1
0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00

Merge pull request #278 from LemonBoy/sasl

SASL support
This commit is contained in:
dx 2015-09-20 19:19:49 -03:00
commit 0912a11050
16 changed files with 335 additions and 6 deletions

View File

@ -136,6 +136,10 @@ irc-cap.c
"server cap nak "<cmd>, SERVER_REC "server cap nak "<cmd>, SERVER_REC
"server cap end", SERVER_REC "server cap end", SERVER_REC
sasl.c
"server sasl failure", SERVER_REC, char *reason
"server sasl success", SERVER_REC
irc.c: irc.c:
"server event", SERVER_REC, char *data, char *sender_nick, char *sender_address "server event", SERVER_REC, char *data, char *sender_nick, char *sender_address

View File

@ -8,6 +8,9 @@ char *address;
int port; int port;
char *password; char *password;
int sasl_mechanism;
char *sasl_password;
char *ssl_cert; char *ssl_cert;
char *ssl_pkey; char *ssl_pkey;
char *ssl_pass; char *ssl_pass;

View File

@ -26,6 +26,7 @@ real_sources = \
fe-netsplit.c \ fe-netsplit.c \
fe-common-irc.c \ fe-common-irc.c \
fe-whois.c \ fe-whois.c \
fe-sasl.c \
irc-completion.c \ irc-completion.c \
module-formats.c module-formats.c

View File

@ -69,6 +69,9 @@ void fe_netjoin_deinit(void);
void fe_whois_init(void); void fe_whois_init(void);
void fe_whois_deinit(void); void fe_whois_deinit(void);
void fe_sasl_init(void);
void fe_sasl_deinit(void);
void irc_completion_init(void); void irc_completion_init(void);
void irc_completion_deinit(void); void irc_completion_deinit(void);
@ -91,6 +94,7 @@ void fe_common_irc_init(void)
fe_netsplit_init(); fe_netsplit_init();
fe_netjoin_init(); fe_netjoin_init();
fe_whois_init(); fe_whois_init();
fe_sasl_init();
irc_completion_init(); irc_completion_init();
settings_check(); settings_check();
@ -116,6 +120,7 @@ void fe_common_irc_deinit(void)
fe_netsplit_deinit(); fe_netsplit_deinit();
fe_netjoin_deinit(); fe_netjoin_deinit();
fe_whois_deinit(); fe_whois_deinit();
fe_sasl_deinit();
irc_completion_deinit(); irc_completion_deinit();
theme_unregister(); theme_unregister();

View File

@ -0,0 +1,48 @@
/*
fe-sasl.c : irssi
Copyright (C) 2015 The Lemon Man
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "module.h"
#include "module-formats.h"
#include "signals.h"
#include "levels.h"
#include "printtext.h"
static void sig_sasl_success(IRC_SERVER_REC *server)
{
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_SUCCESS);
}
static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason)
{
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason);
}
void fe_sasl_init(void)
{
signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
}
void fe_sasl_deinit(void)
{
signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
}

View File

@ -44,6 +44,8 @@ FORMAT_REC fecommon_irc_formats[] = {
{ "setupserver_header", "%#Server Port Network Settings", 0 }, { "setupserver_header", "%#Server Port Network Settings", 0 },
{ "setupserver_line", "%#%|$[!20]0 $[5]1 $[10]2 $3", 4, { 0, 1, 0, 0 } }, { "setupserver_line", "%#%|$[!20]0 $[5]1 $[10]2 $3", 4, { 0, 1, 0, 0 } },
{ "setupserver_footer", "", 0 }, { "setupserver_footer", "", 0 },
{ "sasl_success", "SASL authentication succeeded", 0 },
{ "sasl_error", "Cannot authenticate via SASL ($0)", 1, { 0 } },
/* ---- */ /* ---- */
{ NULL, "Channels", 0 }, { NULL, "Channels", 0 },

View File

@ -22,6 +22,8 @@ enum {
IRCTXT_SETUPSERVER_HEADER, IRCTXT_SETUPSERVER_HEADER,
IRCTXT_SETUPSERVER_LINE, IRCTXT_SETUPSERVER_LINE,
IRCTXT_SETUPSERVER_FOOTER, IRCTXT_SETUPSERVER_FOOTER,
IRCTXT_SASL_SUCCESS,
IRCTXT_SASL_ERROR,
IRCTXT_FILL_2, IRCTXT_FILL_2,

