rbot 0.9.10 → 0.9.12

data/data/rbot/templates/salut/salut-english

@@ -0,0 +1,40 @@
+--- 
+:"generic-in": 
+- hello
+- howdy
+- hola
+- salut
+- sup
+- re
+- hey
+- hi
+- yo
+:"morning-in": 
+- good morning
+- goodmorning
+- morning
+- "'morning"
+:"afternoon-in": 
+- good afternoon
+- goodafternoon
+- afternoon
+- "'afternoon"
+:"generic-out": 
+- bye
+- cya
+- see you
+- see ya
+- g'bye
+- goodbye
+- later
+:"evening-in": 
+- good evening
+- goodevening
+- evening
+- "'evening"
+:"generic-dest":
+- all
+- people
+- everybody
+- y'all
+- bots

data/data/rbot/templates/salut/salut-french

@@ -0,0 +1,29 @@
+--- 
+:"generic-in": 
+- "'lo"
+- "'lu"
+- plop
+- "'jour"
+- bonjour
+:"morning-in": 
+- "'jour"
+:"afternoon-in": 
+- bonne journée
+- bonne journee
+- "'journée"
+- "'journee"
+:"generic-out": 
+- bye
+- cya
+- see you
+- a plus tard
+- a plus
+- "'nuit"
+- nenuit
+:"evening-in": 
+- "'soir"
+- bonsoir
+- "'nuit"
+:"generic-dest":
+- tous
+- all

data/data/rbot/templates/salut/salut-italian

@@ -0,0 +1,51 @@
+--- 
+:"generic-in": 
+- salve
+- ehila'
+- ehilà
+- ola'
+- olà
+- yo
+- ue'
+- uè
+:"morning-in": 
+- "'giorno"
+- giorno
+- buon giorno
+- buon di'
+- buon dì
+- buondì
+- buongiorno
+:"afternoon-in": 
+- "'sera"
+- buona sera
+- buonasera
+:"evening-in": 
+- "'sera"
+- buona sera
+- buonasera
+:"generic-out": 
+- a dopo
+- ci vediamo
+- adios
+- se vedemio
+- arrivederci
+- saluti
+:"morning-out":
+- buona giornata
+:"evening-out":
+- buona serata
+- buona notte
+- buonanotte
+:"generic":
+- ciao
+:"generic-dest":
+- gente
+- tutti
+- raga
+- raga'
+- ragà
+- ragazzi
+- ragazze
+- bot
+- bots

data/data/rbot/templates/salut/salut-japanese

@@ -0,0 +1,31 @@
+--- 
+:"generic-in": 
+- ハロー
+- こんにちは
+- こんにちわ
+- やあ
+:"morning-in": 
+- おはよう
+- おはようございます
+- こんにちは
+:"afternoon-in": 
+- こんにちは
+- こんにちわ
+:"generic-out": 
+- じゃあな
+- またね
+- さようなら
+- バイバイ
+- 失礼します
+- しつれい
+:"evening-in": 
+- こんばんは
+- こんばんわ
+- 今晩は
+:"generic-dest": 
+- みんな
+- 諸君
+- みなさん
+- 皆さん
+- 皆
+- 皆様

data/lib/rbot/botuser.rb

@@ -0,0 +1,940 @@
+#-- vim:sw=2:et
+#++
+# :title: User management
+#
+# rbot user management
+# Author:: Giuseppe Bilotta (giuseppe.bilotta@gmail.com)
+
+require 'singleton'
+require 'set'
+require 'rbot/maskdb'
+
+# This would be a good idea if it was failproof, but the truth
+# is that other methods can indirectly modify the hash. *sigh*
+#
+# class AuthNotifyingHash < Hash
+#   %w(clear default= delete delete_if replace invert
+#      merge! update rehash reject! replace shift []= store).each { |m|
+#     class_eval {
+#       define_method(m) { |*a|
+#         r = super(*a)
+#         Irc::Bot::Auth.manager.set_changed
+#         r
+#       }
+#     }
+#   }
+# end
+# 
+
+module Irc
+class Bot
+
+
+  # This module contains the actual Authentication stuff
+  #
+  module Auth
+
+    Config.register Config::StringValue.new( 'auth.password',
+      :default => 'rbotauth', :wizard => true,
+      :on_change => Proc.new {|bot, v| bot.auth.botowner.password = v},
+      :desc => _('Password for the bot owner'))
+    Config.register Config::BooleanValue.new( 'auth.login_by_mask',
+      :default => 'true',
+      :desc => _('Set false to prevent new botusers from logging in without a password when the user netmask is known'))
+    Config.register Config::BooleanValue.new( 'auth.autologin',
+      :default => 'true',
+      :desc => _('Set false to prevent new botusers from recognizing IRC users without a need to manually login'))
