-
Notifications
You must be signed in to change notification settings - Fork 175
/
nickserv.go
1604 lines (1460 loc) · 55.5 KB
/
nickserv.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
// Copyright (c) 2017 Daniel Oaks <daniel@danieloaks.net>
// released under the MIT license
package irc
import (
"fmt"
"regexp"
"sort"
"strconv"
"strings"
"time"
"github.com/ergochat/irc-go/ircfmt"
"github.com/ergochat/ergo/irc/custime"
"github.com/ergochat/ergo/irc/passwd"
"github.com/ergochat/ergo/irc/sno"
"github.com/ergochat/ergo/irc/utils"
)
// "enabled" callbacks for specific nickserv commands
func servCmdRequiresAccreg(config *Config) bool {
return config.Accounts.Registration.Enabled
}
func servCmdRequiresAuthEnabled(config *Config) bool {
return config.Accounts.AuthenticationEnabled
}
func servCmdRequiresNickRes(config *Config) bool {
return config.Accounts.AuthenticationEnabled && config.Accounts.NickReservation.Enabled
}
func servCmdRequiresBouncerEnabled(config *Config) bool {
return config.Accounts.Multiclient.Enabled
}
func servCmdRequiresEmailReset(config *Config) bool {
return config.Accounts.Registration.EmailVerification.Enabled &&
config.Accounts.Registration.EmailVerification.PasswordReset.Enabled
}
const nickservHelp = `NickServ lets you register, log in to, and manage an account.`
var (
nickservCommands = map[string]*serviceCommand{
"clients": {
handler: nsClientsHandler,
help: `Syntax: $bCLIENTS LIST [nickname]$b
CLIENTS LIST shows information about the clients currently attached, via
the server's multiclient functionality, to your nickname. An administrator
can use this command to list another user's clients.
Syntax: $bCLIENTS LOGOUT [nickname] [client_id/all]$b
CLIENTS LOGOUT detaches a single client, or all clients currently attached
to your nickname. An administrator can use this command to logout another
user's clients.`,
helpShort: `$bCLIENTS$b can list and logout the sessions attached to a nickname.`,
enabled: servCmdRequiresBouncerEnabled,
minParams: 1,
},
"drop": {
handler: nsDropHandler,
help: `Syntax: $bDROP [nickname]$b
DROP de-links the given (or your current) nickname from your user account.`,
helpShort: `$bDROP$b de-links your current (or the given) nickname from your user account.`,
enabled: servCmdRequiresNickRes,
authRequired: true,
},
"enforce": {
hidden: true,
handler: nsEnforceHandler,
help: `Syntax: $bENFORCE [method]$b
ENFORCE is an alias for $bGET enforce$b and $bSET enforce$b. See the help
entry for $bSET$b for more information.`,
authRequired: true,
enabled: servCmdRequiresNickRes,
},
"ghost": {
handler: nsGhostHandler,
help: `Syntax: $bGHOST <nickname>$b
GHOST disconnects the given user from the network if they're logged in with the
same user account, letting you reclaim your nickname.`,
helpShort: `$bGHOST$b reclaims your nickname.`,
enabled: servCmdRequiresNickRes,
authRequired: true,
minParams: 1,
},
"group": {
handler: nsGroupHandler,
help: `Syntax: $bGROUP$b
GROUP links your current nickname with your logged-in account, so other people
will not be able to use it.`,
helpShort: `$bGROUP$b links your current nickname to your user account.`,
enabled: servCmdRequiresNickRes,
authRequired: true,
},
"identify": {
handler: nsIdentifyHandler,
help: `Syntax: $bIDENTIFY <username> [password]$b
IDENTIFY lets you login to the given username using either password auth, or
certfp (your client certificate) if a password is not given.`,
helpShort: `$bIDENTIFY$b lets you login to your account.`,
enabled: servCmdRequiresAuthEnabled,
minParams: 1,
},
"list": {
handler: nsListHandler,
help: `Syntax: $bLIST [regex]$b
LIST returns the list of registered nicknames, which match the given regex.
