X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=lib%2Frbot%2Fbotuser.rb;h=e498ce6c2cabdbef086511de386f71e10e811380;hb=c986bc82f4b856818e97e24fbf5fc11eef5f25c2;hp=6c84a93bca2461d80c56629e8eb8b4c26672aced;hpb=c9b76ddbc6ada354e0c1f14a14fcd1cdd7c1230c;p=user%2Fhenk%2Fcode%2Fruby%2Frbot.git diff --git a/lib/rbot/botuser.rb b/lib/rbot/botuser.rb index 6c84a93b..e498ce6c 100644 --- a/lib/rbot/botuser.rb +++ b/lib/rbot/botuser.rb @@ -7,191 +7,36 @@ # Copyright:: Copyright (c) 2006 Giuseppe Bilotta # License:: GPLv2 -#-- -##### -#### -### Discussion on IRC on how to implement it -## -# -# a. do we want user groups together with users? -# hmm -# let me think about it -# generally I would say: as simple as possible while keeping it as flexible as need be -# I think we can put user groups in place afterwards if we build the structure right -# prolly, yes -# so -# each plugin registers a name -# so rather than auth level we have +name -name -# yes -# much better -# the default is +name for every plugin, except when the plugin tells otherwise -# although.. -# if I only want to allow you access to one plugin -# I have lots of typing to do -# nope -# we allow things like -* -# ok -# and + has precedence -# hm no, not good either -# because we want bot -* +onething and +* -onething to work -# but then: one plugin currently can have several levels, no? -# of course -# commandedit, commanddel, commandfoo -# name.command ? -# yep -# (then you can't have dots in commands -# maybe name:command -# or name::comand -# like a namespace -# ehehehe yeah I like it :) -# tel -# brb -# usermod setcaps eean -* -# usermod setcaps eean +quiz::edit -# great -# or even -# auth eean -*, +quiz::edit -# awesome -# auth eean -*, +quiz::edit, +command, -command::del -# yes -# you know, the default should be -* -# because -# in the time between adding the user and changing auth -# it's insecure -# user could do havoc -# useradd eean, then eean does "~quit", before I change auth -# nope -# perhaps we should allow combining useradd with auth -# the default should be +* -important stuff -# ok -# how to specify channel stuff? -# for one, when you issue the command on the channel itself -# then it's channel relative -# perhaps -# or -# yes but I was thinking more about the syntax -# auth eean #rbot -quiz -# hm -# or maybe: treat channels like users: auth #rbot -quiz -# would shut up quiz in #rbot -# hm -# heh -# auth * #rbot -quiz -# not sure I'm making sense here ;) -# I think syntax should be auth [usermask] [channelmask] [modes] -# yes -# modes separated by comma? -# where channelmask is implied to be * -# no we can have it spacesplit -# great -# ok -# modes are detected by +- -# so you can do something like auth markey #rbot -quiz #amarok -chuck -# also I like "auth" a lot more than "usermod foo" -# yep -# I don't understand why the 'mod' -# we could have all auth commands start with use -# user -# user add -# user list -# user del -# yes -# user auth -# hm -# and maybe auth as a synonym for user auth -# this is also uncomfortable: usermod wants the full user mask -# you have to copy/paste it -# no -# can't you use *? -# sorry not sure -# but this shows, it's not inuitive -# I've read the docs -# but didn't know how to use it really -# markey!*@* -# that's not very intuitive -# we could use nick as a synonym for nick!*@* if it's too much for you :D -# usermod markey foo should suffice -# rememember: you're a hacker. when rbot gets many new users, they will often be noobs -# gotta make things simple to use -# but the hostmask is only needed for the user creation -# really? then forget what I said, sorry -# I think so -# ,help auth -# Auth module (User authentication) topics: setlevel, useradd, userdel, usermod, auth, levels, users, whoami, identify -# ,help usermod -# no help for topic usermod -# ,help auth usermod -# usermod => Modify s settings. Valid s are: hostmask, (+|-)hostmask, password, level (private addressing only) -# see? it's username, not nick :D -# btw, help usermod should also work -# ,help auth useradd -# useradd => Add user , you still need