+    Config.register Config::BooleanValue.new( 'auth.autouser',
+      :default => 'false',
+      :desc => _('Set true to allow new botusers to be created automatically'))
+    # Config.register Config::IntegerValue.new( 'auth.default_level',
+    #   :default => 10, :wizard => true,
+    #   :desc => 'The default level for new/unknown users' )
+
+    # Generate a random password of length _l_
+    #
+    def Auth.random_password(l=8)
+      pwd = ""
+      l.times do
+        pwd << (rand(26) + (rand(2) == 0 ? 65 : 97) ).chr
+      end
+      return pwd
+    end
+
+
+    # An Irc::Bot::Auth::Command defines a command by its "path":
+    #
+    #   base::command::subcommand::subsubcommand::subsubsubcommand
+    #
+    class Command
+
+      attr_reader :command, :path
+
+      # A method that checks if a given _cmd_ is in a form that can be
+      # reduced into a canonical command path, and if so, returns it
+      #
+      def sanitize_command_path(cmd)
+        pre = cmd.to_s.downcase.gsub(/^\*?(?:::)?/,"").gsub(/::$/,"")
+        return pre if pre.empty?
+        return pre if pre =~ /^\S+(::\S+)*$/
+        raise TypeError, "#{cmd.inspect} is not a valid command"
+      end
+
+      # Creates a new Command from a given string; you can then access
+      # the command as a symbol with the :command method and the whole
+      # path as :path
+      #
+      #   Command.new("core::auth::save").path => [:"*", :"core", :"core::auth", :"core::auth::save"]
+      #
+      #   Command.new("core::auth::save").command => :"core::auth::save"
+      #
+      def initialize(cmd)
+        cmdpath = sanitize_command_path(cmd).split('::')
+        seq = cmdpath.inject(["*"]) { |list, cmd|
+          list << (list.length > 1 ? list.last + "::" : "") + cmd
+        }
+        @path = seq.map { |k|
+          k.to_sym
+        }
+        @command = path.last
+        debug "Created command #{@command.inspect} with path #{@path.pretty_inspect}"
+      end
+
+      # Returs self
+      def to_irc_auth_command
+        self
+      end
+
+    end
+
+  end
+
+end
+end
+
+
+class String
+
+  # Returns an Irc::Bot::Auth::Comand from the receiver
+  def to_irc_auth_command
+    Irc::Bot::Auth::Command.new(self)
+  end
+
+end
+
+
+class Symbol
+
+  # Returns an Irc::Bot::Auth::Comand from the receiver
+  def to_irc_auth_command
+    Irc::Bot::Auth::Command.new(self)
+  end
+
+end
+
+
+module Irc
+class Bot
+
+
+  module Auth
+
+
+    # This class describes a permission set
+    class PermissionSet
+
+      attr_reader :perm
+      # Create a new (empty) PermissionSet
+      #
+      def initialize
+        @perm = {}
+      end
+
+      # Inspection simply inspects the internal hash
+      def inspect
+        @perm.inspect
+      end
+
+      # Sets the permission for command _cmd_ to _val_,
+      #
+      def set_permission(str, val)
+        cmd = str.to_irc_auth_command
+        case val
+        when true, false
+          @perm[cmd.command] = val
+        when nil
+          @perm.delete(cmd.command)
+        else
+          raise TypeError, "#{val.inspect} must be true or false" unless [true,false].include?(val)
+        end
+      end
+
+      # Resets the permission for command _cmd_
+      #
+      def reset_permission(cmd)
+        set_permission(cmd, nil)
+      end
+
+      # Tells if command _cmd_ is permitted. We do this by returning
+      # the value of the deepest Command#path that matches.
