pegasus/anope
1
0
Fork 0
mirror of https://github.com/anope/anope.git synced 2026-06-28 10:26:37 +02:00
Code Activity

added ns_cert

Browse Source
This commit is contained in:
DukePyrolator
2011-03-12 09:27:16 +01:00
parent 95469fde30
commit fbae3344ff
25 changed files with 452 additions and 99 deletions
Download Patch File Download Diff File Expand all files Collapse all files
data/example.conf
+1 -1
View File
@@ -930,7 +930,7 @@ nickserv
*
* This directive is optional, but highly recommended.
*/
modules = "ns_help ns_register ns_group ns_identify ns_access ns_set ns_saset ns_set_autoop ns_set_email ns_set_greet ns_set_hide ns_set_kill ns_set_language ns_set_message ns_set_private ns_set_secure ns_saset_noexpire ns_drop ns_recover ns_release ns_sendpass ns_ghost ns_alist ns_info ns_list ns_logout ns_status ns_update ns_getpass ns_getemail ns_forbid ns_suspend ns_resetpass ns_ajoin"
modules = "ns_help ns_register ns_group ns_identify ns_access ns_cert ns_set ns_saset ns_set_autoop ns_set_email ns_set_greet ns_set_hide ns_set_kill ns_set_language ns_set_message ns_set_private ns_set_secure ns_saset_noexpire ns_drop ns_recover ns_release ns_sendpass ns_ghost ns_alist ns_info ns_list ns_logout ns_status ns_update ns_getpass ns_getemail ns_forbid ns_suspend ns_resetpass ns_ajoin"
/*
* Force users to give an e-mail address when they register a nick.
include/account.h
+42
View File
@@ -152,6 +152,7 @@ class CoreExport NickCore : public Extensible, public Flags<NickCoreFlag, NI_END
Anope::string greet; /* Greet associated to the nick */
Anope::string language; /* Language name */
std::vector<Anope::string> access; /* Access list, vector of strings */
std::vector<Anope::string> cert; /* ssl certificate list, vector of strings */
MemoInfo memos;
uint16 channelcount; /* Number of channels currently registered */
@@ -217,6 +218,47 @@ class CoreExport NickCore : public Extensible, public Flags<NickCoreFlag, NI_END
* Deletes all the memory allocated in the access list vector and then clears the vector.
*/
void ClearAccess();
/** Add an entry to the nick's certificate list
*
* @param entry The fingerprint to add to the cert list
*
* Adds a new entry into the cert list.
*/
void AddCert(const Anope::string &entry);
/** Get an entry from the nick's cert list by index
*
* @param entry Index in the certificaate list vector to retrieve
* @return The fingerprint entry of the given index if within bounds, an empty string if the vector is empty or the index is out of bounds
*
* Retrieves an entry from the certificate list corresponding to the given index.
*/
Anope::string GetCert(unsigned entry) const;
/** Find an entry in the nick's cert list
*
* @param entry The fingerprint to search for
* @return True if the fingerprint is found in the cert list, false otherwise
*
* Search for an fingerprint within the cert list.
*/
bool FindCert(const Anope::string &entry);
/** Erase a fingerprint from the nick's certificate list
*
* @param entry The fingerprint to remove
*
* Removes the specified fingerprint from the cert list.
*/
void EraseCert(const Anope::string &entry);
/** Clears the entire nick's cert list
*
* Deletes all the memory allocated in the certificate list vector and then clears the vector.
