-#-- vim:sw=2:et\r
-#++\r
-# :title: User management\r
-#\r
-# rbot user management\r
-# Author:: Giuseppe Bilotta (giuseppe.bilotta@gmail.com)\r
-# Copyright:: Copyright (c) 2006 Giuseppe Bilotta\r
-# License:: GPLv2\r
-\r
-require 'singleton'\r
-\r
-\r
-module Irc\r
-\r
-\r
- # This module contains the actual Authentication stuff\r
- #\r
- module Auth\r
-\r
- BotConfig.register BotConfigStringValue.new( 'auth.password',\r
- :default => 'rbotauth', :wizard => true,\r
- :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v},\r
- :desc => _('Password for the bot owner'))\r
- BotConfig.register BotConfigBooleanValue.new( 'auth.login_by_mask',\r
- :default => 'true',\r
- :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known'))\r
- BotConfig.register BotConfigBooleanValue.new( 'auth.autologin',\r
- :default => 'true',\r
- :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login'))\r
- # BotConfig.register BotConfigIntegerValue.new( 'auth.default_level',\r
- # :default => 10, :wizard => true,\r
- # :desc => 'The default level for new/unknown users' )\r
-\r
- # Generate a random password of length _l_\r
- #\r
- def Auth.random_password(l=8)\r
- pwd = ""\r
- l.times do\r
- pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr\r
- end\r
- return pwd\r
- end\r
-\r
-\r
- # An Irc::Auth::Command defines a command by its "path":\r
- #\r
- # base::command::subcommand::subsubcommand::subsubsubcommand\r
- #\r
- class Command\r
-\r
- attr_reader :command, :path\r
-\r
- # A method that checks if a given _cmd_ is in a form that can be\r
- # reduced into a canonical command path, and if so, returns it\r
- #\r
- def sanitize_command_path(cmd)\r
- pre = cmd.to_s.downcase.gsub(/^\*?(?:::)?/,"").gsub(/::$/,"")\r
- return pre if pre.empty?\r
- return pre if pre =~ /^\S+(::\S+)*$/\r
- raise TypeError, "#{cmd.inspect} is not a valid command"\r
- end\r
-\r
- # Creates a new Command from a given string; you can then access\r
- # the command as a symbol with the :command method and the whole\r
- # path as :path\r
- #\r
- # Command.new("core::auth::save").path => [:"*", :"core", :"core::auth", :"core::auth::save"]\r
- #\r
- # Command.new("core::auth::save").command => :"core::auth::save"\r
- #\r
- def initialize(cmd)\r
- cmdpath = sanitize_command_path(cmd).split('::')\r
- seq = cmdpath.inject(["*"]) { |list, cmd|\r
- list << (list.length > 1 ? list.last + "::" : "") + cmd\r
- }\r
- @path = seq.map { |k|\r
- k.to_sym\r
- }\r
- @command = path.last\r
- debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}"\r
- end\r
-\r
- # Returs self\r
- def to_irc_auth_command\r
- self\r
- end\r
-\r
- end\r
-\r
- end\r
-\r
-end\r
-\r
-\r
-class String\r
-\r
- # Returns an Irc::Auth::Comand from the receiver\r
- def to_irc_auth_command\r
- Irc::Auth::Command.new(self)\r
- end\r
-\r
-end\r
-\r
-\r
-class Symbol\r
-\r
- # Returns an Irc::Auth::Comand from the receiver\r
- def to_irc_auth_command\r
- Irc::Auth::Command.new(self)\r
- end\r
-\r
-end\r
-\r
-\r
-module Irc\r
-\r
-\r
- module Auth\r
-\r
-\r
- # This class describes a permission set\r
- class PermissionSet\r
-\r
- attr_reader :perm\r
- # Create a new (empty) PermissionSet\r
- #\r
- def initialize\r
- @perm = {}\r
- end\r
-\r
- # Inspection simply inspects the internal hash\r
- def inspect\r
- @perm.inspect\r
- end\r
-\r
- # Sets the permission for command _cmd_ to _val_,\r
- #\r
- def set_permission(str, val)\r
- cmd = str.to_irc_auth_command\r
- case val\r
- when true, false\r
- @perm[cmd.command] = val\r
- when nil\r
- @perm.delete(cmd.command)\r
- else\r
- raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)\r
- end\r
- end\r
-\r
- # Resets the permission for command _cmd_\r
- #\r
- def reset_permission(cmd)\r
- set_permission(cmd, nil)\r
- end\r
-\r
- # Tells if command _cmd_ is permitted. We do this by returning\r
- # the value of the deepest Command#path that matches.\r
- #\r
- def permit?(str)\r
- cmd = str.to_irc_auth_command\r
- allow = nil\r
- cmd.path.reverse.each { |k|\r
- if @perm.has_key?(k)\r
- allow = @perm[k]\r
- break\r
- end\r
- }\r
- return allow\r
- end\r
-\r
- end\r
-\r
-\r
- # This is the error that gets raised when an invalid password is met\r
- #\r
- class InvalidPassword < RuntimeError\r
- end\r
-\r
-\r
- # This is the basic class for bot users: they have a username, a password,\r
- # a list of netmasks to match against, and a list of permissions.\r
- #\r
- class BotUser\r
-\r
- attr_reader :username\r
- attr_reader :password\r
- attr_reader :netmasks\r
- attr_reader :perm\r
- attr_writer :login_by_mask\r
- attr_writer :autologin\r
- attr_accessor :transient\r
-\r
- # Create a new BotUser with given username\r
- def initialize(username, options={})\r
- opts = {:transient => false}.merge(options)\r
- @transient = opts[:transient]\r
- @username = @transient ? "*" : ""\r
- @username << BotUser.sanitize_username(username)\r
- @password = nil\r
- @netmasks = NetmaskList.new\r
- @perm = {}\r
