1
0
mirror of https://github.com/anope/anope.git synced 2026-07-07 02:43:12 +02:00

added ns_cert

This commit is contained in:
DukePyrolator
2011-03-12 09:27:16 +01:00
parent 95469fde30
commit fbae3344ff
25 changed files with 452 additions and 99 deletions
+7
View File
@@ -485,6 +485,8 @@ class DBPlain : public Module
nc->greet = params[0];
else if (key.equals_ci("ACCESS"))
nc->AddAccess(params[0]);
else if (key.equals_ci("CERT"))
nc->AddCert(params[0]);
else if (key.equals_ci("FLAGS"))
nc->FromString(params);
else if (key.equals_ci("MI"))
@@ -737,6 +739,11 @@ class DBPlain : public Module
for (std::vector<Anope::string>::iterator it = nc->access.begin(), it_end = nc->access.end(); it != it_end; ++it)
db_buffer << "MD ACCESS " << *it << endl;
}
if (!nc->cert.empty())
{
for (std::vector<Anope::string>::iterator it = nc->cert.begin(), it_end = nc->cert.end(); it != it_end; ++it)
db_buffer << "MD CERT " << *it << endl;
}
if (nc->FlagCount())
db_buffer << "MD FLAGS " << ToString(nc->ToString()) << endl;
MemoInfo *mi = &nc->memos;
+234
View File
@@ -0,0 +1,234 @@
/* NickServ core functions
*
* (C) 2003-2011 Anope Team
* Contact us at team@anope.org
*
* Please read COPYING and README for further details.
*
* Based on the original code of Epona by Lara.
* Based on the original code of Services by Andy Church.
*/
/*************************************************************************/
#include "module.h"
class CommandNSCert : public Command
{
private:
CommandReturn DoServAdminList(CommandSource &source, NickCore *nc)
{
if (nc->cert.empty())
{
source.Reply(_("Certificate list for \002%s\002 is empty."), nc->display.c_str());
return MOD_CONT;
}
if (nc->HasFlag(NI_SUSPENDED))
{
source.Reply(_(NICK_X_SUSPENDED), nc->display.c_str());
return MOD_CONT;
}
source.Reply(_("Certificate list for \002%s\002:"), nc->display.c_str());
for (unsigned i = 0, end = nc->cert.size(); i < end; ++i)
{
Anope::string fingerprint = nc->GetCert(i);
source.Reply(" %s", fingerprint.c_str());
}
return MOD_CONT;
}
CommandReturn DoAdd(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (nc->cert.size() >= Config->NSAccessMax)
{
source.Reply(_("Sorry, you can only have %d certificate entries for a nickname."), Config->NSAccessMax);
return MOD_CONT;
}
if (!source.u->fingerprint.empty() && !nc->FindCert(source.u->fingerprint))
{
nc->AddCert(source.u->fingerprint);
source.Reply(_("\002%s\002 added to your certificate list"), source.u->fingerprint.c_str());
return MOD_CONT;
}
if (mask.empty())
{
this->OnSyntaxError(source, "ADD");
return MOD_CONT;
}
if (nc->FindCert(mask))
{
source.Reply(_("Fingerprint \002%s\002 already present on your certificate list."), mask.c_str());
return MOD_CONT;
}
nc->AddCert(mask);
source.Reply(_("\002%s\002 added to your certificate list."), mask.c_str());
return MOD_CONT;
}
CommandReturn DoDel(CommandSource &source, NickCore *nc, const Anope::string &mask)
{
if (!source.u->fingerprint.empty() && nc->FindCert(source.u->fingerprint))
{
nc->EraseCert(source.u->fingerprint);
source.Reply(_("\002%s\002 deleted from your certificate list"), source.u->fingerprint.c_str());
return MOD_CONT;
}
if (mask.empty())
{
this->OnSyntaxError(source, "DEL");
return MOD_CONT;
}
if (!nc->FindCert(mask))
{
source.Reply(_("\002%s\002 not found on your certificate list."), mask.c_str());
return MOD_CONT;
}
source.Reply(_("\002%s\002 deleted from your certificate list."), mask.c_str());
nc->EraseCert(mask);
return MOD_CONT;
}
CommandReturn DoList(CommandSource &source, NickCore *nc)
{
User *u = source.u;
if (nc->cert.empty())
