Make auth_user work with SASL and add it to the example configs.

diff --git a/doc/example.conf b/doc/example.conf
index af1e99c6b39d99a38314ae0f75ed3acee42b67a5..d9768133ec061599cb98acc0121af4f060a872ff 100755 (executable)
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -163,6 +163,15 @@ auth {
        user = "*@172.16.0.0/12";
        user = "*test@123D:B567:*";
 
+       /* auth_user: The username (authenticated via SASL or PASS) allowed
+        * to connect. You are able to put multiple auth_user lines. If people
+        * are authenticating via SASL in this way, it is recommended to comment
+        * out the password option below. You will also *NEED* to specify a user
+        * line above auth_user, this can safely be "*@*", however.
+        */
+       auth_user = "jilles";
+       auth_user = "jdhore";
+
        /* password: an optional password that is required to use this block.
         * By default this is not encrypted, specify the flag "encrypted" in
         * flags = ...; below if it is.

diff --git a/doc/reference.conf b/doc/reference.conf
index 25f07ab4125686ca569fb883af70ced2cae3d8c8..1d4848bfea7a5d865f0103461af8a1586199ee31 100755 (executable)
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -340,6 +340,15 @@ auth {
        user = "*@172.16.0.0/12";
        user = "*test@123D:B567:*";
 
+       /* auth_user: The username (authenticated via SASL or PASS) allowed
+        * to connect. You are able to put multiple auth_user lines. If people
+        * are authenticating via SASL in this way, it is recommended to comment
+        * out the password option below. You will also *NEED* to specify a user
+        * line above auth_user, this can safely be "*@*", however.
+        */
+       auth_user = "jilles";
+       auth_user = "jdhore";
+
        /* password: an optional password that is required to use this block.
         * By default this is not encrypted, specify the flag "encrypted" in
         * flags = ...; below if it is.

diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index 8cea3e86235e26e7ca4ef89a377ea2b090c9e1b8..cbc5c77964f52353c78e4c35d4ed296966dda452 100644 (file)
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -42,6 +42,7 @@
 
 static int mr_authenticate(struct Client *, struct Client *, int, const char **);
 static int me_sasl(struct Client *, struct Client *, int, const char **);
+static int server_auth_sasl(struct Client *);
 
 static void abort_sasl(struct Client *);
 static void abort_sasl_exit(hook_data_client_exit *);
@@ -161,6 +162,7 @@ me_sasl(struct Client *client_p, struct Client *source_p,
                        sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
                        target_p->preClient->sasl_complete = 1;
                        ServerStats.is_ssuc++;
+                       server_auth_sasl(target_p);
                }
                *target_p->preClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
        }
@@ -168,6 +170,27 @@ me_sasl(struct Client *client_p, struct Client *source_p,
        return 0;
 }
 
+static int server_auth_sasl(struct Client *client_p)
+{
+       char *auth_user;
+
+        if (client_p->localClient->auth_user)
+        {
+                memset(client_p->localClient->auth_user, 0,
+                       strlen(client_p->localClient->auth_user));
+                rb_free(client_p->localClient->auth_user);
+                client_p->localClient->auth_user = NULL;
+        }
+
+       auth_user = rb_strndup(client_p->user->suser, PASSWDLEN);
+
+       /* pointless check here */
+       if (auth_user)
+               client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
+
+       return 0;
+}
+
 /* If the client never finished authenticating but is
  * registering anyway, abort the exchange.
  */