[irc/quakenet/newserv.git] / chanserv / chanserv_relay.c

#include "chanserv.h"
#include "../control/control.h"
#include "../lib/version.h"
#include "../lib/irc_string.h"
#include "../core/config.h"
#include "../lib/hmac.h"
#include "../lib/strlfunc.h"
#include "../lib/cbc.h"
#include "authlib.h"

#include <stdio.h>
#include <string.h>

#define KEY_BITS 256
#define BLOCK_SIZE 16

MODULE_VERSION(QVERSION);

int csa_docheckhashpass(void *source, int cargc, char **cargv);
int csa_docreateaccount(void *source, int cargc, char **cargv);
int csa_dosettempemail(void *source, int cargc, char **cargv);
int csa_dosetemail(void *source, int cargc, char **cargv);
int csa_doresendemail(void *source, int cargc, char **cargv);
int csa_doactivateuser(void *source, int cargc, char **cargv);
int csa_doaddchan(void *source, int argc, char **argv);
static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted);
static int hex_to_int(char *input, unsigned char *buf, int buflen);

static unsigned char createaccountsecret[KEY_BITS / 8];
static int createaccountsecret_ok = 0;

static unsigned char hexlookup[256] = {
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
                       0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
                       0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c,
                       0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
                       0xff, 0xff, 0xff, 0xff, 0xff, 0xff
                                  };

static void relayfinishinit(int, void *);

void relayfinishinit(int hooknum, void *arg) {
  sstring *s;

  deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);

  registercontrolhelpcmd("checkhashpass", NO_RELAY, 3, csa_docheckhashpass, "Usage: checkhashpass <username> <digest> ?junk?");
  registercontrolhelpcmd("settempemail", NO_RELAY, 2, csa_dosettempemail, "Usage: settempemail <userid> <email address>");
  registercontrolhelpcmd("setemail", NO_RELAY, 3, csa_dosetemail, "Usage: setmail <userid> <timestamp> <email address>");
  registercontrolhelpcmd("resendemail", NO_RELAY, 1, csa_doresendemail, "Usage: resendemail <userid>");
  registercontrolhelpcmd("activateuser", NO_RELAY, 1, csa_doactivateuser, "Usage: activateuser <userid>");
  registercontrolhelpcmd("addchan", NO_RELAY, 3, csa_doaddchan, "Usage: addchan <channel> <userid> <channel type>");

  s=getcopyconfigitem("chanserv","createaccountsecret","",128);
  if(!s || !s->content || !s->content[0]) {
    Error("chanserv_relay",ERR_WARNING,"createaccountsecret not set, createaccount disabled.");
  } else if(s->length != KEY_BITS / 8 * 2 || !hex_to_int(s->content, createaccountsecret, sizeof(createaccountsecret))) {
    Error("chanserv_relay",ERR_WARNING,"createaccountsecret must be a %d character hex string.", KEY_BITS / 8 * 2);
  } else {
    registercontrolhelpcmd("createaccount", NO_RELAY, 5, csa_docreateaccount, "Usage: createaccount <execute> <username> <email address> <encrypted password> <activate user>");
    createaccountsecret_ok = 1;
  }

  freesstring(s);
}

void _init(void) {
  registerhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);

  if(chanservdb_ready)
    relayfinishinit(HOOK_CHANSERV_DBLOADED, NULL);
}

void _fini(void) {
  deregistercontrolcmd("checkhashpass", csa_docheckhashpass);
  deregistercontrolcmd("settempemail", csa_dosettempemail);
  deregistercontrolcmd("setemail", csa_dosetemail);
  deregistercontrolcmd("resendemail", csa_doresendemail);
  deregistercontrolcmd("activateuser", csa_doactivateuser);
  deregistercontrolcmd("addchan", csa_doaddchan);

  if(createaccountsecret_ok)
    deregistercontrolcmd("createaccount", csa_docreateaccount);

  deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
}

int csa_docheckhashpass(void *source, int cargc, char **cargv) {
  nick *sender=(nick *)source;
  reguser *rup;
  char *flags;

  if(cargc<3) {
    controlreply(sender, "CHECKHASHPASS FAIL args");
    return CMD_ERROR;
  }

  if (!(rup=findreguserbynick(cargv[0]))) {
    controlreply(sender, "CHECKHASHPASS FAIL user");
    return CMD_OK;
  }

  flags = printflags(QUFLAG_ALL & rup->flags, ruflags);
  if(UHasSuspension(rup)) {
    controlreply(sender, "CHECKHASHPASS FAIL suspended %s %s %u", rup->username, flags, rup->ID);
  } else if(UIsInactive(rup)) {
    controlreply(sender, "CHECKHASHPASS FAIL inactive %s %s %u", rup->username, flags, rup->ID);
  } else if(!checkhashpass(rup, cargc<3?NULL:cargv[2], cargv[1])) {
    controlreply(sender, "CHECKHASHPASS FAIL digest %s %s %u", rup->username, flags, rup->ID);
  } else {
    controlreply(sender, "CHECKHASHPASS OK %s %s %u %s", rup->username, flags, rup->ID, rup->email?rup->email->content:"-");
  }

  return CMD_OK;
}

static char *email_to_error(char *email) {
  maildomain *mdp, *smdp;
  char *local;
  char *dupemail;
  int found = 0;
  maillock *mlp;
  reguser *ruh;

  switch(csa_checkeboy_r(email)) {
    case -1:               break;
    case QM_EMAILTOOSHORT: return "emailshort";
    case QM_EMAILNOAT:     return "emailinvalid";
    case QM_EMAILATEND:    return "emailinvalid";
    case QM_EMAILINVCHR:   return "emailinvalid";
    case QM_NOTYOUREMAIL:  return "emailnotyours";
    case QM_INVALIDEMAIL:  return "emailinvalid";
    default:               return "emailunknown";
  }

