# License:: GPLv2\r
\r
require 'singleton'\r
+require 'set'\r
\r
-module Irc\r
-\r
- # This method raises a TypeError if _user_ is not of class User\r
- #\r
- def Irc.error_if_not_user(user)\r
- raise TypeError, "#{user.inspect} must be of type Irc::User and not #{user.class}" unless user.class <= User\r
- end\r
\r
- # This method raises a TypeError if _chan_ is not of class Chan\r
- #\r
- def Irc.error_if_not_channel(chan)\r
- raise TypeError, "#{chan.inspect} must be of type Irc::User and not #{chan.class}" unless chan.class <= Channel\r
- end\r
+module Irc\r
\r
\r
# This module contains the actual Authentication stuff\r
\r
BotConfig.register BotConfigStringValue.new( 'auth.password',\r
:default => 'rbotauth', :wizard => true,\r
- :desc => 'Password for the bot owner' )\r
+ :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v},\r
+ :desc => _('Password for the bot owner'))\r
+ BotConfig.register BotConfigBooleanValue.new( 'auth.login_by_mask',\r
+ :default => 'true',\r
+ :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known'))\r
+ BotConfig.register BotConfigBooleanValue.new( 'auth.autologin',\r
+ :default => 'true',\r
+ :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login'))\r
+ BotConfig.register BotConfigBooleanValue.new( 'auth.autouser',\r
+ :default => 'false',\r
+ :desc => _('Set true to allow new botusers to be created automatically'))\r
# BotConfig.register BotConfigIntegerValue.new( 'auth.default_level',\r
# :default => 10, :wizard => true,\r
# :desc => 'The default level for new/unknown users' )\r
\r
# Generate a random password of length _l_\r
#\r
- def random_password(l=8)\r
+ def Auth.random_password(l=8)\r
pwd = ""\r
- 8.times do\r
- pwd += (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr\r
+ l.times do\r
+ pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr\r
end\r
return pwd\r
end\r
k.to_sym\r
}\r
@command = path.last\r
- debug "Created command #{@command.inspect} with path #{@path.join(', ')}"\r
+ debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}"\r
end\r
\r
- end\r
+ # Returs self\r
+ def to_irc_auth_command\r
+ self\r
+ end\r
\r
- # This method raises a TypeError if _user_ is not of class User\r
- #\r
- def Irc.error_if_not_command(cmd)\r
- raise TypeError, "#{cmd.inspect} must be of type Irc::Auth::Command and not #{cmd.class}" unless cmd.class <= Command\r
end\r
\r
+ end\r
+\r
+end\r
+\r
+\r
+class String\r
+\r
+ # Returns an Irc::Auth::Comand from the receiver\r
+ def to_irc_auth_command\r
+ Irc::Auth::Command.new(self)\r
+ end\r
+\r
+end\r
+\r
+\r
+class Symbol\r
+\r
+ # Returns an Irc::Auth::Comand from the receiver\r
+ def to_irc_auth_command\r
+ Irc::Auth::Command.new(self)\r
+ end\r
+\r
+end\r
+\r
+\r
+module Irc\r
+\r
+\r
+ module Auth\r
+\r
\r
# This class describes a permission set\r
class PermissionSet\r
\r
+ attr_reader :perm\r
# Create a new (empty) PermissionSet\r
#\r
def initialize\r
\r
# Sets the permission for command _cmd_ to _val_,\r
#\r
- def set_permission(cmd, val)\r
- Irc::error_if_not_command(cmd)\r
+ def set_permission(str, val)\r
+ cmd = str.to_irc_auth_command\r
case val\r
when true, false\r
@perm[cmd.command] = val\r
# Tells if command _cmd_ is permitted. We do this by returning\r
# the value of the deepest Command#path that matches.\r
#\r
- def permit?(cmd)\r
- Irc::error_if_not_command(cmd)\r
+ def permit?(str)\r
+ cmd = str.to_irc_auth_command\r
allow = nil\r
cmd.path.reverse.each { |k|\r
if @perm.has_key?(k)\r
end\r
\r
\r
- # This is the basic class for bot users: they have a username, a password, a\r
- # list of netmasks to match against, and a list of permissions.\r
