Rip out ns_access and related code.

This is wildly insecure and has been disabled by default for at least a decade.
author: Sadie Powell <sadie@witchery.services> 2024-02-29 14:49:39 +0000
committer: Sadie Powell <sadie@witchery.services> 2024-02-29 16:14:15 +0000
commit: 579af3c44200a8325bd2eec9e6ff0ec28fa7125b (patch)
tree: 455dbad4bdc231ea4b2b9297e0dfa0a53446d640 /src
parent: 25bdcfcbc472b8e348aa338d8ebb0a18fd006fff (diff)
3 files changed, 4 insertions, 117 deletions
diff --git a/src/nickcore.cpp b/src/nickcore.cpp
index b39bba4db..939f224db 100644
--- a/src/nickcore.cpp
+++ b/src/nickcore.cpp
@@ -61,8 +61,6 @@ NickCore::~NickCore()
 	if (this->id)
 		NickCoreIdList.erase(this->id);
 
-	this->ClearAccess();
-
 	if (!this->memos.memos->empty())
 	{
 		for (unsigned i = 0, end = this->memos.memos->size(); i < end; ++i)
@@ -78,8 +76,6 @@ void NickCore::Serialize(Serialize::Data &data) const
 	data["pass"] << this->pass;
 	data["email"] << this->email;
 	data["language"] << this->language;
-	for (const auto &mask : this->access)
-		data["access"] << mask << " ";
 	data["memomax"] << this->memos.memomax;
 	for (const auto &ignore : this->memos.ignores)
 		data["memoignores"] << ignore << " ";
@@ -104,14 +100,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
 	data["pass"] >> nc->pass;
 	data["email"] >> nc->email;
 	data["language"] >> nc->language;
-	{
-		Anope::string buf;
-		data["access"] >> buf;
-		spacesepstream sep(buf);
-		nc->access.clear();
-		while (sep.GetToken(buf))
-			nc->access.push_back(buf);
-	}
 	data["memomax"] >> nc->memos.memomax;
 	{
 		Anope::string buf;
@@ -127,10 +115,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
 	/* compat */
 	bool b;
 	b = false;
-	data["extensible:SECURE"] >> b;
-	if (b)
-		nc->Extend<bool>("NS_SECURE");
-	b = false;
 	data["extensible:PRIVATE"] >> b;
 	if (b)
 		nc->Extend<bool>("NS_PRIVATE");
@@ -187,69 +171,6 @@ bool NickCore::IsServicesOper() const
 	return this->o != NULL;
 }
 
-void NickCore::AddAccess(const Anope::string &entry)
-{
-	this->access.push_back(entry);
-	FOREACH_MOD(OnNickAddAccess, (this, entry));
-}
-
-Anope::string NickCore::GetAccess(unsigned entry) const
-{
-	if (this->access.empty() || entry >= this->access.size())
-		return "";
-	return this->access[entry];
-}
-
-unsigned NickCore::GetAccessCount() const
-{
-	return this->access.size();
-}
-
-bool NickCore::FindAccess(const Anope::string &entry)
-{
-	for (const auto &mask : this->access)
-	{
-		if (mask == entry)
-			return true;
-	}
-
-	return false;
-}
-
-void NickCore::EraseAccess(const Anope::string &entry)
-{
-	for (unsigned i = 0, end = this->access.size(); i < end; ++i)
-		if (this->access[i] == entry)
-		{
-			FOREACH_MOD(OnNickEraseAccess, (this, entry));
-			this->access.erase(this->access.begin() + i);
-			break;
-		}
-}
-
-void NickCore::ClearAccess()
-{
-	FOREACH_MOD(OnNickClearAccess, (this));
-	this->access.clear();
-}
-
-bool NickCore::IsOnAccess(const User *u) const
-{
-	Anope::string buf = u->GetIdent() + "@" + u->host, buf2, buf3;
-	if (!u->vhost.empty())
-		buf2 = u->GetIdent() + "@" + u->vhost;
-	if (!u->GetCloakedHost().empty())
-		buf3 = u->GetIdent() + "@" + u->GetCloakedHost();
-
-	for (unsigned i = 0, end = this->access.size(); i < end; ++i)
-	{
-		Anope::string a = this->GetAccess(i);
-		if (Anope::Match(buf, a) || (!buf2.empty() && Anope::Match(buf2, a)) || (!buf3.empty() && Anope::Match(buf3, a)))
-			return true;
-	}
-	return false;
-}
-
 void NickCore::AddChannelReference(ChannelInfo *ci)
 {
 	++(*this->chanaccess)[ci];
diff --git a/src/regchannel.cpp b/src/regchannel.cpp
index a3e04d864..404f55aae 100644
--- a/src/regchannel.cpp
+++ b/src/regchannel.cpp
@@ -268,10 +268,6 @@ Serializable *ChannelInfo::Unserialize(Serializable *obj, Serialize::Data &data)
 	/* compat */
 	bool b;
 	b = false;
-	data["extensible:SECURE"] >> b;
-	if (b)
-		ci->Extend<bool>("CS_SECURE");
-	b = false;
 	data["extensible:PRIVATE"] >> b;
 	if (b)
 		ci->Extend<bool>("CS_PRIVATE");
@@ -423,18 +419,10 @@ AccessGroup ChannelInfo::AccessFor(const User *u, bool updateLastUsed)
 	if (u == NULL)
 		return group;
 