+      #
+      def permit?(str)
+        cmd = str.to_irc_auth_command
+        # TODO user-configurable list of always-allowed commands,
+        # for admins that want to set permissions -* for everybody
+        return true if cmd.command == :login
+        allow = nil
+        cmd.path.reverse.each { |k|
+          if @perm.has_key?(k)
+            allow = @perm[k]
+            break
+          end
+        }
+        return allow
+      end
+
+    end
+
+
+    # This is the error that gets raised when an invalid password is met
+    #
+    class InvalidPassword < RuntimeError
+    end
+
+
+    # This is the basic class for bot users: they have a username, a
+    # password, a list of netmasks to match against, and a list of
+    # permissions. A BotUser can be marked as 'transient', usually meaning
+    # it's not intended for permanent storage. Transient BotUsers have lower
+    # priority than nontransient ones for autologin purposes.
+    #
+    # To initialize a BotUser, you pass a _username_ and an optional
+    # hash of options. Currently, only two options are recognized:
+    #
+    # transient:: true or false, determines if the BotUser is transient or
+    #             permanent (default is false, permanent BotUser).
+    #
+    #             Transient BotUsers are initialized by prepending an
+    #             asterisk (*) to the username, and appending a sanitized
+    #             version of the object_id. The username can be empty.
+    #             A random password is generated.
+    #
+    #             Permanent Botusers need the username as is, and no
+    #             password is generated.
+    #
+    # masks::     an array of Netmasks to initialize the NetmaskList. This
+    #             list is used as-is for permanent BotUsers.
+    #
+    #             Transient BotUsers will alter the list elements which are
+    #             Irc::User by globbing the nick and any initial nonletter
+    #             part of the ident.
+    #
+    #             The masks option is optional for permanent BotUsers, but
+    #             obligatory (non-empty) for transients.
+    #
+    class BotUser
+
+      attr_reader :username
+      attr_reader :password
+      attr_reader :netmasks
+      attr_reader :perm
+      attr_reader :perm_temp
+      attr_writer :login_by_mask
+      attr_writer :transient
+
+      def autologin=(vnew)
+        vold = @autologin
+        @autologin = vnew
+        if vold && !vnew
+          @netmasks.each { |n| Auth.manager.maskdb.remove(self, n) }
+        elsif vnew && !vold
+          @netmasks.each { |n| Auth.manager.maskdb.add(self, n) }
+        end
+      end
+
+      # Checks if the BotUser is transient
+      def transient?
+        @transient
+      end
+
+      # Checks if the BotUser is permanent (not transient)
+      def permanent?
+        !@transient
+      end
+
+      # Sets if the BotUser is permanent or not
+      def permanent=(bool)
+        @transient=!bool
+      end
+
+      # Make the BotUser permanent
+      def make_permanent(name)
+        raise TypeError, "permanent already" if permanent?
+        @username = BotUser.sanitize_username(name)
+        @transient = false
+        reset_autologin
+        reset_password # or not?
+        @netmasks.dup.each do |m|
+          delete_netmask(m)
+          add_netmask(m.generalize)
+        end
+      end
+
+      # Create a new BotUser with given username
+      def initialize(username, options={})
+        opts = {:transient => false}.merge(options)
+        @transient = opts[:transient]
+
+        if @transient
+          @username = "*"
+          @username << BotUser.sanitize_username(username) if username and not username.to_s.empty?
+          @username << BotUser.sanitize_username(object_id)
+          reset_password
+          @login_by_mask=true
+          @autologin=true
+        else
+          @username = BotUser.sanitize_username(username)
+          @password = nil
+          reset_login_by_mask
+          reset_autologin
+        end
+
+        @netmasks = NetmaskList.new
+        if opts.key?(:masks) and opts[:masks]
+          masks = opts[:masks]
+          masks = [masks] unless masks.respond_to?(:each)
+          masks.each { |m|
+            mask = m.to_irc_netmask
+            if @transient and User === m
+              mask.nick = "*"
+              mask.host = m.host.dup
+              mask.user = "*" + m.user.sub(/^\w?[^\w]+/,'')
+            end
+            add_netmask(mask) unless mask.to_s == "*"
+          }
+        end
+        raise "must provide a usable mask for transient BotUser #{@username}" if @transient and @netmasks.empty?
+
+        @perm = {}
+        @perm_temp = {}
+      end
+
+      # Inspection
+      def inspect
+        str = self.__to_s__[0..-2]
+        str << " (transient)" if @transient
+        str << ":"
+        str << " @username=#{@username.inspect}"
+        str << " @netmasks=#{@netmasks.inspect}"
+        str << " @perm=#{@perm.inspect}"
+        str << " @perm_temp=#{@perm_temp.inspect}" unless @perm_temp.empty?
