mirror of
https://github.com/irssi/irssi.git
synced 2024-12-04 14:46:39 -05:00
SASL support
The only supported methods are PLAIN and EXTERNAL, the latter is untested as of now. The code gets the values from the keys named sasl_{mechanism,username,password} specified for each chatnet.
This commit is contained in:
parent
762c1d7f2c
commit
b8d3301d34
@ -8,6 +8,9 @@ char *address;
|
|||||||
int port;
|
int port;
|
||||||
char *password;
|
char *password;
|
||||||
|
|
||||||
|
int sasl_mechanism;
|
||||||
|
char *sasl_password;
|
||||||
|
|
||||||
char *ssl_cert;
|
char *ssl_cert;
|
||||||
char *ssl_pkey;
|
char *ssl_pkey;
|
||||||
char *ssl_pass;
|
char *ssl_pass;
|
||||||
|
@ -27,6 +27,7 @@ libirc_core_a_SOURCES = \
|
|||||||
irc-servers-setup.c \
|
irc-servers-setup.c \
|
||||||
irc-session.c \
|
irc-session.c \
|
||||||
irc-cap.c \
|
irc-cap.c \
|
||||||
|
sasl.c \
|
||||||
lag.c \
|
lag.c \
|
||||||
massjoin.c \
|
massjoin.c \
|
||||||
modes.c \
|
modes.c \
|
||||||
@ -50,6 +51,7 @@ pkginc_irc_core_HEADERS = \
|
|||||||
irc-servers.h \
|
irc-servers.h \
|
||||||
irc-servers-setup.h \
|
irc-servers-setup.h \
|
||||||
irc-cap.h \
|
irc-cap.h \
|
||||||
|
sasl.h \
|
||||||
modes.h \
|
modes.h \
|
||||||
mode-lists.h \
|
mode-lists.h \
|
||||||
module.h \
|
module.h \
|
||||||
|
@ -48,6 +48,10 @@ static void sig_chatnet_read(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
|
|||||||
rec->max_msgs = config_node_get_int(node, "max_msgs", 0);
|
rec->max_msgs = config_node_get_int(node, "max_msgs", 0);
|
||||||
rec->max_modes = config_node_get_int(node, "max_modes", 0);
|
rec->max_modes = config_node_get_int(node, "max_modes", 0);
|
||||||
rec->max_whois = config_node_get_int(node, "max_whois", 0);
|
rec->max_whois = config_node_get_int(node, "max_whois", 0);
|
||||||
|
|
||||||
|
rec->sasl_mechanism = config_node_get_str(node, "sasl_mechanism", NULL);
|
||||||
|
rec->sasl_username = config_node_get_str(node, "sasl_username", NULL);
|
||||||
|
rec->sasl_password = config_node_get_str(node, "sasl_password", NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
|
static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
|
||||||
@ -78,7 +82,7 @@ static void sig_chatnet_saved(IRC_CHATNET_REC *rec, CONFIG_NODE *node)
|
|||||||
static void sig_chatnet_destroyed(IRC_CHATNET_REC *rec)
|
static void sig_chatnet_destroyed(IRC_CHATNET_REC *rec)
|
||||||
{
|
{
|
||||||
if (IS_IRC_CHATNET(rec))
|
if (IS_IRC_CHATNET(rec))
|
||||||
g_free(rec->usermode);
|
g_free(rec->usermode);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -17,12 +17,15 @@
|
|||||||
struct _IRC_CHATNET_REC {
|
struct _IRC_CHATNET_REC {
|
||||||
#include "chatnet-rec.h"
|
#include "chatnet-rec.h"
|
||||||
|
|
||||||
char *usermode;
|
char *usermode;
|
||||||
|
|
||||||
|
char *sasl_mechanism;
|
||||||
|
char *sasl_username;
|
||||||
|
char *sasl_password;
|
||||||
|
|
||||||
int max_cmds_at_once;
|
int max_cmds_at_once;
|
||||||
int cmd_queue_speed;
|
int cmd_queue_speed;
|
||||||
int max_query_chans; /* when syncing, max. number of channels to
|
int max_query_chans; /* when syncing, max. number of channels to put in one MODE/WHO command */
|
||||||
put in one MODE/WHO command */
|
|
||||||
|
|
||||||
/* max. number of kicks/msgs/mode/whois per command */
|
/* max. number of kicks/msgs/mode/whois per command */
|
||||||
int max_kicks, max_msgs, max_modes, max_whois;
|
int max_kicks, max_msgs, max_modes, max_whois;
|
||||||
|
@ -27,6 +27,7 @@
|
|||||||
#include "irc-channels.h"
|
#include "irc-channels.h"
|
||||||
#include "irc-queries.h"
|
#include "irc-queries.h"
|
||||||
#include "irc-cap.h"
|