+ # This is the error that gets raised when an invalid password is met\r
+ #\r
+ class InvalidPassword < RuntimeError\r
+ end\r
+\r
+\r
+ # This is the basic class for bot users: they have a username, a\r
+ # password, a list of netmasks to match against, and a list of\r
+ # permissions. A BotUser can be marked as 'transient', usually meaning\r
+ # it's not intended for permanent storage. Transient BotUsers have lower\r
+ # priority than nontransient ones for autologin purposes.\r
+ #\r
+ # To initialize a BotUser, you pass a _username_ and an optional\r
+ # hash of options. Currently, only two options are recognized:\r
+ #\r
+ # transient:: true or false, determines if the BotUser is transient or\r
+ # permanent (default is false, permanent BotUser).\r
+ #\r
+ # Transient BotUsers are initialized by prepending an\r
+ # asterisk (*) to the username, and appending a sanitized\r
+ # version of the object_id. The username can be empty.\r
+ # A random password is generated.\r
+ #\r
+ # Permanent Botusers need the username as is, and no\r
+ # password is generated.\r
+ #\r
+ # masks:: an array of Netmasks to initialize the NetmaskList. This\r
+ # list is used as-is for permanent BotUsers.\r
+ #\r
+ # Transient BotUsers will alter the list elements which are\r
+ # Irc::User by globbing the nick and any initial nonletter\r
+ # part of the ident.\r
+ #\r
+ # The masks option is optional for permanent BotUsers, but\r
+ # obligatory (non-empty) for transients.\r
#\r
class BotUser\r
\r
attr_reader :username\r
attr_reader :password\r
attr_reader :netmasks\r
+ attr_reader :perm\r
+ attr_writer :login_by_mask\r
+ attr_writer :autologin\r
+ attr_writer :transient\r
+\r
+ # Checks if the BotUser is transient\r
+ def transient?\r
+ @transient\r
+ end\r
+\r
+ # Checks if the BotUser is permanent (not transient)\r
+ def permanent?\r
+ !@permanent\r
+ end\r
+\r
+ # Sets if the BotUser is permanent or not\r
+ def permanent=(bool)\r
+ @transient=!bool\r
+ end\r
\r
# Create a new BotUser with given username\r
- def initialize(username)\r
- @username = BotUser.sanitize_username(username)\r
- @password = nil\r
+ def initialize(username, options={})\r
+ opts = {:transient => false}.merge(options)\r
+ @transient = opts[:transient]\r
+\r
+ if @transient\r
+ @username = "*"\r
+ @username << BotUser.sanitize_username(username) if username and not username.to_s.empty?\r
+ @username << BotUser.sanitize_username(object_id)\r
+ reset_password\r
+ @login_by_mask=true\r
+ @autologin=true\r
+ else\r
+ @username = BotUser.sanitize_username(username)\r
+ @password = nil\r
+ reset_login_by_mask\r
+ reset_autologin\r
+ end\r
+\r
@netmasks = NetmaskList.new\r
+ if opts.key?(:masks) and opts[:masks]\r
+ masks = opts[:masks]\r
+ masks = [masks] unless masks.respond_to?(:each)\r
+ masks.each { |m|\r
+ mask = m.to_irc_netmask\r
+ if @transient and User === m\r
+ mask.nick = "*"\r
+ mask.host = m.host.dup\r
+ mask.user = "*" + m.user.sub(/^\w?[^\w]+/,'')\r
+ end\r
+ add_netmask(mask) unless mask.to_s == "*"\r
+ }\r
+ end\r
+ raise "must provide a usable mask for transient BotUser #{@username}" if @transient and @netmasks.empty?\r
+\r
@perm = {}\r
end\r
\r
# Inspection\r
def inspect\r
- str = "<#{self.class}:#{'0x%08x' % self.object_id}:"\r
+ str = "<#{self.class}:#{'0x%08x' % self.object_id}"\r
+ str << " (transient)" if @transient\r
+ str << ":"\r
str << " @username=#{@username.inspect}"\r
str << " @netmasks=#{@netmasks.inspect}"\r
str << " @perm=#{@perm.inspect}"\r
- str\r
+ str << " @login_by_mask=#{@login_by_mask}"\r
+ str << " @autologin=#{@autologin}"\r
