]> jfr.im git - solanum.git/blob - modules/m_sasl.c
projects / solanum.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
core/m_kick: Add AV2 description
[solanum.git] / modules / m_sasl.c
1 /* modules/m_sasl.c
2 * Copyright (C) 2006 Michael Tharp <gxti@partiallystapled.com>
3 * Copyright (C) 2006 charybdis development team
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions are
7 * met:
8 *
9 * 1.Redistributions of source code must retain the above copyright notice,
10 * this list of conditions and the following disclaimer.
11 * 2.Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 * 3.The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
16 *
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
18 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
19 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
20 * DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT,
21 * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
22 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
23 * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
25 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
26 * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
27 * POSSIBILITY OF SUCH DAMAGE.
28 */
29
30 #include "stdinc.h"
31
32 #include "client.h"
33 #include "hash.h"
34 #include "send.h"
35 #include "msg.h"
36 #include "modules.h"
37 #include "numeric.h"
38 #include "s_serv.h"
39 #include "s_stats.h"
40 #include "string.h"
41 #include "s_newconf.h"
42 #include "s_conf.h"
43
44 static int m_authenticate(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
45 static int me_sasl(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
46 static int me_mechlist(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
47
48 static void abort_sasl(struct Client *);
49 static void abort_sasl_exit(hook_data_client_exit *);
50
51 static void advertise_sasl(struct Client *);
52 static void advertise_sasl_exit(hook_data_client_exit *);
53
54 static unsigned int CLICAP_SASL = 0;
55 static char mechlist_buf[BUFSIZE];
56
57 struct Message authenticate_msgtab = {
58 "AUTHENTICATE", 0, 0, 0, 0,
59 {{m_authenticate, 2}, {m_authenticate, 2}, mg_ignore, mg_ignore, mg_ignore, {m_authenticate, 2}}
60 };
61 struct Message sasl_msgtab = {
62 "SASL", 0, 0, 0, 0,
63 {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_sasl, 5}, mg_ignore}
64 };
65 struct Message mechlist_msgtab = {
66 "MECHLIST", 0, 0, 0, 0,
67 {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_mechlist, 2}, mg_ignore}
68 };
69
70 mapi_clist_av1 sasl_clist[] = {
71 &authenticate_msgtab, &sasl_msgtab, &mechlist_msgtab, NULL
72 };
73 mapi_hfn_list_av1 sasl_hfnlist[] = {
74 { "new_local_user", (hookfn) abort_sasl },
75 { "client_exit", (hookfn) abort_sasl_exit },
76 { "new_remote_user", (hookfn) advertise_sasl },
77 { "client_exit", (hookfn) advertise_sasl_exit },
78 { NULL, NULL }
79 };
80
81 static int
82 sasl_visible(struct Client *client_p)
83 {
84 struct Client *agent_p = NULL;
85
86 if (ConfigFileEntry.sasl_service)
87 agent_p = find_named_client(ConfigFileEntry.sasl_service);
88
89 return agent_p != NULL && IsService(agent_p);
90 }
91
92 static const char *
93 sasl_data(struct Client *client_p)
94 {
95 return *mechlist_buf != 0 ? mechlist_buf : NULL;
96 }
97
98 static struct ClientCapability capdata_sasl = {
99 .visible = sasl_visible,
100 .data = sasl_data,
101 .flags = CLICAP_FLAGS_STICKY,
102 };
103
104 static int
105 _modinit(void)
106 {
107 memset(mechlist_buf, 0, sizeof mechlist_buf);
108 CLICAP_SASL = capability_put(cli_capindex, "sasl", &capdata_sasl);
109 return 0;
110 }
111
112 static void
113 _moddeinit(void)
114 {
115 capability_orphan(cli_capindex, "sasl");
116 }
117
118 DECLARE_MODULE_AV2(sasl, _modinit, _moddeinit, sasl_clist, NULL, sasl_hfnlist, NULL, NULL, NULL);
119
120 static int
121 m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
122 int parc, const char *parv[])
123 {
124 struct Client *agent_p = NULL;
125 struct Client *saslserv_p = NULL;
126
127 /* They really should use CAP for their own sake. */
128 if(!IsCapable(source_p, CLICAP_SASL))
129 return 0;
130
131 if (strlen(client_p->id) == 3)
132 {
133 exit_client(client_p, client_p, client_p, "Mixing client and server protocol");
134 return 0;
135 }
136
137 saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
138 if (saslserv_p == NULL || !IsService(saslserv_p))
139 {
140 sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
141 return 0;
142 }
143
144 if(source_p->localClient->sasl_complete)
145 {
146 *source_p->localClient->sasl_agent = '\0';
147 source_p->localClient->sasl_complete = 0;
148 }
149
150 if(strlen(parv[1]) > 400)
151 {
152 sendto_one(source_p, form_str(ERR_SASLTOOLONG), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
153 return 0;
154 }
155
156 if(!*source_p->id)
157 {
158 /* Allocate a UID. */
159 strcpy(source_p->id, generate_uid());
160 add_to_id_hash(source_p->id, source_p);
161 }
162
163 if(*source_p->localClient->sasl_agent)
164 agent_p = find_id(source_p->localClient->sasl_agent);
165
166 if(agent_p == NULL)
167 {
168 sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s H %s %s",
169 me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
170 source_p->host, source_p->sockhost);
171
172 if (source_p->certfp != NULL)
173 sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s %s",
174 me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
175 parv[1], source_p->certfp);
176 else
177 sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s",
178 me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
179 parv[1]);
180
181 rb_strlcpy(source_p->localClient->sasl_agent, saslserv_p->id, IDLEN);
182 }
183 else
184 sendto_one(agent_p, ":%s ENCAP %s SASL %s %s C %s",
185 me.id, agent_p->servptr->name, source_p->id, agent_p->id,
186 parv[1]);
187 source_p->localClient->sasl_out++;
188
189 return 0;
190 }
191
192 static int
193 me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
194 int parc, const char *parv[])
195 {
196 struct Client *target_p, *agent_p;
197
198 /* Let propagate if not addressed to us, or if broadcast.