#include "irc-cap.h"
|
||||||
|
#include "sasl.h"
|
||||||
|
|
||||||
#include "irc-servers-setup.h"
|
#include "irc-servers-setup.h"
|
||||||
#include "channels-setup.h"
|
#include "channels-setup.h"
|
||||||
@ -119,6 +120,7 @@ void irc_core_init(void)
|
|||||||
netsplit_init();
|
netsplit_init();
|
||||||
irc_expandos_init();
|
irc_expandos_init();
|
||||||
cap_init();
|
cap_init();
|
||||||
|
sasl_init();
|
||||||
|
|
||||||
settings_check();
|
settings_check();
|
||||||
module_register("core", "irc");
|
module_register("core", "irc");
|
||||||
@ -128,6 +130,7 @@ void irc_core_deinit(void)
|
|||||||
{
|
{
|
||||||
signal_emit("chat protocol deinit", 1, chat_protocol_find("IRC"));
|
signal_emit("chat protocol deinit", 1, chat_protocol_find("IRC"));
|
||||||
|
|
||||||
|
sasl_deinit();
|
||||||
cap_deinit();
|
cap_deinit();
|
||||||
irc_expandos_deinit();
|
irc_expandos_deinit();
|
||||||
netsplit_deinit();
|
netsplit_deinit();
|
||||||
@ -140,7 +143,7 @@ void irc_core_deinit(void)
|
|||||||
irc_irc_deinit();
|
irc_irc_deinit();
|
||||||
irc_servers_deinit();
|
irc_servers_deinit();
|
||||||
irc_chatnets_deinit();
|
irc_chatnets_deinit();
|
||||||
irc_session_deinit();
|
irc_session_deinit();
|
||||||
|
|
||||||
chat_protocol_unregister("IRC");
|
chat_protocol_unregister("IRC");
|
||||||
}
|
}
|
||||||
|
@ -28,6 +28,7 @@
|
|||||||
#include "irc-chatnets.h"
|
#include "irc-chatnets.h"
|
||||||
#include "irc-servers-setup.h"
|
#include "irc-servers-setup.h"
|
||||||
#include "irc-servers.h"
|
#include "irc-servers.h"
|
||||||
|
#include "sasl.h"
|
||||||
|
|
||||||
/* Fill information to connection from server setup record */
|
/* Fill information to connection from server setup record */
|
||||||
static void sig_server_setup_fill_reconn(IRC_SERVER_CONNECT_REC *conn,
|
static void sig_server_setup_fill_reconn(IRC_SERVER_CONNECT_REC *conn,
|
||||||
@ -79,6 +80,29 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
|||||||
conn->cmd_queue_speed = ircnet->cmd_queue_speed;
|
conn->cmd_queue_speed = ircnet->cmd_queue_speed;
|
||||||
if (ircnet->max_query_chans > 0)
|
if (ircnet->max_query_chans > 0)
|
||||||
conn->max_query_chans = ircnet->max_query_chans;
|
conn->max_query_chans = ircnet->max_query_chans;
|
||||||
|
|
||||||
|
/* Validate the SASL parameters filled by sig_chatnet_read() */
|
||||||
|
conn->sasl_mechanism = SASL_MECHANISM_NONE;
|
||||||
|
|
||||||
|
if (ircnet->sasl_mechanism != NULL) {
|
||||||
|
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
|
||||||
|
/* The PLAIN method needs both the username and the password */
|
||||||
|
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
||||||
|
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
||||||
|
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
||||||
|
conn->sasl_username = ircnet->sasl_username;
|
||||||
|
conn->sasl_password = ircnet->sasl_password;
|
||||||
|
} else
|
||||||
|
g_warning("The fields sasl_username and sasl_password are either undefined or empty");
|
||||||
|
}
|
||||||
|
else if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "external")) {
|
||||||
|
conn->sasl_mechanism = SASL_MECHANISM_EXTERNAL;
|
||||||
|
conn->sasl_username = NULL;
|
||||||
|
conn->sasl_password = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
g_warning("Unsupported SASL mechanism \"%s\" selected", ircnet->sasl_mechanism);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void init_userinfo(void)
|
static void init_userinfo(void)
|
||||||
|
@ -33,6 +33,7 @@
|
|||||||
#include "irc-servers-setup.h"
|
#include "irc-servers-setup.h"
|
||||||
#include "irc-servers.h"
|