- reset_login_by_mask\r
- reset_autologin\r
- end\r
-\r
- # Inspection\r
- def inspect\r
- str = "<#{self.class}:#{'0x%08x' % self.object_id}:"\r
- str << " @username=#{@username.inspect}"\r
- str << " @netmasks=#{@netmasks.inspect}"\r
- str << " @perm=#{@perm.inspect}"\r
- str << " @login_by_mask=#{@login_by_mask}"\r
- str << " @autologin=#{@autologin}"\r
- str << ">"\r
- end\r
-\r
- # In strings\r
- def to_s\r
- @username\r
- end\r
-\r
- # Convert into a hash\r
- def to_hash\r
- {\r
- :username => @username,\r
- :password => @password,\r
- :netmasks => @netmasks,\r
- :perm => @perm,\r
- :login_by_mask => @login_by_mask,\r
- :autologin => @autologin\r
- }\r
- end\r
-\r
- # Do we allow logging in without providing the password?\r
- #\r
- def login_by_mask?\r
- @login_by_mask\r
- end\r
-\r
- # Reset the login-by-mask option\r
- #\r
- def reset_login_by_mask\r
- @login_by_mask = Auth.authmanager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)\r
- end\r
-\r
- # Reset the autologin option\r
- #\r
- def reset_autologin\r
- @autologin = Auth.authmanager.bot.config['auth.autologin'] unless defined?(@autologin)\r
- end\r
-\r
- # Do we allow automatic logging in?\r
- #\r
- def autologin?\r
- @autologin\r
- end\r
-\r
- # Restore from hash\r
- def from_hash(h)\r
- @username = h[:username] if h.has_key?(:username)\r
- @password = h[:password] if h.has_key?(:password)\r
- @netmasks = h[:netmasks] if h.has_key?(:netmasks)\r
- @perm = h[:perm] if h.has_key?(:perm)\r
- @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)\r
- @autologin = h[:autologin] if h.has_key?(:autologin)\r
- end\r
-\r
- # This method sets the password if the proposed new password\r
- # is valid\r
- def password=(pwd=nil)\r
- pass = pwd.to_s\r
- if pass.empty?\r
- reset_password\r
- else\r
- begin\r
- raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/\r
- raise InvalidPassword, "#{pass} too short" if pass.length < 4\r
- @password = pass\r
- rescue InvalidPassword => e\r
- raise e\r
- rescue => e\r
- raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})"\r
- end\r
- end\r
- end\r
-\r
- # Resets the password by creating a new onw\r
- def reset_password\r
- @password = Auth.random_password\r
- end\r
-\r
- # Sets the permission for command _cmd_ to _val_ on channel _chan_\r
- #\r
- def set_permission(cmd, val, chan="*")\r
- k = chan.to_s.to_sym\r
- @perm[k] = PermissionSet.new unless @perm.has_key?(k)\r
- @perm[k].set_permission(cmd, val)\r
- end\r
-\r
- # Resets the permission for command _cmd_ on channel _chan_\r
- #\r
- def reset_permission(cmd, chan ="*")\r
- set_permission(cmd, nil, chan)\r
- end\r
-\r
- # Checks if BotUser is allowed to do something on channel _chan_,\r
- # or on all channels if _chan_ is nil\r
- #\r
- def permit?(cmd, chan=nil)\r
- if chan\r
- k = chan.to_s.to_sym\r
- else\r
- k = :*\r
- end\r
- allow = nil\r
- if @perm.has_key?(k)\r
- allow = @perm[k].permit?(cmd)\r
- end\r
- return allow\r
- end\r
-\r
- # Adds a Netmask\r
- #\r
- def add_netmask(mask)\r
- @netmasks << mask.to_irc_netmask\r
- end\r
-\r
- # Removes a Netmask\r
- #\r
- def delete_netmask(mask)\r
- m = mask.to_irc_netmask\r
- @netmasks.delete(m)\r
- end\r
-\r
- # Removes all <code>Netmask</code>s\r
- #\r
- def reset_netmasks\r
- @netmasks = NetmaskList.new\r
- end\r
-\r
- # This method checks if BotUser has a Netmask that matches _user_\r
- #\r
- def knows?(usr)\r
- user = usr.to_irc_user\r
- known = false\r
- @netmasks.each { |n|\r
- if user.matches?(n)\r
- known = true\r
- break\r
- end\r
- }\r
- return known\r
- end\r
-\r
- # This method gets called when User _user_ wants to log in.\r
- # It returns true or false depending on whether the password\r
- # is right. If it is, the Netmask of the user is added to the\r
- # list of acceptable Netmask unless it's already matched.\r
- def login(user, password)\r
- if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))\r
- add_netmask(user) unless knows?(user)\r
- debug "#{user} logged in as #{self.inspect}"\r
- return true\r
- else\r
- return false\r
- end\r
- end\r
-\r
- # # This method gets called when User _user_ has logged out as this BotUser\r
- # def logout(user)\r
- # delete_netmask(user) if knows?(user)\r
- # end\r
-\r
- # This method sanitizes a username by chomping, downcasing\r
- # and replacing any nonalphanumeric character with _\r
- #\r
- def BotUser.sanitize_username(name)\r
- candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")\r
- raise "sanitized botusername #{candidate} too short" if candidate.length < 3\r
- return candidate\r
- end\r
-\r
- end\r
-\r
- # A TransientBotUser is a BotUser that is not intended\r
- # for permanent storage.\r
- #\r
- class TransientBotUser < BotUser\r
- def initialize\r
- super(object_id, :transient => true)\r
- end\r
- end\r
-\r
- # This is the default BotUser: it's used for all users which haven't\r
- # identified with the bot\r
- #\r
- class DefaultBotUserClass < BotUser\r
-\r
