From 2e1ddeb6547e140e9651231fedcd00e8ee4b1ccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?louiz=E2=80=99?= Date: Sun, 14 Jun 2020 22:54:42 +0200 Subject: Implement SASL plain authentication --- src/database/database.hpp | 4 +- src/irc/capability.hpp | 9 +++ src/irc/irc_client.cpp | 118 ++++++++++++++++++++++++++++++++---- src/irc/irc_client.hpp | 20 +++++- src/irc/sasl.hpp | 9 +++ src/utils/base64.cpp | 19 ++++++ src/utils/base64.hpp | 10 +++ src/xmpp/biboumi_adhoc_commands.cpp | 16 +++++ 8 files changed, 190 insertions(+), 15 deletions(-) create mode 100644 src/irc/capability.hpp create mode 100644 src/irc/sasl.hpp create mode 100644 src/utils/base64.cpp create mode 100644 src/utils/base64.hpp (limited to 'src') diff --git a/src/database/database.hpp b/src/database/database.hpp index a53f87b..de1df49 100644 --- a/src/database/database.hpp +++ b/src/database/database.hpp @@ -43,6 +43,8 @@ class Database struct Nick: Column { static constexpr auto name = "nick_"; }; + struct SaslPassword: Column { static constexpr auto name = "saslpassword_"; }; + struct Pass: Column { static constexpr auto name = "pass_"; }; struct Ports: Column { static constexpr auto name = "ports_"; @@ -95,7 +97,7 @@ class Database using GlobalOptionsTable = Table; using GlobalOptions = GlobalOptionsTable::RowType; - using IrcServerOptionsTable = Table; + using IrcServerOptionsTable = Table; using IrcServerOptions = IrcServerOptionsTable::RowType; using IrcChannelOptionsTable = Table; diff --git a/src/irc/capability.hpp b/src/irc/capability.hpp new file mode 100644 index 0000000..55ccb0c --- /dev/null +++ b/src/irc/capability.hpp @@ -0,0 +1,9 @@ +#pragma once + +#include + +struct Capability +{ + std::function on_ack; + std::function on_nack; +}; diff --git a/src/irc/irc_client.cpp b/src/irc/irc_client.cpp index de38d42..183a9d8 100644 --- a/src/irc/irc_client.cpp +++ b/src/irc/irc_client.cpp @@ -5,6 +5,7 @@ #include #include #include +#include #include #include @@ -81,6 +82,11 @@ static const std::unordered_mapsend_message({"CAP", {"REQ", "multi-prefix"}}); - this->send_message({"CAP", {"END"}}); + this->send_gateway_message("Connected to IRC server"s + (this->use_tls ? " (encrypted)": "") + "."); + + this->capabilities["multi-prefix"] = {[]{}, []{}}; #ifdef USE_DATABASE auto options = Database::get_irc_server_options(this->bridge.get_bare_jid(), this->get_hostname()); - if (!options.col().empty()) + + const auto& sasl_password = options.col(); + const auto& server_password = options.col(); + + if (!server_password.empty()) this->send_pass_command(options.col()); + + if (!sasl_password.empty()) + { + this->capabilities["sasl"] = { + [this] + { + this->send_message({"AUTHENTICATE", {"PLAIN"}}); + log_warning("negociating SASL now..."); + }, + [] + { + log_warning("SASL not supported by the server, disconnecting."); + } + }; + this->sasl_state = SaslState::needed; + } #endif - this->send_nick_command(this->current_nick); + { + for (const auto &pair : this->capabilities) + this->send_message({ "CAP", {"REQ", pair.first}}); + } + this->send_nick_command(this->current_nick); #ifdef USE_DATABASE if (Config::get("realname_customization", "true") == "true") { @@ -298,9 +329,6 @@ void IrcClient::on_connected() #else this->send_user_command(this->username, this->realname); #endif - this->send_gateway_message("Connected to IRC server"s + (this->use_tls ? " (encrypted)": "") + "."); - this->send_pending_data(); - this->bridge.on_irc_client_connected(this->get_hostname()); } void IrcClient::on_connection_close(const std::string& error_msg) @@ -371,12 +399,14 @@ void IrcClient::parse_in_buffer(const size_t) { const auto& limits = it->second.second; // Check that the Message is well formed before actually calling - // the callback. limits.first is the min number of arguments, - // second is the max - if (message.arguments.size() < limits.first || - (limits.second > 0 && message.arguments.size() > limits.second)) + // the callback. + const auto args_size = message.arguments.size(); + const auto min = limits.first; + const auto max = limits.second; + if (args_size < min || + (max > 0 && args_size > max)) log_warning("Invalid number of arguments for IRC command “", message.command, - "”: ", message.arguments.size()); + "”: ", args_size); else { const auto& cb = it->second.first; @@ -1266,7 +1296,7 @@ void IrcClient::on_unknown_message(const IrcMessage& message) return ; std::string from = message.prefix; std::stringstream ss; - for (auto it = message.arguments.begin() + 1; it != message.arguments.end(); ++it) + for (auto it = std::next(message.arguments.begin()); it != message.arguments.end(); ++it) { ss << *it; if (it + 1 != message.arguments.end()) @@ -1299,3 +1329,65 @@ long int IrcClient::get_throttle_limit() const return 10; #endif } + +void IrcClient::on_cap(const IrcMessage &message) +{ + const auto& sub_command = message.arguments[1]; + const auto& cap = message.arguments[2]; + auto it = this->capabilities.find(cap); + if (it == this->capabilities.end()) + { + log_warning("Received a CAP message for something we didn’t ask, or that we already handled."); + return; + } + Capability& capability = it->second; + if (sub_command == "ACK") + capability.on_ack(); + else if (sub_command == "NACK") + capability.on_nack(); + this->capabilities.erase(it); + this->cap_end(); +} + +void IrcClient::on_authenticate(const IrcMessage &) +{ + if (this->sasl_state == SaslState::unneeded) + { + log_warning("Received an AUTHENTICATE command but we don’t intend to authenticate…"); + return; + } +#ifdef USE_DATABASE + auto options = Database::get_irc_server_options(this->bridge.get_bare_jid(), + this->get_hostname()); + const auto auth_string = '\0' + options.col() + '\0' + options.col(); + const auto base64_auth_string = base64::encode(auth_string); + this->send_message({"AUTHENTICATE", {base64_auth_string}}); +#endif +} + +void IrcClient::on_sasl_success(const IrcMessage &) +{ + this->sasl_state = SaslState::success; + this->cap_end(); +} + +void IrcClient::on_sasl_login(const IrcMessage &message) +{ + const auto& login = message.arguments[2]; + std::string text = "Your are now logged in as " + login; + if (message.arguments.size() > 3) + text = message.arguments[3]; + this->bridge.send_xmpp_message(this->hostname, message.prefix, text); +} + +void IrcClient::cap_end() +{ + if (!this->capabilities.empty()) + return; + // If we are currently authenticating through sasl, finish that before sending CAP END + if (this->sasl_state == SaslState::needed) + return; + + this->send_message({"CAP", {"END"}}); + this->bridge.on_irc_client_connected(this->get_hostname()); +} diff --git a/src/irc/irc_client.hpp b/src/irc/irc_client.hpp index cfb3d21..e2ad8b9 100644 --- a/src/irc/irc_client.hpp +++ b/src/irc/irc_client.hpp @@ -1,8 +1,9 @@ #pragma once - #include #include +#include +#include #include #include @@ -231,6 +232,17 @@ public: * The IRC server is confirming that the invitation has been forwarded */ void on_invited(const IrcMessage& message); + /** + * The IRC server sends a CAP message, as part of capabilities negociation. It could be a ACK, + * NACK, or something else + */ + void on_cap(const IrcMessage& message); +private: + void cap_end(); +public: + void on_authenticate(const IrcMessage& message); + void on_sasl_success(const IrcMessage& message); + void on_sasl_login(const IrcMessage& message); /** * The channel has been completely joined (self presence, topic, all names * received etc), send the self presence and topic to the XMPP user. @@ -359,6 +371,12 @@ private: * has been established, we are authentified and we have a nick) */ bool welcomed; + /** + * Whether or not we are trying to authenticate using sasl. If this is true we need to wait for a + * successful auth + */ + SaslState sasl_state{SaslState::unneeded}; + std::map capabilities; /** * See http://www.irc.org/tech_docs/draft-brocklesby-irc-isupport-03.txt section 3.3 * We store the possible chanmodes in this object. diff --git a/src/irc/sasl.hpp b/src/irc/sasl.hpp new file mode 100644 index 0000000..775bc3f --- /dev/null +++ b/src/irc/sasl.hpp @@ -0,0 +1,9 @@ +#pragma once + +enum class SaslState +{ + unneeded, + needed, + failure, + success, +}; diff --git a/src/utils/base64.cpp b/src/utils/base64.cpp new file mode 100644 index 0000000..350e2db --- /dev/null +++ b/src/utils/base64.cpp @@ -0,0 +1,19 @@ +#include + +#ifdef BOTAN_FOUND +#include +#endif + +namespace base64 +{ + +std::string encode(const std::string &input) +{ +#ifdef BOTAN_FOUND + return Botan::base64_encode(reinterpret_cast(input.data()), input.size()); +#else +#error "base64::encode() not yet implemented without Botan." +#endif +} + +} diff --git a/src/utils/base64.hpp b/src/utils/base64.hpp new file mode 100644 index 0000000..1dd4a4d --- /dev/null +++ b/src/utils/base64.hpp @@ -0,0 +1,10 @@ +#pragma once + +#include "biboumi.h" + +#include + +namespace base64 +{ +std::string encode(const std::string& input); +} diff --git a/src/xmpp/biboumi_adhoc_commands.cpp b/src/xmpp/biboumi_adhoc_commands.cpp index 113943c..99589e0 100644 --- a/src/xmpp/biboumi_adhoc_commands.cpp +++ b/src/xmpp/biboumi_adhoc_commands.cpp @@ -325,6 +325,19 @@ void ConfigureIrcServerStep1(XmppComponent&, AdhocSession& session, XmlNode& com } } + { + XmlSubNode field(x, "field"); + field["var"] = "sasl_password"; + field["type"] = "text-private"; + field["label"] = "SASL Password"; + set_desc(field, "Use it to authenticate with your nick."); + if (!options.col().empty()) + { + XmlSubNode value(field, "value"); + value.set_inner(options.col()); + } + } + { XmlSubNode pass(x, "field"); pass["var"] = "pass"; @@ -482,6 +495,9 @@ void ConfigureIrcServerStep2(XmppComponent& xmpp_component, AdhocSession& sessio else if (field->get_tag("var") == "nick" && value) options.col() = value->get_inner(); + else if (field->get_tag("var") == "sasl_password" && value) + options.col() = value->get_inner(); + else if (field->get_tag("var") == "pass" && value) options.col() = value->get_inner(); -- cgit v1.2.3