default_operstring = "is an IRC Operator";
default_adminstring = "is a Server Administrator";
servicestring = "is a Network Service";
+
+ /*
+ * Nick of the network's SASL agent. Used to check whether services are here,
+ * SASL credentials are only sent to its server. Needs to be a service.
+ *
+ * Defaults to SaslServ if unspecified.
+ */
+ sasl_service = "SaslServ";
disable_fake_channels = no;
tkline_expire_notices = no;
default_floodcount = 10;
*/
servicestring = "is a Network Service";
+ /*
+ * Nick of the network's SASL agent. Used to check whether services are here,
+ * SASL credentials are only sent to its server. Needs to be a service.
+ *
+ * Defaults to SaslServ if unspecified.
+ */
+ sasl_service = "SaslServ";
+
/* disable fake channels: disable local users joining fake versions
* of channels, eg #foo^B^B. Disables bold, mirc colour, reverse,
* underline and hard space. (ASCII 2, 3, 22, 31, 160 respectively).
char *identifyservice;
char *identifycommand;
+ char *sasl_service;
+
char *fname_userlog;
char *fname_fuserlog;
char *fname_operlog;
#include "s_serv.h"
#include "s_stats.h"
#include "string.h"
+#include "s_newconf.h"
+#include "s_conf.h"
static int mr_authenticate(struct Client *, struct Client *, int, const char **);
static int me_sasl(struct Client *, struct Client *, int, const char **);
int parc, const char *parv[])
{
struct Client *agent_p = NULL;
+ struct Client *saslserv_p = NULL;
/* They really should use CAP for their own sake. */
if(!IsCapable(source_p, CLICAP_SASL))
return 0;
}
+ saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
+ if (saslserv_p == NULL || !IsService(saslserv_p))
+ {
+ sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
+ return 0;
+ }
+
if(source_p->preClient->sasl_complete)
{
sendto_one(source_p, form_str(ERR_SASLALREADY), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
if(agent_p == NULL)
{
if (!strcmp(parv[1], "EXTERNAL") && source_p->certfp != NULL)
- sendto_server(NULL, NULL, CAP_TS6|CAP_ENCAP, NOCAPS, ":%s ENCAP * SASL %s * S %s %s", me.id,
- source_p->id, parv[1],
- source_p->certfp);
+ sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s %s", me.id, saslserv_p->servptr->name,
+ source_p->id, saslserv_p->id,
+ parv[1], source_p->certfp);
else
- sendto_server(NULL, NULL, CAP_TS6|CAP_ENCAP, NOCAPS, ":%s ENCAP * SASL %s * S %s", me.id,
- source_p->id, parv[1]);
+ sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s", me.id, saslserv_p->servptr->name,
+ source_p->id, saslserv_p->id,
+ parv[1]);
+
+ rb_strlcpy(source_p->preClient->sasl_agent, saslserv_p->id, IDLEN);
}
else
sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s", me.id, agent_p->servptr->name,
- source_p->id, agent_p->id, parv[1]);
+ source_p->id, agent_p->id,
+ parv[1]);
source_p->preClient->sasl_out++;
return 0;
{ "kline_reason", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.kline_reason },
{ "identify_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifyservice },
{ "identify_command", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.identifycommand },
+ { "sasl_service", CF_QSTRING, NULL, REALLEN, &ConfigFileEntry.sasl_service },
{ "anti_spam_exit_message_time", CF_TIME, NULL, 0, &ConfigFileEntry.anti_spam_exit_message_time },
{ "disable_fake_channels", CF_YESNO, NULL, 0, &ConfigFileEntry.disable_fake_channels },
ConfigFileEntry.default_operstring = NULL;
ConfigFileEntry.default_adminstring = NULL;
ConfigFileEntry.servicestring = NULL;
+ ConfigFileEntry.sasl_service = NULL;
ConfigFileEntry.default_umodes = UMODE_INVISIBLE;
ConfigFileEntry.failed_oper_notice = YES;
if (ConfigFileEntry.servicestring == NULL)
ConfigFileEntry.servicestring = rb_strdup("is a Network Service");
+ if (ConfigFileEntry.sasl_service == NULL)
+ ConfigFileEntry.sasl_service = rb_strdup("SaslServ");
+
/* RFC 1459 says 1 message per 2 seconds on average and bursts of
* 5 messages are acceptable, so allow at least that.
*/
ConfigFileEntry.servicestring = NULL;
rb_free(ConfigFileEntry.kline_reason);
ConfigFileEntry.kline_reason = NULL;
+ rb_free(ConfigFileEntry.sasl_service);
+ ConfigFileEntry.sasl_service = NULL;
/* clean out log */
rb_free(ConfigFileEntry.fname_userlog);