M src/database/database.hpp => src/database/database.hpp +3 -1
@@ 43,6 43,8 @@ class Database
struct Nick: Column<std::string> { static constexpr auto name = "nick_"; };
+ struct SaslPassword: Column<std::string> { static constexpr auto name = "saslpassword_"; };
+
struct Pass: Column<std::string> { static constexpr auto name = "pass_"; };
struct Ports: Column<std::string> { static constexpr auto name = "ports_";
@@ 95,7 97,7 @@ class Database
using GlobalOptionsTable = Table<Id, Owner, MaxHistoryLength, RecordHistory, GlobalPersistent>;
using GlobalOptions = GlobalOptionsTable::RowType;
- using IrcServerOptionsTable = Table<Id, Owner, Server, Pass, TlsPorts, Ports, Username, Realname, VerifyCert, TrustedFingerprint, EncodingOut, EncodingIn, MaxHistoryLength, Address, Nick, ThrottleLimit>;
+ using IrcServerOptionsTable = Table<Id, Owner, Server, Pass, TlsPorts, Ports, Username, Realname, VerifyCert, TrustedFingerprint, EncodingOut, EncodingIn, MaxHistoryLength, Address, Nick, SaslPassword, ThrottleLimit>;
using IrcServerOptions = IrcServerOptionsTable::RowType;
using IrcChannelOptionsTable = Table<Id, Owner, Server, Channel, EncodingOut, EncodingIn, MaxHistoryLength, Persistent, RecordHistoryOptional>;
A src/irc/capability.hpp => src/irc/capability.hpp +9 -0
@@ 0,0 1,9 @@
+#pragma once
+
+#include <functional>
+
+struct Capability
+{
+ std::function<void()> on_ack;
+ std::function<void()> on_nack;
+};
M src/irc/irc_client.cpp => src/irc/irc_client.cpp +105 -13
@@ 5,6 5,7 @@
#include <irc/irc_client.hpp>
#include <bridge/bridge.hpp>
#include <irc/irc_user.hpp>
+#include <utils/base64.hpp>
#include <logger/logger.hpp>
#include <config/config.hpp>
@@ 81,6 82,11 @@ static const std::unordered_map<std::string,
{"PONG", {&IrcClient::on_pong, {0, 0}}},
{"KICK", {&IrcClient::on_kick, {3, 0}}},
{"INVITE", {&IrcClient::on_invite, {2, 0}}},
+ {"CAP", {&IrcClient::on_cap, {3, 0}}},
+ {"AUTHENTICATE", {&IrcClient::on_authenticate, {1, 0}}},
+ {"903", {&IrcClient::on_sasl_success, {0, 0}}},
+ {"900", {&IrcClient::on_sasl_login, {3, 0}}},
+
{"401", {&IrcClient::on_generic_error, {2, 0}}},
{"402", {&IrcClient::on_generic_error, {2, 0}}},
@@ 272,18 278,43 @@ void IrcClient::on_connected()
}
}
- this->send_message({"CAP", {"REQ", "multi-prefix"}});
- this->send_message({"CAP", {"END"}});
+ this->send_gateway_message("Connected to IRC server"s + (this->use_tls ? " (encrypted)": "") + ".");
+
+ this->capabilities["multi-prefix"] = {[]{}, []{}};
#ifdef USE_DATABASE
auto options = Database::get_irc_server_options(this->bridge.get_bare_jid(),
this->get_hostname());
- if (!options.col<Database::Pass>().empty())
+
+ const auto& sasl_password = options.col<Database::SaslPassword>();
+ const auto& server_password = options.col<Database::Pass>();
+
+ if (!server_password.empty())
this->send_pass_command(options.col<Database::Pass>());
+
+ if (!sasl_password.empty())
+ {
+ this->capabilities["sasl"] = {
+ [this]
+ {
+ this->send_message({"AUTHENTICATE", {"PLAIN"}});
+ log_warning("negociating SASL now...");
+ },
+ []
+ {
+ log_warning("SASL not supported by the server, disconnecting.");
+ }
+ };
+ this->sasl_state = SaslState::needed;
+ }
#endif
- this->send_nick_command(this->current_nick);
+ {
+ for (const auto &pair : this->capabilities)
+ this->send_message({ "CAP", {"REQ", pair.first}});
+ }
+ this->send_nick_command(this->current_nick);
#ifdef USE_DATABASE
if (Config::get("realname_customization", "true") == "true")
{
@@ 298,9 329,6 @@ void IrcClient::on_connected()
#else
this->send_user_command(this->username, this->realname);
#endif
- this->send_gateway_message("Connected to IRC server"s + (this->use_tls ? " (encrypted)": "") + ".");
- this->send_pending_data();
- this->bridge.on_irc_client_connected(this->get_hostname());
}
void IrcClient::on_connection_close(const std::string& error_msg)
@@ 371,12 399,14 @@ void IrcClient::parse_in_buffer(const size_t)
{
const auto& limits = it->second.second;
// Check that the Message is well formed before actually calling
- // the callback. limits.first is the min number of arguments,
- // second is the max
- if (message.arguments.size() < limits.first ||
- (limits.second > 0 && message.arguments.size() > limits.second))
+ // the callback.
