X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/428ca87b01ad6c0487b424ce478f775cb7d94519..c3780ae27f97a161c6bb5846947fba6605e45281:/modules/m_sasl.c diff --git a/modules/m_sasl.c b/modules/m_sasl.c index 480c11aa..23a5e313 100644 --- a/modules/m_sasl.c +++ b/modules/m_sasl.c @@ -25,8 +25,6 @@ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. - * - * $Id: m_sasl.c 1409 2006-05-21 14:46:17Z jilles $ */ #include "stdinc.h" @@ -43,8 +41,11 @@ #include "s_newconf.h" #include "s_conf.h" -static int m_authenticate(struct MsgBuf *, struct Client *, struct Client *, int, const char **); -static int me_sasl(struct MsgBuf *, struct Client *, struct Client *, int, const char **); +static const char sasl_desc[] = "Provides SASL authentication support"; + +static void m_authenticate(struct MsgBuf *, struct Client *, struct Client *, int, const char **); +static void me_sasl(struct MsgBuf *, struct Client *, struct Client *, int, const char **); +static void me_mechlist(struct MsgBuf *, struct Client *, struct Client *, int, const char **); static void abort_sasl(struct Client *); static void abort_sasl_exit(hook_data_client_exit *); @@ -52,17 +53,24 @@ static void abort_sasl_exit(hook_data_client_exit *); static void advertise_sasl(struct Client *); static void advertise_sasl_exit(hook_data_client_exit *); +static unsigned int CLICAP_SASL = 0; +static char mechlist_buf[BUFSIZE]; + struct Message authenticate_msgtab = { - "AUTHENTICATE", 0, 0, 0, MFLG_SLOW, + "AUTHENTICATE", 0, 0, 0, 0, {{m_authenticate, 2}, {m_authenticate, 2}, mg_ignore, mg_ignore, mg_ignore, {m_authenticate, 2}} }; struct Message sasl_msgtab = { - "SASL", 0, 0, 0, MFLG_SLOW, + "SASL", 0, 0, 0, 0, {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_sasl, 5}, mg_ignore} }; +struct Message mechlist_msgtab = { + "MECHLIST", 0, 0, 0, 0, + {mg_ignore, mg_ignore, mg_ignore, mg_ignore, {me_mechlist, 2}, mg_ignore} +}; mapi_clist_av1 sasl_clist[] = { - &authenticate_msgtab, &sasl_msgtab, NULL + &authenticate_msgtab, &sasl_msgtab, &mechlist_msgtab, NULL }; mapi_hfn_list_av1 sasl_hfnlist[] = { { "new_local_user", (hookfn) abort_sasl }, @@ -72,9 +80,46 @@ mapi_hfn_list_av1 sasl_hfnlist[] = { { NULL, NULL } }; -DECLARE_MODULE_AV1(sasl, NULL, NULL, sasl_clist, NULL, sasl_hfnlist, "$Revision: 1409 $"); +static bool +sasl_visible(struct Client *client_p) +{ + struct Client *agent_p = NULL; + + if (ConfigFileEntry.sasl_service) + agent_p = find_named_client(ConfigFileEntry.sasl_service); + + return agent_p != NULL && IsService(agent_p); +} + +static const char * +sasl_data(struct Client *client_p) +{ + return *mechlist_buf != 0 ? mechlist_buf : NULL; +} + +static struct ClientCapability capdata_sasl = { + .visible = sasl_visible, + .data = sasl_data, + .flags = CLICAP_FLAGS_STICKY, +}; static int +_modinit(void) +{ + memset(mechlist_buf, 0, sizeof mechlist_buf); + CLICAP_SASL = capability_put(cli_capindex, "sasl", &capdata_sasl); + return 0; +} + +static void +_moddeinit(void) +{ + capability_orphan(cli_capindex, "sasl"); +} + +DECLARE_MODULE_AV2(sasl, _modinit, _moddeinit, sasl_clist, NULL, sasl_hfnlist, NULL, NULL, sasl_desc); + +static void m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { @@ -83,19 +128,19 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client * /* They really should use CAP for their own sake. */ if(!IsCapable(source_p, CLICAP_SASL)) - return 0; + return; if (strlen(client_p->id) == 3) { exit_client(client_p, client_p, client_p, "Mixing client and server protocol"); - return 0; + return; } saslserv_p = find_named_client(ConfigFileEntry.sasl_service); if (saslserv_p == NULL || !IsService(saslserv_p)) { sendto_one(source_p, form_str(ERR_SASLABORTED), me.name, EmptyString(source_p->name) ? "*" : source_p->name); - return 0; + return; } if(source_p->localClient->sasl_complete) @@ -107,7 +152,7 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client * if(strlen(parv[1]) > 400) { sendto_one(source_p, form_str(ERR_SASLTOOLONG), me.name, EmptyString(source_p->name) ? "*" : source_p->name); - return 0; + return; } if(!*source_p->id) @@ -126,7 +171,7 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client * me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id, source_p->host, source_p->sockhost); - if (!strcmp(parv[1], "EXTERNAL") && source_p->certfp != NULL) + if (source_p->certfp != NULL) sendto_one(saslserv_p, ":%s ENCAP %s SASL %s %s S %s %s", me.id, saslserv_p->servptr->name, source_p->id, saslserv_p->id, parv[1], source_p->certfp); @@ -142,11 +187,9 @@ m_authenticate(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client * me.id, agent_p->servptr->name, source_p->id, agent_p->id, parv[1]); source_p->localClient->sasl_out++; - - return 0; } -static int +static void me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, int parc, const char *parv[]) { @@ -156,26 +199,26 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_ * Only SASL agents can answer global requests. */ if(strncmp(parv[2], me.id, 3)) - return 0; + return; if((target_p = find_id(parv[2])) == NULL) - return 0; + return; if((agent_p = find_id(parv[1])) == NULL) - return 0; + return; if(source_p != agent_p->servptr) /* WTF?! */ - return 0; + return; /* We only accept messages from SASL agents; these must have umode +S * (so the server must be listed in a service{} block). */ if(!IsService(agent_p)) - return 0; + return; /* Reject if someone has already answered. */ if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN)) - return 0; + return; else if(!*target_p->localClient->sasl_agent) rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN); @@ -194,8 +237,13 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_ } else if(*parv[3] == 'M') sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]); +} - return 0; +static void +me_mechlist(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_p, + int parc, const char *parv[]) +{ + rb_strlcpy(mechlist_buf, parv[1], sizeof mechlist_buf); } /* If the client never finished authenticating but is