View File

@ -27,6 +27,7 @@ libirc_core_a_SOURCES = \
irc-servers-setup.c \ irc-servers-setup.c \
irc-session.c \ irc-session.c \
irc-cap.c \ irc-cap.c \
sasl.c \
lag.c \ lag.c \
massjoin.c \ massjoin.c \
modes.c \ modes.c \
@ -50,6 +51,7 @@ pkginc_irc_core_HEADERS = \
irc-servers.h \ irc-servers.h \
irc-servers-setup.h \ irc-servers-setup.h \
irc-cap.h \ irc-cap.h \
sasl.h \
modes.h \ modes.h \
mode-lists.h \ mode-lists.h \
module.h \ module.h \

View File

@ -48,6 +48,10 @@ static void sig_chatnet_read(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
rec->max_msgs = config_node_get_int(node, "max_msgs", 0); rec->max_msgs = config_node_get_int(node, "max_msgs", 0);
rec->max_modes = config_node_get_int(node, "max_modes", 0); rec->max_modes = config_node_get_int(node, "max_modes", 0);
rec->max_whois = config_node_get_int(node, "max_whois", 0); rec->max_whois = config_node_get_int(node, "max_whois", 0);
rec->sasl_mechanism = config_node_get_str(node, "sasl_mechanism", NULL);
rec->sasl_username = config_node_get_str(node, "sasl_username", NULL);
rec->sasl_password = config_node_get_str(node, "sasl_password", NULL);
} }
static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node) static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
@ -73,6 +77,13 @@ static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
iconfig_node_set_int(node, "max_modes", rec->max_modes); iconfig_node_set_int(node, "max_modes", rec->max_modes);
if (rec->max_whois > 0) if (rec->max_whois > 0)
iconfig_node_set_int(node, "max_whois", rec->max_whois); iconfig_node_set_int(node, "max_whois", rec->max_whois);
if (rec->sasl_mechanism != NULL)
iconfig_node_set_str(node, "sasl_mechanism", rec->sasl_mechanism);
if (rec->sasl_username != NULL)
iconfig_node_set_str(node, "sasl_username", rec->sasl_username);
if (rec->sasl_password != NULL)
iconfig_node_set_str(node, "sasl_password", rec->sasl_password);
} }
static void sig_chatnet_destroyed(IRC_CHATNET_REC *rec) static void sig_chatnet_destroyed(IRC_CHATNET_REC *rec)

View File

@ -19,10 +19,13 @@ struct _IRC_CHATNET_REC {
char *usermode; char *usermode;
char *sasl_mechanism;
char *sasl_username;
char *sasl_password;
int max_cmds_at_once; int max_cmds_at_once;
int cmd_queue_speed; int cmd_queue_speed;
int max_query_chans; /* when syncing, max. number of channels to int max_query_chans; /* when syncing, max. number of channels to put in one MODE/WHO command */
put in one MODE/WHO command */
/* max. number of kicks/msgs/mode/whois per command */ /* max. number of kicks/msgs/mode/whois per command */
int max_kicks, max_msgs, max_modes, max_whois; int max_kicks, max_msgs, max_modes, max_whois;

View File

@ -27,6 +27,7 @@
#include "irc-channels.h" #include "irc-channels.h"
#include "irc-queries.h" #include "irc-queries.h"
#include "irc-cap.h" #include "irc-cap.h"
#include "sasl.h"
#include "irc-servers-setup.h" #include "irc-servers-setup.h"
#include "channels-setup.h" #include "channels-setup.h"
@ -119,6 +120,7 @@ void irc_core_init(void)
netsplit_init(); netsplit_init();
irc_expandos_init(); irc_expandos_init();
cap_init(); cap_init();
sasl_init();
settings_check(); settings_check();
module_register("core", "irc"); module_register("core", "irc");
@ -128,6 +130,7 @@ void irc_core_deinit(void)
{ {
signal_emit("chat protocol deinit", 1, chat_protocol_find("IRC")); signal_emit("chat protocol deinit", 1, chat_protocol_find("IRC"));
sasl_deinit();
cap_deinit(); cap_deinit();
irc_expandos_deinit(); irc_expandos_deinit();
netsplit_deinit(); netsplit_deinit();