+ str << ">"\r
+ end\r
+\r
+ # In strings\r
+ def to_s\r
+ @username\r
end\r
\r
# Convert into a hash\r
:username => @username,\r
:password => @password,\r
:netmasks => @netmasks,\r
- :perm => @perm\r
+ :perm => @perm,\r
+ :login_by_mask => @login_by_mask,\r
+ :autologin => @autologin\r
}\r
end\r
\r
+ # Do we allow logging in without providing the password?\r
+ #\r
+ def login_by_mask?\r
+ @login_by_mask\r
+ end\r
+\r
+ # Reset the login-by-mask option\r
+ #\r
+ def reset_login_by_mask\r
+ @login_by_mask = Auth.authmanager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)\r
+ end\r
+\r
+ # Reset the autologin option\r
+ #\r
+ def reset_autologin\r
+ @autologin = Auth.authmanager.bot.config['auth.autologin'] unless defined?(@autologin)\r
+ end\r
+\r
+ # Do we allow automatic logging in?\r
+ #\r
+ def autologin?\r
+ @autologin\r
+ end\r
+\r
# Restore from hash\r
def from_hash(h)\r
@username = h[:username] if h.has_key?(:username)\r
@password = h[:password] if h.has_key?(:password)\r
@netmasks = h[:netmasks] if h.has_key?(:netmasks)\r
@perm = h[:perm] if h.has_key?(:perm)\r
+ @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)\r
+ @autologin = h[:autologin] if h.has_key?(:autologin)\r
end\r
\r
# This method sets the password if the proposed new password\r
# is valid\r
def password=(pwd=nil)\r
- if pwd\r
+ pass = pwd.to_s\r
+ if pass.empty?\r
+ reset_password\r
+ else\r
begin\r
- raise InvalidPassword, "#{pwd} contains invalid characters" if pwd !~ /^[A-Za-z0-9]+$/\r
- raise InvalidPassword, "#{pwd} too short" if pwd.length < 4\r
- @password = pwd\r
+ raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/\r
+ raise InvalidPassword, "#{pass} too short" if pass.length < 4\r
+ @password = pass\r
rescue InvalidPassword => e\r
raise e\r
rescue => e\r
- raise InvalidPassword, "Exception #{e.inspect} while checking #{pwd}"\r
+ raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})"\r
end\r
- else\r
- reset_password\r
end\r
end\r
\r
# Resets the password by creating a new onw\r
def reset_password\r
- @password = random_password\r
+ @password = Auth.random_password\r
end\r
\r
# Sets the permission for command _cmd_ to _val_ on channel _chan_\r
def set_permission(cmd, val, chan="*")\r
k = chan.to_s.to_sym\r
@perm[k] = PermissionSet.new unless @perm.has_key?(k)\r
- case cmd\r
- when String\r
- @perm[k].set_permission(Command.new(cmd), val)\r
- else\r
- @perm[k].set_permission(cmd, val)\r
- end\r
+ @perm[k].set_permission(cmd, val)\r
end\r
\r
# Resets the permission for command _cmd_ on channel _chan_\r
# Adds a Netmask\r
#\r
def add_netmask(mask)\r
- case mask\r
- when Netmask\r
- @netmasks << mask\r
- else\r
- @netmasks << Netmask.new(mask)\r
- end\r
+ @netmasks << mask.to_irc_netmask\r
end\r
\r
# Removes a Netmask\r
#\r
def delete_netmask(mask)\r
- case mask\r
- when Netmask\r
- m = mask\r
- else\r
- m << Netmask.new(mask)\r
- end\r
+ m = mask.to_irc_netmask\r
@netmasks.delete(m)\r
end\r
\r
# Removes all <code>Netmask</code>s\r
- def reset_netmask_list\r
+ #\r
+ def reset_netmasks\r
@netmasks = NetmaskList.new\r
end\r
\r
# This method checks if BotUser has a Netmask that matches _user_\r
- def knows?(user)\r
- Irc::error_if_not_user(user)\r
+ #\r
+ def knows?(usr)\r
+ user = usr.to_irc_user\r
known = false\r
@netmasks.each { |n|\r
if user.matches?(n)\r
# It returns true or false depending on whether the password\r
# is right. If it is, the Netmask of the user is added to the\r
# list of acceptable Netmask unless it's already matched.\r
- def login(user, password)\r
- if password == @password\r
+ def login(user, password=nil)\r