#include "irc-servers.h"
|
||||||
#include "irc-cap.h"
|
#include "irc-cap.h"
|
||||||
|
#include "sasl.h"
|
||||||
#include "channel-rejoin.h"
|
#include "channel-rejoin.h"
|
||||||
#include "servers-idle.h"
|
#include "servers-idle.h"
|
||||||
#include "servers-reconnect.h"
|
#include "servers-reconnect.h"
|
||||||
@ -215,6 +216,9 @@ static void server_init(IRC_SERVER_REC *server)
|
|||||||
g_free(cmd);
|
g_free(cmd);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (conn->sasl_mechanism != SASL_MECHANISM_NONE)
|
||||||
|
cap_toggle(server, "sasl", TRUE);
|
||||||
|
|
||||||
irc_send_cmd_now(server, "CAP LS");
|
irc_send_cmd_now(server, "CAP LS");
|
||||||
|
|
||||||
if (conn->password != NULL && *conn->password != '\0') {
|
if (conn->password != NULL && *conn->password != '\0') {
|
||||||
|
@ -27,6 +27,10 @@ struct _IRC_SERVER_CONNECT_REC {
|
|||||||
char *usermode;
|
char *usermode;
|
||||||
char *alternate_nick;
|
char *alternate_nick;
|
||||||
|
|
||||||
|
int sasl_mechanism;
|
||||||
|
char *sasl_username;
|
||||||
|
char *sasl_password;
|
||||||
|
|
||||||
int max_cmds_at_once;
|
int max_cmds_at_once;
|
||||||
int cmd_queue_speed;
|
int cmd_queue_speed;
|
||||||
int max_query_chans;
|
int max_query_chans;
|
||||||
|
134
src/irc/core/sasl.c
Normal file
134
src/irc/core/sasl.c
Normal file
@ -0,0 +1,134 @@
|
|||||||
|
#include "module.h"
|
||||||
|
#include "misc.h"
|
||||||
|
#include "settings.h"
|
||||||
|
|
||||||
|
#include "irc-cap.h"
|
||||||
|
#include "irc-servers.h"
|
||||||
|
#include "sasl.h"
|
||||||
|
|
||||||
|
#define SASL_TIMEOUT (20 * 1000) // ms
|
||||||
|
|
||||||
|
static gboolean sasl_timeout (IRC_SERVER_REC *server)
|
||||||
|
{
|
||||||
|
/* The authentication timed out, we can't do much beside terminating it */
|
||||||
|
g_critical("The authentication timed out, try increasing the timeout and check your connection "
|
||||||
|
"to the network.");
|
||||||
|
irc_send_cmd_now(server, "AUTHENTICATE *");
|
||||||
|
cap_finish_negotiation(server);
|
||||||
|
|
||||||
|
return G_SOURCE_REMOVE;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void sasl_start (IRC_SERVER_REC *server, const char *data, const char *from)
|
||||||
|
{
|
||||||
|
IRC_SERVER_CONNECT_REC *conn;
|
||||||
|
|
||||||
|
conn = server->connrec;
|
||||||
|
|
||||||
|
switch (conn->sasl_mechanism) {
|
||||||
|
case SASL_MECHANISM_PLAIN:
|
||||||
|
irc_send_cmd_now(server, "AUTHENTICATE PLAIN");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SASL_MECHANISM_EXTERNAL:
|
||||||
|
irc_send_cmd_now(server, "AUTHENTICATE EXTERNAL");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
server->sasl_timeout = g_timeout_add(SASL_TIMEOUT, (GSourceFunc) sasl_timeout, server);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void sasl_fail (IRC_SERVER_REC *server, const char *data, const char *from)
|
||||||
|
{
|
||||||
|
/* Stop any pending timeout, if any */
|
||||||
|
g_source_remove(server->sasl_timeout);
|
||||||
|
|
||||||
|
g_critical("Authentication failed, make sure your credentials are correct and that the mechanism "
|
||||||
|
"you have selected is supported by this server.");
|
||||||
|
|
||||||
|
/* Terminate the negotiation */
|
||||||
|
cap_finish_negotiation(server);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void sasl_already (IRC_SERVER_REC *server, const char *data, const char *from)
|
||||||
|
{
|
||||||
|
g_source_remove(server->sasl_timeout);
|
||||||
|
|
||||||
|
/* We're already authenticated, do nothing */
|
||||||
|
cap_finish_negotiation(server);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void sasl_success (IRC_SERVER_REC *server, const char *data, const char *from)
