src/modules/m_sasl.cpp

   1 /*       +------------------------------------+
   2  *       | Inspire Internet Relay Chat Daemon |
   3  *       +------------------------------------+
   4  *
   5  *  InspIRCd: (C) 2002-2010 InspIRCd Development Team
   6  * See: http://wiki.inspircd.org/Credits
   7  *
   8  * This program is free but copyrighted software; see
   9  *          the file COPYING for details.
  10  *
  11  * ---------------------------------------------------
  12  */
  13
  14 #include "inspircd.h"
  15 #include "m_cap.h"
  16 #include "account.h"
  17
  18 /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
  19
  20 enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE };
  21 enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT };
  22
  23 /**
  24  * Tracks SASL authentication state like charybdis does. --nenolod
  25  */
  26 class SaslAuthenticator
  27 {
  28  private:
  29         std::string agent;
  30         User *user;
  31         SaslState state;
  32         SaslResult result;
  33         bool state_announced;
  34
  35  public:
  36         SaslAuthenticator(User *user_, std::string method, Module *ctor)
  37                 : user(user_), state(SASL_INIT), state_announced(false)
  38         {
  39                 parameterlist params;
  40                 params.push_back("*");
  41                 params.push_back("SASL");
  42                 params.push_back(user->uuid);
  43                 params.push_back("*");
  44                 params.push_back("S");
  45                 params.push_back(method);
  46
  47                 ServerInstance->PI->SendEncapsulatedData(params);
  48         }
  49
  50         SaslResult GetSaslResult(const std::string &result_)
  51         {
  52                 if (result_ == "F")
  53                         return SASL_FAIL;
  54
  55                 if (result_ == "A")
  56                         return SASL_ABORT;
  57
  58                 return SASL_OK;
  59         }
  60
  61         /* checks for and deals with a state change. */
  62         SaslState ProcessInboundMessage(const std::vector<std::string> &msg)
  63         {
  64                 switch (this->state)
  65                 {
  66                  case SASL_INIT:
  67                         this->agent = msg[0];
  68                         this->user->Write("AUTHENTICATE %s", msg[3].c_str());
  69                         this->state = SASL_COMM;
  70                         break;
  71                  case SASL_COMM:
  72                         if (msg[0] != this->agent)
  73                                 return this->state;
  74
  75                         if (msg[2] != "D")
  76                                 this->user->Write("AUTHENTICATE %s", msg[3].c_str());
  77                         else
  78                         {
  79                                 this->state = SASL_DONE;
  80                                 this->result = this->GetSaslResult(msg[3]);
  81                         }
  82
  83                         break;
  84                  case SASL_DONE:
  85                         break;
  86                  default:
  87                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WTF: SaslState is not a known state (%d)", this->state);
  88                         break;
  89                 }
  90
  91                 return this->state;
  92         }
  93
  94         void Abort(void)
  95         {
  96                 this->state = SASL_DONE;
  97                 this->result = SASL_ABORT;
  98         }
  99
 100         bool SendClientMessage(const std::vector<std::string>& parameters)
 101         {
 102                 if (this->state != SASL_COMM)
 103                         return true;
 104
 105                 parameterlist params;
 106                 params.push_back("*");
 107                 params.push_back("SASL");
 108                 params.push_back(this->user->uuid);
 109                 params.push_back(this->agent);
 110                 params.push_back("C");
 111
 112                 params.insert(params.end(), parameters.begin(), parameters.end());
 113
 114                 ServerInstance->PI->SendEncapsulatedData(params);
 115
 116                 if (parameters[0][0] == '*')
 117                 {
 118                         this->Abort();
 119                         return false;
 120                 }
 121
 122                 return true;
 123         }
 124
 125         void AnnounceState(void)
 126         {
 127                 if (this->state_announced)
 128                         return;
 129
 130                 switch (this->result)
 131                 {
 132                  case SASL_OK:
 133                         this->user->WriteNumeric(903, "%s :SASL authentication successful", this->user->nick.c_str());
 134                         break;
 135                  case SASL_ABORT:
 136                         this->user->WriteNumeric(906, "%s :SASL authentication aborted", this->user->nick.c_str());
