]> git.netwichtig.de Git - user/henk/code/inspircd.git/blob - src/modules/m_sasl.cpp
projects / user / henk / code / inspircd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change Extensible to use strongly typed entries
[user/henk/code/inspircd.git] / src / modules / m_sasl.cpp
1 /*       +------------------------------------+
2  *       | Inspire Internet Relay Chat Daemon |
3  *       +------------------------------------+
4  *
5  *  InspIRCd: (C) 2002-2009 InspIRCd Development Team
6  * See: http://wiki.inspircd.org/Credits
7  *
8  * This program is free but copyrighted software; see
9  *          the file COPYING for details.
10  *
11  * ---------------------------------------------------
12  */
13
14 #include "inspircd.h"
15 #include "m_cap.h"
16 #include "account.h"
17
18 /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
19
20 enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE };
21 enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT };
22
23 /**
24  * Tracks SASL authentication state like charybdis does. --nenolod
25  */
26 class SaslAuthenticator : public classbase
27 {
28  private:
29         InspIRCd *ServerInstance;
30         std::string agent;
31         User *user;
32         SaslState state;
33         SaslResult result;
34         bool state_announced;
35
36  public:
37         SaslAuthenticator(User *user_, std::string method, InspIRCd *instance, Module *ctor)
38                 : ServerInstance(instance), user(user_), state(SASL_INIT), state_announced(false)
39         {
40                 parameterlist params;
41                 params.push_back("*");
42                 params.push_back("SASL");
43                 params.push_back(user->uuid);
44                 params.push_back("*");
45                 params.push_back("S");
46                 params.push_back(method);
47
48                 ServerInstance->PI->SendEncapsulatedData(params);
49         }
50
51         SaslResult GetSaslResult(const std::string &result_)
52         {
53                 if (result_ == "F")
54                         return SASL_FAIL;
55
56                 if (result_ == "A")
57                         return SASL_ABORT;
58
59                 return SASL_OK;
60         }
61
62         /* checks for and deals with a state change. */
63         SaslState ProcessInboundMessage(const std::vector<std::string> &msg)
64         {
65                 switch (this->state)
66                 {
67                  case SASL_INIT:
68                         this->agent = msg[0];
69                         this->user->Write("AUTHENTICATE %s", msg[3].c_str());
70                         this->state = SASL_COMM;
71                         break;
72                  case SASL_COMM:
73                         if (msg[0] != this->agent)
74                                 return this->state;
75
76                         if (msg[2] != "D")
77                                 this->user->Write("AUTHENTICATE %s", msg[3].c_str());
78                         else
79                         {
80                                 this->state = SASL_DONE;
81                                 this->result = this->GetSaslResult(msg[3]);
82                         }
83
84                         break;
85                  case SASL_DONE:
86                         break;
87                  default:
88                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WTF: SaslState is not a known state (%d)", this->state);
89                         break;
90                 }
91
92                 return this->state;
93         }
94
95         void Abort(void)
96         {
97                 this->state = SASL_DONE;
98                 this->result = SASL_ABORT;
99         }
100
101         bool SendClientMessage(const std::vector<std::string>& parameters)
102         {
103                 if (this->state != SASL_COMM)
104                         return true;
105
106                 parameterlist params;
107                 params.push_back("*");
108                 params.push_back("SASL");
109                 params.push_back(this->user->uuid);
110                 params.push_back(this->agent);
111                 params.push_back("C");
112
113                 params.insert(params.end(), parameters.begin(), parameters.end());
114
115                 ServerInstance->PI->SendEncapsulatedData(params);
116
117                 if (parameters[0][0] == '*')
118                 {
119                         this->Abort();
120                         return false;
121                 }
122
123                 return true;
124         }
125
126         void AnnounceState(void)
127         {
128                 if (this->state_announced)
129                         return;
130
131                 switch (this->result)
132                 {
133                  case SASL_OK:
134                         this->user->WriteNumeric(903, "%s :SASL authentication successful", this->user->nick.c_str());
135                         break;
136                  case SASL_ABORT:
137                         this->user->WriteNumeric(906, "%s :SASL authentication aborted", this->user->nick.c_str());
138                         break;
139                  case SASL_FAIL:
140                         this->user->WriteNumeric(904, "%s :SASL authentication failed", this->user->nick.c_str());
141                         break;
142                  default:
143                         break;
144                 }
145
146                 this->state_announced = true;
147         }
148 };
149
150 class CommandAuthenticate : public Command
151 {
152  public:
153         SimpleExtItem<SaslAuthenticator>& authExt;
154         GenericCap& cap;
155         CommandAuthenticate (InspIRCd* Instance, Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, GenericCap& Cap)
156                 : Command(Instance, Creator, "AUTHENTICATE", 0, 1, true), authExt(ext), cap(Cap)
157         {
158         }
159
160         CmdResult Handle (const std::vector<std::string>& parameters, User *user)
161         {
162                 /* Only allow AUTHENTICATE on unregistered clients */
163                 if (user->registered != REG_ALL)
164                 {
165                         if (!cap.ext.get(user))
166                                 return CMD_FAILURE;
167
168                         SaslAuthenticator *sasl = authExt.get(user);
169                         if (!sasl)
170                                 authExt.set(user, new SaslAuthenticator(user, parameters[0], ServerInstance, creator));
171                         else if (sasl->SendClientMessage(parameters) == false)  // IAL abort extension --nenolod
172                         {
173                                 sasl->AnnounceState();
174                                 authExt.unset(user);
175                         }
176                 }
177                 return CMD_FAILURE;
178         }
179 };
180
181 class CommandSASL : public Command
182 {
183  public:
184         SimpleExtItem<SaslAuthenticator>& authExt;
185         CommandSASL(InspIRCd* Instance, Module* Creator, SimpleExtItem<SaslAuthenticator>& ext)
186                 : Command(Instance, Creator, "SASL", 0, 2), authExt(ext)
187         {
188                 this->disabled = true; // should not be called by users
189         }
190
191         CmdResult Handle(const std::vector<std::string>& parameters, User *user)
192         {
193                 User* target = ServerInstance->FindNick(parameters[1]);
194                 if (!target)
195                 {
196                         ServerInstance->Logs->Log("m_sasl", DEBUG,"User not found in sasl ENCAP event: %s", parameters[1].c_str());
197                         return CMD_FAILURE;
198                 }
199
200                 SaslAuthenticator *sasl = authExt.get(target);
201                 if (!sasl)
202                         return CMD_FAILURE;
203
204                 SaslState state = sasl->ProcessInboundMessage(parameters);
205                 if (state == SASL_DONE)
206                 {
207                         sasl->AnnounceState();
208                         authExt.unset(target);
209                 }
210                 return CMD_SUCCESS;
211         }
212
213         RouteDescriptor GetRouting(User* user, const std::vector<std::string>& parameters)
214         {
215                 return ROUTE_BROADCAST;
216         }
217 };
218
219 class ModuleSASL : public Module
220 {
221         SimpleExtItem<SaslAuthenticator> authExt;
222         GenericCap cap;
223         CommandAuthenticate auth;
224         CommandSASL sasl;
225  public:
226         ModuleSASL(InspIRCd* Me)
227                 : Module(Me), authExt("sasl_auth", this), cap(this, "sasl"), auth(Me, this, authExt, cap), sasl(Me, this, authExt)
228         {
229                 Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnPostConnect, I_OnUserDisconnect, I_OnCleanup };
230                 ServerInstance->Modules->Attach(eventlist, this, 5);
231
232                 ServerInstance->AddCommand(&auth);
233                 ServerInstance->AddCommand(&sasl);
234
235                 if (!ServerInstance->Modules->Find("m_services_account.so") || !ServerInstance->Modules->Find("m_cap.so"))
236                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!");
237         }
238
239         ModResult OnUserRegister(User *user)
240         {
241                 SaslAuthenticator *sasl_ = authExt.get(user);
242                 if (sasl_)
243                 {
244                         sasl_->Abort();
245                         authExt.unset(user);
246                 }
247
248                 return MOD_RES_PASSTHRU;
249         }
250
251         ~ModuleSASL()
252         {
253         }
254
255         Version GetVersion()
256         {
257                 return Version("$Id$",VF_VENDOR,API_VERSION);
258         }
259
260         void OnEvent(Event *ev)
261         {
262                 cap.HandleEvent(ev);
263         }
264 };
265
266 MODULE_INIT(ModuleSASL)