]> jfr.im git - irc/quakenet/newserv.git/blob - chanserv/chanserv_relay.c
projects / irc / quakenet / newserv.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
CHANSERV: add setemail command to relay and allow accounts to be created active.
[irc/quakenet/newserv.git] / chanserv / chanserv_relay.c
1 #include "chanserv.h"
2 #include "../control/control.h"
3 #include "../lib/version.h"
4 #include "../lib/irc_string.h"
5 #include "../core/config.h"
6 #include "../lib/hmac.h"
7 #include "../lib/strlfunc.h"
8 #include "../lib/cbc.h"
9 #include "authlib.h"
10
11 #include <stdio.h>
12 #include <string.h>
13
14 #define KEY_BITS 256
15 #define BLOCK_SIZE 16
16
17 MODULE_VERSION(QVERSION);
18
19 int csa_docheckhashpass(void *source, int cargc, char **cargv);
20 int csa_docreateaccount(void *source, int cargc, char **cargv);
21 int csa_dosettempemail(void *source, int cargc, char **cargv);
22 int csa_dosetemail(void *source, int cargc, char **cargv);
23 int csa_doresendemail(void *source, int cargc, char **cargv);
24 int csa_doactivateuser(void *source, int cargc, char **cargv);
25 static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted);
26 static int hex_to_int(char *input, unsigned char *buf, int buflen);
27
28 static unsigned char createaccountsecret[KEY_BITS / 8];
29 static int createaccountsecret_ok = 0;
30
31 static unsigned char hexlookup[256] = {
32 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
33 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
34 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
35 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
36 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x01,
37 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0xff, 0xff,
38 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e,
39 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
40 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
41 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x0a, 0x0b, 0x0c,
42 0x0d, 0x0e, 0x0f, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
43 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
44 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
45 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
46 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
47 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
48 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
49 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
50 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
51 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
52 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
53 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
54 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
55 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
56 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
57 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
58 };
59
60 void _init(void) {
61 sstring *s;
62
63 registercontrolhelpcmd("checkhashpass", NO_RELAY, 3, csa_docheckhashpass, "Usage: checkhashpass <username> <digest> ?junk?");
64 registercontrolhelpcmd("settempemail", NO_RELAY, 2, csa_dosettempemail, "Usage: settempemail <userid> <email address>");
65 registercontrolhelpcmd("setemail", NO_RELAY, 3, csa_dosetemail, "Usage: setmail <userid> <timestamp> <email address>");
66 registercontrolhelpcmd("resendemail", NO_RELAY, 1, csa_doresendemail, "Usage: resendemail <userid>");
67 registercontrolhelpcmd("activateuser", NO_RELAY, 1, csa_doactivateuser, "Usage: activateuser <userid>");
68
69 s=getcopyconfigitem("chanserv","createaccountsecret","",128);
70 if(!s || !s->content || !s->content[0]) {
71 Error("chanserv_relay",ERR_WARNING,"createaccountsecret not set, createaccount disabled.");
