]> jfr.im git - irc/quakenet/newserv.git/blob - chanserv/chanserv_relay.c
projects / irc / quakenet / newserv.git / blob
? search:


16b9a9a7af08edaace37bdacb0094d4edefd0b3e
[irc/quakenet/newserv.git] / chanserv / chanserv_relay.c
1 #include "chanserv.h"
2 #include "../control/control.h"
3 #include "../lib/version.h"
4 #include "../lib/irc_string.h"
5 #include "../core/config.h"
6 #include "../lib/hmac.h"
7 #include "../lib/strlfunc.h"
8 #include "../lib/cbc.h"
9 #include "authlib.h"
10
11 #include <stdio.h>
12 #include <string.h>
13
14 #define KEY_BITS 256
15 #define BLOCK_SIZE 16
16
17 MODULE_VERSION(QVERSION);
18
19 int csa_docheckhashpass(void *source, int cargc, char **cargv);
20 int csa_docreateaccount(void *source, int cargc, char **cargv);
21 int csa_dosettempemail(void *source, int cargc, char **cargv);
22 int csa_dosetemail(void *source, int cargc, char **cargv);
23 int csa_doresendemail(void *source, int cargc, char **cargv);
24 int csa_doactivateuser(void *source, int cargc, char **cargv);
25 int csa_doaddchan(void *source, int argc, char **argv);
26 static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted);
27 static int hex_to_int(char *input, unsigned char *buf, int buflen);
28
29 static unsigned char createaccountsecret[KEY_BITS / 8];
30 static int createaccountsecret_ok = 0;
31
32 static unsigned char hexlookup[256] = {
33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
37 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
38 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
39 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
40 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
41 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
42 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c,
43 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
44 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
45 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
46 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
47 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
48 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
49 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
50 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
51 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
52 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
53 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
54 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
55 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
56 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
57 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
58 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
59 };
60
61 static void relayfinishinit(int, void *);
62
63 void relayfinishinit(int hooknum, void *arg) {
64 sstring *s;
65
66 deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
67
68 registercontrolhelpcmd("checkhashpass", NO_RELAY, 3, csa_docheckhashpass, "Usage: checkhashpass <username> <digest> ?junk?");
69 registercontrolhelpcmd("settempemail", NO_RELAY, 2, csa_dosettempemail, "Usage: settempemail <userid> <email address>");
70 registercontrolhelpcmd("setemail", NO_RELAY, 3, csa_dosetemail, "Usage: setmail <userid> <timestamp> <email address>");
71 registercontrolhelpcmd("resendemail", NO_RELAY, 1, csa_doresendemail, "Usage: resendemail <userid>");
72 registercontrolhelpcmd("activateuser", NO_RELAY, 1, csa_doactivateuser, "Usage: activateuser <userid>");