- private :add_netmask, :delete_netmask\r
-\r
- include Singleton\r
-\r
- # The default BotUser is named 'everyone'\r
- #\r
- def initialize\r
- reset_login_by_mask\r
- reset_autologin\r
- super("everyone")\r
- @default_perm = PermissionSet.new\r
- end\r
-\r
- # This method returns without changing anything\r
- #\r
- def login_by_mask=(val)\r
- debug "Tried to change the login-by-mask for default bot user, ignoring"\r
- return @login_by_mask\r
- end\r
-\r
- # The default botuser allows logins by mask\r
- #\r
- def reset_login_by_mask\r
- @login_by_mask = true\r
- end\r
-\r
- # This method returns without changing anything\r
- #\r
- def autologin=(val)\r
- debug "Tried to change the autologin for default bot user, ignoring"\r
- return\r
- end\r
-\r
- # The default botuser doesn't allow autologin (meaningless)\r
- #\r
- def reset_autologin\r
- @autologin = false\r
- end\r
-\r
- # Sets the default permission for the default user (i.e. the ones\r
- # set by the BotModule writers) on all channels\r
- #\r
- def set_default_permission(cmd, val)\r
- @default_perm.set_permission(Command.new(cmd), val)\r
- debug "Default permissions now: #{@default_perm.pretty_inspect}"\r
- end\r
-\r
- # default knows everybody\r
- #\r
- def knows?(user)\r
- return true if user.to_irc_user\r
- end\r
-\r
- # We always allow logging in as the default user\r
- def login(user, password)\r
- return true\r
- end\r
-\r
- # Resets the NetmaskList\r
- def reset_netmasks\r
- super\r
- add_netmask("*!*@*")\r
- end\r
-\r
- # DefaultBotUser will check the default_perm after checking\r
- # the global ones\r
- # or on all channels if _chan_ is nil\r
- #\r
- def permit?(cmd, chan=nil)\r
- allow = super(cmd, chan)\r
- if allow.nil? && chan.nil?\r
- allow = @default_perm.permit?(cmd)\r
- end\r
- return allow\r
- end\r
-\r
- end\r
-\r
- # Returns the only instance of DefaultBotUserClass\r
- #\r
- def Auth.defaultbotuser\r
- return DefaultBotUserClass.instance\r
- end\r
-\r
- # This is the BotOwner: he can do everything\r
- #\r
- class BotOwnerClass < BotUser\r
-\r
- include Singleton\r
-\r
- def initialize\r
- @login_by_mask = false\r
- @autologin = true\r
- super("owner")\r
- end\r
-\r
- def permit?(cmd, chan=nil)\r
- return true\r
- end\r
-\r
- end\r
-\r
- # Returns the only instance of BotOwnerClass\r
- #\r
- def Auth.botowner\r
- return BotOwnerClass.instance\r
- end\r
-\r
-\r
- # This is the AuthManagerClass singleton, used to manage User/BotUser connections and\r
- # everything\r
- #\r
- class AuthManagerClass\r
-\r
- include Singleton\r
-\r
- attr_reader :everyone\r
- attr_reader :botowner\r
- attr_reader :bot\r
-\r
- # The instance manages two <code>Hash</code>es: one that maps\r
- # <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps\r
- # usernames onto <code>BotUser</code>\r
- def initialize\r
- @everyone = Auth::defaultbotuser\r
- @botowner = Auth::botowner\r
- bot_associate(nil)\r
- end\r
-\r
- def bot_associate(bot)\r
- raise "Cannot associate with a new bot! Save first" if defined?(@has_changes) && @has_changes\r
-\r
- reset_hashes\r
-\r
- # Associated bot\r
- @bot = bot\r
-\r
- # This variable is set to true when there have been changes\r
- # to the botusers list, so that we know when to save\r
- @has_changes = false\r
- end\r
-\r
- def set_changed\r
- @has_changes = true\r
- end\r
-\r
- def reset_changed\r
- @has_changes = false\r
- end\r
-\r
- def changed?\r
- @has_changes\r
- end\r
-\r
- # resets the hashes\r
- def reset_hashes\r
- @botusers = Hash.new\r
- @allbotusers = Hash.new\r
- [everyone, botowner].each { |x|\r
- @allbotusers[x.username.to_sym] = x\r
- }\r
- end\r
-\r
- def load_array(ary, forced)\r
- unless ary\r
- warning "Tried to load an empty array"\r
- return\r
- end\r
- raise "Won't load with unsaved changes" if @has_changes and not forced\r
- reset_hashes\r
- ary.each { |x|\r
- raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)\r
- u = x[:username]\r
- unless include?(u)\r
- create_botuser(u)\r
- end\r
- get_botuser(u).from_hash(x)\r
- get_botuser(u).transient = false\r
- }\r
- @has_changes=false\r
- end\r
-\r
- def save_array\r
- @allbotusers.values.map { |x|\r
- x.transient ? nil : x.to_hash\r
- }.compact\r
- end\r
-\r
- # checks if we know about a certain BotUser username\r
- def include?(botusername)\r
- @allbotusers.has_key?(botusername.to_sym)\r
- end\r
-\r
- # Maps <code>Irc::User</code> to BotUser\r
- def irc_to_botuser(ircuser)\r
- logged = @botusers[ircuser.to_irc_user]\r
- return logged if logged\r
- return autologin(ircuser)\r
- end\r
-\r
- # creates a new BotUser\r
- def create_botuser(name, password=nil)\r
- n = BotUser.sanitize_username(name)\r
- k = n.to_sym\r
- raise "botuser #{n} exists" if include?(k)\r
- bu = BotUser.new(n)\r
- bu.password = password\r
- @allbotusers[k] = bu\r
- return bu\r
- end\r
-\r
- # returns the botuser with name _name_\r
- def get_botuser(name)\r
- @allbotusers.fetch(BotUser.sanitize_username(name).to_sym)\r
- end\r
-\r
- # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_\r
- #\r
- # raises an error if _botusername_ is not a known BotUser username\r
- #\r
- # It is possible to autologin by Netmask, on request\r
- #\r
- def login(user, botusername, pwd=nil)\r
- ircuser = user.to_irc_user\r
- n = BotUser.sanitize_username(botusername)\r
- k = n.to_sym\r
- raise "No such BotUser #{n}" unless include?(k)\r
- if @botusers.has_key?(ircuser)\r
- return true if @botusers[ircuser].username == n\r
- # TODO\r
- # @botusers[ircuser].logout(ircuser)\r
- end\r
- bu = @allbotusers[k]\r
- if bu.login(ircuser, pwd)\r
- @botusers[ircuser] = bu\r
- return true\r
- end\r
- return false\r
- end\r
-\r
- # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin\r
- # and trying to login without a password\r
- #\r
- def autologin(user)\r
- ircuser = user.to_irc_user\r
- debug "Trying to autologin #{ircuser}"\r
- return @botusers[ircuser] if @botusers.has_key?(ircuser)\r
- @allbotusers.each { |n, bu|\r
- debug "Checking with #{n}"\r
- return bu if bu.autologin? and login(ircuser, n)\r
- }\r
- return everyone\r
- end\r
-\r
- # Checks if User _user_ can do _cmd_ on _chan_.\r
- #\r
- # Permission are checked in this order, until a true or false\r
- # is returned:\r
- # * associated BotUser on _chan_\r
- # * associated BotUser on all channels\r
- # * everyone on _chan_\r
- # * everyone on all channels\r
- #\r
- def permit?(user, cmdtxt, channel=nil)\r
- if user.class <= BotUser\r
- botuser = user\r
- else\r
- botuser = irc_to_botuser(user)\r
- end\r
- cmd = cmdtxt.to_irc_auth_command\r
-\r
- chan = channel\r
- case chan\r
- when User\r
- chan = "?"\r
- when Channel\r
- chan = chan.name\r
- end\r
-\r
- allow = nil\r
-\r
- allow = botuser.permit?(cmd, chan) if chan\r
- return allow unless allow.nil?\r
- allow = botuser.permit?(cmd)\r
- return allow unless allow.nil?\r
-\r
- unless botuser == everyone\r
- allow = everyone.permit?(cmd, chan) if chan\r
- return allow unless allow.nil?\r
- allow = everyone.permit?(cmd)\r
- return allow unless allow.nil?\r
- end\r
-\r
- raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"\r
- end\r
-\r
- # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally\r
- # telling if the user is authorized\r
- #\r
- def allow?(cmdtxt, user, chan=nil)\r
- if permit?(user, cmdtxt, chan)\r
- return true\r
- else\r
- # cmds = cmdtxt.split('::')\r
- # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan\r
- @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") %\r
- {:user=>user, :command=>cmdtxt} if chan\r
- return false\r
- end\r
- end\r
-\r
- end\r
-\r
- # Returns the only instance of AuthManagerClass\r
- #\r
- def Auth.authmanager\r
- return AuthManagerClass.instance\r
- end\r
-\r
- end\r
-\r
-end\r
+#-- vim:sw=2:et
+#++
+# :title: User management
+#
+# rbot user management
+# Author:: Giuseppe Bilotta (giuseppe.bilotta@gmail.com)
+
+require 'singleton'
+require 'set'
+require 'rbot/maskdb'
+
+# This would be a good idea if it was failproof, but the truth
+# is that other methods can indirectly modify the hash. *sigh*
+#
+# class AuthNotifyingHash < Hash
+# %w(clear default= delete delete_if replace invert
+# merge! update rehash reject! replace shift []= store).each { |m|
+# class_eval {
+# define_method(m) { |*a|
+# r = super(*a)
+# Irc::Bot::Auth.manager.set_changed
+# r
+# }
+# }
+# }
+# end
+#
+
+module Irc
+class Bot
+
+
+ # This module contains the actual Authentication stuff
+ #
+ module Auth
+
+ Config.register Config::StringValue.new( 'auth.password',
+ :default => [*?a..?z,*?A..?Z,*?0..?9].sample(8).join, :wizard => true,
+ :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v},
+ :desc => _('Password for the bot owner'))
+ Config.register Config::BooleanValue.new( 'auth.login_by_mask',
+ :default => 'true',
+ :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known'))
+ Config.register Config::BooleanValue.new( 'auth.autologin',
+ :default => 'true',
+ :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login'))
+ Config.register Config::BooleanValue.new( 'auth.autouser',
+ :default => 'false',
+ :desc => _('Set true to allow new botusers to be created automatically'))
+ # Config.register Config::IntegerValue.new( 'auth.default_level',
+ # :default => 10, :wizard => true,
+ # :desc => 'The default level for new/unknown users' )
+
+ # Generate a random password of length _l_
+ #
+ def Auth.random_password(l=8)
+ pwd = ""
+ l.times do
+ pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr
+ end
+ return pwd
+ end
+
+
+ # An Irc::Bot::Auth::Command defines a command by its "path":
+ #
+ # base::command::subcommand::subsubcommand::subsubsubcommand
+ #
+ class Command
+
+ attr_reader :command, :path
+
+ # A method that checks if a given _cmd_ is in a form that can be
+ # reduced into a canonical command path, and if so, returns it
+ #
+ def sanitize_command_path(cmd)
+ pre = cmd.to_s.downcase.gsub(/^\*?(?:::)?/,"").gsub(/::$/,"")
+ return pre if pre.empty?