*/
void ClearCert();
};
/** Timer for colliding nicks to force people off of nicknames
include/modules.h
+18
View File
@@ -887,6 +887,23 @@ class CoreExport Module : public Extensible
*/
virtual void OnNickEraseAccess(NickCore *nc, const Anope::string &entry) { }
/** called from NickCore::ClearCert()
* @param nc pointer to the NickCore
*/
virtual void OnNickClearCert(NickCore *nc) { }
/** Called when a user adds an entry to their cert list
* @param nc The nick
* @param entry The entry
*/
virtual void OnNickAddCert(NickCore *nc, const Anope::string &entry) { }
/** Called from NickCore::EraseCert()
* @param nc pointer to the NickCore
* @param entry The fingerprint
*/
virtual void OnNickEraseCert(NickCore *nc, const Anope::string &entry) { }
/** Called when a user requests info for a nick
* @param source The user requesting info
* @param na The nick the user is requesting info from
@@ -1059,6 +1076,7 @@ enum Implementation
I_OnNickRegister, I_OnNickSuspended, I_OnNickUnsuspended,
I_OnDelNick, I_OnDelCore, I_OnChangeCoreDisplay,
I_OnNickClearAccess, I_OnNickAddAccess, I_OnNickEraseAccess,
I_OnNickClearCert, I_OnNickAddCert, I_OnNickEraseCert,
I_OnNickInfo, I_OnFindNick, I_OnFindCore,
/* ChanServ */
include/services.h
+1
View File
@@ -486,6 +486,7 @@ struct IRCDVar
int ts6; /* ircd is TS6 */
const char *globaltldprefix; /* TLD prefix used for Global */
unsigned maxmodes; /* Max modes to send per line */
int certfp; /* IRCd sends a SSL users certificate fingerprint */
};
/*************************************************************************/
include/users.h
+7
View File
@@ -164,6 +164,13 @@ class CoreExport User : public Extensible
*/
void Collide(NickAlias *na);
/** Identify the user to the Nick
* updates last_seen, logs the user in,
* send messages, checks for mails, set vhost and more
* @param the NickAlias
*/
void Identify(NickAlias *na);
/** Login the user to a NickCore
* @param core The account the user is useing
*/
modules/core/db_plain.cpp
+7
View File
@@ -485,6 +485,8 @@ class DBPlain : public Module
nc->greet = params[0];
else if (key.equals_ci("ACCESS"))
nc->AddAccess(params[0]);
else if (key.equals_ci("CERT"))
nc->AddCert(params[0]);
else if (key.equals_ci("FLAGS"))
nc->FromString(params);
else if (key.equals_ci("MI"))
@@ -737,6 +739,11 @@ class DBPlain : public Module
for (std::vector<Anope::string>::iterator it = nc->access.begin(), it_end = nc->access.end(); it != it_end; ++it)
db_buffer << "MD ACCESS " << *it << endl;
}
if (!nc->cert.empty())
{
for (std::vector<Anope::string>::iterator it = nc->cert.begin(), it_end = nc->cert.end(); it != it_end; ++it)
db_buffer << "MD CERT " << *it << endl;
}
if (nc->FlagCount())
db_buffer << "MD FLAGS " << ToString(nc->ToString()) << endl;
MemoInfo *mi = &nc->memos;
modules/core/ns_cert.cpp
+234
View File
@@ -0,0 +1,234 @@
/* NickServ core functions
*
* (C) 2003-2011 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*/
/*************************************************************************/
#include "module.h"
class CommandNSCert : public Command
{
private:
CommandReturn DoServAdminList(CommandSource &source, NickCore *nc)
{
if (nc->cert.empty())
{
source.Reply(_("Certificate list for \002%s\002 is empty."), nc->display.c_str());
return MOD_CONT;
}
if (nc->HasFlag(NI_SUSPENDED))
{
source.Reply(_(NICK_X_SUSPENDED), nc->display.c_str());