View File

@ -28,6 +28,7 @@
#include "irc-chatnets.h" #include "irc-chatnets.h"
#include "irc-servers-setup.h" #include "irc-servers-setup.h"
#include "irc-servers.h" #include "irc-servers.h"
#include "sasl.h"
/* Fill information to connection from server setup record */ /* Fill information to connection from server setup record */
static void sig_server_setup_fill_reconn(IRC_SERVER_CONNECT_REC *conn, static void sig_server_setup_fill_reconn(IRC_SERVER_CONNECT_REC *conn,
@ -79,6 +80,29 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
conn->cmd_queue_speed = ircnet->cmd_queue_speed; conn->cmd_queue_speed = ircnet->cmd_queue_speed;
if (ircnet->max_query_chans > 0) if (ircnet->max_query_chans > 0)
conn->max_query_chans = ircnet->max_query_chans; conn->max_query_chans = ircnet->max_query_chans;
/* Validate the SASL parameters filled by sig_chatnet_read() */
conn->sasl_mechanism = SASL_MECHANISM_NONE;
if (ircnet->sasl_mechanism != NULL) {
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
/* The PLAIN method needs both the username and the password */
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
conn->sasl_username = ircnet->sasl_username;
conn->sasl_password = ircnet->sasl_password;
} else
g_warning("The fields sasl_username and sasl_password are either missing or empty");
}
else if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "external")) {
conn->sasl_mechanism = SASL_MECHANISM_EXTERNAL;
conn->sasl_username = NULL;
conn->sasl_password = NULL;
}
else
g_warning("Unsupported SASL mechanism \"%s\" selected", ircnet->sasl_mechanism);
}
} }
static void init_userinfo(void) static void init_userinfo(void)

View File

@ -33,6 +33,8 @@
#include "irc-servers-setup.h" #include "irc-servers-setup.h"
#include "irc-servers.h" #include "irc-servers.h"
#include "irc-cap.h" #include "irc-cap.h"
#include "sasl.h"
#include "channels-setup.h" #include "channels-setup.h"
#include "channel-rejoin.h" #include "channel-rejoin.h"
#include "servers-idle.h" #include "servers-idle.h"
@ -223,6 +225,9 @@ static void server_init(IRC_SERVER_REC *server)
g_free(cmd); g_free(cmd);
} }
if (conn->sasl_mechanism != SASL_MECHANISM_NONE)
cap_toggle(server, "sasl", TRUE);
irc_send_cmd_now(server, "CAP LS"); irc_send_cmd_now(server, "CAP LS");
if (conn->password != NULL && *conn->password != '\0') { if (conn->password != NULL && *conn->password != '\0') {

View File

@ -27,6 +27,10 @@ struct _IRC_SERVER_CONNECT_REC {
char *usermode; char *usermode;
char *alternate_nick; char *alternate_nick;
int sasl_mechanism;
char *sasl_username;
char *sasl_password;
int max_cmds_at_once; int max_cmds_at_once;
int cmd_queue_speed; int cmd_queue_speed;
int max_query_chans; int max_query_chans;

