,6 +2098,7 @@ static NICKSERV_FUNC(cmd_auth) } } else { /* try to look up their handle from their nick */ + /* TODO: handle ldap auth on nickserv style networks, too */ struct nick_info *ni; ni = get_nick_info(user->nick); if (!ni) { @@ -1930,14 +2108,47 @@ static NICKSERV_FUNC(cmd_auth) hi = ni->owner; } pw_arg = 1; +#endif } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); return 0; } if (!hi) { - reply("NSMSG_HANDLE_NOT_FOUND"); - return 0; +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + if(!(hi = nickserv_register(user, NULL, argv[1], argv[2], 0))) { + reply("NSMSG_UNABLE_TO_ADD"); + return 0; /* couldn't add the user for some reason */ + } + /* Add a *@* mask */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); + + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info); + } + else { +#endif + reply("NSMSG_HANDLE_NOT_FOUND"); + return 0; +#ifdef WITH_LDAP + } +#endif } /* Responses from here on look up the language used by the handle they asked about. */ passwd = argv[pw_arg]; @@ -1953,7 +2164,12 @@ static NICKSERV_FUNC(cmd_auth) argv[pw_arg] = "BADMASK"; return 1; } +#ifdef WITH_LDAP + if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { +#else if (!checkpass(passwd, hi->passwd)) { +#endif unsigned int n; send_message_type(4, user, cmd->parent->bot, handle_find_message(hi, "NSMSG_PASSWORD_INVALID")); @@ -2184,7 +2400,23 @@ static NICKSERV_FUNC(cmd_odelcookie) if (nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, hi->cookie->data); + } + } + else { + nickserv_set_email_addr(hi, hi->cookie->data); + } +#else nickserv_set_email_addr(hi, hi->cookie->data); +#endif if (nickserv_conf.sync_log) SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); break; @@ -2278,6 +2510,17 @@ static NICKSERV_FUNC(cmd_cookie) switch (hi->cookie->type) { case ACTIVATION: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); set_user_handle_info(user, hi, 1); reply("NSMSG_HANDLE_ACTIVATED"); @@ -2285,6 +2528,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("ACCOUNTACC %s", hi->handle); break; case PASSWORD_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif set_user_handle_info(user, hi, 1); safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); reply("NSMSG_PASSWORD_CHANGED"); @@ -2292,6 +2546,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); break; case EMAIL_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (!hi->email_addr && nickserv_conf.sync_log) { /* * This should only happen if an OREGISTER was sent. Require @@ -2300,6 +2565,7 @@ static NICKSERV_FUNC(cmd_cookie) if (nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); } + nickserv_set_email_addr(hi, hi->cookie->data); reply("NSMSG_EMAIL_CHANGED"); if (nickserv_conf.sync_log) @@ -2372,7 +2638,11 @@ static NICKSERV_FUNC(cmd_regnick) { static NICKSERV_FUNC(cmd_pass) { struct handle_info *hi; - const char *old_pass, *new_pass; + char *old_pass, *new_pass; + char crypted[MD5_CRYPT_LENGTH+1]; +#ifdef WITH_LDAP + int ldap_result; +#endif NICKSERV_MIN_PARMS(3); hi = user->handle_info; @@ -2380,12 +2650,36 @@ static NICKSERV_FUNC(cmd_pass) new_pass = argv[2]; argv[2] = "****"; if (!is_secure_password(hi->handle, new_pass, user)) return 0; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(hi->handle, old_pass); + if(ldap_result != LDAP_SUCCESS) { + if(ldap_result == LDAP_INVALID_CREDENTIALS) + reply("NSMSG_PASSWORD_INVALID"); + else + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + }else +#endif if (!checkpass(old_pass, hi->passwd)) { argv[1] = "BADPASS"; reply("NSMSG_PASSWORD_INVALID"); return 0; } - cryptpass(new_pass, hi->passwd); + cryptpass(new_pass, crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + //cryptpass(new_pass, hi->passwd); + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); argv[1] = "****"; @@ -2766,14 +3060,26 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { + char crypted[MD5_CRYPT_LENGTH+1]; + if(argc < 1) { + return 0; + } if (!override) { reply("NSMSG_USE_CMD_PASS"); return 0; } - if (argc > 1) - cryptpass(argv[1], hi->passwd); - + cryptpass(argv[1], crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); @@ -2822,6 +3128,15 @@ static OPTION_FUNC(opt_email) else if (!override) nickserv_make_cookie(user, hi, EMAIL_CHANGE, argv[1], 0); else { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif nickserv_set_email_addr(hi, argv[1]); if (hi->cookie) nickserv_eat_cookie(hi->cookie); @@ -2878,6 +3193,7 @@ static OPTION_FUNC(opt_language) return 1; } +/* Called from opserv from cmd_access */ int oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_info *target, unsigned int new_level) { if (!oper_has_access(user, bot, nickserv_conf.modoper_level, 0)) @@ -2898,6 +3214,19 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i send_message(user, bot, "MSG_STUPID_ACCESS_CHANGE"); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_oper_group_dn && nickserv_conf.ldap_admin_dn) { + int rc; + if(new_level > 0) + rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); + else + rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { + send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (target->opserv_level == new_level) return 0; log_module(NS_LOG, LOG_INFO, "Account %s setting oper level for account %s to %d (from %d).", @@ -2998,20 +3327,27 @@ static OPTION_FUNC(opt_title) title = hi->fakehost + 1; else { /* If theres no title set then the default title will therefore - be the first part of hidden_host in x3.conf.example, so for - consistency with opt_fakehost we will print this here */ + be the first part of hidden_host in x3.conf, so for + consistency with opt_fakehost we will print this here. + This isnt actually used in P10, its just handled to keep from crashing... */ char *hs, *hidden_suffix, *rest; hs = conf_get_data("server/hidden_host", RECDB_QSTRING); hidden_suffix = strdup(hs); /* Yes we do this twice */ - rest = strrchr(hidden_suffix, '.'); - *rest++ = '\0'; - rest = strrchr(hidden_suffix, '.'); - *rest++ = '\0'; + if((rest = strchr(hidden_suffix, '.'))) + { + *rest = '\0'; + title = hidden_suffix; + } + else + { + /* A lame default if someone configured hidden_host to something lame */ + title = strdup("users"); + free(hidden_suffix); + } - title = hidden_suffix; } if (!title) @@ -3147,7 +3483,7 @@ static OPTION_FUNC(opt_note) } } - reply("NSMSG_SET_NOTE", hi->note->note); + reply("NSMSG_SET_NOTE", hi->note ? hi->note->note : user_find_message(user, "MSG_NONE")); return 1; } @@ -3237,8 +3573,10 @@ static NICKSERV_FUNC(cmd_unregister) passwd = argv[1]; argv[1] = "****"; if (checkpass(passwd, hi->passwd)) { - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else + return 0; } else { log_module(NS_LOG, LOG_INFO, "Account '%s' tried to unregister with the wrong password.", hi->handle); reply("NSMSG_PASSWORD_INVALID"); @@ -3253,8 +3591,10 @@ static NICKSERV_FUNC(cmd_ounregister) NICKSERV_MIN_PARMS(2); if (!(hi = get_victim_oper(cmd, user, argv[1]))) return 0; - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else + return 0; } static NICKSERV_FUNC(cmd_status) @@ -3547,6 +3887,9 @@ static NICKSERV_FUNC(cmd_merge) /* Unregister the "from" handle. */ nickserv_unregister_handle(hi_from, NULL, cmd->parent->bot); + /* TODO: fix it so that if the ldap delete in nickserv_unregister_handle fails, + * the process isn't completed. + */ return 1; } @@ -3561,6 +3904,9 @@ struct nickserv_discrim { const char *hostmask; const char *handlemask; const char *emailmask; +#ifdef WITH_LDAP + unsigned int inldap; +#endif }; typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi); @@ -3586,6 +3932,9 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim->min_registered = 0; discrim->max_registered = INT_MAX; discrim->lastseen = now; +#ifdef WITH_LDAP + discrim->inldap = 2; +#endif for (i=0; ihostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) { + } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; } else { @@ -3685,7 +4034,20 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } - } else { +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif + } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; } @@ -3733,6 +4095,17 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) } if (!nick) return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && discrim->inldap != 2) { + int rc; + rc = ldap_get_user_info(hi->handle, NULL); + if(discrim->inldap == 1 && rc != LDAP_SUCCESS) + return 0; + if(discrim->inldap == 0 && rc == LDAP_SUCCESS) + return 0; + } + +#endif return 1; } @@ -3772,6 +4145,20 