diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/core/db_plain.cpp | 7 | ||||
| -rw-r--r-- | modules/core/ns_cert.cpp | 234 | ||||
| -rw-r--r-- | modules/core/ns_ghost.cpp | 3 | ||||
| -rw-r--r-- | modules/core/ns_group.cpp | 26 | ||||
| -rw-r--r-- | modules/core/ns_identify.cpp | 43 | ||||
| -rw-r--r-- | modules/core/ns_recover.cpp | 3 | ||||
| -rw-r--r-- | modules/core/ns_release.cpp | 4 | ||||
| -rw-r--r-- | modules/core/ns_resetpass.cpp | 23 | ||||
| -rw-r--r-- | modules/extra/ns_identify_ldap.cpp | 25 | ||||
| -rw-r--r-- | modules/protocol/bahamut.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/inspircd11.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/inspircd12.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/inspircd20.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/ngircd.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/plexus.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/ratbox.cpp | 1 | ||||
| -rw-r--r-- | modules/protocol/unreal32.cpp | 1 |
17 files changed, 280 insertions, 96 deletions
diff --git a/modules/core/db_plain.cpp b/modules/core/db_plain.cpp index c20a78577..550f229a1 100644 --- a/modules/core/db_plain.cpp +++ b/modules/core/db_plain.cpp @@ -485,6 +485,8 @@ class DBPlain : public Module nc->greet = params[0]; else if (key.equals_ci("ACCESS")) nc->AddAccess(params[0]); + else if (key.equals_ci("CERT")) + nc->AddCert(params[0]); else if (key.equals_ci("FLAGS")) nc->FromString(params); else if (key.equals_ci("MI")) @@ -737,6 +739,11 @@ class DBPlain : public Module for (std::vector<Anope::string>::iterator it = nc->access.begin(), it_end = nc->access.end(); it != it_end; ++it) db_buffer << "MD ACCESS " << *it << endl; } + if (!nc->cert.empty()) + { + for (std::vector<Anope::string>::iterator it = nc->cert.begin(), it_end = nc->cert.end(); it != it_end; ++it) + db_buffer << "MD CERT " << *it << endl; + } if (nc->FlagCount()) db_buffer << "MD FLAGS " << ToString(nc->ToString()) << endl; MemoInfo *mi = &nc->memos; diff --git a/modules/core/ns_cert.cpp b/modules/core/ns_cert.cpp new file mode 100644 index 000000000..5581149f6 --- /dev/null +++ b/modules/core/ns_cert.cpp @@ -0,0 +1,234 @@ +/* NickServ core functions + * + * (C) 2003-2011 Anope Team + * Contact us at team@anope.org + * + * Please read COPYING and README for further details. + * + * Based on the original code of Epona by Lara. + * Based on the original code of Services by Andy Church. + */ + +/*************************************************************************/ + +#include "module.h" + +class CommandNSCert : public Command +{ + private: + CommandReturn DoServAdminList(CommandSource &source, NickCore *nc) + { + if (nc->cert.empty()) + { + source.Reply(_("Certificate list for \002%s\002 is empty."), nc->display.c_str()); + return MOD_CONT; + } + + if (nc->HasFlag(NI_SUSPENDED)) + { + source.Reply(_(NICK_X_SUSPENDED), nc->display.c_str()); + return MOD_CONT; + } + + source.Reply(_("Certificate list for \002%s\002:"), nc->display.c_str()); + for (unsigned i = 0, end = nc->cert.size(); i < end; ++i) + { + Anope::string fingerprint = nc->GetCert(i); + source.Reply(" %s", fingerprint.c_str()); + } + + return MOD_CONT; + } + + CommandReturn DoAdd(CommandSource &source, NickCore *nc, const Anope::string &mask) + { + + if (nc->cert.size() >= Config->NSAccessMax) + { + source.Reply(_("Sorry, you can only have %d certificate entries for a nickname."), Config->NSAccessMax); + return MOD_CONT; + } + + if (!source.u->fingerprint.empty() && !nc->FindCert(source.u->fingerprint)) + { + nc->AddCert(source.u->fingerprint); + source.Reply(_("\002%s\002 added to your certificate list"), source.u->fingerprint.c_str()); + return MOD_CONT; + } + + if (mask.empty()) + { + this->OnSyntaxError(source, "ADD"); + return MOD_CONT; + } + + if (nc->FindCert(mask)) + { + source.Reply(_("Fingerprint \002%s\002 already present on your certificate