pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-26 13:16:38 +02:00
Code Activity

Rip out ns_access and related code.

Browse Source 
This is wildly insecure and has been disabled by default for at
least a decade.
This commit is contained in:
Sadie Powell
2024-02-29 14:49:39 +00:00
parent 25bdcfcbc4
commit 579af3c442
32 changed files with 41 additions and 1104 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/anope.example.conf
+5 -5
View File
@@ -766,9 +766,9 @@ log
* memoserv/info - Can see any information with /MEMOSERV INFO
* memoserv/set-limit - Can set the limit of max stored memos on any user and channel
* memoserv/no-limit - Can send memos through limits and throttles
* nickserv/access - Can modify other users access and certificate lists
* nickserv/alist - Can see the channel access list of other users
* nickserv/auspex - Can see any information with /NICKSERV INFO
* nickserv/cert - Can modify other certificate lists
* nickserv/confirm - Can confirm other users nicknames
* nickserv/drop - Can drop other users nicks
* nickserv/recover - Can recover other users nicks
@@ -789,10 +789,10 @@ log
*
* nickserv/getemail nickserv/suspend nickserv/ajoin nickserv/list
*
* nickserv/saset/autoop nickserv/saset/email nickserv/saset/greet nickserv/saset/password
* nickserv/saset/display nickserv/saset/kill nickserv/saset/language nickserv/saset/message
* nickserv/saset/private nickserv/saset/secure nickserv/saset/url nickserv/saset/noexpire
* nickserv/saset/keepmodes nickserv/saset/neverop
* nickserv/saset/autoop nickserv/saset/display nickserv/saset/email nickserv/saset/greet
* nickserv/saset/kill nickserv/saset/keepmodes nickserv/saset/language nickserv/saset/message
* nickserv/saset/neverop nickserv/saset/noexpire nickserv/saset/password nickserv/saset/private
* nickserv/saset/url
*
* hostserv/set hostserv/del hostserv/list
*
data/chanserv.example.conf
+2 -4
View File
@@ -76,8 +76,6 @@ module
* access level or superior
* - cs_private: Hide the channel from ChanServ's LIST command
* - restricted: Kick/ban users who are restricted from the channel
* - cs_secure: Enable channel security, requiring the user to be identified with NickServ in
* order to be considered for being on the access list of the channel
* - secureops: Only allow operator status to be given if the user is on the access list
* - securefounder: Only allow the real founder of the channel to drop the channel, change its
* password, or change the founder or successor
@@ -93,10 +91,10 @@ module
* to be a registered nick, otherwise the channel will be dropped.
* - none: No defaults
*
* This directive is optional, if left blank, the options will default to keeptopic, peace, cs_secure,
* This directive is optional, if left blank, the options will default to keeptopic, peace,
* securefounder, and signkick. If you really want no defaults, use "none" by itself as the option.
*/
defaults = "keeptopic peace cs_secure securefounder signkick"
defaults = "keeptopic peace securefounder signkick"
/*
* The maximum number of channels which may be registered to a single nickname.
data/nickserv.example.conf
+3 -47
View File
@@ -96,8 +96,6 @@ module
* option and the killprotect option must be specified with this one
* - kill_immed: Kill nick immediately if not identified, this one overrides both the killprotect
* and kill_quick options and the killprotect option must be specified with this one
* - ns_secure: Enable nickname security, requiring the nick's password before any operations
* can be done on it
* - ns_private: Hide the nick from NickServ's LIST command
* - hide_email: Hide the nick's e-mail address from NickServ's INFO command
* - hide_mask: Hide the nick's last or current user@host from NickServ's INFO command
@@ -112,10 +110,10 @@ module
* to be enabled as well
* - ns_keep_modes: Enables keepmodes, which retains user modes across sessions
*
* This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
* This directive is optional, if left blank, the options will default to memo_signon, and
* memo_receive. If you really want no defaults, use "none" by itself as the option.
*/
defaults = "killprotect ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop"
defaults = "killprotect ns_private hide_email hide_mask memo_signon memo_receive autoop"
/*
* The minimum length of time between consecutive uses of NickServ's REGISTER command. This
@@ -248,33 +246,6 @@ command_group
/* Give it a help command. */
command { service = "NickServ"; name = "HELP"; command = "generic/help"; }
/*
* ns_access
*
* Provides the command nickserv/access.
*
* Used for configuring what hosts have access to your account.
*/
module
{
name = "ns_access"
/*
* The maximum number of entries allowed on a nickname's access list.
* If not set, the default is 32. This number cannot be set to 0.
*/
accessmax = 32
/*
* If set, Anope will add the usermask of registering users to the access list of their
* newly created account. If not set, users will always have to identify to NickServ before
* being recognized, unless they manually add an address to the access list of their account.
* This directive is optional.
*/
addaccessonreg = no
}
command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
/*
* ns_ajoin
*
@@ -530,10 +501,9 @@ command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpas
* nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
* nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
* nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
* nickserv/set/password, nickserv/saset/password - Used for changing a users password.
* nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
* nickserv/set/neverop, nickserv/saset/neverop - Used to configure whether a user can be added to access lists
* nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
* nickserv/set/password, nickserv/saset/password - Used for changing a users password.
*/
module
{
@@ -574,9 +544,6 @@ command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/sase
command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }
command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
command { service = "NickServ"; name = "SET NEVEROP"; command = "nickserv/set/neverop"; }
command { service = "NickServ"; name = "SASET NEVEROP"; command = "nickserv/saset/neverop"; permission = "nickserv/saset/neverop"; }
@@ -601,17 +568,6 @@ command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/mi
#command { service = "NickServ"; name = "SET MASTODON"; command = "nickserv/set/misc"; misc_description = _("Associate a Mastodon account with your account"); }
#command { service = "NickServ"; name = "SASET MASTODON"; command = "nickserv/saset/misc"; misc_description = _("Associate a Mastodon account with this account"); permission = "nickserv/saset/mastodon"; group = "nickserv/admin"; }
/*
* ns_status
*
* Provides the nickserv/status command.
*
* Used to determine if a user is recognized or identified by services.
*/
module { name = "ns_status" }
command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
/*
* ns_suspend
*
include/account.h
-55
View File
@@ -122,9 +122,6 @@ public:
Anope::string email;
/* Locale name of the language of the user. Empty means default language */
Anope::string language;
/* Access list, contains user@host masks of users who get certain privileges based
* on if NI_SECURE is set and what (if any) kill protection is enabled. */
std::vector<Anope::string> access;
MemoInfo memos;
std::map<Anope::string, Anope::string> last_modes;
@@ -165,61 +162,9 @@ public:
*/
virtual bool IsServicesOper() const;
/** Add an entry to the nick's access list
*
* @param entry The nick!ident@host entry to add to the access list
*
* Adds a new entry into the access list.
*/
void AddAccess(const Anope::string &entry);
/** Get an entry from the nick's access list by index
*
* @param entry Index in the access list vector to retrieve
* @return The access list entry of the given index if within bounds, an empty string if the vector is empty or the index is out of bounds
*
* Retrieves an entry from the access list corresponding to the given index.
*/
Anope::string GetAccess(unsigned entry) const;
/** Get the number of entries on the access list for this account.
*/
unsigned GetAccessCount() const;
/** Retrieves the account id for this user */
uint64_t GetId();
/** Find an entry in the nick's access list
*
* @param entry The nick!ident@host entry to search for
* @return True if the entry is found in the access list, false otherwise
*
* Search for an entry within the access list.
*/
bool FindAccess(const Anope::string &entry);
/** Erase an entry from the nick's access list
*
* @param entry The nick!ident@host entry to remove
*
* Removes the specified access list entry from the access list.
*/
void EraseAccess(const Anope::string &entry);
/** Clears the entire nick's access list
*
* Deletes all the memory allocated in the access list vector and then clears the vector.
*/
void ClearAccess();
/** Is the given user on this accounts access list?
*
* @param u The user
*
* @return true if the user is on the access list
*/
bool IsOnAccess(const User *u) const;
/** Finds an account
* @param nick The account name to find
* @return The account, if it exists
include/language.h
-2
View File
@@ -90,8 +90,6 @@ namespace Language
#define UNKNOWN _("<unknown>")
#define NO_EXPIRE _("does not expire")
#define LIST_INCORRECT_RANGE _("Incorrect range specified. The correct syntax is \002#\037from\037-\037to\037\002.")
#define NICK_IS_REGISTERED _("This nick is owned by someone else. Please choose another.\n" \
"(If this is your nick, type \002%s%s IDENTIFY \037password\037\002.)")