return MOD_CONT;
}
source.Reply(_("Certificate list for \002%s\002:"), nc->display.c_str());
for (unsigned i = 0, end = nc->cert.size(); i < end; ++i)
{
Anope::string fingerprint = nc->GetCert(i);
source.Reply(" %s", fingerprint.c_str());
}
return MOD_CONT;
}
CommandReturn DoAdd(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (nc->cert.size() >= Config->NSAccessMax)
{
source.Reply(_("Sorry, you can only have %d certificate entries for a nickname."), Config->NSAccessMax);
return MOD_CONT;
}
if (!source.u->fingerprint.empty() && !nc->FindCert(source.u->fingerprint))
{
nc->AddCert(source.u->fingerprint);
source.Reply(_("\002%s\002 added to your certificate list"), source.u->fingerprint.c_str());
return MOD_CONT;
}
if (mask.empty())
{
this->OnSyntaxError(source, "ADD");
return MOD_CONT;
}
if (nc->FindCert(mask))
{
source.Reply(_("Fingerprint \002%s\002 already present on your certificate list."), mask.c_str());
return MOD_CONT;
}
nc->AddCert(mask);
source.Reply(_("\002%s\002 added to your certificate list."), mask.c_str());
return MOD_CONT;
}
CommandReturn DoDel(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (!source.u->fingerprint.empty() && nc->FindCert(source.u->fingerprint))
{
nc->EraseCert(source.u->fingerprint);
source.Reply(_("\002%s\002 deleted from your certificate list"), source.u->fingerprint.c_str());
return MOD_CONT;
}
if (mask.empty())
{
this->OnSyntaxError(source, "DEL");
return MOD_CONT;
}
if (!nc->FindCert(mask))
{
source.Reply(_("\002%s\002 not found on your certificate list."), mask.c_str());
return MOD_CONT;
}
source.Reply(_("\002%s\002 deleted from your certificate list."), mask.c_str());
nc->EraseCert(mask);
return MOD_CONT;
}
CommandReturn DoList(CommandSource &source, NickCore *nc)
{
User *u = source.u;
if (nc->cert.empty())
{
source.Reply(_("Your certificate list is empty."), u->nick.c_str());
return MOD_CONT;
}
source.Reply(_("Cert list:"));
for (unsigned i = 0, end = nc->cert.size(); i < end; ++i)
{
Anope::string fingerprint = nc->GetCert(i);
source.Reply(" %s", fingerprint.c_str());
}
return MOD_CONT;
}
public:
CommandNSCert() : Command("CERT", 1, 2)
{
this->SetDesc("Modify the nickname client certificate list");
}
CommandReturn Execute(CommandSource &source, const std::vector<Anope::string> &params)
{
User *u = source.u;
const Anope::string &cmd = params[0];
const Anope::string &mask = params.size() > 1 ? params[1] : "";
NickAlias *na;
if (cmd.equals_ci("LIST") && u->Account()->IsServicesOper() && !mask.empty() && (na = findnick(mask)))
return this->DoServAdminList(source, na->nc);
if (u->Account()->HasFlag(NI_SUSPENDED))
source.Reply(_(NICK_X_SUSPENDED), u->Account()->display.c_str());
else if (cmd.equals_ci("ADD"))
return this->DoAdd(source, u->Account(), mask);
else if (cmd.equals_ci("DEL"))
return this->DoDel(source, u->Account(), mask);
else if (cmd.equals_ci("LIST"))
return this->DoList(source, u->Account());
else
this->OnSyntaxError(source, cmd);
return MOD_CONT;
}
bool OnHelp(CommandSource &source, const Anope::string &subcommand)
{
source.Reply(_("Syntax: \002CERT ADD [\037fingerprint\037]\002\n"
" \002CERT DEL [\037<fingerprint>\037]\002\n"
" \002CERT LIST\002\n"
" \n"
"Modifies or displays the certificate list for your nick.\n"
"If you connect to IRC and provide a client certificate with a\n"
"matching fingerprint in the cert list, your nick will be\n"