list."), mask.c_str()); + return MOD_CONT; + } + + nc->AddCert(mask); + source.Reply(_("\002%s\002 added to your certificate list."), mask.c_str()); + return MOD_CONT; + } + + CommandReturn DoDel(CommandSource &source, NickCore *nc, const Anope::string &mask) + { + + if (!source.u->fingerprint.empty() && nc->FindCert(source.u->fingerprint)) + { + nc->EraseCert(source.u->fingerprint); + source.Reply(_("\002%s\002 deleted from your certificate list"), source.u->fingerprint.c_str()); + return MOD_CONT; + } + + if (mask.empty()) + { + this->OnSyntaxError(source, "DEL"); + return MOD_CONT; + } + + if (!nc->FindCert(mask)) + { + source.Reply(_("\002%s\002 not found on your certificate list."), mask.c_str()); + return MOD_CONT; + } + + source.Reply(_("\002%s\002 deleted from your certificate list."), mask.c_str()); + nc->EraseCert(mask); + + return MOD_CONT; + } + + CommandReturn DoList(CommandSource &source, NickCore *nc) + { + User *u = source.u; + + if (nc->cert.empty()) + { + source.Reply(_("Your certificate list is empty."), u->nick.c_str()); + return MOD_CONT; + } + + source.Reply(_("Cert list:")); + for (unsigned i = 0, end = nc->cert.size(); i < end; ++i) + { + Anope::string fingerprint = nc->GetCert(i); + source.Reply(" %s", fingerprint.c_str()); + } + + return MOD_CONT; + } + + public: + CommandNSCert() : Command("CERT", 1, 2) + { + this->SetDesc("Modify the nickname client certificate list"); + } + + CommandReturn Execute(CommandSource &source, const std::vector<Anope::string> ¶ms) + { + User *u = source.u; + const Anope::string &cmd = params[0]; + const Anope::string &mask = params.size() > 1 ? params[1] : ""; + + NickAlias *na; + if (cmd.equals_ci("LIST") && u->Account()->IsServicesOper() && !mask.empty() && (na = findnick(mask))) + return this->DoServAdminList(source, na->nc); + + if (u->Account()->HasFlag(NI_SUSPENDED)) + source.Reply(_(NICK_X_SUSPENDED), u->Account()->display.c_str()); + else if (cmd.equals_ci("ADD")) + return this->DoAdd(source, u->Account(), mask); + else if (cmd.equals_ci("DEL")) + return this->DoDel(source, u->Account(), mask); + else if (cmd.equals_ci("LIST")) + return this->DoList(source, u->Account()); + else + this->OnSyntaxError(source, cmd); + + return MOD_CONT; + } + + bool OnHelp(CommandSource &source, const Anope::string &subcommand) + { + source.Reply(_("Syntax: \002CERT ADD [\037fingerprint\037]\002\n" + " \002CERT DEL [\037<fingerprint>\037]\002\n" + " \002CERT LIST\002\n" + " \n" + "Modifies or displays the certificate list for your nick.\n" + "If you connect to IRC and provide a client certificate with a\n" + "matching fingerprint in the cert list, your nick will be\n" + "automatically identified to %s.\n" + " \n"), NickServ->nick.c_str(), NickServ->nick.c_str()); + source.Reply(_("Examples:\n" + " \n" + " \002CERT ADD <fingerprint>\002\n" + " Adds this fingerprint to the certificate list and\n" + " automatically identifies you when you connect to IRC\n" + " using this certificate.\n" + " \n" + " \002CERT DEL <fingerprint>\002\n" + " Reverses the previous command.\n" + " \n" + " \002CERT LIST\002\n" + " Displays the current certificate list."), NickServ->nick.c_str()); + return true; + } + + void OnSyntaxError(CommandSource &source, const Anope::string &subcommand) + { + SyntaxError(source, "CERT", _("CERT {ADD|DEL|LIST} [\037fingerprint\037]")); + } +}; + +class NSCert : public Module +{ + CommandNSCert commandnscert; + + void DoAutoIdentify(User *u) + { + NickAlias *na = findnick(u->nick); + if (!na) + return; + if (u->IsIdentified() && u->Account() == na->nc) + return; + if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED)) + return; + if (!na->nc->FindCert(u->fingerprint)) + return; + + u->Identify(na); + u->SendMessage(NickServ, _("SSL Fingerprint accepted. You are now identified.")); + return; + } + + public: + NSCert(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator) + { + this->SetAuthor("Anope"); + this->SetType(CORE); + + if (!ircd->certfp) + throw ModuleException("Your IRCd does not support ssl client certificates"); + + Implementation i[] = { I_OnUserNickChange, I_OnFingerprint }; + ModuleManager::Attach(i, this, 2); + + this->AddCommand(NickServ, &commandnscert); + } + + void OnFingerprint(User *u) + { + DoAutoIdentify(u); + } + + void OnUserNickChange(User *u, const Anope::string &oldnick) + { + if (!u->fingerprint.empty()) + DoAutoIdentify(u); + } +}; + +MODULE_INIT(NSCert) diff --git a/modules/core/ns_ghost.cpp b/modules/core/ns_ghost.cpp index 35ffb76c2..dbc11e5f6 100644 --- a/modules/core/ns_ghost.cpp +++ b/modules/core/ns_ghost.cpp @@ -42,7 +42,8 @@ class CommandNSGhost : public Command else if (nick.equals_ci(u->nick)) source.Reply(_("You can't ghost yourself!")); else if ((u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc))) || - (!pass.empty() && enc_check_password(pass, na->nc->pass) == 1)) + (!pass.empty() && enc_check_password(pass, na->nc->pass) == 1) || + (!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint))) { if (!user->IsIdentified() && FindCommand(NickServ, "RECOVER")) source.Reply(_("You may not ghost an unidentified user, use RECOVER instead.")); diff --git a/modules/core/ns_group.cpp b/modules/core/ns_group.cpp index 62fd5f84d..3aa4b6419 100644 --- a/modules/core/ns_group.cpp +++ b/modules/core/ns_group.cpp @@ -16,7 +16,7 @@ class CommandNSGroup : public Command { public: - CommandNSGroup() : Command("GROUP", 2, 2) + CommandNSGroup() : Command("GROUP", 1, 2) { this->SetFlag(CFLAG_ALLOW_UNREGISTERED); this->SetDesc(_("Join a group")); @@ -27,7 +27,7 @@ class CommandNSGroup : public Command User *u = source.u; const Anope::string &nick = params[0]; - Anope::string pass = params[1]; + Anope::string pass = params.size() > 1 ? params[1] : ""; if (readonly) { @@ -78,15 +78,8 @@ class CommandNSGroup : public Command "for more information."), target->nick.c_str(), Config->s_NickServ.c_str(), Config->s_NickServ.c_str()); else { - int res = enc_check_password(pass, target->nc->pass); - if (res == -1) - { - Log(LOG_COMMAND, u, this) << "failed group for " << na->nick << " (invalid password)"; - source.Reply(_(PASSWORD_INCORRECT)); - if (bad_password(u)) - return MOD_STOP; - } - else + if ((!pass.empty() && enc_check_password(pass, target->nc->pass)) || + (!u->fingerprint.empty() && target->nc->FindCert(u->fingerprint))) { /* If the nick is already registered, drop it. * If not, check that it is valid. @@ -125,6 +118,17 @@ class CommandNSGroup : public Command check_memos(u); } + else if (pass.empty()) + { + this->OnSyntaxError(source, ""); + } + else + { + Log(LOG_COMMAND, u, this) << "failed group for " << target->nick << " (invalid password)"; + source.Reply(_(PASSWORD_INCORRECT)); + if (bad_password(u)) + return MOD_STOP; + } } return MOD_CONT; } diff --git a/modules/core/ns_identify.cpp b/modules/core/ns_identify.cpp index a15d0a465..742fe986a 100644 --- a/modules/core/ns_identify.cpp +++ b/modules/core/ns_identify.cpp @@ -29,7 +29,7 @@ class CommandNSIdentify : public Command const Anope::string &nick = params.size() == 2 ? params[0] : u->nick; Anope::string pass = params[params.size() - 1]; - NickAlias *na = findnick(nick), *this_na = findnick(u->nick); + NickAlias *na = findnick(nick); if (!na) source.Reply(_(NICK_NOT_REGISTERED)); else if (na->HasFlag(NS_FORBIDDEN)) @@ -59,46 +59,9 @@ class CommandNSIdentify : public Command if (u->IsIdentified()) Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; - na->last_realname = u->realname; - na->last_seen = Anope::CurTime; - - u->Login(na->nc); - ircdproto->SendAccountLogin(u, u->Account()); - ircdproto->SetAutoIdentificationToken(u); - - if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false) - u->SetMode(NickServ, UMODE_REGISTERED); - - u->UpdateHost(); - - Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display; + Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display; source.Reply(_("Password accepted - you are now recognized.")); - if (ircd->vhost) - do_on_id(u); - if (Config->NSModeOnID) - do_setmodes(u); - - FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); - - if (Config->NSForceEmail && u->Account()->email.empty()) - { - source.Reply(_("You must now supply an e-mail for your nick.