underchat
/
ircu2
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ircu2/ircd/m_authenticate.c

256 lines
8.6 KiB
C
Raw Blame History

/*
* IRC - Internet Relay Chat, ircd/m_authenticate.c
* Copyright (C) 2013 Matthew Beeching (Jobe)
* Copyright (C) 1990 Jarkko Oikarinen and
* University of Oulu, Computing Center
*
* See file AUTHORS in IRC package for additional names of
* the programmers.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 1, or (at your option)
* any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*
* $Id:$
*/
/*
* m_functions execute protocol messages on this server:
*
* cptr is always NON-NULL, pointing to a *LOCAL* client
* structure (with an open socket connected!). This
* identifies the physical socket where the message
* originated (or which caused the m_function to be
* executed--some m_functions may call others...).
*
* sptr is the source of the message, defined by the
* prefix part of the message if present. If not
* or prefix not found, then sptr==cptr.
*
* (!IsServer(cptr)) => (cptr == sptr), because
* prefixes are taken *only* from servers...
*
* (IsServer(cptr))
* (sptr == cptr) => the message didn't
* have the prefix.
*
* (sptr != cptr && IsServer(sptr) means
* the prefix specified servername. (?)
*
* (sptr != cptr && !IsServer(sptr) means
* that message originated from a remote
* user (not local).
*
* combining
*
* (!IsServer(sptr)) means that, sptr can safely
* taken as defining the target structure of the
* message in this server.
*
* *Always* true (if 'parse' and others are working correct):
*
* 1) sptr->from == cptr (note: cptr->from == cptr)
*
* 2) MyConnect(sptr) <=> sptr == cptr (e.g. sptr
* *cannot* be a local connection, unless it's
* actually cptr!). [MyConnect(x) should probably
* be defined as (x == x->from) --msa ]
*
* parc number of variable parameter strings (if zero,
* parv is allowed to be NULL)
*
* parv a NULL terminated list of parameter pointers,
*
* parv[0], sender (prefix string), if not present
* this points to an empty string.
* parv[1]...parv[parc-1]
* pointers to additional parameters
* parv[parc] == NULL, *always*
*
* note: it is guaranteed that parv[0]..parv[parc-1] are all
* non-NULL pointers.
*/
#include "config.h"
#include "client.h"
#include "ircd.h"
#include "ircd_features.h"
#include "ircd_log.h"
#include "ircd_reply.h"
#include "ircd_string.h"
#include "ircd_snprintf.h"
#include "msg.h"
#include "numeric.h"
#include "numnicks.h"
#include "random.h"
#include "send.h"
#include "s_auth.h"
#include "s_misc.h"
#include "s_user.h"
/* #include <assert.h> -- Now using assert in ircd_log.h */
static void sasl_timeout_callback(struct Event* ev);
int m_authenticate(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
{
struct Client* acptr;
int first = 0;
char realhost[HOSTLEN + 3];
char *hoststr = (cli_sockhost(cptr) ? cli_sockhost(cptr) : cli_sock_ip(cptr));
if (!CapActive(cptr, CAP_SASL))
return 0;
if (parc < 2) /* have enough parameters? */
return need_more_params(cptr, "AUTHENTICATE");
if (strlen(parv[1]) > 400)
return send_reply(cptr, ERR_SASLTOOLONG);
if (IsSASLComplete(cptr))
return send_reply(cptr, ERR_SASLALREADY);
/* Check if IAuth handles SASL */
if (auth_iauth_handles_sasl()) {
/* Route SASL to IAuth */
if (!cli_saslcookie(cptr)) {
do {
cli_saslcookie(cptr) = ircrandom() & 0x7fffffff;
} while (!cli_saslcookie(cptr));
first = 1;
}
if (strchr(hoststr, ':') != NULL)
ircd_snprintf(0, realhost, sizeof(realhost), "[%s]", hoststr);
else
ircd_strncpy(realhost, hoststr, sizeof(realhost));
if (first) {
