mirror of
https://github.com/anope/anope.git
synced 2026-06-24 20:06:40 +02:00
Robby-
82006b868f
Make some more commands check if Read-Only mode is active. cs_flags: Show a meaningful message when a user is not found on the access list. os_set: Add missing capabilities to the readonly help output. OperServ: Add logging to certain commands. NickServ: Undo logging for listings.
356 lines
11 KiB
C++
356 lines
11 KiB
C++
/* NickServ core functions
|
|
*
|
|
* (C) 2003-2013 Anope Team
|
|
* Contact us at team@anope.org
|
|
*
|
|
* Please read COPYING and README for further details.
|
|
*
|
|
* Based on the original code of Epona by Lara.
|
|
* Based on the original code of Services by Andy Church.
|
|
*/
|
|
|
|
#include "module.h"
|
|
#include "modules/ns_cert.h"
|
|
|
|
struct NSCertListImpl : NSCertList
|
|
{
|
|
Serialize::Reference<NickCore> nc;
|
|
std::vector<Anope::string> certs;
|
|
|
|
public:
|
|
NSCertListImpl(Extensible *obj) : nc(anope_dynamic_static_cast<NickCore *>(obj)) { }
|
|
|
|
/** Add an entry to the nick's certificate list
|
|
*
|
|
* @param entry The fingerprint to add to the cert list
|
|
*
|
|
* Adds a new entry into the cert list.
|
|
*/
|
|
void AddCert(const Anope::string &entry) anope_override
|
|
{
|
|
this->certs.push_back(entry);
|
|
FOREACH_MOD(OnNickAddCert, (this->nc, entry));
|
|
}
|
|
|
|
/** Get an entry from the nick's cert list by index
|
|
*
|
|
* @param entry Index in the certificaate list vector to retrieve
|
|
* @return The fingerprint entry of the given index if within bounds, an empty string if the vector is empty or the index is out of bounds
|
|
*
|
|
* Retrieves an entry from the certificate list corresponding to the given index.
|
|
*/
|
|
Anope::string GetCert(unsigned entry) const anope_override
|
|
{
|
|
if (entry >= this->certs.size())
|
|
return "";
|
|
return this->certs[entry];
|
|
}
|
|
|
|
unsigned GetCertCount() const anope_override
|
|
{
|
|
return this->certs.size();
|
|
}
|
|
|
|
/** Find an entry in the nick's cert list
|
|
*
|
|
* @param entry The fingerprint to search for
|
|
* @return True if the fingerprint is found in the cert list, false otherwise
|
|
*
|
|
* Search for an fingerprint within the cert list.
|
|
*/
|
|
bool FindCert(const Anope::string &entry) const anope_override
|
|
{
|
|
return std::find(this->certs.begin(), this->certs.end(), entry) != this->certs.end();
|
|
}
|
|
|
|
/** Erase a fingerprint from the nick's certificate list
|
|
*
|
|
* @param entry The fingerprint to remove
|
|
*
|
|
* Removes the specified fingerprint from the cert list.
|
|
*/
|
|
void EraseCert(const Anope::string &entry) anope_override
|
|
{
|
|
std::vector<Anope::string>::iterator it = std::find(this->certs.begin(), this->certs.end(), entry);
|
|
if (it != this->certs.end())
|
|
{
|
|
FOREACH_MOD(OnNickEraseCert, (this->nc, entry));
|
|
this->certs.erase(it);
|
|
}
|
|
}
|
|
|
|
/** Clears the entire nick's cert list
|
|
*
|
|
* Deletes all the memory allocated in the certificate list vector and then clears the vector.