+        str << " @login_by_mask=#{@login_by_mask}"
+        str << " @autologin=#{@autologin}"
+        str << ">"
+      end
+
+      # In strings
+      def to_s
+        @username
+      end
+
+      # Convert into a hash
+      def to_hash
+        {
+          :username => @username,
+          :password => @password,
+          :netmasks => @netmasks,
+          :perm => @perm,
+          :login_by_mask => @login_by_mask,
+          :autologin => @autologin,
+        }
+      end
+
+      # Do we allow logging in without providing the password?
+      #
+      def login_by_mask?
+        @login_by_mask
+      end
+
+      # Reset the login-by-mask option
+      #
+      def reset_login_by_mask
+        @login_by_mask = Auth.manager.bot.config['auth.login_by_mask'] unless defined?(@login_by_mask)
+      end
+
+      # Reset the autologin option
+      #
+      def reset_autologin
+        @autologin = Auth.manager.bot.config['auth.autologin'] unless defined?(@autologin)
+      end
+
+      # Do we allow automatic logging in?
+      #
+      def autologin?
+        @autologin
+      end
+
+      # Restore from hash
+      def from_hash(h)
+        @username = h[:username] if h.has_key?(:username)
+        @password = h[:password] if h.has_key?(:password)
+        @login_by_mask = h[:login_by_mask] if h.has_key?(:login_by_mask)
+        @autologin = h[:autologin] if h.has_key?(:autologin)
+        if h.has_key?(:netmasks)
+          @netmasks = h[:netmasks]
+          debug @netmasks
+          @netmasks.each { |n| Auth.manager.maskdb.add(self, n) } if @autologin
+          debug @netmasks
+        end
+        @perm = h[:perm] if h.has_key?(:perm)
+      end
+
+      # This method sets the password if the proposed new password
+      # is valid
+      def password=(pwd=nil)
+        pass = pwd.to_s
+        if pass.empty?
+          reset_password
+        else
+          begin
+            raise InvalidPassword, "#{pass} contains invalid characters" if pass !~ /^[\x21-\x7e]+$/
+            raise InvalidPassword, "#{pass} too short" if pass.length < 4
+            @password = pass
+          rescue InvalidPassword => e
+            raise e
+          rescue => e
+            raise InvalidPassword, "Exception #{e.inspect} while checking #{pass.inspect} (#{pwd.inspect})"
+          end
+        end
+      end
+
+      # Resets the password by creating a new onw
+      def reset_password
+        @password = Auth.random_password
+      end
+
+      # Sets the permission for command _cmd_ to _val_ on channel _chan_
+      #
+      def set_permission(cmd, val, chan="*")
+        k = chan.to_s.to_sym
+        @perm[k] = PermissionSet.new unless @perm.has_key?(k)
+        @perm[k].set_permission(cmd, val)
+      end
+
+      # Resets the permission for command _cmd_ on channel _chan_
+      #
+      def reset_permission(cmd, chan ="*")
+        set_permission(cmd, nil, chan)
+      end
+
+      # Sets the temporary permission for command _cmd_ to _val_ on channel _chan_
+      #
+      def set_temp_permission(cmd, val, chan="*")
+        k = chan.to_s.to_sym
+        @perm_temp[k] = PermissionSet.new unless @perm_temp.has_key?(k)
+        @perm_temp[k].set_permission(cmd, val)
+      end
+
+      # Resets the temporary permission for command _cmd_ on channel _chan_
+      #
+      def reset_temp_permission(cmd, chan ="*")
+        set_temp_permission(cmd, nil, chan)
+      end
+
+      # Checks if BotUser is allowed to do something on channel _chan_,
+      # or on all channels if _chan_ is nil
+      #
+      def permit?(cmd, chan=nil)
+        if chan
+          k = chan.to_s.to_sym
+        else
+          k = :*
+        end
+        allow = nil
+        pt = @perm.merge @perm_temp
+        if pt.has_key?(k)
+          allow = pt[k].permit?(cmd)
+        end
+        return allow
+      end
+
+      # Adds a Netmask
+      #
+      def add_netmask(mask)
+        m = mask.to_irc_netmask
+        @netmasks << m
+        if self.autologin?
+          Auth.manager.maskdb.add(self, m)
+          Auth.manager.logout_transients(m) if self.permanent?
+        end
+      end
+
+      # Removes a Netmask
+      #
+      def delete_netmask(mask)
+        m = mask.to_irc_netmask
+        @netmasks.delete(m)
+        Auth.manager.maskdb.remove(self, m) if self.autologin?
