src/modules/m_sasl.cpp

   1 /*       +------------------------------------+
   2  *       | Inspire Internet Relay Chat Daemon |
   3  *       +------------------------------------+
   4  *
   5  *  InspIRCd: (C) 2002-2008 InspIRCd Development Team
   6  * See: http://www.inspircd.org/wiki/index.php/Credits
   7  *
   8  * This program is free but copyrighted software; see
   9  *          the file COPYING for details.
  10  *
  11  * ---------------------------------------------------
  12  */
  13
  14 #include "inspircd.h"
  15 #include "m_cap.h"
  16 #include "account.h"
  17
  18 /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
  19
  20 enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE };
  21 enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT };
  22
  23 /**
  24  * Tracks SASL authentication state like charybdis does. --nenolod
  25  */
  26 class SaslAuthenticator
  27 {
  28  private:
  29         InspIRCd *ServerInstance;
  30         Module *Creator;
  31         std::string agent;
  32         User *user;
  33         SaslState state;
  34         SaslResult result;
  35         bool state_announced;
  36
  37  public:
  38         SaslAuthenticator(User *user, std::string method, InspIRCd *instance, Module *ctor)
  39                 : ServerInstance(instance), Creator(ctor), user(user), state(SASL_INIT)
  40         {
  41                 this->user->Extend("sasl_authenticator", this);
  42
  43                 std::deque<std::string> params;
  44                 params.push_back("*");
  45                 params.push_back("SASL");
  46                 params.push_back(user->uuid);
  47                 params.push_back("*");
  48                 params.push_back("S");
  49                 params.push_back(method);
  50
  51                 Event e((char*)&params, Creator, "send_encap");
  52                 e.Send(ServerInstance);
  53         }
  54
  55         SaslResult GetSaslResult(std::string &result)
  56         {
  57                 if (result == "F")
  58                         return SASL_FAIL;
  59
  60                 if (result == "A")
  61                         return SASL_ABORT;
  62
  63                 return SASL_OK;
  64         }
  65
  66         /* checks for and deals with a state change. */
  67         SaslState ProcessInboundMessage(std::deque<std::string> &msg)
  68         {
  69                 switch (this->state)
  70                 {
  71                  case SASL_INIT:
  72                         this->agent = msg[1];
  73                         this->user->WriteServ("AUTHENTICATE %s", msg[4].c_str());
  74                         this->state = SASL_COMM;
  75                         break;
  76                  case SASL_COMM:
  77                         if (msg[1] != this->agent)
  78                                 return this->state;
  79
  80                         if (msg[3] != "D")
  81                                 this->user->WriteServ("AUTHENTICATE %s", msg[4].c_str());
  82                         else
  83                         {
  84                                 this->state = SASL_DONE;
  85                                 this->result = this->GetSaslResult(msg[4]);
  86                                 this->AnnounceState();
  87                         }
  88
  89                         break;
  90                  case SASL_DONE:
  91                         break;
  92                  default:
  93                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WTF: SaslState is not a known state (%d)", this->state);
  94                         break;
  95                 }
  96
  97                 return this->state;
  98         }
  99
 100         void SendClientMessage(const char* const* parameters, int pcnt)
 101         {
 102                 if (this->state != SASL_COMM)
 103                         return;
 104
 105                 std::deque<std::string> params;
 106                 params.push_back("*");
 107                 params.push_back("SASL");
 108                 params.push_back(this->user->uuid);
 109                 params.push_back(this->agent);
 110                 params.push_back("C");
 111
 112                 for (int i = 0; i < pcnt; ++i)
 113                         params.push_back(parameters[i]);
 114
 115                 Event e((char*)&params, Creator, "send_encap");
 116                 e.Send(ServerInstance);
 117         }
 118
 119         void AnnounceState(void)
 120         {
 121                 if (this->state_announced)
 122                         return;
 123
 124                 switch (this->result)
 125                 {
 126                  case SASL_OK:
 127                         this->user->WriteServ("903 %s :SASL authentication successful", this->user->nick);
 128                         break;
 129                  case SASL_ABORT:
 130                         this->user->WriteServ("906 %s :SASL authentication aborted", this->user->nick);
