From f5ed1007bad4218e035a29bd572d9ff7acced6a8 Mon Sep 17 00:00:00 2001
From: JD Horelick <jdhore1@gmail.com>
Date: Sun, 21 Nov 2010 15:03:17 -0500
Subject: [PATCH] Make auth_user work with SASL and add it to the example
 configs.

---
 doc/example.conf   |  9 +++++++++
 doc/reference.conf |  9 +++++++++
 modules/m_sasl.c   | 23 +++++++++++++++++++++++
 3 files changed, 41 insertions(+)

diff --git a/doc/example.conf b/doc/example.conf
index af1e99c..d976813 100755
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -163,6 +163,15 @@ auth {
 	user = "*@172.16.0.0/12";
 	user = "*test@123D:B567:*";
 
+	/* auth_user: The username (authenticated via SASL or PASS) allowed
+	 * to connect. You are able to put multiple auth_user lines. If people
+	 * are authenticating via SASL in this way, it is recommended to comment
+	 * out the password option below. You will also *NEED* to specify a user
+	 * line above auth_user, this can safely be "*@*", however.
+	 */
+	auth_user = "jilles";
+	auth_user = "jdhore";
+
 	/* password: an optional password that is required to use this block.
 	 * By default this is not encrypted, specify the flag "encrypted" in
 	 * flags = ...; below if it is.
diff --git a/doc/reference.conf b/doc/reference.conf
index 25f07ab..1d4848b 100755
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -340,6 +340,15 @@ auth {
 	user = "*@172.16.0.0/12";
 	user = "*test@123D:B567:*";
 
+	/* auth_user: The username (authenticated via SASL or PASS) allowed
+	 * to connect. You are able to put multiple auth_user lines. If people
+	 * are authenticating via SASL in this way, it is recommended to comment
+	 * out the password option below. You will also *NEED* to specify a user
+	 * line above auth_user, this can safely be "*@*", however.
+	 */
+	auth_user = "jilles";
+	auth_user = "jdhore";
+
 	/* password: an optional password that is required to use this block.
 	 * By default this is not encrypted, specify the flag "encrypted" in
 	 * flags = ...; below if it is.
diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index 8cea3e8..cbc5c77 100644
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -42,6 +42,7 @@
 
 static int mr_authenticate(struct Client *, struct Client *, int, const char **);
 static int me_sasl(struct Client *, struct Client *, int, const char **);
+static int server_auth_sasl(struct Client *);
 
 static void abort_sasl(struct Client *);
 static void abort_sasl_exit(hook_data_client_exit *);
@@ -161,6 +162,7 @@ me_sasl(struct Client *client_p, struct Client *source_p,
 			sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
 			target_p->preClient->sasl_complete = 1;
 			ServerStats.is_ssuc++;
+			server_auth_sasl(target_p);
 		}
 		*target_p->preClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
 	}
@@ -168,6 +170,27 @@ me_sasl(struct Client *client_p, struct Client *source_p,
 	return 0;
 }
 
+static int server_auth_sasl(struct Client *client_p)
+{
+	char *auth_user;
+
+        if (client_p->localClient->auth_user)
+        {
+                memset(client_p->localClient->auth_user, 0,
+                       strlen(client_p->localClient->auth_user));
+                rb_free(client_p->localClient->auth_user);
+                client_p->localClient->auth_user = NULL;
+        }
+
+	auth_user = rb_strndup(client_p->user->suser, PASSWDLEN);
+
+	/* pointless check here */
+	if (auth_user)
+		client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
+
+	return 0;
+}
+
 /* If the client never finished authenticating but is
  * registering anyway, abort the exchange.
  */