X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sasl.cpp;h=649c218098ad682fef9016c6e5bde70b5961e35f;hb=692865acd58c9a475db1fdf4d419188325cd2182;hp=b653096b24566361685e7acafe391a4362bbf1db;hpb=46a39046196f55b52336e19662bb7bac85b731ac;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index b653096b2..649c21809 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -22,6 +22,7 @@
 #include "m_cap.h"
 #include "account.h"
 #include "sasl.h"
+#include "ssl.h"
 
 /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */
 
@@ -51,7 +52,7 @@ class SaslAuthenticator
 	bool state_announced;
 
  public:
-	SaslAuthenticator(User *user_, std::string method, Module *ctor)
+	SaslAuthenticator(User* user_, const std::string& method)
 		: user(user_), state(SASL_INIT), state_announced(false)
 	{
 		parameterlist params;
@@ -62,6 +63,15 @@ class SaslAuthenticator
 		params.push_back("S");
 		params.push_back(method);
 
+		if (method == "EXTERNAL" && IS_LOCAL(user_))
+		{
+			SocketCertificateRequest req(&((LocalUser*)user_)->eh, ServerInstance->Modules->Find("m_sasl.so"));
+			std::string fp = req.GetFingerprint();
+
+			if (fp.size())
+				params.push_back(fp);
+		}
+
 		SendSASL(params);
 	}
 
@@ -83,20 +93,26 @@ class SaslAuthenticator
 		{
 		 case SASL_INIT:
 			this->agent = msg[0];
-			this->user->Write("AUTHENTICATE %s", msg[3].c_str());
 			this->state = SASL_COMM;
-			break;
+			/* fall through */
 		 case SASL_COMM:
 			if (msg[0] != this->agent)
 				return this->state;
 
-			if (msg[2] != "D")
+			if (msg.size() < 4)
+				return this->state;
+
+			if (msg[2] == "C")
 				this->user->Write("AUTHENTICATE %s", msg[3].c_str());
-			else
+			else if (msg[2] == "D")
 			{
 				this->state = SASL_DONE;
 				this->result = this->GetSaslResult(msg[3]);
 			}
+			else if (msg[2] == "M")
+				this->user->WriteNumeric(908, "%s %s :are available SASL mechanisms", this->user->nick.c_str(), msg[3].c_str());
+			else
+				ServerInstance->Logs->Log("m_sasl", DEFAULT, "Services sent an unknown SASL message \"%s\" \"%s\"", msg[2].c_str(), msg[3].c_str());
 
 			break;
 		 case SASL_DONE:
@@ -131,7 +147,7 @@ class SaslAuthenticator
 
 		SendSASL(params);
 
-		if (parameters[0][0] == '*')
+		if (parameters[0].c_str()[0] == '*')
 		{
 			this->Abort();
 			return false;
@@ -173,6 +189,7 @@ class CommandAuthenticate : public Command
 		: Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap)
 	{
 		works_before_reg = true;
+		allow_empty_last_param = false;
 	}
 
 	CmdResult Handle (const std::vector<std::string>& parameters, User *user)
@@ -183,9 +200,12 @@ class CommandAuthenticate : public Command
 			if (!cap.ext.get(user))
 				return CMD_FAILURE;
 
+			if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':')
+				return CMD_FAILURE;
+
 			SaslAuthenticator *sasl = authExt.get(user);
 			if (!sasl)
-				authExt.set(user, new SaslAuthenticator(user, parameters[0], creator));
+				authExt.set(user, new SaslAuthenticator(user, parameters[0]));
 			else if (sasl->SendClientMessage(parameters) == false)	// IAL abort extension --nenolod
 			{
 				sasl->AnnounceState();
@@ -208,7 +228,7 @@ class CommandSASL : public Command
 	CmdResult Handle(const std::vector<std::string>& parameters, User *user)
 	{
 		User* target = ServerInstance->FindNick(parameters[1]);
-		if (!target)
+		if ((!target) || (IS_SERVER(target)))
 		{
 			ServerInstance->Logs->Log("m_sasl", DEBUG,"User not found in sasl ENCAP event: %s", parameters[1].c_str());
 			return CMD_FAILURE;
@@ -248,8 +268,8 @@ class ModuleSASL : public Module
 	void init()
 	{
 		OnRehash(NULL);
-		Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash };
-		ServerInstance->Modules->Attach(eventlist, this, 3);
+		Implementation eventlist[] = { I_OnEvent, I_OnUserConnect, I_OnRehash };
+		ServerInstance->Modules->Attach(eventlist, this, sizeof(eventlist)/sizeof(Implementation));
 
 		ServiceProvider* providelist[] = { &auth, &sasl, &authExt };
 		ServerInstance->Modules->AddServices(providelist, 3);
@@ -263,7 +283,7 @@ class ModuleSASL : public Module
 		sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*");
 	}
 
-	ModResult OnUserRegister(LocalUser *user)
+	void OnUserConnect(LocalUser *user)
 	{
 		SaslAuthenticator *sasl_ = authExt.get(user);
 		if (sasl_)
@@ -271,13 +291,11 @@ class ModuleSASL : public Module
 			sasl_->Abort();
 			authExt.unset(user);
 		}
-
-		return MOD_RES_PASSTHRU;
 	}
 
 	Version GetVersion()
 	{
-		return Version("Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE.",VF_VENDOR);
+		return Version("Provides support for IRC Authentication Layer (aka: SASL) via AUTHENTICATE.", VF_VENDOR);
 	}
 
 	void OnEvent(Event &ev)