to set him up correctly (private addressing only) -# instead of help auth usermode -# when it's not ambiguous -# and the help for useradd is wrong -# for the website, we could make a logo contest :) the current logo looks like giblet made it in 5 minutes ;) -# ah well, for 1.0 maybe -# so a user on rbot is given by -# username, password, hostmasks, permissions -# yup -# the default permission is +* -importantstuff -# how defines importantstuff? -# you mean like core and auth? -# yes -# ok -# but we can decide about this :) -# some plugins are dangerous by default -# like command plugin -# you can do all sorts of nasty shit with it -# then command plugin will do something like: command.defaultperm("-command") -# yes, good point -# this is then added to the default permissions (user * channel *) -# when checking for auth, we go like this: -# hm -# check user * channel * -# then user name channel * -# then user * channel name -# then user name channel name -# for each of these combinations we match against * first, then against command, and then against command::subcommand -# yup -# setting or resetting it depending on wether it's + or - -# the final result gives us the permission -# implementation detail -# username and passwords are strings -# (I might rename the command plugin, the name is somewhat confusing) -# yeah -# hostmasks are hostmasks -# also I'm pondering to restrict it more: disallow access to @bot -# permissions are in the form [ [channel, {command => bool, ...}] ...] -#++ - require 'singleton' -module Irc - - # This method raises a TypeError if _user_ is not of class User - # - def Irc.error_if_not_user(user) - raise TypeError, "#{user.inspect} must be of type Irc::User and not #{user.class}" unless user.class <= User - end - # This method raises a TypeError if _chan_ is not of class Chan - # - def Irc.error_if_not_channel(chan) - raise TypeError, "#{chan.inspect} must be of type Irc::User and not #{chan.class}" unless chan.class <= Channel - end +module Irc # This module contains the actual Authentication stuff # module Auth + BotConfig.register BotConfigStringValue.new( 'auth.password', + :default => 'rbotauth', :wizard => true, + :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v}, + :desc => _('Password for the bot owner')) + BotConfig.register BotConfigBooleanValue.new( 'auth.login_by_mask', + :default => 'true', + :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known')) + BotConfig.register BotConfigBooleanValue.new( 'auth.autologin', + :default => 'true', + :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login')) + # BotConfig.register BotConfigIntegerValue.new( 'auth.default_level', + # :default => 10, :wizard => true, + # :desc => 'The default level for new/unknown users' ) + # Generate a random password of length _l_ # - def random_password(l=8) + def Auth.random_password(l=8) pwd = "" - 8.times do - pwd += (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr + l.times do + pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr end return pwd end @@ -232,20 +77,51 @@ module Irc k.to_sym } @command = path.last - debug "Created command #{@command.inspect} with path #{@path.join(', ')}" + debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}" + end + + # Returs self + def to_irc_auth_command + self end - end - # This method raises a TypeError if _user_ is not of class User - # - def Irc.error_if_not_command(cmd) - raise TypeError, "#{cmd.inspect} must be of type Irc::Auth::Command and not #{cmd.class}" unless cmd.class <= Command end + end + +end + + +class String + + # Returns an Irc::Auth::Comand from the receiver + def to_irc_auth_command + Irc::Auth::Command.new(self) + end + +end + + +class Symbol + + # Returns an Irc::Auth::Comand from the receiver + def to_irc_auth_command + Irc::Auth::Command.new(self) + end + +end + + +module Irc + + + module Auth + # This class describes a permission set class PermissionSet + attr_reader :perm # Create a new (empty) PermissionSet # def initialize @@ -259,8 +135,8 @@ module Irc # Sets the permission for command _cmd_ to _val_, # - def set_permission(cmd, val) - Irc::error_if_not_command(cmd) + def set_permission(str, val) + cmd = str.to_irc_auth_command case val when true, false @perm[cmd.command] = val @@ -280,8 +156,8 @@ module Irc # Tells if command _cmd_ is permitted. We do this by returning # the value of the deepest Command#path that matches. # - def permit?