If no regex is provided, all registered nicknames are returned.`,
helpShort: `$bLIST$b searches the list of registered nicknames.`,
enabled: servCmdRequiresAuthEnabled,
capabs: []string{"accreg"},
minParams: 0,
},
"info": {
handler: nsInfoHandler,
help: `Syntax: $bINFO [username]$b
INFO gives you information about the given (or your own) user account.`,
helpShort: `$bINFO$b gives you information on a user account.`,
},
"register": {
handler: nsRegisterHandler,
// TODO: "email" is an oversimplification here; it's actually any callback, e.g.,
// person@example.com, mailto:person@example.com, tel:16505551234.
help: `Syntax: $bREGISTER <password> [email]$b
REGISTER lets you register your current nickname as a user account. If the
server allows anonymous registration, you can omit the e-mail address.
If you are currently logged in with a TLS client certificate and wish to use
it instead of a password to log in, send * as the password.`,
helpShort: `$bREGISTER$b lets you register a user account.`,
enabled: servCmdRequiresAccreg,
minParams: 1,
maxParams: 2,
},
"sadrop": {
handler: nsDropHandler,
help: `Syntax: $bSADROP <nickname>$b
SADROP forcibly de-links the given nickname from the attached user account.`,
helpShort: `$bSADROP$b forcibly de-links the given nickname from its user account.`,
capabs: []string{"accreg"},
enabled: servCmdRequiresNickRes,
minParams: 1,
},
"saregister": {
handler: nsSaregisterHandler,
help: `Syntax: $bSAREGISTER <username> [password]$b
SAREGISTER registers an account on someone else's behalf.
This is for use in configurations that require SASL for all connections;
an administrator can set use this command to set up user accounts.`,
helpShort: `$bSAREGISTER$b registers an account on someone else's behalf.`,
enabled: servCmdRequiresAuthEnabled,
capabs: []string{"accreg"},
minParams: 1,
},
"sessions": {
hidden: true,
handler: nsClientsHandler,
help: `Syntax: $bSESSIONS [nickname]$b
SESSIONS is an alias for $bCLIENTS LIST$b. See the help entry for $bCLIENTS$b
for more information.`,
enabled: servCmdRequiresBouncerEnabled,
},
"unregister": {
handler: nsUnregisterHandler,
help: `Syntax: $bUNREGISTER <username> [code]$b
UNREGISTER lets you delete your user account (or someone else's, if you're an
IRC operator with the correct permissions). To prevent accidental
unregistrations, a verification code is required; invoking the command without
a code will display the necessary code.`,
helpShort: `$bUNREGISTER$b lets you delete your user account.`,
enabled: servCmdRequiresAuthEnabled,
minParams: 1,
},
"erase": {
handler: nsUnregisterHandler,
help: `Syntax: $bERASE <username> [code]$b
ERASE deletes all records of an account, allowing it to be re-registered.
This should be used with caution, because it violates an expectation that
account names are permanent identifiers. Typically, UNREGISTER should be
used instead. A confirmation code is required; invoking the command
without a code will display the necessary code.`,
helpShort: `$bERASE$b erases all records of an account, allowing reuse.`,
enabled: servCmdRequiresAuthEnabled,
capabs: []string{"accreg"},
minParams: 1,
},
"verify": {
handler: nsVerifyHandler,
help: `Syntax: $bVERIFY <username> <code>$b
VERIFY lets you complete an account registration, if the server requires email
or other verification.`,
helpShort: `$bVERIFY$b lets you complete account registration.`,
enabled: servCmdRequiresAccreg,
minParams: 2,
},
"passwd": {
handler: nsPasswdHandler,
help: `Syntax: $bPASSWD <current> <new> <new_again>$b
Or: $bPASSWD <username> <new>$b
PASSWD lets you change your account password. You must supply your current
password and confirm the new one by typing it twice. If you're an IRC operator
with the correct permissions, you can use PASSWD to reset someone else's
password by supplying their username and then the desired password. To
indicate an empty password, use * instead.`,
helpShort: `$bPASSWD$b lets you change your password.`,
enabled: servCmdRequiresAuthEnabled,
minParams: 2,
},
"password": {
aliasOf: "passwd",
},
"get": {
handler: nsGetHandler,
help: `Syntax: $bGET <setting>$b
GET queries the current values of your account settings. For more information
on the settings and their possible values, see HELP SET.`,