  /* maildomain BS... c&p from hello.c */
  for(mlp=maillocks;mlp;mlp=mlp->next) {
    if(!match(mlp->pattern->content, email)) {
      return "emaillocked";
    }
  }

  dupemail = strdup(email);
  local=strchr(dupemail, '@');
  if(!local) {
    free(dupemail);
    return "emailunknown";
  }
  *(local++)='\0';

  mdp=findnearestmaildomain(local);
  if(mdp) {
    for(smdp=mdp; smdp; smdp=smdp->parent) {
      if(MDIsBanned(smdp)) {
        free(dupemail);
        return "emaillocked";
      }
      if((smdp->count >= smdp->limit) && (smdp->limit > 0)) {
        free(dupemail);
        return "emaildomainlimit";
      }
    }
  }

  mdp=findmaildomainbydomain(local);
  if(mdp) {
    for (ruh=mdp->users; ruh; ruh=ruh->nextbydomain) {
      if (ruh->localpart)
        if (!strcasecmp(dupemail, ruh->localpart->content)) {
          found++;
        }
    }

    if((found >= mdp->actlimit) && (mdp->actlimit > 0)) {
      free(dupemail);
      return "emailaddresslimit";
    }
  }

  free(dupemail);

  return NULL;
}

static void sendemail(reguser *rup) {
  csdb_createmail(rup, QMAIL_ACTIVATEEMAIL);
}

int csa_docreateaccount(void *source, int cargc, char **cargv) {
  nick *sender=(nick *)source;
  int execute;
  char *error_username = NULL, *error_password = NULL, *error_email = NULL;
  char *username = NULL, *password = NULL, *email = NULL;
  char account_info[512];
  char passbuf[512];
  int do_create;
  int activate;

  if(cargc<5) {
    controlreply(sender, "CREATEACCOUNT FALSE args");
    return CMD_ERROR;
  }

  execute = cargv[0][0] == '1';
  if(strcmp(cargv[1], "0"))
    username = cargv[1];
  if(strcmp(cargv[2], "0"))
    email = cargv[2];
  if(strcmp(cargv[3], "0")) {
    int errorcode = decrypt_password(createaccountsecret, KEY_BITS, passbuf, sizeof(passbuf), cargv[3]);
    if(errorcode) {
      Error("chanserv_relay",ERR_WARNING,"createaccount unable to decrypt password, error code: %d", errorcode);
      controlreply(sender, "CREATEACCOUNT FALSE args");
      return CMD_ERROR;
    }
    password = passbuf;
  }
  activate = cargv[4][0] == '1';

  if(username) {
    if (findreguserbynick(username)) {
      error_username = "usernameinuse";
    } else if(csa_checkaccountname_r(username)) {
      error_username = "usernameinvalid";
    }
  }

  if(email)
    error_email = email_to_error(email);

  if(password) {
    int r = csa_checkpasswordquality(password);
    if(r == QM_PWTOSHORT) {
      error_password = "passwordshort";
    } else if(r == QM_PWTOLONG) {
      error_password = "passwordlong";
    } else if(r == QM_PWTOWEAK) {
      error_password = "passwordweak";
    } else if(r != -1) {
      error_password = "passwordunknown";
    }
  }

  if(execute && email && password && username && !error_email && !error_password && !error_username) {
    reguser *rup;
    do_create = 1;

    rup = csa_createaccount(username, password, email);

    if(!activate)
      USetInactive(rup);

    cs_log(sender,"CREATEACCOUNT created auth %s (%s) %s",rup->username,rup->email->content,activate?"(active)": "(inactive)");
    csdb_createuser(rup);
    snprintf(account_info, sizeof(account_info), " %u %lu", rup->ID, (unsigned long)rup->lastpasschange);

    if(!activate)
      sendemail(rup);
  } else {
    account_info[0] = '\0';
    do_create = 0;
  }

  controlreply(sender, "CREATEACCOUNT %s%s%s%s%s%s%s%s",
    do_create ? "TRUE" : "FALSE",
    account_info,
    email && error_email ? " " : "", email && error_email ? error_email : "",
    password && error_password ? " " : "", password && error_password ? error_password : "",
    username && error_username ? " " : "", username && error_username ? error_username : ""
  );

  return CMD_OK;
}

int csa_dosettempemail(void *source, int cargc, char **cargv) {
  char *email;
  char *error;
  reguser *rup;
  nick *sender=(nick *)source;

  if(cargc<2) {
    controlreply(sender, "SETTEMPEMAIL FALSE args");
    return CMD_ERROR;
  }

  rup = findreguserbyID(atoi(cargv[0]));
  if(rup == NULL) {
    controlreply(sender, "SETTEMPEMAIL FALSE useridnotexist");
    return CMD_ERROR;
  }

  if(!UIsInactive(rup)) {
    controlreply(sender, "SETTEMPEMAIL FALSE accountactive");
    return CMD_ERROR;
  }