(cmd) - Irc::error_if_not_command(cmd) + def permit?(str) + cmd = str.to_irc_auth_command allow = nil cmd.path.reverse.each { |k| if @perm.has_key?(k) @@ -291,17 +167,27 @@ module Irc } return allow end + end - # This is the basic class for bot users: they have a username, a password, a - # list of netmasks to match against, and a list of permissions. + # This is the error that gets raised when an invalid password is met + # + class InvalidPassword < RuntimeError + end + + + # This is the basic class for bot users: they have a username, a password, + # a list of netmasks to match against, and a list of permissions. # class BotUser attr_reader :username attr_reader :password attr_reader :netmasks + attr_reader :perm + attr_writer :login_by_mask + attr_writer :autologin # Create a new BotUser with given username def initialize(username) @@ -309,11 +195,94 @@ module Irc @password = nil @netmasks = NetmaskList.new @perm = {} + reset_login_by_mask + reset_autologin + end + + # Inspection + def inspect + str = "<#{self.class}:#{'0x%08x' % self.object_id}:" + str << " @username=#{@username.inspect}" + str << " @netmasks=#{@netmasks.inspect}" + str << " @perm=#{@perm.inspect}" + str << " @login_by_mask=#{@login_by_mask}" + str << " @autologin=#{@autologin}" + str << ">" + end + + # In strings + def to_s + @username + end + + # Convert into a hash + def to_hash + { + :username => @username, + :password => @password, + :netmasks => @netmasks, + :perm => @perm, + :login_by_mask => @login_by_mask, + :autologin => @autologin + } + end + + # Do we allow logging in without providing the password? + # + def login_by_mask? + @login_by_mask + end + + # Reset the login-by-mask option + # + def reset_login_by_mask + @login_by_mask = Auth.authmanager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask) + end + + # Reset the autologin option + # + def reset_autologin + @autologin = Auth.authmanager.bot.config['auth.autologin'] unless defined?(@autologin) + end + + # Do we allow automatic logging in? + # + def autologin? + @autologin + end + + # Restore from hash + def from_hash(h) + @username = h[:username] if h.has_key?(:username) + @password = h[:password] if h.has_key?(:password) + @netmasks = h[:netmasks] if h.has_key?(:netmasks) + @perm = h[:perm] if h.has_key?(:perm) + @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask) + @autologin = h[:autologin] if h.has_key?(:autologin) + end + + # This method sets the password if the proposed new password + # is valid + def password=(pwd=nil) + pass = pwd.to_s + if pass.empty? + reset_password + else + begin + raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/ + raise InvalidPassword, "#{pass} too short" if pass.length < 4 + @password = pass + rescue InvalidPassword => e + raise e + rescue => e + raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})" + end + end end # Resets the password by creating a new onw def reset_password - @password = random_password + @password = Auth.random_password end # Sets the permission for command _cmd_ to _val_ on channel _chan_ @@ -321,12 +290,7 @@ module Irc def set_permission(cmd, val, chan="*") k = chan.to_s.to_sym @perm[k] = PermissionSet.new unless @perm.has_key?(k) - case cmd - when String - @perm[k].set_permission(Command.new(cmd), val) - else - @perm[k].set_permission(cmd, val) - end + @perm[k].set_permission(cmd, val) end # Resets the permission for command _cmd_ on channel _chan_ @@ -354,34 +318,26 @@ module Irc # Adds a Netmask # def add_netmask(mask) - case mask - when Netmask - @netmasks << mask - else - @netmasks << Netmask(mask) - end + @netmasks << mask.to_irc_netmask end # Removes a Netmask # def delete_netmask(mask) - case mask - when Netmask - m = mask - else - m << Netmask(mask) - end + m = mask.to_irc_netmask @netmasks.delete(m) end # Removes all Netmasks - def reset_netmask_list + # + def reset_netmasks @netmasks = NetmaskList.new end # This method checks if BotUser has a Netmask that matches _user_ - def knows?