cadey
/
elemental-ircd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Make auth_user work with SASL and add it to the example configs.

This commit is contained in:
JD Horelick 2010-11-21 15:03:17 -05:00
parent 48e9e037f4
commit f5ed1007ba
3 changed files with 41 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/example.conf
View File

@ -163,6 +163,15 @@ auth {
user = "*@172.16.0.0/12"; user = "*@172.16.0.0/12";
user = "*test@123D:B567:*"; user = "*test@123D:B567:*";
/* auth_user: The username (authenticated via SASL or PASS) allowed
* to connect. You are able to put multiple auth_user lines. If people
* are authenticating via SASL in this way, it is recommended to comment
* out the password option below. You will also *NEED* to specify a user
* line above auth_user, this can safely be "*@*", however.
*/
auth_user = "jilles";
auth_user = "jdhore";
/* password: an optional password that is required to use this block. /* password: an optional password that is required to use this block.
* By default this is not encrypted, specify the flag "encrypted" in * By default this is not encrypted, specify the flag "encrypted" in
* flags = ...; below if it is. * flags = ...; below if it is.

9
doc/reference.conf
View File

@ -340,6 +340,15 @@ auth {
user = "*@172.16.0.0/12"; user = "*@172.16.0.0/12";
user = "*test@123D:B567:*"; user = "*test@123D:B567:*";
/* auth_user: The username (authenticated via SASL or PASS) allowed
* to connect. You are able to put multiple auth_user lines. If people
* are authenticating via SASL in this way, it is recommended to comment
* out the password option below. You will also *NEED* to specify a user
* line above auth_user, this can safely be "*@*", however.
*/
auth_user = "jilles";
auth_user = "jdhore";
/* password: an optional password that is required to use this block. /* password: an optional password that is required to use this block.
* By default this is not encrypted, specify the flag "encrypted" in * By default this is not encrypted, specify the flag "encrypted" in
* flags = ...; below if it is. * flags = ...; below if it is.

23
modules/m_sasl.c
View File

@ -42,6 +42,7 @@
static int mr_authenticate(struct Client *, struct Client *, int, const char **); static int mr_authenticate(struct Client *, struct Client *, int, const char **);
static int me_sasl(struct Client *, struct Client *, int, const char **); static int me_sasl(struct Client *, struct Client *, int, const char **);
static int server_auth_sasl(struct Client *);
static void abort_sasl(struct Client *); static void abort_sasl(struct Client *);
static void abort_sasl_exit(hook_data_client_exit *); static void abort_sasl_exit(hook_data_client_exit *);
@ -161,6 +162,7 @@ me_sasl(struct Client *client_p, struct Client *source_p,
sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name); sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
target_p->preClient->sasl_complete = 1; target_p->preClient->sasl_complete = 1;
ServerStats.is_ssuc++; ServerStats.is_ssuc++;
server_auth_sasl(target_p);
} }
*target_p->preClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */ *target_p->preClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
} }
@ -168,6 +170,27 @@ me_sasl(struct Client *client_p, struct Client *source_p,
return 0; return 0;
} }
static int server_auth_sasl(struct Client *client_p)
{
char *auth_user;
if (client_p->localClient->auth_user)
{
memset(client_p->localClient->auth_user, 0,
strlen(client_p->localClient->auth_user));
rb_free(client_p->localClient->auth_user);
client_p->localClient->auth_user = NULL;
}
auth_user = rb_strndup(client_p->user->suser, PASSWDLEN);
/* pointless check here */
if (auth_user)
client_p->localClient->auth_user = rb_strndup(auth_user, PASSWDLEN);
return 0;
}
/* If the client never finished authenticating but is /* If the client never finished authenticating but is
* registering anyway, abort the exchange. * registering anyway, abort the exchange.
*/ */