+ const auto args_size = message.arguments.size();
+ const auto min = limits.first;
+ const auto max = limits.second;
+ if (args_size < min ||
+ (max > 0 && args_size > max))
log_warning("Invalid number of arguments for IRC command “", message.command,
- "”: ", message.arguments.size());
+ "”: ", args_size);
else
{
const auto& cb = it->second.first;
@@ 1266,7 1296,7 @@ void IrcClient::on_unknown_message(const IrcMessage& message)
return ;
std::string from = message.prefix;
std::stringstream ss;
- for (auto it = message.arguments.begin() + 1; it != message.arguments.end(); ++it)
+ for (auto it = std::next(message.arguments.begin()); it != message.arguments.end(); ++it)
{
ss << *it;
if (it + 1 != message.arguments.end())
@@ 1299,3 1329,65 @@ long int IrcClient::get_throttle_limit() const
return 10;
#endif
}
+
+void IrcClient::on_cap(const IrcMessage &message)
+{
+ const auto& sub_command = message.arguments[1];
+ const auto& cap = message.arguments[2];
+ auto it = this->capabilities.find(cap);
+ if (it == this->capabilities.end())
+ {
+ log_warning("Received a CAP message for something we didn’t ask, or that we already handled.");
+ return;
+ }
+ Capability& capability = it->second;
+ if (sub_command == "ACK")
+ capability.on_ack();
+ else if (sub_command == "NACK")
+ capability.on_nack();
+ this->capabilities.erase(it);
+ this->cap_end();
+}
+
+void IrcClient::on_authenticate(const IrcMessage &)
+{
+ if (this->sasl_state == SaslState::unneeded)
+ {
+ log_warning("Received an AUTHENTICATE command but we don’t intend to authenticate…");
+ return;
+ }
+#ifdef USE_DATABASE
+ auto options = Database::get_irc_server_options(this->bridge.get_bare_jid(),
+ this->get_hostname());
+ const auto auth_string = '\0' + options.col<Database::Nick>() + '\0' + options.col<Database::SaslPassword>();
+ const auto base64_auth_string = base64::encode(auth_string);
+ this->send_message({"AUTHENTICATE", {base64_auth_string}});
+#endif
+}
+
+void IrcClient::on_sasl_success(const IrcMessage &)
+{
+ this->sasl_state = SaslState::success;
+ this->cap_end();
+}
+
+void IrcClient::on_sasl_login(const IrcMessage &message)
+{
+ const auto& login = message.arguments[2];
+ std::string text = "Your are now logged in as " + login;
+ if (message.arguments.size() > 3)
+ text = message.arguments[3];
+ this->bridge.send_xmpp_message(this->hostname, message.prefix, text);
+}
+
+void IrcClient::cap_end()
+{
+ if (!this->capabilities.empty())
+ return;
+ // If we are currently authenticating through sasl, finish that before sending CAP END
+ if (this->sasl_state == SaslState::needed)
+ return;
+
+ this->send_message({"CAP", {"END"}});
+ this->bridge.on_irc_client_connected(this->get_hostname());
+}
M src/irc/irc_client.hpp => src/irc/irc_client.hpp +19 -1
@@ 1,8 1,9 @@
#pragma once
-
#include <irc/irc_message.hpp>
#include <irc/irc_channel.hpp>
+#include <irc/capability.hpp>
+#include <irc/sasl.hpp>
#include <irc/iid.hpp>
#include <bridge/history_limit.hpp>
@@ 232,6 233,17 @@ public:
*/
void on_invited(const IrcMessage& message);
/**
+ * The IRC server sends a CAP message, as part of capabilities negociation. It could be a ACK,
+ * NACK, or something else
+ */
+ void on_cap(const IrcMessage& message);
+private:
+ void cap_end();
+public:
+ void on_authenticate(const IrcMessage& message);
+ void on_sasl_success(const IrcMessage& message);
+ void on_sasl_login(const IrcMessage& message);
+ /**
* The channel has been completely joined (self presence, topic, all names
* received etc), send the self presence and topic to the XMPP user.
*/
@@ 360,6 372,12 @@ private:
*/
bool welcomed;
/**
+ * Whether or not we are trying to authenticate using sasl. If this is true we need to wait for a
+ * successful auth
+ */
+ SaslState sasl_state{SaslState::unneeded};
+ std::map<std::string, Capability> capabilities;
+ /**
* See http://www.irc.org/tech_docs/draft-brocklesby-irc-isupport-03.txt section 3.3
* We store the possible chanmodes in this object.