helpShort: `$bGET$b queries the current values of your account settings`,
authRequired: true,
enabled: servCmdRequiresAuthEnabled,
minParams: 1,
},
"saget": {
handler: nsGetHandler,
help: `Syntax: $bSAGET <account> <setting>$b
SAGET queries the values of someone else's account settings. For more
information on the settings and their possible values, see HELP SET.`,
helpShort: `$bSAGET$b queries the current values of another user's account settings`,
enabled: servCmdRequiresAuthEnabled,
minParams: 2,
capabs: []string{"accreg"},
},
"set": {
handler: nsSetHandler,
helpShort: `$bSET$b modifies your account settings`,
// these are broken out as separate strings so they can be translated separately
helpStrings: []string{
`Syntax $bSET <setting> <value>$b
SET modifies your account settings. The following settings are available:`,
`$bENFORCE$b
'enforce' lets you specify a custom enforcement mechanism for your registered
nicknames. Your options are:
1. 'none' [no enforcement, overriding the server default]
2. 'strict' [you must already be authenticated to use the nick]
3. 'default' [use the server default]`,
`$bMULTICLIENT$b
If 'multiclient' is enabled and you are already logged in and using a nick, a
second client of yours that authenticates with SASL and requests the same nick
is allowed to attach to the nick as well (this is comparable to the behavior
of IRC "bouncers" like ZNC). Your options are 'on' (allow this behavior),
'off' (disallow it), and 'default' (use the server default value).`,
`$bAUTOREPLAY-LINES$b
'autoreplay-lines' controls the number of lines of channel history that will
be replayed to you automatically when joining a channel. Your options are any
positive number, 0 to disable the feature, and 'default' to use the server
default.`,
`$bREPLAY-JOINS$b
'replay-joins' controls whether replayed channel history will include
lines for join and part. This provides more information about the context of
messages, but may be spammy. Your options are 'always' and the default of
'commands-only' (the messages will be replayed in CHATHISTORY output, but not
during autoreplay).`,
`$bALWAYS-ON$b
'always-on' controls whether your nickname/identity will remain active
even while you are disconnected from the server. Your options are 'true',
'false', and 'default' (use the server default value).`,
`$bAUTOREPLAY-MISSED$b
'autoreplay-missed' is only effective for always-on clients. If enabled,
if you have at most one active session, the server will remember the time
you disconnect and then replay missed messages to you when you reconnect.
Your options are 'on' and 'off'.`,
`$bDM-HISTORY$b
'dm-history' is only effective for always-on clients. It lets you control
how the history of your direct messages is stored. Your options are:
1. 'off' [no history]
2. 'ephemeral' [a limited amount of temporary history, not stored on disk]
3. 'on' [history stored in a permanent database, if available]
4. 'default' [use the server default]`,
`$bAUTO-AWAY$b
'auto-away' is only effective for always-on clients. If enabled, you will
automatically be marked away when all your sessions are disconnected, and
automatically return from away when you connect again.`,
`$bEMAIL$b
'email' controls the e-mail address associated with your account (if the
server operator allows it, this address can be used for password resets).
As an additional security measure, if you have a password set, you must
provide it as an additional argument to $bSET$b, for example,
SET EMAIL test@example.com hunter2`,
},
authRequired: true,
enabled: servCmdRequiresAuthEnabled,
minParams: 2,
},
"saset": {
handler: nsSetHandler,
help: `Syntax: $bSASET <account> <setting> <value>$b
SASET modifies the values of someone else's account settings. For more
information on the settings and their possible values, see HELP SET.`,
helpShort: `$bSASET$b modifies another user's account settings`,
enabled: servCmdRequiresAuthEnabled,
minParams: 3,
capabs: []string{"accreg"},
},
"sendpass": {
handler: nsSendpassHandler,
help: `Syntax: $bSENDPASS <account>$b
SENDPASS sends a password reset email to the email address associated with
the target account. The reset code in the email can then be used with the
$bRESETPASS$b command.`,
helpShort: `$bSENDPASS$b initiates an email-based password reset`,