+ if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))\r
add_netmask(user) unless knows?(user)\r
debug "#{user} logged in as #{self.inspect}"\r
return true\r
# and replacing any nonalphanumeric character with _\r
#\r
def BotUser.sanitize_username(name)\r
- return name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")\r
+ candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")\r
+ raise "sanitized botusername #{candidate} too short" if candidate.length < 3\r
+ return candidate\r
end\r
\r
end\r
\r
-\r
# This is the default BotUser: it's used for all users which haven't\r
# identified with the bot\r
#\r
class DefaultBotUserClass < BotUser\r
\r
- private :login, :add_netmask, :delete_netmask\r
+ private :add_netmask, :delete_netmask\r
\r
include Singleton\r
\r
+ # The default BotUser is named 'everyone'\r
+ #\r
def initialize\r
+ reset_login_by_mask\r
+ reset_autologin\r
super("everyone")\r
@default_perm = PermissionSet.new\r
end\r
\r
+ # This method returns without changing anything\r
+ #\r
+ def login_by_mask=(val)\r
+ debug "Tried to change the login-by-mask for default bot user, ignoring"\r
+ return @login_by_mask\r
+ end\r
+\r
+ # The default botuser allows logins by mask\r
+ #\r
+ def reset_login_by_mask\r
+ @login_by_mask = true\r
+ end\r
+\r
+ # This method returns without changing anything\r
+ #\r
+ def autologin=(val)\r
+ debug "Tried to change the autologin for default bot user, ignoring"\r
+ return\r
+ end\r
+\r
+ # The default botuser doesn't allow autologin (meaningless)\r
+ #\r
+ def reset_autologin\r
+ @autologin = false\r
+ end\r
+\r
# Sets the default permission for the default user (i.e. the ones\r
# set by the BotModule writers) on all channels\r
#\r
def set_default_permission(cmd, val)\r
@default_perm.set_permission(Command.new(cmd), val)\r
- debug "Default permissions now:\n#{@default_perm.inspect}"\r
+ debug "Default permissions now: #{@default_perm.pretty_inspect}"\r
end\r
\r
# default knows everybody\r
#\r
def knows?(user)\r
- Irc::error_if_not_user(user)\r
+ return true if user.to_irc_user\r
+ end\r
+\r
+ # We always allow logging in as the default user\r
+ def login(user, password)\r
return true\r
end\r
\r
# Resets the NetmaskList\r
- def reset_netmask_list\r
+ def reset_netmasks\r
super\r
add_netmask("*!*@*")\r
end\r
include Singleton\r
\r
def initialize\r
+ @login_by_mask = false\r
+ @autologin = true\r
super("owner")\r
end\r
\r
\r
attr_reader :everyone\r
attr_reader :botowner\r
+ attr_reader :bot\r
\r
# The instance manages two <code>Hash</code>es: one that maps\r
# <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps\r
[everyone, botowner].each { |x|\r
@allbotusers[x.username.to_sym] = x\r
}\r
+ @transients = Set.new\r
end\r
\r
def load_array(ary, forced)\r
+ unless ary\r
+ warning "Tried to load an empty array"\r
+ return\r
+ end\r
raise "Won't load with unsaved changes" if @has_changes and not forced\r
reset_hashes\r
ary.each { |x|\r
- raise TypeError, "#{x} should be a Hash" unless x.class <= Hash\r
+ raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)\r
u = x[:username]\r
unless include?(u)\r
create_botuser(u)\r
end\r
get_botuser(u).from_hash(x)\r
+ get_botuser(u).transient = false\r
}\r
@has_changes=false\r
end\r
\r
def save_array\r
@allbotusers.values.map { |x|\r
- x.to_hash\r
- }\r
+ x.transient? ? nil : x.to_hash\r
+ }.compact\r
end\r
\r
# checks if we know about a certain BotUser username\r
\r
# Maps <code>Irc::User</code> to BotUser\r
def irc_to_botuser(ircuser)\r
- Irc::error_if_not_user(ircuser)\r
- # TODO check netmasks\r
- return @botusers[ircuser] || everyone\r