72 } else if(s->length != KEY_BITS / 8 * 2 || !hex_to_int(s->content, createaccountsecret, sizeof(createaccountsecret))) {
73 Error("chanserv_relay",ERR_WARNING,"createaccountsecret must be a %d character hex string.", KEY_BITS / 8 * 2);
74 } else {
75 registercontrolhelpcmd("createaccount", NO_RELAY, 5, csa_docreateaccount, "Usage: createaccount <execute> <username> <email address> <encrypted password> <activate user>");
76 createaccountsecret_ok = 1;
77 }
78
79 freesstring(s);
80 }
81
82 void _fini(void) {
83 deregistercontrolcmd("checkhashpass", csa_docheckhashpass);
84 deregistercontrolcmd("settempemail", csa_dosettempemail);
85 deregistercontrolcmd("setemail", csa_dosetemail);
86 deregistercontrolcmd("resendemail", csa_doresendemail);
87 deregistercontrolcmd("activateuser", csa_doactivateuser);
88
89 if(createaccountsecret_ok)
90 deregistercontrolcmd("createaccount", csa_docreateaccount);
91 }
92
93 int csa_docheckhashpass(void *source, int cargc, char **cargv) {
94 nick *sender=(nick *)source;
95 reguser *rup;
96 char *flags;
97
98 if(cargc<3) {
99 controlreply(sender, "CHECKHASHPASS FAIL args");
100 return CMD_ERROR;
101 }
102
103 if (!(rup=findreguserbynick(cargv[0]))) {
104 controlreply(sender, "CHECKHASHPASS FAIL user");
105 return CMD_OK;
106 }
107
108 flags = printflags(QUFLAG_ALL & rup->flags, ruflags);
109 if(UHasSuspension(rup)) {
110 controlreply(sender, "CHECKHASHPASS FAIL suspended %s %s %u", rup->username, flags, rup->ID);
111 } else if(UIsInactive(rup)) {
112 controlreply(sender, "CHECKHASHPASS FAIL inactive %s %s %u", rup->username, flags, rup->ID);
113 } else if(!checkhashpass(rup, cargc<3?NULL:cargv[2], cargv[1])) {
114 controlreply(sender, "CHECKHASHPASS FAIL digest %s %s %u", rup->username, flags, rup->ID);
115 } else {
116 controlreply(sender, "CHECKHASHPASS OK %s %s %u %s", rup->username, flags, rup->ID, rup->email?rup->email->content:"-");
117 }
118
119 return CMD_OK;
120 }
121
122 static char *email_to_error(char *email) {
123 maildomain *mdp, *smdp;
124 char *local;
125 char *dupemail;
126 int found = 0;
127 maillock *mlp;
128 reguser *ruh;
129
130 switch(csa_checkeboy_r(email)) {
131 case -1: break;
132 case QM_EMAILTOOSHORT: return "emailshort";
133 case QM_EMAILNOAT: return "emailinvalid";
134 case QM_EMAILATEND: return "emailinvalid";
135 case QM_EMAILINVCHR: return "emailinvalid";
136 case QM_NOTYOUREMAIL: return "emailnotyours";
137 case QM_INVALIDEMAIL: return "emailinvalid";
138 default: return "emailunknown";
139 }
140
141 /* maildomain BS... c&p from hello.c */
142 for(mlp=maillocks;mlp;mlp=mlp->next) {
143 if(!match(mlp->pattern->content, email)) {
144 return "emaillocked";
145 }
146 }
147
148 dupemail = strdup(email);
149 local=strchr(dupemail, '@');
150 if(!local) {
151 free(dupemail);
152 return "emailunknown";
153 }
154 *(local++)='\0';
155
156 mdp=findnearestmaildomain(local);
157 if(mdp) {
158 for(smdp=mdp; smdp; smdp=smdp->parent) {
159 if(MDIsBanned(smdp)) {
160 free(dupemail);
161 return "emaillocked";
162 }
163 if((smdp->count >= smdp->limit) && (smdp->limit > 0)) {
164 free(dupemail);
165 return "emaildomainlimit";
166 }
167 }
168 }
169
170 mdp=findmaildomainbydomain(local);
171 if(mdp) {
172 for (ruh=mdp->users; ruh; ruh=ruh->nextbydomain) {
173 if (ruh->localpart)
174 if (!strcasecmp(dupemail, ruh->localpart->content)) {
175 found++;
176 }
177 }
178
179 if((found >= mdp->actlimit) && (mdp->actlimit > 0)) {
180 free(dupemail);
181 return "emailaddresslimit";
182 }
183 }
184
185 return NULL;
186 }
187
188 static void sendemail(reguser *rup) {
189 csdb_createmail(rup, QMAIL_ACTIVATEEMAIL);
190 }
191
192 int csa_docreateaccount(void *source, int cargc, char **cargv) {
193 nick *sender=(nick *)source;
194 int execute;
195 char *error_username = NULL, *error_password = NULL, *error_email = NULL;