  email = cargv[1];
  error = email_to_error(email);
  if(error) {
    controlreply(sender, "SETTEMPEMAIL FALSE %s", error);
    return CMD_ERROR;
  }

  freesstring(rup->email);
  rup->email=getsstring(email,EMAILLEN);
  cs_log(sender,"SETTEMPEMAIL OK username %s email %s",rup->username, rup->email->content);

  csdb_updateuser(rup);
  sendemail(rup);

  controlreply(sender, "SETTEMPEMAIL TRUE");

  return CMD_OK;
}

int csa_dosetemail(void *source, int cargc, char **cargv) {
  char *email;
  char *error;
  reguser *rup;
  nick *sender=(nick *)source;

  if(cargc<3) {
    controlreply(sender, "SETEMAIL FALSE args");
    return CMD_ERROR;
  }

  rup = findreguserbyID(atoi(cargv[0]));
  if(rup == NULL) {
    controlreply(sender, "SETEMAIL FALSE useridnotexist");
    return CMD_ERROR;
  }

  if(UHasStaffPriv(rup)) {
    controlreply(sender, "SETEMAIL FALSE privuser");
    return CMD_ERROR;
  }

  if(UHasSuspension(rup)) {
    controlreply(sender, "SETEMAIL FALSE suspended");
    return CMD_ERROR;
  }

  if(rup->lastpasschange > atoi(cargv[1])) {
    controlreply(sender, "SETEMAIL FALSE passwordchanged");
    return CMD_ERROR;
  }

  email = cargv[2];

  if(!strcmp(email, rup->email->content)) {
    /* setting to the same thing? fine! */
    controlreply(sender, "SETEMAIL TRUE");
    return CMD_OK;
  }

  error = email_to_error(email);
  if(error) {
    controlreply(sender, "SETEMAIL FALSE %s", error);
    return CMD_ERROR;
  }

  freesstring(rup->email);
  rup->email=getsstring(email,EMAILLEN);
  cs_log(sender,"SETEMAIL OK username %s email %s",rup->username, rup->email->content);

  csdb_updateuser(rup);
  sendemail(rup);

  controlreply(sender, "SETEMAIL TRUE");

  return CMD_OK;
}

int csa_doresendemail(void *source, int cargc, char **cargv) {
  reguser *rup;
  nick *sender=(nick *)source;

  if(cargc<1) {
    controlreply(sender, "RESENDEMAIL FALSE args");
    return CMD_ERROR;
  }

  rup = findreguserbyID(atoi(cargv[0]));
  if(rup == NULL) {
    controlreply(sender, "RESENDEMAIL FALSE useridnotexist");
    return CMD_ERROR;
  }

  if(!UIsInactive(rup)) {
    controlreply(sender, "RESENDEMAIL FALSE accountactive");
    return CMD_ERROR;
  }

  sendemail(rup);
  controlreply(sender, "RESENDEMAIL TRUE");
  cs_log(sender,"RESENDEMAIL OK username %s",rup->username);

  return CMD_OK;
}

int csa_doactivateuser(void *source, int cargc, char **cargv) {
  reguser *rup;
  nick *sender=(nick *)source;

  if(cargc<1) {
    controlreply(sender, "ACTIVATEUSER FALSE args");
    return CMD_ERROR;
  }

  rup = findreguserbyID(atoi(cargv[0]));
  if(rup == NULL) {
    controlreply(sender, "ACTIVATEUSER FALSE useridnotexist");
    return CMD_ERROR;
  }

  if(!UIsInactive(rup)) {
    controlreply(sender, "ACTIVATEUSER FALSE accountactive");
    return CMD_ERROR;
  }

  UClearInactive(rup);
  csdb_updateuser(rup);

  cs_log(sender,"ACTIVATEUSER OK username %s",rup->username);
  controlreply(sender, "ACTIVATEUSER TRUE");

  return CMD_OK;
}

int csa_doaddchan(void *source, int cargc, char **cargv) {
  nick *sender=(nick *)source;
  reguser *rup = getreguserfromnick(sender), *founder;
  chanindex *cip;
  short type;
  regchan *rcp;

  if(cargc<3) {
    controlreply(sender, "ADDCHAN FALSE args");
    return CMD_ERROR;
  }

  if (*cargv[0] != '#' || strlen(cargv[0]) > CHANNELLEN) {
    controlreply(sender, "ADDCHAN FALSE invalidchannel");
    return CMD_ERROR;
  }

  if (!(cip=findorcreatechanindex(cargv[0]))) {
    controlreply(sender, "ADDCHAN FALSE invalidchannel");
    return CMD_ERROR;
  }

  founder = findreguserbyID(atoi(cargv[1]));
  if(founder == NULL) {
    controlreply(sender, "ADDCHAN FALSE useridnotexist");
    return CMD_ERROR;
  }

  if(UIsInactive(founder)) {
    controlreply(sender, "ADDCHAN FALSE accountinactive");
    return CMD_ERROR;
  }

  for(type=CHANTYPES-1;type;type--)
    if(!ircd_strcmp(chantypes[type]->content, cargv[2]))
      break;

  if(!type) {
    controlreply(sender, "ADDCHAN FALSE invalidchantype");
    return CMD_ERROR;
  }