#define NICK_IS_SECURE _("This nickname is registered and protected. If it is your\n" \
"nick, type \002%s%s IDENTIFY \037password\037\002. Otherwise,\n" \
"please choose a different nick.")
include/modules.h
+1 -18
View File
@@ -777,23 +777,6 @@ public:
*/
virtual void OnChangeCoreDisplay(NickCore *nc, const Anope::string &newdisplay) { throw NotImplementedException(); }
/** called from NickCore::ClearAccess()
* @param nc pointer to the NickCore
*/
virtual void OnNickClearAccess(NickCore *nc) { throw NotImplementedException(); }
/** Called when a user adds an entry to their access list
* @param nc The nick
* @param entry The entry
*/
virtual void OnNickAddAccess(NickCore *nc, const Anope::string &entry) { throw NotImplementedException(); }
/** Called from NickCore::EraseAccess()
* @param nc pointer to the NickCore
* @param entry The access mask
*/
virtual void OnNickEraseAccess(NickCore *nc, const Anope::string &entry) { throw NotImplementedException(); }
/** called from NickCore::ClearCert()
* @param nc pointer to the NickCore
*/
@@ -1096,7 +1079,7 @@ enum Implementation
I_OnCreateChan, I_OnDelChan, I_OnChannelCreate, I_OnChannelDelete, I_OnAkickAdd, I_OnAkickDel, I_OnCheckKick,
I_OnChanInfo, I_OnCheckPriv, I_OnGroupCheckPriv, I_OnNickDrop, I_OnNickGroup, I_OnNickIdentify,
I_OnUserLogin, I_OnNickLogout, I_OnNickRegister, I_OnNickConfirm, I_OnNickSuspend, I_OnNickUnsuspended, I_OnDelNick, I_OnNickCoreCreate,
I_OnDelCore, I_OnChangeCoreDisplay, I_OnNickClearAccess, I_OnNickAddAccess, I_OnNickEraseAccess, I_OnNickClearCert,
I_OnDelCore, I_OnChangeCoreDisplay, I_OnNickClearCert,
I_OnNickAddCert, I_OnNickEraseCert, I_OnNickInfo, I_OnBotInfo, I_OnCheckAuthentication, I_OnNickUpdate,
I_OnFingerprint, I_OnUserAway, I_OnInvite, I_OnDeleteVhost, I_OnSetVhost, I_OnSetDisplayedHost, I_OnMemoSend, I_OnMemoDel,
I_OnChannelModeSet, I_OnChannelModeUnset, I_OnUserModeSet, I_OnUserModeUnset, I_OnChannelModeAdd, I_OnUserModeAdd,
include/users.h
-8
View File
@@ -44,8 +44,6 @@ protected:
Anope::string vident;
Anope::string ident;
Anope::string uid;
/* If the user is on the access list of the nick they're on */
bool on_access;
/* Map of user modes and the params this user has (if any) */
ModeList modes;
/* NickCore account the user is currently logged in as, if they are logged in */
@@ -223,12 +221,6 @@ public:
*/
bool IsIdentified(bool check_nick = false) const;
/** Check if the user is recognized for their nick (on the nicks access list)
* @param check_secure Only returns true if the user has secure off
* @return true or false
*/
bool IsRecognized(bool check_secure = true) const;
/** Check if the user is connected securely.
* @return True if the user is connected securely; otherwise, false.
*/
language/anope.en_US.po
+5 -187
View File
@@ -7,8 +7,8 @@ msgid ""
msgstr ""
"Project-Id-Version: Anope\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-02-22 16:34+0000\n"
"PO-Revision-Date: 2024-02-22 16:35+0000\n"
"POT-Creation-Date: 2024-02-29 16:12+0000\n"
"PO-Revision-Date: 2024-02-29 16:13+0000\n"
"Last-Translator: Sadie Powell <sadie@witchery.services>\n"
"Language-Team: English\n"
"Language: en_US\n"
@@ -46,10 +46,6 @@ msgstr "%s added to %s autokick list."
msgid "%s added to %s bad words list."
msgstr "%s added to %s bad words list."
#, c-format
msgid "%s added to %s's access list."
msgstr "%s added to %s's access list."
#, c-format
msgid "%s added to %s's certificate list."
msgstr "%s added to %s's certificate list."
@@ -186,10 +182,6 @@ msgstr "%s deleted from %s autokick list."
msgid "%s deleted from %s bad words list."
msgstr "%s deleted from %s bad words list."
#, c-format
msgid "%s deleted from %s's access list."
msgstr "%s deleted from %s's access list."
#, c-format
msgid "%s deleted from %s's certificate list."
msgstr "%s deleted from %s's certificate list."
@@ -346,10 +338,6 @@ msgstr "%s not found on %s autokick list."
msgid "%s not found on %s bad words list."
msgstr "%s not found on %s bad words list."
#, c-format
msgid "%s not found on %s's access list."
msgstr "%s not found on %s's access list."
#, c-format
msgid "%s not found on %s's certificate list."
msgstr "%s not found on %s's certificate list."
@@ -1605,10 +1593,6 @@ msgstr "%s will now notify you of memos when you log on or unset /AWAY."
msgid "%s!%s@%s (%s) added to the bot list."
msgstr "%s!%s@%s (%s) added to the bot list."
#, c-format
msgid "%s's access list is empty."
msgstr "%s's access list is empty."
#, c-format
msgid "%s's auto join list is empty."
msgstr "%s's auto join list is empty."
@@ -1745,9 +1729,6 @@ msgstr "ADD [+expiry] mask limit reason"
msgid "ADD [nickname] channel [key]"
msgstr "ADD [nickname] channel [key]"
msgid "ADD [nickname] mask"
msgstr "ADD [nickname] mask"
msgid "ADD [nickname] [fingerprint]"
msgstr "ADD [nickname] [fingerprint]"
@@ -1822,9 +1803,6 @@ msgstr "Account"
msgid "Account %s has already reached the maximum number of simultaneous logins (%u)."
msgstr "Account %s has already reached the maximum number of simultaneous logins (%u)."
msgid "Activate security features"
msgstr "Activate security features"
msgid "Activate the requested vHost for the given nick."
msgstr "Activate the requested vHost for the given nick."
@@ -2628,7 +2606,7 @@ msgstr "Bot bans will no longer automatically expire."
#, c-format
msgid "Bot hosts may only be %zu characters long."
msgstr ""
msgstr "Bot hosts may only be %zu characters long."
msgid "Bot hosts may only contain valid host characters."
msgstr "Bot hosts may only contain valid host characters."
@@ -3195,9 +3173,6 @@ msgstr "DEL [nickname] channel"
msgid "DEL [nickname] fingerprint"
msgstr "DEL [nickname] fingerprint"
msgid "DEL [nickname] mask"
msgstr "DEL [nickname] mask"
msgid "DEL {mask | entry-num | list | id}"
msgstr "DEL {mask | entry-num | list | id}"
@@ -3671,17 +3646,6 @@ msgstr ""
"modes is enabled, services will remember your usermodes\n"
"and attempt to re-set them the next time you authenticate."
msgid ""
"Enables or disables security features for a\n"
"channel. When SECURE is set, only users who have\n"
"identified to services, and are not only recognized, will be\n"
"given access to channels from account-based access entries."
msgstr ""
"Enables or disables security features for a\n"
"channel. When SECURE is set, only users who have\n"
"identified to services, and are not only recognized, will be\n"
"given access to channels from account-based access entries."
msgid ""
"Enables or disables signed kicks for a\n"
"channel. When SIGNKICK is set, kicks issued with\n"
@@ -4839,10 +4803,6 @@ msgstr "Manipulate the topic of the specified channel"
msgid "Mask"
msgstr "Mask"
#, c-format
msgid "Mask %s already present on %s's access list."
msgstr "Mask %s already present on %s's access list."
msgid "Mask must be in the form user@host."
msgstr "Mask must be in the form user@host."
@@ -4933,48 +4893,6 @@ msgstr "Modes"
msgid "Modes cleared on %s and the channel destroyed."
msgstr "Modes cleared on %s and the channel destroyed."
