]>
Commit | Line | Data |
---|---|---|
1 | #include "chanserv.h" | |
2 | #include "../control/control.h" | |
3 | #include "../lib/version.h" | |
4 | #include "../lib/irc_string.h" | |
5 | #include "../core/config.h" | |
6 | #include "../lib/hmac.h" | |
7 | #include "../lib/strlfunc.h" | |
8 | #include "../lib/cbc.h" | |
9 | #include "authlib.h" | |
10 | ||
11 | #include <stdio.h> | |
12 | #include <string.h> | |
13 | ||
14 | #define KEY_BITS 256 | |
15 | #define BLOCK_SIZE 16 | |
16 | ||
17 | MODULE_VERSION(QVERSION); | |
18 | ||
19 | int csa_docheckhashpass(void *source, int cargc, char **cargv); | |
20 | int csa_docreateaccount(void *source, int cargc, char **cargv); | |
21 | int csa_dosettempemail(void *source, int cargc, char **cargv); | |
22 | int csa_doresendemail(void *source, int cargc, char **cargv); | |
23 | int csa_doactivateuser(void *source, int cargc, char **cargv); | |
24 | static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted); | |
25 | static int hex_to_int(char *input, unsigned char *buf, int buflen); | |
26 | ||
27 | static unsigned char createaccountsecret[KEY_BITS / 8]; | |
28 | static int createaccountsecret_ok = 0; | |
29 | ||
30 | static unsigned char hexlookup[256] = { | |
31 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
32 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
33 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
34 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
35 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01, | |
36 | 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff, | |
37 | 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, | |
38 | 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
39 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
40 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, | |
41 | 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
42 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
43 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
44 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
45 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
46 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
47 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
48 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
49 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
50 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
51 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
52 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
53 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
54 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
55 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | |
56 | 0xff, 0xff, 0xff, 0xff, 0xff, 0xff | |
57 | }; | |
58 | ||
59 | void _init(void) { | |
60 | sstring *s; | |
61 | ||
62 | registercontrolhelpcmd("checkhashpass", NO_RELAY, 3, csa_docheckhashpass, "Usage: checkhashpass <username> <digest> ?junk?"); | |
63 | registercontrolhelpcmd("settempemail", NO_RELAY, 2, csa_dosettempemail, "Usage: settempemail <userid> <email address>"); | |
64 | registercontrolhelpcmd("resendemail", NO_RELAY, 1, csa_doresendemail, "Usage: resendemail <userid>"); | |
65 | registercontrolhelpcmd("activateuser", NO_RELAY, 1, csa_doactivateuser, "Usage: activateuser <userid>"); | |
66 | ||
67 | s=getcopyconfigitem("chanserv","createaccountsecret","",128); | |
68 | if(!s || !s->content || !s->content[0]) { | |
69 | Error("chanserv_relay",ERR_WARNING,"createaccountsecret not set, createaccount disabled."); | |
70 | } else if(s->length != KEY_BITS / 8 * 2 || !hex_to_int(s->content, createaccountsecret, sizeof(createaccountsecret))) { | |
71 | Error("chanserv_relay",ERR_WARNING,"createaccountsecret must be a %d character hex string.", KEY_BITS / 8 * 2); | |
72 | } else { | |