-	const NickCore *nc = u->Account();
-	if (nc == NULL && !this->HasExt("NS_SECURE") && u->IsRecognized())
-	{
-		const NickAlias *na = NickAlias::Find(u->nick);
-		if (na != NULL)
-			nc = na->nc;
-	}
-
 	group.super_admin = u->super_admin;
 	group.founder = IsFounder(u, this);
 	group.ci = this;
-	group.nc = nc;
+	group.nc = u->Account();
 
 	FindMatches(group, this, u, u->Account());
 
diff --git a/src/users.cpp b/src/users.cpp
index 285fe2c40..0fc8d2dd9 100644
--- a/src/users.cpp
+++ b/src/users.cpp
@@ -40,7 +40,6 @@ User::User(const Anope::string &snick, const Anope::string &sident, const Anope:
 	quit = false;
 	server = NULL;
 	invalid_pw_count = invalid_pw_time = lastmemosend = lastnickreg = lastmail = 0;
-	on_access = false;
 
 	this->nick = snick;
 	this->ident = sident;
@@ -153,7 +152,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
 	else
 	{
 		NickAlias *old_na = NickAlias::Find(this->nick);
-		if (old_na && (this->IsIdentified(true) || this->IsRecognized()))
+		if (old_na && this->IsIdentified(true))
 			old_na->last_seen = Anope::CurTime;
 
 		UserListByNick.erase(this->nick);
@@ -169,11 +168,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
 		}
 		other = this;
 
-		on_access = false;
 		NickAlias *na = NickAlias::Find(this->nick);
-		if (na)
-			on_access = na->nc->IsOnAccess(this);
-
 		if (na && na->nc == this->Account())
 		{
 			na->last_seen = Anope::CurTime;
@@ -282,7 +277,7 @@ void User::SetRealname(const Anope::string &srealname)
 	this->realname = srealname;
 	NickAlias *na = NickAlias::Find(this->nick);
 
-	if (na && (this->IsIdentified(true) || this->IsRecognized()))
+	if (na && this->IsIdentified(true))
 		na->last_realname = srealname;
 
 	Log(this, "realname") << "changed realname to " << srealname;
@@ -446,19 +441,6 @@ bool User::IsIdentified(bool check_nick) const
 	return this->nc;
 }
 
-bool User::IsRecognized(bool check_secure) const
-{
-	if (check_secure && on_access)
-	{
-		const NickAlias *na = NickAlias::Find(this->nick);
-
-		if (!na || na->nc->HasExt("NS_SECURE"))
-			return false;
-	}
-
-	return on_access;
-}
-
 bool User::IsSecurelyConnected() const
 {
 	return HasMode("SSL") || HasExt("ssl");
@@ -530,11 +512,7 @@ void User::UpdateHost()
 		return;
 
 	NickAlias *na = NickAlias::Find(this->nick);
-	on_access = false;
-	if (na)
-		on_access = na->nc->IsOnAccess(this);
-
-	if (na && (this->IsIdentified(true) || this->IsRecognized()))
+	if (na && this->IsIdentified(true))
 	{
 		Anope::string last_usermask = this->GetIdent() + "@" + this->GetDisplayedHost();
 		Anope::string last_realhost = this->GetIdent() + "@" + this->host;
author	Sadie Powell <sadie@witchery.services>	2024-02-29 14:49:39 +0000
committer	Sadie Powell <sadie@witchery.services>	2024-02-29 16:14:15 +0000
commit	579af3c44200a8325bd2eec9e6ff0ec28fa7125b (patch)
tree	455dbad4bdc231ea4b2b9297e0dfa0a53446d640 /src
parent	25bdcfcbc472b8e348aa338d8ebb0a18fd006fff (diff)