{
source.Reply(_("Your certificate list is empty."), u->nick.c_str());
return MOD_CONT;
}
source.Reply(_("Cert list:"));
for (unsigned i = 0, end = nc->cert.size(); i < end; ++i)
{
Anope::string fingerprint = nc->GetCert(i);
source.Reply(" %s", fingerprint.c_str());
}
return MOD_CONT;
}
public:
CommandNSCert() : Command("CERT", 1, 2)
{
this->SetDesc("Modify the nickname client certificate list");
}
CommandReturn Execute(CommandSource &source, const std::vector<Anope::string> &params)
{
User *u = source.u;
const Anope::string &cmd = params[0];
const Anope::string &mask = params.size() > 1 ? params[1] : "";
NickAlias *na;
if (cmd.equals_ci("LIST") && u->Account()->IsServicesOper() && !mask.empty() && (na = findnick(mask)))
return this->DoServAdminList(source, na->nc);
if (u->Account()->HasFlag(NI_SUSPENDED))
source.Reply(_(NICK_X_SUSPENDED), u->Account()->display.c_str());
else if (cmd.equals_ci("ADD"))
return this->DoAdd(source, u->Account(), mask);
else if (cmd.equals_ci("DEL"))
return this->DoDel(source, u->Account(), mask);
else if (cmd.equals_ci("LIST"))
return this->DoList(source, u->Account());
else
this->OnSyntaxError(source, cmd);
return MOD_CONT;
}
bool OnHelp(CommandSource &source, const Anope::string &subcommand)
{
source.Reply(_("Syntax: \002CERT ADD [\037fingerprint\037]\002\n"
" \002CERT DEL [\037<fingerprint>\037]\002\n"
" \002CERT LIST\002\n"
" \n"
"Modifies or displays the certificate list for your nick.\n"
"If you connect to IRC and provide a client certificate with a\n"
"matching fingerprint in the cert list, your nick will be\n"
"automatically identified to %s.\n"
" \n"), NickServ->nick.c_str(), NickServ->nick.c_str());
source.Reply(_("Examples:\n"
" \n"
" \002CERT ADD <fingerprint>\002\n"
" Adds this fingerprint to the certificate list and\n"
" automatically identifies you when you connect to IRC\n"
" using this certificate.\n"
" \n"
" \002CERT DEL <fingerprint>\002\n"
" Reverses the previous command.\n"
" \n"
" \002CERT LIST\002\n"
" Displays the current certificate list."), NickServ->nick.c_str());
return true;
}
void OnSyntaxError(CommandSource &source, const Anope::string &subcommand)
{
SyntaxError(source, "CERT", _("CERT {ADD|DEL|LIST} [\037fingerprint\037]"));
}
};
class NSCert : public Module
{
CommandNSCert commandnscert;
void DoAutoIdentify(User *u)
{
NickAlias *na = findnick(u->nick);
if (!na)
return;
if (u->IsIdentified() && u->Account() == na->nc)
return;
if (na->HasFlag(NS_FORBIDDEN) || na->nc->HasFlag(NI_SUSPENDED))
return;
if (!na->nc->FindCert(u->fingerprint))
return;
u->Identify(na);
u->SendMessage(NickServ, _("SSL Fingerprint accepted. You are now identified."));
return;
}
public:
NSCert(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator)
{
this->SetAuthor("Anope");
this->SetType(CORE);
if (!ircd->certfp)
throw ModuleException("Your IRCd does not support ssl client certificates");
Implementation i[] = { I_OnUserNickChange, I_OnFingerprint };
ModuleManager::Attach(i, this, 2);
this->AddCommand(NickServ, &commandnscert);
}
void OnFingerprint(User *u)
{
DoAutoIdentify(u);
}
void OnUserNickChange(User *u, const Anope::string &oldnick)
{
if (!u->fingerprint.empty())
DoAutoIdentify(u);
}
};
MODULE_INIT(NSCert)
+2 -1
View File
@@ -42,7 +42,8 @@ class CommandNSGhost : public Command
else if (nick.equals_ci(u->nick))
source.Reply(_("You can't ghost yourself!"));
else if ((u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc))) ||
(!pass.empty() && enc_check_password(pass, na->nc->pass) == 1))
