Feature/iauthverify

doc/example.conf

@@ -933,6 +933,7 @@ features
 #  "HIS_TRACE" = "TRUE";
 #  "HIS_STATS_a" = "TRUE";
 #  "HIS_STATS_c" = "TRUE";
+#  "HIS_STATS_C" = "TRUE";
 #  "HIS_STATS_d" = "TRUE";
 #  "HIS_STATS_e" = "TRUE";
 #  "HIS_STATS_f" = "TRUE";

include/capab.h

@@ -31,18 +31,23 @@
 #include "ircd_features.h"
 #endif
 
-#define CAPFL_HIDDEN    0x0001	/**< Do not advertize this capability */
-#define CAPFL_PROHIBIT  0x0002	/**< Client may not set this capability */
-#define CAPFL_PROTO     0x0004	/**< Cap must be acknowledged by client */
-#define CAPFL_STICKY    0x0008  /**< Cap may not be cleared once set */
+#define CAPFL_HIDDEN    	0x0001	/**< Do not advertize this capability */
+#define CAPFL_HIDDEN_302   	0x0002	/**< Do not advertize this capability to users supporting LS 302 */
+#define CAPFL_PROHIBIT  	0x0004	/**< Client may not set this capability */
+#define CAPFL_PROTO    		0x0008	/**< Cap must be acknowledged by client */
+#define CAPFL_STICKY		0x0010	/**< Cap may not be cleared once set */
+#define CAPFL_STICKY_302   	0x0020  /**< Cap may not be cleared once set by users supporting LS 302 */
+#define CAPFL_UNAVAILABLE 	(CAPFL_HIDDEN | CAPFL_PROHIBIT)
 
 #define CAPLIST	\
 	_CAP(ACCOUNTNOTIFY, FEAT_CAP_ACCOUNTNOTIFY, 0, "account-notify"), \
 	_CAP(AWAYNOTIFY, FEAT_CAP_AWAYNOTIFY, 0 , "away-notify"), \
 	_CAP(CHGHOST, FEAT_CAP_CHGHOST, 0, "chghost"), \
 	_CAP(ECHOMESSAGE, FEAT_CAP_ECHOMESSAGE, 0, "echo-message"), \
 	_CAP(EXTJOIN, FEAT_CAP_EXTJOIN, 0, "extended-join"), \
-	_CAP(INVITENOTIFY, FEAT_CAP_INVITENOTIFY, 0, "invite-notify")
+	_CAP(INVITENOTIFY, FEAT_CAP_INVITENOTIFY, 0, "invite-notify"), \
+	_CAP(CAPNOTIFY, 0, CAPFL_HIDDEN_302 | CAPFL_STICKY_302, "cap-notify"), \
+	_CAP(SASL, FEAT_CAP_SASL, CAPFL_UNAVAILABLE, "sasl")
 
 /** Client capabilities, counting by index. */
 enum Capab {
@@ -64,4 +69,16 @@ enum CapabBits {
 #define CapSet(cs, cap)	(cs |= cap)
 #define CapClr(cs, cap)	(cs &= ~cap)
 
+/** Set capability value dynamically */
+void cap_set_value(enum Capab cap, const char *value);
+
+/** Update capability availability and send CAP NEW/DEL as needed */
+void cap_update_availability(enum Capab cap, int available);
+
+/** Send CAP NEW to clients with cap-notify capability */
+void cap_new(enum Capab cap);
+
+/** Send CAP DEL to clients with cap-notify capability */
+void cap_del(enum Capab cap);
+
 #endif /* INCLUDED_capab_h */

