]>
Commit | Line | Data |
---|---|---|
1 | /* Automatically generated by refactor.pl. | |
2 | * | |
3 | * | |
4 | * CMDNAME: auth | |
5 | * CMDALIASES: login | |
6 | * CMDLEVEL: QCMD_SECURE | QCMD_NOTAUTHED | |
7 | * CMDARGS: 2 | |
8 | * CMDDESC: Authenticates you on the bot. | |
9 | * CMDFUNC: csa_doauth | |
10 | * CMDPROTO: int csa_doauth(void *source, int cargc, char **cargv); | |
11 | * CMDHELP: Usage: @UCOMMAND@ <username> <password> | |
12 | * CMDHELP: Authenticates you on the bot, where: | |
13 | * CMDHELP: username - your username | |
14 | * CMDHELP: password - your password | |
15 | * CMDHELP: If you do not have a username and password, see HELLO. | |
16 | * CMDHELP: Note: due to the sensitive nature of this command, you must send the message | |
17 | * CMDHELP: to Q@CServe.quakenet.org when using it. | |
18 | * CMDHELP: Note: the preferred way to authenticate is to use the /AUTH command. | |
19 | */ | |
20 | ||
21 | #include "../chanserv.h" | |
22 | #include "../authlib.h" | |
23 | #include "../../lib/irc_string.h" | |
24 | #include <stdio.h> | |
25 | #include <string.h> | |
26 | ||
27 | int csa_completeauth(nick *sender, reguser *rup, char *authtype); | |
28 | ||
29 | int csa_auth(void *source, int cargc, char **cargv, CRAlgorithm alg) { | |
30 | reguser *rup; | |
31 | activeuser *aup; | |
32 | nick *sender=source; | |
33 | int challenge=0; | |
34 | char *authtype = "AUTH"; | |
35 | ||
36 | if (alg) { | |
37 | challenge=1; | |
38 | authtype = "CHALLENGEAUTH"; | |
39 | } else if (cargc<2) { | |
40 | chanservstdmessage(sender, QM_NOTENOUGHPARAMS, "auth"); | |
41 | return CMD_ERROR; | |
42 | } | |
43 | ||
44 | if (!(aup = getactiveuserfromnick(sender))) | |
45 | return CMD_ERROR; | |
46 | ||
47 | aup->authattempts++; | |
48 | if (aup->authattempts > MAXAUTHATTEMPT) { | |
49 | if ((aup->authattempts % 100) == 0) | |
50 | chanservwallmessage("Warning: User %s!%s@%s attempted to auth %d times. Last attempt: %s %s %s", | |
51 | sender->nick, sender->ident, sender->host->name->content, aup->authattempts, authtype, cargv[0], cargv[1]); | |
52 | chanservstdmessage(sender, QM_AUTHFAIL); | |
53 | cs_log(sender,"%s FAIL too many auth attempts (last attempt: %s %s %s)", authtype, authtype, cargv[0], cargv[1]); | |
54 | return CMD_ERROR; | |
55 | } | |
56 | ||
57 | if (!(rup=findreguserbynick(cargv[0]))) { | |
58 | chanservstdmessage(sender, QM_AUTHFAIL); | |
59 | cs_log(sender,"%s FAIL bad username %s",authtype,cargv[0]); | |
60 | return CMD_ERROR; | |
61 | } | |
62 | ||
63 | if (!challenge) { | |
64 | if (!checkpassword(rup, cargv[1])) { | |
65 | chanservstdmessage(sender, QM_AUTHFAIL); | |
66 | cs_log(sender,"%s FAIL username %s bad password %s",authtype,rup->username,cargv[1]); | |
67 | return CMD_ERROR; | |
68 | } | |
69 | } else { | |
70 | if (!checkresponse(rup, aup->entropy, cargv[1], alg)) { | |
71 | chanservstdmessage(sender, QM_AUTHFAIL); | |
72 | cs_log(sender,"%s FAIL username %s bad response",authtype,rup->username); | |
73 | return CMD_ERROR; | |
74 | } | |
75 | } | |
76 | ||