73 | registercontrolhelpcmd("createaccount", NO_RELAY, 4, csa_docreateaccount, "Usage: createaccount <execute> <username> <email address> <encrypted password>"); | |
74 | createaccountsecret_ok = 1; | |
75 | } | |
76 | ||
77 | freesstring(s); | |
78 | } | |
79 | ||
80 | void _fini(void) { | |
81 | deregistercontrolcmd("checkhashpass", csa_docheckhashpass); | |
82 | deregistercontrolcmd("settempemail", csa_dosettempemail); | |
83 | deregistercontrolcmd("resendemail", csa_doresendemail); | |
84 | deregistercontrolcmd("activateuser", csa_doactivateuser); | |
85 | ||
86 | if(createaccountsecret_ok) | |
87 | deregistercontrolcmd("createaccount", csa_docreateaccount); | |
88 | } | |
89 | ||
90 | int csa_docheckhashpass(void *source, int cargc, char **cargv) { | |
91 | nick *sender=(nick *)source; | |
92 | reguser *rup; | |
93 | char *flags; | |
94 | ||
95 | if(cargc<3) { | |
96 | controlreply(sender, "CHECKHASHPASS FAIL args"); | |
97 | return CMD_ERROR; | |
98 | } | |
99 | ||
100 | if (!(rup=findreguserbynick(cargv[0]))) { | |
101 | controlreply(sender, "CHECKHASHPASS FAIL user"); | |
102 | return CMD_OK; | |
103 | } | |
104 | ||
105 | flags = printflags(QUFLAG_ALL & rup->flags, ruflags); | |
106 | if(UHasSuspension(rup)) { | |
107 | controlreply(sender, "CHECKHASHPASS FAIL suspended %s %s %u", rup->username, flags, rup->ID); | |
108 | } else if(UIsInactive(rup)) { | |
109 | controlreply(sender, "CHECKHASHPASS FAIL inactive %s %s %u", rup->username, flags, rup->ID); | |
110 | } else if(!checkhashpass(rup, cargc<3?NULL:cargv[2], cargv[1])) { | |
111 | controlreply(sender, "CHECKHASHPASS FAIL digest %s %s %u", rup->username, flags, rup->ID); | |
112 | } else { | |
113 | controlreply(sender, "CHECKHASHPASS OK %s %s %u %s", rup->username, flags, rup->ID, rup->email?rup->email->content:"-"); | |
114 | } | |
115 | ||
116 | return CMD_OK; | |
117 | } | |
118 | ||
119 | static char *email_to_error(char *email) { | |
120 | maildomain *mdp, *smdp; | |
121 | char *local; | |
122 | char *dupemail; | |
123 | int found = 0; | |
124 | maillock *mlp; | |
125 | reguser *ruh; | |
126 | ||
127 | switch(csa_checkeboy_r(email)) { | |
128 | case -1: break; | |
129 | case QM_EMAILTOOSHORT: return "emailshort"; | |
130 | case QM_EMAILNOAT: return "emailinvalid"; | |
131 | case QM_EMAILATEND: return "emailinvalid"; | |
132 | case QM_EMAILINVCHR: return "emailinvalid"; | |
133 | case QM_NOTYOUREMAIL: return "emailnotyours"; | |
134 | case QM_INVALIDEMAIL: return "emailinvalid"; | |
135 | default: return "emailunknown"; | |
136 | } | |
137 | ||
138 | /* maildomain BS... c&p from hello.c */ | |
139 | for(mlp=maillocks;mlp;mlp=mlp->next) { | |
140 | if(!match(mlp->pattern->content, email)) { | |
141 | return "emaillocked"; | |
142 | } | |
143 | } | |
144 | ||
145 | dupemail = strdup(email); | |
146 | local=strchr(dupemail, '@'); | |
147 | if(!local) { | |
148 | free(dupemail); | |
149 | return "emailunknown"; | |
150 | } | |
151 | *(local++)='\0'; | |
152 | ||
153 | mdp=findnearestmaildomain(local); | |
154 | if(mdp) { | |
155 | for(smdp=mdp; smdp; smdp=smdp->parent) { | |
156 | if(MDIsBanned(smdp)) { | |
157 | free(dupemail); | |
158 | return "emaillocked"; | |
159 | } | |
160 | if((smdp->count >= smdp->limit) && (smdp->limit > 0)) { | |
161 | free(dupemail); | |
162 | return "emaildomainlimit"; | |
163 | } | |
164 | } | |
165 | } | |
166 | ||
167 | mdp=findmaildomainbydomain(local); | |
168 | if(mdp) { | |
169 | for (ruh=mdp->users; ruh; ruh=ruh->nextbydomain) { | |
170 | if (ruh->localpart) | |
171 | if (!strcasecmp(dupemail, ruh->localpart->content)) { | |
172 | found++; | |
173 | } | |
174 | } | |
175 | ||
176 | if((found >= mdp->actlimit) && (mdp->actlimit > 0)) { | |
177 | free(dupemail); | |
178 | return "emailaddresslimit"; | |
179 | } | |
180 | } | |
181 | ||
182 | free(dupemail); | |
183 | ||