"automatically identified to %s.\n"
" \n"), NickServ->nick.c_str(), NickServ->nick.c_str());
source.Reply(_("Examples:\n"
" \n"
" \002CERT ADD <fingerprint>\002\n"
" Adds this fingerprint to the certificate list and\n"
" automatically identifies you when you connect to IRC\n"
" using this certificate.\n"
" \n"
" \002CERT DEL <fingerprint>\002\n"
" Reverses the previous command.\n"
" \n"
" \002CERT LIST\002\n"
" Displays the current certificate list."), NickServ->nick.c_str());
return true;
}
void OnSyntaxError(CommandSource &source, const Anope::string &subcommand)
{
SyntaxError(source, "CERT", _("CERT {ADD|DEL|LIST} [\037fingerprint\037]"));
}
};
class NSCert : public Module
{
CommandNSCert commandnscert;
void DoAutoIdentify(User *u)
{
NickAlias *na = findnick(u->nick);
if (!na)
return;
if (u->IsIdentified() && u->Account() == na->nc)
return;
if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED))
return;
if (!na->nc->FindCert(u->fingerprint))
return;
u->Identify(na);
u->SendMessage(NickServ, _("SSL Fingerprint accepted. You are now identified."));
return;
}
public:
NSCert(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
{
this->SetAuthor("Anope");
this->SetType(CORE);
if (!ircd->certfp)
throw ModuleException("Your IRCd does not support ssl client certificates");
Implementation i[] = { I_OnUserNickChange, I_OnFingerprint };
ModuleManager::Attach(i, this, 2);
this->AddCommand(NickServ, &commandnscert);
}
void OnFingerprint(User *u)
{
DoAutoIdentify(u);
}
void OnUserNickChange(User *u, const Anope::string &oldnick)
{
if (!u->fingerprint.empty())
DoAutoIdentify(u);
}
};
MODULE_INIT(NSCert)
modules/core/ns_ghost.cpp
+2 -1
View File
@@ -42,7 +42,8 @@ class CommandNSGhost : public Command
else if (nick.equals_ci(u->nick))
source.Reply(_("You can't ghost yourself!"));
else if ((u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc))) ||
(!pass.empty() && enc_check_password(pass, na->nc->pass) == 1))
(!pass.empty() && enc_check_password(pass, na->nc->pass) == 1) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
if (!user->IsIdentified() && FindCommand(NickServ, "RECOVER"))
source.Reply(_("You may not ghost an unidentified user, use RECOVER instead."));
modules/core/ns_group.cpp
+15 -11
View File
@@ -16,7 +16,7 @@
class CommandNSGroup : public Command
{
public:
CommandNSGroup() : Command("GROUP", 2, 2)
CommandNSGroup() : Command("GROUP", 1, 2)
{
this->SetFlag(CFLAG_ALLOW_UNREGISTERED);
this->SetDesc(_("Join a group"));
@@ -27,7 +27,7 @@ class CommandNSGroup : public Command
User *u = source.u;
const Anope::string &nick = params[0];
Anope::string pass = params[1];
Anope::string pass = params.size() > 1 ? params[1] : "";
if (readonly)
{
@@ -78,15 +78,8 @@ class CommandNSGroup : public Command
"for more information."), target->nick.c_str(), Config->s_NickServ.c_str(), Config->s_NickServ.c_str());
else
{
int res = enc_check_password(pass, target->nc->pass);
if (res == -1)
{
Log(LOG_COMMAND, u, this) << "failed group for " << na->nick << " (invalid password)";
source.Reply(_(PASSWORD_INCORRECT));
if (bad_password(u))
return MOD_STOP;
}
else
if ((!pass.empty() && enc_check_password(pass, target->nc->pass)) ||
(!u->fingerprint.empty() && target->nc->FindCert(u->fingerprint)))
{
/* If the nick is already registered, drop it.
* If not, check that it is valid.