+ return pre if pre =~ /^\S+(::\S+)*$/
+ raise TypeError, "#{cmd.inspect} is not a valid command"
+ end
+
+ # Creates a new Command from a given string; you can then access
+ # the command as a symbol with the :command method and the whole
+ # path as :path
+ #
+ # Command.new("core::auth::save").path => [:"*", :"core", :"core::auth", :"core::auth::save"]
+ #
+ # Command.new("core::auth::save").command => :"core::auth::save"
+ #
+ def initialize(cmd)
+ cmdpath = sanitize_command_path(cmd).split('::')
+ seq = cmdpath.inject(["*"]) { |list, cc|
+ list << (list.length > 1 ? list.last + "::" : "") + cc
+ }
+ @path = seq.map { |k|
+ k.to_sym
+ }
+ @command = path.last
+ debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}"
+ end
+
+ # Returs self
+ def to_irc_auth_command
+ self
+ end
+
+ end
+
+ end
+
+end
+end
+
+
+class String
+
+ # Returns an Irc::Bot::Auth::Comand from the receiver
+ def to_irc_auth_command
+ Irc::Bot::Auth::Command.new(self)
+ end
+
+end
+
+
+class Symbol
+
+ # Returns an Irc::Bot::Auth::Comand from the receiver
+ def to_irc_auth_command
+ Irc::Bot::Auth::Command.new(self)
+ end
+
+end
+
+
+module Irc
+class Bot
+
+
+ module Auth
+
+
+ # This class describes a permission set
+ class PermissionSet
+
+ attr_reader :perm
+ # Create a new (empty) PermissionSet
+ #
+ def initialize
+ @perm = {}
+ end
+
+ # Inspection simply inspects the internal hash
+ def inspect
+ @perm.inspect
+ end
+
+ # Sets the permission for command _cmd_ to _val_,
+ #
+ def set_permission(str, val)
+ cmd = str.to_irc_auth_command
+ case val
+ when true, false
+ @perm[cmd.command] = val
+ when nil
+ @perm.delete(cmd.command)
+ else
+ raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)
+ end
+ end
+
+ # Resets the permission for command _cmd_
+ #
+ def reset_permission(cmd)
+ set_permission(cmd, nil)
+ end
+
+ # Tells if command _cmd_ is permitted. We do this by returning
+ # the value of the deepest Command#path that matches.
+ #
+ def permit?(str)
+ cmd = str.to_irc_auth_command
+ # TODO user-configurable list of always-allowed commands,
+ # for admins that want to set permissions -* for everybody
+ return true if cmd.command == :login
+ allow = nil
+ cmd.path.reverse.each { |k|
+ if @perm.has_key?(k)
+ allow = @perm[k]
+ break
+ end
+ }
+ return allow
+ end
+
+ end
+
+
+ # This is the error that gets raised when an invalid password is met
+ #
+ class InvalidPassword < RuntimeError
+ end
+
+
+ # This is the basic class for bot users: they have a username, a
+ # password, a list of netmasks to match against, and a list of
+ # permissions. A BotUser can be marked as 'transient', usually meaning
+ # it's not intended for permanent storage. Transient BotUsers have lower
+ # priority than nontransient ones for autologin purposes.
+ #
+ # To initialize a BotUser, you pass a _username_ and an optional
+ # hash of options. Currently, only two options are recognized:
+ #
+ # transient:: true or false, determines if the BotUser is transient or
+ # permanent (default is false, permanent BotUser).
+ #
+ # Transient BotUsers are initialized by prepending an
+ # asterisk (*) to the username, and appending a sanitized
+ # version of the object_id. The username can be empty.
+ # A random password is generated.
+ #
+ # Permanent Botusers need the username as is, and no
+ # password is generated.
+ #
+ # masks:: an array of Netmasks to initialize the NetmaskList. This
+ # list is used as-is for permanent BotUsers.
+ #
+ # Transient BotUsers will alter the list elements which are
+ # Irc::User by globbing the nick and any initial nonletter
+ # part of the ident.
+ #
+ # The masks option is optional for permanent BotUsers, but
+ # obligatory (non-empty) for transients.
+ #
+ class BotUser
+
+ attr_reader :username
+ attr_reader :password
+ attr_reader :netmasks
+ attr_reader :perm
+ attr_reader :perm_temp
+ attr_writer :login_by_mask
+ attr_writer :transient
+
+ def autologin=(vnew)
+ vold = @autologin
+ @autologin = vnew
+ if vold && !vnew
+ @netmasks.each { |n| Auth.manager.maskdb.remove(self, n) }
+ elsif vnew && !vold
+ @netmasks.each { |n| Auth.manager.maskdb.add(self, n) }
+ end
+ end
+
+ # Checks if the BotUser is transient
+ def transient?
+ @transient
+ end
+
+ # Checks if the BotUser is permanent (not transient)
+ def permanent?
+ !@transient
+ end
+
+ # Sets if the BotUser is permanent or not
+ def permanent=(bool)
+ @transient=!bool
+ end
+
+ # Make the BotUser permanent
+ def make_permanent(name)
+ raise TypeError, "permanent already" if permanent?
+ @username = BotUser.sanitize_username(name)
+ @transient = false
+ reset_autologin
+ reset_password # or not?
+ @netmasks.dup.each do |m|
+ delete_netmask(m)
+ add_netmask(m.generalize)
+ end
+ end
+
+ # Create a new BotUser with given username
+ def initialize(username, options={})
+ opts = {:transient => false}.merge(options)
+ @transient = opts[:transient]
+
+ if @transient
+ @username = "*"
+ @username << BotUser.sanitize_username(username) if username and not username.to_s.empty?
