summaryrefslogtreecommitdiff
path: root/src/modules/m_sasl.cpp
diff options
context:
space:
mode:
authordanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-18 21:23:00 +0000
committerdanieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7>2010-02-18 21:23:00 +0000
commit8cb1935360087b4e38802b837981e5f41e9b87d7 (patch)
tree687d0c37e28a12d9052828e77fe0a8a5c08a8e11 /src/modules/m_sasl.cpp
parent46e56dedd37abe33af4e8b970d5b83729dc1ef05 (diff)
Allow SASL messages to be targeted at the services server
<sasl target="services.example.net"> will avoid broadcasting all authentication messages across the network, which improves security. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12494 e03df62e-2008-0410-955e-edbf42e46eb7
Diffstat (limited to 'src/modules/m_sasl.cpp')
-rw-r--r--src/modules/m_sasl.cpp33
1 files changed, 27 insertions, 6 deletions
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 8f48d1da9..72d547c7c 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -14,12 +14,23 @@
#include "inspircd.h"
#include "m_cap.h"
#include "account.h"
+#include "sasl.h"
/* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE };
enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT };
+static std::string sasl_target = "*";
+
+static void SendSASL(const parameterlist& params)
+{
+ if (!ServerInstance->PI->SendEncapsulatedData(params))
+ {
+ SASLFallback(NULL, params);
+ }
+}
+
/**
* Tracks SASL authentication state like charybdis does. --nenolod
*/
@@ -37,14 +48,14 @@ class SaslAuthenticator
: user(user_), state(SASL_INIT), state_announced(false)
{
parameterlist params;
- params.push_back("*");
+ params.push_back(sasl_target);
params.push_back("SASL");
params.push_back(user->uuid);
params.push_back("*");
params.push_back("S");
params.push_back(method);
- ServerInstance->PI->SendEncapsulatedData(params);
+ SendSASL(params);
}
SaslResult GetSaslResult(const std::string &result_)
@@ -103,7 +114,7 @@ class SaslAuthenticator
return true;
parameterlist params;
- params.push_back("*");
+ params.push_back(sasl_target);
params.push_back("SASL");
params.push_back(this->user->uuid);
params.push_back(this->agent);
@@ -111,7 +122,7 @@ class SaslAuthenticator
params.insert(params.end(), parameters.begin(), parameters.end());
- ServerInstance->PI->SendEncapsulatedData(params);
+ SendSASL(params);
if (parameters[0][0] == '*')
{
@@ -225,8 +236,13 @@ class ModuleSASL : public Module
ModuleSASL()
: authExt("sasl_auth", this), cap(this, "sasl"), auth(this, authExt, cap), sasl(this, authExt)
{
- Implementation eventlist[] = { I_OnEvent, I_OnUserRegister };
- ServerInstance->Modules->Attach(eventlist, this, 2);
+ }
+
+ void init()
+ {
+ OnRehash(NULL);
+ Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash };
+ ServerInstance->Modules->Attach(eventlist, this, 3);
ServiceProvider* providelist[] = { &auth, &sasl, &authExt };
ServerInstance->Modules->AddServices(providelist, 3);
@@ -235,6 +251,11 @@ class ModuleSASL : public Module
ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!");
}
+ void OnRehash(User*)
+ {
+ sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*");
+ }
+
ModResult OnUserRegister(LocalUser *user)
{
SaslAuthenticator *sasl_ = authExt.get(user);