  rcp = cs_addchan(cip, sender, rup, founder, QCFLAG_JOINED | QCFLAG_AUTOOP | QCFLAG_BITCH | QCFLAG_FORCETOPIC | QCFLAG_PROTECT | QCFLAG_TOPICSAVE, CHANMODE_NOCTCP | CHANMODE_DELJOINS | CHANMODE_MODNOAUTH | CHANMODE_NONOTICE | CHANMODE_NOEXTMSG | CHANMODE_SINGLETARG | CHANMODE_TOPICLIMIT | CHANMODE_NOQUITMSG, 0, type);
  if(!rcp) {
    controlreply(sender, "ADDCHAN FALSE alreadyregistered");
    return CMD_ERROR;
  }

  cs_log(sender, "ADDCHAN %s #%s %s %s", cip->name->content, founder->username, printflags(rcp->flags, rcflags), chantypes[type]->content);
  controlreply(sender, "ADDCHAN TRUE %u", rcp->ID);
  return CMD_OK;
}

static int hex_to_int(char *input, unsigned char *buf, int buflen) {
  int i;
  for(i=0;i<buflen;i++) {
    if((0xff == hexlookup[(int)input[i * 2]]) || (0xff == hexlookup[(int)input[i * 2 + 1]])) {
      return 0;
    } else {
      buf[i] = (hexlookup[(int)input[i * 2]] << 4) | hexlookup[(int)input[i * 2 + 1]];
    }
  }
  return 1;
}

static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted) {
  size_t ciphertextlen, datalen;
  unsigned char iv[BLOCK_SIZE];
  rijndaelcbc *c;
  int i, j;

  datalen = strlen(encrypted);
  if(datalen % 2 != 0)
    return 1;
  if(datalen < BLOCK_SIZE * 2 * 2)
    return 2;

  if(!hex_to_int(encrypted, iv, BLOCK_SIZE))
    return 3;

  ciphertextlen = (datalen - (BLOCK_SIZE * 2)) / 2;
  if(ciphertextlen > bufsize || ciphertextlen % BLOCK_SIZE != 0)
    return 4;

  if(!hex_to_int(encrypted + BLOCK_SIZE * 2, (unsigned char *)buf, ciphertextlen))
    return 5;

  c = rijndaelcbc_init(secret, keybits, iv, 1);

  for(i=0;i<ciphertextlen;i+=BLOCK_SIZE) {
    char *p = &buf[i];
    unsigned char *r = rijndaelcbc_decrypt(c, (unsigned char *)p);
    memcpy(p, r, BLOCK_SIZE);

    for(j=0;j<BLOCK_SIZE;j++) {
      if(*(p + j) == '\0') {
        rijndaelcbc_free(c);
        return 0;
      }
    }
  }