73 registercontrolhelpcmd("addchan", NO_RELAY, 3, csa_doaddchan, "Usage: addchan <channel> <userid> <channel type>");
74
75 s=getcopyconfigitem("chanserv","createaccountsecret","",128);
76 if(!s || !s->content || !s->content[0]) {
77 Error("chanserv_relay",ERR_WARNING,"createaccountsecret not set, createaccount disabled.");
78 } else if(s->length != KEY_BITS / 8 * 2 || !hex_to_int(s->content, createaccountsecret, sizeof(createaccountsecret))) {
79 Error("chanserv_relay",ERR_WARNING,"createaccountsecret must be a %d character hex string.", KEY_BITS / 8 * 2);
80 } else {
81 registercontrolhelpcmd("createaccount", NO_RELAY, 5, csa_docreateaccount, "Usage: createaccount <execute> <username> <email address> <encrypted password> <activate user>");
82 createaccountsecret_ok = 1;
83 }
84
85 freesstring(s);
86 }
87
88 void _init(void) {
89 registerhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
90
91 if(chanservdb_ready)
92 relayfinishinit(HOOK_CHANSERV_DBLOADED, NULL);
93 }
94
95 void _fini(void) {
96 deregistercontrolcmd("checkhashpass", csa_docheckhashpass);
97 deregistercontrolcmd("settempemail", csa_dosettempemail);
98 deregistercontrolcmd("setemail", csa_dosetemail);
99 deregistercontrolcmd("resendemail", csa_doresendemail);
100 deregistercontrolcmd("activateuser", csa_doactivateuser);
101 deregistercontrolcmd("addchan", csa_doaddchan);
102
103 if(createaccountsecret_ok)
104 deregistercontrolcmd("createaccount", csa_docreateaccount);
105
106 deregisterhook(HOOK_CHANSERV_DBLOADED, relayfinishinit);
107 }
108
109 int csa_docheckhashpass(void *source, int cargc, char **cargv) {
110 nick *sender=(nick *)source;
111 reguser *rup;
112 char *flags;
113
114 if(cargc<3) {
115 controlreply(sender, "CHECKHASHPASS FAIL args");
116 return CMD_ERROR;
117 }
118
119 if (!(rup=findreguserbynick(cargv[0]))) {
120 controlreply(sender, "CHECKHASHPASS FAIL user");
121 return CMD_OK;
122 }
123
124 flags = printflags(QUFLAG_ALL & rup->flags, ruflags);
125 if(UHasSuspension(rup)) {
126 controlreply(sender, "CHECKHASHPASS FAIL suspended %s %s %u", rup->username, flags, rup->ID);
127 } else if(UIsInactive(rup)) {
128 controlreply(sender, "CHECKHASHPASS FAIL inactive %s %s %u", rup->username, flags, rup->ID);
129 } else if(!checkhashpass(rup, cargc<3?NULL:cargv[2], cargv[1])) {
130 controlreply(sender, "CHECKHASHPASS FAIL digest %s %s %u", rup->username, flags, rup->ID);
131 } else {
132 controlreply(sender, "CHECKHASHPASS OK %s %s %u %s", rup->username, flags, rup->ID, rup->email?rup->email->content:"-");
133 }
134
135 return CMD_OK;
136 }
137
138 static char *email_to_error(char *email) {
139 maildomain *mdp, *smdp;
140 char *local;
141 char *dupemail;
142 int found = 0;
143 maillock *mlp;
144 reguser *ruh;
145
146 switch(csa_checkeboy_r(email)) {
147 case -1: break;
148 case QM_EMAILTOOSHORT: return "emailshort";
149 case QM_EMAILNOAT: return "emailinvalid";
150 case QM_EMAILATEND: return "emailinvalid";
151 case QM_EMAILINVCHR: return "emailinvalid";
152 case QM_NOTYOUREMAIL: return "emailnotyours";
153 case QM_INVALIDEMAIL: return "emailinvalid";
154 default: return "emailunknown";
155 }
156
157 /* maildomain BS... c&p from hello.c */
158 for(mlp=maillocks;mlp;mlp=mlp->next) {
159 if(!match(mlp->pattern->content, email)) {
160 return "emaillocked";
161 }
162 }
163
164 dupemail = strdup(email);
165 local=strchr(dupemail, '@');
166 if(!local) {
167 free(dupemail);
168 return "emailunknown";
169 }
170 *(local++)='\0';
171
172 mdp=findnearestmaildomain(local);
173 if(mdp) {
