diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/modules/extra/m_ssl_gnutls.cpp | 2 | ||||
| -rw-r--r-- | src/modules/m_sasl.cpp | 125 |
2 files changed, 37 insertions, 90 deletions
diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index c1ffdfb4c..8b414230a 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -29,7 +29,7 @@ /// $PackageInfo: require_system("centos") gnutls-devel pkgconfig /// $PackageInfo: require_system("darwin") gnutls pkg-config /// $PackageInfo: require_system("ubuntu" "1.0" "13.10") libgcrypt11-dev -/// $PackageInfo: require_system("ubuntu" "14.04") gnutls-bin libgnutls-dev pkg-config +/// $PackageInfo: require_system("ubuntu") gnutls-bin libgnutls-dev pkg-config #include "inspircd.h" #include "modules/ssl.h" diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 9272efe0e..fe1438ccf 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -30,6 +30,7 @@ enum // From IRCv3 sasl-3.1 RPL_SASLSUCCESS = 903, ERR_SASLFAIL = 904, + ERR_SASLTOOLONG = 905, ERR_SASLABORTED = 906, RPL_SASLMECHS = 908 }; @@ -142,8 +143,14 @@ enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT }; static Events::ModuleEventProvider* saslevprov; -static void SendSASL(const parameterlist& params) +static void SendSASL(LocalUser* user, const std::string& agent, char mode, const parameterlist& parameters) { + parameterlist params(parameters.size() + 3); + params.push_back(user->uuid); + params.push_back(agent); + params.push_back(ConvToStr(mode)); + params.insert(params.end(), parameters.begin(), parameters.end()); + if (!ServerInstance->PI->SendEncapsulatedData(sasl_target, "SASL", params)) { FOREACH_MOD_CUSTOM(*saslevprov, SASLEventListener, OnSASLAuth, (params)); @@ -157,84 +164,34 @@ class SaslAuthenticator { private: std::string agent; - User *user; + LocalUser* user; SaslState state; SaslResult result; bool state_announced; - /* taken from m_services_account */ - static bool ReadCGIIRCExt(const char* extname, User* user, std::string& out) - { - ExtensionItem* wiext = ServerInstance->Extensions.GetItem(extname); - if (!wiext) - return false; - - if (wiext->creator->ModuleSourceFile != "m_cgiirc.so") - return false; - - StringExtItem* stringext = static_cast<StringExtItem*>(wiext); - std::string* addr = stringext->get(user); - if (!addr) - return false; - - out = *addr; - return true; - } - - void SendHostIP() { - std::string host, ip; - - if (!ReadCGIIRCExt("cgiirc_webirc_hostname", user, host)) - { - host = user->host; - } - if (!ReadCGIIRCExt("cgiirc_webirc_ip", user, ip)) - { - ip = user->GetIPString(); - } - else - { - /* IP addresses starting with a : on irc are a Bad Thing (tm) */ - if (ip.c_str()[0] == ':') - ip.insert(ip.begin(),1,'0'); - } - parameterlist params; - params.push_back(sasl_target); - params.push_back("SASL"); - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("H"); - params.push_back(host); - params.push_back(ip); - - SendSASL(params); + params.push_back(user->host); + params.push_back(user->GetIPString()); + + SendSASL(user, "*", 'H', params); } public: - SaslAuthenticator(User* user_, const std::string& method) + SaslAuthenticator(LocalUser* user_, const std::string& method) : user(user_), state(SASL_INIT), state_announced(false) { SendHostIP(); parameterlist params; - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("S"); params.push_back(method); - LocalUser* localuser = IS_LOCAL(user); - if (localuser) - { - std::string fp = SSLClientCert::GetFingerprint(&localuser->eh); - - if (fp.size()) - params.push_back(fp); - } + const std::string fp = SSLClientCert::GetFingerprint(&user->eh); + if (fp.size()) + params.push_back(fp); - SendSASL(params); + SendSASL(user, "*", 'S', params); } SaslResult GetSaslResult(const std::string &result_) @@ -287,29 +244,17 @@ class SaslAuthenticator return this->state; } - void Abort(void) - { - this->state = SASL_DONE; - this->result = SASL_ABORT; - } - bool SendClientMessage(const std::vector<std::string>& parameters) { if (this->state != SASL_COMM) return true; - parameterlist params; - params.push_back(this->user->uuid); - params.push_back(this->agent); - params.push_back("C"); - - params.insert(params.end(), parameters.begin(), parameters.end()); - - SendSASL(params); + SendSASL(this->user, this->agent, 'C', parameters); if (parameters[0].c_str()[0] == '*') { - this->Abort(); + this->state = SASL_DONE; + this->result = SASL_ABORT; return false; } @@ -340,19 +285,25 @@ class SaslAuthenticator } }; -class CommandAuthenticate : public Command +class CommandAuthenticate : public SplitCommand { + private: + // The maximum length of an AUTHENTICATE request. + static const size_t MAX_AUTHENTICATE_SIZE = 400; + public: SimpleExtItem<SaslAuthenticator>& authExt; Cap::Capability& cap; CommandAuthenticate(Module* Creator, SimpleExtItem<SaslAuthenticator>& ext, Cap::Capability& Cap) - : Command(Creator, "AUTHENTICATE", 1), authExt(ext), cap(Cap) + : SplitCommand(Creator, "AUTHENTICATE", 1) + , authExt(ext) + , cap(Cap) { works_before_reg = true; allow_empty_last_param = false; } - CmdResult Handle (const std::vector<std::string>& parameters, User *user) + CmdResult HandleLocal(const std::vector<std::string>& parameters, LocalUser* user) { { if (!cap.get(user)) @@ -361,6 +312,12 @@ class CommandAuthenticate : public Command if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') return CMD_FAILURE; + if (parameters[0].length() > MAX_AUTHENTICATE_SIZE) + { + user->WriteNumeric(ERR_SASLTOOLONG, "SASL message too long"); + return CMD_FAILURE; + } + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); @@ -444,16 +401,6 @@ class ModuleSASL : public Module servertracker.Reset(); } - void OnUserConnect(LocalUser *user) CXX11_OVERRIDE - { - SaslAuthenticator *sasl_ = authExt.get(user); - if (sasl_) - { - sasl_->Abort(); - authExt.unset(user); - } - } - void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE { if ((target == NULL) && (extname == "saslmechlist")) |