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +static void +search_add2ldap_func (struct userNode *source, struct handle_info *match) +{ +#ifdef WITH_LDAP + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } + } +#endif +} + static int nickserv_sort_accounts_by_access(const void *a, const void *b) { @@ -3836,6 +4223,10 @@ static NICKSERV_FUNC(cmd_search) action = search_count_func; else if (!irccasecmp(argv[1], "unregister")) action = search_unregister_func; +#ifdef WITH_LDAP + else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap")) + action = search_add2ldap_func; +#endif else { reply("NSMSG_INVALID_ACTION", argv[1]); return 0; @@ -3882,7 +4273,7 @@ static MODCMD_FUNC(cmd_checkpass) } static void -nickserv_db_read_handle(const char *handle, dict_t obj) +nickserv_db_read_handle(char *handle, dict_t obj) { const char *str; struct string_list *masks, *slist, *ignores; @@ -3912,6 +4303,8 @@ nickserv_db_read_handle(const char *handle, dict_t obj) authed_users = NULL; channels = NULL; } + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(handle); hi = register_handle(handle, str, id); if (authed_users) { hi->users = authed_users; @@ -4031,10 +4424,13 @@ static int nickserv_saxdb_read(dict_t db) { dict_iterator_t it; struct record_data *rd; + char *handle; for (it=dict_first(db); it; it=iter_next(it)) { rd = iter_data(it); - nickserv_db_read_handle(iter_key(it), rd->d.object); + handle = strdup(iter_key(it)); + nickserv_db_read_handle(handle, rd->d.object); + free(handle); } return 0; } @@ -4304,6 +4700,74 @@ nickserv_conf_read(void) child = database_get_data(conf_node, KEY_AUTH_POLICER, RECDB_OBJECT); for (it=dict_first(child); it; it=iter_next(it)) set_policer_param(iter_key(it), iter_data(it), nickserv_conf.auth_policer_params); + + str = database_get_data(conf_node, KEY_LDAP_ENABLE, RECDB_QSTRING); + nickserv_conf.ldap_enable = str ? strtoul(str, NULL, 0) : 0; + + str = database_get_data(conf_node, KEY_FORCE_HANDLES_LOWERCASE, RECDB_QSTRING); + nickserv_conf.force_handles_lowercase = str ? strtol(str, NULL, 0) : 0; + +#ifndef WITH_LDAP + if(nickserv_conf.ldap_enable > 0) { + /* ldap is enabled but not compiled in - error out */ + log_module(MAIN_LOG, LOG_ERROR, "ldap is enabled in config, but not compiled in!"); + nickserv_conf.ldap_enable = 0; + sleep(5); + } +#endif + +#ifdef WITH_LDAP + str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING); + nickserv_conf.ldap_uri = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING); + nickserv_conf.ldap_base = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_DN_FMT, RECDB_QSTRING); + nickserv_conf.ldap_dn_fmt = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_VERSION, RECDB_QSTRING); + nickserv_conf.ldap_version = str ? strtoul(str, NULL, 0) : 3; + + str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING); + nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0; + + str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING); + nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5; + + str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING); + nickserv_conf.ldap_admin_dn = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_ADMIN_PASS, RECDB_QSTRING); + nickserv_conf.ldap_admin_pass = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_ACCOUNT, RECDB_QSTRING); + nickserv_conf.ldap_field_account = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_PASSWORD, RECDB_QSTRING); + nickserv_conf.ldap_field_password = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING); + nickserv_conf.ldap_field_email = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_dn = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); + nickserv_conf.ldap_field_group_member = str ? str : ""; + + free_string_list(nickserv_conf.ldap_object_classes); + strlist = database_get_data(conf_node, KEY_LDAP_OBJECT_CLASSES, RECDB_STRING_LIST); + if(strlist) + strlist = string_list_copy(strlist); + else { + strlist = alloc_string_list(4); + string_list_append(strlist, strdup("top")); + } + nickserv_conf.ldap_object_classes = strlist; + +#endif + } static void @@ -4608,6 +5072,9 @@ init_nickserv(const char *nick) AddChannelUser(nickserv, chan)->modes |= MODE_CHANOP; } } +#ifdef WITH_LDAP + ldap_do_init(nickserv_conf); +#endif message_register_table(msgtab); }