|
|
*/
|
|
void ClearCert() anope_override
|
|
{
|
|
FOREACH_MOD(OnNickClearCert, (this->nc));
|
|
this->certs.clear();
|
|
}
|
|
|
|
void Check() anope_override
|
|
{
|
|
if (this->certs.empty())
|
|
nc->Shrink<NSCertList>("certificates");
|
|
}
|
|
|
|
struct ExtensibleItem : ::ExtensibleItem<NSCertListImpl>
|
|
{
|
|
ExtensibleItem(Module *m, const Anope::string &ename) : ::ExtensibleItem<NSCertListImpl>(m, ename) { }
|
|
|
|
void ExtensibleSerialize(const Extensible *e, const Serializable *s, Serialize::Data &data) const anope_override
|
|
{
|
|
if (s->GetSerializableType()->GetName() != "NickCore")
|
|
return;
|
|
|
|
const NickCore *n = anope_dynamic_static_cast<const NickCore *>(e);
|
|
NSCertList *c = this->Get(n);
|
|
if (c == NULL || !c->GetCertCount())
|
|
return;
|
|
|
|
for (unsigned i = 0; i < c->GetCertCount(); ++i)
|
|
data["cert"] << c->GetCert(i) << " ";
|
|
}
|
|
|
|
void ExtensibleUnserialize(Extensible *e, Serializable *s, Serialize::Data &data) anope_override
|
|
{
|
|
if (s->GetSerializableType()->GetName() != "NickCore")
|
|
return;
|
|
|
|
NickCore *n = anope_dynamic_static_cast<NickCore *>(e);
|
|
NSCertListImpl *c = this->Require(n);
|
|
|
|
Anope::string buf;
|
|
data["cert"] >> buf;
|
|
spacesepstream sep(buf);
|
|
c->certs.clear();
|
|
while (sep.GetToken(buf))
|
|
c->certs.push_back(buf);
|
|
}
|
|
};
|
|
};
|
|
|
|
class CommandNSCert : public Command
|
|
{
|
|
private:
|
|
void DoAdd(CommandSource &source, NickCore *nc, const Anope::string &certfp)
|
|
{
|
|
NSCertList *cl = nc->Require<NSCertList>("certificates");
|
|
|
|
if (cl->GetCertCount() >= Config->GetModule(this->owner)->Get<unsigned>("accessmax"))
|
|
{
|
|
source.Reply(_("Sorry, the maximum of %d certificate entries has been reached."), Config->GetModule(this->owner)->Get<unsigned>("accessmax"));
|
|
return;
|
|
}
|
|
|
|
if (certfp.empty())
|
|
{
|
|
if (source.GetUser() && !source.GetUser()->fingerprint.empty() && !cl->FindCert(source.GetUser()->fingerprint))
|
|
{
|
|
cl->AddCert(source.GetUser()->fingerprint);
|
|
Log(LOG_COMMAND, source, this) << "to ADD its current certificate fingerprint " << source.GetUser()->fingerprint;
|
|
source.Reply(_("\002%s\002 added to your certificate list."), source.GetUser()->fingerprint.c_str());
|
|
}
|
|
else
|
|
this->OnSyntaxError(source, "ADD");
|
|
|
|
return;
|
|
}
|
|
|
|
if (cl->FindCert(certfp))
|
|
{
|
|
source.Reply(_("Fingerprint \002%s\002 already present on %s's certificate list."), certfp.c_str(), nc->display.c_str());
|
|
return;
|
|
}
|
|
|
|
cl->AddCert(certfp);
|
|
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to ADD certificate fingerprint " << certfp << " to " << nc->display;
|
|
source.Reply(_("\002%s\002 added to %s's certificate list."), certfp.c_str(), nc->display.c_str());
|
|
}
|
|
|
|
void DoDel(CommandSource &source, NickCore *nc, const Anope::string &certfp)
|
|
{
|
|
NSCertList *cl = nc->Require<NSCertList>("certificates");
|
|
|
|
if (certfp.empty())
