X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sasl.cpp;h=9813ba6b52762351c948c0c702c2a1c3ec667ced;hb=cf5d382b822cecd54fdbc77e4c1c4de8a8aa3c35;hp=480f8f6db0d0ebc2ee559a80b705ae77417e6f8c;hpb=b2ac8cc0a6405946a388b80df3be21bc276a61f3;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 480f8f6db..9813ba6b5 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -37,7 +37,8 @@ enum static std::string sasl_target; -class ServerTracker : public ServerEventListener +class ServerTracker + : public ServerProtocol::LinkEventListener { bool online; @@ -58,14 +59,14 @@ class ServerTracker : public ServerEventListener Update(server, true); } - void OnServerSplit(const Server* server) CXX11_OVERRIDE + void OnServerSplit(const Server* server, bool error) CXX11_OVERRIDE { Update(server, false); } public: ServerTracker(Module* mod) - : ServerEventListener(mod) + : ServerProtocol::LinkEventListener(mod) { Reset(); } @@ -103,16 +104,15 @@ class SASLCap : public Cap::Capability bool OnRequest(LocalUser* user, bool adding) CXX11_OVERRIDE { - // Requesting this cap is allowed anytime - if (adding) - return true; - - // But removing it can only be done when unregistered - return (user->registered != REG_ALL); + // Servers MUST NAK any sasl capability request if the authentication layer + // is unavailable. + return servertracker.IsOnline(); } bool OnList(LocalUser* user) CXX11_OVERRIDE { + // Servers MUST NOT advertise the sasl capability if the authentication layer + // is unavailable. return servertracker.IsOnline(); } @@ -171,26 +171,28 @@ class SaslAuthenticator SaslResult result; bool state_announced; - void SendHostIP() + void SendHostIP(UserCertificateAPI& sslapi) { std::vector params; params.push_back(user->GetRealHost()); params.push_back(user->GetIPString()); - params.push_back(SSLIOHook::IsSSL(&user->eh) ? "S" : "P"); + params.push_back(sslapi && sslapi->GetCertificate(user) ? "S" : "P"); SendSASL(user, "*", 'H', params); } public: - SaslAuthenticator(LocalUser* user_, const std::string& method) - : user(user_), state(SASL_INIT), state_announced(false) + SaslAuthenticator(LocalUser* user_, const std::string& method, UserCertificateAPI& sslapi) + : user(user_) + , state(SASL_INIT) + , state_announced(false) { - SendHostIP(); + SendHostIP(sslapi); std::vector params; params.push_back(method); - const std::string fp = SSLClientCert::GetFingerprint(&user->eh); + const std::string fp = sslapi ? sslapi->GetFingerprint(user) : ""; if (fp.size()) params.push_back(fp); @@ -282,7 +284,7 @@ class SaslAuthenticator case SASL_OK: this->user->WriteNumeric(RPL_SASLSUCCESS, "SASL authentication successful"); break; - case SASL_ABORT: + case SASL_ABORT: this->user->WriteNumeric(ERR_SASLABORTED, "SASL authentication aborted"); break; case SASL_FAIL: @@ -305,10 +307,13 @@ class CommandAuthenticate : public SplitCommand public: SimpleExtItem& authExt; Cap::Capability& cap; + UserCertificateAPI sslapi; + CommandAuthenticate(Module* Creator, SimpleExtItem& ext, Cap::Capability& Cap) : SplitCommand(Creator, "AUTHENTICATE", 1) , authExt(ext) , cap(Cap) + , sslapi(Creator) { works_before_reg = true; allow_empty_last_param = false; @@ -331,7 +336,7 @@ class CommandAuthenticate : public SplitCommand SaslAuthenticator *sasl = authExt.get(user); if (!sasl) - authExt.set(user, new SaslAuthenticator(user, parameters[0])); + authExt.set(user, new SaslAuthenticator(user, parameters[0], sslapi)); else if (sasl->SendClientMessage(parameters) == false) // IAL abort extension --nenolod { sasl->AnnounceState(); @@ -427,7 +432,7 @@ class ModuleSASL : public Module Version GetVersion() CXX11_OVERRIDE { - return Version("Provides support for IRC Authentication Layer (aka: SASL) via AUTHENTICATE.", VF_VENDOR); + return Version("Provides support for IRC Authentication Layer (aka: SASL) via AUTHENTICATE", VF_VENDOR); } };