\n" - "This e-mail will allow you to retrieve your password in\n" - "case you forget it.")); - source.Reply(_("Type \002%R%s SET EMAIL \037e-mail\037\002 in order to set your e-mail.\n" - "Your privacy is respected; this e-mail won't be given to\n" - "any third-party person."), NickServ->nick.c_str()); - } - - if (u->Account()->HasFlag(NI_UNCONFIRMED)) - { - source.Reply(_("Your email address is not confirmed. To confirm it, follow the instructions that were emailed to you when you registered.")); - time_t time_registered = Anope::CurTime - na->time_registered; - if (Config->NSUnconfirmedExpire > time_registered) - source.Reply(_("Your account will expire, if not confirmed, in %s"), duration(Config->NSUnconfirmedExpire - time_registered).c_str()); - } - - check_memos(u); + u->Identify(na); } } return MOD_CONT; diff --git a/modules/core/ns_recover.cpp b/modules/core/ns_recover.cpp index a994218b8..2118858f5 100644 --- a/modules/core/ns_recover.cpp +++ b/modules/core/ns_recover.cpp @@ -68,7 +68,8 @@ class CommandNSRecover : public Command } else { - if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc))) + if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) || + (!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint))) { u2->SendMessage(NickServ, _(FORCENICKCHANGE_NOW)); u2->Collide(na); diff --git a/modules/core/ns_release.cpp b/modules/core/ns_release.cpp index 3468d1119..ff0424577 100644 --- a/modules/core/ns_release.cpp +++ b/modules/core/ns_release.cpp @@ -43,6 +43,7 @@ class CommandNSRelease : public Command if (res == 1) { Log(LOG_COMMAND, u, this) << "released " << na->nick; + na->Release(); source.Reply(_("Services' hold on your nick has been released.")); } else @@ -58,7 +59,8 @@ class CommandNSRelease : public Command } else { - if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc))) + if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) || + (!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint))) { na->Release(); source.Reply(_("Services' hold on your nick has been released.")); diff --git a/modules/core/ns_resetpass.cpp b/modules/core/ns_resetpass.cpp index d7c4029c1..09dea3502 100644 --- a/modules/core/ns_resetpass.cpp +++ b/modules/core/ns_resetpass.cpp @@ -102,30 +102,13 @@ class NSResetPass : public Module na->nc->Shrink("ns_resetpass_code"); na->nc->Shrink("ns_resetpass_time"); - NickAlias *this_na = findnick(u->nick); - - if (this_na && this_na == na) - { - u->UpdateHost(); - na->last_realname = u->realname; - na->last_seen = Anope::CurTime; - u->SetMode(NickServ, UMODE_REGISTERED); - } - - u->Login(na->nc); - ircdproto->SendAccountLogin(u, u->Account()); - ircdproto->SetAutoIdentificationToken(u); + Log(LOG_COMMAND, u, &commandnsresetpass) << "confirmed RESETPASS to forcefully identify to " << na->nick; + na->nc->UnsetFlag(NI_UNCONFIRMED); - FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); + u->Identify(na); - Log(LOG_COMMAND, u, &commandnsresetpass) << "confirmed RESETPASS to forcefully identify to " << na->nick; source.Reply(_("You are now identified for your nick. Change your password using \"%R%s SET PASSWORD \002newpassword\002\" now."), Config->s_NickServ.c_str()); - if (ircd->vhost) - do_on_id(u); - if (Config->NSModeOnID) - do_setmodes(u); - check_memos(u); } else return EVENT_CONTINUE; diff --git a/modules/extra/ns_identify_ldap.cpp b/modules/extra/ns_identify_ldap.cpp index 6e01e0103..08b06a18a 100644 --- a/modules/extra/ns_identify_ldap.cpp +++ b/modules/extra/ns_identify_ldap.cpp @@ -42,7 +42,7 @@ class