summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-18 21:23:00 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-18 21:23:00 +0000
commit8cb1935360087b4e38802b837981e5f41e9b87d7 (patch)
tree687d0c37e28a12d9052828e77fe0a8a5c08a8e11
parent46e56dedd37abe33af4e8b970d5b83729dc1ef05 (diff)
Allow SASL messages to be targeted at the services server
<sasl target="services.example.net"> will avoid broadcasting all authentication messages across the network, which improves security. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12494 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r--include/protocol.h3
-rw-r--r--src/modules/m_sasl.cpp33
-rw-r--r--src/modules/m_spanningtree/protocolinterface.cpp9
-rw-r--r--src/modules/m_spanningtree/protocolinterface.h2
-rw-r--r--src/modules/m_spanningtree/utils.cpp12
-rw-r--r--src/modules/m_spanningtree/utils.h12
-rw-r--r--src/modules/sasl.h28
7 files changed, 77 insertions, 22 deletions
diff --git a/include/protocol.h b/include/protocol.h
index 7f987964f..03ede7ca8 100644
--- a/include/protocol.h
+++ b/include/protocol.h
@@ -44,8 +44,9 @@ class ProtocolInterface
* @param encap This is a list of string parameters, the first of which must be a server ID or glob matching servernames.
* The second must be a subcommand. All subsequent parameters are dependant on the subcommand.
* ENCAP (should) be used instead of creating new protocol messages for easier third party application support.
+ * @return True if the message was sent out (target exists)
*/
- virtual void SendEncapsulatedData(parameterlist &encap) { }
+ virtual bool SendEncapsulatedData(const parameterlist &encap) { return false; }
/** Send metadata for an object to other linked servers.
* @param target The object to send metadata for.
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 8f48d1da9..72d547c7c 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -14,12 +14,23 @@
#include "inspircd.h"
#include "m_cap.h"
#include "account.h"
+#include "sasl.h"
/* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE };
enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT };
+static std::string sasl_target = "*";
+
+static void SendSASL(const parameterlist& params)
+{
+ if (!ServerInstance->PI->SendEncapsulatedData(params))
+ {
+ SASLFallback(NULL, params);
+ }
+}
+
/**
* Tracks SASL authentication state like charybdis does. --nenolod
*/
@@ -37,14 +48,14 @@ class SaslAuthenticator
: user(user_), state(SASL_INIT), state_announced(false)
{
parameterlist params;
- params.push_back("*");
+ params.push_back(sasl_target);
params.push_back("SASL");
params.push_back(user->uuid);
params.push_back("*");
params.push_back("S");
params.push_back(method);
- ServerInstance->PI->SendEncapsulatedData(params);
+ SendSASL(params);
}
SaslResult GetSaslResult(const std::string &result_)
@@ -103,7 +114,7 @@ class SaslAuthenticator
return true;
parameterlist params;
- params.push_back("*");
+ params.push_back(sasl_target);
params.push_back("SASL");
params.push_back(this->user->uuid);
params.push_back(this->agent);
@@ -111,7 +122,7 @@ class SaslAuthenticator
params.insert(params.end(), parameters.begin(), parameters.end());
- ServerInstance->PI->SendEncapsulatedData(params);
+ SendSASL(params);
if (parameters[0][0] == '*')
{
@@ -225,8 +236,13 @@ class ModuleSASL : public Module
ModuleSASL()
: authExt("sasl_auth", this), cap(this, "sasl"), auth(this, authExt, cap), sasl(this, authExt)
{
- Implementation eventlist[] = { I_OnEvent, I_OnUserRegister };
- ServerInstance->Modules->Attach(eventlist, this, 2);
+ }
+
+ void init()
+ {
+ OnRehash(NULL);
+ Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash };
+ ServerInstance->Modules->Attach(eventlist, this, 3);
ServiceProvider* providelist[] = { &auth, &sasl, &authExt };
ServerInstance->Modules->AddServices(providelist, 3);
@@ -235,6 +251,11 @@ class ModuleSASL : public Module
ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!");
}
+ void OnRehash(User*)
+ {
+ sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*");
+ }
+
ModResult OnUserRegister(LocalUser *user)
{
SaslAuthenticator *sasl_ = authExt.get(user);
diff --git a/src/modules/m_spanningtree/protocolinterface.cpp b/src/modules/m_spanningtree/protocolinterface.cpp
index 843361e9e..7434400a0 100644
--- a/src/modules/m_spanningtree/protocolinterface.cpp
+++ b/src/modules/m_spanningtree/protocolinterface.cpp
@@ -26,9 +26,14 @@ void SpanningTreeProtocolInterface::GetServerList(ProtoServerList &sl)
}
}
-void SpanningTreeProtocolInterface::SendEncapsulatedData(parameterlist &encap)
+bool SpanningTreeProtocolInterface::SendEncapsulatedData(const parameterlist &encap)
{
- Utils->DoOneToMany(ServerInstance->Config->GetSID(), "ENCAP", encap);
+ if (encap[0].find('*') != std::string::npos)
+ {
+ Utils->DoOneToMany(ServerInstance->Config->GetSID(), "ENCAP", encap);
+ return true;
+ }
+ return Utils->DoOneToOne(ServerInstance->Config->GetSID(), "ENCAP", encap, encap[0]);
}
void SpanningTreeProtocolInterface::SendMetaData(Extensible* target, const std::string &key, const std::string &data)
diff --git a/src/modules/m_spanningtree/protocolinterface.h b/src/modules/m_spanningtree/protocolinterface.h
index 9ba9f2d2f..762946901 100644
--- a/src/modules/m_spanningtree/protocolinterface.h
+++ b/src/modules/m_spanningtree/protocolinterface.h
@@ -13,7 +13,7 @@ class SpanningTreeProtocolInterface : public ProtocolInterface
SpanningTreeProtocolInterface(ModuleSpanningTree* mod, SpanningTreeUtilities* util) : Utils(util), Module(mod) { }
virtual ~SpanningTreeProtocolInterface() { }
- virtual void SendEncapsulatedData(parameterlist &encap);
+ virtual bool SendEncapsulatedData(const parameterlist &encap);