#, c-format
msgid ""
"Modifies or displays the access list for your nick. This\n"
"is the list of addresses which will be automatically\n"
"recognized by %s as allowed to use the nick. If\n"
"you want to use the nick from a different address, you\n"
"need to send an IDENTIFY command to make %s\n"
"recognize you. Services Operators may provide a nick\n"
"to modify other users' access lists.\n"
" \n"
"Examples:\n"
" \n"
" ACCESS ADD anyone@*.bepeg.com\n"
" Allows access to user anyone from any machine in\n"
" the bepeg.com domain.\n"
" \n"
" ACCESS DEL anyone@*.bepeg.com\n"
" Reverses the previous command.\n"
" \n"
" ACCESS LIST\n"
" Displays the current access list."
msgstr ""
"Modifies or displays the access list for your nick. This\n"
"is the list of addresses which will be automatically\n"
"recognized by %s as allowed to use the nick. If\n"
"you want to use the nick from a different address, you\n"
"need to send an IDENTIFY command to make %s\n"
"recognize you. Services Operators may provide a nick\n"
"to modify other users' access lists.\n"
" \n"
"Examples:\n"
" \n"
" ACCESS ADD anyone@*.bepeg.com\n"
" Allows access to user anyone from any machine in\n"
" the bepeg.com domain.\n"
" \n"
" ACCESS DEL anyone@*.bepeg.com\n"
" Reverses the previous command.\n"
" \n"
" ACCESS LIST\n"
" Displays the current access list."
msgid ""
"Modifies or displays the certificate list for your nick.\n"
"If you connect to IRC and provide a client certificate with a\n"
@@ -4994,9 +4912,6 @@ msgstr ""
msgid "Modify the list of %s users"
msgstr "Modify the list of %s users"
msgid "Modify the list of authorized addresses"
msgstr "Modify the list of authorized addresses"
msgid "Modify the list of privileged users"
msgstr "Modify the list of privileged users"
@@ -5166,10 +5081,6 @@ msgstr "Nickname %s is already registered!"
msgid "Nickname %s may not be registered."
msgstr "Nickname %s may not be registered."
#, c-format
msgid "Nickname %s registered under your user@host-mask: %s"
msgstr "Nickname %s registered under your user@host-mask: %s"
#, c-format
msgid "Nickname %s registered."
msgstr "Nickname %s registered."
@@ -5837,44 +5748,6 @@ msgstr "Returns the key of the given channel."
msgid "Returns the matching accounts that used given email."
msgstr "Returns the matching accounts that used given email."
msgid "Returns the owner status of the given nickname"
msgstr "Returns the owner status of the given nickname"
msgid ""
"Returns whether the user using the given nickname is\n"
"recognized as the owner of the nickname. The response has\n"
"this format:\n"
" \n"
" nickname status-code account\n"
" \n"
"where nickname is the nickname sent with the command,\n"
"status-code is one of the following, and account\n"
"is the account they are logged in as.\n"
" \n"
" 0 - no such user online or nickname not registered\n"
" 1 - user not recognized as nickname's owner\n"
" 2 - user recognized as owner via access list only\n"
" 3 - user recognized as owner via password identification\n"
" \n"
"If no nickname is given, your status will be returned."
msgstr ""
"Returns whether the user using the given nickname is\n"
"recognized as the owner of the nickname. The response has\n"
"this format:\n"
" \n"
" nickname status-code account\n"
" \n"
"where nickname is the nickname sent with the command,\n"
"status-code is one of the following, and account\n"
"is the account they are logged in as.\n"
" \n"
" 0 - no such user online or nickname not registered\n"
" 1 - user not recognized as nickname's owner\n"
" 2 - user recognized as owner via access list only\n"
" 3 - user recognized as owner via password identification\n"
" \n"
"If no nickname is given, your status will be returned."
msgid "Reverses kicker"
msgstr "Reverses kicker"
@@ -5929,29 +5802,10 @@ msgstr "Secure ops option for %s is now off."
msgid "Secure ops option for %s is now on."
msgstr "Secure ops option for %s is now on."
#, c-format
msgid "Secure option for %s is now off."
msgstr "Secure option for %s is now off."
#, c-format
msgid "Secure option for %s is now on."
msgstr "Secure option for %s is now on."
#, c-format
msgid "Secure option is now off for %s."
msgstr "Secure option is now off for %s."
#, c-format
msgid "Secure option is now on for %s."
msgstr "Secure option is now on for %s."
#, c-format
msgid "Secureops enforced on %s."
msgstr "Secureops enforced on %s."
msgid "Security"
msgstr "Security"
#, c-format
msgid ""
"See %s%s HELP %s for more information\n"
@@ -6679,10 +6533,6 @@ msgstr "Sorry, nickname grouping is temporarily disabled."
msgid "Sorry, nickname registration is temporarily disabled."
msgstr "Sorry, nickname registration is temporarily disabled."
#, c-format
msgid "Sorry, the maximum of %d access entries has been reached."
msgstr "Sorry, the maximum of %d access entries has been reached."
#, c-format
msgid "Sorry, the maximum of %d auto join entries has been reached."
msgstr "Sorry, the maximum of %d auto join entries has been reached."
@@ -6972,7 +6822,7 @@ msgid ""
" \n"
"Sets read-only mode on or off. In read-only mode, normal\n"
"users will not be allowed to modify any services data,\n"
"including channel and nickname access lists, etc. IRCops\n"
"including channel access lists, etc. Server operators\n"
"with sufficient services privileges will be able to modify\n"
"Services' AKILL, SQLINE, SNLINE and ignore lists, drop,\n"
"suspend or forbid nicknames and channels, and manage news,\n"
@@ -6987,7 +6837,7 @@ msgstr ""
" \n"
"Sets read-only mode on or off. In read-only mode, normal\n"
"users will not be allowed to modify any services data,\n"
"including channel and nickname access lists, etc. IRCops\n"
"including channel access lists, etc. Server operators\n"
"with sufficient services privileges will be able to modify\n"
"Services' AKILL, SQLINE, SNLINE and ignore lists, drop,\n"
"suspend or forbid nicknames and channels, and manage news,\n"
@@ -7814,14 +7664,6 @@ msgstr "This command unloads the module named modname."
msgid "This command will resend you the registration confirmation email."
msgstr "This command will resend you the registration confirmation email."
#, c-format
msgid ""
"This nick is owned by someone else. Please choose another.\n"
"(If this is your nick, type %s%s IDENTIFY password.)"
msgstr ""
"This nick is owned by someone else. Please choose another.\n"
"(If this is your nick, type %s%s IDENTIFY password.)"
#, c-format
msgid "This nickname has been forbidden: %s"
msgstr "This nickname has been forbidden: %s"
@@ -7917,9 +7759,6 @@ msgstr "Turn caps lock OFF!"
msgid "Turn chanstats statistics on or off"
msgstr "Turn chanstats statistics on or off"
msgid "Turn nickname security on or off"
msgstr "Turn nickname security on or off"
msgid "Turn protection on or off"
msgstr "Turn protection on or off"
@@ -7951,24 +7790,6 @@ msgstr ""
"(However, anyone who knows your nickname can still get\n"
"information on it using the INFO command.)"
#, c-format
msgid ""
"Turns %s's security features on or off for your\n"
"nick. With SECURE set, you must enter your password\n"
"before you will be recognized as the owner of the nick,\n"
"regardless of whether your address is on the access\n"
"list. However, if you are on the access list, %s\n"
"will not auto-kill you regardless of the setting of the\n"
"KILL option."
msgstr ""
"Turns %s's security features on or off for your\n"
"nick. With SECURE set, you must enter your password\n"
"before you will be recognized as the owner of the nick,\n"
"regardless of whether your address is on the access\n"
"list. However, if you are on the access list, %s\n"
"will not auto-kill you regardless of the setting of the\n"
"KILL option."
msgid "Turns chanstats channel statistics ON or OFF for this user."
msgstr "Turns chanstats channel statistics ON or OFF for this user."
@@ -8594,9 +8415,6 @@ msgstr "You may not drop other Services Operators' nicknames."
msgid "You may not suspend other Services Operators' nicknames."
msgstr "You may not suspend other Services Operators' nicknames."
msgid "You may view but not modify the access list of other Services Operators."
msgstr "You may view but not modify the access list of other Services Operators."
msgid "You may view but not modify the certificate list of other Services Operators."
msgstr "You may view but not modify the certificate list of other Services Operators."
