|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
OP
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
Part of my script for my bot allows it to be on multiple networks, with certain people having the authority to add new networks &/or channels for the bot to run in. The problem that I've encountered is that some networks use a nick registration service. If the bot connects to a network that it isn't configured for (ie: nickname & password stored in the hash table for that network), I want a dialog to come up on my screen showing the name of the person that added the network, the network name, and (if applicable) any channels that the bot was supposed to join. It would be great if the registration information could be sent automatically, but I know that some nick registration services require a confirmation e-mail to be responded to, and I'm not sure if my bot could be configured to do that (although if it is possible, that might be something I could incorporate) The !add network & !add room codes are below. (If anyone has any suggestions as to how these could be done better, I'm listening) on op:text:!add network*:*:{
if !$3 {
var %server = $hfind(Networks,$server,0).data
if !%server {
.hinc -m Networks $network
.hadd -m Networks $+($network,.,$hget(Networks,$network)) $server
}
}
elseif !$4 { .msg $nick Usage !add network <network> <server> }
else {
var %server = $hfind(Networks,$4,0).data
if !%server {
.hinc -m Networks $3
.hadd -m Networks $+($3,.,$hget(Networks,$3)) $4
.msg $nick Network $3 with server address $4 has been added
var %i
scon -at1 if ($network == $3) inc % $+ i
if (!%i) server -mfc $4
}
}
}
on op:text:!add room*:*:{
if ($target != $chan) && !$3 {
.msg $nick Usage: !add room (network) <channel>
.msg $nick (network) is optional
}
elseif !$3 { .hadd -m $network $chan }
else {
.hadd -m $iif(!$4,$network,$3) $iif(!$4,$3,$4)
if $4 && ($3 != $network) {
var %network = $hfind(Networks,$+($3,.*),0,w)
if !%network {
.msg $nick Sorry, but I can't find $3 in my list of networks
.msg $nick Use !add network <network> <server> to add it
}
else {
var %c = 1
while $scon(%c).network {
if ($v1 == $iif(!$4,$network,$3)) {
if ($me !ison $iif(!$4,$3,$4)) {
.join $iif(!$4,$3,$4)
inc %joined
}
}
inc %c
}
if !%joined {
var %i
scon -at1 if ($network == $3) inc %i
if (!%i) server -mfc $3
}
}
}
}
}
|
|
|
|
Joined: Oct 2005
Posts: 1,741
Hoopy frood
|
Hoopy frood
Joined: Oct 2005
Posts: 1,741 |
I notice that you have several /scon.. commands in the script. I don't know if it's applicable, but you should read this post (again). Since the script uses $3, it may be possible to exploit the code. As for your questions.. It should be easy enough to make a dialog come up if the network requires registration but no nick/pass is present. Something like: on *:TEXT/NOTICE:<nick service asks for password>:?:{ if (!$hget(passwords,$network)) dialog -m info info else msg $nick $hget(passwords,$network) } -genius_at_work
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
OP
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
I've read that post a few times, but I was unable to figure out a different way of doing it. If you can come up with a more secure method of accomplishing (sp?) the same results, I'd be more than happy to put the knowledge to use.
|
|
|
|
Joined: Dec 2002
Posts: 1,245
Hoopy frood
|
Hoopy frood
Joined: Dec 2002
Posts: 1,245 |
where there is a lot of difference between scon -at1 if ($network == $3) inc %i and scon -at1 $3-
What was said was setting the command off one line scon -at1 if ($network == $3) inc %i
however if there is a Specific thing that $3 must match as it must in this case you cant have a string buried in $3 (first off) and it wouldnt match $network (secondly so in this case I dont see a security issue. However QWERTY or FOP (or others) might have something else to offer on the issue.
|
|
|
|
Joined: Oct 2005
Posts: 1,741
Hoopy frood
|
Hoopy frood
Joined: Oct 2005
Posts: 1,741 |
I'm not saying that this code is definately exploitable.. just that it could be, in theory. Maybe if $3 was something like:
!add room $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))
I think that would evaluate to: "<networkname>) echo -s pwned " .. add that to the rest of the line when it is evaluated the second time over the scon command.. if ($network == [color:red]$network) echo -s pwned) inc % $+ i[/color]
I don't know if that example would actually work.. but you get the point. FiberOptics would probably know if your code is actually exploitable.
Whether it is exploitable or not, it's probably a good habit to use multiple lines:
/scon <num> /command $3 /scon -r
-genius_at_work
|
|
|
|
Joined: Aug 2004
Posts: 7,252
Hoopy frood
|
OP
Hoopy frood
Joined: Aug 2004
Posts: 7,252 |
Using your example, that would make $3 be <networkname>) echo -s pwned and there'd be no $4, in which case the code (should) take that as a room name on the current network, so the bot would attempt to join that room...I'm not sure what would happen if you tried to join a room that doesn't have the correct configuration for a room name, specifically, not beginning with the # symbol. Anyhow, getting back to the original topic, I've got the following dialog, but I was wondering, is there a way to limit the dialog so that the same network isn't listed over & over again? Sort of like how $addtok works, as in, if the network is already in the list, it won't be added again? Here's the dialog I came up with dialog Connections {
title "Connections"
size -1 -1 190 60
option dbu
button "Cancel", 1, 5 20 20 10, cancel
button "OK", 2, 5 35 20 10, ok
button "Save", 3, 5 50 20 10, default
text "Network", 4, 5 6 25 8
combo 5, 35 5 60 50, edit drop
text "Password", 6, 100 6 25 8
edit "", 7, 125 5 50 10
}
on *:dialog:Connections:init:*:{
did -a $dname 5 $network
}
on *:dialog:Connections:sclick:5:{
if $hget(Networks,$+($did($dname,5).seltext,.,Password)) {
did -ra $dname 7 $v1
}
}
on *:dialog:Connections:sclick:2,3:{
var %network = $iif($did($dname,5).seltext,$v1,$did($dname,5))
var %password = $did($dname,7)
.hadd -m Networks $+(%network,.,Password) %password
}
Also if you have any other suggestions, please make them.
|
|
|
|
Joined: Sep 2003
Posts: 4,230
Hoopy frood
|
Hoopy frood
Joined: Sep 2003
Posts: 4,230 |
I'm not saying that this code is definately exploitable.. just that it could be, in theory. Maybe if $3 was something like:
!add room $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))
I think that would evaluate to: "<networkname>) echo -s pwned " .. add that to the rest of the line when it is evaluated the second time over the scon command.. if ($network == [color:red]$network) echo -s pwned) inc % $+ i[/color] No. Thats evaluating it 3 times. This is what i beleive would happen. (script) scon -at1 if ($network == $3) inc %i (evaluation 1) if ($network == $+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i (evaluation 2) if ( networkname == networkname) echo -s pwned )) inc %i The two italic fields well not match so %i well not be incremented From what i have looked at you need more that one $N value, however I wouldnt take that as written in stone. * im also not sure if the %i would get evaluated out to its contents, this might be a special non evaluated variable due to the procedding INC command. (i didnt check) I have found simple tricks can often get around problems, just ensure the $3 cant be evaluated. (script) scon -at1 if (~ $!+ $!network == ~ $+ $3) inc %i (evaluation 1) if (~ $+ $network == ~$+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i (evaluation 2) if ( ~networkname == ~$+($network,$chr(41),$chr(32),echo,$chr(32),-s,$chr(32),pwned,$chr(32))) inc %i By attaching something (~) to the front of the evaluated $3 it prevents the double evaluation of it
|
|
|
|
|