  rijndaelcbc_free(c);
  return 6;
}
Commit	Line	Data
354b3c0a CP	1	#include "chanserv.h"
354b3c0a CP	2	#include "../control/control.h"
7f32dbdf	3	#include "../lib/version.h"
07bed5f4	4	#include "../lib/irc_string.h"
d96acfa8 CP	5	#include "../core/config.h"
	6	#include "../lib/hmac.h"
	7	#include "../lib/strlfunc.h"
	8	#include "../lib/cbc.h"
07bed5f4 CP	9	#include "authlib.h"
	10
	11	#include <stdio.h>
	12	#include <string.h>
7f32dbdf	13
d96acfa8 CP	14	#define KEY_BITS 256
	15	#define BLOCK_SIZE 16
	16
7f32dbdf	17	MODULE_VERSION(QVERSION);
354b3c0a CP	18
354b3c0a CP	19	int csa_docheckhashpass(void source, int cargc, char *cargv);
07bed5f4 CP	20	int csa_docreateaccount(void source, int cargc, char *cargv);
07bed5f4 CP	21	int csa_dosettempemail(void source, int cargc, char *cargv);
8f129eab	22	int csa_dosetemail(void source, int cargc, char *cargv);
07bed5f4 CP	23	int csa_doresendemail(void source, int cargc, char *cargv);
07bed5f4 CP	24	int csa_doactivateuser(void source, int cargc, char *cargv);
bdeb548f	25	int csa_doaddchan(void source, int argc, char *argv);
d96acfa8 CP	26	static int decrypt_password(unsigned char secret, int keybits, char buf, int bufsize, char *encrypted);
	27	static int hex_to_int(char input, unsigned char buf, int buflen);
	28
	29	static unsigned char createaccountsecret[KEY_BITS / 8];
	30	static int createaccountsecret_ok = 0;
	31
	32	static unsigned char hexlookup[256] = {
	33	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	34	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	35	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	36	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	37	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
	38	0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
	39	0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
	40	0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	41	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	42	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c,
	43	0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	44	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	45	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	46	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	47	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	48	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	49	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	50	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	51	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	52	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	53	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	54	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	55	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	56	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	57	0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
	58	0xff, 0xff, 0xff, 0xff, 0xff, 0xff
	59	};
354b3c0a	60
7e032dc6 CP	61	static void relayfinishinit(int, void *);
	62
	63	void relayfinishinit(int hooknum, void *arg) {
d96acfa8 CP	64	sstring *s;
d96acfa8 CP	65
7e032dc6 CP	66	deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
7e032dc6 CP	67
354b3c0a	68	registercontrolhelpcmd("checkhashpass", NO_RELAY, 3, csa_docheckhashpass, "Usage: checkhashpass <username> <digest> ?junk?");
b86998d2	69	registercontrolhelpcmd("settempemail", NO_RELAY, 2, csa_dosettempemail, "Usage: settempemail <userid> <email address>");
8f129eab	70	registercontrolhelpcmd("setemail", NO_RELAY, 3, csa_dosetemail, "Usage: setmail <userid> <timestamp> <email address>");
b86998d2 CP	71	registercontrolhelpcmd("resendemail", NO_RELAY, 1, csa_doresendemail, "Usage: resendemail <userid>");
b86998d2 CP	72	registercontrolhelpcmd("activateuser", NO_RELAY, 1, csa_doactivateuser, "Usage: activateuser <userid>");
bdeb548f	73	registercontrolhelpcmd("addchan", NO_RELAY, 3, csa_doaddchan, "Usage: addchan <channel> <userid> <channel type>");
d96acfa8 CP	74
	75	s=getcopyconfigitem("chanserv","createaccountsecret","",128);
	76	if(!s \|\| !s->content \|\| !s->content[0]) {
	77	Error("chanserv_relay",ERR_WARNING,"createaccountsecret not set, createaccount disabled.");
	78	} else if(s->length != KEY_BITS / 8 * 2 \|\| !hex_to_int(s->content, createaccountsecret, sizeof(createaccountsecret))) {
	79	Error("chanserv_relay",ERR_WARNING,"createaccountsecret must be a %d character hex string.", KEY_BITS / 8 * 2);
	80	} else {
8f129eab	81	registercontrolhelpcmd("createaccount", NO_RELAY, 5, csa_docreateaccount, "Usage: createaccount <execute> <username> <email address> <encrypted password> <activate user>");
d96acfa8 CP	82	createaccountsecret_ok = 1;
	83	}
	84
	85	freesstring(s);
354b3c0a CP	86	}
354b3c0a CP	87
7e032dc6 CP	88	void _init(void) {
	89	registerhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
