Added SASL over IAuthd

configure.ac

@@ -41,8 +41,8 @@ ac_default_prefix=$unet_cv_prefix
 dnl Define the input and output configuration header file.
 AC_CONFIG_HEADERS([config.h])
 
-dnl Demand at least version 2.72 of autoconf (for AS_HELP_STRING)
-AC_PREREQ([2.72])
+dnl Demand at least version 2.71 of autoconf (for AS_HELP_STRING)
+AC_PREREQ([2.71])
 
 dnl Find out what type of system we are
 AC_CANONICAL_HOST

include/capab.h

@@ -42,7 +42,8 @@
 	_CAP(CHGHOST, FEAT_CAP_CHGHOST, 0, "chghost"), \
 	_CAP(ECHOMESSAGE, FEAT_CAP_ECHOMESSAGE, 0, "echo-message"), \
 	_CAP(EXTJOIN, FEAT_CAP_EXTJOIN, 0, "extended-join"), \
-	_CAP(INVITENOTIFY, FEAT_CAP_INVITENOTIFY, 0, "invite-notify")
+	_CAP(INVITENOTIFY, FEAT_CAP_INVITENOTIFY, 0, "invite-notify"), \
+	_CAP(SASL, FEAT_CAP_SASL, 0, "sasl")
 
 /** Client capabilities, counting by index. */
 enum Capab {

include/client.h

@@ -256,6 +256,7 @@ struct Client {
   time_t         cli_firsttime;   /**< time client was created */
   time_t         cli_lastnick;    /**< TimeStamp on nick */
   int            cli_marker;      /**< /who processing marker */
+  int  			 cli_sasl;        /**< Client uses sasl */
   struct Flags   cli_flags;       /**< client flags */
   unsigned int   cli_hopcount;    /**< number of servers to this 0 = local */
   struct irc_in_addr cli_ip;      /**< Real IP of client */

include/handlers.h

@@ -124,6 +124,8 @@ extern int m_proto(struct Client*, struct Client*, int, char*[]);
 extern int m_pseudo(struct Client*, struct Client*, int, char*[]);
 extern int m_quit(struct Client*, struct Client*, int, char*[]);
 extern int m_registered(struct Client*, struct Client*, int, char*[]);
+extern int m_sasl(struct Client*, struct Client*, int, char*[]);
+extern int mr_sasl(struct Client*, struct Client*, int, char*[]);
 extern int m_silence(struct Client*, struct Client*, int, char*[]);
 extern int m_stats(struct Client*, struct Client*, int, char*[]);
 extern int m_time(struct Client*, struct Client*, int, char*[]);

include/ircd_features.h

@@ -111,6 +111,7 @@ enum Feature {
   FEAT_CAP_ECHOMESSAGE,
   FEAT_CAP_EXTJOIN,
   FEAT_CAP_INVITENOTIFY,
+  FEAT_CAP_SASL,
 
   /* HEAD_IN_SAND Features */
   FEAT_HIS_SNOTICES,

include/msg.h

@@ -376,6 +376,10 @@ struct Client;
 #define TOK_CHGHOST		"CHGHOST"
 #define CMD_CHGHOST		MSG_CHGHOST, TOK_CHGHOST
 
+#define MSG_AUTHENTICATE	"AUTHENTICATE"
+#define TOK_AUTHENTICATE	"AUTHENTICATE"
+#define CMD_AUTHENTICATE	MSG_AUTHENTICATE, TOK_AUTHENTICATE
+
 /*
  * Constants
  */