(!pass.empty() && enc_check_password(pass, na->nc->pass) == 1) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
if (!user->IsIdentified() && FindCommand(NickServ, "RECOVER"))
source.Reply(_("You may not ghost an unidentified user, use RECOVER instead."));
+15 -11
View File
@@ -16,7 +16,7 @@
class CommandNSGroup : public Command
{
public:
CommandNSGroup() : Command("GROUP", 2, 2)
CommandNSGroup() : Command("GROUP", 1, 2)
{
this->SetFlag(CFLAG_ALLOW_UNREGISTERED);
this->SetDesc(_("Join a group"));
@@ -27,7 +27,7 @@ class CommandNSGroup : public Command
User *u = source.u;
const Anope::string &nick = params[0];
Anope::string pass = params[1];
Anope::string pass = params.size() > 1 ? params[1] : "";
if (readonly)
{
@@ -78,15 +78,8 @@ class CommandNSGroup : public Command
"for more information."), target->nick.c_str(), Config->s_NickServ.c_str(), Config->s_NickServ.c_str());
else
{
int res = enc_check_password(pass, target->nc->pass);
if (res == -1)
{
Log(LOG_COMMAND, u, this) << "failed group for " << na->nick << " (invalid password)";
source.Reply(_(PASSWORD_INCORRECT));
if (bad_password(u))
return MOD_STOP;
}
else
if ((!pass.empty() && enc_check_password(pass, target->nc->pass)) ||
(!u->fingerprint.empty() && target->nc->FindCert(u->fingerprint)))
{
/* If the nick is already registered, drop it.
* If not, check that it is valid.
@@ -125,6 +118,17 @@ class CommandNSGroup : public Command
check_memos(u);
}
else if (pass.empty())
{
this->OnSyntaxError(source, "");
}
else
{
Log(LOG_COMMAND, u, this) << "failed group for " << target->nick << " (invalid password)";
source.Reply(_(PASSWORD_INCORRECT));
if (bad_password(u))
return MOD_STOP;
}
}
return MOD_CONT;
}
+3 -40
View File
@@ -29,7 +29,7 @@ class CommandNSIdentify : public Command
const Anope::string &nick = params.size() == 2 ? params[0] : u->nick;
Anope::string pass = params[params.size() - 1];
NickAlias *na = findnick(nick), *this_na = findnick(u->nick);
NickAlias *na = findnick(nick);
if (!na)
source.Reply(_(NICK_NOT_REGISTERED));
else if (na->HasFlag(NS_FORBIDDEN))
@@ -59,46 +59,9 @@ class CommandNSIdentify : public Command
if (u->IsIdentified())
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false)
u->SetMode(NickServ, UMODE_REGISTERED);
u->UpdateHost();
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display;
Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display;
source.Reply(_("Password accepted - you are now recognized."));
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
if (Config->NSForceEmail && u->Account()->email.empty())
{
source.Reply(_("You must now supply an e-mail for your nick.\n"
"This e-mail will allow you to retrieve your password in\n"
"case you forget it."));
source.Reply(_("Type \002%R%s SET EMAIL \037e-mail\037\002 in order to set your e-mail.\n"
"Your privacy is respected; this e-mail won't be given to\n"
"any third-party person."), NickServ->nick.c_str());
}
if (u->Account()->HasFlag(NI_UNCONFIRMED))
{
source.Reply(_("Your email address is not confirmed. To confirm it, follow the instructions that were emailed to you when you registered."));
time_t time_registered = Anope::CurTime - na->time_registered;
if (Config->NSUnconfirmedExpire > time_registered)
source.Reply(_("Your account will expire, if not confirmed, in %s"), duration(Config->NSUnconfirmedExpire - time_registered).c_str());
}
check_memos(u);
u->Identify(na);
}
}
return MOD_CONT;
+2 -1
View File
@@ -68,7 +68,8 @@ class CommandNSRecover : public Command
}
else
{
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)))
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