+      end
+
+      # Reset Netmasks, clearing @netmasks
+      #
+      def reset_netmasks
+        @netmasks.each { |m|
+          Auth.manager.maskdb.remove(self, m) if self.autologin?
+        }
+        @netmasks.clear
+      end
+
+      # This method checks if BotUser has a Netmask that matches _user_
+      #
+      def knows?(usr)
+        user = usr.to_irc_user
+        !!@netmasks.find { |n| user.matches? n }
+      end
+
+      # This method gets called when User _user_ wants to log in.
+      # It returns true or false depending on whether the password
+      # is right. If it is, the Netmask of the user is added to the
+      # list of acceptable Netmask unless it's already matched.
+      def login(user, password=nil)
+        if password == @password or (password.nil? and (@login_by_mask || @autologin) and knows?(user))
+          add_netmask(user) unless knows?(user)
+          debug "#{user} logged in as #{self.inspect}"
+          return true
+        else
+          return false
+        end
+      end
+
+      # # This method gets called when User _user_ has logged out as this BotUser
+      # def logout(user)
+      #   delete_netmask(user) if knows?(user)
+      # end
+
+      # This method sanitizes a username by chomping, downcasing
+      # and replacing any nonalphanumeric character with _
+      #
+      def BotUser.sanitize_username(name)
+        candidate = name.to_s.chomp.downcase.gsub(/[^a-z0-9]/,"_")
+        raise "sanitized botusername #{candidate} too short" if candidate.length < 3
+        return candidate
+      end
+
+    end
+
+    # This is the default BotUser: it's used for all users which haven't
+    # identified with the bot
+    #
+    class DefaultBotUserClass < BotUser
+
+      private :add_netmask, :delete_netmask
+
+      include Singleton
+
+      # The default BotUser is named 'everyone'
+      #
+      def initialize
+        reset_login_by_mask
+        reset_autologin
+        super("everyone")
+        @default_perm = PermissionSet.new
+      end
+
+      # This method returns without changing anything
+      #
+      def login_by_mask=(val)
+        debug "Tried to change the login-by-mask for default bot user, ignoring"
+        return @login_by_mask
+      end
+
+      # The default botuser allows logins by mask
+      #
+      def reset_login_by_mask
+        @login_by_mask = true
+      end
+
+      # This method returns without changing anything
+      #
+      def autologin=(val)
+        debug "Tried to change the autologin for default bot user, ignoring"
+        return
+      end
+
+      # The default botuser doesn't allow autologin (meaningless)
+      #
+      def reset_autologin
+        @autologin = false
+      end
+
+      # Sets the default permission for the default user (i.e. the ones
+      # set by the BotModule writers) on all channels
+      #
+      def set_default_permission(cmd, val)
+        @default_perm.set_permission(Command.new(cmd), val)
+        debug "Default permissions now: #{@default_perm.pretty_inspect}"
+      end
+
+      # default knows everybody
+      #
+      def knows?(user)
+        return true if user.to_irc_user
+      end
+
+      # We always allow logging in as the default user
+      def login(user, password)
+        return true
+      end
+
+      # DefaultBotUser will check the default_perm after checking
+      # the global ones
+      # or on all channels if _chan_ is nil
+      #
+      def permit?(cmd, chan=nil)
+        allow = super(cmd, chan)
+        if allow.nil? && chan.nil?
+          allow = @default_perm.permit?(cmd)
+        end
+        return allow
+      end
+
+    end
+
+    # Returns the only instance of DefaultBotUserClass
+    #
+    def Auth.defaultbotuser
+      return DefaultBotUserClass.instance
+    end
+
+    # This is the BotOwner: he can do everything
+    #
+    class BotOwnerClass < BotUser
+
+      include Singleton
+
+      def initialize
+        @login_by_mask = false
+        @autologin = true
+        super("owner")
+      end
+
+      def permit?(cmd, chan=nil)
+        return true
+      end
+
+    end
+
+    # Returns the only instance of BotOwnerClass
+    #
+    def Auth.botowner
+      return BotOwnerClass.instance
+    end
+
+
+    class BotUser
+      # Check if the current BotUser is the default one
+      def default?
+        return DefaultBotUserClass === self
+      end
+
+      # Check if the current BotUser is the owner
+      def owner?