enabled: servCmdRequiresEmailReset,
minParams: 1,
},
"resetpass": {
handler: nsResetpassHandler,
help: `Syntax: $bRESETPASS <account> <code> <password>$b
RESETPASS resets an account password, using a reset code that was emailed as
the result of a previous $bSENDPASS$b command.`,
helpShort: `$bRESETPASS$b completes an email-based password reset`,
enabled: servCmdRequiresEmailReset,
minParams: 3,
},
"cert": {
handler: nsCertHandler,
help: `Syntax: $bCERT <LIST | ADD | DEL> [account] [certfp]$b
CERT examines or modifies the SHA-256 TLS certificate fingerprints that can
be used to log into an account. Specifically, $bCERT LIST$b lists the
authorized fingerprints, $bCERT ADD <fingerprint>$b adds a new fingerprint, and
$bCERT DEL <fingerprint>$b removes a fingerprint. If you're an IRC operator
with the correct permissions, you can act on another user's account, for
example with $bCERT ADD <account> <fingerprint>$b. See the operator manual
for instructions on how to compute the fingerprint.`,
helpShort: `$bCERT$b controls a user account's certificate fingerprints`,
enabled: servCmdRequiresAuthEnabled,
minParams: 1,
},
"suspend": {
handler: nsSuspendHandler,
help: `Syntax: $bSUSPEND ADD <nickname> [DURATION duration] [reason]$b
$bSUSPEND DEL <nickname>$b
$bSUSPEND LIST$b
Suspending an account disables it (preventing new logins) and disconnects
all associated clients. You can specify a time limit or a reason for
the suspension. The $bDEL$b subcommand reverses a suspension, and the $bLIST$b
command lists all current suspensions.`,
helpShort: `$bSUSPEND$b manages account suspensions`,
minParams: 1,
capabs: []string{"ban"},
},
"rename": {
handler: nsRenameHandler,
help: `Syntax: $bRENAME <account> <newname>$b
RENAME allows a server administrator to change the name of an account.
Currently, you can only change the canonical casefolding of an account
(e.g., you can change "Alice" to "alice", but not "Alice" to "Amanda").`,
helpShort: `$bRENAME$b renames an account`,
minParams: 2,
capabs: []string{"accreg"},
},
"verifyemail": {
handler: nsVerifyEmailHandler,
authRequired: true,
minParams: 1,
hidden: true,
},
}
)
func nsGetHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
var account string
if command == "saget" {
account = params[0]
params = params[1:]
} else {
account = client.Account()
}
accountData, err := server.accounts.LoadAccount(account)
if err == errAccountDoesNotExist {
service.Notice(rb, client.t("No such account"))
return
} else if err != nil {
service.Notice(rb, client.t("Error loading account data"))
return
}
displaySetting(service, params[0], accountData.Settings, client, rb)
}
func displaySetting(service *ircService, settingName string, settings AccountSettings, client *Client, rb *ResponseBuffer) {
config := client.server.Config()
switch strings.ToLower(settingName) {
case "enforce":
storedValue := settings.NickEnforcement
serializedStoredValue := nickReservationToString(storedValue)
service.Notice(rb, fmt.Sprintf(client.t("Your stored nickname enforcement setting is: %s"), serializedStoredValue))
serializedActualValue := nickReservationToString(configuredEnforcementMethod(config, storedValue))
service.Notice(rb, fmt.Sprintf(client.t("Given current server settings, your nickname is enforced with: %s"), serializedActualValue))
case "autoreplay-lines":
if settings.AutoreplayLines == nil {
service.Notice(rb, fmt.Sprintf(client.t("You will receive the server default of %d lines of autoreplayed history"), config.History.AutoreplayOnJoin))
} else {
service.Notice(rb, fmt.Sprintf(client.t("You will receive %d lines of autoreplayed history"), *settings.AutoreplayLines))
}
case "replay-joins":
switch settings.ReplayJoins {
case ReplayJoinsCommandsOnly:
service.Notice(rb, client.t("You will see JOINs and PARTs in /HISTORY output, but not in autoreplay"))
case ReplayJoinsAlways:
service.Notice(rb, client.t("You will see JOINs and PARTs in /HISTORY output and in autoreplay"))
}
case "multiclient":
if !config.Accounts.Multiclient.Enabled {
service.Notice(rb, client.t("This feature has been disabled by the server administrators"))
} else {
switch settings.AllowBouncer {
case MulticlientAllowedServerDefault:
if config.Accounts.Multiclient.AllowedByDefault {