modules/chanserv/chanserv.cpp
+1 -2
View File
@@ -116,12 +116,11 @@ public:
ChanServ = bi;
spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "keeptopic peace cs_secure securefounder signkick")).GetTokens(defaults);
spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "keeptopic peace securefounder signkick")).GetTokens(defaults);
if (defaults.empty())
{
defaults.emplace_back("KEEPTOPIC");
defaults.emplace_back("PEACE");
defaults.emplace_back("CS_SECURE");
defaults.emplace_back("SECUREFOUNDER");
defaults.emplace_back("SIGNKICK");
}
modules/chanserv/cs_clone.cpp
+1 -1
View File
@@ -196,7 +196,7 @@ public:
target_ci->last_topic_setter = source.service->nick;
const Anope::string settings[] = { "NOAUTOOP", "CS_KEEP_MODES", "PEACE", "PERSIST", "RESTRICTED",
"CS_SECURE", "SECUREFOUNDER", "SECUREOPS", "SIGNKICK", "SIGNKICK_LEVEL", "CS_NO_EXPIRE" };
"SECUREFOUNDER", "SECUREOPS", "SIGNKICK", "SIGNKICK_LEVEL", "CS_NO_EXPIRE" };
for (const auto &setting : settings)
CopySetting(ci, target_ci, setting);
modules/chanserv/cs_set.cpp
+3 -70
View File
@@ -682,70 +682,6 @@ public:
}
};
class CommandCSSetSecure final
: public Command
{
public:
CommandCSSetSecure(Module *creator, const Anope::string &cname = "chanserv/set/secure") : Command(creator, cname, 2, 2)
{
this->SetDesc(_("Activate security features"));
this->SetSyntax(_("\037channel\037 {ON | OFF}"));
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
{
if (Anope::ReadOnly)
{
source.Reply(READ_ONLY_MODE);
return;
}
ChannelInfo *ci = ChannelInfo::Find(params[0]);
if (ci == NULL)
{
source.Reply(CHAN_X_NOT_REGISTERED, params[0].c_str());
return;
}
EventReturn MOD_RESULT;
FOREACH_RESULT(OnSetChannelOption, MOD_RESULT, (source, this, ci, params[1]));
if (MOD_RESULT == EVENT_STOP)
return;
if (MOD_RESULT != EVENT_ALLOW && !source.AccessFor(ci).HasPriv("SET") && source.permission.empty() && !source.HasPriv("chanserv/administration"))
{
source.Reply(ACCESS_DENIED);
return;
}
if (params[1].equals_ci("ON"))
{
Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to enable secure";
ci->Extend<bool>("CS_SECURE");
source.Reply(_("Secure option for %s is now \002on\002."), ci->name.c_str());
}
else if (params[1].equals_ci("OFF"))
{
Log(source.AccessFor(ci).HasPriv("SET") ? LOG_COMMAND : LOG_OVERRIDE, source, this, ci) << "to disable secure";
ci->Shrink<bool>("CS_SECURE");
source.Reply(_("Secure option for %s is now \002off\002."), ci->name.c_str());
}
else
this->OnSyntaxError(source, "SECURE");
}
bool OnHelp(CommandSource &source, const Anope::string &) override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Enables or disables security features for a\n"
"channel. When \002SECURE\002 is set, only users who have\n"
"identified to services, and are not only recognized, will be\n"
"given access to channels from account-based access entries."));
return true;
}
};
class CommandCSSetSecureFounder final
: public Command
{
@@ -1110,7 +1046,7 @@ class CSSet final
: public Module
{
SerializableExtensibleItem<bool> noautoop, peace, securefounder,
restricted, secure, secureops, signkick, signkick_level, noexpire,
restricted, secureops, signkick, signkick_level, noexpire,
persist;
struct KeepModes final
@@ -1169,7 +1105,6 @@ class CSSet final
CommandCSSetPeace commandcssetpeace;
CommandCSSetPersist commandcssetpersist;
CommandCSSetRestricted commandcssetrestricted;
CommandCSSetSecure commandcssetsecure;
CommandCSSetSecureFounder commandcssetsecurefounder;
CommandCSSetSecureOps commandcssetsecureops;
CommandCSSetSignKick commandcssetsignkick;
@@ -1184,7 +1119,7 @@ public:
CSSet(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR),
noautoop(this, "NOAUTOOP"), peace(this, "PEACE"),
securefounder(this, "SECUREFOUNDER"), restricted(this, "RESTRICTED"),
secure(this, "CS_SECURE"), secureops(this, "SECUREOPS"), signkick(this, "SIGNKICK"),
secureops(this, "SECUREOPS"), signkick(this, "SIGNKICK"),
signkick_level(this, "SIGNKICK_LEVEL"), noexpire(this, "CS_NO_EXPIRE"),
persist(this, "PERSIST"),
keep_modes(this, "CS_KEEP_MODES"),
@@ -1192,7 +1127,7 @@ public:
commandcsset(this), commandcssetautoop(this), commandcssetbantype(this),
commandcssetdescription(this), commandcssetfounder(this), commandcssetkeepmodes(this),
commandcssetpeace(this), commandcssetpersist(this), commandcssetrestricted(this),
commandcssetsecure(this), commandcssetsecurefounder(this), commandcssetsecureops(this), commandcssetsignkick(this),
commandcssetsecurefounder(this), commandcssetsecureops(this), commandcssetsignkick(this),
commandcssetsuccessor(this), commandcssetnoexpire(this),
inhabit("inhabit")
@@ -1304,8 +1239,6 @@ public:
info.AddOption(_("Peace"));
if (restricted.HasExt(ci))
info.AddOption(_("Restricted access"));
if (secure.HasExt(ci))
info.AddOption(_("Security"));
if (securefounder.HasExt(ci))
info.AddOption(_("Secure founder"));
if (secureops.HasExt(ci))
modules/database/db_old.cpp
+2 -9
View File
@@ -35,7 +35,6 @@ else \
#define OLD_BI_PRIVATE 0x0001
#define OLD_NI_KILLPROTECT 0x00000001 /* Kill others who take this nick */
#define OLD_NI_SECURE 0x00000002 /* Don't recognize unless IDENTIFY'd */
#define OLD_NI_MSG 0x00000004 /* Use PRIVMSGs instead of NOTICEs */
#define OLD_NI_MEMO_HARDMAX 0x00000008 /* Don't allow user to change memo limit */
#define OLD_NI_MEMO_SIGNON 0x00000010 /* Notify of memos at signon and un-away */
@@ -60,7 +59,6 @@ else \
#define OLD_CI_TOPICLOCK 0x00000008
#define OLD_CI_RESTRICTED 0x00000010
#define OLD_CI_PEACE 0x00000020
#define OLD_CI_SECURE 0x00000040
#define OLD_CI_VERBOTEN 0x00000080
#define OLD_CI_ENCRYPTEDPW 0x00000100
#define OLD_CI_NO_EXPIRE 0x00000200
@@ -449,7 +447,7 @@ static void LoadNicks()
READ(read_string(buffer, f));
auto *nc = new NickCore(buffer);
const Anope::string settings[] = { "killprotect", "kill_quick", "ns_secure", "ns_private", "hide_email",
const Anope::string settings[] = { "killprotect", "kill_quick", "ns_private", "hide_email",
"hide_mask", "hide_quit", "memo_signon", "memo_receive", "autoop", "msg", "ns_keepmodes" };
for (const auto &setting : settings)
nc->Shrink<bool>(setting.upper());
@@ -483,8 +481,6 @@ static void LoadNicks()
READ(read_uint32(&u32, f));
if (u32 & OLD_NI_KILLPROTECT)
nc->Extend<bool>("KILLPROTECT");
if (u32 & OLD_NI_SECURE)
nc->Extend<bool>("NS_SECURE");
if (u32 & OLD_NI_MSG)
nc->Extend<bool>("MSG");
if (u32 & OLD_NI_MEMO_HARDMAX)
@@ -571,7 +567,6 @@ static void LoadNicks()
for (uint16_t j = 0; j < u16; ++j)
{
READ(read_string(buffer, f));
nc->access.push_back(buffer);
}
int16_t i16;
@@ -752,7 +747,7 @@ static void LoadChannels()
READ(read_buffer(namebuf, f));
auto *ci = new ChannelInfo(namebuf);
const Anope::string settings[] = { "keeptopic", "peace", "cs_private", "restricted", "cs_secure", "secureops", "securefounder",
const Anope::string settings[] = { "keeptopic", "peace", "cs_private", "restricted", "secureops", "securefounder",
"signkick", "signkick_level", "topiclock", "persist", "noautoop", "cs_keepmodes" };
for (const auto &setting : settings)
ci->Shrink<bool>(setting.upper());
@@ -801,8 +796,6 @@ static void LoadChannels()
ci->Extend<bool>("RESTRICTED");
if (tmpu32 & OLD_CI_PEACE)
ci->Extend<bool>("PEACE");
if (tmpu32 & OLD_CI_SECURE)
ci->Extend<bool>("CS_SECURE");
if (tmpu32 & OLD_CI_NO_EXPIRE)
ci->Extend<bool>("CS_NO_EXPIRE");
if (tmpu32 & OLD_CI_MEMO_HARDMAX)
modules/nickserv/nickserv.cpp
+6 -20
View File
@@ -190,27 +190,14 @@ public:
else if (MOD_RESULT == EVENT_ALLOW)
return;