include/numeric.h

@@ -468,7 +468,17 @@ extern const struct Numeric* get_error_numeric(int err);
 /*      ERR_NOMANAGER_LONG   565	no longer used */
 #define ERR_NOMANAGER        566	/* Undernet extension */
 #define ERR_UPASS_SAME_APASS 567        /* Undernet extension */
-#define ERR_LASTERROR        568
+#define RPL_LOGGEDIN         900    /* IRCv3 */
+#define RPL_LOGGEDOUT        901    /* IRCv3 */
+#define ERR_NICKLOCKED       902    /* IRCv3 */
+#define RPL_SASLSUCCESS      903    /* IRCv3 */
+#define ERR_SASLFAIL         904    /* IRCv3 */
+#define ERR_SASLTOOLONG      905    /* IRCv3 */
+#define ERR_SASLABORTED      906    /* IRCv3 */
+#define ERR_SASLALREADY      907    /* IRCv3 */
+#define RPL_SASLMECHS        908
+#define ERR_CANNOTCHANGECHANMODE 974    /* IRCv3 */
+#define ERR_LASTERROR        999
 
 /*	RPL_LOGON	     600	dalnet,unreal
 	RPL_LOGOFF           601	dalnet,unreal

include/s_auth.h

@@ -50,6 +50,7 @@ extern void auth_send_xreply(struct Client *sptr, const char *routing, const cha
 extern void auth_mark_closing(void);
 extern void auth_close_unused(void);
 extern void auth_cancel_iauth_stats(struct Client *cptr);
+extern int auth_set_sasl(struct AuthRequest *auth, const char *crypt);
 extern void report_iauth_conf(struct Client *cptr, const struct StatDesc *sd, char *param);
 extern void report_iauth_stats(struct Client *cptr, const struct StatDesc *sd, char *param);
 

ircd/Makefile.in

@@ -164,6 +164,7 @@ IRCD_SRC = \
 	m_restart.c \
 	m_rping.c \
 	m_rpong.c \
+	m_sasl.c \
 	m_server.c \
 	m_set.c \
 	m_settime.c \

ircd/ircd_features.c

@@ -376,6 +376,7 @@ static struct FeatureDesc {
   F_B(CAP_ECHOMESSAGE, 0, 1, 0),
   F_B(CAP_EXTJOIN, 0, 1, 0),
   F_B(CAP_INVITENOTIFY, 0, 1, 0),
+  F_B(CAP_SASL, 0, 1, 0), 
 
