X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/fc01208708c850296e2c5091ea9c7c20fb0790b3..92fb809beb2963a5b331a59e589430c989c9cbde:/src/nickserv.c diff --git a/src/nickserv.c b/src/nickserv.c index e915352..b66ef4d 100644 --- a/src/nickserv.c +++ b/src/nickserv.c @@ -5,7 +5,7 @@ * * x3 is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or + * the Free Software Foundation; either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, @@ -25,14 +25,14 @@ #include "modcmd.h" #include "opserv.h" /* for gag_create(), opserv_bad_channel() */ #include "saxdb.h" -#include "sendmail.h" +#include "mail.h" #include "timeq.h" #include "x3ldap.h" #include #ifdef WITH_LDAP -#include /* just needed for default LDAP_PORT */ +#include #endif #define NICKSERV_CONF_NAME "services/nickserv" @@ -79,6 +79,8 @@ #define KEY_ACCOUNTS_PER_EMAIL "accounts_per_email" #define KEY_EMAIL_SEARCH_LEVEL "email_search_level" #define KEY_DEFAULT_STYLE "default_style" +#define KEY_OUNREGISTER_INACTIVE "ounregister_inactive" +#define KEY_OUNREGISTER_FLAGS "ounregister_flags" #define KEY_ID "id" #define KEY_PASSWD "passwd" @@ -111,12 +113,13 @@ #define KEY_NOTE_NOTE "note" #define KEY_NOTE_SETTER "setter" #define KEY_NOTE_DATE "date" +#define KEY_KARMA "karma" +#define KEY_FORCE_HANDLES_LOWERCASE "force_handles_lowercase" #define KEY_LDAP_ENABLE "ldap_enable" #ifdef WITH_LDAP -#define KEY_LDAP_HOST "ldap_host" -#define KEY_LDAP_PORT "ldap_port" +#define KEY_LDAP_URI "ldap_uri" #define KEY_LDAP_BASE "ldap_base" #define KEY_LDAP_DN_FMT "ldap_dn_fmt" #define KEY_LDAP_VERSION "ldap_version" @@ -126,6 +129,11 @@ #define KEY_LDAP_FIELD_ACCOUNT "ldap_field_account" #define KEY_LDAP_FIELD_PASSWORD "ldap_field_password" #define KEY_LDAP_FIELD_EMAIL "ldap_field_email" +#define KEY_LDAP_OBJECT_CLASSES "ldap_object_classes" +#define KEY_LDAP_OPER_GROUP_DN "ldap_oper_group_dn" +#define KEY_LDAP_OPER_GROUP_LEVEL "ldap_oper_group_level" +#define KEY_LDAP_FIELD_GROUP_MEMBER "ldap_field_group_member" +#define KEY_LDAP_TIMEOUT "ldap_timeout" #endif #define NICKSERV_VALID_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_" @@ -134,7 +142,7 @@ #define OPTION_FUNC(NAME) int NAME(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, UNUSED_ARG(unsigned int override), unsigned int argc, char *argv[]) typedef OPTION_FUNC(option_func_t); -DEFINE_LIST(handle_info_list, struct handle_info*); +DEFINE_LIST(handle_info_list, struct handle_info*) #define NICKSERV_MIN_PARMS(N) do { \ if (argc < N) { \ @@ -151,7 +159,7 @@ extern struct string_list *autojoin_channels; static struct module *nickserv_module; static struct service *nickserv_service; static struct log_type *NS_LOG; -static dict_t nickserv_handle_dict; /* contains struct handle_info* */ +dict_t nickserv_handle_dict; /* contains struct handle_info* */ static dict_t nickserv_id_dict; /* contains struct handle_info* */ static dict_t nickserv_nick_dict; /* contains struct nick_info* */ static dict_t nickserv_opt_dict; /* contains option_func_t* */ @@ -160,13 +168,17 @@ static dict_t nickserv_email_dict; /* contains struct handle_info_list*, indexed static char handle_inverse_flags[256]; static unsigned int flag_access_levels[32]; static const struct message_entry msgtab[] = { + { "NSMSG_NO_ANGLEBRACKETS", "The < and > in help indicate that that word is a required parameter, but DO NOT actually type them in messages to me." }, { "NSMSG_HANDLE_EXISTS", "Account $b%s$b is already registered." }, - { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu charactors or less."}, + { "NSMSG_HANDLE_TOLONG", "The account name %s is too long. Account names must be %lu characters or less."}, { "NSMSG_PASSWORD_SHORT", "Your password must be at least %lu characters long." }, { "NSMSG_PASSWORD_ACCOUNT", "Your password may not be the same as your account name." }, { "NSMSG_PASSWORD_DICTIONARY", "Your password is too simple. You must choose a password that is not just a word or name." }, { "NSMSG_PASSWORD_READABLE", "Your password must have at least %lu digit(s), %lu capital letter(s), and %lu lower-case letter(s)." }, { "NSMSG_LDAP_FAIL", "There was a problem in contacting the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_ADD", "There was a problem in adding account %s to ldap: %s." }, + { "NSMSG_LDAP_FAIL_SEND_EMAIL", "There was a problem in storing your email address in the account server (ldap): %s. Please try again later." }, + { "NSMSG_LDAP_FAIL_GET_EMAIL", "There was a problem in retrieving your email address from the account server (ldap): %s. Please try again later." }, { "NSMSG_PARTIAL_REGISTER", "Account has been registered to you; nick was already registered to someone else." }, { "NSMSG_OREGISTER_VICTIM", "%s has registered a new account for you (named %s)." }, { "NSMSG_OREGISTER_H_SUCCESS", "Account has been registered." }, @@ -223,6 +235,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_HANDLEINFO_REGGED", "Registered on: %s" }, { "NSMSG_HANDLEINFO_LASTSEEN", "Last seen: %s" }, { "NSMSG_HANDLEINFO_LASTSEEN_NOW", "Last seen: Right now!" }, + { "NSMSG_HANDLEINFO_KARMA", " Karma: %d" }, { "NSMSG_HANDLEINFO_VACATION", "On vacation." }, { "NSMSG_HANDLEINFO_EMAIL_ADDR", "Email address: %s" }, { "NSMSG_HANDLEINFO_COOKIE_ACTIVATION", "Cookie: There is currently an activation cookie issued for this account" }, @@ -235,6 +248,8 @@ static const struct message_entry msgtab[] = { { "NSMSG_HANDLEINFO_EPITHET", "Epithet: %s" }, { "NSMSG_HANDLEINFO_NOTE", "Note (by %s on %s): %s " }, { "NSMSG_HANDLEINFO_FAKEHOST", "Fake host: %s" }, + { "NSMSG_INVALID_KARMA", "$b%s$b is not a valid karma modifier." }, + { "NSMSG_SET_KARMA", "$bKARMA: $b%d$b" }, { "NSMSG_HANDLEINFO_LAST_HOST", "Last quit hostmask: %s" }, { "NSMSG_HANDLEINFO_LAST_HOST_UNKNOWN", "Last quit hostmask: Unknown" }, { "NSMSG_HANDLEINFO_NICKS", "Nickname(s): %s" }, @@ -279,6 +294,9 @@ static const struct message_entry msgtab[] = { { "NSMSG_UNREGNICK_SUCCESS", "Nick $b%s$b has been unregistered." }, { "NSMSG_UNREGISTER_SUCCESS", "Account $b%s$b has been unregistered." }, { "NSMSG_UNREGISTER_NICKS_SUCCESS", "Account $b%s$b and all its nicks have been unregistered." }, + { "NSMSG_UNREGISTER_MUST_FORCE", "Account $b%s$b is not inactive or has special flags set; use FORCE to unregister it." }, + { "NSMSG_UNREGISTER_CANNOT_FORCE", "Account $b%s$b is not inactive or has special flags set; have an IRCOp use FORCE to unregister it." }, + { "NSMSG_UNREGISTER_NODELETE", "Account $b%s$b is protected from unregistration." }, { "NSMSG_HANDLE_STATS", "There are %d nicks registered to your account." }, { "NSMSG_HANDLE_NONE", "You are not authenticated against any account." }, { "NSMSG_GLOBAL_STATS", "There are %d accounts and %d nicks registered globally." }, @@ -294,7 +312,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_DB_UNREADABLE", "Unable to read database file %s; check the log for more information." }, { "NSMSG_DB_MERGED", "$N merged DB from %s (in "FMT_TIME_T".