+        return BotOwnerClass === self
+      end
+    end
+
+
+    # This is the ManagerClass singleton, used to manage
+    # Irc::User/Irc::Bot::Auth::BotUser connections and everything
+    #
+    class ManagerClass
+
+      include Singleton
+
+      attr_reader :maskdb
+      attr_reader :everyone
+      attr_reader :botowner
+      attr_reader :bot
+
+      # The instance manages two <code>Hash</code>es: one that maps
+      # <code>Irc::User</code>s onto <code>BotUser</code>s, and the other that maps
+      # usernames onto <code>BotUser</code>
+      def initialize
+        @everyone = Auth::defaultbotuser
+        @botowner = Auth::botowner
+        bot_associate(nil)
+      end
+
+      def bot_associate(bot)
+        raise "Cannot associate with a new bot! Save first" if defined?(@has_changes) && @has_changes
+
+        reset_hashes
+
+        # Associated bot
+        @bot = bot
+
+        # This variable is set to true when there have been changes
+        # to the botusers list, so that we know when to save
+        @has_changes = false
+      end
+
+      def set_changed
+        @has_changes = true
+      end
+
+      def reset_changed
+        @has_changes = false
+      end
+
+      def changed?
+        @has_changes
+      end
+
+      # resets the hashes
+      def reset_hashes
+        @botusers = Hash.new
+        @maskdb = NetmaskDb.new
+        @allbotusers = Hash.new
+        [everyone, botowner].each do |x|
+          @allbotusers[x.username.to_sym] = x
+        end
+      end
+
+      def load_array(ary, forced)
+        unless ary
+          warning "Tried to load an empty array"
+          return
+        end
+        raise "Won't load with unsaved changes" if @has_changes and not forced
+        reset_hashes
+        ary.each { |x|
+          raise TypeError, "#{x} should be a Hash" unless x.kind_of?(Hash)
+          u = x[:username]
+          unless include?(u)
+            create_botuser(u)
+          end
+          get_botuser(u).from_hash(x)
+          get_botuser(u).transient = false
+        }
+        @has_changes=false
+      end
+
+      def save_array
+        @allbotusers.values.map { |x|
+          x.transient? ? nil : x.to_hash
+        }.compact
+      end
+
+      # checks if we know about a certain BotUser username
+      def include?(botusername)
+        @allbotusers.has_key?(botusername.to_sym)
+      end
+
+      # Maps <code>Irc::User</code> to BotUser
+      def irc_to_botuser(ircuser)
+        logged = @botusers[ircuser.to_irc_user]
+        return logged if logged
+        return autologin(ircuser)
+      end
+
+      # creates a new BotUser
+      def create_botuser(name, password=nil)
+        n = BotUser.sanitize_username(name)
+        k = n.to_sym
+        raise "botuser #{n} exists" if include?(k)
+        bu = BotUser.new(n)
+        bu.password = password
+        @allbotusers[k] = bu
+        return bu
+      end
+
+      # returns the botuser with name _name_
+      def get_botuser(name)
+        @allbotusers.fetch(BotUser.sanitize_username(name).to_sym)
+      end
+
+      # Logs Irc::User _user_ in to BotUser _botusername_ with password _pwd_
+      #
+      # raises an error if _botusername_ is not a known BotUser username
+      #
+      # It is possible to autologin by Netmask, on request
+      #
+      def login(user, botusername, pwd=nil)
+        ircuser = user.to_irc_user
+        n = BotUser.sanitize_username(botusername)
+        k = n.to_sym
+        raise "No such BotUser #{n}" unless include?(k)
+        if @botusers.has_key?(ircuser)
+          return true if @botusers[ircuser].username == n
+          # TODO
+          # @botusers[ircuser].logout(ircuser)
+        end
+        bu = @allbotusers[k]
+        if bu.login(ircuser, pwd)
+          @botusers[ircuser] = bu
+          return true
+        end
+        return false
+      end
+
+      # Tries to auto-login Irc::User _user_ by looking at the known botusers that allow autologin
+      # and trying to login without a password
+      #
+      def autologin(user)
+        ircuser = user.to_irc_user
+        debug "Trying to autologin #{ircuser}"
+        return @botusers[ircuser] if @botusers.has_key?(ircuser)
+        bu = maskdb.find(ircuser)
+        if bu
+          debug "trying #{bu}"
+          bu.login(ircuser) or raise '...what?!'