service.Notice(rb, client.t("Multiclient functionality is currently enabled for your account, but you can opt out"))
} else {
service.Notice(rb, client.t("Multiclient functionality is currently disabled for your account, but you can opt in"))
}
case MulticlientDisallowedByUser:
service.Notice(rb, client.t("Multiclient functionality is currently disabled for your account"))
case MulticlientAllowedByUser:
service.Notice(rb, client.t("Multiclient functionality is currently enabled for your account"))
}
}
case "always-on":
stored := settings.AlwaysOn
actual := persistenceEnabled(config.Accounts.Multiclient.AlwaysOn, stored)
service.Notice(rb, fmt.Sprintf(client.t("Your stored always-on setting is: %s"), userPersistentStatusToString(stored)))
if actual {
service.Notice(rb, client.t("Given current server settings, your client is always-on"))
} else {
service.Notice(rb, client.t("Given current server settings, your client is not always-on"))
}
case "autoreplay-missed":
stored := settings.AutoreplayMissed
if stored {
alwaysOn := persistenceEnabled(config.Accounts.Multiclient.AlwaysOn, settings.AlwaysOn)
if alwaysOn {
service.Notice(rb, client.t("Autoreplay of missed messages is enabled"))
} else {
service.Notice(rb, client.t("You have enabled autoreplay of missed messages, but you can't receive them because your client isn't set to always-on"))
}
} else {
service.Notice(rb, client.t("Your account is not configured to receive autoreplayed missed messages"))
}
case "auto-away":
stored := settings.AutoAway
alwaysOn := persistenceEnabled(config.Accounts.Multiclient.AlwaysOn, settings.AlwaysOn)
actual := persistenceEnabled(config.Accounts.Multiclient.AutoAway, settings.AutoAway)
service.Notice(rb, fmt.Sprintf(client.t("Your stored auto-away setting is: %s"), userPersistentStatusToString(stored)))
if actual && alwaysOn {
service.Notice(rb, client.t("Given current server settings, auto-away is enabled for your client"))
} else if actual && !alwaysOn {
service.Notice(rb, client.t("Because your client is not always-on, auto-away is disabled"))
} else if !actual {
service.Notice(rb, client.t("Given current server settings, auto-away is disabled for your client"))
}
case "dm-history":
effectiveValue := historyEnabled(config.History.Persistent.DirectMessages, settings.DMHistory)
service.Notice(rb, fmt.Sprintf(client.t("Your stored direct message history setting is: %s"), historyStatusToString(settings.DMHistory)))
service.Notice(rb, fmt.Sprintf(client.t("Given current server settings, your direct message history setting is: %s"), historyStatusToString(effectiveValue)))
case "email":
if settings.Email != "" {
service.Notice(rb, fmt.Sprintf(client.t("Your stored e-mail address is: %s"), settings.Email))
} else {
service.Notice(rb, client.t("You have no stored e-mail address"))
}
default:
service.Notice(rb, client.t("No such setting"))
}
}
func userPersistentStatusToString(status PersistentStatus) string {
// #1544: "mandatory" as a user setting should display as "enabled"
result := persistentStatusToString(status)
if result == "mandatory" {
result = "enabled"
}
return result
}
func nsSetHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
var privileged bool
var account string
if command == "saset" {
privileged = true
account = params[0]
params = params[1:]
} else {
account = client.Account()
}
key := strings.ToLower(params[0])
// unprivileged NS SET EMAIL is different because it requires a confirmation
if !privileged && key == "email" {
nsSetEmailHandler(service, client, params, rb)
return
}
var munger settingsMunger
var finalSettings AccountSettings
var err error
switch key {
case "pass", "password":
service.Notice(rb, client.t("To change a password, use the PASSWD command. For details, /msg NickServ HELP PASSWD"))
return
case "enforce":
var method NickEnforcementMethod
method, err = nickReservationFromString(params[1])
if err != nil {
err = errInvalidParams
break
}
// updating enforcement settings is special-cased, because it requires
// an update to server.accounts.accountToMethod
finalSettings, err = server.accounts.SetEnforcementStatus(account, method)
if err == nil {
finalSettings.NickEnforcement = method // success
}
case "autoreplay-lines":
var newValue *int
if strings.ToLower(params[1]) != "default" {