%03lu seconds)." }, { "NSMSG_HANDLE_CHANGED", "$b%s$b's account name has been changed to $b%s$b." }, - { "NSMSG_BAD_HANDLE", "Account $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, + { "NSMSG_BAD_HANDLE", "Account $b%s$b is not allowed because it is reserved, is too long, or contains invalid characters." }, { "NSMSG_BAD_NICK", "Nickname $b%s$b not registered because it is in use by a network service, is too long, or contains invalid characters." }, { "NSMSG_BAD_EMAIL_ADDR", "Please use a well-formed email address." }, { "NSMSG_FAIL_RENAME", "Account $b%s$b not renamed to $b%s$b because it is in use by a network services, or contains invalid characters." }, @@ -304,6 +322,7 @@ static const struct message_entry msgtab[] = { { "NSMSG_CANNOT_MERGE_SELF", "You cannot merge account $b%s$b with itself." }, { "NSMSG_HANDLES_MERGED", "Merged account $b%s$b into $b%s$b." }, { "NSMSG_RECLAIM_WARN", "%s is a registered nick - you must auth to account %s or change your nick." }, + { "NSMSG_RECLAIM_HOWTO", "To auth to account %s you must use /msg %s@%s AUTH %s " }, { "NSMSG_RECLAIM_KILL", "Unauthenticated user of nick." }, { "NSMSG_RECLAIMED_NONE", "You cannot manually reclaim a nick." }, { "NSMSG_RECLAIMED_WARN", "Sent a request for %s to change their nick." }, @@ -389,12 +408,16 @@ static const struct message_entry msgtab[] = { { "NSMSG_NOT_VALID_FAKEHOST_REGEX", "$b%s$b is not allowed by the admin, consult the valid vhost regex pattern in the config file under nickserv/valid_fakehost_regex." }, { "CHECKPASS_YES", "Yes." }, { "CHECKPASS_NO", "No." }, + { "CHECKEMAIL_NOT_SET", "No email set." }, + { "CHECKEMAIL_YES", "Yes." }, + { "CHECKEMAIL_NO", "No." }, { "NSMSG_DEFCON_NO_NEW_NICKS", "You cannot register new %s at this time, please try again soon" }, { NULL, NULL } }; static void nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_action action); static void nickserv_reclaim_p(void *data); +static int nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask); struct nickserv_config nickserv_conf; @@ -430,7 +453,7 @@ register_handle(const char *handle, const char *passwd, UNUSED_ARG(unsigned long struct handle_info *hi; hi = calloc(1, sizeof(*hi)); - hi->userlist_style = HI_DEFAULT_STYLE; + hi->userlist_style = nickserv_conf.default_style ? nickserv_conf.default_style : HI_DEFAULT_STYLE; hi->announcements = '?'; hi->handle = strdup(handle); safestrncpy(hi->passwd, passwd, sizeof(hi->passwd)); @@ -534,12 +557,26 @@ free_handle_info(void *vhi) static void set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp); -static void +static int nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, struct userNode *bot) { unsigned int n; struct userNode *uNode; +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + if( (rc = ldap_delete_account(hi->handle)) != LDAP_SUCCESS) { + if(notify) { + send_message(notify, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + } + if(rc != LDAP_NO_SUCH_OBJECT) + return false; /* if theres noone there to delete, its kinda ok, right ?:) */ + } + } + } +#endif for (n=0; nusers) { @@ -561,6 +598,7 @@ nickserv_unregister_handle(struct handle_info *hi, struct userNode *notify, stru SyncLog("UNREGISTER %s", hi->handle); dict_remove(nickserv_handle_dict, hi->handle); + return true; } struct handle_info* @@ -652,8 +690,16 @@ is_valid_handle(const char *handle) static int is_registerable_nick(const char *nick) { - /* make sure it could be used as an account name */ - if (!is_valid_handle(nick)) + struct userNode *user; + /* cant register a juped nick/service nick as nick, to prevent confusion */ + user = GetUserH(nick); + if (user && IsLocal(user)) + return 0; + /* for consistency, only allow nicks names that could be nicks */ + if (!is_valid_nick(nick)) + return 0; + /* disallow nicks that look like bad words */ + if (opserv_bad_channel(nick)) return 0; /* check length */ if (strlen(nick) > NICKLEN) @@ -728,7 +774,7 @@ smart_get_handle_info(struct userNode *service, struct userNode *user, const cha } int -oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) { +oper_outranks(struct userNode *user, struct handle_info *hi) { if (user->handle_info->opserv_level > hi->opserv_level) return 1; if (user->handle_info->opserv_level == hi->opserv_level) { @@ -740,12 +786,12 @@ oper_outranks(struct svccmd *cmd, struct userNode *user, struct handle_info *hi) return 1; } } - reply("MSG_USER_OUTRANKED", hi->handle); + send_message(user, nickserv, "MSG_USER_OUTRANKED", hi->handle); return 0; } struct handle_info * -get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target) +get_victim_oper(struct userNode *user, const char *target) { struct handle_info *hi; if (!(hi = smart_get_handle_info(nickserv, user, target))) @@ -754,7 +800,7 @@ get_victim_oper(struct svccmd *cmd, struct userNode *user, const char *target) send_message(user, nickserv, "MSG_OPER_SUSPENDED"); return 0; } - return oper_outranks(cmd, user, hi) ? hi : NULL; + return oper_outranks(user, hi) ? hi : NULL; } static int @@ -767,7 +813,7 @@ valid_user_for(struct userNode *user, struct handle_info *hi) return 1; /* If any hostmask matches, allow it. */ for (ii=0; iimasks->used; ii++) - if (user_matches_glob(user, hi->masks->list[ii], 0)) + if (user_matches_glob(user, hi->masks->list[ii], 0, 0)) return 1; /* If they are allowauthed to this account, allow it (removing the aa). */ if (dict_find(nickserv_allow_auth_dict, user->nick, NULL) == hi) { @@ -935,11 +981,14 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) /* remove from next_authed linked list */ if (user->handle_info->users == user) { user->handle_info->users = user->next_authed; - } else { + } else if (user->handle_info->users != NULL) { for (other = user->handle_info->users; other->next_authed != user; other = other->next_authed) ; other->next_authed = user->next_authed; + } else { + /* No users authed to the account - can happen if they get + * killed for authing. */ } /* if nobody left on old handle, and they're not an oper, remove !god */ if (!user->handle_info->users && !user->handle_info->opserv_level) @@ -973,7 +1022,7 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) hi->users = user; hi->lastseen = now; /* Add to helpers list */ - if (IsHelper(user)) + if (IsHelper(user) && !userList_contains(&curr_helpers, user)) userList_append(&curr_helpers, user); /* Set the fakehost */ @@ -991,9 +1040,9 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) * account as registered nicks * - Why not just this one? -rubin */ if (!nickserv_conf.disable_nicks) { - struct nick_info *ni; - for (ni = hi->nicks; ni; ni = ni->next) { - if (!irccasecmp(user->nick, ni->nick)) { + struct nick_info *ni2; + for (ni2 = hi->nicks; ni2; ni2 = ni2->next) { + if (!irccasecmp(user->nick, ni2->nick)) { user->modes |= FLAGS_REGNICK; break; } @@ -1013,8 +1062,11 @@ set_user_handle_info(struct userNode *user, struct handle_info *hi, int stamp) /* Call auth handlers */ if (GetUserH(user->nick)) { - for (n=0; ndead) + return; + } } } @@ -1026,13 +1078,15 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha char crypted[MD5_CRYPT_LENGTH]; if ((hi = dict_find(nickserv_handle_dict, handle, NULL))) { - send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_EXISTS", handle); return 0; } - if(strlen(handle) > 15) + if(strlen(handle) > 30) { - send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 15); + if(user) + send_message(user, nickserv, "NSMSG_HANDLE_TOLONG", handle, 30); return 0; } @@ -1041,10 +1095,14 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha cryptpass(passwd, crypted); #ifdef WITH_LDAP - int