   /* HEAD_IN_SAND Features */
   F_B(HIS_SNOTICES, 0, 1, 0),

ircd/m_sasl.c

@@ -0,0 +1,135 @@
+/*
+ * IRC - Internet Relay Chat, ircd/m_sasl.c
+ * Copyright (C) 2002 Alex Badea <vampire@p16.pub.ro>
+ *
+ * See file AUTHORS in IRC package for additional names of
+ * the programmers.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 1, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * $Id$
+ */
+
+/*
+ * m_functions execute protocol messages on this server:
+ *
+ *    cptr    is always NON-NULL, pointing to a *LOCAL* client
+ *            structure (with an open socket connected!). This
+ *            identifies the physical socket where the message
+ *            originated (or which caused the m_function to be
+ *            executed--some m_functions may call others...).
+ *
+ *    sptr    is the source of the message, defined by the
+ *            prefix part of the message if present. If not
+ *            or prefix not found, then sptr==cptr.
+ *
+ *            (!IsServer(cptr)) => (cptr == sptr), because
+ *            prefixes are taken *only* from servers...
+ *
+ *            (IsServer(cptr))
+ *                    (sptr == cptr) => the message didn't
+ *                    have the prefix.
+ *
+ *                    (sptr != cptr && IsServer(sptr) means
+ *                    the prefix specified servername. (?)
+ *
+ *                    (sptr != cptr && !IsServer(sptr) means
+ *                    that message originated from a remote
+ *                    user (not local).
+ *
+ *            combining
+ *
+ *            (!IsServer(sptr)) means that, sptr can safely
+ *            taken as defining the target structure of the
+ *            message in this server.
+ *
+ *    *Always* true (if 'parse' and others are working correct):
+ *
+ *    1)      sptr->from == cptr  (note: cptr->from == cptr)
+ *
+ *    2)      MyConnect(sptr) <=> sptr == cptr (e.g. sptr
+ *            *cannot* be a local connection, unless it's
+ *            actually cptr!). [MyConnect(x) should probably
+ *            be defined as (x == x->from) --msa ]
+ *
+ *    parc    number of variable parameter strings (if zero,
+ *            parv is allowed to be NULL)
+ *
+ *    parv    a NULL terminated list of parameter pointers,
+ *
+ *                    parv[0], sender (prefix string), if not present
+ *                            this points to an empty string.
+ *                    parv[1]...parv[parc-1]
+ *                            pointers to additional parameters
+ *                    parv[parc] == NULL, *always*
+ *
+ *            note:   it is guaranteed that parv[0]..parv[parc-1] are all
+ *                    non-NULL pointers.
+ */
+#include "config.h"
+
+#include "client.h"
+#include "hash.h"
+#include "ircd.h"
+#include "ircd_alloc.h"
+#include "ircd_features.h"
+#include "ircd_log.h"
+#include "ircd_relay.h"
+#include "ircd_reply.h"
+#include "ircd_string.h"
+#include "ircd_snprintf.h"
+#include "list.h"
+#include "msg.h"
+#include "numeric.h"
+#include "numnicks.h"
+#include "send.h"
+#include "s_auth.h"
+#include "s_conf.h"
+#include "s_misc.h"
+#include "s_user.h"
+
+/* #include <assert.h> -- Now using assert in ircd_log.h */
+#include <stdlib.h>
+#include <stdio.h>
+#include <stddef.h>
+
+/*
+ * m_sasl - client message handler (for unregistered clients)
+ */
+int m_sasl(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
+{
+    if (parc < 2 || *parv[1] == '\0') {
+        return need_more_params(sptr, "AUTHENTICATE");
+    }
+    if (!cli_auth(cptr)) {
+        send_reply(sptr, ERR_SASLFAIL);
+        return 0;
+    }
+    int result = auth_set_sasl(cli_auth(cptr), parv[1]);
+    if (result < 0) {
+        send_reply(sptr, ERR_SASLFAIL);
+        return 0;
+    }
+    return 0;
+}
+
+/*
+ * mr_sasl - registered client message handler
+ * Returns ERR_SASLALREADY if client is already registered
+ */
+int mr_sasl(struct Client* cptr, struct Client* sptr, int parc, char* parv[])
+{
+    return send_reply(sptr, ERR_SASLALREADY);
+}

ircd/parse.c

@@ -658,6 +658,13 @@ struct Message msgtab[] = {
     /* UNREG, CLIENT, SERVER, OPER, SERVICE */
     { m_quit, m_ignore, m_ignore, m_ignore, m_ignore }
   },
+  {
+    MSG_AUTHENTICATE,
+    TOK_AUTHENTICATE,
+    0, MAXPARA, 0, 0, NULL,
+    /* UNREG, CLIENT, SERVER, OPER, SERVICE */
+    { m_sasl, mr_sasl, m_ignore, m_ignore, m_ignore }
+  }, 
   { 0 }
 };
 

ircd/s_auth.c

@@ -771,6 +771,19 @@ static char* check_ident_reply(char* reply)
   return token;
 }
 
+/** Handle SASL
+*/
+int auth_set_sasl(struct AuthRequest *auth, const char *crypt)
+{
+  assert(auth != NULL);
+  if(CapHas(cli_active(auth->client), CAP_SASL)) {
+    if (!sendto_iauth(auth->client, "Y %s", crypt)) {
+      return -1;
+    }
+  }
+  return 0;
+}
+
 /** Read the reply (if any) from the ident server we connected to.  We
  * only give it one shot, if the reply isn't good the first time fail
  * the authentication entirely. --Bleep
@@ -1887,6 +1900,81 @@ static int iauth_cmd_username_forced(struct IAuth *iauth, struct Client *cli,
   return AR_AUTH_PENDING;
 }
 