 137                         break;
 138                  case SASL_FAIL:
 139                         this->user->WriteNumeric(904, "%s :SASL authentication failed", this->user->nick.c_str());
 140                         break;
 141                  default:
 142                         break;
 143                 }
 144
 145                 this->state_announced = true;
 146         }
 147 };
 148
 149 class CommandAuthenticate : public Command
 150 {
 151  public:
 152         SimpleExtItem<SaslAuthenticator>& authExt;
 153         GenericCap& cap;
 154         CommandAuthenticate(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, GenericCap& Cap)
 155                 : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
 156         {
 157                 works_before_reg = true;
 158         }
 159
 160         CmdResult Handle (const std::vector<std::string>& parameters, User *user)
 161         {
 162                 /* Only allow AUTHENTICATE on unregistered clients */
 163                 if (user->registered != REG_ALL)
 164                 {
 165                         if (!cap.ext.get(user))
 166                                 return CMD_FAILURE;
 167
 168                         SaslAuthenticator *sasl = authExt.get(user);
 169                         if (!sasl)
 170                                 authExt.set(user, new SaslAuthenticator(user, parameters[0], creator));
 171                         else if (sasl->SendClientMessage(parameters) == false)  // IAL abort extension --nenolod
 172                         {
 173                                 sasl->AnnounceState();
 174                                 authExt.unset(user);
 175                         }
 176                 }
 177                 return CMD_FAILURE;
 178         }
 179 };
 180
 181 class CommandSASL : public Command
 182 {
 183  public:
 184         SimpleExtItem<SaslAuthenticator>& authExt;
 185         CommandSASL(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext) : Command(Creator, "SASL", 2), authExt(ext)
 186         {
 187                 this->flags_needed = FLAG_SERVERONLY; // should not be called by users
 188         }
 189
 190         CmdResult Handle(const std::vector<std::string>& parameters, User *user)
 191         {
 192                 User* target = ServerInstance->FindNick(parameters[1]);
 193                 if (!target)
 194                 {
 195                         ServerInstance->Logs->Log("m_sasl", DEBUG,"User not found in sasl ENCAP event: %s", parameters[1].c_str());
 196                         return CMD_FAILURE;
 197                 }
 198
 199                 SaslAuthenticator *sasl = authExt.get(target);
 200                 if (!sasl)
 201                         return CMD_FAILURE;
 202
 203                 SaslState state = sasl->ProcessInboundMessage(parameters);
 204                 if (state == SASL_DONE)
 205                 {
 206                         sasl->AnnounceState();
 207                         authExt.unset(target);
 208                 }
 209                 return CMD_SUCCESS;
 210         }
 211
 212         RouteDescriptor GetRouting(User* user, const std::vector<std::string>& parameters)
 213         {
 214                 return ROUTE_BROADCAST;
 215         }
 216 };
 217
 218 class ModuleSASL : public Module
 219 {
 220         SimpleExtItem<SaslAuthenticator> authExt;
 221         GenericCap cap;
 222         CommandAuthenticate auth;
 223         CommandSASL sasl;
 224  public:
 225         ModuleSASL()
 226                 : authExt("sasl_auth", this), cap(this, "sasl"), auth(this, authExt, cap), sasl(this, authExt)
 227         {
 228                 Implementation eventlist[] = { I_OnEvent, I_OnUserRegister };
 229                 ServerInstance->Modules->Attach(eventlist, this, 2);
 230
 231                 ServiceProvider* providelist[] = { &auth, &sasl, &authExt };
 232                 ServerInstance->Modules->AddServices(providelist, 3);
 233
 234                 if (!ServerInstance->Modules->Find("m_services_account.so") || !ServerInstance->Modules->Find("m_cap.so"))
 235                         ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!");
 236         }
 237
 238         ModResult OnUserRegister(LocalUser *user)
 239         {
 240                 SaslAuthenticator *sasl_ = authExt.get(user);
 241                 if (sasl_)
 242                 {
 243                         sasl_->Abort();
 244                         authExt.unset(user);
 245                 }
 246
 247                 return MOD_RES_PASSTHRU;
 248         }
 249
 250         Version GetVersion()
 251         {
 252                 return Version("Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE.",VF_VENDOR);
 253         }
 254
 255         void OnEvent(Event &ev)
 256         {
 257                 cap.HandleEvent(ev);
 258         }
 259 };
 260
 261 MODULE_INIT(ModuleSASL)