rc; - if(LDAP_SUCCESS != (rc = ldap_do_add(handle, passwd, NULL))) { - send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); - return 0; + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + rc = ldap_do_add(handle, crypted, NULL); + if(LDAP_SUCCESS != rc && LDAP_ALREADY_EXISTS != rc ) { + if(user) + send_message(user, nickserv, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } } #endif hi = register_handle(handle, crypted, 0); @@ -1058,18 +1116,33 @@ nickserv_register(struct userNode *user, struct userNode *settee, const char *ha if (settee && !no_auth) set_user_handle_info(settee, hi, 1); - if (user != settee) + if (user != settee) { + if(user) send_message(user, nickserv, "NSMSG_OREGISTER_H_SUCCESS"); - else if (nickserv_conf.disable_nicks) + } + else if (nickserv_conf.disable_nicks) { + if(user) { send_message(user, nickserv, "NSMSG_REGISTER_H_SUCCESS"); - else if ((ni = dict_find(nickserv_nick_dict, user->nick, NULL))) + } + } + else if (user && (ni = dict_find(nickserv_nick_dict, user->nick, NULL))) { + if(user) { send_message(user, nickserv, "NSMSG_PARTIAL_REGISTER"); + } + } else { - register_nick(user->nick, hi); - send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + if(user) { + if (is_registerable_nick(user->nick)) { + register_nick(user->nick, hi); + send_message(user, nickserv, "NSMSG_REGISTER_HN_SUCCESS"); + } + } } - if (settee && (user != settee)) + if (settee && (user != settee)) { + if(user) { send_message(settee, nickserv, "NSMSG_OREGISTER_VICTIM", user->nick, hi->handle); + } + } return hi; } @@ -1154,6 +1227,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ else fmt = handle_find_message(hi, "NSEMAIL_PASSWORD_CHANGE_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); + first_time = 0; break; case EMAIL_CHANGE: misc = hi->email_addr; @@ -1165,9 +1239,10 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ snprintf(subject, sizeof(subject), fmt, netname); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_NEW"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie+COOKIELEN/2, nickserv->nick, self->name, hi->handle, COOKIELEN/2); - sendmail(nickserv, hi, subject, body, 1); + mail_send(nickserv, hi, subject, body, 1); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_CHANGE_BODY_OLD"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle, COOKIELEN/2, hi->email_addr); + first_time = 1; } else { #endif send_message(user, nickserv, "NSMSG_USE_COOKIE_EMAIL_1"); @@ -1175,7 +1250,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ snprintf(subject, sizeof(subject), fmt, netname); fmt = handle_find_message(hi, "NSEMAIL_EMAIL_VERIFY_BODY"); snprintf(body, sizeof(body), fmt, netname, cookie->cookie, nickserv->nick, self->name, hi->handle); - sendmail(nickserv, hi, subject, body, 1); + mail_send(nickserv, hi, subject, body, 1); subject[0] = 0; #ifdef stupid_verify_old_email } @@ -1194,7 +1269,7 @@ nickserv_make_cookie(struct userNode *user, struct handle_info *hi, enum cookie_ break; } if (subject[0]) - sendmail(nickserv, hi, subject, body, first_time); + mail_send(nickserv, hi, subject, body, first_time); nickserv_bake_cookie(cookie); } @@ -1275,6 +1350,8 @@ static NICKSERV_FUNC(cmd_register) NICKSERV_MIN_PARMS((unsigned)3 + nickserv_conf.email_required); + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[1]); if (!is_valid_handle(argv[1])) { reply("NSMSG_BAD_HANDLE", argv[1]); return 0; @@ -1295,7 +1372,7 @@ static NICKSERV_FUNC(cmd_register) } /* .. and that we are allowed to send to it. */ - if ((str = sendmail_prohibited_address(email_addr))) { + if ((str = mail_prohibited_address(email_addr))) { reply("NSMSG_EMAIL_PROHIBITED", email_addr, str); return 0; } @@ -1348,8 +1425,25 @@ static NICKSERV_FUNC(cmd_register) } /* Set their email address. */ - if (email_addr) + if (email_addr) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email_addr)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email_addr); + } + } + else { + nickserv_set_email_addr(hi, email_addr); + } +#else nickserv_set_email_addr(hi, email_addr); +#endif + } /* If they need to do email verification, tell them. */ if (no_auth) @@ -1384,15 +1478,20 @@ static NICKSERV_FUNC(cmd_oregister) char* mask = NULL; char* nick = NULL; - NICKSERV_MIN_PARMS(3); + NICKSERV_MIN_PARMS(2); account = argv[1]; pass = argv[2]; + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(account); if (nickserv_conf.email_required) { - NICKSERV_MIN_PARMS(4); + NICKSERV_MIN_PARMS(3); email = argv[3]; - if (argc >= 5) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */ - if (strchr(argv[4], '@') || argc >= 6) /* If @, its mask not nick */ + if (argc >= 4) {/* take: "acct pass email mask nick" or "acct pass email mask" or "acct pass email nick" */ + if (argc < 4) { + mask = NULL; + settee = NULL; + } else if (strchr(argv[4], '@')) mask = argv[4]; else nick = argv[4]; @@ -1403,7 +1502,10 @@ static NICKSERV_FUNC(cmd_oregister) } else { if (argc >= 4) {/* take: "account pass mask nick" or "account pass mask" or "account pass nick" */ - if (strchr(argv[3], '@') || argc >= 5) /* If @, its mask not nick */ + if (argc < 4) { + mask = NULL; + settee = NULL; + } else if (strchr(argv[3], '@')) mask = argv[3]; else nick = argv[3]; @@ -1439,11 +1541,28 @@ static NICKSERV_FUNC(cmd_oregister) return 0; /* error reply handled by above */ } if (email) { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, email)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, email); + } + } + else { + nickserv_set_email_addr(hi, email); + } +#else nickserv_set_email_addr(hi, email); +#endif } if (mask) { char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); - string_list_append(hi->masks, mask_canonicalized); + if (mask_canonicalized) + string_list_append(hi->masks, mask_canonicalized); } if (nickserv_conf.sync_log) @@ -1485,7 +1604,7 @@ static NICKSERV_FUNC(cmd_oaddignore) struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; return nickserv_ignore(cmd, user, hi, argv[2]); @@ -1524,7 +1643,7 @@ static NICKSERV_FUNC(cmd_odelignore) { struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; return nickserv_delignore(cmd, user, hi, argv[2]); } @@ -1566,13 +1685,16 @@ static NICKSERV_FUNC(cmd_handleinfo) struct do_not_register *dnr; if ((dnr = chanserv_is_dnr(NULL, hi))) reply("NSMSG_HANDLEINFO_DNR", dnr->setter, dnr->reason); - if (!oper_outranks(cmd, user, hi)) + if ((user->handle_info->opserv_level < 900) && !oper_outranks(user, hi)) return 1; } else if (hi != user->handle_info) { reply("NSMSG_HANDLEINFO_END"); return 1; } + if (IsOper(user)) + reply("NSMSG_HANDLEINFO_KARMA", hi->karma); + if (nickserv_conf.email_enabled) reply("NSMSG_HANDLEINFO_EMAIL_ADDR", visible_email_addr(user, hi)); @@ -1691,20 +1813,20 @@ static NICKSERV_FUNC(cmd_handleinfo) } if (hi->channels) { - struct userData *channel, *next; + struct userData *chan, *next; char *name; - for (channel = hi->channels; channel; channel = next) { - next = channel->u_next; - name = channel->channel->channel->name; + for (chan = hi->channels; chan; chan = next) { + next = chan->u_next; + name = chan->channel->channel->name; herelen = strlen(name); if (pos + herelen + 7 > ArrayLength(buff)) { - next = channel; + next = chan; goto print_chans_buff; } - if (IsUserSuspended(channel)) + if (IsUserSuspended(chan)) buff[pos++] = '-'; - pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(channel->access), name); + pos += sprintf(buff+pos, "%s:%s ", user_level_name_from_level(chan->access), name); if (next == NULL) { print_chans_buff: buff[pos-1] = 0; @@ -1735,7 +1857,7 @@ static NICKSERV_FUNC(cmd_handleinfo) } reply("NSMSG_HANDLEINFO_END"); - return 1; + return 1 | ((hi != user->handle_info) ? CMD_LOG_STAFF : 0); } static NICKSERV_FUNC(cmd_userinfo) @@ -1775,7 +1897,9 @@ static NICKSERV_FUNC(cmd_rename_handle) unsigned int nn; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(argv[2]); + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (!is_valid_handle(argv[2])) { reply("NSMSG_FAIL_RENAME", argv[1], argv[2]); @@ -1785,11 +1909,20 @@ static NICKSERV_FUNC(cmd_rename_handle) reply("NSMSG_HANDLE_EXISTS", argv[2]); return 0; } - if(strlen(argv[2]) > 15) + if(strlen(argv[2]) > 30) { - reply("NMSG_HANDLE_TOLONG", argv[2], 15); + reply("NMSG_HANDLE_TOLONG", argv[2], 30); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if( (rc = ldap_rename_account(hi->handle, argv[2])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif dict_remove2(nickserv_handle_dict, old_handle = hi->handle, 1); hi->handle = strdup(argv[2]); @@ -1836,16 +1969,85 @@ reg_failpw_func(failpw_func_t func) * called by nefariouses enhanced AC login-on-connect code * */ -struct handle_info *loc_auth(char *handle, char *password) +struct handle_info *loc_auth(char *handle, char *password, char *userhost) { int pw_arg, used, maxlogins; unsigned int ii; int wildmask = 0; struct handle_info *hi; struct userNode *other; +#ifdef WITH_LDAP + int ldap_result = LDAP_SUCCESS; + char *email = NULL; +#endif hi = dict_find(nickserv_handle_dict, handle, NULL); - pw_arg = 2; + pw_arg = 2; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(handle, password); + if(ldap_result != LDAP_SUCCESS) { + return NULL; + } + } +#else + if (!hi) { + return NULL; + } + + if (!checkpass(password, hi->passwd)) { + return NULL; + } +#endif +#ifdef WITH_LDAP + /* ldap libs are present but we are not using them... */ + if( !nickserv_conf.ldap_enable ) { + if (!hi) { + return NULL; + } + if (!checkpass(password, hi->passwd)) { + return NULL; + } + } + else if( (!hi) && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { + /* user not found, but authed to ldap successfully.. + * create the account. + */ + char *mask; + int rc; + + /* Add a *@* mask */ + /* TODO if userhost is not null, build mask based on that. */ + if(nickserv_conf.default_hostmask) + mask = "*@*"; + else + return NULL; /* They dont have a *@* mask so they can't loc */ + + if(!(hi = nickserv_register(NULL, NULL, handle, password, 0))) { + return 0; /* couldn't add the user for some reason */ + } + + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + return 0; + } + } + if(email) { + nickserv_set_email_addr(hi, email); + free(email); + } + if(mask) { + char* mask_canonicalized = canonicalize_hostmask(strdup(mask)); + string_list_append(hi->masks, mask_canonicalized); + } + if(nickserv_conf.sync_log) + SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, "@", handle); + } +#endif + + /* Still no account, so just fail out */ if (!hi) { return NULL; } @@ -1853,31 +2055,67 @@ struct handle_info *loc_auth(char *handle, char *password) /* We don't know the users hostname, or anything because they * havn't registered yet. So we can only allow LOC if your * account has *@* as a hostmask. + * + * UPDATE: New nefarious LOC supports u@h */ - for (ii=0; iimasks->used; ii++) - { - if (!strcmp(hi->masks->list[ii], "*@*")) - { - wildmask++; - break; - } + if(userhost) { + char *buf; + char *ident; + char *realhost; + char *ip; + char *uh; + char *ui; + + buf = strdup(userhost); + ident = mysep(&buf, "@"); + realhost = mysep(&buf, ":"); + ip = mysep(&buf, ":"); + if(!ip || !realhost || !ident) { + free(buf); + return NULL; /* Invalid AC request, just quit */ + } + uh = malloc(strlen(userhost)); + ui = malloc(strlen(userhost)); + sprintf(uh, "%s@%s", ident, realhost); + sprintf(ui, "%s@%s", ident, ip); + for (ii=0; iimasks->used; ii++) + { + if(match_ircglob(uh, hi->masks->list[ii]) + || match_ircglob(ui, hi->masks->list[ii])) + { + wildmask++; + break; + } + } + free(buf); + free(uh); + free(ui); + } + else { + + for (ii=0; iimasks->used; ii++) + { + if (!strcmp(hi->masks->list[ii], "*@*")) + { + wildmask++; + break; + } + } } if(wildmask < 1) return NULL; - /* Responses from here on look up the language used by the handle they asked about. */ - if (!checkpass(password, hi->passwd)) { - return NULL; - } if (HANDLE_FLAGGED(hi, SUSPENDED)) { return NULL; } + maxlogins = hi->maxlogins ? hi->maxlogins : nickserv_conf.default_maxlogins; for (used = 0, other = hi->users; other; other = other->next_authed) { if (++used >= maxlogins) { return NULL; } } + /* TODO - Add LOGGING to this function so LOC's are logged.. */ return hi; } @@ -1886,6 +2124,7 @@ static NICKSERV_FUNC(cmd_auth) int pw_arg, used, maxlogins; struct handle_info *hi; const char *passwd; + const char *handle; struct userNode *other; #ifdef WITH_LDAP int ldap_result = LDAP_OTHER; @@ -1904,31 +2143,15 @@ static NICKSERV_FUNC(cmd_auth) return 0; } if (argc == 3) { -#ifdef WITH_LDAP - if(nickserv_conf.ldap_enable) { - ldap_result = ldap_check_auth(argv[1], argv[2]); - if(ldap_result == LDAP_SUCCESS) { - /* pull the users info from ldap: - * * email - * * name if available - * * - */ - } - else if(ldap_result != LDAP_INVALID_CREDENTIALS) { - reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); - return 0; - } - } - -#endif - hi = dict_find(nickserv_handle_dict, argv[1], NULL); + passwd = argv[2]; + handle = argv[1]; pw_arg = 2; + hi = dict_find(nickserv_handle_dict, argv[1], NULL); } else if (argc == 2) { + passwd = argv[1]; + pw_arg = 1; if (nickserv_conf.disable_nicks) { - if (!(hi = get_handle_info(user->nick))) { - reply("NSMSG_HANDLE_NOT_FOUND"); - return 0; - } + hi = get_handle_info(user->nick); } else { /* try to look up their handle from their nick */ /* TODO: handle ldap auth on nickserv style networks, too */ @@ -1940,12 +2163,47 @@ static NICKSERV_FUNC(cmd_auth) } hi = ni->owner; } - pw_arg = 1; + if (hi) { + handle = hi->handle; + } else { + handle = user->nick; + } } else { reply("MSG_MISSING_PARAMS", argv[0]); svccmd_send_help_brief(user, nickserv, cmd); return 0; } + +#ifdef WITH_LDAP + if(strchr(argv[1], '<') || strchr(handle, '>')) { + reply("NSMSG_NO_ANGLEBRACKETS"); + return 0; + } + if (!is_valid_handle(handle)) { + reply("NSMSG_BAD_HANDLE", handle); + return 0; + } + + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(handle, passwd); + /* Get the users email address and update it */ + if(ldap_result == LDAP_SUCCESS) { + int rc; + if((rc = ldap_get_user_info(handle, &email) != LDAP_SUCCESS)) + { + if(nickserv_conf.email_required) { + reply("NSMSG_LDAP_FAIL_GET_EMAIL", ldap_err2string(rc)); + return 0; + } + } + } + else if(ldap_result != LDAP_INVALID_CREDENTIALS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + } +#endif + if (!hi) { #ifdef WITH_LDAP if(nickserv_conf.ldap_enable && ldap_result == LDAP_SUCCESS && nickserv_conf.ldap_autocreate) { @@ -1969,6 +2227,7 @@ static