if (!na->nc->HasExt("NS_SECURE") && u->IsRecognized())
{
na->last_seen = Anope::CurTime;
na->last_usermask = u->GetIdent() + "@" + u->GetDisplayedHost();
na->last_realname = u->realname;
return;
}
if (Config->GetModule("nickserv")->Get<bool>("nonicknameownership"))
return;
bool on_access = u->IsRecognized(false);
if (on_access || !na->nc->HasExt("KILL_IMMED"))
if (!na->nc->HasExt("KILL_IMMED"))
{
if (na->nc->HasExt("NS_SECURE"))
u->SendMessage(NickServ, NICK_IS_SECURE, Config->StrictPrivmsg.c_str(), NickServ->nick.c_str());
else
u->SendMessage(NickServ, NICK_IS_REGISTERED, Config->StrictPrivmsg.c_str(), NickServ->nick.c_str());
u->SendMessage(NickServ, NICK_IS_SECURE, Config->StrictPrivmsg.c_str(), NickServ->nick.c_str());
}
if (na->nc->HasExt("KILLPROTECT") && !on_access)
if (na->nc->HasExt("KILLPROTECT"))
{
if (na->nc->HasExt("KILL_IMMED"))
{
@@ -310,10 +297,9 @@ public:
NickServ = bi;
spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "ns_secure memo_signon memo_receive")).GetTokens(defaults);
spacesepstream(conf->GetModule(this)->Get<const Anope::string>("defaults", "memo_signon memo_receive")).GetTokens(defaults);
if (defaults.empty())
{
defaults.emplace_back("NS_SECURE");
defaults.emplace_back("MEMO_SIGNON");
defaults.emplace_back("MEMO_RECEIVE");
}
@@ -523,7 +509,7 @@ public:
/* Update last quit and last seen for the user */
NickAlias *na = NickAlias::Find(u->nick);
if (na && !na->nc->HasExt("NS_SUSPENDED") && (u->IsRecognized() || u->IsIdentified(true)))
if (na && !na->nc->HasExt("NS_SUSPENDED") && u->IsIdentified(true))
{
na->last_seen = Anope::CurTime;
na->last_quit = msg;
@@ -543,7 +529,7 @@ public:
++it;
User *u = User::Find(na->nick, true);
if (u && (u->IsIdentified(true) || u->IsRecognized()))
if (u && u->IsIdentified(true))
na->last_seen = Anope::CurTime;
bool expire = false;
modules/nickserv/ns_access.cpp
-208
View File
@@ -1,208 +0,0 @@
/* NickServ core functions
*
* (C) 2003-2024 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*/
#include "module.h"
class CommandNSAccess final
: public Command
{
private:
void DoAdd(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (mask.empty())
{
this->OnSyntaxError(source, "ADD");
return;
}
if (Anope::ReadOnly)
{
source.Reply(READ_ONLY_MODE);
return;
}
if (nc->access.size() >= Config->GetModule(this->owner)->Get<unsigned>("accessmax", "32"))
{
source.Reply(_("Sorry, the maximum of %d access entries has been reached."), Config->GetModule(this->owner)->Get<unsigned>("accessmax"));
return;
}
if (nc->FindAccess(mask))
{
source.Reply(_("Mask \002%s\002 already present on %s's access list."), mask.c_str(), nc->display.c_str());
return;
}
nc->AddAccess(mask);
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to ADD mask " << mask << " to " << nc->display;
source.Reply(_("\002%s\002 added to %s's access list."), mask.c_str(), nc->display.c_str());
return;
}
void DoDel(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (mask.empty())
{
this->OnSyntaxError(source, "DEL");
return;
}
if (Anope::ReadOnly)
{
source.Reply(READ_ONLY_MODE);
return;
}
if (!nc->FindAccess(mask))
{
source.Reply(_("\002%s\002 not found on %s's access list."), mask.c_str(), nc->display.c_str());
return;
}
nc->EraseAccess(mask);
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to DELETE mask " << mask << " from " << nc->display;
source.Reply(_("\002%s\002 deleted from %s's access list."), mask.c_str(), nc->display.c_str());
return;
}
static void DoList(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
unsigned i, end;
if (nc->access.empty())
{
source.Reply(_("%s's access list is empty."), nc->display.c_str());
return;
}
source.Reply(_("Access list for %s:"), nc->display.c_str());
for (i = 0, end = nc->access.size(); i < end; ++i)
{
Anope::string access = nc->GetAccess(i);
if (!mask.empty() && !Anope::Match(access, mask))
continue;
source.Reply(" %s", access.c_str());
}
return;
}
public:
CommandNSAccess(Module *creator) : Command(creator, "nickserv/access", 1, 3)
{
this->SetDesc(_("Modify the list of authorized addresses"));
this->SetSyntax(_("ADD [\037nickname\037] \037mask\037"));
this->SetSyntax(_("DEL [\037nickname\037] \037mask\037"));
this->SetSyntax(_("LIST [\037nickname\037]"));
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
{
const Anope::string &cmd = params[0];
Anope::string nick, mask;
if (cmd.equals_ci("LIST"))
nick = params.size() > 1 ? params[1] : "";
else
{
nick = params.size() == 3 ? params[1] : "";
mask = params.size() > 1 ? params[params.size() - 1] : "";
}
NickCore *nc;
if (!nick.empty())
{
const NickAlias *na = NickAlias::Find(nick);
if (na == NULL)
{
source.Reply(NICK_X_NOT_REGISTERED, nick.c_str());
return;
}
else if (na->nc != source.GetAccount() && !source.HasPriv("nickserv/access"))
{
source.Reply(ACCESS_DENIED);
return;
}
else if (Config->GetModule("nickserv")->Get<bool>("secureadmins", "yes") && source.GetAccount() != na->nc && na->nc->IsServicesOper() && !cmd.equals_ci("LIST"))
{
source.Reply(_("You may view but not modify the access list of other Services Operators."));
return;
}
nc = na->nc;
}
else
nc = source.nc;
if (!mask.empty() && (mask.find('@') == Anope::string::npos || mask.find('!') != Anope::string::npos))
{
source.Reply(BAD_USERHOST_MASK);
source.Reply(MORE_INFO, Config->StrictPrivmsg.c_str(), source.service->nick.c_str(), source.command.c_str());
}
else if (cmd.equals_ci("LIST"))
return this->DoList(source, nc, mask);
else if (nc->HasExt("NS_SUSPENDED"))
source.Reply(NICK_X_SUSPENDED, nc->display.c_str());
else if (cmd.equals_ci("ADD"))
return this->DoAdd(source, nc, mask);
else if (cmd.equals_ci("DEL"))
return this->DoDel(source, nc, mask);
else
this->OnSyntaxError(source, "");
}
bool OnHelp(CommandSource &source, const Anope::string &subcommand) override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Modifies or displays the access list for your nick. This\n"
"is the list of addresses which will be automatically\n"
"recognized by %s as allowed to use the nick. If\n"
"you want to use the nick from a different address, you\n"
"need to send an \002IDENTIFY\002 command to make %s\n"
"recognize you. Services Operators may provide a nick\n"
"to modify other users' access lists.\n"
" \n"
"Examples:\n"
" \n"
" \002ACCESS ADD anyone@*.bepeg.com\002\n"
" Allows access to user \002anyone\002 from any machine in\n"
" the \002bepeg.com\002 domain.\n"
" \n"
" \002ACCESS DEL anyone@*.bepeg.com\002\n"
" Reverses the previous command.\n"
" \n"
" \002ACCESS LIST\002\n"
" Displays the current access list."), source.service->nick.c_str(), source.service->nick.c_str());
return true;
}
};
class NSAccess final
: public Module
{
CommandNSAccess commandnsaccess;
public:
NSAccess(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR),
commandnsaccess(this)
{
}
void OnNickRegister(User *u, NickAlias *na, const Anope::string &) override
{
if (u && Config->GetModule(this)->Get<bool>("addaccessonreg"))
na->nc->AddAccess(u->Mask());
}
};
MODULE_INIT(NSAccess)
modules/nickserv/ns_cert.cpp
+1 -1
View File
@@ -299,7 +299,7 @@ public:
source.Reply(NICK_X_NOT_REGISTERED, nick.c_str());
return;
}
else if (na->nc != source.GetAccount() && !source.HasPriv("nickserv/access"))
else if (na->nc != source.GetAccount() && !source.HasPriv("nickserv/cert"))
{
source.Reply(ACCESS_DENIED);
return;
modules/nickserv/ns_recover.cpp
+2 -4
View File
@@ -59,7 +59,7 @@ public:
// same person that is executing the command, so kill them off (old GHOST command).