* chanmodes[0] contains modes of type A, [1] of type B etc
A src/irc/sasl.hpp => src/irc/sasl.hpp +9 -0
@@ 0,0 1,9 @@
+#pragma once
+
+enum class SaslState
+{
+ unneeded,
+ needed,
+ failure,
+ success,
+};
A src/utils/base64.cpp => src/utils/base64.cpp +19 -0
@@ 0,0 1,19 @@
+#include <utils/base64.hpp>
+
+#ifdef BOTAN_FOUND
+#include <botan/base64.h>
+#endif
+
+namespace base64
+{
+
+std::string encode(const std::string &input)
+{
+#ifdef BOTAN_FOUND
+ return Botan::base64_encode(reinterpret_cast<const uint8_t*>(input.data()), input.size());
+#else
+#error "base64::encode() not yet implemented without Botan."
+#endif
+}
+
+}
A src/utils/base64.hpp => src/utils/base64.hpp +10 -0
@@ 0,0 1,10 @@
+#pragma once
+
+#include "biboumi.h"
+
+#include <string>
+
+namespace base64
+{
+std::string encode(const std::string& input);
+}
M src/xmpp/biboumi_adhoc_commands.cpp => src/xmpp/biboumi_adhoc_commands.cpp +16 -0
@@ 326,6 326,19 @@ void ConfigureIrcServerStep1(XmppComponent&, AdhocSession& session, XmlNode& com
}
{
+ XmlSubNode field(x, "field");
+ field["var"] = "sasl_password";
+ field["type"] = "text-private";
+ field["label"] = "SASL Password";
+ set_desc(field, "Use it to authenticate with your nick.");
+ if (!options.col<Database::SaslPassword>().empty())
+ {
+ XmlSubNode value(field, "value");
+ value.set_inner(options.col<Database::SaslPassword>());
+ }
+ }
+
+ {
XmlSubNode pass(x, "field");
pass["var"] = "pass";
pass["type"] = "text-private";
@@ 482,6 495,9 @@ void ConfigureIrcServerStep2(XmppComponent& xmpp_component, AdhocSession& sessio
else if (field->get_tag("var") == "nick" && value)
options.col<Database::Nick>() = value->get_inner();
+ else if (field->get_tag("var") == "sasl_password" && value)
+ options.col<Database::SaslPassword>() = value->get_inner();
+
else if (field->get_tag("var") == "pass" && value)
options.col<Database::Pass>() = value->get_inner();
M tests/end_to_end/__main__.py => tests/end_to_end/__main__.py +2 -0
@@ 184,6 184,8 @@ class BiboumiRunner(ProcessRunner):
class IrcServerRunner(ProcessRunner):
def __init__(self):
super().__init__()
+ # Always start with a fresh state
+ os.remove("ircd.db")
subprocess.run(["oragono", "mkcerts", "--conf", os.getcwd() + "/../tests/end_to_end/ircd.yaml"])
self.create = asyncio.create_subprocess_exec("oragono", "run", "--conf", os.getcwd() + "/../tests/end_to_end/ircd.yaml",
stderr=asyncio.subprocess.PIPE)
A tests/end_to_end/scenarios/sasl.py => tests/end_to_end/scenarios/sasl.py +34 -0
@@ 0,0 1,34 @@
+from scenarios import *
+
+scenario = (
+ send_stanza("<presence from='{jid_one}/{resource_one}' to='#foo%{irc_server_one}/RegisteredUser' ><x xmlns='http://jabber.org/protocol/muc'/></presence>"),
+ sequences.connection(),
+
+ simple_channel_join.expect_self_join_presence(jid = '{jid_one}/{resource_one}', chan = "#foo", nick = "RegisteredUser"),
+
+ # Create an account by talking to nickserv directly
+ send_stanza("<message from='{jid_one}/{resource_one}' to='nickserv%{irc_server_one}' type='chat'><body>register P4SSW0RD</body></message>"),
+ expect_stanza("/message/body[text()='Account created']"),
+ expect_stanza("/message/body[text()=\"You're now logged in as RegisteredUser\"]"),
+ send_stanza("<presence from='{jid_one}/{resource_one}' to='#foo%{irc_server_one}/{nick_one}' type='unavailable' />"),
+ expect_stanza("/presence[@type='unavailable']"),
+
+ # Configure an sasl password
+ send_stanza("<iq type='set' id='id1' from='{jid_one}/{resource_one}' to='{irc_server_one}'><command xmlns='http://jabber.org/protocol/commands' node='configure' action='execute' /></iq>"),
+ expect_stanza("/iq[@type='result']/commands:command[@node='configure'][@sessionid][@status='executing']",
+ "/iq/commands:command/dataform:x[@type='form']/dataform:field[@type='text-private'][@var='sasl_password']",
