Merge branch '2.0' into 2.1.

5 files changed, 45 insertions, 18 deletions

diff --git a/modules/commands/cs_access.cpp b/modules/commands/cs_access.cpp
index f1d132963..7a37c5434 100644
--- a/modules/commands/cs_access.cpp
+++ b/modules/commands/cs_access.cpp
@@ -230,7 +230,12 @@ class CommandCSAccess : public Command
 	{
 		Anope::string mask = params[2];
 
-		if (!isdigit(mask[0]) && mask.find_first_of("#!*@") == Anope::string::npos && !NickAlias::Find(mask))
+		const NickAlias *na = NickAlias::Find(mask);
+		if (na && na->nc)
+		{
+			mask = na->nc->display;
+		}
+		else if (!isdigit(mask[0]) && mask.find_first_of("#!*@") == Anope::string::npos)
 		{
 			User *targ = User::Find(mask, true);
 			if (targ != NULL)
diff --git a/modules/commands/cs_xop.cpp b/modules/commands/cs_xop.cpp
index 5bd9de696..69f998740 100644
--- a/modules/commands/cs_xop.cpp
+++ b/modules/commands/cs_xop.cpp
@@ -251,7 +251,12 @@ class CommandCSXOP : public Command
 		const ChanAccess *highest = access.Highest();
 		bool override = false;
 
-		if (!isdigit(mask[0]) && mask.find_first_of("#!*@") == Anope::string::npos && !NickAlias::Find(mask))
+		const NickAlias *na = NickAlias::Find(mask);
+		if (na && na->nc)
+		{
+			mask = na->nc->display;
+		}
+		else if (!isdigit(mask[0]) && mask.find_first_of("#!*@") == Anope::string::npos)
 		{
 			User *targ = User::Find(mask, true);
 			if (targ != NULL)
diff --git a/modules/commands/ns_register.cpp b/modules/commands/ns_register.cpp
index 6fd47ad38..63c566a0c 100644
--- a/modules/commands/ns_register.cpp
+++ b/modules/commands/ns_register.cpp
@@ -25,13 +25,15 @@ class CommandNSConfirm : public Command
 
 	void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
 	{
-		const Anope::string &passcode = params[0];
+		Anope::string *code = source.nc ? source.nc->GetExt<Anope::string>("passcode") : NULL;
+		bool confirming_other = !code || *code != params[0];
 
-		if (source.nc && (!source.nc->HasExt("UNCONFIRMED") || source.IsOper()) && source.HasPriv("nickserv/confirm"))
+		if (source.nc && (!source.nc->HasExt("UNCONFIRMED") || (source.IsOper() && confirming_other)) && source.HasPriv("nickserv/confirm"))
 		{
-			NickAlias *na = NickAlias::Find(passcode);
+			const Anope::string &nick = params[0];
+			NickAlias *na = NickAlias::Find(nick);
 			if (na == NULL)
-				source.Reply(NICK_X_NOT_REGISTERED, passcode.c_str());
+				source.Reply(NICK_X_NOT_REGISTERED, nick.c_str());
 			else if (na->nc->HasExt("UNCONFIRMED") == false)
 				source.Reply(_("Nick \002%s\002 is already confirmed."), na->nick.c_str());
 			else
@@ -58,7 +60,7 @@ class CommandNSConfirm : public Command
 		}
 		else if (source.nc)
 		{
-			Anope::string *code = source.nc->GetExt<Anope::string>("passcode");
+			const Anope::string &passcode = params[0];
 			if (code != NULL && *code == passcode)
 			{
 				NickCore *nc = source.nc;
diff --git a/modules/m_sasl.cpp b/modules/m_sasl.cpp
index c7e3a0585..a64aa7440 100644
--- a/modules/m_sasl.cpp
+++ b/modules/m_sasl.cpp
@@ -25,37 +25,47 @@ class Plain : public Mechanism
 		}
 		else if (m.type == "C")
 		{
-			Anope::string decoded;
-			Anope::B64Decode(m.data, decoded);
+			// message = [authzid] UTF8NUL authcid UTF8NUL passwd
+			Anope::string message;
+			Anope::B64Decode(m.data, message);
 
-			size_t p = decoded.find('\0');
-			if (p == Anope::string::npos)
+			size_t zcsep = message.find('\0');
+			if (zcsep == Anope::string::npos)
 			{
 				sasl->Fail(sess);
 				delete sess;
 				return;
 			}
-			decoded = decoded.substr(p + 1);
 
-			p = decoded.find('\0');
-			if (p == Anope::string::npos)
+			size_t cpsep = message.find('\0', zcsep + 1);
+			if (cpsep == Anope::string::npos)
+			{
+				sasl->Fail(sess);
+				delete sess;
+				return;
+			}
+
+			Anope::string authzid = message.substr(0, zcsep);
+			Anope::string authcid = message.substr(zcsep + 1, cpsep - zcsep - 1);
+
+			// We don't support having an authcid that is different to the authzid.
+			if (!authzid.empty() && authzid != authcid)
 			{
 				sasl->Fail(sess);
 				delete sess;
 				return;
 			}
 
-			Anope::string acc = decoded.substr(0, p),
-				pass = decoded.substr(p + 1);
+			Anope::string passwd = message.substr(cpsep + 1);
 
-			if (acc.empty() || pass.empty() || !IRCD->IsNickValid(acc) || pass.find_first_of("\r\n") != Anope::string::npos)
+			if (authcid.empty() || passwd.empty() || !IRCD->IsNickValid(authcid) || passwd.find_first_of("\r\n\0") != Anope::string::npos)
 			{
 				sasl->Fail(sess);
 				delete sess;
 				return;
 			}
 
-			SASL::IdentifyRequest *req = new SASL::IdentifyRequest(this->owner, m.source, acc, pass, sess->hostname, sess->ip);
+			SASL::IdentifyRequest *req = new SASL::IdentifyRequest(this->owner, m.source, authcid, passwd, sess->hostname, sess->ip);
 			FOREACH_MOD(OnCheckAuthentication, (NULL, req));
 			req->Dispatch();
 		}
diff --git a/modules/protocol/inspircd.cpp b/modules/protocol/inspircd.cpp
index 3183e59ee..70475b20c 100644
--- a/modules/protocol/inspircd.cpp
+++ b/modules/protocol/inspircd.cpp
@@ -120,6 +120,11 @@ class InspIRCdProto : public IRCDProto
 		user->KillInternal(source, buf);
 	}
 
+	void SendForceNickChange(User *u, const Anope::string &newnick, time_t when) override
+	{
+		UplinkSocket::Message() << "SVSNICK " << u->GetUID() << " " << newnick << " " << when << " " << u->timestamp;
+	}
+
 	void SendGlobalNotice(BotInfo *bi, const Server *dest, const Anope::string &msg) override
 	{
 		UplinkSocket::Message(bi) << "NOTICE $" << dest->GetName() << " :" << msg;