else if (u->Account() == na->nc)
{
if (!source.GetAccount() && na->nc->HasExt("NS_SECURE"))
if (!source.GetAccount())
{
source.GetUser()->Login(u->Account());
Log(LOG_COMMAND, source, cmd) << "and was automatically identified to " << u->Account()->display;
@@ -90,7 +90,7 @@ public:
/* User is not identified or not identified to the same account as the person using this command */
else
{
if (!source.GetAccount() && na->nc->HasExt("NS_SECURE"))
if (!source.GetAccount())
{
source.GetUser()->Login(na->nc); // Identify the user using the command if they arent identified
Log(LOG_COMMAND, source, cmd) << "and was automatically identified to " << na->nick << " (" << na->nc->display << ")";
@@ -182,8 +182,6 @@ public:
bool ok = false;
if (source.GetAccount() == na->nc)
ok = true;
else if (!na->nc->HasExt("NS_SECURE") && source.GetUser() && na->nc->IsOnAccess(source.GetUser()))
ok = true;
NSCertList *cl = na->nc->GetExt<NSCertList>("certificates");
if (source.GetUser() && !source.GetUser()->fingerprint.empty() && cl && cl->FindCert(source.GetUser()->fingerprint))
modules/nickserv/ns_register.cpp
+1 -5
View File
@@ -233,11 +233,7 @@ public:
Log(LOG_COMMAND, source, this) << "to register " << na->nick << " (email: " << (!na->nc->email.empty() ? na->nc->email : "none") << ")";
if (na->nc->GetAccessCount())
source.Reply(_("Nickname \002%s\002 registered under your user@host-mask: %s"), u_nick.c_str(), na->nc->GetAccess(0).c_str());
else
source.Reply(_("Nickname \002%s\002 registered."), u_nick.c_str());
source.Reply(_("Nickname \002%s\002 registered."), u_nick.c_str());
if (nsregister.equals_ci("admin"))
{
nc->Extend<bool>("UNCONFIRMED");
modules/nickserv/ns_set.cpp
+2 -105
View File
@@ -1105,103 +1105,6 @@ public:
}
};
class CommandNSSetSecure
: public Command
{
public:
CommandNSSetSecure(Module *creator, const Anope::string &sname = "nickserv/set/secure", size_t min = 1) : Command(creator, sname, min, min + 1)
{
this->SetDesc(_("Turn nickname security on or off"));
this->SetSyntax("{ON | OFF}");
}
void Run(CommandSource &source, const Anope::string &user, const Anope::string &param)
{
if (Anope::ReadOnly)
{
source.Reply(READ_ONLY_MODE);
return;
}
const NickAlias *na = NickAlias::Find(user);
if (!na)
{
source.Reply(NICK_X_NOT_REGISTERED, user.c_str());
return;
}
NickCore *nc = na->nc;
EventReturn MOD_RESULT;
FOREACH_RESULT(OnSetNickOption, MOD_RESULT, (source, this, nc, param));
if (MOD_RESULT == EVENT_STOP)
return;
if (param.equals_ci("ON"))
{
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to enable secure for " << nc->display;
nc->Extend<bool>("NS_SECURE");
source.Reply(_("Secure option is now \002on\002 for \002%s\002."), nc->display.c_str());
}
else if (param.equals_ci("OFF"))
{
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to disable secure for " << nc->display;
nc->Shrink<bool>("NS_SECURE");
source.Reply(_("Secure option is now \002off\002 for \002%s\002."), nc->display.c_str());
}
else
this->OnSyntaxError(source, "SECURE");
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
{
this->Run(source, source.nc->display, params[0]);
}
bool OnHelp(CommandSource &source, const Anope::string &) override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Turns %s's security features on or off for your\n"
"nick. With \002SECURE\002 set, you must enter your password\n"
"before you will be recognized as the owner of the nick,\n"
"regardless of whether your address is on the access\n"
"list. However, if you are on the access list, %s\n"
"will not auto-kill you regardless of the setting of the\n"
"\002KILL\002 option."), source.service->nick.c_str(), source.service->nick.c_str());
return true;
}
};
class CommandNSSASetSecure final
: public CommandNSSetSecure
{
public:
CommandNSSASetSecure(Module *creator) : CommandNSSetSecure(creator, "nickserv/saset/secure", 2)
{
this->ClearSyntax();
this->SetSyntax(_("\037nickname\037 {ON | OFF}"));
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
{
this->Run(source, params[0], params[1]);
}
bool OnHelp(CommandSource &source, const Anope::string &) override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Turns %s's security features on or off for your\n"
"nick. With \002SECURE\002 set, you must enter your password\n"
"before you will be recognized as the owner of the nick,\n"
"regardless of whether your address is on the access\n"
"list. However, if you are on the access list, %s\n"
"will not auto-kill you regardless of the setting of the\n"
"\002KILL\002 option."), source.service->nick.c_str(), source.service->nick.c_str());
return true;
}
};
class CommandNSSASetNoexpire final
: public Command
{
@@ -1288,13 +1191,10 @@ class NSSet final
CommandNSSetPassword commandnssetpassword;
CommandNSSASetPassword commandnssasetpassword;
CommandNSSetSecure commandnssetsecure;
CommandNSSASetSecure commandnssasetsecure;
CommandNSSASetNoexpire commandnssasetnoexpire;
SerializableExtensibleItem<bool> autoop, neverop, killprotect, kill_quick, kill_immed,
message, secure, noexpire;
message, noexpire;
struct KeepModes final
: SerializableExtensibleItem<bool>
@@ -1358,13 +1258,12 @@ public:
commandnssetlanguage(this), commandnssasetlanguage(this),
commandnssetmessage(this), commandnssasetmessage(this),
commandnssetpassword(this), commandnssasetpassword(this),
commandnssetsecure(this), commandnssasetsecure(this),
commandnssasetnoexpire(this),
autoop(this, "AUTOOP"), neverop(this, "NEVEROP"),
killprotect(this, "KILLPROTECT"), kill_quick(this, "KILL_QUICK"),
kill_immed(this, "KILL_IMMED"), message(this, "MSG"),
secure(this, "NS_SECURE"), noexpire(this, "NS_NO_EXPIRE"),
noexpire(this, "NS_NO_EXPIRE"),
keep_modes(this, "NS_KEEP_MODES"), ns_set_email(this, "ns_set_email")
{
@@ -1420,8 +1319,6 @@ public:
info.AddOption(_("Quick protection"));
else if (killprotect.HasExt(na->nc))
info.AddOption(_("Protection"));
if (secure.HasExt(na->nc))
info.AddOption(_("Security"));
if (message.HasExt(na->nc))
info.AddOption(_("Message mode"));
if (autoop.HasExt(na->nc))
modules/nickserv/ns_status.cpp
-89
View File
@@ -1,89 +0,0 @@
/* NickServ core functions
*
* (C) 2003-2024 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*/
#include "module.h"
class CommandNSStatus final
: public Command
{
public:
CommandNSStatus(Module *creator) : Command(creator, "nickserv/status", 0, 16)
{
this->SetDesc(_("Returns the owner status of the given nickname"));
this->SetSyntax(_("[\037nickname\037]"));
this->AllowUnregistered(true);
}
void Execute(CommandSource &source, const std::vector<Anope::string> &params) override
{
const Anope::string &nick = !params.empty() ? params[0] : source.GetNick();
const NickAlias *na = NickAlias::Find(nick);
spacesepstream sep(nick);
Anope::string nickbuf;
while (sep.GetToken(nickbuf))
{
User *u2 = User::Find(nickbuf, true);
if (!u2) /* Nick is not online */
source.Reply("STATUS %s %d %s", nickbuf.c_str(), 0, "");
else if (u2->IsIdentified() && na && na->nc == u2->Account()) /* Nick is identified */
source.Reply("STATUS %s %d %s", nickbuf.c_str(), 3, u2->Account()->display.c_str());
else if (u2->IsRecognized()) /* Nick is recognised, but NOT identified */
source.Reply("STATUS %s %d %s", nickbuf.c_str(), 2, u2->Account() ? u2->Account()->display.c_str() : "");
else if (!na) /* Nick is online, but NOT a registered */
source.Reply("STATUS %s %d %s", nickbuf.c_str(), 0, "");
else
/* Nick is not identified for the nick, but they could be logged into an account,
* so we tell the user about it
*/