include/client.h

@@ -161,6 +161,7 @@ enum Flag
     FLAG_LOCOP,                     /**< Local operator -- SRB */
     FLAG_SERVNOTICE,                /**< server notices such as kill */
     FLAG_OPER,                      /**< Operator */
+    FLAG_SASL,                      /**< Authenticated using SASL */
     FLAG_INVISIBLE,                 /**< makes user invisible */
     FLAG_WALLOP,                    /**< send wallops to them */
     FLAG_DEAF,                      /**< Makes user deaf */
@@ -169,6 +170,7 @@ enum Flag
     FLAG_DEBUG,                     /**< send global debug/anti-hack info */
     FLAG_ACCOUNT,                   /**< account name has been set */
     FLAG_HIDDENHOST,                /**< user's host is hidden */
+    FLAG_CAP302,                    /**< client supports IRCv3.2 */
     FLAG_LAST_FLAG,                 /**< number of flags */
     FLAG_LOCAL_UMODES = FLAG_LOCOP, /**< First local mode flag */
     FLAG_GLOBAL_UMODES = FLAG_OPER  /**< First global mode flag */
@@ -236,6 +238,8 @@ struct Connection
   capset_t            con_active;    /**< Active capabilities (to us) */
   struct AuthRequest* con_auth;      /**< Auth request for client */
   const struct wline* con_wline;     /**< WebIRC authorization for client */
+  uint64_t            con_sasl;      /**< SASL session cookie */
+  struct Timer        con_sasl_timer; /**< SASL timeout timer */
 };
 
 /** Magic constant to identify valid Connection structures. */
@@ -387,6 +391,10 @@ struct Client {
 #define cli_wline(cli)          con_wline(cli_connect(cli))
 /** Get sentalong marker for client. */
 #define cli_sentalong(cli)      con_sentalong(cli_connect(cli))
+/** Get SASL session cookie for client. */
+#define cli_sasl(cli)           con_sasl(cli_connect(cli))
+/** Get SASL timeout timer for client. */
+#define cli_sasl_timer(cli)     (&con_sasl_timer(cli_connect(cli)))
 
 /** Verify that a connection is valid. */
 #define con_verify(con)		((con)->con_magic == CONNECTION_MAGIC)
@@ -470,6 +478,10 @@ struct Client {
 #define con_auth(con)		((con)->con_auth)
 /** Get the WebIRC block (if any) used by the connection. */
 #define con_wline(con)          ((con)->con_wline)
+/** Get the SASL session cookie for the connection. */
+#define con_sasl(con)           ((con)->con_sasl)
+/** Get the SASL timeout timer for the connection. */
+#define con_sasl_timer(con)     ((con)->con_sasl_timer)
 
 #define STAT_CONNECTING         0x001 /**< connecting to another server */
 #define STAT_HANDSHAKE          0x002 /**< pass - server sent */

include/handlers.h

@@ -89,6 +89,7 @@ struct Client;
 extern int m_admin(struct Client*, struct Client*, int, char*[]);
 extern int m_away(struct Client*, struct Client*, int, char*[]);
 extern int m_cap(struct Client*, struct Client*, int, char*[]);
+extern int ms_config(struct Client*, struct Client*, int, char*[]);
 extern int m_cnotice(struct Client*, struct Client*, int, char*[]);
 extern int m_cprivmsg(struct Client*, struct Client*, int, char*[]);
 extern int m_gline(struct Client*, struct Client*, int, char*[]);
@@ -124,6 +125,8 @@ extern int m_proto(struct Client*, struct Client*, int, char*[]);
 extern int m_pseudo(struct Client*, struct Client*, int, char*[]);
 extern int m_quit(struct Client*, struct Client*, int, char*[]);
 extern int m_registered(struct Client*, struct Client*, int, char*[]);
+extern int m_sasl(struct Client*, struct Client*, int, char*[]);
+extern int ms_config(struct Client*, struct Client*, int, char*[]);
 extern int m_silence(struct Client*, struct Client*, int, char*[]);
 extern int m_stats(struct Client*, struct Client*, int, char*[]);
 extern int m_time(struct Client*, struct Client*, int, char*[]);

include/ircd_features.h

@@ -111,6 +111,7 @@ enum Feature {
   FEAT_CAP_ECHOMESSAGE,
   FEAT_CAP_EXTJOIN,
   FEAT_CAP_INVITENOTIFY,
+  FEAT_CAP_SASL,
 
