X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sasl.cpp;h=9f7e1527bc78e6c4b46775efaca6b27b2cc412ad;hb=f471083cd0519d47c7c7a09029813ede41994f7b;hp=a38ed1a1bed21b1f5196870d055e64dd022c24f0;hpb=33691d74dfb8b110c3c4247321fdc628bf680608;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index a38ed1a1b..9f7e1527b 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -23,11 +23,114 @@ #include "modules/account.h" #include "modules/sasl.h" #include "modules/ssl.h" +#include "modules/spanningtree.h" + +static std::string sasl_target; + +class ServerTracker : public SpanningTreeEventListener +{ + bool online; + + void Update(const Server* server, bool linked) + { + if (sasl_target == "*") + return; + + if (InspIRCd::Match(server->GetName(), sasl_target)) + { + ServerInstance->Logs->Log(MODNAME, LOG_VERBOSE, "SASL target server \"%s\" %s", sasl_target.c_str(), (linked ? "came online" : "went offline")); + online = linked; + } + } + + void OnServerLink(const Server* server) CXX11_OVERRIDE + { + Update(server, true); + } + + void OnServerSplit(const Server* server) CXX11_OVERRIDE + { + Update(server, false); + } + + public: + ServerTracker(Module* mod) + : SpanningTreeEventListener(mod) + { + Reset(); + } + + void Reset() + { + if (sasl_target == "*") + { + online = true; + return; + } + + online = false; + + ProtocolInterface::ServerList servers; + ServerInstance->PI->GetServerList(servers); + for (ProtocolInterface::ServerList::const_iterator i = servers.begin(); i != servers.end(); ++i) + { + const ProtocolInterface::ServerInfo& server = *i; + if (InspIRCd::Match(server.servername, sasl_target)) + { + online = true; + break; + } + } + } + + bool IsOnline() const { return online; } +}; + +class SASLCap : public Cap::Capability +{ + std::string mechlist; + const ServerTracker& servertracker; + + bool OnRequest(LocalUser* user, bool adding) CXX11_OVERRIDE + { + // Requesting this cap is allowed anytime + if (adding) + return true; + + // But removing it can only be done when unregistered + return (user->registered != REG_ALL); + } + + bool OnList(LocalUser* user) CXX11_OVERRIDE + { + return servertracker.IsOnline(); + } + + const std::string* GetValue(LocalUser* user) const CXX11_OVERRIDE + { + return &mechlist; + } + + public: + SASLCap(Module* mod, const ServerTracker& tracker) + : Cap::Capability(mod, "sasl") + , servertracker(tracker) + { + } + + void SetMechlist(const std::string& newmechlist) + { + if (mechlist == newmechlist) + return; + + mechlist = newmechlist; + NotifyValueChange(); + } +}; enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE }; enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT }; -static std::string sasl_target = "*"; static Events::ModuleEventProvider* saslevprov; static void SendSASL(const parameterlist& params) @@ -50,10 +153,63 @@ class SaslAuthenticator SaslResult result; bool state_announced; + /* taken from m_services_account */ + static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out) + { + ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname); + if (!wiext) + return false; + + if (wiext->creator->ModuleSourceFile != "m_cgiirc.so") + return false; + + StringExtItem* stringext = static_cast(wiext); + std::string* addr = stringext->get(user); + if (!addr) + return false; + + out = *addr; + return true; + } + + + void SendHostIP() + { + std::string host, ip; + + if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host)) + { + host = user->host; + } + if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip)) + { + ip = user->GetIPString(); + } + else + { + /* IP addresses starting with a : on irc are a Bad Thing (tm) */ + if (ip.c_str()[0] == ':') + ip.insert(ip.begin(),1,'0'); + } + + parameterlist