	90
	91	if(chanservdb_ready)
	92	relayfinishinit(HOOK_CHANSERV_DBLOADED, NULL);
	93	}
	94
354b3c0a CP	95	void _fini(void) {
354b3c0a CP	96	deregistercontrolcmd("checkhashpass", csa_docheckhashpass);
07bed5f4	97	deregistercontrolcmd("settempemail", csa_dosettempemail);
8f129eab	98	deregistercontrolcmd("setemail", csa_dosetemail);
07bed5f4 CP	99	deregistercontrolcmd("resendemail", csa_doresendemail);
07bed5f4 CP	100	deregistercontrolcmd("activateuser", csa_doactivateuser);
bdeb548f	101	deregistercontrolcmd("addchan", csa_doaddchan);
d96acfa8 CP	102
	103	if(createaccountsecret_ok)
	104	deregistercontrolcmd("createaccount", csa_docreateaccount);
7e032dc6 CP	105
7e032dc6 CP	106	deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
354b3c0a CP	107	}
	108
	109	int csa_docheckhashpass(void source, int cargc, char *cargv) {
	110	nick sender=(nick )source;
caee16ec	111	reguser *rup;
354b3c0a CP	112	char *flags;
	113
	114	if(cargc<3) {
	115	controlreply(sender, "CHECKHASHPASS FAIL args");
	116	return CMD_ERROR;
	117	}
	118
	119	if (!(rup=findreguserbynick(cargv[0]))) {
	120	controlreply(sender, "CHECKHASHPASS FAIL user");
	121	return CMD_OK;
	122	}
	123
	124	flags = printflags(QUFLAG_ALL & rup->flags, ruflags);
	125	if(UHasSuspension(rup)) {
	126	controlreply(sender, "CHECKHASHPASS FAIL suspended %s %s %u", rup->username, flags, rup->ID);
caee16ec CP	127	} else if(UIsInactive(rup)) {
caee16ec CP	128	controlreply(sender, "CHECKHASHPASS FAIL inactive %s %s %u", rup->username, flags, rup->ID);
354b3c0a CP	129	} else if(!checkhashpass(rup, cargc<3?NULL:cargv[2], cargv[1])) {
	130	controlreply(sender, "CHECKHASHPASS FAIL digest %s %s %u", rup->username, flags, rup->ID);
	131	} else {
	132	controlreply(sender, "CHECKHASHPASS OK %s %s %u %s", rup->username, flags, rup->ID, rup->email?rup->email->content:"-");
	133	}
	134
	135	return CMD_OK;
	136	}
07bed5f4 CP	137
	138	static char email_to_error(char email) {
	139	maildomain mdp, smdp;
	140	char *local;
	141	char *dupemail;
	142	int found = 0;
	143	maillock *mlp;
	144	reguser *ruh;
	145
3cfa791f	146	switch(csa_checkeboy_r(email)) {
07bed5f4	147	case -1: break;
3cfa791f CP	148	case QM_EMAILTOOSHORT: return "emailshort";
	149	case QM_EMAILNOAT: return "emailinvalid";
	150	case QM_EMAILATEND: return "emailinvalid";
	151	case QM_EMAILINVCHR: return "emailinvalid";
	152	case QM_NOTYOUREMAIL: return "emailnotyours";
	153	case QM_INVALIDEMAIL: return "emailinvalid";
	154	default: return "emailunknown";
07bed5f4 CP	155	}
	156
	157	/* maildomain BS... c&p from hello.c */
	158	for(mlp=maillocks;mlp;mlp=mlp->next) {
	159	if(!match(mlp->pattern->content, email)) {
3cfa791f	160	return "emaillocked";
07bed5f4 CP	161	}
	162	}
	163
	164	dupemail = strdup(email);
	165	local=strchr(dupemail, '@');
	166	if(!local) {
	167	free(dupemail);
3cfa791f	168	return "emailunknown";
07bed5f4 CP	169	}
	170	*(local++)='\0';
	171
	172	mdp=findnearestmaildomain(local);
	173	if(mdp) {
	174	for(smdp=mdp; smdp; smdp=smdp->parent) {
	175	if(MDIsBanned(smdp)) {
	176	free(dupemail);
3cfa791f	177	return "emaillocked";
07bed5f4 CP	178	}
	179	if((smdp->count >= smdp->limit) && (smdp->limit > 0)) {
	180	free(dupemail);
3cfa791f	181	return "emaildomainlimit";
07bed5f4 CP	182	}
	183	}
	184	}
	185
	186	mdp=findmaildomainbydomain(local);
	187	if(mdp) {
	188	for (ruh=mdp->users; ruh; ruh=ruh->nextbydomain) {
	189	if (ruh->localpart)
	190	if (!strcasecmp(dupemail, ruh->localpart->content)) {
	191	found++;
	192	}
	193	}
	194
	195	if((found >= mdp->actlimit) && (mdp->actlimit > 0)) {
	196	free(dupemail);
3cfa791f	197	return "emailaddresslimit";
07bed5f4 CP	198	}
	199	}
	200
2fd779e3 GB	201	free(dupemail);
2fd779e3 GB	202
07bed5f4 CP	203	return NULL;
	204	}
	205
	206	static void sendemail(reguser *rup) {
	207	csdb_createmail(rup, QMAIL_ACTIVATEEMAIL);
	208	}
	209
	210	int csa_docreateaccount(void source, int cargc, char *cargv) {
	211	nick sender=(nick )source;
	212	int execute;
	213	char error_username = NULL, error_password = NULL, *error_email = NULL;
	214	char username = NULL, password = NULL, *email = NULL;
b86998d2	215	char account_info[512];
d96acfa8	216	char passbuf[512];
07bed5f4	217	int do_create;
8f129eab	218	int activate;
07bed5f4	219
8f129eab	220	if(cargc<5) {
07bed5f4 CP	221	controlreply(sender, "CREATEACCOUNT FALSE args");
	222	return CMD_ERROR;
	223	}
	224
	225	execute = cargv[0][0] == '1';
	226	if(strcmp(cargv[1], "0"))
	227	username = cargv[1];
	228	if(strcmp(cargv[2], "0"))
	229	email = cargv[2];
d96acfa8 CP	230	if(strcmp(cargv[3], "0")) {
	231	int errorcode = decrypt_password(createaccountsecret, KEY_BITS, passbuf, sizeof(passbuf), cargv[3]);
	232	if(errorcode) {
	233	Error("chanserv_relay",ERR_WARNING,"createaccount unable to decrypt password, error code: %d", errorcode);