|
|
{
|
|
if (source.GetUser() && !source.GetUser()->fingerprint.empty() && cl->FindCert(source.GetUser()->fingerprint))
|
|
{
|
|
cl->EraseCert(source.GetUser()->fingerprint);
|
|
Log(LOG_COMMAND, source, this) << "to DELETE its current certificate fingerprint " << source.GetUser()->fingerprint;
|
|
source.Reply(_("\002%s\002 deleted from your certificate list."), source.GetUser()->fingerprint.c_str());
|
|
}
|
|
else
|
|
this->OnSyntaxError(source, "DEL");
|
|
|
|
return;
|
|
}
|
|
|
|
if (!cl->FindCert(certfp))
|
|
{
|
|
source.Reply(_("\002%s\002 not found on %s's certificate list."), certfp.c_str(), nc->display.c_str());
|
|
return;
|
|
}
|
|
|
|
cl->EraseCert(certfp);
|
|
cl->Check();
|
|
Log(nc == source.GetAccount() ? LOG_COMMAND : LOG_ADMIN, source, this) << "to DELETE certificate fingerprint " << certfp << " from " << nc->display;
|
|
source.Reply(_("\002%s\002 deleted from %s's certificate list."), certfp.c_str(), nc->display.c_str());
|
|
}
|
|
|
|
void DoList(CommandSource &source, const NickCore *nc)
|
|
{
|
|
NSCertList *cl = nc->GetExt<NSCertList>("certificates");
|
|
|
|
if (!cl || !cl->GetCertCount())
|
|
{
|
|
source.Reply(_("%s's certificate list is empty."), nc->display.c_str());
|
|
return;
|
|
}
|
|
|
|
source.Reply(_("Certificate list for %s:"), nc->display.c_str());
|
|
for (unsigned i = 0; i < cl->GetCertCount(); ++i)
|
|
{
|
|
Anope::string fingerprint = cl->GetCert(i);
|
|
source.Reply(" %s", fingerprint.c_str());
|
|
}
|
|
}
|
|
|
|
public:
|
|
CommandNSCert(Module *creator) : Command(creator, "nickserv/cert", 1, 3)
|
|
{
|
|
this->SetDesc(_("Modify the nickname client certificate list"));
|
|
this->SetSyntax(_("ADD [\037nickname\037] \037fingerprint\037"));
|
|
this->SetSyntax(_("DEL [\037nickname\037] \037fingerprint\037"));
|
|
this->SetSyntax(_("LIST [\037nickname\037]"));
|
|
}
|
|
|
|
void Execute(CommandSource &source, const std::vector<Anope::string> ¶ms) anope_override
|
|
{
|
|
const Anope::string &cmd = params[0];
|
|
Anope::string nick, certfp;
|
|
|
|
if (cmd.equals_ci("LIST"))
|
|
nick = params.size() > 1 ? params[1] : "";
|
|
else
|
|
{
|
|
nick = params.size() == 3 ? params[1] : "";
|
|
certfp = params.size() > 1 ? params[params.size() - 1] : "";
|
|
}
|
|
|
|
NickCore *nc;
|
|
if (!nick.empty())
|
|
{
|
|
const NickAlias *na = NickAlias::Find(nick);
|
|
if (na == NULL)
|
|
{
|
|
source.Reply(NICK_X_NOT_REGISTERED, nick.c_str());
|
|
return;
|
|
}
|
|
else if (na->nc != source.GetAccount() && !source.HasPriv("nickserv/access"))
|
|
{
|
|
source.Reply(ACCESS_DENIED);
|
|
return;
|
|
}
|
|
else if (Config->GetModule("nickserv")->Get<bool>("secureadmins", "yes") && source.GetAccount() != na->nc && na->nc->IsServicesOper() && !cmd.equals_ci("LIST"))
|
|
{
|
|
source.Reply(_("You may view but not modify the certificate list of other Services Operators."));
|
|
return;
|
|
}
|
|
|
|
nc = na->nc;
|
|
}
|
|
else
|
|
nc = source.nc;
|
|
|
|
if (cmd.equals_ci("LIST"))
|
|