@@ -125,6 +118,17 @@ class CommandNSGroup : public Command
check_memos(u);
}
else if (pass.empty())
{
this->OnSyntaxError(source, "");
}
else
{
Log(LOG_COMMAND, u, this) << "failed group for " << target->nick << " (invalid password)";
source.Reply(_(PASSWORD_INCORRECT));
if (bad_password(u))
return MOD_STOP;
}
}
return MOD_CONT;
}
modules/core/ns_identify.cpp
+3 -40
View File
@@ -29,7 +29,7 @@ class CommandNSIdentify : public Command
const Anope::string &nick = params.size() == 2 ? params[0] : u->nick;
Anope::string pass = params[params.size() - 1];
NickAlias *na = findnick(nick), *this_na = findnick(u->nick);
NickAlias *na = findnick(nick);
if (!na)
source.Reply(_(NICK_NOT_REGISTERED));
else if (na->HasFlag(NS_FORBIDDEN))
@@ -59,46 +59,9 @@ class CommandNSIdentify : public Command
if (u->IsIdentified())
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false)
u->SetMode(NickServ, UMODE_REGISTERED);
u->UpdateHost();
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display;
Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display;
source.Reply(_("Password accepted - you are now recognized."));
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
if (Config->NSForceEmail && u->Account()->email.empty())
{
source.Reply(_("You must now supply an e-mail for your nick.\n"
"This e-mail will allow you to retrieve your password in\n"
"case you forget it."));
source.Reply(_("Type \002%R%s SET EMAIL \037e-mail\037\002 in order to set your e-mail.\n"
"Your privacy is respected; this e-mail won't be given to\n"
"any third-party person."), NickServ->nick.c_str());
}
if (u->Account()->HasFlag(NI_UNCONFIRMED))
{
source.Reply(_("Your email address is not confirmed. To confirm it, follow the instructions that were emailed to you when you registered."));
time_t time_registered = Anope::CurTime - na->time_registered;
if (Config->NSUnconfirmedExpire > time_registered)
source.Reply(_("Your account will expire, if not confirmed, in %s"), duration(Config->NSUnconfirmedExpire - time_registered).c_str());
}
check_memos(u);
u->Identify(na);
}
}
return MOD_CONT;
modules/core/ns_recover.cpp
+2 -1
View File
@@ -68,7 +68,8 @@ class CommandNSRecover : public Command
}
else
{
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)))
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
u2->SendMessage(NickServ, _(FORCENICKCHANGE_NOW));
u2->Collide(na);
modules/core/ns_release.cpp
+3 -1
View File
@@ -43,6 +43,7 @@ class CommandNSRelease : public Command
if (res == 1)
{
Log(LOG_COMMAND, u, this) << "released " << na->nick;
na->Release();
source.Reply(_("Services' hold on your nick has been released."));
}
else
@@ -58,7 +59,8 @@ class CommandNSRelease : public Command
}
else
{
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)))
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
na->Release();
source.Reply(_("Services' hold on your nick has been released."));
modules/core/ns_resetpass.cpp
+4 -21
View File
@@ -102,30 +102,13 @@ class NSResetPass : public Module
na->nc->Shrink("ns_resetpass_code");
na->nc->Shrink("ns_resetpass_time");
NickAlias *this_na = findnick(u->nick);
if (this_na && this_na == na)
{
u->UpdateHost();
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->SetMode(NickServ, UMODE_REGISTERED);
}
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
na->nc->UnsetFlag(NI_UNCONFIRMED);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
Log(LOG_COMMAND, u, &commandnsresetpass) << "confirmed RESETPASS to forcefully identify to " << na->nick;
na->nc->UnsetFlag(NI_UNCONFIRMED);
u->Identify(na);
source.Reply(_("You are now identified for your nick. Change your password using \"%R%s SET PASSWORD \002newpassword\002\" now."), Config->s_NickServ.c_str());
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
check_memos(u);
}
else
return EVENT_CONTINUE;
modules/extra/ns_identify_ldap.cpp
+3 -22
View File
@@ -42,7 +42,7 @@ class IdentifyInterface : public LDAPInterface, public Command
this->requests.erase(it);
User *u = *ii->user;
NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account);
NickAlias *na = findnick(ii->account);
if (!na)
{
@@ -60,28 +60,9 @@ class IdentifyInterface : public LDAPInterface, public Command
if (u->Account())
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false)
u->SetMode(NickServ, UMODE_REGISTERED);
u->UpdateHost();
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP";
Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display << " using LDAP";