178
src/irc/core/sasl.c Normal file
View File

@ -0,0 +1,178 @@
/*
fe-sasl.c : irssi
Copyright (C) 2015 The Lemon Man
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "module.h"
#include "misc.h"
#include "settings.h"
#include "irc-cap.h"
#include "irc-servers.h"
#include "sasl.h"
#define SASL_TIMEOUT (20 * 1000) // ms
static gboolean sasl_timeout(IRC_SERVER_REC *server)
{
/* The authentication timed out, we can't do much beside terminating it */
irc_send_cmd_now(server, "AUTHENTICATE *");
cap_finish_negotiation(server);
server->sasl_timeout = -1;
signal_emit("server sasl failure", 2, server, "The authentication timed out");
return FALSE;
}
static void sasl_start(IRC_SERVER_REC *server, const char *data, const char *from)
{
IRC_SERVER_CONNECT_REC *conn;
conn = server->connrec;
switch (conn->sasl_mechanism) {
case SASL_MECHANISM_PLAIN:
irc_send_cmd_now(server, "AUTHENTICATE PLAIN");
break;
case SASL_MECHANISM_EXTERNAL:
irc_send_cmd_now(server, "AUTHENTICATE EXTERNAL");
break;
}
server->sasl_timeout = g_timeout_add(SASL_TIMEOUT, (GSourceFunc) sasl_timeout, server);
}
static void sasl_fail(IRC_SERVER_REC *server, const char *data, const char *from)
{
char *params, *error;
/* Stop any pending timeout, if any */
if (server->sasl_timeout != -1) {
g_source_remove(server->sasl_timeout);
server->sasl_timeout = -1;
}
params = event_get_params(data, 2, NULL, &error);
signal_emit("server sasl fail", 2, server, error);
/* Terminate the negotiation */
cap_finish_negotiation(server);
g_free(params);
}
static void sasl_already(IRC_SERVER_REC *server, const char *data, const char *from)
{
if (server->sasl_timeout != -1) {
g_source_remove(server->sasl_timeout);
server->sasl_timeout = -1;
}
signal_emit("server sasl success", 1, server);
/* We're already authenticated, do nothing */
cap_finish_negotiation(server);
}
static void sasl_success(IRC_SERVER_REC *server, const char *data, const char *from)
{
if (server->sasl_timeout != -1) {
g_source_remove(server->sasl_timeout);
server->sasl_timeout = -1;
}
signal_emit("server sasl success", 1, server);
/* The authentication succeeded, time to finish the CAP negotiation */
cap_finish_negotiation(server);
}
static void sasl_step(IRC_SERVER_REC *server, const char *data, const char *from)
{
IRC_SERVER_CONNECT_REC *conn;
GString *req;
char *enc_req;
conn = server->connrec;
/* Stop the timer */
if (server->sasl_timeout != -1) {
g_source_remove(server->sasl_timeout);
server->sasl_timeout = -1;
}
switch (conn->sasl_mechanism) {
case SASL_MECHANISM_PLAIN:
/* At this point we assume that conn->sasl_{username, password} are non-NULL.
* The PLAIN mechanism expects a NULL-separated string composed by the authorization identity, the
* authentication identity and the password.
* The authorization identity field is explicitly set to the user provided username.
* The whole request is then encoded in base64. */
req = g_string_new(NULL);
g_string_append(req, conn->sasl_username);
g_string_append_c(req, '\0');
g_string_append(req, conn->sasl_username);
g_string_append_c(req, '\0');
g_string_append(req, conn->sasl_password);
enc_req = g_base64_encode((const guchar *)req->str, req->len);
irc_send_cmdv(server, "AUTHENTICATE %s", enc_req);
g_free(enc_req);
g_string_free(req, TRUE);
break;
case SASL_MECHANISM_EXTERNAL:
/* Empty response */
irc_send_cmdv(server, "+");
break;
}
/* We expect a response within a reasonable time */
server->sasl_timeout = g_timeout_add(SASL_TIMEOUT, (GSourceFunc) sasl_timeout, server);
}
void sasl_init(void)
{
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_add_first("event 903", (SIGNAL_FUNC) sasl_success);
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
signal_add_first("event 904", (SIGNAL_FUNC) sasl_fail);
signal_add_first("event 905", (SIGNAL_FUNC) sasl_fail);
signal_add_first("event 906", (SIGNAL_FUNC) sasl_fail);
signal_add_first("event 907", (SIGNAL_FUNC) sasl_already);
}
void sasl_deinit(void)
{
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_remove("event 903", (SIGNAL_FUNC) sasl_success);
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);
signal_remove("event 904", (SIGNAL_FUNC) sasl_fail);
signal_remove("event 905", (SIGNAL_FUNC) sasl_fail);
signal_remove("event 906", (SIGNAL_FUNC) sasl_fail);
signal_remove("event 907", (SIGNAL_FUNC) sasl_already);
}

34
src/irc/core/sasl.h Normal file
View File

@ -0,0 +1,34 @@
/*
fe-sasl.c : irssi
Copyright (C) 2015 The Lemon Man
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License along
with this program; if not, write to the Free Software Foundation, Inc.,
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef __SASL_H
#define __SASL_H
enum {
SASL_MECHANISM_NONE = 0,
SASL_MECHANISM_PLAIN,
SASL_MECHANISM_EXTERNAL,
SASL_MECHANISM_MAX
};
void sasl_init(void);
void sasl_deinit(void);
#endif