77 | return csa_completeauth(sender, rup, authtype); | |
78 | } | |
79 | ||
80 | int csa_completeauth(nick *sender, reguser *rup, char *authtype) { | |
81 | int toomanyauths=0; | |
82 | time_t now; | |
83 | char userhost[USERLEN+HOSTLEN+2]; | |
84 | nick *onp; | |
85 | authname *anp; | |
86 | ||
87 | /* This should never fail but do something other than crashing if it does. */ | |
88 | if (!(anp=findauthname(rup->ID))) { | |
89 | chanservstdmessage(sender, QM_AUTHFAIL); | |
90 | return CMD_ERROR; | |
91 | } | |
92 | ||
93 | /* Check for too many auths. Don't return immediately, since we will still warn | |
94 | * other users on the acct in this case. */ | |
95 | if (!UHasStaffPriv(rup) && !UIsNoAuthLimit(rup)) { | |
96 | if (anp->usercount >= MAXAUTHCOUNT) { | |
97 | chanservstdmessage(sender, QM_TOOMANYAUTHS); | |
98 | toomanyauths=1; | |
99 | } | |
100 | } | |
101 | ||
102 | for (onp=anp->nicks;onp;onp=onp->nextbyauthname) { | |
103 | if (toomanyauths) { | |
104 | chanservstdmessage(onp, QM_OTHERUSERAUTHEDLIMIT, sender->nick, sender->ident, sender->host->name->content, MAXAUTHCOUNT); | |
105 | } else { | |
106 | chanservstdmessage(onp, QM_OTHERUSERAUTHED, sender->nick, sender->ident, sender->host->name->content); | |
107 | } | |
108 | } | |
109 | ||
110 | if (toomanyauths) | |
111 | return CMD_ERROR; | |
112 | ||
113 | now=time(NULL); | |
114 | ||
115 | if (UHasSuspension(rup) && rup->suspendexp && (now >= rup->suspendexp)) { | |
116 | /* suspension has expired, remove it */ | |
117 | rup->flags&=(~(QUFLAG_SUSPENDED|QUFLAG_GLINE|QUFLAG_DELAYEDGLINE)); | |
118 | rup->suspendby=0; | |
119 | rup->suspendexp=0; | |
120 | freesstring(rup->suspendreason); | |
121 | rup->suspendreason=0; | |
122 | csdb_updateuser(rup); | |
123 | } | |
124 | ||
125 | if (UIsSuspended(rup)) { | |
126 | /* plain suspend */ | |
127 | chanservstdmessage(sender, QM_AUTHSUSPENDED); | |
128 | if(rup->suspendreason) | |
129 | chanservstdmessage(sender, QM_REASON, rup->suspendreason->content); | |
130 | if (rup->suspendexp) | |
131 | chanservstdmessage(sender, QM_EXPIRES, rup->suspendexp); | |
132 | return CMD_ERROR; | |
133 | } | |
134 | ||
135 | /* Guarantee a unique auth timestamp for each account */ | |
136 | if (rup->lastauth < now) | |
137 | rup->lastauth=now; | |
138 | else | |
139 | rup->lastauth++; | |
140 | ||
141 | sprintf(userhost,"%s@%s",sender->ident,sender->host->name->content); | |
142 | if (rup->lastuserhost) | |
143 | freesstring(rup->lastuserhost); | |
144 | rup->lastuserhost=getsstring(userhost,USERLEN+HOSTLEN+1); | |
145 | ||
146 | csdb_updateuser(rup); | |
147 | ||
148 | cs_log(sender,"%s OK username %s", authtype,rup->username); | |
149 | ||
150 | localusersetaccount(sender, rup->username, rup->ID, cs_accountflagmap(rup), rup->lastauth); | |
151 | ||
152 | chanservstdmessage(sender, QM_AUTHOK, rup->username); | |
153 | ||
154 | return CMD_OK; | |
155 | } | |
156 | ||
157 | int csa_doauth(void *source, int cargc, char **cargv) { | |
158 | return csa_auth(source, cargc, cargv, NULL); | |
159 | } |