   /* HEAD_IN_SAND Features */
   FEAT_HIS_SNOTICES,
@@ -122,6 +123,7 @@ enum Feature {
   FEAT_HIS_TRACE,
   FEAT_HIS_STATS_a,
   FEAT_HIS_STATS_c,
+  FEAT_HIS_STATS_C,
   FEAT_HIS_STATS_d,
   FEAT_HIS_STATS_e,
   FEAT_HIS_STATS_f,
@@ -132,13 +134,14 @@ enum Feature {
   FEAT_HIS_STATS_k,
   FEAT_HIS_STATS_l,
   FEAT_HIS_STATS_L,
-  FEAT_HIS_STATS_M,
   FEAT_HIS_STATS_m,
+  FEAT_HIS_STATS_M,
   FEAT_HIS_STATS_o,
   FEAT_HIS_STATS_p,
   FEAT_HIS_STATS_q,
-  FEAT_HIS_STATS_R,
   FEAT_HIS_STATS_r,
+  FEAT_HIS_STATS_R,
+  FEAT_HIS_STATS_S,
   FEAT_HIS_STATS_t,
   FEAT_HIS_STATS_T,
   FEAT_HIS_STATS_u,

include/ircd_netconf.h

@@ -0,0 +1,79 @@
+/*
+ * IRC - Internet Relay Chat, include/ircd_netconf.h
+ * Copyright (C) 2025 MrIron <mriron@undernet.org>
+ *
+ * See file AUTHORS in IRC package for additional names of
+ * the programmers.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 1, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ */
+
+#ifndef INCLUDED_ircd_netconf_h
+#define INCLUDED_ircd_netconf_h
+
+#include <time.h>
+
+struct Client;
+struct StatDesc;
+
+/** Configuration set return values */
+#define CONFIG_REJECTED      -1  /**< Rejected - older timestamp */
+#define CONFIG_CREATED        0  /**< New entry created */
+#define CONFIG_TIMESTAMP      1  /**< Timestamp updated, same value */
+#define CONFIG_CHANGED        2  /**< Value actually changed */
+
+/** Configuration entry structure */
+struct ConfigEntry {
+  char *key;                /**< Configuration option key */
+  char *value;              /**< Configuration option value */
+  time_t timestamp;         /**< Timestamp when this config was set */
+  struct ConfigEntry *next; /**< Next configuration entry */
+};
+
+/** Configuration change callback function type */
+typedef void (*config_callback_f)(const char *key, const char *old_value, const char *new_value);
+
+/** Configuration callback structure */
+struct ConfigCallback {
+  char *key_prefix;                    /**< Key prefix to match (e.g., "sasl.") */
+  config_callback_f callback;          /**< Callback function */
+  struct ConfigCallback *next;         /**< Next callback */
+};
+
+/** Network configuration options */
+enum NetConf {
+    /* SASL configuration options */
+    NETCONF_SASL_SERVER,
+    NETCONF_SASL_MECHANISMS,
+    NETCONF_SASL_TIMEOUT,
+
+    NETCONF_LAST_NC
+};
+
+/*
+ * Prototypes
+ */
+
+extern int config_set(const char *key, const char *value, time_t timestamp);
+extern const char *config_get(const char *key);
+extern void config_register_callback(const char *key_prefix, config_callback_f callback);
+extern void config_unregister_callback(const char *key_prefix);
+extern void config_burst(struct Client *cptr);
+extern void config_stats(struct Client *sptr, const struct StatDesc *sd, char *param);
+extern int netconf_int(enum NetConf key);
+extern int netconf_bool(enum NetConf key);
+extern const char *netconf_str(enum NetConf key);
+
+#endif /* INCLUDED_ircd_netconf_h */

include/msg.h

@@ -376,6 +376,14 @@ struct Client;
 #define TOK_CHGHOST		"CHGHOST"
 #define CMD_CHGHOST		MSG_CHGHOST, TOK_CHGHOST
 
