diff options
author | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2010-02-18 21:23:00 +0000 |
---|---|---|
committer | danieldg <danieldg@e03df62e-2008-0410-955e-edbf42e46eb7> | 2010-02-18 21:23:00 +0000 |
commit | 8cb1935360087b4e38802b837981e5f41e9b87d7 (patch) | |
tree | 687d0c37e28a12d9052828e77fe0a8a5c08a8e11 | |
parent | 46e56dedd37abe33af4e8b970d5b83729dc1ef05 (diff) |
Allow SASL messages to be targeted at the services server
<sasl target="services.example.net"> will avoid broadcasting all
authentication messages across the network, which improves security.
git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@12494 e03df62e-2008-0410-955e-edbf42e46eb7
-rw-r--r-- | include/protocol.h | 3 | ||||
-rw-r--r-- | src/modules/m_sasl.cpp | 33 | ||||
-rw-r--r-- | src/modules/m_spanningtree/protocolinterface.cpp | 9 | ||||
-rw-r--r-- | src/modules/m_spanningtree/protocolinterface.h | 2 | ||||
-rw-r--r-- | src/modules/m_spanningtree/utils.cpp | 12 | ||||
-rw-r--r-- | src/modules/m_spanningtree/utils.h | 12 | ||||
-rw-r--r-- | src/modules/sasl.h | 28 |
7 files changed, 77 insertions, 22 deletions
diff --git a/include/protocol.h b/include/protocol.h index 7f987964f..03ede7ca8 100644 --- a/include/protocol.h +++ b/include/protocol.h @@ -44,8 +44,9 @@ class ProtocolInterface * @param encap This is a list of string parameters, the first of which must be a server ID or glob matching servernames. * The second must be a subcommand. All subsequent parameters are dependant on the subcommand. * ENCAP (should) be used instead of creating new protocol messages for easier third party application support. + * @return True if the message was sent out (target exists) */ - virtual void SendEncapsulatedData(parameterlist &encap) { } + virtual bool SendEncapsulatedData(const parameterlist &encap) { return false; } /** Send metadata for an object to other linked servers. * @param target The object to send metadata for. diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 8f48d1da9..72d547c7c 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -14,12 +14,23 @@ #include "inspircd.h" #include "m_cap.h" #include "account.h" +#include "sasl.h" /* $ModDesc: Provides support for IRC Authentication Layer (aka: atheme SASL) via AUTHENTICATE. */ enum SaslState { SASL_INIT, SASL_COMM, SASL_DONE }; enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT }; +static std::string sasl_target = "*"; + +static void SendSASL(const parameterlist& params) +{ + if (!ServerInstance->PI->SendEncapsulatedData(params)) + { + SASLFallback(NULL, params); + } +} + /** * Tracks SASL authentication state like charybdis does. --nenolod */ @@ -37,14 +48,14 @@ class SaslAuthenticator : user(user_), state(SASL_INIT), state_announced(false) { parameterlist params; - params.push_back("*"); + params.push_back(sasl_target); params.push_back("SASL"); params.push_back(user->uuid); params.push_back("*"); params.push_back("S"); params.push_back(method); - ServerInstance->PI->SendEncapsulatedData(params); + SendSASL(params); } SaslResult GetSaslResult(const std::string &result_) @@ -103,7 +114,7 @@ class SaslAuthenticator return true; parameterlist params; - params.push_back("*"); + params.push_back(sasl_target); params.push_back("SASL"); params.push_back(this->user->uuid); params.push_back(this->agent); @@ -111,7 +122,7 @@ class SaslAuthenticator params.insert(params.end(), parameters.begin(), parameters.end()); - ServerInstance->PI->SendEncapsulatedData(params); + SendSASL(params); if (parameters[0][0] == '*') { @@ -225,8 +236,13 @@ class ModuleSASL : public Module ModuleSASL() : authExt("sasl_auth", this), cap(this, "sasl"), auth(this, authExt, cap), sasl(this, authExt) { - Implementation eventlist[] = { I_OnEvent, I_OnUserRegister }; - ServerInstance->Modules->Attach(eventlist, this, 2); + } + + void init() + { + OnRehash(NULL); + Implementation eventlist[] = { I_OnEvent, I_OnUserRegister, I_OnRehash }; + ServerInstance->Modules->Attach(eventlist, this, 