]> git.netwichtig.de Git - user/henk/code/inspircd.git/blobdiff - src/modules/m_sasl.cpp
projects / user / henk / code / inspircd.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
m_sasl: send host/ip info
[user/henk/code/inspircd.git] / src / modules / m_sasl.cpp
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 943f45bd3755f93713f70d16a2529b4a8a3e803d..db96f9dfaa0039439214d173e0549d987c4a8c0e 100644 (file)
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -22,6 +22,7 @@
 #include "m_cap.h"
 #include "account.h"
 #include "sasl.h"
+#include "ssl.h"
 
 /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
 
@@ -50,10 +51,26 @@ class SaslAuthenticator
        SaslResult result;
        bool state_announced;
 
+       void SendHostIP()
+       {
+               parameterlist params;
+               params.push_back(sasl_target);
+               params.push_back("SASL");
+               params.push_back(user->uuid);
+               params.push_back("*");
+               params.push_back("H");
+               params.push_back(user->host);
+               params.push_back(user->GetIPString());
+
+               SendSASL(params);
+       }
+
  public:
-       SaslAuthenticator(User *user_, std::string method, Module *ctor)
+       SaslAuthenticator(User* user_, const std::string& method)
                : user(user_), state(SASL_INIT), state_announced(false)
        {
+               SendHostIP();
+
                parameterlist params;
                params.push_back(sasl_target);
                params.push_back("SASL");
@@ -62,6 +79,15 @@ class SaslAuthenticator
                params.push_back("S");
                params.push_back(method);
 
+               if (method == "EXTERNAL" && IS_LOCAL(user_))
+               {
+                       SocketCertificateRequest req(&((LocalUser*)user_)->eh, ServerInstance->Modules->Find("m_sasl.so"));
+                       std::string fp = req.GetFingerprint();
+
+                       if (fp.size())
+                               params.push_back(fp);
+               }
+
                SendSASL(params);
        }
 
@@ -83,20 +109,26 @@ class SaslAuthenticator
                {
                 case SASL_INIT:
                        this->agent = msg[0];
-                       this->user->Write("AUTHENTICATE %s", msg[3].c_str());
                        this->state = SASL_COMM;
-                       break;
+                       /* fall through */
                 case SASL_COMM:
                        if (msg[0] != this->agent)
                                return this->state;
 
-                       if (msg[2] != "D")
+                       if (msg.size() < 4)
+                               return this->state;
+
+                       if (msg[2] == "C")
                                this->user->Write("AUTHENTICATE %s", msg[3].c_str());
-                       else
+                       else if (msg[2] == "D")
                        {
                                this->state = SASL_DONE;
                                this->result = this->GetSaslResult(msg[3]);
                        }
+                       else if (msg[2] == "M")
+                               this->user->WriteNumeric(908, "%s %s :are available SASL mechanisms", this->user->nick.c_str(), msg[3].c_str());
+                       else
+                               ServerInstance->Logs->Log("m_sasl", DEFAULT, "Services sent an unknown SASL message \"%s\" \"%s\"", msg[2].c_str(), msg[3].c_str());
 
                        break;
                 case SASL_DONE:
@@ -131,7 +163,7 @@ class SaslAuthenticator
 
                SendSASL(params);
 
-               if (parameters[0][0] == '*')
+               if (parameters[0].c_str()[0] == '*')
                {
                        this->Abort();
                        return false;
@@ -173,6 +205,7 @@ class CommandAuthenticate : public Command
                : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
        {
                works_before_reg = true;
+               allow_empty_last_param = false;
        }
 
        CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -183,9 +216,12 @@ class CommandAuthenticate : public Command
                        if (!cap.ext.get(user))
                                return CMD_FAILURE;
 
+                       if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+                               return CMD_FAILURE;
+
                        SaslAuthenticator *sasl = authExt.get(user);
                        if (!sasl)
-                               authExt.set(user, new SaslAuthenticator(user, parameters[0], creator));
+                               authExt.set(user, new SaslAuthenticator(user, parameters[0]));
                        else if (sasl->SendClientMessage(parameters) == false)  // IAL abort extension --nenolod
                        {
                                sasl->AnnounceState();
@@ -208,7 +244,7 @@ class CommandSASL : public Command
        CmdResult Handle(const std::vector<std::string>& parameters, User *user)
        {
                User* target = ServerInstance->FindNick(parameters[1]);
-               if (!target)
+               if ((!target) || (IS_SERVER(target)))
                {
                        ServerInstance->Logs->Log("m_sasl", DEBUG,"User not found in sasl ENCAP event: %s", parameters[1].c_str());
                        return CMD_FAILURE;
@@ -248,7 +284,7 @@ class ModuleSASL : public Module
        void init()
        {
                OnRehash(NULL);
-               Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash };
+               Implementation eventlist[] = { I_OnEvent, I_OnUserConnect, I_OnRehash };
                ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
 
                ServiceProvider* providelist[] = { &auth, &sasl, &authExt };
@@ -263,7 +299,7 @@ class ModuleSASL : public Module
                sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*");
        }
 
-       ModResult OnUserRegister(LocalUser *user)
+       void OnUserConnect(LocalUser *user)
        {
                SaslAuthenticator *sasl_ = authExt.get(user);
                if (sasl_)
@@ -271,13 +307,11 @@ class ModuleSASL : public Module
                        sasl_->Abort();
                        authExt.unset(user);
                }
-
-               return MOD_RES_PASSTHRU;
        }
 
        Version GetVersion()
        {
-               return Version("Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE.",VF_VENDOR);
+               return Version("Provides support for IRC Authentication Layer (aka: SASL) via AUTHENTICATE.", VF_VENDOR);
        }
 
        void OnEvent(Event &ev)