source.Reply("STATUS %s %d %s", nickbuf.c_str(), 1, u2->Account() ? u2->Account()->display.c_str() : "");
}
return;
}
bool OnHelp(CommandSource &source, const Anope::string &subcommand) override
{
this->SendSyntax(source);
source.Reply(" ");
source.Reply(_("Returns whether the user using the given nickname is\n"
"recognized as the owner of the nickname. The response has\n"
"this format:\n"
" \n"
" \037nickname\037 \037status-code\037 \037account\037\n"
" \n"
"where \037nickname\037 is the nickname sent with the command,\n"
"\037status-code\037 is one of the following, and \037account\037\n"
"is the account they are logged in as.\n"
" \n"
" 0 - no such user online \002or\002 nickname not registered\n"
" 1 - user not recognized as nickname's owner\n"
" 2 - user recognized as owner via access list only\n"
" 3 - user recognized as owner via password identification\n"
" \n"
"If no nickname is given, your status will be returned."));
return true;
}
};
class NSStatus final
: public Module
{
CommandNSStatus commandnsstatus;
public:
NSStatus(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR),
commandnsstatus(this)
{
}
};
MODULE_INIT(NSStatus)
modules/operserv/os_set.cpp
+1 -1
View File
@@ -214,7 +214,7 @@ public:
" \n"
"Sets read-only mode on or off. In read-only mode, normal\n"
"users will not be allowed to modify any services data,\n"
"including channel and nickname access lists, etc. IRCops\n"
"including channel access lists, etc. Server operators\n"
"with sufficient services privileges will be able to modify\n"
"Services' AKILL, SQLINE, SNLINE and ignore lists, drop,\n"
"suspend or forbid nicknames and channels, and manage news,\n"
modules/webcpanel/pages/chanserv/set.cpp
-11
View File
@@ -76,14 +76,6 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri
ci->Shrink<bool>("RESTRICTED");
replacements["MESSAGES"] = "Restricted updated";
}
if (ci->HasExt("CS_SECURE") != message.post_data.count("secure"))
{
if (!ci->HasExt("CS_SECURE"))
ci->Extend<bool>("CS_SECURE");
else
ci->Shrink<bool>("CS_SECURE");
replacements["MESSAGES"] = "Secure updated";
}
if (ci->HasExt("SECUREOPS") != message.post_data.count("secureops"))
{
if (!ci->HasExt("SECUREOPS"))
@@ -132,9 +124,6 @@ bool WebCPanel::ChanServ::Set::OnRequest(HTTPProvider *server, const Anope::stri
if (ci->HasExt("RESTRICTED"))
replacements["RESTRICTED"];
if (ci->HasExt("CS_SECURE"))
replacements["SECURE"];
if (ci->HasExt("SECUREOPS"))
replacements["SECUREOPS"];
modules/webcpanel/pages/nickserv/access.cpp
-39
View File
@@ -1,39 +0,0 @@
/*
* (C) 2003-2024 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*/
#include "../../webcpanel.h"
WebCPanel::NickServ::Access::Access(const Anope::string &cat, const Anope::string &u) : WebPanelProtectedPage(cat, u)
{
}
bool WebCPanel::NickServ::Access::OnRequest(HTTPProvider *server, const Anope::string &page_name, HTTPClient *client, HTTPMessage &message, HTTPReply &reply, NickAlias *na, TemplateFileServer::Replacements &replacements)
{
if (message.post_data.count("access") > 0)
{
std::vector<Anope::string> params;
params.emplace_back("ADD");
params.push_back(message.post_data["access"]);
WebPanel::RunCommand(client, na->nc->display, na->nc, "NickServ", "nickserv/access", params, replacements);
}
else if (message.get_data.count("del") > 0 && message.get_data.count("mask") > 0)
{
std::vector<Anope::string> params;
params.emplace_back("DEL");
params.push_back(message.get_data["mask"]);
WebPanel::RunCommand(client, na->nc->display, na->nc, "NickServ", "nickserv/access", params, replacements);
}
for (const auto &access : na->nc->access)
replacements["ACCESS"] = access;
TemplateFileServer page("nickserv/access.html");
page.Serve(server, page_name, client, message, reply, replacements);
return true;
}
modules/webcpanel/pages/nickserv/access.h
-27
View File
@@ -1,27 +0,0 @@
/*
* (C) 2003-2024 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*/
#pragma once
namespace WebCPanel
{
namespace NickServ
{
class Access final
: public WebPanelProtectedPage
{
public:
Access(const Anope::string &cat, const Anope::string &u);
bool OnRequest(HTTPProvider *, const Anope::string &, HTTPClient *, HTTPMessage &, HTTPReply &, NickAlias *, TemplateFileServer::Replacements &) override;
};
}
}
modules/webcpanel/pages/nickserv/info.cpp
-10
View File
@@ -56,14 +56,6 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str
na->nc->Shrink<bool>("NS_PRIVATE");
replacements["MESSAGES"] = "Private updated";
}
if (na->nc->HasExt("NS_SECURE") != message.post_data.count("secure"))
{
if (!na->nc->HasExt("NS_SECURE"))
na->nc->Extend<bool>("NS_SECURE");
else
na->nc->Shrink<bool>("NS_SECURE");
replacements["MESSAGES"] = "Secure updated";
}
if (message.post_data["kill"] == "on" && !na->nc->HasExt("KILLPROTECT"))
{
na->nc->Extend<bool>("KILLPROTECT");
@@ -102,8 +94,6 @@ bool WebCPanel::NickServ::Info::OnRequest(HTTPProvider *server, const Anope::str
replacements["AUTOOP"];
if (na->nc->HasExt("NS_PRIVATE"))
replacements["PRIVATE"];
if (na->nc->HasExt("NS_SECURE"))
replacements["SECURE"];
if (na->nc->HasExt("KILLPROTECT"))
replacements["KILL_ON"];
if (na->nc->HasExt("KILL_QUICK"))
modules/webcpanel/templates/default/chanserv/set.html
-4
View File
@@ -64,10 +64,6 @@
<td>Restricted</td>
<td><input type="checkbox" name="restricted" value="on" {IF EXISTS RESTRICTED}checked{END IF}></td>
</tr>
<tr>
<td>Secure</td>
<td><input type="checkbox" name="secure" value="on" {IF EXISTS SECURE}checked{END IF}></td>
</tr>
<tr>
<td>Secure Ops</td>
<td><input type="checkbox" name="secureops" value="on" {IF EXISTS SECUREOPS}checked{END IF}></td>
modules/webcpanel/templates/default/nickserv/access.html
-42
View File
@@ -1,42 +0,0 @@
{INCLUDE header.html}
<div class="panel-heading">Nick access list</div>
<div class="panel-body">
{FOR M IN MESSAGES}
<div class="alert alert-info">
{M}<br>
</div>
{END FOR}
{IF EXISTS ACCESS}
<table id="tableNSAccess" class="table table-hover">
<tbody>
{FOR A IN ACCESS}
<tr>
<td class="col-lg-4">{A}</td>
<td class="col-lg-8"><a href="/nickserv/access?mask={A}&del=1" class="btn btn-sm btn-danger">Delete</a></td>
</tr>
{END FOR}
</tbody>
</table>
{ELSE}
<em>Your access list is empty.</em>
{END IF}
<hr>
<h4>Add an access entry</h4>
<form class="form-horizontal" method="post" action="/nickserv/access">
<div class="form-group">
<label class="control-label col-lg-2" for="access">Hostmask:</label>
<div class="col-lg-5">
<input class="form-control" type="text" name="access" id="access" placeholder="Mask must be in the form user@host">
</div>
</div>
<div class="form-group">
<div class="col-lg-offset-2 col-lg-5">
<button type="submit" class="btn btn-primary">Add</button>
</div>
</div>
</form>
</div>
{INCLUDE footer.html}
modules/webcpanel/templates/default/nickserv/info.html
-4
View File
@@ -48,10 +48,6 @@
<td>Private:</td>
<td><input type="checkbox" name="private" value="on" {IF EXISTS PRIVATE}checked{END IF}></td>
</tr>
<tr>
<td>Secure:</td>
<td><input type="checkbox" name="secure" value="on" {IF EXISTS SECURE}checked{END IF}></td>
</tr>
<tr>
<td>Kill:</td>
<td>
modules/webcpanel/webcpanel.cpp
+1 -8
View File
@@ -27,7 +27,6 @@ class ModuleWebCPanel final
WebCPanel::NickServ::Info nickserv_info;
WebCPanel::NickServ::Cert nickserv_cert;
WebCPanel::NickServ::Access nickserv_access;
WebCPanel::NickServ::Alist nickserv_alist;
WebCPanel::NickServ::Confirm nickserv_confirm;
@@ -51,7 +50,7 @@ public:
id(this, "webcpanel_id"), ip(this, "webcpanel_ip"), last_login(this, "webcpanel_last_login"),