params; + params.push_back(sasl_target); + params.push_back("SASL"); + params.push_back(user->uuid); + params.push_back("*"); + params.push_back("H"); + params.push_back(host); + params.push_back(ip); + + SendSASL(params); + } + public: SaslAuthenticator(User* user_, const std::string& method) : user(user_), state(SASL_INIT), state_announced(false) { + SendHostIP(); + parameterlist params; params.push_back(user->uuid); params.push_back("*"); @@ -107,7 +263,7 @@ class SaslAuthenticator this->result = this->GetSaslResult(msg[3]); } else if (msg[2] == "M") - this->user->WriteNumeric(908, "%s %s :are available SASL mechanisms", this->user->nick.c_str(), msg[3].c_str()); + this->user->WriteNumeric(908, msg[3], "are available SASL mechanisms"); else ServerInstance->Logs->Log(MODNAME, LOG_DEFAULT, "Services sent an unknown SASL message \"%s\" \"%s\"", msg[2].c_str(), msg[3].c_str()); @@ -142,7 +298,7 @@ class SaslAuthenticator SendSASL(params); - if (parameters[0][0] == '*') + if (parameters[0].c_str()[0] == '*') { this->Abort(); return false; @@ -159,13 +315,13 @@ class SaslAuthenticator switch (this->result) { case SASL_OK: - this->user->WriteNumeric(903, ":SASL authentication successful"); + this->user->WriteNumeric(903, "SASL authentication successful"); break; case SASL_ABORT: - this->user->WriteNumeric(906, ":SASL authentication aborted"); + this->user->WriteNumeric(906, "SASL authentication aborted"); break; case SASL_FAIL: - this->user->WriteNumeric(904, ":SASL authentication failed"); + this->user->WriteNumeric(904, "SASL authentication failed"); break; default: break; @@ -179,19 +335,21 @@ class CommandAuthenticate : public Command { public: SimpleExtItem& authExt; - GenericCap& cap; - CommandAuthenticate(Module* Creator, SimpleExtItem& ext, GenericCap& Cap) + Cap::Capability& cap; + CommandAuthenticate(Module* Creator, SimpleExtItem& ext, Cap::Capability& Cap) : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap) { works_before_reg = true; + allow_empty_last_param = false; } CmdResult Handle (const std::vector& parameters, User *user) { - /* Only allow AUTHENTICATE on unregistered clients */ - if (user->registered != REG_ALL) { - if (!cap.ext.get(user)) + if (!cap.get(user)) + return CMD_FAILURE; + + if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') return CMD_FAILURE; SaslAuthenticator *sasl = authExt.get(user); @@ -219,7 +377,7 @@ class CommandSASL : public Command CmdResult Handle(const std::vector& parameters, User *user) { User* target = ServerInstance->FindUUID(parameters[1]); - if ((!target) || (IS_SERVER(target))) + if (!target) { ServerInstance->Logs->Log(MODNAME, LOG_DEBUG, "User not found in sasl ENCAP event: %s", parameters[1].c_str()); return CMD_FAILURE; @@ -247,7 +405,8 @@ class CommandSASL : public Command class ModuleSASL : public Module { SimpleExtItem authExt; - GenericCap cap; + ServerTracker servertracker; + SASLCap cap; CommandAuthenticate auth; CommandSASL sasl; Events::ModuleEventProvider sasleventprov; @@ -255,7 +414,8 @@ class ModuleSASL : public Module public: ModuleSASL() : authExt("sasl_auth", ExtensionItem::EXT_USER, this) - , cap(this, "sasl") + , servertracker(this) + , cap(this, servertracker) , auth(this, authExt, cap) , sasl(this, authExt) , sasleventprov(this, "event/sasl") @@ -272,9 +432,10 @@ class ModuleSASL : public Module void ReadConfig(ConfigStatus& status) CXX11_OVERRIDE { sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*"); + servertracker.Reset(); } - ModResult OnUserRegister(LocalUser *user) CXX11_OVERRIDE + void OnUserConnect(LocalUser *user) CXX11_OVERRIDE { SaslAuthenticator *sasl_ = authExt.get(user); if (sasl_) @@ -282,8 +443,12 @@ class ModuleSASL : public Module sasl_->Abort(); authExt.unset(user); } + } - return MOD_RES_PASSTHRU; + void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE + { + if ((target == NULL) && (extname == "saslmechlist")) + cap.SetMechlist(extdata); } Version GetVersion() CXX11_OVERRIDE