virtual void SendMetaData(Extensible* target, const std::string &key, const std::string &data);
virtual void SendTopic(Channel* channel, std::string &topic);
virtual void SendMode(const std::string &target, const parameterlist &modedata, const std::vector<TranslateType> &types);
diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp
index 81fb0ecde..2271bf374 100644
--- a/src/modules/m_spanningtree/utils.cpp
+++ b/src/modules/m_spanningtree/utils.cpp
@@ -199,7 +199,7 @@ void SpanningTreeUtilities::GetListOfServersForChannel(Channel* c, TreeServerLis
return;
}
-bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, parameterlist &params)
+bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, const parameterlist &params)
{
TreeServer* omitroute = this->BestRouteTo(omit);
unsigned int items =this->TreeRoot->ChildCount();
@@ -216,7 +216,7 @@ bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, cons
return true;
}
-bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const std::string &command, parameterlist &params, std::string omit)
+bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const std::string &command, const parameterlist &params, std::string omit)
{
TreeServer* omitroute = this->BestRouteTo(omit);
std::string FullLine = ":" + prefix + " " + command;
@@ -243,7 +243,7 @@ bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const
return true;
}
-bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::string &command, parameterlist &params)
+bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::string &command, const parameterlist &params)
{
std::string FullLine = ":" + prefix + " " + command;
unsigned int words = params.size();
@@ -265,21 +265,21 @@ bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::st
return true;
}
-bool SpanningTreeUtilities::DoOneToMany(const char* prefix, const char* command, parameterlist &params)
+bool SpanningTreeUtilities::DoOneToMany(const char* prefix, const char* command, const parameterlist &params)
{
std::string spfx = prefix;
std::string scmd = command;
return this->DoOneToMany(spfx, scmd, params);
}
-bool SpanningTreeUtilities::DoOneToAllButSender(const char* prefix, const char* command, parameterlist &params, std::string omit)
+bool SpanningTreeUtilities::DoOneToAllButSender(const char* prefix, const char* command, const parameterlist &params, std::string omit)
{
std::string spfx = prefix;
std::string scmd = command;
return this->DoOneToAllButSender(spfx, scmd, params, omit);
}
-bool SpanningTreeUtilities::DoOneToOne(const std::string &prefix, const std::string &command, parameterlist &params, std::string target)
+bool SpanningTreeUtilities::DoOneToOne(const std::string &prefix, const std::string &command, const parameterlist &params, std::string target)
{
TreeServer* Route = this->BestRouteTo(target);
if (Route)
diff --git a/src/modules/m_spanningtree/utils.h b/src/modules/m_spanningtree/utils.h
index eb0df03ff..2e527ae12 100644
--- a/src/modules/m_spanningtree/utils.h
+++ b/src/modules/m_spanningtree/utils.h
@@ -124,27 +124,27 @@ class SpanningTreeUtilities : public classbase
/** Send a message from this server to one other local or remote
*/
- bool DoOneToOne(const std::string &prefix, const std::string &command, parameterlist &params, std::string target);
+ bool DoOneToOne(const std::string &prefix, const std::string &command, const parameterlist &params, std::string target);
/** Send a message from this server to all but one other, local or remote
*/
- bool DoOneToAllButSender(const std::string &prefix, const std::string &command, parameterlist &params, std::string omit);
+ bool DoOneToAllButSender(const std::string &prefix, const std::string &command, const parameterlist &params, std::string omit);
/** Send a message from this server to all but one other, local or remote
*/
- bool DoOneToAllButSender(const char* prefix, const char* command, parameterlist &params, std::string omit);
+ bool DoOneToAllButSender(const char* prefix, const char* command, const parameterlist &params, std::string omit);
/** Send a message from this server to all others
*/
- bool DoOneToMany(const std::string &prefix, const std::string &command, parameterlist &params);
+ bool DoOneToMany(const std::string &prefix, const std::string &command, const parameterlist &params);
/** Send a message from this server to all others
*/
- bool DoOneToMany(const char* prefix, const char* command, parameterlist &params);
+ bool DoOneToMany(const char* prefix, const char* command, const parameterlist &params);
/** Send a message from this server to all others, without doing any processing on the command (e.g. send it as-is with colons and all)
*/
- bool DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, parameterlist &params);
+ bool DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, const parameterlist &params);
/** Read the spanningtree module's tags from the config file
*/
diff --git a/src/modules/sasl.h b/src/modules/sasl.h
new file mode 100644
index 000000000..9abfc558a
--- /dev/null
+++ b/src/modules/sasl.h
@@ -0,0 +1,28 @@
+/* +------------------------------------+
+ * | Inspire Internet Relay Chat Daemon |
+ * +------------------------------------+
+ *
+ * InspIRCd: (C) 2002-2010 InspIRCd Development Team
+ * See: http://wiki.inspircd.org/Credits
+ *
+ * This program is free but copyrighted software; see
+ * the file COPYING for details.
+ *
+ * ---------------------------------------------------
+ */
+
+#ifndef __SASL_H__
+#define __SASL_H__
+
+class SASLFallback : public Event
+{
+ public:
+ const parameterlist& params;
+ SASLFallback(Module* me, const parameterlist& p)
+ : Event(me, "sasl_fallback"), params(p)
+ {
+ Send();
+ }
+};
+
+#endif