	234	controlreply(sender, "CREATEACCOUNT FALSE args");
	235	return CMD_ERROR;
	236	}
	237	password = passbuf;
	238	}
8f129eab	239	activate = cargv[4][0] == '1';
07bed5f4 CP	240
	241	if(username) {
	242	if (findreguserbynick(username)) {
3cfa791f	243	error_username = "usernameinuse";
07bed5f4	244	} else if(csa_checkaccountname_r(username)) {
3cfa791f	245	error_username = "usernameinvalid";
07bed5f4 CP	246	}
	247	}
	248
	249	if(email)
	250	error_email = email_to_error(email);
	251
	252	if(password) {
	253	int r = csa_checkpasswordquality(password);
	254	if(r == QM_PWTOSHORT) {
3cfa791f	255	error_password = "passwordshort";
14dc6de9 CP	256	} else if(r == QM_PWTOLONG) {
14dc6de9 CP	257	error_password = "passwordlong";
07bed5f4	258	} else if(r == QM_PWTOWEAK) {
3cfa791f	259	error_password = "passwordweak";
07bed5f4	260	} else if(r != -1) {
3cfa791f	261	error_password = "passwordunknown";
07bed5f4 CP	262	}
	263	}
	264
	265	if(execute && email && password && username && !error_email && !error_password && !error_username) {
	266	reguser *rup;
	267	do_create = 1;
	268
	269	rup = csa_createaccount(username, password, email);
07bed5f4	270
8f129eab CP	271	if(!activate)
	272	USetInactive(rup);
	273
	274	cs_log(sender,"CREATEACCOUNT created auth %s (%s) %s",rup->username,rup->email->content,activate?"(active)": "(inactive)");
07bed5f4	275	csdb_createuser(rup);
8f129eab	276	snprintf(account_info, sizeof(account_info), " %u %lu", rup->ID, (unsigned long)rup->lastpasschange);
07bed5f4	277
46a359b5 CP	278	if(!activate)
46a359b5 CP	279	sendemail(rup);
07bed5f4	280	} else {
b86998d2	281	account_info[0] = '\0';
07bed5f4 CP	282	do_create = 0;
	283	}
	284
b86998d2	285	controlreply(sender, "CREATEACCOUNT %s%s%s%s%s%s%s%s",
07bed5f4	286	do_create ? "TRUE" : "FALSE",
b86998d2	287	account_info,
3cfa791f CP	288	email && error_email ? " " : "", email && error_email ? error_email : "",
	289	password && error_password ? " " : "", password && error_password ? error_password : "",
	290	username && error_username ? " " : "", username && error_username ? error_username : ""
07bed5f4 CP	291	);
	292
	293	return CMD_OK;
	294	}
	295
	296	int csa_dosettempemail(void source, int cargc, char *cargv) {
	297	char *email;
	298	char *error;
	299	reguser *rup;
	300	nick sender=(nick )source;
	301
	302	if(cargc<2) {
	303	controlreply(sender, "SETTEMPEMAIL FALSE args");
	304	return CMD_ERROR;
	305	}
	306
b86998d2	307	rup = findreguserbyID(atoi(cargv[0]));
07bed5f4	308	if(rup == NULL) {
b86998d2	309	controlreply(sender, "SETTEMPEMAIL FALSE useridnotexist");
07bed5f4 CP	310	return CMD_ERROR;
	311	}
	312
	313	if(!UIsInactive(rup)) {
3cfa791f	314	controlreply(sender, "SETTEMPEMAIL FALSE accountactive");
07bed5f4 CP	315	return CMD_ERROR;
	316	}
	317
	318	email = cargv[1];
	319	error = email_to_error(email);
	320	if(error) {
	321	controlreply(sender, "SETTEMPEMAIL FALSE %s", error);
	322	return CMD_ERROR;
	323	}
	324
	325	freesstring(rup->email);
	326	rup->email=getsstring(email,EMAILLEN);
	327	cs_log(sender,"SETTEMPEMAIL OK username %s email %s",rup->username, rup->email->content);
	328
	329	csdb_updateuser(rup);
	330	sendemail(rup);
	331
	332	controlreply(sender, "SETTEMPEMAIL TRUE");
	333
	334	return CMD_OK;
	335	}
	336
8f129eab CP	337	int csa_dosetemail(void source, int cargc, char *cargv) {
	338	char *email;
	339	char *error;
	340	reguser *rup;
	341	nick sender=(nick )source;
	342
	343	if(cargc<3) {
	344	controlreply(sender, "SETEMAIL FALSE args");
	345	return CMD_ERROR;
	346	}
	347
	348	rup = findreguserbyID(atoi(cargv[0]));
	349	if(rup == NULL) {
	350	controlreply(sender, "SETEMAIL FALSE useridnotexist");
	351	return CMD_ERROR;
	352	}
	353
	354	if(UHasStaffPriv(rup)) {
	355	controlreply(sender, "SETEMAIL FALSE privuser");
	356	return CMD_ERROR;
	357	}
	358
	359	if(UHasSuspension(rup)) {
	360	controlreply(sender, "SETEMAIL FALSE suspended");
	361	return CMD_ERROR;
	362	}
	363
	364	if(rup->lastpasschange > atoi(cargv[1])) {
	365	controlreply(sender, "SETEMAIL FALSE passwordchanged");
	366	return CMD_ERROR;
	367	}
	368
	369	email = cargv[2];
46a359b5 CP	370
	371	if(!strcmp(email, rup->email->content)) {
	372	/* setting to the same thing? fine! */
	373	controlreply(sender, "SETEMAIL TRUE");
	374	return CMD_OK;
	375	}
	376
8f129eab CP	377	error = email_to_error(email);
	378	if(error) {
	379	controlreply(sender, "SETEMAIL FALSE %s", error);
	380	return CMD_ERROR;
	381	}
	382
	383	freesstring(rup->email);
	384	rup->email=getsstring(email,EMAILLEN);
	385	cs_log(sender,"SETEMAIL OK username %s email %s",rup->username, rup->email->content);
	386
	387	csdb_updateuser(rup);
	388	sendemail(rup);
	389
	390	controlreply(sender, "SETEMAIL TRUE");
	391
	392	return CMD_OK;
	393	}
	394
07bed5f4 CP	395	int csa_doresendemail(void source, int cargc, char *cargv) {
	396	reguser *rup;