+ logged = @botusers[ircuser.to_irc_user]\r
+ return logged if logged\r
+ return autologin(ircuser)\r
end\r
\r
# creates a new BotUser\r
def create_botuser(name, password=nil)\r
n = BotUser.sanitize_username(name)\r
k = n.to_sym\r
- raise "BotUser #{n} exists" if include?(k)\r
+ raise "botuser #{n} exists" if include?(k)\r
bu = BotUser.new(n)\r
bu.password = password\r
@allbotusers[k] = bu\r
+ return bu\r
end\r
\r
# returns the botuser with name _name_\r
@allbotusers.fetch(BotUser.sanitize_username(name).to_sym)\r
end\r
\r
- # Logs Irc::User _ircuser_ in to BotUser _botusername_ with password _pwd_\r
+ # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_\r
#\r
# raises an error if _botusername_ is not a known BotUser username\r
#\r
# It is possible to autologin by Netmask, on request\r
#\r
- def login(ircuser, botusername, pwd, bymask = false)\r
- Irc::error_if_not_user(ircuser)\r
+ def login(user, botusername, pwd=nil)\r
+ ircuser = user.to_irc_user\r
n = BotUser.sanitize_username(botusername)\r
k = n.to_sym\r
raise "No such BotUser #{n}" unless include?(k)\r
if @botusers.has_key?(ircuser)\r
+ return true if @botusers[ircuser].username == n\r
# TODO\r
# @botusers[ircuser].logout(ircuser)\r
end\r
bu = @allbotusers[k]\r
- if bymask && bu.knows?(ircuser)\r
- @botusers[ircuser] = bu\r
- return true\r
- elsif bu.login(ircuser, pwd)\r
+ if bu.login(ircuser, pwd)\r
@botusers[ircuser] = bu\r
return true\r
end\r
return false\r
end\r
\r
+ # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin\r
+ # and trying to login without a password\r
+ #\r
+ def autologin(user)\r
+ ircuser = user.to_irc_user\r
+ debug "Trying to autologin #{ircuser}"\r
+ return @botusers[ircuser] if @botusers.has_key?(ircuser)\r
+ @allbotusers.each { |n, bu|\r
+ debug "Checking with #{n}"\r
+ return bu if bu.autologin? and login(ircuser, n)\r
+ }\r
+ # Check with transient users\r
+ @transients.each { |bu|\r
+ return bu if bu.login(ircuser)\r
+ }\r
+ # Finally, create a transient if we're set to allow it\r
+ if @bot.config['auth.autouser']\r
+ bu = create_transient_botuser(ircuser)\r
+ return bu\r
+ end\r
+ return everyone\r
+ end\r
+\r
+ # Creates a new transient BotUser associated with Irc::User _user_,\r
+ # automatically logging him in\r
+ #\r
+ def create_transient_botuser(user)\r
+ ircuser = user.to_irc_user\r
+ bu = BotUser.new(ircuser, :transient => true, :masks => ircuser)\r
+ bu.login(ircuser)\r
+ @transients << bu\r
+ return bu\r
+ end\r
+\r
# Checks if User _user_ can do _cmd_ on _chan_.\r
#\r
# Permission are checked in this order, until a true or false\r
# * everyone on _chan_\r
# * everyone on all channels\r
#\r
- def permit?(user, cmdtxt, chan=nil)\r
- botuser = irc_to_botuser(user)\r
- cmd = Command.new(cmdtxt)\r
+ def permit?(user, cmdtxt, channel=nil)\r
+ if user.class <= BotUser\r
+ botuser = user\r
+ else\r
+ botuser = irc_to_botuser(user)\r
+ end\r
+ cmd = cmdtxt.to_irc_auth_command\r
\r
+ chan = channel\r
case chan\r
when User\r
chan = "?"\r
raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"\r
end\r
\r
- # Checks if command _cmd_ is allowed to User _user_ on _chan_\r
+ # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally\r
+ # telling if the user is authorized\r
+ #\r
def allow?(cmdtxt, user, chan=nil)\r
- permit?(user, cmdtxt, chan)\r
+ if permit?(user, cmdtxt, chan)\r
+ return true\r
+ else\r
+ # cmds = cmdtxt.split('::')\r
+ # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan\r
+ @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") %\r
+ {:user=>user, :command=>cmdtxt} if chan\r
+ return false\r
+ end\r
end\r
\r
end\r