u->SendMessage(NickServ, _("Password accepted - you are now recognized."));
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
u->Identify(na);
delete ii;
}
modules/protocol/bahamut.cpp
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
6, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/inspircd11.cpp
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/inspircd12.cpp
+1
View File
@@ -42,6 +42,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/inspircd20.cpp
+1
View File
@@ -42,6 +42,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/ngircd.cpp
+1
View File
@@ -35,6 +35,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/plexus.cpp
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$$", /* TLD Prefix for Global */
4, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/ratbox.cpp
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$$", /* TLD Prefix for Global */
4, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
modules/protocol/unreal32.cpp
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
12, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
src/nickcore.cpp
+39
View File
@@ -129,3 +129,42 @@ void NickCore::ClearAccess()
FOREACH_MOD(I_OnNickClearAccess, OnNickClearAccess(this));
this->access.clear();
}
void NickCore::AddCert(const Anope::string &entry)
{
this->cert.push_back(entry);
FOREACH_MOD(I_OnNickAddCert, OnNickAddCert(this, entry));
}
Anope::string NickCore::GetCert(unsigned entry) const
{
if (this->cert.empty() || entry >= this->cert.size())
return "";
return this->cert[entry];
}
bool NickCore::FindCert(const Anope::string &entry)
{
for (unsigned i = 0, end = this->cert.size(); i < end; ++i)
if (this->cert[i] == entry)
return true;
return false;
}
void NickCore::EraseCert(const Anope::string &entry)
{
for (unsigned i = 0, end = this->cert.size(); i < end; ++i)
if (this->cert[i] == entry)
{
FOREACH_MOD(I_OnNickEraseCert, OnNickEraseCert(this, entry));
this->cert.erase(this->cert.begin() + i);
break;
}
}
void NickCore::ClearCert()
{
FOREACH_MOD(I_OnNickClearCert, OnNickClearCert(this));
this->cert.clear();
}
src/nickserv.cpp
+6 -1
View File
@@ -185,7 +185,12 @@ int validate_user(User *u)
u->Collide(na);
return 0;
}
if (!u->IsIdentified() && !u->fingerprint.empty() && na->nc->FindCert(u->fingerprint))
{
u->SendMessage(NickServ, _("SSL Fingerprint accepted, you are now identified"));
u->Identify(na);
return 1;
}
if (!na->nc->HasFlag(NI_SECURE) && u->IsRecognized())
{
na->last_seen = Anope::CurTime;
src/users.cpp
+57
View File
@@ -334,6 +334,63 @@ void User::Collide(NickAlias *na)
kill_user(Config->s_NickServ, this, "Services nickname-enforcer kill");
}
/** Identify the user to the Nick
* updates last_seen, logs the user in,
* send messages, checks for mails, set vhost and more
* @param the NickAlias
*/
void User::Identify(NickAlias *na)
{
if (!na)
{
Log() << "User::Identify() called with NULL pointer";
return;
}
if (this->nick.equals_ci(na->nick))
{
Anope::string last_usermask = this->GetIdent() + "@" + this->GetDisplayedHost();
na->last_usermask = last_usermask;
na->last_realname = this->realname;
na->last_seen = Anope::CurTime;
}
this->Login(na->nc);
ircdproto->SendAccountLogin(this, this->Account());
ircdproto->SetAutoIdentificationToken(this);
if (na->nc->HasFlag(NI_UNCONFIRMED) == false)
this->SetMode(NickServ, UMODE_REGISTERED);
if (ircd->vhost)
do_on_id(this);
if (Config->NSModeOnID)
do_setmodes(this);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(this));
if (Config->NSForceEmail && na->nc->email.empty())
{
this->SendMessage(NickServ, _("You must now supply an e-mail for your nick.\n"
"This e-mail will allow you to retrieve your password in\n"
"case you forget it."));
this->SendMessage(NickServ, _("Type \002%R%s SET EMAIL \037e-mail\037\002 in order to set your e-mail.\n"
"Your privacy is respected; this e-mail won't be given to\n"
"any third-party person."), NickServ->nick.c_str());
}
if (na->nc->HasFlag(NI_UNCONFIRMED))
{
this->SendMessage(NickServ, _("Your email address is not confirmed. To confirm it, follow the instructions that were emailed to you when you registered."));
time_t time_registered = Anope::CurTime - na->time_registered;
if (Config->NSUnconfirmedExpire > time_registered)
this->SendMessage(NickServ, _("Your account will expire, if not confirmed, in %s"), duration(Config->NSUnconfirmedExpire - time_registered).c_str());
}
check_memos(this);
}
/** Login the user to a NickCore
* @param core The account the user is useing
*/