if (*parv[1] == ':' || strchr(parv[1], ' '))
return exit_client(cptr, sptr, sptr, "Malformed AUTHENTICATE");
/* Send SASL start to IAuth */
auth_send_sasl_start(cptr, parv[1], cli_sslclifp(cptr));
/* Send host info if configured */
if (feature_bool(FEAT_SASL_SENDHOST))
auth_send_sasl_host(cptr, cli_username(cptr), realhost, cli_sock_ip(cptr));
} else {
/* Send SASL continuation data to IAuth */
auth_send_sasl_data(cptr, parv[1]);
}
if (!t_active(&cli_sasltimeout(cptr)))
timer_add(timer_init(&cli_sasltimeout(cptr)), sasl_timeout_callback, (void*) cptr,
TT_RELATIVE, feature_int(FEAT_SASL_TIMEOUT));
return 0;
}
/* Original code: route SASL to services via P10 */
/* Look up the target server */
if (!(acptr = cli_saslagent(cptr))) {
if (strcmp(feature_str(FEAT_SASL_SERVER), "*"))
acptr = find_match_server((char *)feature_str(FEAT_SASL_SERVER));
else
acptr = NULL;
}
if (!acptr && strcmp(feature_str(FEAT_SASL_SERVER), "*"))
return send_reply(cptr, ERR_SASLFAIL, ": service unavailable");
/* If it's to us, do nothing; otherwise, forward the query */
if (acptr && IsMe(acptr))
return 0;
/* Generate an SASL session cookie if not already generated */
if (!cli_saslcookie(cptr)) {
do {
cli_saslcookie(cptr) = ircrandom() & 0x7fffffff;
} while (!cli_saslcookie(cptr));
first = 1;
}
if (strchr(hoststr, ':') != NULL)
ircd_snprintf(0, realhost, sizeof(realhost), "[%s]", hoststr);
else
ircd_strncpy(realhost, hoststr, sizeof(realhost));
if (acptr) {
if (first) {
if (*parv[1] == ':' || strchr(parv[1], ' '))
return exit_client(cptr, sptr, sptr, "Malformed AUTHENTICATE");
if (!EmptyString(cli_sslclifp(cptr)))
sendcmdto_one(&me, CMD_SASL, acptr, "%C %C!%u.%u S %s :%s", acptr, &me,
cli_fd(cptr), cli_saslcookie(cptr),
parv[1], cli_sslclifp(cptr));
else
sendcmdto_one(&me, CMD_SASL, acptr, "%C %C!%u.%u S :%s", acptr, &me,
cli_fd(cptr), cli_saslcookie(cptr), parv[1]);
if (feature_bool(FEAT_SASL_SENDHOST))
sendcmdto_one(&me, CMD_SASL, acptr, "%C %C!%u.%u H :%s@%s:%s", acptr, &me,
cli_fd(cptr), cli_saslcookie(cptr), cli_username(cptr),
realhost, cli_sock_ip(cptr));
} else {
sendcmdto_one(&me, CMD_SASL, acptr, "%C %C!%u.%u C :%s", acptr, &me,
cli_fd(cptr), cli_saslcookie(cptr), parv[1]);
}
} else {
if (first) {
if (*parv[1] == ':' || strchr(parv[1], ' '))
return exit_client(cptr, sptr, sptr, "Malformed AUTHENTICATE");
if (!EmptyString(cli_sslclifp(cptr)))
sendcmdto_serv_butone(&me, CMD_SASL, cptr, "* %C!%u.%u S %s :%s", &me,
cli_fd(cptr), cli_saslcookie(cptr),
parv[1], cli_sslclifp(cptr));
else
sendcmdto_serv_butone(&me, CMD_SASL, cptr, "* %C!%u.%u S :%s", &me,
cli_fd(cptr), cli_saslcookie(cptr), parv[1]);
if (feature_bool(FEAT_SASL_SENDHOST))
sendcmdto_serv_butone(&me, CMD_SASL, cptr, "* %C!%u.%u H :%s@%s:%s", &me,
cli_fd(cptr), cli_saslcookie(cptr), cli_username(cptr),
realhost, cli_sock_ip(cptr));
} else {
sendcmdto_serv_butone(&me, CMD_SASL, cptr, "* %C!%u.%u C :%s", &me,
cli_fd(cptr), cli_saslcookie(cptr), parv[1]);
}
}
if (!t_active(&cli_sasltimeout(cptr)))
timer_add(timer_init(&cli_sasltimeout(cptr)), sasl_timeout_callback, (void*) cptr,
TT_RELATIVE, feature_int(FEAT_SASL_TIMEOUT));
return 0;
}
/** Timeout a given SASL auth request.
* @param[in] ev A timer event whose associated data is the expired
* struct AuthRequest.
*/
static void sasl_timeout_callback(struct Event* ev)
{
struct Client *cptr;
assert(0 != ev_timer(ev));
assert(0 != t_data(ev_timer(ev)));
if (ev_type(ev) == ET_EXPIRE) {
cptr = (struct Client*) t_data(ev_timer(ev));
abort_sasl(cptr, 1);
}
}
Reference in New Issue View Git Blame Copy Permalink