+          @botusers[ircuser] = bu
+          return bu
+        end
+        # Finally, create a transient if we're set to allow it
+        if @bot.config['auth.autouser']
+          bu = create_transient_botuser(ircuser)
+          @botusers[ircuser] = bu
+          return bu
+        end
+        return everyone
+      end
+
+      # Creates a new transient BotUser associated with Irc::User _user_,
+      # automatically logging him in. Note that transient botuser creation can
+      # fail, typically if we don't have the complete user netmask (e.g. for
+      # messages coming in from a linkbot)
+      #
+      def create_transient_botuser(user)
+        ircuser = user.to_irc_user
+        bu = everyone
+        begin
+          bu = BotUser.new(ircuser, :transient => true, :masks => ircuser)
+          bu.login(ircuser)
+        rescue
+          warning "failed to create transient for #{user}"
+          error $!
+        end
+        return bu
+      end
+
+      # Logs out any Irc::User matching Irc::Netmask _m_ and logged in
+      # to a transient BotUser
+      #
+      def logout_transients(m)
+        debug "to check: #{@botusers.keys.join ' '}"
+        @botusers.keys.each do |iu|
+          debug "checking #{iu.fullform} against #{m.fullform}"
+          bu = @botusers[iu]
+          bu.transient? or next
+          iu.matches?(m) or next
+          @botusers.delete(iu).autologin = false
+        end
+      end
+
+      # Makes transient BotUser _user_ into a permanent BotUser
+      # named _name_; if _user_ is an Irc::User, act on the transient
+      # BotUser (if any) it's logged in as
+      #
+      def make_permanent(user, name)
+        buname = BotUser.sanitize_username(name)
+        # TODO merge BotUser instead?
+        raise "there's already a BotUser called #{name}" if include?(buname)
+
+        tuser = nil
+        case user
+        when String, Irc::User
+          tuser = irc_to_botuser(user)
+        when BotUser
+          tuser = user
+        else
+          raise TypeError, "sorry, don't know how to make #{user.class} into a permanent BotUser"
+        end
+        return nil unless tuser
+        raise TypeError, "#{tuser} is not transient" unless tuser.transient?
+
+        tuser.make_permanent(buname)
+        @allbotusers[tuser.username.to_sym] = tuser
+
+        return tuser
+      end
+
+      # Checks if User _user_ can do _cmd_ on _chan_.
+      #
+      # Permission are checked in this order, until a true or false
+      # is returned:
+      # * associated BotUser on _chan_
+      # * associated BotUser on all channels
+      # * everyone on _chan_
+      # * everyone on all channels
+      #
+      def permit?(user, cmdtxt, channel=nil)
+        if user.class <= BotUser
+          botuser = user
+        else
+          botuser = irc_to_botuser(user)
+        end
+        cmd = cmdtxt.to_irc_auth_command
+
+        chan = channel
+        case chan
+        when User
+          chan = "?"
+        when Channel
+          chan = chan.name
+        end
+
+        allow = nil
+
+        allow = botuser.permit?(cmd, chan) if chan
+        return allow unless allow.nil?
+        allow = botuser.permit?(cmd)
+        return allow unless allow.nil?
+
+        unless botuser == everyone
+          allow = everyone.permit?(cmd, chan) if chan
+          return allow unless allow.nil?
+          allow = everyone.permit?(cmd)
+          return allow unless allow.nil?
+        end
+
+        raise "Could not check permission for user #{user.inspect} to run #{cmdtxt.inspect} on #{chan.inspect}"
+      end
+
+      # Checks if command _cmd_ is allowed to User _user_ on _chan_, optionally
+      # telling if the user is authorized
+      #
+      def allow?(cmdtxt, user, chan=nil)
+        if permit?(user, cmdtxt, chan)
+          return true
+        else
+          # cmds = cmdtxt.split('::')
+          # @bot.say chan, "you don't have #{cmds.last} (#{cmds.first}) permissions here" if chan
+          @bot.say chan, _("%{user}, you don't have '%{command}' permissions here") %
+                        {:user=>user, :command=>cmdtxt} if chan
+          return false
+        end
+      end
+
+    end
+
+    # Returns the only instance of ManagerClass
+    #
+    def Auth.manager
+      return ManagerClass.instance
+    end
+
+  end
+end
+
+  class User
+
+    # A convenience method to automatically found the botuser
+    # associated with the receiver
+    #
+    def botuser
+      Irc::Bot::Auth.manager.irc_to_botuser(self)
+    end
+  end
+
+end