196 char *username = NULL, *password = NULL, *email = NULL;
197 char account_info[512];
198 char passbuf[512];
199 int do_create;
200 int activate;
201
202 if(cargc<5) {
203 controlreply(sender, "CREATEACCOUNT FALSE args");
204 return CMD_ERROR;
205 }
206
207 execute = cargv[0][0] == '1';
208 if(strcmp(cargv[1], "0"))
209 username = cargv[1];
210 if(strcmp(cargv[2], "0"))
211 email = cargv[2];
212 if(strcmp(cargv[3], "0")) {
213 int errorcode = decrypt_password(createaccountsecret, KEY_BITS, passbuf, sizeof(passbuf), cargv[3]);
214 if(errorcode) {
215 Error("chanserv_relay",ERR_WARNING,"createaccount unable to decrypt password, error code: %d", errorcode);
216 controlreply(sender, "CREATEACCOUNT FALSE args");
217 return CMD_ERROR;
218 }
219 password = passbuf;
220 }
221 activate = cargv[4][0] == '1';
222
223 if(username) {
224 if (findreguserbynick(username)) {
225 error_username = "usernameinuse";
226 } else if(csa_checkaccountname_r(username)) {
227 error_username = "usernameinvalid";
228 }
229 }
230
231 if(email)
232 error_email = email_to_error(email);
233
234 if(password) {
235 int r = csa_checkpasswordquality(password);
236 if(r == QM_PWTOSHORT) {
237 error_password = "passwordshort";
238 } else if(r == QM_PWTOLONG) {
239 error_password = "passwordlong";
240 } else if(r == QM_PWTOWEAK) {
241 error_password = "passwordweak";
242 } else if(r != -1) {
243 error_password = "passwordunknown";
244 }
245 }
246
247 if(execute && email && password && username && !error_email && !error_password && !error_username) {
248 reguser *rup;
249 do_create = 1;
250
251 rup = csa_createaccount(username, password, email);
252
253 if(!activate)
254 USetInactive(rup);
255
256 cs_log(sender,"CREATEACCOUNT created auth %s (%s) %s",rup->username,rup->email->content,activate?"(active)": "(inactive)");
257 csdb_createuser(rup);
258 snprintf(account_info, sizeof(account_info), " %u %lu", rup->ID, (unsigned long)rup->lastpasschange);
259
260 sendemail(rup);
261 } else {
262 account_info[0] = '\0';
263 do_create = 0;
264 }
265
266 controlreply(sender, "CREATEACCOUNT %s%s%s%s%s%s%s%s",
267 do_create ? "TRUE" : "FALSE",
268 account_info,
269 email && error_email ? " " : "", email && error_email ? error_email : "",
270 password && error_password ? " " : "", password && error_password ? error_password : "",
271 username && error_username ? " " : "", username && error_username ? error_username : ""
272 );
273
274 return CMD_OK;
275 }
276
277 int csa_dosettempemail(void *source, int cargc, char **cargv) {
278 char *email;
279 char *error;
280 reguser *rup;
281 nick *sender=(nick *)source;
282
283 if(cargc<2) {
284 controlreply(sender, "SETTEMPEMAIL FALSE args");
285 return CMD_ERROR;
286 }
287
288 rup = findreguserbyID(atoi(cargv[0]));
289 if(rup == NULL) {
290 controlreply(sender, "SETTEMPEMAIL FALSE useridnotexist");
291 return CMD_ERROR;
292 }
293
294 if(!UIsInactive(rup)) {
295 controlreply(sender, "SETTEMPEMAIL FALSE accountactive");
296 return CMD_ERROR;
297 }
298
299 email = cargv[1];
300 error = email_to_error(email);
301 if(error) {
302 controlreply(sender, "SETTEMPEMAIL FALSE %s", error);
303 return CMD_ERROR;
304 }
305
306 freesstring(rup->email);
307 rup->email=getsstring(email,EMAILLEN);
308 cs_log(sender,"SETTEMPEMAIL OK username %s email %s",rup->username, rup->email->content);
309
310 csdb_updateuser(rup);
311 sendemail(rup);
312
313 controlreply(sender, "SETTEMPEMAIL TRUE");
314
315 return CMD_OK;
316 }
317
318 int csa_dosetemail(void *source, int cargc, char **cargv) {
319 char *email;
320 char *error;
321 reguser *rup;
322 nick *sender=(nick *)source;
323
324 if(cargc<3) {
325 controlreply(sender, "SETEMAIL FALSE args");
326 return CMD_ERROR;
327 }
328
329 rup = findreguserbyID(atoi(cargv[0]));