NICKSERV_FUNC(cmd_auth) } if(email) { nickserv_set_email_addr(hi, email); + free(email); } if(nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, email ? email : "@", user->info); @@ -1982,7 +2241,6 @@ static NICKSERV_FUNC(cmd_auth) #endif } /* Responses from here on look up the language used by the handle they asked about. */ - passwd = argv[pw_arg]; if (!valid_user_for(user, hi)) { if (hi->email_addr && nickserv_conf.email_enabled) send_message_type(4, user, cmd->parent->bot, @@ -1997,7 +2255,7 @@ static NICKSERV_FUNC(cmd_auth) } #ifdef WITH_LDAP if( ( nickserv_conf.ldap_enable && ldap_result == LDAP_INVALID_CREDENTIALS ) || - ( !nickserv_conf.ldap_enable && !checkpass(passwd, hi->passwd) ) ) + ( (!nickserv_conf.ldap_enable) && (!checkpass(passwd, hi->passwd)) ) ) { #else if (!checkpass(passwd, hi->passwd)) { #endif @@ -2074,6 +2332,14 @@ static NICKSERV_FUNC(cmd_auth) } /* Wipe out the pass for the logs */ + + if (!hi->masks->used) { + irc_in_addr_t ip; + string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); + if (irc_in_addr_is_valid(user->ip) && irc_pton(&ip, NULL, user->hostname)) + string_list_append(hi->masks, generate_hostmask(user, GENMASK_OMITNICK|GENMASK_BYIP|GENMASK_NO_HIDING|GENMASK_ANY_IDENT)); + } + argv[pw_arg] = "****"; return 1; } @@ -2207,7 +2473,7 @@ static NICKSERV_FUNC(cmd_odelcookie) NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (!hi->cookie) { @@ -2231,7 +2497,23 @@ static NICKSERV_FUNC(cmd_odelcookie) if (nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + } else { + nickserv_set_email_addr(hi, hi->cookie->data); + } + } + else { + nickserv_set_email_addr(hi, hi->cookie->data); + } +#else nickserv_set_email_addr(hi, hi->cookie->data); +#endif if (nickserv_conf.sync_log) SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); break; @@ -2325,6 +2607,17 @@ static NICKSERV_FUNC(cmd_cookie) switch (hi->cookie->type) { case ACTIVATION: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); set_user_handle_info(user, hi, 1); reply("NSMSG_HANDLE_ACTIVATED"); @@ -2332,6 +2625,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("ACCOUNTACC %s", hi->handle); break; case PASSWORD_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, hi->cookie->data, NULL)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif set_user_handle_info(user, hi, 1); safestrncpy(hi->passwd, hi->cookie->data, sizeof(hi->passwd)); reply("NSMSG_PASSWORD_CHANGED"); @@ -2339,6 +2643,17 @@ static NICKSERV_FUNC(cmd_cookie) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); break; case EMAIL_CHANGE: +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, hi->cookie->data)) != LDAP_SUCCESS) { + /* Falied to update email in ldap, but still + * updated it here.. what should we do? */ + reply("NSMSG_LDAP_FAIL_SEND_EMAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (!hi->email_addr && nickserv_conf.sync_log) { /* * This should only happen if an OREGISTER was sent. Require @@ -2347,15 +2662,20 @@ static NICKSERV_FUNC(cmd_cookie) if (nickserv_conf.sync_log) SyncLog("REGISTER %s %s %s %s", hi->handle, hi->passwd, hi->cookie->data, user->info); } + nickserv_set_email_addr(hi, hi->cookie->data); reply("NSMSG_EMAIL_CHANGED"); if (nickserv_conf.sync_log) SyncLog("EMAILCHANGE %s %s", hi->handle, hi->cookie->data); break; - case ALLOWAUTH: + case ALLOWAUTH: { + char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); set_user_handle_info(user, hi, 1); + nickserv_addmask(user, hi, mask); reply("NSMSG_AUTH_SUCCESS"); + free(mask); break; + } default: reply("NSMSG_BAD_COOKIE_TYPE", hi->cookie->type); log_module(NS_LOG, LOG_ERROR, "Bad cookie type %d for account %s.", hi->cookie->type, hi->handle); @@ -2419,7 +2739,11 @@ static NICKSERV_FUNC(cmd_regnick) { static NICKSERV_FUNC(cmd_pass) { struct handle_info *hi; - const char *old_pass, *new_pass; + char *old_pass, *new_pass; + char crypted[MD5_CRYPT_LENGTH+1]; +#ifdef WITH_LDAP + int ldap_result; +#endif NICKSERV_MIN_PARMS(3); hi = user->handle_info; @@ -2427,12 +2751,36 @@ static NICKSERV_FUNC(cmd_pass) new_pass = argv[2]; argv[2] = "****"; if (!is_secure_password(hi->handle, new_pass, user)) return 0; + +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable) { + ldap_result = ldap_check_auth(hi->handle, old_pass); + if(ldap_result != LDAP_SUCCESS) { + if(ldap_result == LDAP_INVALID_CREDENTIALS) + reply("NSMSG_PASSWORD_INVALID"); + else + reply("NSMSG_LDAP_FAIL", ldap_err2string(ldap_result)); + return 0; + } + }else +#endif if (!checkpass(old_pass, hi->passwd)) { argv[1] = "BADPASS"; reply("NSMSG_PASSWORD_INVALID"); return 0; } - cryptpass(new_pass, hi->passwd); + cryptpass(new_pass, crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + //cryptpass(new_pass, hi->passwd); + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); argv[1] = "****"; @@ -2441,19 +2789,19 @@ static NICKSERV_FUNC(cmd_pass) } static int -nickserv_addmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *mask) +nickserv_addmask(struct userNode *user, struct handle_info *hi, const char *mask) { unsigned int i; char *new_mask = canonicalize_hostmask(strdup(mask)); for (i=0; imasks->used; i++) { if (!irccasecmp(new_mask, hi->masks->list[i])) { - reply("NSMSG_ADDMASK_ALREADY", new_mask); + send_message(user, nickserv, "NSMSG_ADDMASK_ALREADY", new_mask); free(new_mask); return 0; } } string_list_append(hi->masks, new_mask); - reply("NSMSG_ADDMASK_SUCCESS", new_mask); + send_message(user, nickserv, "NSMSG_ADDMASK_SUCCESS", new_mask); return 1; } @@ -2461,7 +2809,7 @@ static NICKSERV_FUNC(cmd_addmask) { if (argc < 2) { char *mask = generate_hostmask(user, GENMASK_OMITNICK|GENMASK_NO_HIDING|GENMASK_ANY_IDENT); - int res = nickserv_addmask(cmd, user, user->handle_info, mask); + int res = nickserv_addmask(user, user->handle_info, mask); free(mask); return res; } else { @@ -2469,7 +2817,7 @@ static NICKSERV_FUNC(cmd_addmask) reply("NSMSG_MASK_INVALID", argv[1]); return 0; } - return nickserv_addmask(cmd, user, user->handle_info, argv[1]); + return nickserv_addmask(user, user->handle_info, argv[1]); } } @@ -2478,19 +2826,19 @@ static NICKSERV_FUNC(cmd_oaddmask) struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; - return nickserv_addmask(cmd, user, hi, argv[2]); + return nickserv_addmask(user, hi, argv[2]); } static int -nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_mask) +nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info *hi, const char *del_mask, int force) { unsigned int i; for (i=0; imasks->used; i++) { if (!strcmp(del_mask, hi->masks->list[i])) { char *old_mask = hi->masks->list[i]; - if (hi->masks->used == 1) { + if (hi->masks->used == 1 && !force) { reply("NSMSG_DELMASK_NOTLAST"); return 0; } @@ -2507,16 +2855,16 @@ nickserv_delmask(struct svccmd *cmd, struct userNode *user, struct handle_info * static NICKSERV_FUNC(cmd_delmask) { NICKSERV_MIN_PARMS(2); - return nickserv_delmask(cmd, user, user->handle_info, argv[1]); + return nickserv_delmask(cmd, user, user->handle_info, argv[1], 0); } static NICKSERV_FUNC(cmd_odelmask) { struct handle_info *hi; NICKSERV_MIN_PARMS(3); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; - return nickserv_delmask(cmd, user, hi, argv[2]); + return nickserv_delmask(cmd, user, hi, argv[2], 1); } int @@ -2569,14 +2917,10 @@ nickserv_apply_flags(struct userNode *user, struct handle_info *hi, const