+ @username << BotUser.sanitize_username(object_id)
+ reset_password
+ @login_by_mask=true
+ @autologin=true
+ else
+ @username = BotUser.sanitize_username(username)
+ @password = nil
+ reset_login_by_mask
+ reset_autologin
+ end
+
+ @netmasks = NetmaskList.new
+ if opts.key?(:masks) and opts[:masks]
+ masks = opts[:masks]
+ masks = [masks] unless masks.respond_to?(:each)
+ masks.each { |m|
+ mask = m.to_irc_netmask
+ if @transient and User === m
+ mask.nick = "*"
+ mask.host = m.host.dup
+ mask.user = "*" + m.user.sub(/^\w?[^\w]+/,'')
+ end
+ add_netmask(mask) unless mask.to_s == "*"
+ }
+ end
+ raise "must provide a usable mask for transient BotUser #{@username}" if @transient and @netmasks.empty?
+
+ @perm = {}
+ @perm_temp = {}
+ end
+
+ # Inspection
+ def inspect
+ str = self.__to_s__[0..-2]
+ str << " (transient)" if @transient
+ str << ":"
+ str << " @username=#{@username.inspect}"
+ str << " @netmasks=#{@netmasks.inspect}"
+ str << " @perm=#{@perm.inspect}"
+ str << " @perm_temp=#{@perm_temp.inspect}" unless @perm_temp.empty?
+ str << " @login_by_mask=#{@login_by_mask}"
+ str << " @autologin=#{@autologin}"
+ str << ">"
+ end
+
+ # In strings
+ def to_s
+ @username
+ end
+
+ # Convert into a hash
+ def to_hash
+ {
+ :username => @username,
+ :password => @password,
+ :netmasks => @netmasks,
+ :perm => @perm,
+ :login_by_mask => @login_by_mask,
+ :autologin => @autologin,
+ }
+ end
+
+ # Do we allow logging in without providing the password?
+ #
+ def login_by_mask?
+ @login_by_mask
+ end
+
+ # Reset the login-by-mask option
+ #
+ def reset_login_by_mask
+ @login_by_mask = Auth.manager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)
+ end
+
+ # Reset the autologin option
+ #
+ def reset_autologin
+ @autologin = Auth.manager.bot.config['auth.autologin'] unless defined?(@autologin)
+ end
+
+ # Do we allow automatic logging in?
+ #
+ def autologin?
+ @autologin
+ end
+
+ # Restore from hash
+ def from_hash(h)
+ @username = h[:username] if h.has_key?(:username)
+ @password = h[:password] if h.has_key?(:password)
+ @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)
+ @autologin = h[:autologin] if h.has_key?(:autologin)
+ if h.has_key?(:netmasks)
+ @netmasks = h[:netmasks]
+ debug @netmasks
+ @netmasks.each { |n| Auth.manager.maskdb.add(self, n) } if @autologin
+ debug @netmasks
+ end
+ @perm = h[:perm] if h.has_key?(:perm)
+ end
+
+ # This method sets the password if the proposed new password
+ # is valid
+ def password=(pwd=nil)
+ pass = pwd.to_s
+ if pass.empty?
+ reset_password
+ else
+ begin
+ raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/
+ raise InvalidPassword, "#{pass} too short" if pass.length < 4
+ @password = pass
+ rescue InvalidPassword => e
+ raise e
+ rescue => e
+ raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})"
+ end
+ end
+ end
+
+ # Resets the password by creating a new onw
+ def reset_password
+ @password = Auth.random_password
+ end
+
+ # Sets the permission for command _cmd_ to _val_ on channel _chan_
+ #
+ def set_permission(cmd, val, chan="*")
+ k = chan.to_s.to_sym
+ @perm[k] = PermissionSet.new unless @perm.has_key?(k)
+ @perm[k].set_permission(cmd, val)
+ end
+
+ # Resets the permission for command _cmd_ on channel _chan_
+ #
+ def reset_permission(cmd, chan ="*")
+ set_permission(cmd, nil, chan)
+ end
+
+ # Sets the temporary permission for command _cmd_ to _val_ on channel _chan_
+ #
+ def set_temp_permission(cmd, val, chan="*")
+ k = chan.to_s.to_sym
+ @perm_temp[k] = PermissionSet.new unless @perm_temp.has_key?(k)
+ @perm_temp[k].set_permission(cmd, val)
+ end
+
+ # Resets the temporary permission for command _cmd_ on channel _chan_
+ #
+ def reset_temp_permission(cmd, chan ="*")
+ set_temp_permission(cmd, nil, chan)
+ end
+
+ # Checks if BotUser is allowed to do something on channel _chan_,
+ # or on all channels if _chan_ is nil
+ #
+ def permit?(cmd, chan=nil)
+ if chan
+ k = chan.to_s.to_sym
+ else
+ k = :*
+ end
+ allow = nil
+ pt = @perm.merge @perm_temp
+ if pt.has_key?(k)
+ allow = pt[k].permit?(cmd)
+ end
+ return allow
+ end
+
+ # Adds a Netmask
+ #
+ def add_netmask(mask)
+ m = mask.to_irc_netmask
+ @netmasks << m
+ if self.autologin?
+ Auth.manager.maskdb.add(self, m)
+ Auth.manager.logout_transients(m) if self.permanent?
+ end
+ end
+
+ # Removes a Netmask
+ #
+ def delete_netmask(mask)
+ m = mask.to_irc_netmask
+ @netmasks.delete(m)
+ Auth.manager.maskdb.remove(self, m) if self.autologin?
+ end
+
+ # Reset Netmasks, clearing @netmasks
+ #
+ def reset_netmasks
+ @netmasks.each { |m|
+ Auth.manager.maskdb.remove(self, m) if self.autologin?
+ }
+ @netmasks.clear
+ end
+
+ # This method checks if BotUser has a Netmask that matches _user_
+ #
+ def knows?(usr)
+ user = usr.to_irc_user
+ !!@netmasks.find { |n| user.matches? n }
+ end
+
+ # This method gets called when User _user_ wants to log in.
+ # It returns true or false depending on whether the password
+ # is right. If it is, the Netmask of the user is added to the
+ # list of acceptable Netmask unless it's already matched.