3); ServiceProvider* providelist[] = { &auth, &sasl, &authExt }; ServerInstance->Modules->AddServices(providelist, 3); @@ -235,6 +251,11 @@ class ModuleSASL : public Module ServerInstance->Logs->Log("m_sasl", DEFAULT, "WARNING: m_services_account.so and m_cap.so are not loaded! m_sasl.so will NOT function correctly until these two modules are loaded!"); } + void OnRehash(User*) + { + sasl_target = ServerInstance->Config->ConfValue("sasl")->getString("target", "*"); + } + ModResult OnUserRegister(LocalUser *user) { SaslAuthenticator *sasl_ = authExt.get(user); diff --git a/src/modules/m_spanningtree/protocolinterface.cpp b/src/modules/m_spanningtree/protocolinterface.cpp index 843361e9e..7434400a0 100644 --- a/src/modules/m_spanningtree/protocolinterface.cpp +++ b/src/modules/m_spanningtree/protocolinterface.cpp @@ -26,9 +26,14 @@ void SpanningTreeProtocolInterface::GetServerList(ProtoServerList &sl) } } -void SpanningTreeProtocolInterface::SendEncapsulatedData(parameterlist &encap) +bool SpanningTreeProtocolInterface::SendEncapsulatedData(const parameterlist &encap) { - Utils->DoOneToMany(ServerInstance->Config->GetSID(), "ENCAP", encap); + if (encap[0].find('*') != std::string::npos) + { + Utils->DoOneToMany(ServerInstance->Config->GetSID(), "ENCAP", encap); + return true; + } + return Utils->DoOneToOne(ServerInstance->Config->GetSID(), "ENCAP", encap, encap[0]); } void SpanningTreeProtocolInterface::SendMetaData(Extensible* target, const std::string &key, const std::string &data) diff --git a/src/modules/m_spanningtree/protocolinterface.h b/src/modules/m_spanningtree/protocolinterface.h index 9ba9f2d2f..762946901 100644 --- a/src/modules/m_spanningtree/protocolinterface.h +++ b/src/modules/m_spanningtree/protocolinterface.h @@ -13,7 +13,7 @@ class SpanningTreeProtocolInterface : public ProtocolInterface SpanningTreeProtocolInterface(ModuleSpanningTree* mod, SpanningTreeUtilities* util) : Utils(util), Module(mod) { } virtual ~SpanningTreeProtocolInterface() { } - virtual void SendEncapsulatedData(parameterlist &encap); + virtual bool SendEncapsulatedData(const parameterlist &encap); virtual void SendMetaData(Extensible* target, const std::string &key, const std::string &data); virtual void SendTopic(Channel* channel, std::string &topic); virtual void SendMode(const std::string &target, const parameterlist &modedata, const std::vector<TranslateType> &types); diff --git a/src/modules/m_spanningtree/utils.cpp b/src/modules/m_spanningtree/utils.cpp index 81fb0ecde..2271bf374 100644 --- a/src/modules/m_spanningtree/utils.cpp +++ b/src/modules/m_spanningtree/utils.cpp @@ -199,7 +199,7 @@ void SpanningTreeUtilities::GetListOfServersForChannel(Channel* c, TreeServerLis return; } -bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, parameterlist ¶ms) +bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, const parameterlist ¶ms) { TreeServer* omitroute = this->BestRouteTo(omit); unsigned int items =this->TreeRoot->ChildCount(); @@ -216,7 +216,7 @@ bool SpanningTreeUtilities::DoOneToAllButSenderRaw(const std::string &data, cons return true; } -bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const std::string &command, parameterlist ¶ms, std::string omit) +bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const std::string &command, const parameterlist ¶ms, std::string omit) { TreeServer* omitroute = this->BestRouteTo(omit); std::string FullLine = ":" + prefix + " " + command; @@ -243,7 +243,7 @@ bool SpanningTreeUtilities::DoOneToAllButSender(const std::string &prefix, const return true; } -bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::string &command, parameterlist ¶ms) +bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::string &command, const parameterlist ¶ms) { std::string FullLine = ":" + prefix + " " + command; unsigned int words = params.size(); @@ -265,21 +265,21 @@ bool SpanningTreeUtilities::DoOneToMany(const std::string &prefix, const std::st return true; } -bool SpanningTreeUtilities::DoOneToMany(const char* prefix, const char* command, parameterlist ¶ms) +bool SpanningTreeUtilities::DoOneToMany(const char* prefix, const char* command, const parameterlist ¶ms) { std::string spfx = prefix; std::string scmd = command; return this->DoOneToMany(spfx, scmd, params); } -bool SpanningTreeUtilities::DoOneToAllButSender(const char* prefix, const char* command, parameterlist ¶ms, std::string omit) +bool SpanningTreeUtilities::DoOneToAllButSender(const char* prefix, const char* command, const parameterlist ¶ms, std::string omit) { std::string spfx = prefix; std::string scmd = command; return this->DoOneToAllButSender(spfx, scmd, params, omit); } -bool SpanningTreeUtilities::DoOneToOne(const std::string &prefix, const std::string &command, parameterlist ¶ms, std::string target) +bool SpanningTreeUtilities::DoOneToOne(const std::string &prefix, const std::string &command, const parameterlist ¶ms, std::string target) { TreeServer* Route = this->BestRouteTo(target); if (Route) diff --git a/src/modules/m_spanningtree/utils.h b/src/modules/m_spanningtree/utils.h index eb0df03ff..2e527ae12 100644 --- a/src/modules/m_spanningtree/utils.h +++ b/src/modules/m_spanningtree/utils.h @@ -124,27 +124,27 @@ class SpanningTreeUtilities : public classbase /** Send a message from this server to one other local or remote */ - bool DoOneToOne(const std::string &prefix, const std::string &command, parameterlist ¶ms, std::string target); + bool DoOneToOne(const std::string &prefix, const std::string &command, const parameterlist ¶ms, std::string target); /** Send a message from this server to all but one other, local or remote */ - bool DoOneToAllButSender(const std::string &prefix, const std::string &command, parameterlist ¶ms, std::string omit); + bool DoOneToAllButSender(const std::string &prefix, const std::string &command, const parameterlist ¶ms, std::string omit); /** Send a message from this server to all but one other, local or remote */ - bool DoOneToAllButSender(const char* prefix, const char* command, parameterlist ¶ms, std::string omit); + bool DoOneToAllButSender(const char* prefix, const char* command, const parameterlist ¶ms, std::string omit); /** Send a message from this server to all others */ - bool DoOneToMany(const std::string &prefix, const std::string &command, parameterlist ¶ms); + bool DoOneToMany(const std::string &prefix, const std::string &command, const parameterlist ¶ms); /** Send a message from this server to all others */ - bool DoOneToMany(const char* prefix, const char* command, parameterlist ¶ms); + bool DoOneToMany(const char* prefix, const char* command, const parameterlist ¶ms); /** Send a message from this server to all others, without doing any processing on the command (e.g. send it as-is with colons and all) */ - bool DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, parameterlist ¶ms); + bool DoOneToAllButSenderRaw(const std::string &data, const std::string &omit, const std::string &prefix, const irc::string &command, const parameterlist ¶ms); /** Read the spanningtree module's tags from the config file */ diff --git a/src/modules/sasl.h b/src/modules/sasl.h new file mode 100644 index 000000000..9abfc558a --- /dev/null +++ b/src/modules/sasl.h @@ -0,0 +1,28 @@ +/* +------------------------------------+ + * | Inspire Internet Relay Chat Daemon | + * +------------------------------------+ + * + * InspIRCd: (C) 2002-2010 InspIRCd Development Team + * See: http://wiki.inspircd.org/Credits + * + * This program is free but copyrighted software; see + * the file COPYING for details. + * + * --------------------------------------------------- + */ + +#ifndef __SASL_H__ +#define __SASL_H__ + +class SASLFallback : public Event +{ + public: + const parameterlist& params; + SASLFallback(Module* me, const parameterlist& p) + : Event(me, "sasl_fallback"), params(p) + { + Send(); + } +}; + +#endif |