Make auth_user work with SASL and add it to the example configs.

2010-11-21 15:03:17 -05:00 · 2010-11-21 15:03:17 -05:00 · f5ed1007ba
parent 48e9e037f4
commit f5ed1007ba
3 changed files with 41 additions and 0 deletions
--- a/doc/example.conf
+++ b/doc/example.conf
@ -163,6 +163,15 @@ auth {
 	user = "*@172.16.0.0/12";
 	user = "*test@123D:B567:*";

+	/* auth_user: The username (authenticated via SASL or PASS) allowed
+	 * to connect. You are able to put multiple auth_user lines. If people
+	 * are authenticating via SASL in this way, it is recommended to comment
+	 * out the password option below. You will also *NEED* to specify a user
+	 * line above auth_user, this can safely be "*@*", however.
+	 */
+	auth_user = "jilles";
+	auth_user = "jdhore";
+
 	/* password: an optional password that is required to use this block.
 	 * By default this is not encrypted, specify the flag "encrypted" in
 	 * flags = ...; below if it is.
--- a/doc/reference.conf
+++ b/doc/reference.conf
@ -340,6 +340,15 @@ auth {
 	user = "*@172.16.0.0/12";
 	user = "*test@123D:B567:*";

+	/* auth_user: The username (authenticated via SASL or PASS) allowed
+	 * to connect. You are able to put multiple auth_user lines. If people
+	 * are authenticating via SASL in this way, it is recommended to comment
+	 * out the password option below. You will also *NEED* to specify a user
+	 * line above auth_user, this can safely be "*@*", however.
+	 */
+	auth_user = "jilles";
+	auth_user = "jdhore";
+
 	/* password: an optional password that is required to use this block.
 	 * By default this is not encrypted, specify the flag "encrypted" in
 	 * flags = ...; below if it is.
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@ -42,6 +42,7 @@

 static int mr_authenticate(struct Client *, struct Client *, int, const char **);
 static int me_sasl(struct Client *, struct Client *, int, const char **);
+static int server_auth_sasl(struct Client *);

 static void abort_sasl(struct Client *);
 static void abort_sasl_exit(hook_data_client_exit *);
@ -161,6 +162,7 @@ me_sasl(struct Client *client_p, struct Client *source_p,
 			sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
 			target_p->preClient->sasl_complete = 1;
 			ServerStats.is_ssuc++;
+			server_auth_sasl(target_p);
 		}
 		*target_p->preClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
 	}
@ -168,6 +170,27 @@ me_sasl(struct Client *client_p, struct Client *source_p,
 	return 0;
 }

+static int server_auth_sasl(struct Client *client_p)
+{
+	char *auth_user;
+
+        if (client_p->localClient->auth_user)
+        {
+                memset(client_p->localClient->auth_user, 0,
+                       strlen(client_p->localClient->auth_user));
+                rb_free(client_p->localClient->auth_user);
+                client_p->localClient->auth_user = NULL;
+        }
+
+	auth_user = rb_strndup(client_p->user->suser, PASSWDLEN);
+
+	/* pointless check here */
+	if (auth_user)
+		client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
+
+	return 0;
+}
+
 /* If the client never finished authenticating but is
 * registering anyway, abort the exchange.
 */