+ def login(user, password=nil)
+ if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))
+ add_netmask(user) unless knows?(user)
+ debug "#{user} logged in as #{self.inspect}"
+ return true
+ else
+ return false
+ end
+ end
+
+ # # This method gets called when User _user_ has logged out as this BotUser
+ # def logout(user)
+ # delete_netmask(user) if knows?(user)
+ # end
+
+ # This method sanitizes a username by chomping, downcasing
+ # and replacing any nonalphanumeric character with _
+ #
+ def BotUser.sanitize_username(name)
+ candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")
+ raise "sanitized botusername #{candidate} too short" if candidate.length < 3
+ return candidate
+ end
+
+ end
+
+ # This is the default BotUser: it's used for all users which haven't
+ # identified with the bot
+ #
+ class DefaultBotUserClass < BotUser
+
+ private :add_netmask, :delete_netmask
+
+ include Singleton
+
+ # The default BotUser is named 'everyone'
+ #
+ def initialize
+ reset_login_by_mask
+ reset_autologin
+ super("everyone")
+ @default_perm = PermissionSet.new
+ end
+
+ # This method returns without changing anything
+ #
+ def login_by_mask=(val)
+ debug "Tried to change the login-by-mask for default bot user, ignoring"
+ return @login_by_mask
+ end
+
+ # The default botuser allows logins by mask
+ #
+ def reset_login_by_mask
+ @login_by_mask = true
+ end
+
+ # This method returns without changing anything
+ #
+ def autologin=(val)
+ debug "Tried to change the autologin for default bot user, ignoring"
+ return
+ end
+
+ # The default botuser doesn't allow autologin (meaningless)
+ #
+ def reset_autologin
+ @autologin = false
+ end
+
+ # Sets the default permission for the default user (i.e. the ones
+ # set by the BotModule writers) on all channels
+ #
+ def set_default_permission(cmd, val)
+ @default_perm.set_permission(Command.new(cmd), val)
+ debug "Default permissions now: #{@default_perm.pretty_inspect}"
+ end
+
+ # default knows everybody
+ #
+ def knows?(user)
+ return true if user.to_irc_user
+ end
+
+ # We always allow logging in as the default user
+ def login(user, password)
+ return true
+ end
+
+ # DefaultBotUser will check the default_perm after checking
+ # the global ones
+ # or on all channels if _chan_ is nil
+ #
+ def permit?(cmd, chan=nil)
+ allow = super(cmd, chan)
+ if allow.nil? && chan.nil?
+ allow = @default_perm.permit?(cmd)
+ end
+ return allow
+ end
+
+ end
+
+ # Returns the only instance of DefaultBotUserClass
+ #
+ def Auth.defaultbotuser
+ return DefaultBotUserClass.instance
+ end
+
+ # This is the BotOwner: he can do everything
+ #
+ class BotOwnerClass < BotUser
+
+ include Singleton
+
+ def initialize
+ @login_by_mask = false
+ @autologin = true
+ super("owner")
+ end
+
+ def permit?(cmd, chan=nil)
+ return true
+ end
+
+ end
+
+ # Returns the only instance of BotOwnerClass
+ #
+ def Auth.botowner
+ return BotOwnerClass.instance
+ end
+
+
+ class BotUser
+ # Check if the current BotUser is the default one
+ def default?
+ return DefaultBotUserClass === self
+ end
+
+ # Check if the current BotUser is the owner
+ def owner?
+ return BotOwnerClass === self
+ end
+ end
+
+
+ # This is the ManagerClass singleton, used to manage
+ # Irc::User/Irc::Bot::Auth::BotUser connections and everything
+ #
+ class ManagerClass
+
+ include Singleton
+
+ attr_reader :maskdb
+ attr_reader :everyone
+ attr_reader :botowner
+ attr_reader :bot
+
+ # The instance manages two <code>Hash</code>es: one that maps
+ # <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps
+ # usernames onto <code>BotUser</code>
+ def initialize
+ @everyone = Auth::defaultbotuser
+ @botowner = Auth::botowner
+ bot_associate(nil)
+ end
+
+ def bot_associate(bot)
+ raise "Cannot associate with a new bot! Save first" if defined?(@has_changes) && @has_changes
+
+ reset_hashes
+
+ # Associated bot
+ @bot = bot
+
+ # This variable is set to true when there have been changes
+ # to the botusers list, so that we know when to save
+ @has_changes = false
+ end
+
+ def set_changed
+ @has_changes = true
+ end
+
+ def reset_changed
+ @has_changes = false
+ end
+
+ def changed?