val, err_ := strconv.Atoi(params[1])
if err_ != nil || val < 0 {
err = errInvalidParams
break
}
newValue = new(int)
*newValue = val
}
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.AutoreplayLines = newValue
return
}
case "multiclient":
var newValue MulticlientAllowedSetting
if strings.ToLower(params[1]) == "default" {
newValue = MulticlientAllowedServerDefault
} else {
var enabled bool
enabled, err = utils.StringToBool(params[1])
if enabled {
newValue = MulticlientAllowedByUser
} else {
newValue = MulticlientDisallowedByUser
}
}
if err == nil {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.AllowBouncer = newValue
return
}
}
case "replay-joins":
var newValue ReplayJoinsSetting
newValue, err = replayJoinsSettingFromString(params[1])
if err == nil {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.ReplayJoins = newValue
return
}
}
case "always-on":
// #821: it's problematic to alter the value of always-on if you're not
// the (actual or potential) always-on client yourself. make an exception
// for `saset` to give operators an escape hatch (any consistency problems
// can probably be fixed by restarting the server):
if command != "saset" {
details := client.Details()
if details.nick != details.accountName {
err = errNickAccountMismatch
}
}
if err == nil {
var newValue PersistentStatus
newValue, err = persistentStatusFromString(params[1])
// "opt-in" and "opt-out" don't make sense as user preferences
if err == nil && newValue != PersistentOptIn && newValue != PersistentOptOut {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.AlwaysOn = newValue
return
}
}
}
case "autoreplay-missed":
var newValue bool
newValue, err = utils.StringToBool(params[1])
if err == nil {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.AutoreplayMissed = newValue
return
}
}
case "auto-away":
var newValue PersistentStatus
newValue, err = persistentStatusFromString(params[1])
// "opt-in" and "opt-out" don't make sense as user preferences
if err == nil && newValue != PersistentOptIn && newValue != PersistentOptOut {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.AutoAway = newValue
return
}
}
case "dm-history":
var newValue HistoryStatus
newValue, err = historyStatusFromString(params[1])
if err == nil {
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.DMHistory = newValue
return
}
}
case "email":
newValue := params[1]
munger = func(in AccountSettings) (out AccountSettings, err error) {
out = in
out.Email = newValue
return
}
default:
err = errInvalidParams
}
if munger != nil {
finalSettings, err = server.accounts.ModifyAccountSettings(account, munger)
}
switch err {
case nil:
service.Notice(rb, client.t("Successfully changed your account settings"))
displaySetting(service, key, finalSettings, client, rb)
case errInvalidParams, errAccountDoesNotExist, errFeatureDisabled, errAccountUnverified, errAccountUpdateFailed:
service.Notice(rb, client.t(err.Error()))
case errNickAccountMismatch:
service.Notice(rb, fmt.Sprintf(client.t("Your nickname must match your account name %s exactly to modify this setting. Try changing it with /NICK, or logging out and back in with the correct nickname."), client.AccountName()))
default:
// unknown error
service.Notice(rb, client.t("An error occurred"))
}
}
// handle unprivileged NS SET EMAIL, which sends a confirmation code
func nsSetEmailHandler(service *ircService, client *Client, params []string, rb *ResponseBuffer) {
config := client.server.Config()
if !config.Accounts.Registration.EmailVerification.Enabled {
rb.Notice(client.t("E-mail verification is disabled"))
return
}
if !nsLoginThrottleCheck(service, client, rb) {
return
}
var password string
if len(params) > 2 {
password = params[2]
}
account := client.Account()
errorMessage := nsConfirmPassword(client.server, account, password)
if errorMessage != "" {
service.Notice(rb, client.t(errorMessage))
return
}
err := client.server.accounts.NsSetEmail(client, params[1])
switch err {
case nil:
service.Notice(rb, client.t("Check your e-mail for instructions on how to confirm your change of address"))
case errLimitExceeded:
service.Notice(rb, client.t("Try again later"))
default:
// if appropriate, show the client the error from the attempted email sending
if rErr := registrationCallbackErrorText(config, client, err); rErr != "" {