+#define MSG_AUTHENTICATE	"AUTHENTICATE"
+#define TOK_AUTHENTICATE	"AUTHENTICATE"
+#define CMD_AUTHENTICATE	MSG_AUTHENTICATE, TOK_AUTHENTICATE
+
+#define MSG_CONFIG		"CONFIG"
+#define TOK_CONFIG		"CF"
+#define CMD_CONFIG		MSG_CONFIG, TOK_CONFIG
+
 /*
  * Constants
  */

include/numeric.h

@@ -468,7 +468,6 @@ extern const struct Numeric* get_error_numeric(int err);
 /*      ERR_NOMANAGER_LONG   565	no longer used */
 #define ERR_NOMANAGER        566	/* Undernet extension */
 #define ERR_UPASS_SAME_APASS 567        /* Undernet extension */
-#define ERR_LASTERROR        568
 
 /*	RPL_LOGON	     600	dalnet,unreal
 	RPL_LOGOFF           601	dalnet,unreal
@@ -492,4 +491,20 @@ extern const struct Numeric* get_error_numeric(int err);
 	RPL_DUMPRPL	     641	unreal
 	RPL_EODUMP	     642	unreal
 */
+
+/*
+ * SASL replies and errors (starting at 900).
+ */
+#define RPL_LOGGEDIN         900    /* SASL */
+/* RPL_LOGGEDOUT        901    SASL */
+/* ERR_NICKLOCKED       902    SASL */
+#define RPL_SASLSUCCESS      903    /* SASL */
+#define ERR_SASLFAIL         904    /* SASL */
+#define ERR_SASLTOOLONG      905    /* SASL */
+#define ERR_SASLABORTED      906    /* SASL */
+#define ERR_SASLALREADY      907    /* SASL */
+#define RPL_SASLMECHS        908	/* SASL */
+
+#define ERR_LASTERROR        909
+
 #endif /* INCLUDED_numeric_h */

include/s_auth.h

@@ -39,6 +39,7 @@ extern int auth_set_pong(struct AuthRequest *auth, unsigned int cookie);
 extern int auth_set_user(struct AuthRequest *auth, const char *username, const char *hostname, const char *servername, const char *userinfo);
 extern int auth_set_nick(struct AuthRequest *auth, const char *nickname);
 extern int auth_set_password(struct AuthRequest *auth, const char *password);
+extern int auth_set_account(struct AuthRequest *auth, const char *account_info);
 extern int auth_cap_start(struct AuthRequest *auth);
 extern int auth_cap_done(struct AuthRequest *auth);
 extern int auth_spoof_user(struct AuthRequest *auth, const char *username, const char *hostname, const char *ip);

include/sasl.h

@@ -0,0 +1,40 @@
+#ifndef INCLUDED_sasl_h
+#define INCLUDED_sasl_h
+/*
+ * IRC - Internet Relay Chat, include/sasl.h
+ * Copyright (C) 2025 MrIron <mriron@undernet.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 1, or (at your option)
+ * any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ */
+
+/** @file
+ * @brief SASL authentication support
+ */
+
+#ifndef INCLUDED_time_h
+#include <time.h>
+#define INCLUDED_time_h
+#endif
+
+struct Client;
+struct StatDesc;
+
+/* Public SASL functions */
+extern void sasl_init(void);
+extern int sasl_available(void);
+extern int sasl_mechanism_supported(const char* mechanism);
+extern void sasl_check_capability(void);
+extern void sasl_send_xreply(struct Client* sptr, const char* routing, const char* reply);
+extern struct Client* find_sasl_client(unsigned long cookie);
+extern void sasl_stats(struct Client* sptr, const struct StatDesc* sd, char* param);
+extern void sasl_stop_timeout(struct Client* cptr);
+
+#endif /* INCLUDED_sasl_h */