	397	nick sender=(nick )source;
	398
	399	if(cargc<1) {
	400	controlreply(sender, "RESENDEMAIL FALSE args");
	401	return CMD_ERROR;
	402	}
	403
b86998d2	404	rup = findreguserbyID(atoi(cargv[0]));
07bed5f4	405	if(rup == NULL) {
b86998d2	406	controlreply(sender, "RESENDEMAIL FALSE useridnotexist");
07bed5f4 CP	407	return CMD_ERROR;
	408	}
	409
	410	if(!UIsInactive(rup)) {
3cfa791f	411	controlreply(sender, "RESENDEMAIL FALSE accountactive");
07bed5f4 CP	412	return CMD_ERROR;
	413	}
	414
	415	sendemail(rup);
	416	controlreply(sender, "RESENDEMAIL TRUE");
	417	cs_log(sender,"RESENDEMAIL OK username %s",rup->username);
	418
	419	return CMD_OK;
	420	}
	421
	422	int csa_doactivateuser(void source, int cargc, char *cargv) {
	423	reguser *rup;
	424	nick sender=(nick )source;
	425
	426	if(cargc<1) {
	427	controlreply(sender, "ACTIVATEUSER FALSE args");
	428	return CMD_ERROR;
	429	}
	430
b86998d2	431	rup = findreguserbyID(atoi(cargv[0]));
07bed5f4	432	if(rup == NULL) {
b86998d2	433	controlreply(sender, "ACTIVATEUSER FALSE useridnotexist");
07bed5f4 CP	434	return CMD_ERROR;
	435	}
	436
	437	if(!UIsInactive(rup)) {
3cfa791f	438	controlreply(sender, "ACTIVATEUSER FALSE accountactive");
07bed5f4 CP	439	return CMD_ERROR;
	440	}
	441
	442	UClearInactive(rup);
	443	csdb_updateuser(rup);
	444
	445	cs_log(sender,"ACTIVATEUSER OK username %s",rup->username);
	446	controlreply(sender, "ACTIVATEUSER TRUE");
	447
	448	return CMD_OK;
	449	}
d96acfa8	450
bdeb548f CP	451	int csa_doaddchan(void source, int cargc, char *cargv) {
	452	nick sender=(nick )source;
	453	reguser rup = getreguserfromnick(sender), founder;
	454	chanindex *cip;
	455	short type;
	456	regchan *rcp;
	457
	458	if(cargc<3) {
	459	controlreply(sender, "ADDCHAN FALSE args");
	460	return CMD_ERROR;
	461	}
	462
	463	if (*cargv[0] != '#' \|\| strlen(cargv[0]) > CHANNELLEN) {
	464	controlreply(sender, "ADDCHAN FALSE invalidchannel");
	465	return CMD_ERROR;
	466	}
	467
	468	if (!(cip=findorcreatechanindex(cargv[0]))) {
	469	controlreply(sender, "ADDCHAN FALSE invalidchannel");
	470	return CMD_ERROR;
	471	}
	472
	473	founder = findreguserbyID(atoi(cargv[1]));
	474	if(founder == NULL) {
	475	controlreply(sender, "ADDCHAN FALSE useridnotexist");
	476	return CMD_ERROR;
	477	}
	478
	479	if(UIsInactive(founder)) {
	480	controlreply(sender, "ADDCHAN FALSE accountinactive");
	481	return CMD_ERROR;
	482	}
	483
	484	for(type=CHANTYPES-1;type;type--)
	485	if(!ircd_strcmp(chantypes[type]->content, cargv[2]))
	486	break;
	487
	488	if(!type) {
	489	controlreply(sender, "ADDCHAN FALSE invalidchantype");
	490	return CMD_ERROR;
	491	}
	492
08d06cd8	493	rcp = cs_addchan(cip, sender, rup, founder, QCFLAG_JOINED \| QCFLAG_AUTOOP \| QCFLAG_BITCH \| QCFLAG_FORCETOPIC \| QCFLAG_PROTECT \| QCFLAG_TOPICSAVE, CHANMODE_NOCTCP \| CHANMODE_DELJOINS \| CHANMODE_MODNOAUTH \| CHANMODE_NONOTICE \| CHANMODE_NOEXTMSG \| CHANMODE_SINGLETARG \| CHANMODE_TOPICLIMIT \| CHANMODE_NOQUITMSG, 0, type);
bdeb548f CP	494	if(!rcp) {
	495	controlreply(sender, "ADDCHAN FALSE alreadyregistered");
	496	return CMD_ERROR;
	497	}
	498
	499	cs_log(sender, "ADDCHAN %s #%s %s %s", cip->name->content, founder->username, printflags(rcp->flags, rcflags), chantypes[type]->content);
e67c3226	500	controlreply(sender, "ADDCHAN TRUE %u", rcp->ID);
bdeb548f CP	501	return CMD_OK;
	502	}
	503
d96acfa8 CP	504	static int hex_to_int(char input, unsigned char buf, int buflen) {
	505	int i;
	506	for(i=0;i<buflen;i++) {
	507	if((0xff == hexlookup[(int)input[i * 2]]) \|\| (0xff == hexlookup[(int)input[i * 2 + 1]])) {
	508	return 0;
	509	} else {
	510	buf[i] = (hexlookup[(int)input[i * 2]] << 4) \| hexlookup[(int)input[i * 2 + 1]];
	511	}
	512	}
	513	return 1;
	514	}
	515
	516	static int decrypt_password(unsigned char secret, int keybits, char buf, int bufsize, char *encrypted) {
	517	size_t ciphertextlen, datalen;
	518	unsigned char iv[BLOCK_SIZE];
	519	rijndaelcbc *c;
	520	int i, j;
	521
	522	datalen = strlen(encrypted);
	523	if(datalen % 2 != 0)
	524	return 1;
	525	if(datalen < BLOCK_SIZE * 2 * 2)
	526	return 2;
	527
	528	if(!hex_to_int(encrypted, iv, BLOCK_SIZE))
	529	return 3;
	530
	531	ciphertextlen = (datalen - (BLOCK_SIZE * 2)) / 2;
	532	if(ciphertextlen > bufsize \|\| ciphertextlen % BLOCK_SIZE != 0)
	533	return 4;
	534
	535	if(!hex_to_int(encrypted + BLOCK_SIZE * 2, (unsigned char *)buf, ciphertextlen))
	536	return 5;
	537
	538	c = rijndaelcbc_init(secret, keybits, iv, 1);
	539
	540	for(i=0;i<ciphertextlen;i+=BLOCK_SIZE) {
	541	char *p = &buf[i];
	542	unsigned char r = rijndaelcbc_decrypt(c, (unsigned char )p);
	543	memcpy(p, r, BLOCK_SIZE);
	544
	545	for(j=0;j<BLOCK_SIZE;j++) {
	546	if(*(p + j) == '\0') {
	547	rijndaelcbc_free(c);
	548	return 0;
	549	}
	550	}
	551	}
	552
	553	rijndaelcbc_free(c);
	554	return 6;
	555	}