199 * Only SASL agents can answer global requests.
200 */
201 if(strncmp(parv[2], me.id, 3))
202 return 0;
203
204 if((target_p = find_id(parv[2])) == NULL)
205 return 0;
206
207 if((agent_p = find_id(parv[1])) == NULL)
208 return 0;
209
210 if(source_p != agent_p->servptr) /* WTF?! */
211 return 0;
212
213 /* We only accept messages from SASL agents; these must have umode +S
214 * (so the server must be listed in a service{} block).
215 */
216 if(!IsService(agent_p))
217 return 0;
218
219 /* Reject if someone has already answered. */
220 if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN))
221 return 0;
222 else if(!*target_p->localClient->sasl_agent)
223 rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN);
224
225 if(*parv[3] == 'C')
226 sendto_one(target_p, "AUTHENTICATE %s", parv[4]);
227 else if(*parv[3] == 'D')
228 {
229 if(*parv[4] == 'F')
230 sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
231 else if(*parv[4] == 'S') {
232 sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
233 target_p->localClient->sasl_complete = 1;
234 ServerStats.is_ssuc++;
235 }
236 *target_p->localClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
237 }
238 else if(*parv[3] == 'M')
239 sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]);
240
241 return 0;
242 }
243
244 static int
245 me_mechlist(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
246 int parc, const char *parv[])
247 {
248 rb_strlcpy(mechlist_buf, parv[1], sizeof mechlist_buf);
249
250 return 0;
251 }
252
253 /* If the client never finished authenticating but is
254 * registering anyway, abort the exchange.
255 */
256 static void
257 abort_sasl(struct Client *data)
258 {
259 if(data->localClient->sasl_out == 0 || data->localClient->sasl_complete)
260 return;
261
262 data->localClient->sasl_out = data->localClient->sasl_complete = 0;
263 ServerStats.is_sbad++;
264
265 if(!IsClosing(data))
266 sendto_one(data, form_str(ERR_SASLABORTED), me.name, EmptyString(data->name) ? "*" : data->name);
267
268 if(*data->localClient->sasl_agent)
269 {
270 struct Client *agent_p = find_id(data->localClient->sasl_agent);
271 if(agent_p)
272 {
273 sendto_one(agent_p, ":%s ENCAP %s SASL %s %s D A", me.id, agent_p->servptr->name,
274 data->id, agent_p->id);
275 return;
276 }
277 }
278
279 sendto_server(NULL, NULL, CAP_TS6|CAP_ENCAP, NOCAPS, ":%s ENCAP * SASL %s * D A", me.id,
280 data->id);
281 }
282
283 static void
284 abort_sasl_exit(hook_data_client_exit *data)
285 {
286 if (data->target->localClient)
287 abort_sasl(data->target);
288 }
289
290 static void
291 advertise_sasl(struct Client *client_p)
292 {
293 if (!ConfigFileEntry.sasl_service)
294 return;
295
296 if (irccmp(client_p->name, ConfigFileEntry.sasl_service))
297 return;
298
299 sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * NEW :sasl", me.name);
300 }
301
302 static void
303 advertise_sasl_exit(hook_data_client_exit *data)
304 {
305 if (!ConfigFileEntry.sasl_service)
306 return;
307
308 if (irccmp(data->target->name, ConfigFileEntry.sasl_service))
309 return;
310
311 sendto_local_clients_with_capability(CLICAP_CAP_NOTIFY, ":%s CAP * DEL :sasl", me.name);
312 }
Fork of solanum ircd, history is rebased regularly