+/** Accept a client in IAuth and assign them to an account.
+ * @param[in] iauth Active IAuth session.
+ * @param[in] cli Client referenced by command.
+ * @param[in] parc Number of parameters.
+ * @param[in] params Account name and optional class name for client.
+ * @return Non-zero if \a cli authorization should be checked for completion.
+ */
+static int iauth_cmd_sasl(struct IAuth *iauth, struct Client *cli,
+                          int parc, char **params)
+{
+  enum { CMD_IDX = 0, NICK_IDX = 1, ACCOUNT_IDX = 2, TS_IDX = 4, ID_IDX = 3 };
+  assert(cli_auth(cli) != NULL);
+
+  if (parc < 1 || EmptyString(params[CMD_IDX])) {
+    send_reply(cli, ERR_SASLFAIL);
+    return 0;
+  }
+
+  const char *cmd = params[CMD_IDX];
+
+  if (!ircd_strcmp(cmd, "Q")) {
+    if (parc > NICK_IDX && !EmptyString(params[NICK_IDX]))
+      sendcmdto_one(&me, CMD_AUTHENTICATE, cli, params[NICK_IDX]);
+    else
+      send_reply(cli, ERR_SASLFAIL);
+  }
+  else if (!ircd_strcmp(cmd, "O")) {
+    send_reply(cli, ERR_SASLABORTED);
+  }
+  else if (!ircd_strcmp(cmd, "M")) {
+    if (parc > NICK_IDX)
+      send_reply(cli, RPL_SASLMECHS, params[parc - 1]);
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  else if (!ircd_strcmp(cmd, "S")) {
+    if (parc <= ID_IDX || EmptyString(params[TS_IDX]) || EmptyString(params[ID_IDX])) {
+      send_reply(cli, ERR_SASLFAIL);
+      return 0;
+    }
+    const char *nick = params[NICK_IDX];
+    const char *account = params[ACCOUNT_IDX];
+    const char *flags = params[TS_IDX];
+    const char *id = params[ID_IDX];
+
+    ircd_strncpy(cli_user(cli)->account, account, ACCOUNTLEN);
+    cli_user(cli)->acc_flags = atoi(flags);
+    cli_user(cli)->acc_id = atoi(id);
+    SetAccount(cli);
+    send_reply(cli, RPL_LOGGEDIN, cli, cli_name(cli), account);
+    send_reply(cli, RPL_SASLSUCCESS);
+
+    /* Clear iauth pending flag and continue registration */
+    FlagClr(&cli_auth(cli)->flags, AR_IAUTH_PENDING);
+  }
+  else if (!ircd_strcmp(cmd, "N")) {
+    send_reply(cli, ERR_NICKLOCKED);
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  else if (!ircd_strcmp(cmd, "L")) {
+    send_reply(cli, ERR_SASLTOOLONG);
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  else if (!ircd_strcmp(cmd, "A")) {
+    send_reply(cli, ERR_SASLALREADY);
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  else if (!ircd_strcmp(cmd, "F")) {
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  else {
+    send_reply(cli, ERR_SASLFAIL);
+  }
+  return 0;
+}
+
 /** Set client's username to a trusted string.
  * @param[in] iauth Active IAuth session.
  * @param[in] cli Client referenced by command.
@@ -2281,6 +2369,7 @@ static void iauth_parse(struct IAuth *iauth, char *message)
   case 's': handler = iauth_cmd_newstats; has_cli = 0; break;
   case 'S': handler = iauth_cmd_stats; has_cli = 0; break;
   case 'X': handler = iauth_cmd_xquery; has_cli = 0; break;
+  case 'Y': handler = iauth_cmd_sasl; has_cli = 1; break;
   case 'o': handler = iauth_cmd_username_forced; has_cli = 1; break;
   case 'U': handler = iauth_cmd_username_good; has_cli = 1; break;
   case 'u': handler = iauth_cmd_username_bad; has_cli = 1; break;