service.Notice(rb, rErr)
} else {
service.Notice(rb, client.t("An error occurred"))
}
}
}
func nsVerifyEmailHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
err := server.accounts.NsVerifyEmail(client, params[0])
switch err {
case nil:
service.Notice(rb, client.t("Successfully changed your account settings"))
displaySetting(service, "email", client.AccountSettings(), client, rb)
case errAccountVerificationInvalidCode:
service.Notice(rb, client.t(err.Error()))
default:
service.Notice(rb, client.t("An error occurred"))
}
}
func nsDropHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
sadrop := command == "sadrop"
var nick string
if len(params) > 0 {
nick = params[0]
} else {
nick = client.NickCasefolded()
}
err := server.accounts.SetNickReserved(client, nick, sadrop, false)
if err == nil {
service.Notice(rb, fmt.Sprintf(client.t("Successfully ungrouped nick %s with your account"), nick))
} else if err == errAccountNotLoggedIn {
service.Notice(rb, client.t("You're not logged into an account"))
} else if err == errAccountCantDropPrimaryNick {
service.Notice(rb, client.t("You can't ungroup your primary nickname (try unregistering your account instead)"))
} else {
service.Notice(rb, client.t("Could not ungroup nick"))
}
}
func nsGhostHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
nick := params[0]
ghost := server.clients.Get(nick)
if ghost == nil {
service.Notice(rb, client.t("No such nick"))
return
} else if ghost == client {
service.Notice(rb, client.t("You can't GHOST yourself (try /QUIT instead)"))
return
} else if ghost.AlwaysOn() {
service.Notice(rb, client.t("You can't GHOST an always-on client"))
return
}
authorized := false
account := client.Account()
if account != "" {
// the user must either own the nick, or the target client
authorized = (server.accounts.NickToAccount(nick) == account) || (ghost.Account() == account)
}
if !authorized {
service.Notice(rb, client.t("You don't own that nick"))
return
}
ghost.Quit(fmt.Sprintf(ghost.t("GHOSTed by %s"), client.Nick()), nil)
ghost.destroy(nil)
}
func nsGroupHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
nick := client.Nick()
err := server.accounts.SetNickReserved(client, nick, false, true)
if err == nil {
service.Notice(rb, fmt.Sprintf(client.t("Successfully grouped nick %s with your account"), nick))
} else if err == errAccountTooManyNicks {
service.Notice(rb, client.t("You have too many nicks reserved already (you can remove some with /NS DROP)"))
} else if err == errNicknameReserved {
service.Notice(rb, client.t("That nickname is already reserved by someone else"))
} else {
service.Notice(rb, client.t("Error reserving nickname"))
}
}
func nsLoginThrottleCheck(service *ircService, client *Client, rb *ResponseBuffer) (success bool) {
throttled, remainingTime := client.checkLoginThrottle()
if throttled {
service.Notice(rb, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
}
return !throttled
}
func nsIdentifyHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
if client.LoggedIntoAccount() {
service.Notice(rb, client.t("You're already logged into an account"))
return
}
var err error
loginSuccessful := false
var username, passphrase string
if len(params) == 1 {
if rb.session.certfp != "" {
username = params[0]
} else {
// XXX undocumented compatibility mode with other nickservs, allowing
// /msg NickServ identify passphrase
username = client.NickCasefolded()
passphrase = params[0]
}
} else {
username = params[0]
passphrase = params[1]
}
// try passphrase
if passphrase != "" {
err = server.accounts.AuthenticateByPassphrase(client, username, passphrase)
loginSuccessful = (err == nil)
}
// try certfp
if !loginSuccessful && rb.session.certfp != "" {
err = server.accounts.AuthenticateByCertificate(client, rb.session.certfp, rb.session.peerCerts, "")
loginSuccessful = (err == nil)
}
nickFixupFailed := false
if loginSuccessful {
if !fixupNickEqualsAccount(client, rb, server.Config(), service.prefix) {
loginSuccessful = false
// fixupNickEqualsAccount sends its own error message, don't send another
nickFixupFailed = true
}
}
if loginSuccessful {
sendSuccessfulAccountAuth(service, client, rb, true)
} else if !nickFixupFailed {
service.Notice(rb, fmt.Sprintf(client.t("Authentication failed: %s"), authErrorToMessage(server, err)))