330 if(rup == NULL) {
331 controlreply(sender, "SETEMAIL FALSE useridnotexist");
332 return CMD_ERROR;
333 }
334
335 if(UHasStaffPriv(rup)) {
336 controlreply(sender, "SETEMAIL FALSE privuser");
337 return CMD_ERROR;
338 }
339
340 if(UHasSuspension(rup)) {
341 controlreply(sender, "SETEMAIL FALSE suspended");
342 return CMD_ERROR;
343 }
344
345 if(rup->lastpasschange > atoi(cargv[1])) {
346 controlreply(sender, "SETEMAIL FALSE passwordchanged");
347 return CMD_ERROR;
348 }
349
350 email = cargv[2];
351 error = email_to_error(email);
352 if(error) {
353 controlreply(sender, "SETEMAIL FALSE %s", error);
354 return CMD_ERROR;
355 }
356
357 freesstring(rup->email);
358 rup->email=getsstring(email,EMAILLEN);
359 cs_log(sender,"SETEMAIL OK username %s email %s",rup->username, rup->email->content);
360
361 csdb_updateuser(rup);
362 sendemail(rup);
363
364 controlreply(sender, "SETEMAIL TRUE");
365
366 return CMD_OK;
367 }
368
369 int csa_doresendemail(void *source, int cargc, char **cargv) {
370 reguser *rup;
371 nick *sender=(nick *)source;
372
373 if(cargc<1) {
374 controlreply(sender, "RESENDEMAIL FALSE args");
375 return CMD_ERROR;
376 }
377
378 rup = findreguserbyID(atoi(cargv[0]));
379 if(rup == NULL) {
380 controlreply(sender, "RESENDEMAIL FALSE useridnotexist");
381 return CMD_ERROR;
382 }
383
384 if(!UIsInactive(rup)) {
385 controlreply(sender, "RESENDEMAIL FALSE accountactive");
386 return CMD_ERROR;
387 }
388
389 sendemail(rup);
390 controlreply(sender, "RESENDEMAIL TRUE");
391 cs_log(sender,"RESENDEMAIL OK username %s",rup->username);
392
393 return CMD_OK;
394 }
395
396 int csa_doactivateuser(void *source, int cargc, char **cargv) {
397 reguser *rup;
398 nick *sender=(nick *)source;
399
400 if(cargc<1) {
401 controlreply(sender, "ACTIVATEUSER FALSE args");
402 return CMD_ERROR;
403 }
404
405 rup = findreguserbyID(atoi(cargv[0]));
406 if(rup == NULL) {
407 controlreply(sender, "ACTIVATEUSER FALSE useridnotexist");
408 return CMD_ERROR;
409 }
410
411 if(!UIsInactive(rup)) {
412 controlreply(sender, "ACTIVATEUSER FALSE accountactive");
413 return CMD_ERROR;
414 }
415
416 UClearInactive(rup);
417 csdb_updateuser(rup);
418
419 cs_log(sender,"ACTIVATEUSER OK username %s",rup->username);
420 controlreply(sender, "ACTIVATEUSER TRUE");
421
422 return CMD_OK;
423 }
424
425 static int hex_to_int(char *input, unsigned char *buf, int buflen) {
426 int i;
427 for(i=0;i<buflen;i++) {
428 if((0xff == hexlookup[(int)input[i * 2]]) || (0xff == hexlookup[(int)input[i * 2 + 1]])) {
429 return 0;
430 } else {
431 buf[i] = (hexlookup[(int)input[i * 2]] << 4) | hexlookup[(int)input[i * 2 + 1]];
432 }
433 }
434 return 1;
435 }
436
437 static int decrypt_password(unsigned char *secret, int keybits, char *buf, int bufsize, char *encrypted) {
438 size_t ciphertextlen, datalen;
439 unsigned char iv[BLOCK_SIZE];
440 rijndaelcbc *c;
441 int i, j;
442
443 datalen = strlen(encrypted);
444 if(datalen % 2 != 0)
445 return 1;
446 if(datalen < BLOCK_SIZE * 2 * 2)
447 return 2;
448
449 if(!hex_to_int(encrypted, iv, BLOCK_SIZE))
450 return 3;
451
452 ciphertextlen = (datalen - (BLOCK_SIZE * 2)) / 2;
453 if(ciphertextlen > bufsize || ciphertextlen % BLOCK_SIZE != 0)
454 return 4;
455
456 if(!hex_to_int(encrypted + BLOCK_SIZE * 2, (unsigned char *)buf, ciphertextlen))
457 return 5;
458
459 c = rijndaelcbc_init(secret, keybits, iv, 1);
460
461 for(i=0;i<ciphertextlen;i+=BLOCK_SIZE) {
462 char *p = &buf[i];
463 unsigned char *r = rijndaelcbc_decrypt(c, (unsigned char *)p);
464 memcpy(p, r, BLOCK_SIZE);
465
466 for(j=0;j<BLOCK_SIZE;j++) {
467 if(*(p + j) == '\0') {
468 rijndaelcbc_free(c);
469 return 0;
470 }
471 }
472 }
473
474 rijndaelcbc_free(c);
475 return 6;
476 }
Unnamed repository; edit this file 'description' to name the repository.