degesch: add trivial SASL EXTERNAL support

Just set `tls_cert`, and add `sasl` to `capabilities`.
2021-05-28 02:11:23 +02:00 · 2021-05-28 02:11:23 +02:00 · 5a0b2d1c57
parent bb451a5050
commit 5a0b2d1c57
3 changed files with 61 additions and 22 deletions
--- a/3
+++ b/3
@ -2,6 +2,9 @@

 * degesch: added a /squery command for IRCnet

+ * degesch: added trivial support for SASL EXTERNAL, enabled by adding "sasl"
+   to the respective server's "capabilities" list
+
 * degesch: now supporting IRCv3.2 capability negotiation, including CAP DEL


--- a/degesch.c
+++ b/degesch.c
@ -1721,6 +1721,7 @@ struct server
 	struct strv cap_ls_buf;             ///< Buffer for IRCv3.2 CAP LS
 	bool cap_echo_message;              ///< Whether the server echoes messages
 	bool cap_away_notify;               ///< Whether we get AWAY notifications
+	bool cap_sasl;                      ///< Whether SASL is available

 	// Server-specific information (from RPL_ISUPPORT):

@ -4962,6 +4963,7 @@ irc_destroy_state (struct server *s)
 	strv_reset (&s->cap_ls_buf);
 	s->cap_away_notify = false;
 	s->cap_echo_message = false;
+	s->cap_sasl = false;

 	// Need to call this before server_init_specifics()
 	irc_set_casemapping (s, irc_tolower, irc_strxfrm);
@ -6526,6 +6528,20 @@ irc_process_sent_message (const struct irc_message *msg, struct server *s)

 // --- Input handling ----------------------------------------------------------

+static void
+irc_handle_authenticate (struct server *s, const struct irc_message *msg)
+{
+	if (msg->params.len < 1)
+		return;
+
+	// Empty challenge -> empty response for e.g. SASL EXTERNAL,
+	// abort anything else as it doesn't make much sense to let the user do it
+	if (!strcmp (msg->params.vector[0], "+"))
+		irc_send (s, "AUTHENTICATE +");
+	else
+		irc_send (s, "AUTHENTICATE *");
+}
+
 static void
 irc_handle_away (struct server *s, const struct irc_message *msg)
 {
@ -6579,10 +6595,9 @@ irc_process_cap_ls (struct server *s)
 static void
 irc_toggle_cap (struct server *s, const char *cap, bool active)
 {
-	if (!strcasecmp_ascii (cap, "echo-message"))
-		s->cap_echo_message = active;
-	if (!strcasecmp_ascii (cap, "away-notify"))
-		s->cap_away_notify  = active;
+	if (!strcasecmp_ascii (cap, "echo-message")) s->cap_echo_message = active;
+	if (!strcasecmp_ascii (cap, "away-notify"))  s->cap_away_notify  = active;
+	if (!strcasecmp_ascii (cap, "sasl"))         s->cap_sasl         = active;
 }

 static void
@ -6612,12 +6627,16 @@ irc_handle_cap (struct server *s, const struct irc_message *msg)
 			}
 			irc_toggle_cap (s, cap, active);
 		}
+		if (s->cap_sasl && s->transport == &g_transport_tls)
+			irc_send (s, "AUTHENTICATE EXTERNAL");
+		else if (s->state == IRC_CONNECTED)
 			irc_send (s, "CAP END");
 	}
 	else if (!strcasecmp_ascii (subcommand, "NAK"))
 	{
 		log_server_error (s, s->buffer,
 			"#s: #S", "Capabilities not acknowledged", args);
+		if (s->state == IRC_CONNECTED)
 			irc_send (s, "CAP END");
 	}
 	else if (!strcasecmp_ascii (subcommand, "DEL"))
@ -7280,6 +7299,7 @@ irc_handle_topic (struct server *s, const struct irc_message *msg)
 static struct irc_handler g_irc_handlers[] =
 {
 	// This list needs to stay sorted
+	{ "AUTHENTICATE", irc_handle_authenticate },
 	{ "AWAY",         irc_handle_away         },
 	{ "CAP",          irc_handle_cap          },
 	{ "ERROR",        irc_handle_error        },
@ -7976,6 +7996,16 @@ irc_process_numeric (struct server *s,
 		if (irc_handle_rpl_endofwho (s, msg))  buffer = NULL;
 		break;

+	case IRC_ERR_NICKLOCKED:
+	case IRC_RPL_SASLSUCCESS:
+	case IRC_ERR_SASLFAIL:
+	case IRC_ERR_SASLTOOLONG:
+	case IRC_ERR_SASLABORTED:
+	case IRC_ERR_SASLALREADY:
+		if (s->state == IRC_CONNECTED)
+			irc_send (s, "CAP END");
+		break;
+
 	case IRC_RPL_LIST:

 	case IRC_ERR_UNKNOWNCOMMAND:
--- a/6
+++ b/6
@ -85,3 +85,9 @@
 482 IRC_ERR_CHANOPRIVSNEEDED "%s :You're not channel operator"
 501 IRC_ERR_UMODEUNKNOWNFLAG ":Unknown MODE flag"
 502 IRC_ERR_USERSDONTMATCH ":Cannot change mode for other users"
+902 IRC_ERR_NICKLOCKED ":You must use a nick assigned to you"
+903 IRC_RPL_SASLSUCCESS ":SASL authentication successful"
+904 IRC_ERR_SASLFAIL ":SASL authentication failed"
+905 IRC_ERR_SASLTOOLONG ":SASL message too long"
+906 IRC_ERR_SASLABORTED ":SASL authentication aborted"
+907 IRC_ERR_SASLALREADY ":You have already authenticated using SASL"