+ after = save_value("sessionid", extract_attribute("/iq[@type='result']/commands:command[@node='configure']", "sessionid"))),
+
+ send_stanza("<iq type='set' id='id2' from='{jid_one}/{resource_one}' to='{irc_server_one}'>"
+ "<command xmlns='http://jabber.org/protocol/commands' node='configure' sessionid='{sessionid}' action='complete'>"
+ "<x xmlns='jabber:x:data' type='submit'>"
+ "<field var='sasl_password'><value>P4SSW0RD</value></field>"
+ "<field var='ports'><value>6667</value></field>"
+ "<field var='nick'><value>RegisteredUser</value></field>"
+ "<field var='tls_ports'><value>6697</value><value>6670</value></field>"
+ "</x></command></iq>"),
+ expect_stanza("/iq[@type='result']/commands:command[@node='configure'][@status='completed']/commands:note[@type='info'][text()='Configuration successfully applied.']"),
+
+ send_stanza("<presence from='{jid_one}/{resource_one}' to='#foo%{irc_server_one}/{nick_one}' ><x xmlns='http://jabber.org/protocol/muc'/></presence>"),
+ sequences.connection(login="RegisteredUser")
+)
M tests/end_to_end/scenarios/simple_channel_join.py => tests/end_to_end/scenarios/simple_channel_join.py +0 -1
@@ 15,6 15,5 @@ scenario = (
sequences.connection(),
expect_self_join_presence(jid = '{jid_one}/{resource_one}', chan = "#foo", nick = "{nick_one}"),
-
)
M tests/end_to_end/sequences.py => tests/end_to_end/sequences.py +9 -9
@@ 6,7 6,7 @@ def handshake():
send_stanza("<handshake xmlns='jabber:component:accept'/>")
)
-def connection_begin(irc_host, jid, expected_irc_presence=False, fixed_irc_server=False):
+def connection_begin(irc_host, jid, expected_irc_presence=False, fixed_irc_server=False, login=None):
jid = jid.format_map(common_replacements)
if fixed_irc_server:
xpath = "/message[@to='" + jid + "'][@from='biboumi.localhost']/body[text()='%s']"
@@ 26,12 26,12 @@ def connection_begin(irc_host, jid, expected_irc_presence=False, fixed_irc_serve
if expected_irc_presence:
result += (expect_stanza("/presence[@from='" + irc_host + "@biboumi.localhost']"),)
+ if login is not None:
+ result += (expect_stanza("/message/body[text()='irc.localhost: You are now logged in as %s']" % (login,)),)
result += (
- expect_stanza("/message/body[text()='irc.localhost: ACK multi-prefix']"),
expect_stanza("/message/body[text()='irc.localhost: *** Looking up your hostname...']"),
- expect_stanza("/message/body[text()='irc.localhost: *** Found your hostname']"),
- ),
-
+ expect_stanza("/message/body[text()='irc.localhost: *** Found your hostname']")
+ )
return result
def connection_tls_begin(irc_host, jid, fixed_irc_server):
@@ 47,9 47,8 @@ def connection_tls_begin(irc_host, jid, fixed_irc_server):
"/message/carbon:private",
),
expect_stanza(xpath % 'Connected to IRC server (encrypted).'),
- expect_stanza("/message/body[text()='irc.localhost: ACK multi-prefix']"),
expect_stanza("/message/body[text()='irc.localhost: *** Looking up your hostname...']"),
- expect_stanza("/message/body[text()='irc.localhost: *** Found your hostname']"),
+ expect_stanza("/message/body[text()='irc.localhost: *** Found your hostname']")
)
def connection_end(irc_host, jid, fixed_irc_server=False):
@@ 75,8 74,9 @@ def connection_end(irc_host, jid, fixed_irc_server=False):
expect_stanza(xpath_re % (r'.+? \+Z',)),
)
-def connection(irc_host="irc.localhost", jid="{jid_one}/{resource_one}", expected_irc_presence=False, fixed_irc_server=False):
- return connection_begin(irc_host, jid, expected_irc_presence, fixed_irc_server=fixed_irc_server) + \
+
+def connection(irc_host="irc.localhost", jid="{jid_one}/{resource_one}", expected_irc_presence=False, fixed_irc_server=False, login=None):
+ return connection_begin(irc_host, jid, expected_irc_presence, fixed_irc_server=fixed_irc_server, login=login) + \
connection_end(irc_host, jid, fixed_irc_server=fixed_irc_server)
def connection_tls(irc_host="irc.localhost", jid="{jid_one}/{resource_one}", fixed_irc_server=False):