u2->SendMessage(NickServ, _(FORCENICKCHANGE_NOW));
u2->Collide(na);
+3 -1
View File
@@ -43,6 +43,7 @@ class CommandNSRelease : public Command
if (res == 1)
{
Log(LOG_COMMAND, u, this) << "released " << na->nick;
na->Release();
source.Reply(_("Services' hold on your nick has been released."));
}
else
@@ -58,7 +59,8 @@ class CommandNSRelease : public Command
}
else
{
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)))
if (u->Account() == na->nc || (!na->nc->HasFlag(NI_SECURE) && is_on_access(u, na->nc)) ||
(!u->fingerprint.empty() && na->nc->FindCert(u->fingerprint)))
{
na->Release();
source.Reply(_("Services' hold on your nick has been released."));
+4 -21
View File
@@ -102,30 +102,13 @@ class NSResetPass : public Module
na->nc->Shrink("ns_resetpass_code");
na->nc->Shrink("ns_resetpass_time");
NickAlias *this_na = findnick(u->nick);
if (this_na && this_na == na)
{
u->UpdateHost();
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->SetMode(NickServ, UMODE_REGISTERED);
}
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
na->nc->UnsetFlag(NI_UNCONFIRMED);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
Log(LOG_COMMAND, u, &commandnsresetpass) << "confirmed RESETPASS to forcefully identify to " << na->nick;
na->nc->UnsetFlag(NI_UNCONFIRMED);
u->Identify(na);
source.Reply(_("You are now identified for your nick. Change your password using \"%R%s SET PASSWORD \002newpassword\002\" now."), Config->s_NickServ.c_str());
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
check_memos(u);
}
else
return EVENT_CONTINUE;
+3 -22
View File
@@ -42,7 +42,7 @@ class IdentifyInterface : public LDAPInterface, public Command
this->requests.erase(it);
User *u = *ii->user;
NickAlias *this_na = findnick(u->nick), *na = findnick(ii->account);
NickAlias *na = findnick(ii->account);
if (!na)
{
@@ -60,28 +60,9 @@ class IdentifyInterface : public LDAPInterface, public Command
if (u->Account())
Log(LOG_COMMAND, u, this) << "to log out of account " << u->Account()->display;
na->last_realname = u->realname;
na->last_seen = Anope::CurTime;
u->Login(na->nc);
ircdproto->SendAccountLogin(u, u->Account());
ircdproto->SetAutoIdentificationToken(u);
if (this_na && this_na->nc == na->nc && this_na->nc->HasFlag(NI_UNCONFIRMED) == false)
u->SetMode(NickServ, UMODE_REGISTERED);
u->UpdateHost();
Log(LOG_COMMAND, u, this) << "and identified for account " << u->Account()->display << " using LDAP";
Log(LOG_COMMAND, u, this) << "and identified for account " << na->nc->display << " using LDAP";
u->SendMessage(NickServ, _("Password accepted - you are now recognized."));
if (ircd->vhost)
do_on_id(u);
if (Config->NSModeOnID)
do_setmodes(u);
FOREACH_MOD(I_OnNickIdentify, OnNickIdentify(u));
u->Identify(na);
delete ii;
}
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
6, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -42,6 +42,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -42,6 +42,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -35,6 +35,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
20, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$$", /* TLD Prefix for Global */
4, /* Max number of modes we can send per line */
1, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
1, /* ts6 */
"$$", /* TLD Prefix for Global */
4, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}
+1
View File
@@ -36,6 +36,7 @@ IRCDVar myIrcd[] = {
0, /* ts6 */
"$", /* TLD Prefix for Global */
12, /* Max number of modes we can send per line */
0, /* IRCd sends a SSL users certificate fingerprint */
}
,
{NULL}