char * struct channelList *schannels; unsigned int ii; schannels = chanserv_support_channels(); - for (uNode = hi->users; uNode; uNode = uNode->next_authed) { - for (ii = 0; ii < schannels->used; ++ii) - if (GetUserMode(schannels->list[ii], uNode)) - break; - if (ii < schannels->used) + for (ii = 0; ii < schannels->used; ++ii) + if (find_handle_in_channel(schannels->list[ii], hi, NULL)) break; - } - if (!uNode) + if (ii == schannels->used) HANDLE_CLEAR_FLAG(hi, HELPING); } @@ -2638,7 +2982,7 @@ static NICKSERV_FUNC(cmd_oset) NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) return 0; if (argc < 3) { @@ -2813,14 +3157,26 @@ static OPTION_FUNC(opt_announcements) static OPTION_FUNC(opt_password) { + char crypted[MD5_CRYPT_LENGTH+1]; + if(argc < 2) { + return 0; + } if (!override) { reply("NSMSG_USE_CMD_PASS"); return 0; } - if (argc > 1) - cryptpass(argv[1], hi->passwd); - + cryptpass(argv[1], crypted); +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, crypted, NULL)) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif + strcpy(hi->passwd, crypted); if (nickserv_conf.sync_log) SyncLog("PASSCHANGE %s %s", hi->handle, hi->passwd); @@ -2860,7 +3216,7 @@ static OPTION_FUNC(opt_email) reply("NSMSG_BAD_EMAIL_ADDR"); return 0; } - if ((str = sendmail_prohibited_address(argv[1]))) { + if ((str = mail_prohibited_address(argv[1]))) { reply("NSMSG_EMAIL_PROHIBITED", argv[1], str); return 0; } @@ -2869,6 +3225,15 @@ static OPTION_FUNC(opt_email) else if (!override) nickserv_make_cookie(user, hi, EMAIL_CHANGE, argv[1], 0); else { +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && nickserv_conf.ldap_admin_dn) { + int rc; + if((rc = ldap_do_modify(hi->handle, NULL, argv[1])) != LDAP_SUCCESS) { + reply("NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif nickserv_set_email_addr(hi, argv[1]); if (hi->cookie) nickserv_eat_cookie(hi->cookie); @@ -2925,6 +3290,28 @@ static OPTION_FUNC(opt_language) return 1; } +static OPTION_FUNC(opt_karma) +{ + if (!override) { + send_message(user, nickserv, "MSG_SETTING_PRIVILEGED", argv[0]); + return 0; + } + + if (argc > 1) { + if (argv[1][0] == '+' && isdigit(argv[1][1])) { + hi->karma += strtoul(argv[1] + 1, NULL, 10); + } else if (argv[1][0] == '-' && isdigit(argv[1][1])) { + hi->karma -= strtoul(argv[1] + 1, NULL, 10); + } else { + send_message(user, nickserv, "NSMSG_INVALID_KARMA", argv[1]); + } + } + + send_message(user, nickserv, "NSMSG_SET_KARMA", hi->karma); + return 1; +} + +/* Called from opserv from cmd_access */ int oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_info *target, unsigned int new_level) { if (!oper_has_access(user, bot, nickserv_conf.modoper_level, 0)) @@ -2945,6 +3332,19 @@ oper_try_set_access(struct userNode *user, struct userNode *bot, struct handle_i send_message(user, bot, "MSG_STUPID_ACCESS_CHANGE"); return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && *(nickserv_conf.ldap_oper_group_dn) && *(nickserv_conf.ldap_admin_dn)) { + int rc; + if(new_level > nickserv_conf.ldap_oper_group_level) + rc = ldap_add2group(target->handle, nickserv_conf.ldap_oper_group_dn); + else + rc = ldap_delfromgroup(target->handle, nickserv_conf.ldap_oper_group_dn); + if(rc != LDAP_SUCCESS && rc != LDAP_TYPE_OR_VALUE_EXISTS && rc != LDAP_NO_SUCH_ATTRIBUTE) { + send_message(user, bot, "NSMSG_LDAP_FAIL", ldap_err2string(rc)); + return 0; + } + } +#endif if (target->opserv_level == new_level) return 0; log_module(NS_LOG, LOG_INFO, "Account %s setting oper level for account %s to %d (from %d).", @@ -3272,10 +3672,8 @@ static NICKSERV_FUNC(cmd_ounregnick) reply("NSMSG_NICK_NOT_REGISTERED", argv[1]); return 0; } - if (ni->owner->opserv_level >= user->handle_info->opserv_level) { - reply("MSG_USER_OUTRANKED", ni->nick); - return 0; - } + if (!oper_outranks(user, ni->owner)) + return 0; reply("NSMSG_UNREGNICK_SUCCESS", ni->nick); delete_nick(ni); return 1; @@ -3291,8 +3689,10 @@ static NICKSERV_FUNC(cmd_unregister) passwd = argv[1]; argv[1] = "****"; if (checkpass(passwd, hi->passwd)) { - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else + return 0; } else { log_module(NS_LOG, LOG_INFO, "Account '%s' tried to unregister with the wrong password.", hi->handle); reply("NSMSG_PASSWORD_INVALID"); @@ -3303,12 +3703,32 @@ static NICKSERV_FUNC(cmd_unregister) static NICKSERV_FUNC(cmd_ounregister) { struct handle_info *hi; + char reason[MAXLEN]; + int force; NICKSERV_MIN_PARMS(2); - if (!(hi = get_victim_oper(cmd, user, argv[1]))) + if (!(hi = get_victim_oper(user, argv[1]))) + return 0; + + if (HANDLE_FLAGGED(hi, NODELETE)) { + reply("NSMSG_UNREGISTER_NODELETE", hi->handle); + return 0; + } + + force = IsOper(user) && (argc > 2) && !irccasecmp(argv[2], "force"); + if (!force && + ((hi->flags & nickserv_conf.ounregister_flags) + || hi->users + || (hi->last_quit_host[0] && ((unsigned)(now - hi->lastseen) < nickserv_conf.ounregister_inactive)))) { + reply((IsOper(user) ? "NSMSG_UNREGISTER_MUST_FORCE" : "NSMSG_UNREGISTER_CANNOT_FORCE"), hi->handle); + return 0; + } + snprintf(reason, sizeof(reason), "%s unregistered account %s.", user->handle_info->handle, hi->handle); + global_message(MESSAGE_RECIPIENT_STAFF, reason); + if(nickserv_unregister_handle(hi, user, cmd->parent->bot)) + return 1; + else return 0; - nickserv_unregister_handle(hi, user, cmd->parent->bot); - return 1; } static NICKSERV_FUNC(cmd_status) @@ -3426,6 +3846,8 @@ nickserv_saxdb_write(struct saxdb_context *ctx) { if (hi->last_quit_host[0]) saxdb_write_string(ctx, KEY_LAST_QUIT_HOST, hi->last_quit_host); saxdb_write_int(ctx, KEY_LAST_SEEN, hi->lastseen); + if (hi->karma != 0) + saxdb_write_sint(ctx, KEY_KARMA, hi->karma); if (hi->masks->used) saxdb_write_string_list(ctx, KEY_MASKS, hi->masks); if (hi->ignores->used) @@ -3488,9 +3910,9 @@ static NICKSERV_FUNC(cmd_merge) NICKSERV_MIN_PARMS(3); - if (!(hi_from = get_victim_oper(cmd, user, argv[1]))) + if (!(hi_from = get_victim_oper(user, argv[1]))) return 0; - if (!(hi_to = get_victim_oper(cmd, user, argv[2]))) + if (!(hi_to = get_victim_oper(user, argv[2]))) return 0; if (hi_to == hi_from) { reply("NSMSG_CANNOT_MERGE_SELF", hi_to->handle); @@ -3587,6 +4009,9 @@ static NICKSERV_FUNC(cmd_merge) if (hi_from->lastseen > hi_to->lastseen) hi_to->lastseen = hi_from->lastseen; + /* New karma is the sum of the two original karmas. */ + hi_to->karma += hi_from->karma; + /* Does a fakehost carry over? (This intentionally doesn't set it * for users previously attached to hi_to. They'll just have to * reconnect.) @@ -3601,20 +4026,28 @@ static NICKSERV_FUNC(cmd_merge) /* Unregister the "from" handle. */ nickserv_unregister_handle(hi_from, NULL, cmd->parent->bot); + /* TODO: fix it so that if the ldap delete in nickserv_unregister_handle fails, + * the process isn't completed. + */ return 1; } struct nickserv_discrim { - unsigned int limit, min_level, max_level; unsigned long flags_on, flags_off; time_t min_registered, max_registered; time_t lastseen; + unsigned int limit; + int min_level, max_level; + int min_karma, max_karma; enum { SUBSET, EXACT, SUPERSET, LASTQUIT } hostmask_type; const char *nickmask; const char *hostmask; const char *handlemask; const char *emailmask; +#ifdef WITH_LDAP + unsigned int inldap; +#endif }; typedef void (*discrim_search_func)(struct userNode *source, struct handle_info *hi); @@ -3635,11 +4068,16 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int discrim = malloc(sizeof(*discrim)); memset(discrim, 0, sizeof(*discrim)); discrim->min_level = 0; - discrim->max_level = ~0; + discrim->max_level = INT_MAX; discrim->limit = 50; discrim->min_registered = 0; discrim->max_registered = INT_MAX; - discrim->lastseen = now; + discrim->lastseen = LONG_MAX; + discrim->min_karma = INT_MIN; + discrim->max_karma = INT_MAX; +#ifdef WITH_LDAP + discrim->inldap = 2; +#endif for (i=0; ihostmask_type = SUPERSET; } discrim->hostmask = argv[++i]; - } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask")) { + } else if (!irccasecmp(argv[i], "handlemask") || !irccasecmp(argv[i], "accountmask") || !irccasecmp(argv[i], "account")) { if (!irccasecmp(argv[++i], "*")) { discrim->handlemask = 0; } else { @@ -3739,7 +4177,39 @@ nickserv_discrim_create(struct svccmd *cmd, struct userNode *user, unsigned int } else { reply("MSG_INVALID_CRITERIA", cmp); } - } else { + } else if (!irccasecmp(argv[i], "karma")) { + const char *cmp = argv[++i]; + if (cmp[0] == '<') { + if (cmp[1] == '=') { + discrim->max_karma = strtoul(cmp+2, NULL, 0); + } else { + discrim->max_karma = strtoul(cmp+1, NULL, 0) - 1; + } + } else if (cmp[0] == '=') { + discrim->min_karma = discrim->max_karma = strtoul(cmp+1, NULL, 0); + } else if (cmp[0] == '>') { + if (cmp[1] == '=') { + discrim->min_karma = strtoul(cmp+2, NULL, 0); + } else { + discrim->min_karma = strtoul(cmp+1, NULL, 0) + 1; + } + } else { + send_message(user, nickserv, "MSG_INVALID_CRITERIA", cmp); + } +#ifdef WITH_LDAP + } else if (nickserv_conf.ldap_enable && !irccasecmp(argv[i], "inldap")) { + i++; + if(true_string(argv[i])) { + discrim->inldap = 1; + } + else if (false_string(argv[i])) { + discrim->inldap = 0; + } + else { + reply("MSG_INVALID_BINARY", argv[i]); + } +#endif + } else { reply("MSG_INVALID_CRITERIA", argv[i]); goto fail; } @@ -3761,7 +4231,10 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) || (discrim->handlemask && !match_ircglob(hi->handle, discrim->handlemask)) || (discrim->emailmask && (!hi->email_addr || !match_ircglob(hi->email_addr, discrim->emailmask))) || (discrim->min_level > hi->opserv_level) - || (discrim->max_level < hi->opserv_level)) { + || (discrim->max_level < hi->opserv_level) + || (discrim->min_karma > hi->karma) + || (discrim->max_karma < hi->karma) + ) { return 0; } if (discrim->hostmask) { @@ -3787,6 +4260,17 @@ nickserv_discrim_match(struct nickserv_discrim *discrim, struct handle_info *hi) } if (!nick) return 0; } +#ifdef WITH_LDAP + if(nickserv_conf.ldap_enable && discrim->inldap != 2) { + int rc; + rc = ldap_get_user_info(hi->handle, NULL); + if(discrim->inldap == 1 && rc != LDAP_SUCCESS) + return 0; + if(discrim->inldap == 0 && rc == LDAP_SUCCESS) + return 0; + } + +#endif return 1; } @@ -3826,6 +4310,20 @@ search_unregister_func (struct userNode *source, struct handle_info *match) nickserv_unregister_handle(match, source, nickserv); // XXX nickserv hard coded } +#ifdef WITH_LDAP +static void +search_add2ldap_func (struct userNode *source, struct handle_info *match) +{ + int rc; + if(match->email_addr && match->passwd && match->handle) { + rc = ldap_do_add(match->handle, match->passwd, match->email_addr); + if(rc != LDAP_SUCCESS) { + send_message(source, nickserv, "NSMSG_LDAP_FAIL_ADD", match->handle, ldap_err2string(rc)); + } + } +} +#endif + static int nickserv_sort_accounts_by_access(const void *a, const void *b) { @@ -3890,6 +4388,10 @@ static NICKSERV_FUNC(cmd_search) action = search_count_func; else if (!irccasecmp(argv[1], "unregister")) action = search_unregister_func; +#ifdef WITH_LDAP + else if (nickserv_conf.ldap_enable && !irccasecmp(argv[1], "add2ldap")) + action = search_add2ldap_func; +#endif else { reply("NSMSG_INVALID_ACTION", argv[1]); return 0; @@ -3935,14 +4437,31 @@ static MODCMD_FUNC(cmd_checkpass) return 1; } +static MODCMD_FUNC(cmd_checkemail) +{ + struct handle_info *hi; + + NICKSERV_MIN_PARMS(3); + if (!(hi = modcmd_get_handle_info(user, argv[1]))) { + return 0; + } + if (!hi->email_addr) + reply("CHECKEMAIL_NOT_SET"); + else if (!irccasecmp(argv[2], hi->email_addr)) + reply("CHECKEMAIL_YES"); + else + reply("CHECKEMAIL_NO"); + return 1; +} + static void -nickserv_db_read_handle(const char *handle, dict_t obj) +nickserv_db_read_handle(char *handle, dict_t obj) { const char *str; struct string_list *masks, *slist, *ignores; struct handle_info *hi; struct userNode *authed_users; - struct userData *channels; + struct userData *channel_list; unsigned long int id; unsigned int ii; dict_t subdb; @@ -3958,14 +4477,16 @@ nickserv_db_read_handle(const char *handle, dict_t obj) } if ((hi = get_handle_info(handle))) { authed_users = hi->users; - channels = hi->channels; + channel_list = hi->channels; hi->users = NULL; hi->channels = NULL; dict_remove(nickserv_handle_dict, hi->handle); } else { authed_users = NULL; - channels = NULL; + channel_list = NULL; } + if(nickserv_conf.force_handles_lowercase) + irc_strtolower(handle); hi = register_handle(handle, str, id); if (authed_users) { hi->users = authed_users; @@ -3974,7 +4495,7 @@ nickserv_db_read_handle(const char *handle, dict_t obj) authed_users = authed_users->next_authed; } } - hi->channels = channels; + hi->channels = channel_list; masks = database_get_data(obj, KEY_MASKS, RECDB_STRING_LIST); hi->masks = masks ? string_list_copy(masks) : alloc_string_list(1); ignores = database_get_data(obj, KEY_IGNORES, RECDB_STRING_LIST); @@ -3992,6 +4513,8 @@ nickserv_db_read_handle(const char *handle, dict_t obj) hi->registered = str ? (time_t)strtoul(str, NULL, 0) : now; str = database_get_data(obj, KEY_LAST_SEEN, RECDB_QSTRING); hi->lastseen = str ? (time_t)strtoul(str, NULL, 0) : hi->registered; + str = database_get_data(obj, KEY_KARMA, RECDB_QSTRING); + hi->karma = str ? strtoul(str, NULL, 0) : 0; /* We want to read the nicks even if disable_nicks is set. This is so * that we don't lose the nick data entirely. */ slist = database_get_data(obj, KEY_NICKS, RECDB_STRING_LIST); @@ -4085,10 +4608,13 @@ static int nickserv_saxdb_read(dict_t db) { dict_iterator_t it; struct record_data *rd; + char *handle; for (it=dict_first(db); it; it=iter_next(it)) { rd = iter_data(it); - nickserv_db_read_handle(iter_key(it), rd->d.object); + handle = strdup(iter_key(it)); + nickserv_db_read_handle(handle, rd->d.object); + free(handle); } return 0; } @@ -4153,8 +4679,7 @@ nickserv_load_dict(const char *fname) log_module(NS_LOG, LOG_ERROR, "Unable to open dictionary file %s: %s", fname, strerror(errno)); return; } - while (!feof(file)) { - fgets(line, sizeof(line), file); + while (fgets(line, sizeof(line), file)) { if (!line[0]) continue; if (line[strlen(line)-1] == '\n') @@ -4266,6 +4791,18 @@ nickserv_conf_read(void) str = database_get_data(conf_node, "default_maxlogins", RECDB_QSTRING); nickserv_conf.default_maxlogins = str ? strtoul(str, NULL, 0) : 2; str = database_get_data(conf_node, "hard_maxlogins", RECDB_QSTRING); + str = database_get_data(conf_node, KEY_OUNREGISTER_INACTIVE, RECDB_QSTRING); + nickserv_conf.ounregister_inactive = str ? ParseInterval(str) : 86400*28; + str = database_get_data(conf_node, KEY_OUNREGISTER_FLAGS, RECDB_QSTRING); + if (!str) + str = "ShgsfnHbu"; + nickserv_conf.ounregister_flags = 0; + while(*str) { + unsigned int pos = handle_inverse_flags[(unsigned char)*str]; + str++; + if(pos) + nickserv_conf.ounregister_flags |= 1 << (pos - 1); + } nickserv_conf.hard_maxlogins = str ? strtoul(str, NULL, 0) : 10; if (!nickserv_conf.disable_nicks) { str = database_get_data(conf_node, "reclaim_action", RECDB_QSTRING); @@ -4361,6 +4898,10 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_ENABLE, RECDB_QSTRING); nickserv_conf.ldap_enable = str ? strtoul(str, NULL, 0) : 0; + + str = database_get_data(conf_node, KEY_FORCE_HANDLES_LOWERCASE, RECDB_QSTRING); + nickserv_conf.force_handles_lowercase = str ? strtol(str, NULL, 0) : 0; + #ifndef WITH_LDAP if(nickserv_conf.ldap_enable > 0) { /* ldap is enabled but not compiled in - error out */ @@ -4371,12 +4912,9 @@ nickserv_conf_read(void) #endif #ifdef WITH_LDAP - str = database_get_data(conf_node, KEY_LDAP_HOST, RECDB_QSTRING); - nickserv_conf.ldap_host = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_URI, RECDB_QSTRING); + nickserv_conf.ldap_uri = str ? str : ""; - str = database_get_data(conf_node, KEY_LDAP_PORT, RECDB_QSTRING); - nickserv_conf.ldap_port = str ? strtoul(str, NULL, 0) : LDAP_PORT; - str = database_get_data(conf_node, KEY_LDAP_BASE, RECDB_QSTRING); nickserv_conf.ldap_base = str ? str : ""; @@ -4389,6 +4927,9 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_AUTOCREATE, RECDB_QSTRING); nickserv_conf.ldap_autocreate = str ? strtoul(str, NULL, 0) : 0; + str = database_get_data(conf_node, KEY_LDAP_TIMEOUT, RECDB_QSTRING); + nickserv_conf.ldap_timeout = str ? strtoul(str, NULL, 0) : 5; + str = database_get_data(conf_node, KEY_LDAP_ADMIN_DN, RECDB_QSTRING); nickserv_conf.ldap_admin_dn = str ? str : ""; @@ -4404,6 +4945,25 @@ nickserv_conf_read(void) str = database_get_data(conf_node, KEY_LDAP_FIELD_EMAIL, RECDB_QSTRING); nickserv_conf.ldap_field_email = str ? str : ""; + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_DN, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_dn = str ? str : ""; + + str = database_get_data(conf_node, KEY_LDAP_OPER_GROUP_LEVEL, RECDB_QSTRING); + nickserv_conf.ldap_oper_group_level = str ? strtoul(str, NULL, 0) : 99; + + str = database_get_data(conf_node, KEY_LDAP_FIELD_GROUP_MEMBER, RECDB_QSTRING); + nickserv_conf.ldap_field_group_member = str ? str : ""; + + free_string_list(nickserv_conf.ldap_object_classes); + strlist = database_get_data(conf_node, KEY_LDAP_OBJECT_CLASSES, RECDB_STRING_LIST); + if(strlist) + strlist = string_list_copy(strlist); + else { + strlist = alloc_string_list(4); + string_list_append(strlist, strdup("top")); + } + nickserv_conf.ldap_object_classes = strlist; + #endif } @@ -4421,6 +4981,7 @@ nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_actio break; case RECLAIM_WARN: send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle); + send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle); break; case RECLAIM_SVSNICK: do { @@ -4430,7 +4991,7 @@ nickserv_reclaim(struct userNode *user, struct nick_info *ni, enum reclaim_actio break; case RECLAIM_KILL: msg = user_find_message(user, "NSMSG_RECLAIM_KILL"); - irc_kill(nickserv, user, msg); + DelUser(user, nickserv, 1, msg); break; } } @@ -4456,19 +5017,15 @@ check_user_nick(struct userNode *user) { } if (nickserv_conf.warn_nick_owned) send_message(user, nickserv, "NSMSG_RECLAIM_WARN", ni->nick, ni->owner->handle); + send_message(user, nickserv, "NSMSG_RECLAIM_HOWTO", ni->owner->handle, nickserv->nick, self->name, ni->owner->handle); if (nickserv_conf.auto_reclaim_action == RECLAIM_NONE) return 0; if (nickserv_conf.auto_reclaim_delay) timeq_add(now + nickserv_conf.auto_reclaim_delay, nickserv_reclaim_p, user); else nickserv_reclaim(user, ni, nickserv_conf.auto_reclaim_action); - return 0; -} -int -handle_new_user(struct userNode *user) -{ - return check_user_nick(user); + return 0; } void @@ -4489,7 +5046,8 @@ handle_account(struct userNode *user, const char *stamp) hi = dict_find(nickserv_handle_dict, stamp, NULL); if(hi && timestamp && hi->registered != timestamp) { - log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %lu is not %lu.", user->nick, stamp, timestamp, hi->registered); + log_module(MAIN_LOG, LOG_WARNING, "%s using account %s but timestamp does not match %s is not %s.", user->nick, stamp, ctime(×tamp), +ctime(&hi->registered)); return; } #else @@ -4579,16 +5137,34 @@ nickserv_db_cleanup(void) regfree(&nickserv_conf.valid_nick_regex); } +void handle_loc_auth_oper(struct userNode *user, UNUSED_ARG(struct handle_info *old_handle)) { + if (!*nickserv_conf.auto_oper || !user->handle_info) + return; + + if (!IsOper(user)) { + if (*nickserv_conf.auto_admin && user->handle_info->opserv_level >= opserv_conf_admin_level()) { + irc_umode(user, nickserv_conf.auto_admin); + irc_sno(0x1, "%s (%s@%s) is now an IRC Administrator", + user->nick, user->ident, user->hostname); + } else if (*nickserv_conf.auto_oper && user->handle_info->opserv_level) { + irc_umode(user, nickserv_conf.auto_oper); + irc_sno(0x1, "%s (%s@%s) is now an IRC Operator", + user->nick, user->ident, user->hostname); + } + } +} + void init_nickserv(const char *nick) { struct chanNode *chan; unsigned int i; NS_LOG = log_register_type("NickServ", "file:nickserv.log"); - reg_new_user_func(handle_new_user); + reg_new_user_func(check_user_nick); reg_nick_change_func(handle_nick_change); reg_del_user_func(nickserv_remove_user); reg_account_func(handle_account); + reg_auth_func(handle_loc_auth_oper); /* set up handle_inverse_flags */ memset(handle_inverse_flags, 0, sizeof(handle_inverse_flags)); @@ -4626,7 +5202,7 @@ init_nickserv(const char *nick) nickserv_define_func("USERINFO", cmd_userinfo, -1, 1, 0); nickserv_define_func("RENAME", cmd_rename_handle, -1, 1, 0); nickserv_define_func("VACATION", cmd_vacation, -1, 1, 0); - nickserv_define_func("MERGE", cmd_merge, 0, 1, 0); + nickserv_define_func("MERGE", cmd_merge, 750, 1, 0); if (!nickserv_conf.disable_nicks) { /* nick management commands */ nickserv_define_func("REGNICK", cmd_regnick, -1, 1, 0); @@ -4656,6 +5232,7 @@ init_nickserv(const char *nick) nickserv_define_func("SEARCH UNREGISTER", NULL, 800, 1, 0); nickserv_define_func("MERGEDB", cmd_mergedb, 999, 1, 0); nickserv_define_func("CHECKPASS", cmd_checkpass, 601, 1, 0); + nickserv_define_func("CHECKEMAIL", cmd_checkemail, 0, 1, 0); /* other options */ dict_insert(nickserv_opt_dict, "INFO", opt_info); dict_insert(nickserv_opt_dict, "WIDTH", opt_width); @@ -4679,6 +5256,7 @@ init_nickserv(const char *nick) dict_insert(nickserv_opt_dict, "MAXLOGINS", opt_maxlogins); dict_insert(nickserv_opt_dict, "ADVANCED", opt_advanced); dict_insert(nickserv_opt_dict, "LANGUAGE", opt_language); + dict_insert(nickserv_opt_dict, "KARMA", opt_karma); nickserv_handle_dict = dict_new(); dict_set_free_keys(nickserv_handle_dict, free); @@ -4696,7 +5274,7 @@ init_nickserv(const char *nick) if (nick) { const char *modes = conf_get_data("services/nickserv/modes", RECDB_QSTRING); - nickserv = AddService(nick, modes ? modes : NULL, "Nick Services", NULL); + nickserv = AddLocalUser(nick, nick, NULL, "Nick Services", modes); nickserv_service = service_register(nickserv); } saxdb_register("NickServ", nickserv_saxdb_read, nickserv_saxdb_write);