return this->DoList(source, nc);
|
|
else if (nc->HasExt("NS_SUSPENDED"))
|
|
source.Reply(NICK_X_SUSPENDED, nc->display.c_str());
|
|
else if (Anope::ReadOnly)
|
|
source.Reply(READ_ONLY_MODE);
|
|
else if (cmd.equals_ci("ADD"))
|
|
return this->DoAdd(source, nc, certfp);
|
|
else if (cmd.equals_ci("DEL"))
|
|
return this->DoDel(source, nc, certfp);
|
|
else
|
|
this->OnSyntaxError(source, "");
|
|
}
|
|
|
|
bool OnHelp(CommandSource &source, const Anope::string &subcommand) anope_override
|
|
{
|
|
this->SendSyntax(source);
|
|
source.Reply(" ");
|
|
source.Reply(_("Modifies or displays the certificate list for your nick.\n"
|
|
"If you connect to IRC and provide a client certificate with a\n"
|
|
"matching fingerprint in the cert list, your nick will be\n"
|
|
"automatically identified to services. Services Operators\n"
|
|
"may provide a nick to modify other users' certificate lists.\n"
|
|
" \n"));
|
|
source.Reply(_("Examples:\n"
|
|
" \n"
|
|
" \002CERT ADD <fingerprint>\002\n"
|
|
" Adds this fingerprint to the certificate list and\n"
|
|
" automatically identifies you when you connect to IRC\n"
|
|
" using this certificate.\n"
|
|
" \n"
|
|
" \002CERT DEL <fingerprint>\002\n"
|
|
" Reverses the previous command.\n"
|
|
" \n"
|
|
" \002CERT LIST\002\n"
|
|
" Displays the current certificate list."));
|
|
return true;
|
|
}
|
|
};
|
|
|
|
class NSCert : public Module
|
|
{
|
|
CommandNSCert commandnscert;
|
|
NSCertListImpl::ExtensibleItem certs;
|
|
|
|
public:
|
|
NSCert(const Anope::string &modname, const Anope::string &creator) : Module(modname, creator, VENDOR),
|
|
commandnscert(this), certs(this, "certificates")
|
|
{
|
|
if (!IRCD || !IRCD->CanCertFP)
|
|
throw ModuleException("Your IRCd does not support ssl client certificates");
|
|
}
|
|
|
|
void OnFingerprint(User *u) anope_override
|
|
{
|
|
NickAlias *na = NickAlias::Find(u->nick);
|
|
BotInfo *NickServ = Config->GetClient("NickServ");
|
|
if (!NickServ || !na)
|
|
return;
|
|
if (u->IsIdentified() && u->Account() == na->nc)
|
|
return;
|
|
if (na->nc->HasExt("NS_SUSPENDED"))
|
|
return;
|
|
|
|
NSCertList *cl = certs.Get(na->nc);
|
|
if (!cl || !cl->FindCert(u->fingerprint))
|
|
return;
|
|
|
|
u->Identify(na);
|
|
u->SendMessage(NickServ, _("SSL certificate fingerprint accepted, you are now identified."));
|
|
Log(u) << "automatically identified for account " << na->nc->display << " via SSL certificate fingerprint";
|
|
}
|
|
|
|
EventReturn OnNickValidate(User *u, NickAlias *na) anope_override
|
|
{
|
|
NSCertList *cl = certs.Get(na->nc);
|
|
if (!u->fingerprint.empty() && cl && cl->FindCert(u->fingerprint))
|
|
{
|
|
u->Identify(na);
|
|
u->SendMessage(Config->GetClient("NickServ"), _("SSL certificate fingerprint accepted, you are now identified."));
|
|
Log(u) << "automatically identified for account " << na->nc->display << " via SSL certificate fingerprint";
|
|
return EVENT_ALLOW;
|
|
}
|
|
|
|
return EVENT_CONTINUE;
|
|
}
|
|
};
|
|
|
|
MODULE_INIT(NSCert)
|