 131                         break;
 132                  case SASL_FAIL:
 133                         this->user->WriteServ("904 %s :SASL authentication failed", this->user->nick);
 134                         break;
 135                  default:
 136                         break;
 137                 }
 138         }
 139
 140         ~SaslAuthenticator()
 141         {
 142                 this->AnnounceState();
 143         }
 144 };
 145
 146 class CommandAuthenticate : public Command
 147 {
 148         Module* Creator;
 149  public:
 150         CommandAuthenticate (InspIRCd* Instance, Module* creator) : Command(Instance,"AUTHENTICATE", 0, 1, true), Creator(creator)
 151         {
 152                 this->source = "m_sasl.so";
 153         }
 154
 155         CmdResult Handle (const char* const* parameters, int pcnt, User *user)
 156         {
 157                 /* Only allow AUTHENTICATE on unregistered clients */
 158                 if (user->registered != REG_ALL)
 159                 {
 160                         if (!user->GetExt("sasl"))
 161                                 return CMD_FAILURE;
 162
 163                         SaslAuthenticator *sasl;
 164                         if (!(user->GetExt("sasl_authenticator", sasl)))
 165                                 sasl = new SaslAuthenticator(user, parameters[0], ServerInstance, Creator);
 166                         else
 167                                 sasl->SendClientMessage(parameters, pcnt);
 168                 }
 169                 return CMD_FAILURE;
 170         }
 171 };
 172
 173
 174 class ModuleSASL : public Module
 175 {
 176         CommandAuthenticate* sasl;
 177  public:
 178
 179         ModuleSASL(InspIRCd* Me)
 180                 : Module(Me)
 181         {
 182                 Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnPostConnect };
 183                 ServerInstance->Modules->Attach(eventlist, this, 3);
 184
 185                 sasl = new CommandAuthenticate(ServerInstance, this);
 186                 ServerInstance->AddCommand(sasl);
 187
 188                 if (!ServerInstance->Modules->Find("m_services_account.so") || !ServerInstance->Modules->Find("m_cap.so"))
 189                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!");
 190         }
 191
 192         virtual int OnUserRegister(User *user)
 193         {
 194                 if (user->GetExt("sasl"))
 195                 {
 196                         user->WriteServ("906 %s :SASL authentication aborted", user->nick);
 197                         user->Shrink("sasl");
 198                 }
 199
 200                 return 0;
 201         }
 202
 203         virtual void OnPostConnect(User* user)
 204         {
 205                 if (!IS_LOCAL(user))
 206                         return;
 207
 208                 std::string* str = NULL;
 209
 210                 if (user->GetExt("accountname", str))
 211                 {
 212                         std::deque<std::string> params;
 213                         params.push_back(user->uuid);
 214                         params.push_back("accountname");
 215                         params.push_back(*str);
 216                         Event e((char*)&params, this, "send_metadata");
 217                         e.Send(ServerInstance);
 218                 }
 219                 return;
 220         }
 221
 222         virtual ~ModuleSASL()
 223         {
 224         }
 225
 226         virtual Version GetVersion()
 227         {
 228                 return Version(1,2,0,1,VF_VENDOR,API_VERSION);
 229         }
 230
 231         virtual void OnEvent(Event *ev)
 232         {
 233                 GenericCapHandler(ev, "sasl", "sasl");
 234
 235                 if (ev->GetEventID() == "encap_received")
 236                 {
 237                         std::deque<std::string>* parameters = (std::deque<std::string>*)ev->GetData();
 238
 239                         if ((*parameters)[1] != "SASL")
 240                                 return;
 241
 242                         User* target = ServerInstance->FindNick((*parameters)[2]);
 243                         if (!target)
 244                         {
 245                                 ServerInstance->Logs->Log("m_sasl", DEBUG,"User not found in sasl ENCAP event: %s", (*parameters)[2].c_str());
 246                                 return;
 247                         }
 248
 249                         SaslAuthenticator *sasl;
 250                         if (!target->GetExt("sasl_authenticator", sasl))
 251                                 return;
 252
 253                         SaslState state = sasl->ProcessInboundMessage(*parameters);
 254                         if (state == SASL_DONE)
 255                         {
 256                                 target->Shrink("sasl_authenticator");
 257                                 delete sasl;
 258                         }
 259                 }
 260         }
 261 };
 262
 263 MODULE_INIT(ModuleSASL)