* STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING
* IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
- *
- * $Id: m_sasl.c 1409 2006-05-21 14:46:17Z jilles $
*/
#include "stdinc.h"
#include "s_newconf.h"
#include "s_conf.h"
-static int m_authenticate(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
-static int me_sasl(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+static const char sasl_desc[] = "Provides SASL authentication support";
+
+static void m_authenticate(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+static void me_sasl(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
+static void me_mechlist(struct MsgBuf *, struct Client *, struct Client *, int, const char **);
static void abort_sasl(struct Client *);
static void abort_sasl_exit(hook_data_client_exit *);
static void advertise_sasl(struct Client *);
static void advertise_sasl_exit(hook_data_client_exit *);
+static unsigned int CLICAP_SASL = 0;
+static char mechlist_buf[BUFSIZE];
+
struct Message authenticate_msgtab = {
- "AUTHENTICATE", 0, 0, 0, MFLG_SLOW,
+ "AUTHENTICATE", 0, 0, 0, 0,
{{m_authenticate, 2}, {m_authenticate, 2}, mg_ignore, mg_ignore, mg_ignore, {m_authenticate, 2}}
};
struct Message sasl_msgtab = {
- "SASL", 0, 0, 0, MFLG_SLOW,
+ "SASL", 0, 0, 0, 0,
{mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_sasl, 5}, mg_ignore}
};
+struct Message mechlist_msgtab = {
+ "MECHLIST", 0, 0, 0, 0,
+ {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_mechlist, 2}, mg_ignore}
+};
mapi_clist_av1 sasl_clist[] = {
- &authenticate_msgtab, &sasl_msgtab, NULL
+ &authenticate_msgtab, &sasl_msgtab, &mechlist_msgtab, NULL
};
mapi_hfn_list_av1 sasl_hfnlist[] = {
{ "new_local_user", (hookfn) abort_sasl },
{ NULL, NULL }
};
-DECLARE_MODULE_AV1(sasl, NULL, NULL, sasl_clist, NULL, sasl_hfnlist, "$Revision: 1409 $");
+static bool
+sasl_visible(struct Client *client_p)
+{
+ struct Client *agent_p = NULL;
+
+ if (ConfigFileEntry.sasl_service)
+ agent_p = find_named_client(ConfigFileEntry.sasl_service);
+
+ return agent_p != NULL && IsService(agent_p);
+}
+
+static const char *
+sasl_data(struct Client *client_p)
+{
+ return *mechlist_buf != 0 ? mechlist_buf : NULL;
+}
+
+static struct ClientCapability capdata_sasl = {
+ .visible = sasl_visible,
+ .data = sasl_data,
+ .flags = CLICAP_FLAGS_STICKY,
+};
static int
+_modinit(void)
+{
+ memset(mechlist_buf, 0, sizeof mechlist_buf);
+ CLICAP_SASL = capability_put(cli_capindex, "sasl", &capdata_sasl);
+ return 0;
+}
+
+static void
+_moddeinit(void)
+{
+ capability_orphan(cli_capindex, "sasl");
+}
+
+DECLARE_MODULE_AV2(sasl, _modinit, _moddeinit, sasl_clist, NULL, sasl_hfnlist, NULL, NULL, sasl_desc);
+
+static void
m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
int parc, const char *parv[])
{
/* They really should use CAP for their own sake. */
if(!IsCapable(source_p, CLICAP_SASL))
- return 0;
+ return;
if (strlen(client_p->id) == 3)
{
exit_client(client_p, client_p, client_p, "Mixing client and server protocol");
- return 0;
+ return;
}
saslserv_p = find_named_client(ConfigFileEntry.sasl_service);
if (saslserv_p == NULL || !IsService(saslserv_p))
{
sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
- return 0;
+ return;
}
if(source_p->localClient->sasl_complete)
if(strlen(parv[1]) > 400)
{
sendto_one(source_p, form_str(ERR_SASLTOOLONG), me.name, EmptyString(source_p->name) ? "*" : source_p->name);
- return 0;
+ return;
}
if(!*source_p->id)
me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
source_p->host, source_p->sockhost);
- if (!strcmp(parv[1], "EXTERNAL") && source_p->certfp != NULL)
+ if (source_p->certfp != NULL)
sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s %s",
me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id,
parv[1], source_p->certfp);
me.id, agent_p->servptr->name, source_p->id, agent_p->id,
parv[1]);
source_p->localClient->sasl_out++;
-
- return 0;
}
-static int
+static void
me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
int parc, const char *parv[])
{
* Only SASL agents can answer global requests.
*/
if(strncmp(parv[2], me.id, 3))
- return 0;
+ return;
if((target_p = find_id(parv[2])) == NULL)
- return 0;
+ return;
if((agent_p = find_id(parv[1])) == NULL)
- return 0;
+ return;
if(source_p != agent_p->servptr) /* WTF?! */
- return 0;
+ return;
/* We only accept messages from SASL agents; these must have umode +S
* (so the server must be listed in a service{} block).
*/
if(!IsService(agent_p))
- return 0;
+ return;
/* Reject if someone has already answered. */
if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN))
- return 0;
+ return;
else if(!*target_p->localClient->sasl_agent)
rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN);
}
else if(*parv[3] == 'M')
sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]);
+}
- return 0;
+static void
+me_mechlist(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p,
+ int parc, const char *parv[])
+{
+ rb_strlcpy(mechlist_buf, parv[1], sizeof mechlist_buf);
}
/* If the client never finished authenticating but is