}
}
func nsListHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
if !client.HasRoleCapabs("accreg") {
service.Notice(rb, client.t("Insufficient privileges"))
return
}
var searchRegex *regexp.Regexp
if len(params) > 0 {
var err error
searchRegex, err = regexp.Compile(params[0])
if err != nil {
service.Notice(rb, client.t("Invalid regex"))
return
}
}
service.Notice(rb, ircfmt.Unescape(client.t("*** $bNickServ LIST$b ***")))
nicks := server.accounts.AllNicks()
for _, nick := range nicks {
if searchRegex == nil || searchRegex.MatchString(nick) {
service.Notice(rb, fmt.Sprintf(" %s", nick))
}
}
service.Notice(rb, ircfmt.Unescape(client.t("*** $bEnd of NickServ LIST$b ***")))
}
func nsInfoHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
if !server.Config().Accounts.AuthenticationEnabled && !client.HasRoleCapabs("accreg") {
service.Notice(rb, client.t("This command has been disabled by the server administrators"))
return
}
var accountName string
if len(params) > 0 {
nick := params[0]
if server.Config().Accounts.NickReservation.Enabled {
accountName = server.accounts.NickToAccount(nick)
if accountName == "" {
service.Notice(rb, client.t("That nickname is not registered"))
return
}
} else {
accountName = nick
}
} else {
accountName = client.Account()
if accountName == "" {
service.Notice(rb, client.t("You're not logged into an account"))
return
}
}
account, err := server.accounts.LoadAccount(accountName)
if err != nil || !account.Verified {
service.Notice(rb, client.t("Account does not exist"))
return
}
service.Notice(rb, fmt.Sprintf(client.t("Account: %s"), account.Name))
registeredAt := account.RegisteredAt.Format(time.RFC1123)
service.Notice(rb, fmt.Sprintf(client.t("Registered at: %s"), registeredAt))
if account.Name == client.AccountName() || client.HasRoleCapabs("accreg") {
if account.Settings.Email != "" {
service.Notice(rb, fmt.Sprintf(client.t("Email address: %s"), account.Settings.Email))
}
}
// TODO nicer formatting for this
for _, nick := range account.AdditionalNicks {
service.Notice(rb, fmt.Sprintf(client.t("Additional grouped nick: %s"), nick))
}
listRegisteredChannels(service, accountName, rb)
if account.Suspended != nil {
service.Notice(rb, suspensionToString(client, *account.Suspended))
}
}
func listRegisteredChannels(service *ircService, accountName string, rb *ResponseBuffer) {
client := rb.session.client
channels := client.server.accounts.ChannelsForAccount(accountName)
service.Notice(rb, fmt.Sprintf(client.t("Account %s has %d registered channel(s)."), accountName, len(channels)))
for _, channel := range rb.session.client.server.accounts.ChannelsForAccount(accountName) {
service.Notice(rb, fmt.Sprintf(client.t("Registered channel: %s"), channel))
}
}
func nsRegisterHandler(service *ircService, server *Server, client *Client, command string, params []string, rb *ResponseBuffer) {
details := client.Details()
passphrase := params[0]
var email string
if 1 < len(params) {
email = params[1]
}
certfp := rb.session.certfp
if passphrase == "*" {
if certfp == "" {
service.Notice(rb, client.t("You must be connected with TLS and a client certificate to do this"))
return
} else {
passphrase = ""
}
}
if passphrase != "" {
cfPassphrase, err := Casefold(passphrase)
if err == nil && cfPassphrase == details.nickCasefolded {
service.Notice(rb, client.t("Usage: REGISTER <passphrase> [email]")) // #1179
return
}
}
if !nsLoginThrottleCheck(service, client, rb) {
return
}
config := server.Config()
account := details.nick
if config.Accounts.NickReservation.ForceGuestFormat {
matches := config.Accounts.NickReservation.guestRegexp.FindStringSubmatch(account)
if matches == nil || len(matches) < 2 {
service.Notice(rb, client.t("Erroneous nickname"))
return
}
account = matches[1]
}
callbackNamespace, callbackValue, validationErr := parseCallback(email, config)
if validationErr != nil {
service.Notice(rb, client.t("Registration requires a valid e-mail address"))
return
}
err := server.accounts.Register(client, account, callbackNamespace, callbackValue, passphrase, rb.session.certfp)
if err == nil {
if callbackNamespace == "*" {
err = server.accounts.Verify(client, account, "")
if err == nil && fixupNickEqualsAccount(client, rb, config, service.prefix) {