174 for(smdp=mdp; smdp; smdp=smdp->parent) {
175 if(MDIsBanned(smdp)) {
176 free(dupemail);
177 return "emaillocked";
178 }
179 if((smdp->count >= smdp->limit) && (smdp->limit > 0)) {
180 free(dupemail);
181 return "emaildomainlimit";
182 }
183 }
184 }
185
186 mdp=findmaildomainbydomain(local);
187 if(mdp) {
188 for (ruh=mdp->users; ruh; ruh=ruh->nextbydomain) {
189 if (ruh->localpart)
190 if (!strcasecmp(dupemail, ruh->localpart->content)) {
191 found++;
192 }
193 }
194
195 if((found >= mdp->actlimit) && (mdp->actlimit > 0)) {
196 free(dupemail);
197 return "emailaddresslimit";
198 }
199 }
200
201 free(dupemail);
202
203 return NULL;
204 }
205
206 static void sendemail(reguser *rup) {
207 csdb_createmail(rup, QMAIL_ACTIVATEEMAIL);
208 }
209
210 int csa_docreateaccount(void *source, int cargc, char **cargv) {
211 nick *sender=(nick *)source;
212 int execute;
213 char *error_username = NULL, *error_password = NULL, *error_email = NULL;
214 char *username = NULL, *password = NULL, *email = NULL;
215 char account_info[512];
216 char passbuf[512];
217 int do_create;
218 int activate;
219
220 if(cargc<5) {
221 controlreply(sender, "CREATEACCOUNT FALSE args");
222 return CMD_ERROR;
223 }
224
225 execute = cargv[0][0] == '1';
226 if(strcmp(cargv[1], "0"))
227 username = cargv[1];
228 if(strcmp(cargv[2], "0"))
229 email = cargv[2];
230 if(strcmp(cargv[3], "0")) {
231 int errorcode = decrypt_password(createaccountsecret, KEY_BITS, passbuf, sizeof(passbuf), cargv[3]);
232 if(errorcode) {
233 Error("chanserv_relay",ERR_WARNING,"createaccount unable to decrypt password, error code: %d", errorcode);
234 controlreply(sender, "CREATEACCOUNT FALSE args");
235 return CMD_ERROR;
236 }
237 password = passbuf;
238 }
239 activate = cargv[4][0] == '1';
240
241 if(username) {
242 if (findreguserbynick(username)) {
243 error_username = "usernameinuse";
244 } else if(csa_checkaccountname_r(username)) {
245 error_username = "usernameinvalid";
246 }
247 }
248
249 if(email)
250 error_email = email_to_error(email);
251
252 if(password) {
253 int r = csa_checkpasswordquality(password);
254 if(r == QM_PWTOSHORT) {
255 error_password = "passwordshort";
256 } else if(r == QM_PWTOLONG) {
257 error_password = "passwordlong";
258 } else if(r == QM_PWTOWEAK) {
259 error_password = "passwordweak";
260 } else if(r == QM_PWINVALID) {
261 error_password = "passwordinvalid";
262 } else if(r != -1) {
263 error_password = "passwordunknown";
264 }
265 }
266
267 if(execute && email && password && username && !error_email && !error_password && !error_username) {
268 reguser *rup;
269 do_create = 1;
270
271 rup = csa_createaccount(username, password, email);
272
273 if(!activate)
274 USetInactive(rup);
275
276 cs_log(sender,"CREATEACCOUNT created auth %s (%s) %s",rup->username,rup->email->content,activate?"(active)": "(inactive)");
277 csdb_createuser(rup);
278 snprintf(account_info, sizeof(account_info), " %u %lu", rup->ID, (unsigned long)rup->lastpasschange);
279
280 if(!activate)
281 sendemail(rup);
282 } else {
283 account_info[0] = '\0';
284 do_create = 0;
285 }
286
287 controlreply(sender, "CREATEACCOUNT %s%s%s%s%s%s%s%s",
288 do_create ? "TRUE" : "FALSE",
289 account_info,
290 email && error_email ? " " : "", email && error_email ? error_email : "",
291 password && error_password ? " " : "", password && error_password ? error_password : "",
292 username && error_username ? " " : "", username && error_username ? error_username : ""
293 );
294
295 return CMD_OK;