|
||||||
|
{
|
||||||
|
g_source_remove(server->sasl_timeout);
|
||||||
|
|
||||||
|
/* The authentication succeeded, time to finish the CAP negotiation */
|
||||||
|
g_warning("SASL authentication succeeded");
|
||||||
|
cap_finish_negotiation(server);
|
||||||
|
}
|
||||||
|
|
||||||
|
static void sasl_step (IRC_SERVER_REC *server, const char *data, const char *from)
|
||||||
|
{
|
||||||
|
IRC_SERVER_CONNECT_REC *conn;
|
||||||
|
GString *req;
|
||||||
|
char *enc_req;
|
||||||
|
|
||||||
|
conn = server->connrec;
|
||||||
|
|
||||||
|
/* Stop the timer */
|
||||||
|
g_source_remove(server->sasl_timeout);
|
||||||
|
|
||||||
|
switch (conn->sasl_mechanism) {
|
||||||
|
case SASL_MECHANISM_PLAIN:
|
||||||
|
/* At this point we assume that conn->{username, password} are non-NULL.
|
||||||
|
* The PLAIN mechanism expects a NULL-separated string composed by the authorization identity, the
|
||||||
|
* authentication identity and the password.
|
||||||
|
* The authorization identity field is optional and can be omitted, the server will derive the
|
||||||
|
* identity by looking at the credentials provided.
|
||||||
|
* The whole request is then encoded in base64. */
|
||||||
|
|
||||||
|
req = g_string_new(NULL);
|
||||||
|
|
||||||
|
g_string_append_c(req, '\0');
|
||||||
|
g_string_append(req, conn->sasl_username);
|
||||||
|
g_string_append_c(req, '\0');
|
||||||
|
g_string_append(req, conn->sasl_password);
|
||||||
|
|
||||||
|
enc_req = g_base64_encode((const guchar *)req->str, req->len);
|
||||||
|
|
||||||
|
irc_send_cmdv(server, "AUTHENTICATE %s", enc_req);
|
||||||
|
|
||||||
|
g_free(enc_req);
|
||||||
|
g_string_free(req, TRUE);
|
||||||
|
break;
|
||||||
|
|
||||||
|
case SASL_MECHANISM_EXTERNAL:
|
||||||
|
/* Empty response */
|
||||||
|
irc_send_cmdv(server, "+");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* We expect a response within a reasonable time */
|
||||||
|
server->sasl_timeout = g_timeout_add(SASL_TIMEOUT, (GSourceFunc) sasl_timeout, server);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sasl_init(void)
|
||||||
|
{
|
||||||
|
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
||||||
|
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
|
||||||
|
signal_add_first("event 900", (SIGNAL_FUNC) sasl_success);
|
||||||
|
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_add_first("event 904", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_add_first("event 905", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_add_first("event 907", (SIGNAL_FUNC) sasl_already);
|
||||||
|
}
|
||||||
|
|
||||||
|
void sasl_deinit(void)
|
||||||
|
{
|
||||||
|
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
||||||
|
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
|
||||||
|
signal_remove("event 900", (SIGNAL_FUNC) sasl_success);
|
||||||
|
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_remove("event 904", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_remove("event 905", (SIGNAL_FUNC) sasl_fail);
|
||||||
|
signal_remove("event 907", (SIGNAL_FUNC) sasl_already);
|
||||||
|
}
|
14
src/irc/core/sasl.h
Normal file
14
src/irc/core/sasl.h
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
#ifndef __SASL_H
|
||||||
|
#define __SASL_H
|
||||||
|
|
||||||
|
enum {
|
||||||
|
SASL_MECHANISM_NONE = 0,
|
||||||
|
SASL_MECHANISM_PLAIN,
|
||||||
|
SASL_MECHANISM_EXTERNAL,
|
||||||
|
SASL_MECHANISM_MAX
|
||||||
|
};
|
||||||
|
|
||||||
|
void sasl_init(void);
|
||||||
|
void sasl_deinit(void);
|
||||||
|
|
||||||
|
#endif
|
Loading…
Reference in New Issue
Block a user