184 | return NULL; | |
185 | } | |
186 | ||
187 | static void sendemail(reguser *rup) { | |
188 | csdb_createmail(rup, QMAIL_ACTIVATEEMAIL); | |
189 | } | |
190 | ||
191 | int csa_docreateaccount(void *source, int cargc, char **cargv) { | |
192 | nick *sender=(nick *)source; | |
193 | int execute; | |
194 | char *error_username = NULL, *error_password = NULL, *error_email = NULL; | |
195 | char *username = NULL, *password = NULL, *email = NULL; | |
196 | char account_info[512]; | |
197 | char passbuf[512]; | |
198 | int do_create; | |
199 | ||
200 | if(cargc<4) { | |
201 | controlreply(sender, "CREATEACCOUNT FALSE args"); | |
202 | return CMD_ERROR; | |
203 | } | |
204 | ||
205 | execute = cargv[0][0] == '1'; | |
206 | if(strcmp(cargv[1], "0")) | |
207 | username = cargv[1]; | |
208 | if(strcmp(cargv[2], "0")) | |
209 | email = cargv[2]; | |
210 | if(strcmp(cargv[3], "0")) { | |
211 | int errorcode = decrypt_password(createaccountsecret, KEY_BITS, passbuf, sizeof(passbuf), cargv[3]); | |
212 | if(errorcode) { | |
213 | Error("chanserv_relay",ERR_WARNING,"createaccount unable to decrypt password, error code: %d", errorcode); | |
214 | controlreply(sender, "CREATEACCOUNT FALSE args"); | |
215 | return CMD_ERROR; | |
216 | } | |
217 | password = passbuf; | |
218 | } | |
219 | ||
220 | if(username) { | |
221 | if (findreguserbynick(username)) { | |
222 | error_username = "usernameinuse"; | |
223 | } else if(csa_checkaccountname_r(username)) { | |
224 | error_username = "usernameinvalid"; | |
225 | } | |
226 | } | |
227 | ||
228 | if(email) | |
229 | error_email = email_to_error(email); | |
230 | ||
231 | if(password) { | |
232 | int r = csa_checkpasswordquality(password); | |
233 | if(r == QM_PWTOSHORT) { | |
234 | error_password = "passwordshort"; | |
235 | } else if(r == QM_PWTOWEAK) { | |
236 | error_password = "passwordweak"; | |
237 | } else if(r != -1) { | |
238 | error_password = "passwordunknown"; | |
239 | } | |
240 | } | |
241 | ||
242 | if(execute && email && password && username && !error_email && !error_password && !error_username) { | |
243 | reguser *rup; | |
244 | do_create = 1; | |
245 | ||
246 | rup = csa_createaccount(username, password, email); | |
247 | USetInactive(rup); | |
248 | ||
249 | cs_log(sender,"CREATEACCOUNT created auth %s (%s)",rup->username,rup->email->content); | |
250 | csdb_createuser(rup); | |
251 | snprintf(account_info, sizeof(account_info), " %u", rup->ID); | |
252 | ||
253 | sendemail(rup); | |
254 | } else { | |
255 | account_info[0] = '\0'; | |
256 | do_create = 0; | |
257 | } | |
258 | ||
259 | controlreply(sender, "CREATEACCOUNT %s%s%s%s%s%s%s%s", | |
260 | do_create ? "TRUE" : "FALSE", | |
261 | account_info, | |
262 | email && error_email ? " " : "", email && error_email ? error_email : "", | |
263 | password && error_password ? " " : "", password && error_password ? error_password : "", | |
264 | username && error_username ? " " : "", username && error_username ? error_username : "" | |
265 | ); | |
266 | ||
267 | return CMD_OK; | |
268 | } | |
269 | ||
270 | int csa_dosettempemail(void *source, int cargc, char **cargv) { | |
271 | char *email; | |
272 | char *error; | |
273 | reguser *rup; | |
274 | nick *sender=(nick *)source; | |
275 | ||
276 | if(cargc<2) { | |
277 | controlreply(sender, "SETTEMPEMAIL FALSE args"); | |
278 | return CMD_ERROR; | |
279 | } | |
280 | ||
281 | rup = findreguserbyID(atoi(cargv[0])); | |
282 | if(rup == NULL) { | |
283 | controlreply(sender, "SETTEMPEMAIL FALSE useridnotexist"); | |
284 | return CMD_ERROR; | |
285 | } | |
286 | ||
287 | if(!UIsInactive(rup)) { | |
288 | controlreply(sender, "SETTEMPEMAIL FALSE accountactive"); | |
289 | return CMD_ERROR; | |
290 | } | |
291 | ||
292 | email = cargv[1]; | |
293 | error = email_to_error(email); | |
294 | if(error) { | |