296 }
297
298 int csa_dosettempemail(void *source, int cargc, char **cargv) {
299 char *email;
300 char *error;
301 reguser *rup;
302 nick *sender=(nick *)source;
303
304 if(cargc<2) {
305 controlreply(sender, "SETTEMPEMAIL FALSE args");
306 return CMD_ERROR;
307 }
308
309 rup = findreguserbyID(atoi(cargv[0]));
310 if(rup == NULL) {
311 controlreply(sender, "SETTEMPEMAIL FALSE useridnotexist");
312 return CMD_ERROR;
313 }
314
315 if(!UIsInactive(rup)) {
316 controlreply(sender, "SETTEMPEMAIL FALSE accountactive");
317 return CMD_ERROR;
318 }
319
320 email = cargv[1];
321 error = email_to_error(email);
322 if(error) {
323 controlreply(sender, "SETTEMPEMAIL FALSE %s", error);
324 return CMD_ERROR;
325 }
326
327 freesstring(rup->email);
328 rup->email=getsstring(email,EMAILLEN);
329 cs_log(sender,"SETTEMPEMAIL OK username %s email %s",rup->username, rup->email->content);
330
331 csdb_updateuser(rup);
332 sendemail(rup);
333
334 controlreply(sender, "SETTEMPEMAIL TRUE");
335
336 return CMD_OK;
337 }
338
339 int csa_dosetemail(void *source, int cargc, char **cargv) {
340 char *email;
341 char *error;
342 reguser *rup;
343 nick *sender=(nick *)source;
344
345 if(cargc<3) {
346 controlreply(sender, "SETEMAIL FALSE args");
347 return CMD_ERROR;
348 }
349
350 rup = findreguserbyID(atoi(cargv[0]));
351 if(rup == NULL) {
352 controlreply(sender, "SETEMAIL FALSE useridnotexist");
353 return CMD_ERROR;
354 }
355
356 if(UHasStaffPriv(rup)) {
357 controlreply(sender, "SETEMAIL FALSE privuser");
358 return CMD_ERROR;
359 }
360
361 if(UHasSuspension(rup)) {
362 controlreply(sender, "SETEMAIL FALSE suspended");
363 return CMD_ERROR;
364 }
365
366 if(rup->lastpasschange > atoi(cargv[1])) {
367 controlreply(sender, "SETEMAIL FALSE passwordchanged");
368 return CMD_ERROR;
369 }
370
371 email = cargv[2];
372
373 if(!strcmp(email, rup->email->content)) {
374 /* setting to the same thing? fine! */
375 controlreply(sender, "SETEMAIL TRUE");
376 return CMD_OK;
377 }
378
379 error = email_to_error(email);
380 if(error) {
381 controlreply(sender, "SETEMAIL FALSE %s", error);
382 return CMD_ERROR;
383 }
384
385 freesstring(rup->email);
386 rup->email=getsstring(email,EMAILLEN);
387 cs_log(sender,"SETEMAIL OK username %s email %s",rup->username, rup->email->content);
388
389 csdb_updateuser(rup);
390 sendemail(rup);
391
392 controlreply(sender, "SETEMAIL TRUE");
393
394 return CMD_OK;
395 }
396
397 int csa_doresendemail(void *source, int cargc, char **cargv) {
398 reguser *rup;
399 nick *sender=(nick *)source;
400
401 if(cargc<1) {
402 controlreply(sender, "RESENDEMAIL FALSE args");
403 return CMD_ERROR;
404 }
405
406 rup = findreguserbyID(atoi(cargv[0]));
407 if(rup == NULL) {
408 controlreply(sender, "RESENDEMAIL FALSE useridnotexist");
409 return CMD_ERROR;
410 }
411
412 if(!UIsInactive(rup)) {
413 controlreply(sender, "RESENDEMAIL FALSE accountactive");
414 return CMD_ERROR;
415 }
416
417 sendemail(rup);
418 controlreply(sender, "RESENDEMAIL TRUE");
419 cs_log(sender,"RESENDEMAIL OK username %s",rup->username);
420
421 return CMD_OK;
422 }
423
424 int csa_doactivateuser(void *source, int cargc, char **cargv) {
425 reguser *rup;
426 nick *sender=(nick *)source;
427
428 if(cargc<1) {
429 controlreply(sender, "ACTIVATEUSER FALSE args");
430 return CMD_ERROR;
431 }
432
433 rup = findreguserbyID(atoi(cargv[0]));
434 if(rup == NULL) {
435 controlreply(sender, "ACTIVATEUSER FALSE useridnotexist");
436 return CMD_ERROR;
437 }
438
439 if(!UIsInactive(rup)) {