style_css("style.css", "/static/style.css", "text/css"), logo_png("logo.png", "/static/logo.png", "image/png"), cubes_png("cubes.png", "/static/cubes.png", "image/png"), favicon_ico("favicon.ico", "/favicon.ico", "image/x-icon"),
index("/"), logout("/logout"), _register("/register"), confirm("/confirm"),
nickserv_info("NickServ", "/nickserv/info"), nickserv_cert("NickServ", "/nickserv/cert"), nickserv_access("NickServ", "/nickserv/access"), nickserv_alist("NickServ", "/nickserv/alist"), nickserv_confirm("NickServ", "/nickserv/confirm"),
nickserv_info("NickServ", "/nickserv/info"), nickserv_cert("NickServ", "/nickserv/cert"), nickserv_alist("NickServ", "/nickserv/alist"), nickserv_confirm("NickServ", "/nickserv/confirm"),
chanserv_info("ChanServ", "/chanserv/info"), chanserv_set("ChanServ", "/chanserv/set"), chanserv_access("ChanServ", "/chanserv/access"), chanserv_akick("ChanServ", "/chanserv/akick"),
chanserv_modes("ChanServ", "/chanserv/modes"), chanserv_drop("ChanServ", "/chanserv/drop"), memoserv_memos("MemoServ", "/memoserv/memos"), hostserv_request("HostServ", "/hostserv/request"),
operserv_akill("OperServ", "/operserv/akill")
@@ -99,11 +98,6 @@ public:
provider->RegisterPage(&this->nickserv_cert);
}
ss.name = "Access";
ss.url = "/nickserv/access";
s.subsections.push_back(ss);
provider->RegisterPage(&this->nickserv_access);
ss.name = "AList";
ss.url = "/nickserv/alist";
s.subsections.push_back(ss);
@@ -219,7 +213,6 @@ public:
provider->UnregisterPage(&this->nickserv_info);
provider->UnregisterPage(&this->nickserv_cert);
provider->UnregisterPage(&this->nickserv_access);
provider->UnregisterPage(&this->nickserv_alist);
provider->UnregisterPage(&this->nickserv_confirm);
modules/webcpanel/webcpanel.h
-1
View File
@@ -170,7 +170,6 @@ namespace WebPanel
#include "pages/nickserv/info.h"
#include "pages/nickserv/cert.h"
#include "pages/nickserv/access.h"
#include "pages/nickserv/alist.h"
#include "pages/nickserv/confirm.h"
src/nickcore.cpp
-79
View File
@@ -61,8 +61,6 @@ NickCore::~NickCore()
if (this->id)
NickCoreIdList.erase(this->id);
this->ClearAccess();
if (!this->memos.memos->empty())
{
for (unsigned i = 0, end = this->memos.memos->size(); i < end; ++i)
@@ -78,8 +76,6 @@ void NickCore::Serialize(Serialize::Data &data) const
data["pass"] << this->pass;
data["email"] << this->email;
data["language"] << this->language;
for (const auto &mask : this->access)
data["access"] << mask << " ";
data["memomax"] << this->memos.memomax;
for (const auto &ignore : this->memos.ignores)
data["memoignores"] << ignore << " ";
@@ -104,14 +100,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
data["pass"] >> nc->pass;
data["email"] >> nc->email;
data["language"] >> nc->language;
{
Anope::string buf;
data["access"] >> buf;
spacesepstream sep(buf);
nc->access.clear();
while (sep.GetToken(buf))
nc->access.push_back(buf);
}
data["memomax"] >> nc->memos.memomax;
{
Anope::string buf;
@@ -127,10 +115,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
/* compat */
bool b;
b = false;
data["extensible:SECURE"] >> b;
if (b)
nc->Extend<bool>("NS_SECURE");
b = false;
data["extensible:PRIVATE"] >> b;
if (b)
nc->Extend<bool>("NS_PRIVATE");
@@ -187,69 +171,6 @@ bool NickCore::IsServicesOper() const
return this->o != NULL;
}
void NickCore::AddAccess(const Anope::string &entry)
{
this->access.push_back(entry);
FOREACH_MOD(OnNickAddAccess, (this, entry));
}
Anope::string NickCore::GetAccess(unsigned entry) const
{
if (this->access.empty() || entry >= this->access.size())
return "";
return this->access[entry];
}
unsigned NickCore::GetAccessCount() const
{
return this->access.size();
}
bool NickCore::FindAccess(const Anope::string &entry)
{
for (const auto &mask : this->access)
{
if (mask == entry)
return true;
}
return false;
}
void NickCore::EraseAccess(const Anope::string &entry)
{
for (unsigned i = 0, end = this->access.size(); i < end; ++i)
if (this->access[i] == entry)
{
FOREACH_MOD(OnNickEraseAccess, (this, entry));
this->access.erase(this->access.begin() + i);
break;
}
}
void NickCore::ClearAccess()
{
FOREACH_MOD(OnNickClearAccess, (this));
this->access.clear();
}
bool NickCore::IsOnAccess(const User *u) const
{
Anope::string buf = u->GetIdent() + "@" + u->host, buf2, buf3;
if (!u->vhost.empty())
buf2 = u->GetIdent() + "@" + u->vhost;
if (!u->GetCloakedHost().empty())
buf3 = u->GetIdent() + "@" + u->GetCloakedHost();
for (unsigned i = 0, end = this->access.size(); i < end; ++i)
{
Anope::string a = this->GetAccess(i);
if (Anope::Match(buf, a) || (!buf2.empty() && Anope::Match(buf2, a)) || (!buf3.empty() && Anope::Match(buf3, a)))
return true;
}
return false;
}
void NickCore::AddChannelReference(ChannelInfo *ci)
{
++(*this->chanaccess)[ci];
src/regchannel.cpp
+1 -13
View File
@@ -268,10 +268,6 @@ Serializable *ChannelInfo::Unserialize(Serializable *obj, Serialize::Data &data)
/* compat */
bool b;
b = false;
data["extensible:SECURE"] >> b;
if (b)
ci->Extend<bool>("CS_SECURE");
b = false;
data["extensible:PRIVATE"] >> b;
if (b)
ci->Extend<bool>("CS_PRIVATE");
@@ -423,18 +419,10 @@ AccessGroup ChannelInfo::AccessFor(const User *u, bool updateLastUsed)
if (u == NULL)
return group;
const NickCore *nc = u->Account();
if (nc == NULL && !this->HasExt("NS_SECURE") && u->IsRecognized())
{
const NickAlias *na = NickAlias::Find(u->nick);
if (na != NULL)
nc = na->nc;
}
group.super_admin = u->super_admin;
group.founder = IsFounder(u, this);
group.ci = this;
group.nc = nc;
group.nc = u->Account();
FindMatches(group, this, u, u->Account());
src/users.cpp
+3 -25
View File
@@ -40,7 +40,6 @@ User::User(const Anope::string &snick, const Anope::string &sident, const Anope:
quit = false;
server = NULL;
invalid_pw_count = invalid_pw_time = lastmemosend = lastnickreg = lastmail = 0;
on_access = false;
this->nick = snick;
this->ident = sident;
@@ -153,7 +152,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
else
{
NickAlias *old_na = NickAlias::Find(this->nick);
if (old_na && (this->IsIdentified(true) || this->IsRecognized()))
if (old_na && this->IsIdentified(true))
old_na->last_seen = Anope::CurTime;
UserListByNick.erase(this->nick);
@@ -169,11 +168,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
}
other = this;
on_access = false;
NickAlias *na = NickAlias::Find(this->nick);
if (na)
on_access = na->nc->IsOnAccess(this);
if (na && na->nc == this->Account())
{
na->last_seen = Anope::CurTime;
@@ -282,7 +277,7 @@ void User::SetRealname(const Anope::string &srealname)
this->realname = srealname;
NickAlias *na = NickAlias::Find(this->nick);
if (na && (this->IsIdentified(true) || this->IsRecognized()))
if (na && this->IsIdentified(true))
na->last_realname = srealname;
Log(this, "realname") << "changed realname to " << srealname;
@@ -446,19 +441,6 @@ bool User::IsIdentified(bool check_nick) const
return this->nc;
}
bool User::IsRecognized(bool check_secure) const
{
if (check_secure && on_access)
{
const NickAlias *na = NickAlias::Find(this->nick);
if (!na || na->nc->HasExt("NS_SECURE"))
return false;
}
return on_access;
}
bool User::IsSecurelyConnected() const
{
return HasMode("SSL") || HasExt("ssl");
@@ -530,11 +512,7 @@ void User::UpdateHost()
return;
NickAlias *na = NickAlias::Find(this->nick);
on_access = false;
if (na)
on_access = na->nc->IsOnAccess(this);
if (na && (this->IsIdentified(true) || this->IsRecognized()))
if (na && this->IsIdentified(true))
{
Anope::string last_usermask = this->GetIdent() + "@" + this->GetDisplayedHost();
Anope::string last_realhost = this->GetIdent() + "@" + this->host;