295 | controlreply(sender, "SETTEMPEMAIL FALSE %s", error); | |
296 | return CMD_ERROR; | |
297 | } | |
298 | ||
299 | freesstring(rup->email); | |
300 | rup->email=getsstring(email,EMAILLEN); | |
301 | cs_log(sender,"SETTEMPEMAIL OK username %s email %s",rup->username, rup->email->content); | |
302 | ||
303 | csdb_updateuser(rup); | |
304 | sendemail(rup); | |
305 | ||
306 | controlreply(sender, "SETTEMPEMAIL TRUE"); | |
307 | ||
308 | return CMD_OK; | |
309 | } | |
310 | ||
311 | int csa_doresendemail(void *source, int cargc, char **cargv) { | |
312 | reguser *rup; | |
313 | nick *sender=(nick *)source; | |
314 | ||
315 | if(cargc<1) { | |
316 | controlreply(sender, "RESENDEMAIL FALSE args"); | |
317 | return CMD_ERROR; | |
318 | } | |
319 | ||
320 | rup = findreguserbyID(atoi(cargv[0])); | |
321 | if(rup == NULL) { | |
322 | controlreply(sender, "RESENDEMAIL FALSE useridnotexist"); | |
323 | return CMD_ERROR; | |
324 | } | |
325 | ||
326 | if(!UIsInactive(rup)) { | |
327 | controlreply(sender, "RESENDEMAIL FALSE accountactive"); | |
328 | return CMD_ERROR; | |
329 | } | |
330 | ||
331 | sendemail(rup); | |
332 | controlreply(sender, "RESENDEMAIL TRUE"); | |
333 | cs_log(sender,"RESENDEMAIL OK username %s",rup->username); | |
334 | ||
335 | return CMD_OK; | |
336 | } | |
337 | ||
338 | int csa_doactivateuser(void *source, int cargc, char **cargv) { | |
339 | reguser *rup; | |
340 | nick *sender=(nick *)source; | |
341 | ||
342 | if(cargc<1) { | |
343 | controlreply(sender, "ACTIVATEUSER FALSE args"); | |
344 | return CMD_ERROR; | |
345 | } | |
346 | ||
347 | rup = findreguserbyID(atoi(cargv[0])); | |
348 | if(rup == NULL) { | |
349 | controlreply(sender, "ACTIVATEUSER FALSE useridnotexist"); | |
350 | return CMD_ERROR; | |
351 | } | |
352 | ||
353 | if(!UIsInactive(rup)) { | |
354 | controlreply(sender, "ACTIVATEUSER FALSE accountactive"); | |
355 | return CMD_ERROR; | |
356 | } | |
357 | ||
358 | UClearInactive(rup); | |
359 | csdb_updateuser(rup); | |
360 | ||
361 | cs_log(sender,"ACTIVATEUSER OK username %s",rup->username); | |
362 | controlreply(sender, "ACTIVATEUSER TRUE"); | |
363 | ||
364 | return CMD_OK; | |
365 | } | |
366 | ||
367 | static int hex_to_int(char *input, unsigned char *buf, int buflen) { | |
368 | int i; | |
369 | for(i=0;i<buflen;i++) { | |
370 | if((0xff == hexlookup[(int)input[i * 2]]) || (0xff == hexlookup[(int)input[i * 2 + 1]])) { | |
371 | return 0; | |
372 | } else { | |
373 | buf[i] = (hexlookup[(int)input[i * 2]] << 4) | hexlookup[(int)input[i * 2 + 1]]; | |
374 | } | |
375 | } | |
376 | return 1; | |
377 | } | |
378 | ||
379 | static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted) { | |
380 | size_t ciphertextlen, datalen; | |
381 | unsigned char iv[BLOCK_SIZE]; | |
382 | rijndaelcbc *c; | |
383 | int i, j; | |
384 | ||
385 | datalen = strlen(encrypted); | |
386 | if(datalen % 2 != 0) | |
387 | return 1; | |
388 | if(datalen < BLOCK_SIZE * 2 * 2) | |
389 | return 2; | |
390 | ||
391 | if(!hex_to_int(encrypted, iv, BLOCK_SIZE)) | |
392 | return 3; | |
393 | ||
394 | ciphertextlen = (datalen - (BLOCK_SIZE * 2)) / 2; | |
395 | if(ciphertextlen > bufsize || ciphertextlen % BLOCK_SIZE != 0) | |
396 | return 4; | |
397 | ||
398 | if(!hex_to_int(encrypted + BLOCK_SIZE * 2, (unsigned char *)buf, ciphertextlen)) | |
399 | return 5; | |
400 | ||
401 | c = rijndaelcbc_init(secret, keybits, iv, 1); | |
402 | ||
403 | for(i=0;i<ciphertextlen;i+=BLOCK_SIZE) { | |
404 | char *p = &buf[i]; | |
405 | unsigned char *r = rijndaelcbc_decrypt(c, (unsigned char *)p); | |
406 | memcpy(p, r, BLOCK_SIZE); | |
407 | ||
408 | for(j=0;j<BLOCK_SIZE;j++) { | |
409 | if(*(p + j) == '\0') { | |
410 | rijndaelcbc_free(c); | |
411 | return 0; | |
412 | } | |
413 | } | |
414 | } | |
415 | ||
416 | rijndaelcbc_free(c); | |
417 | return 6; | |
418 | } |