IdentifyInterface : public LDAPInterface, public Command this->requests.erase(it); User *u = *ii->user; - NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account); + NickAlias *na = findnick(ii->account); if (!na) { @@ -60,28 +60,9 @@ class IdentifyInterface : public LDAPInterface, public Command if (u->Account()) Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display; - - na->last_realname = u->realname; - na->last_seen = Anope::CurTime; - - u->Login(na->nc); - ircdproto->SendAccountLogin(u, u->Account()); - ircdproto->SetAutoIdentificationToken(u); - - if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false) - u->SetMode(NickServ, UMODE_REGISTERED); - - u->UpdateHost(); - - Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP"; + Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display << " using LDAP"; u->SendMessage(NickServ, _("Password accepted - you are now recognized.")); - if (ircd->vhost) - do_on_id(u); - if (Config->NSModeOnID) - do_setmodes(u); - - FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u)); - + u->Identify(na); delete ii; } diff --git a/modules/protocol/bahamut.cpp b/modules/protocol/bahamut.cpp index fa714d7b1..68ff578ea 100644 --- a/modules/protocol/bahamut.cpp +++ b/modules/protocol/bahamut.cpp @@ -36,6 +36,7 @@ IRCDVar myIrcd[] = { 0, /* ts6 */ "$", /* TLD Prefix for Global */ 6, /* Max number of modes we can send per line */ + 0, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/inspircd11.cpp b/modules/protocol/inspircd11.cpp index e903bb2a3..4030e40c1 100644 --- a/modules/protocol/inspircd11.cpp +++ b/modules/protocol/inspircd11.cpp @@ -36,6 +36,7 @@ IRCDVar myIrcd[] = { 0, /* ts6 */ "$", /* TLD Prefix for Global */ 20, /* Max number of modes we can send per line */ + 0, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/inspircd12.cpp b/modules/protocol/inspircd12.cpp index 42e897aa4..ecac4a4f9 100644 --- a/modules/protocol/inspircd12.cpp +++ b/modules/protocol/inspircd12.cpp @@ -42,6 +42,7 @@ IRCDVar myIrcd[] = { 1, /* ts6 */ "$", /* TLD Prefix for Global */ 20, /* Max number of modes we can send per line */ + 1, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/inspircd20.cpp b/modules/protocol/inspircd20.cpp index 5025884ea..40f1a413d 100644 --- a/modules/protocol/inspircd20.cpp +++ b/modules/protocol/inspircd20.cpp @@ -42,6 +42,7 @@ IRCDVar myIrcd[] = { 1, /* ts6 */ "$", /* TLD Prefix for Global */ 20, /* Max number of modes we can send per line */ + 1, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/ngircd.cpp b/modules/protocol/ngircd.cpp index 7f4f4f9f1..160f74e9c 100644 --- a/modules/protocol/ngircd.cpp +++ b/modules/protocol/ngircd.cpp @@ -35,6 +35,7 @@ IRCDVar myIrcd[] = { 0, /* ts6 */ "$", /* TLD Prefix for Global */ 20, /* Max number of modes we can send per line */ + 0, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/plexus.cpp b/modules/protocol/plexus.cpp index a538479db..edfdfeec4 100644 --- a/modules/protocol/plexus.cpp +++ b/modules/protocol/plexus.cpp @@ -36,6 +36,7 @@ IRCDVar myIrcd[] = { 1, /* ts6 */ "$$", /* TLD Prefix for Global */ 4, /* Max number of modes we can send per line */ + 1, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/ratbox.cpp b/modules/protocol/ratbox.cpp index ea1c35c83..a5f58057e 100644 --- a/modules/protocol/ratbox.cpp +++ b/modules/protocol/ratbox.cpp @@ -36,6 +36,7 @@ IRCDVar myIrcd[] = { 1, /* ts6 */ "$$", /* TLD Prefix for Global */ 4, /* Max number of modes we can send per line */ + 0, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} diff --git a/modules/protocol/unreal32.cpp b/modules/protocol/unreal32.cpp index d8351b931..b6e438461 100644 --- a/modules/protocol/unreal32.cpp +++ b/modules/protocol/unreal32.cpp @@ -36,6 +36,7 @@ IRCDVar myIrcd[] = { 0, /* ts6 */ "$", /* TLD Prefix for Global */ 12, /* Max number of modes we can send per line */ + 0, /* IRCd sends a SSL users certificate fingerprint */ } , {NULL} |