(user) - Irc::error_if_not_user(user) + # + def knows?(usr) + user = usr.to_irc_user known = false @netmasks.each { |n| if user.matches?(n) @@ -397,8 +353,9 @@ module Irc # is right. If it is, the Netmask of the user is added to the # list of acceptable Netmask unless it's already matched. def login(user, password) - if password == @password + if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user)) add_netmask(user) unless knows?(user) + debug "#{user} logged in as #{self.inspect}" return true else return false @@ -414,26 +371,11 @@ module Irc # and replacing any nonalphanumeric character with _ # def BotUser.sanitize_username(name) - return name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_") + candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_") + raise "sanitized botusername #{candidate} too short" if candidate.length < 3 + return candidate end - # This method sets the password if the proposed new password - # is valid - def password=(pwd=nil) - if pwd - begin - raise InvalidPassword, "#{pwd} contains invalid characters" if pwd !~ /^[A-Za-z0-9]+$/ - raise InvalidPassword, "#{pwd} too short" if pwd.length < 4 - @password = pwd - rescue InvalidPassword => e - raise e - rescue => e - raise InvalidPassword, "Exception #{e.inspect} while checking #{pwd}" - end - else - reset_password - end - end end @@ -441,30 +383,67 @@ module Irc # identified with the bot # class DefaultBotUserClass < BotUser + + private :add_netmask, :delete_netmask + include Singleton + + # The default BotUser is named 'everyone' + # def initialize + reset_login_by_mask + reset_autologin super("everyone") @default_perm = PermissionSet.new end - private :login, :add_netmask, :delete_netmask + + # This method returns without changing anything + # + def login_by_mask=(val) + debug "Tried to change the login-by-mask for default bot user, ignoring" + return @login_by_mask + end + + # The default botuser allows logins by mask + # + def reset_login_by_mask + @login_by_mask = true + end + + # This method returns without changing anything + # + def autologin=(val) + debug "Tried to change the autologin for default bot user, ignoring" + return + end + + # The default botuser doesn't allow autologin (meaningless) + # + def reset_autologin + @autologin = false + end # Sets the default permission for the default user (i.e. the ones # set by the BotModule writers) on all channels # def set_default_permission(cmd, val) @default_perm.set_permission(Command.new(cmd), val) - debug "Default permissions now:\n#{@default_perm.inspect}" + debug "Default permissions now: #{@default_perm.pretty_inspect}" end # default knows everybody # def knows?(user) - Irc::error_if_not_user(user) + return true if user.to_irc_user + end + + # We always allow logging in as the default user + def login(user, password) return true end # Resets the NetmaskList - def reset_netmask_list + def reset_netmasks super add_netmask("*!*@*") end @@ -480,6 +459,7 @@ module Irc end return allow end + end # Returns the only instance of DefaultBotUserClass @@ -491,14 +471,19 @@ module Irc # This is the BotOwner: he can do everything # class BotOwnerClass < BotUser + include Singleton + def initialize + @login_by_mask = false + @autologin = true super("owner") end def permit?(cmd, chan=nil) return true end + end # Returns the only instance of BotOwnerClass @@ -512,10 +497,12 @@ module Irc # everything # class AuthManagerClass + include Singleton attr_reader :everyone attr_reader :botowner + attr_reader :bot # The instance manages two Hashes: one that maps # Irc::Users onto BotUsers, and the other that maps @@ -539,6 +526,18 @@ module Irc @has_changes = false end + def set_changed + @has_changes = true + end + + def reset_changed + @has_changes = false + end + + def changed? + @has_changes + end + # resets the hashes def reset_hashes @botusers = Hash.new @@ -548,23 +547,28 @@ module Irc } end - # load botlist from userfile - def load_merge(filename=nil) - # TODO - raise NotImplementedError - @has_changes = true - end - - def load(filename=nil) + def load_array(ary, forced) + unless ary + warning "Tried to load an empty array" + return + end + raise "Won't load with unsaved changes" if @has_changes and not forced reset_hashes - load_merge(filename) + ary.each { |x| + raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash) + u = x[:username] + unless include?