+ @has_changes
+ end
+
+ # resets the hashes
+ def reset_hashes
+ @botusers = Hash.new
+ @maskdb = NetmaskDb.new
+ @allbotusers = Hash.new
+ [everyone, botowner].each do |x|
+ @allbotusers[x.username.to_sym] = x
+ end
+ end
+
+ def load_array(ary, forced)
+ unless ary
+ warning "Tried to load an empty array"
+ return
+ end
+ raise "Won't load with unsaved changes" if @has_changes and not forced
+ reset_hashes
+ ary.each { |x|
+ raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)
+ u = x[:username]
+ unless include?(u)
+ create_botuser(u)
+ end
+ get_botuser(u).from_hash(x)
+ get_botuser(u).transient = false
+ }
+ @has_changes=false
+ end
+
+ def save_array
+ @allbotusers.values.map { |x|
+ x.transient? ? nil : x.to_hash
+ }.compact
+ end
+
+ # checks if we know about a certain BotUser username
+ def include?(botusername)
+ @allbotusers.has_key?(botusername.to_sym)
+ end
+
+ # Maps <code>Irc::User</code> to BotUser
+ def irc_to_botuser(ircuser)
+ logged = @botusers[ircuser.to_irc_user]
+ return logged if logged
+ return autologin(ircuser)
+ end
+
+ # creates a new BotUser
+ def create_botuser(name, password=nil)
+ n = BotUser.sanitize_username(name)
+ k = n.to_sym
+ raise "botuser #{n} exists" if include?(k)
+ bu = BotUser.new(n)
+ bu.password = password
+ @allbotusers[k] = bu
+ return bu
+ end
+
+ # returns the botuser with name _name_
+ def get_botuser(name)
+ @allbotusers.fetch(BotUser.sanitize_username(name).to_sym)
+ end
+
+ # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_
+ #
+ # raises an error if _botusername_ is not a known BotUser username
+ #
+ # It is possible to autologin by Netmask, on request
+ #
+ def login(user, botusername, pwd=nil)
+ ircuser = user.to_irc_user
+ n = BotUser.sanitize_username(botusername)
+ k = n.to_sym
+ raise "No such BotUser #{n}" unless include?(k)
+ if @botusers.has_key?(ircuser)
+ return true if @botusers[ircuser].username == n
+ # TODO
+ # @botusers[ircuser].logout(ircuser)
+ end
+ bu = @allbotusers[k]
+ if bu.login(ircuser, pwd)
+ @botusers[ircuser] = bu
+ return true
+ end
+ return false
+ end
+
+ # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin
+ # and trying to login without a password
+ #
+ def autologin(user)
+ ircuser = user.to_irc_user
+ debug "Trying to autologin #{ircuser}"
+ return @botusers[ircuser] if @botusers.has_key?(ircuser)
+ bu = maskdb.find(ircuser)
+ if bu
+ debug "trying #{bu}"
+ bu.login(ircuser) or raise '...what?!'
+ @botusers[ircuser] = bu
+ return bu
+ end
+ # Finally, create a transient if we're set to allow it
+ if @bot.config['auth.autouser']
+ bu = create_transient_botuser(ircuser)
+ @botusers[ircuser] = bu
+ return bu
+ end
+ return everyone
+ end
+
+ # Creates a new transient BotUser associated with Irc::User _user_,
+ # automatically logging him in. Note that transient botuser creation can
+ # fail, typically if we don't have the complete user netmask (e.g. for
+ # messages coming in from a linkbot)
+ #
+ def create_transient_botuser(user)
+ ircuser = user.to_irc_user
+ bu = everyone
+ begin
+ bu = BotUser.new(ircuser, :transient => true, :masks => ircuser)
+ bu.login(ircuser)
+ rescue
+ warning "failed to create transient for #{user}"
+ error $!
+ end
+ return bu
+ end
+
+ # Logs out any Irc::User matching Irc::Netmask _m_ and logged in
+ # to a transient BotUser
+ #
+ def logout_transients(m)
+ debug "to check: #{@botusers.keys.join ' '}"
+ @botusers.keys.each do |iu|
+ debug "checking #{iu.fullform} against #{m.fullform}"
+ bu = @botusers[iu]
+ bu.transient? or next
+ iu.matches?(m) or next
+ @botusers.delete(iu).autologin = false
+ end
+ end
+
+ # Makes transient BotUser _user_ into a permanent BotUser
+ # named _name_; if _user_ is an Irc::User, act on the transient
+ # BotUser (if any) it's logged in as
+ #
+ def make_permanent(user, name)
+ buname = BotUser.sanitize_username(name)
+ # TODO merge BotUser instead?
+ raise "there's already a BotUser called #{name}" if include?(buname)
+
+ tuser = nil
+ case user
+ when String, Irc::User
+ tuser = irc_to_botuser(user)
+ when BotUser
+ tuser = user
+ else
+ raise TypeError, "sorry, don't know how to make #{user.class} into a permanent BotUser"
+ end
+ return nil unless tuser
+ raise TypeError, "#{tuser} is not transient" unless tuser.transient?
+
+ tuser.make_permanent(buname)
+ @allbotusers[tuser.username.to_sym] = tuser
+
+ return tuser
+ end
+
+ # Checks if User _user_ can do _cmd_ on _chan_.
+ #
+ # Permission are checked in this order, until a true or false
+ # is returned:
+ # * associated BotUser on _chan_
+ # * associated BotUser on all channels
+ # * everyone on _chan_
+ # * everyone on all channels
+ #
+ def permit?(user, cmdtxt, channel=nil)
+ if user.class <= BotUser
+ botuser = user
+ else
+ botuser = irc_to_botuser(user)
+ end
+ cmd = cmdtxt.to_irc_auth_command
+
+ chan = channel
+ case chan
+ when User
+ chan = "?"
+ when Channel
+ chan = chan.name
+ end
+
+ allow = nil
+
+ allow = botuser.permit?(cmd, chan) if chan
+ return allow unless allow.nil?
+ allow = botuser.permit?(cmd)
+ return allow unless allow.nil?
+
+ unless botuser == everyone
+ allow = everyone.permit?(cmd, chan) if chan
+ return allow unless allow.nil?
+ allow = everyone.permit?(cmd)
+ return allow unless allow.nil?
+ end
+
+ raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"
+ end
+
+ # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally
+ # telling if the user is authorized
+ #
+ def allow?(cmdtxt, user, chan=nil)
+ if permit?(user, cmdtxt, chan)
+ return true
+ else
+ # cmds = cmdtxt.split('::')
+ # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan
+ @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") %
+ {:user=>user, :command=>cmdtxt} if chan
+ return false
+ end
+ end
+
+ end
+
+ # Returns the only instance of ManagerClass
+ #
+ def Auth.manager
+ return ManagerClass.instance
+ end
+
+ end
+end
+
+ class User
+
+ # A convenience method to automatically found the botuser
+ # associated with the receiver
+ #
+ def botuser
+ Irc::Bot::Auth.manager.irc_to_botuser(self)
+ end
+ end
+
+end
projects / user / henk / code / ruby / rbot.git / blobdiff