1
0
mirror of https://github.com/anope/anope.git synced 2026-07-01 10:06:37 +02:00

Rip out ns_access and related code.

This is wildly insecure and has been disabled by default for at
least a decade.
This commit is contained in:
Sadie Powell
2024-02-29 14:49:39 +00:00
parent 25bdcfcbc4
commit 579af3c442
32 changed files with 41 additions and 1104 deletions
-79
View File
@@ -61,8 +61,6 @@ NickCore::~NickCore()
if (this->id)
NickCoreIdList.erase(this->id);
this->ClearAccess();
if (!this->memos.memos->empty())
{
for (unsigned i = 0, end = this->memos.memos->size(); i < end; ++i)
@@ -78,8 +76,6 @@ void NickCore::Serialize(Serialize::Data &data) const
data["pass"] << this->pass;
data["email"] << this->email;
data["language"] << this->language;
for (const auto &mask : this->access)
data["access"] << mask << " ";
data["memomax"] << this->memos.memomax;
for (const auto &ignore : this->memos.ignores)
data["memoignores"] << ignore << " ";
@@ -104,14 +100,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
data["pass"] >> nc->pass;
data["email"] >> nc->email;
data["language"] >> nc->language;
{
Anope::string buf;
data["access"] >> buf;
spacesepstream sep(buf);
nc->access.clear();
while (sep.GetToken(buf))
nc->access.push_back(buf);
}
data["memomax"] >> nc->memos.memomax;
{
Anope::string buf;
@@ -127,10 +115,6 @@ Serializable *NickCore::Unserialize(Serializable *obj, Serialize::Data &data)
/* compat */
bool b;
b = false;
data["extensible:SECURE"] >> b;
if (b)
nc->Extend<bool>("NS_SECURE");
b = false;
data["extensible:PRIVATE"] >> b;
if (b)
nc->Extend<bool>("NS_PRIVATE");
@@ -187,69 +171,6 @@ bool NickCore::IsServicesOper() const
return this->o != NULL;
}
void NickCore::AddAccess(const Anope::string &entry)
{
this->access.push_back(entry);
FOREACH_MOD(OnNickAddAccess, (this, entry));
}
Anope::string NickCore::GetAccess(unsigned entry) const
{
if (this->access.empty() || entry >= this->access.size())
return "";
return this->access[entry];
}
unsigned NickCore::GetAccessCount() const
{
return this->access.size();
}
bool NickCore::FindAccess(const Anope::string &entry)
{
for (const auto &mask : this->access)
{
if (mask == entry)
return true;
}
return false;
}
void NickCore::EraseAccess(const Anope::string &entry)
{
for (unsigned i = 0, end = this->access.size(); i < end; ++i)
if (this->access[i] == entry)
{
FOREACH_MOD(OnNickEraseAccess, (this, entry));
this->access.erase(this->access.begin() + i);
break;
}
}
void NickCore::ClearAccess()
{
FOREACH_MOD(OnNickClearAccess, (this));
this->access.clear();
}
bool NickCore::IsOnAccess(const User *u) const
{
Anope::string buf = u->GetIdent() + "@" + u->host, buf2, buf3;
if (!u->vhost.empty())
buf2 = u->GetIdent() + "@" + u->vhost;
if (!u->GetCloakedHost().empty())
buf3 = u->GetIdent() + "@" + u->GetCloakedHost();
for (unsigned i = 0, end = this->access.size(); i < end; ++i)
{
Anope::string a = this->GetAccess(i);
if (Anope::Match(buf, a) || (!buf2.empty() && Anope::Match(buf2, a)) || (!buf3.empty() && Anope::Match(buf3, a)))
return true;
}
return false;
}
void NickCore::AddChannelReference(ChannelInfo *ci)
{
++(*this->chanaccess)[ci];
+1 -13
View File
@@ -268,10 +268,6 @@ Serializable *ChannelInfo::Unserialize(Serializable *obj, Serialize::Data &data)
/* compat */
bool b;
b = false;
data["extensible:SECURE"] >> b;
if (b)
ci->Extend<bool>("CS_SECURE");
b = false;
data["extensible:PRIVATE"] >> b;
if (b)
ci->Extend<bool>("CS_PRIVATE");
@@ -423,18 +419,10 @@ AccessGroup ChannelInfo::AccessFor(const User *u, bool updateLastUsed)
if (u == NULL)
return group;
const NickCore *nc = u->Account();
if (nc == NULL && !this->HasExt("NS_SECURE") && u->IsRecognized())
{
const NickAlias *na = NickAlias::Find(u->nick);
if (na != NULL)
nc = na->nc;
}
group.super_admin = u->super_admin;
group.founder = IsFounder(u, this);
group.ci = this;
group.nc = nc;
group.nc = u->Account();
FindMatches(group, this, u, u->Account());
+3 -25
View File
@@ -40,7 +40,6 @@ User::User(const Anope::string &snick, const Anope::string &sident, const Anope:
quit = false;
server = NULL;
invalid_pw_count = invalid_pw_time = lastmemosend = lastnickreg = lastmail = 0;
on_access = false;
this->nick = snick;
this->ident = sident;
@@ -153,7 +152,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
else
{
NickAlias *old_na = NickAlias::Find(this->nick);
if (old_na && (this->IsIdentified(true) || this->IsRecognized()))
if (old_na && this->IsIdentified(true))
old_na->last_seen = Anope::CurTime;
UserListByNick.erase(this->nick);
@@ -169,11 +168,7 @@ void User::ChangeNick(const Anope::string &newnick, time_t ts)
}
other = this;
on_access = false;
NickAlias *na = NickAlias::Find(this->nick);
if (na)
on_access = na->nc->IsOnAccess(this);
if (na && na->nc == this->Account())
{
na->last_seen = Anope::CurTime;
@@ -282,7 +277,7 @@ void User::SetRealname(const Anope::string &srealname)
this->realname = srealname;
NickAlias *na = NickAlias::Find(this->nick);
if (na && (this->IsIdentified(true) || this->IsRecognized()))
if (na && this->IsIdentified(true))
na->last_realname = srealname;
Log(this, "realname") << "changed realname to " << srealname;
@@ -446,19 +441,6 @@ bool User::IsIdentified(bool check_nick) const
return this->nc;
}
bool User::IsRecognized(bool check_secure) const
{
if (check_secure && on_access)
{
const NickAlias *na = NickAlias::Find(this->nick);
if (!na || na->nc->HasExt("NS_SECURE"))
return false;
}
return on_access;
}
bool User::IsSecurelyConnected() const
{
return HasMode("SSL") || HasExt("ssl");
@@ -530,11 +512,7 @@ void User::UpdateHost()
return;
NickAlias *na = NickAlias::Find(this->nick);
on_access = false;
if (na)
on_access = na->nc->IsOnAccess(this);
if (na && (this->IsIdentified(true) || this->IsRecognized()))
if (na && this->IsIdentified(true))
{
Anope::string last_usermask = this->GetIdent() + "@" + this->GetDisplayedHost();
Anope::string last_realhost = this->GetIdent() + "@" + this->host;