(u) + create_botuser(u) + end + get_botuser(u).from_hash(x) + } + @has_changes=false end - # save botlist to userfile - def save(filename=nil) - return unless @has_changes - # TODO - raise NotImplementedError + def save_array + @allbotusers.values.map { |x| + x.to_hash + } end # checks if we know about a certain BotUser username @@ -574,47 +578,65 @@ module Irc # Maps Irc::User to BotUser def irc_to_botuser(ircuser) - Irc::error_if_not_user(ircuser) - # TODO check netmasks - return @botusers[ircuser] || everyone + logged = @botusers[ircuser.to_irc_user] + return logged if logged + return autologin(ircuser) end # creates a new BotUser def create_botuser(name, password=nil) n = BotUser.sanitize_username(name) k = n.to_sym - raise "BotUser #{n} exists" if include?(k) + raise "botuser #{n} exists" if include?(k) bu = BotUser.new(n) bu.password = password @allbotusers[k] = bu + return bu end - # Logs Irc::User _ircuser_ in to BotUser _botusername_ with password _pwd_ + # returns the botuser with name _name_ + def get_botuser(name) + @allbotusers.fetch(BotUser.sanitize_username(name).to_sym) + end + + # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_ # # raises an error if _botusername_ is not a known BotUser username # # It is possible to autologin by Netmask, on request # - def login(ircuser, botusername, pwd, bymask = false) - Irc::error_if_not_user(ircuser) - n = BotUser.sanitize_username(name) + def login(user, botusername, pwd=nil) + ircuser = user.to_irc_user + n = BotUser.sanitize_username(botusername) k = n.to_sym raise "No such BotUser #{n}" unless include?(k) if @botusers.has_key?(ircuser) + return true if @botusers[ircuser].username == n # TODO # @botusers[ircuser].logout(ircuser) end bu = @allbotusers[k] - if bymask && bu.knows?(user) - @botusers[ircuser] = bu - return true - elsif bu.login(ircuser, pwd) + if bu.login(ircuser, pwd) @botusers[ircuser] = bu return true end return false end + # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin + # and trying to login without a password + # + def autologin(user) + ircuser = user.to_irc_user + debug "Trying to autlogin #{ircuser}" + return @botusers[ircuser] if @botusers.has_key?(ircuser) + @allbotusers.each { |n, bu| + debug "Checking with #{n}" + return bu if bu.autologin? and login(ircuser, n) + } + return everyone + end + # Checks if User _user_ can do _cmd_ on _chan_. # # Permission are checked in this order, until a true or false @@ -624,10 +646,15 @@ module Irc # * everyone on _chan_ # * everyone on all channels # - def permit?(user, cmdtxt, chan=nil) - botuser = irc_to_botuser(user) - cmd = Command.new(cmdtxt) + def permit?(user, cmdtxt, channel=nil) + if user.class <= BotUser + botuser = user + else + botuser = irc_to_botuser(user) + end + cmd = cmdtxt.to_irc_auth_command + chan = channel case chan when User chan = "?" @@ -652,10 +679,21 @@ module Irc raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}" end - # Checks if command _cmd_ is allowed to User _user_ on _chan_ + # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally + # telling if the user is authorized + # def allow?(cmdtxt, user, chan=nil) - permit?(user, cmdtxt, chan) + if permit?(user, cmdtxt, chan) + return true + else + # cmds = cmdtxt.split('::') + # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan + @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") % + {:user=>user, :command=>cmdtxt} if chan + return false + end end + end # Returns the only instance of AuthManagerClass @@ -663,5 +701,7 @@ module Irc def Auth.authmanager return AuthManagerClass.instance end + end + end