440 controlreply(sender, "ACTIVATEUSER FALSE accountactive");
441 return CMD_ERROR;
442 }
443
444 UClearInactive(rup);
445 csdb_updateuser(rup);
446
447 cs_log(sender,"ACTIVATEUSER OK username %s",rup->username);
448 controlreply(sender, "ACTIVATEUSER TRUE");
449
450 return CMD_OK;
451 }
452
453 int csa_doaddchan(void *source, int cargc, char **cargv) {
454 nick *sender=(nick *)source;
455 reguser *rup = getreguserfromnick(sender), *founder;
456 chanindex *cip;
457 short type;
458 regchan *rcp;
459
460 if(cargc<3) {
461 controlreply(sender, "ADDCHAN FALSE args");
462 return CMD_ERROR;
463 }
464
465 if (*cargv[0] != '#' || strlen(cargv[0]) > CHANNELLEN) {
466 controlreply(sender, "ADDCHAN FALSE invalidchannel");
467 return CMD_ERROR;
468 }
469
470 if (!(cip=findorcreatechanindex(cargv[0]))) {
471 controlreply(sender, "ADDCHAN FALSE invalidchannel");
472 return CMD_ERROR;
473 }
474
475 founder = findreguserbyID(atoi(cargv[1]));
476 if(founder == NULL) {
477 controlreply(sender, "ADDCHAN FALSE useridnotexist");
478 return CMD_ERROR;
479 }
480
481 if(UIsInactive(founder)) {
482 controlreply(sender, "ADDCHAN FALSE accountinactive");
483 return CMD_ERROR;
484 }
485
486 for(type=CHANTYPES-1;type;type--)
487 if(!ircd_strcmp(chantypes[type]->content, cargv[2]))
488 break;
489
490 if(!type) {
491 controlreply(sender, "ADDCHAN FALSE invalidchantype");
492 return CMD_ERROR;
493 }
494
495 rcp = cs_addchan(cip, sender, rup, founder, QCFLAG_JOINED | QCFLAG_AUTOOP | QCFLAG_BITCH | QCFLAG_FORCETOPIC | QCFLAG_PROTECT | QCFLAG_TOPICSAVE, CHANMODE_NOCTCP | CHANMODE_DELJOINS | CHANMODE_MODNOAUTH | CHANMODE_NONOTICE | CHANMODE_NOEXTMSG | CHANMODE_SINGLETARG | CHANMODE_TOPICLIMIT | CHANMODE_NOQUITMSG, 0, type);
496 if(!rcp) {
497 controlreply(sender, "ADDCHAN FALSE alreadyregistered");
498 return CMD_ERROR;
499 }
500
501 cs_log(sender, "ADDCHAN %s #%s %s %s", cip->name->content, founder->username, printflags(rcp->flags, rcflags), chantypes[type]->content);
502 controlreply(sender, "ADDCHAN TRUE %u", rcp->ID);
503 return CMD_OK;
504 }
505
506 static int hex_to_int(char *input, unsigned char *buf, int buflen) {
507 int i;
508 for(i=0;i<buflen;i++) {
509 if((0xff == hexlookup[(int)input[i * 2]]) || (0xff == hexlookup[(int)input[i * 2 + 1]])) {
510 return 0;
511 } else {
512 buf[i] = (hexlookup[(int)input[i * 2]] << 4) | hexlookup[(int)input[i * 2 + 1]];
513 }
514 }
515 return 1;
516 }
517
518 static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted) {
519 size_t ciphertextlen, datalen;
520 unsigned char iv[BLOCK_SIZE];
521 rijndaelcbc *c;
522 int i, j;
523
524 datalen = strlen(encrypted);
525 if(datalen % 2 != 0)
526 return 1;
527 if(datalen < BLOCK_SIZE * 2 * 2)
528 return 2;
529
530 if(!hex_to_int(encrypted, iv, BLOCK_SIZE))
531 return 3;
532
533 ciphertextlen = (datalen - (BLOCK_SIZE * 2)) / 2;
534 if(ciphertextlen > bufsize || ciphertextlen % BLOCK_SIZE != 0)
535 return 4;
536
537 if(!hex_to_int(encrypted + BLOCK_SIZE * 2, (unsigned char *)buf, ciphertextlen))
538 return 5;
539
540 c = rijndaelcbc_init(secret, keybits, iv, 1);
541
542 for(i=0;i<ciphertextlen;i+=BLOCK_SIZE) {
543 char *p = &buf[i];
544 unsigned char *r = rijndaelcbc_decrypt(c, (unsigned char *)p);
545 memcpy(p, r, BLOCK_SIZE);
546
547 for(j=0;j<BLOCK_SIZE;j++) {
548 if(*(p + j) == '\0') {
549 rijndaelcbc_free(c);
550 return 0;
551 }
552 }
553 }
554
555 rijndaelcbc_free(c);
556 return 6;
557 }
Unnamed repository; edit this file 'description' to name the repository.