From dab92571b0959a1f1c4805dd6d874421b262aa8c Mon Sep 17 00:00:00 2001
From: Marius Halden <marius.h@lden.org>
Date: Mon, 21 Mar 2016 14:30:44 +0100
Subject: Add authmode sasl

New AuthMode sasl added, when this is used all users have to
authenticate with sasl.
---
 conf.c         | 2 ++
 conf.h         | 2 +-
 irc.c          | 5 +++++
 irc.h          | 1 +
 irc_commands.c | 1 +
 5 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/conf.c b/conf.c
index 95e3afd2..83495d15 100644
--- a/conf.c
+++ b/conf.c
@@ -260,6 +260,8 @@ static int conf_loadini(conf_t *conf, char *file)
 					conf->authmode = AUTHMODE_REGISTERED;
 				} else if (g_strcasecmp(ini->value, "closed") == 0) {
 					conf->authmode = AUTHMODE_CLOSED;
+				} else if (g_strcasecmp(ini->value, "sasl") == 0) {
+					conf->authmode = AUTHMODE_SASL;
 				} else {
 					conf->authmode = AUTHMODE_OPEN;
 				}
diff --git a/conf.h b/conf.h
index e504f637..3305844a 100644
--- a/conf.h
+++ b/conf.h
@@ -27,7 +27,7 @@
 #define __CONF_H
 
 typedef enum runmode { RUNMODE_DAEMON, RUNMODE_FORKDAEMON, RUNMODE_INETD } runmode_t;
-typedef enum authmode { AUTHMODE_OPEN, AUTHMODE_CLOSED, AUTHMODE_REGISTERED } authmode_t;
+typedef enum authmode { AUTHMODE_OPEN, AUTHMODE_CLOSED, AUTHMODE_REGISTERED, AUTHMODE_SASL } authmode_t;
 
 typedef struct conf {
 	char *iface_in, *iface_out;
diff --git a/irc.c b/irc.c
index 563d3fca..d0685887 100644
--- a/irc.c
+++ b/irc.c
@@ -751,6 +751,11 @@ int irc_check_login(irc_t *irc)
 		if (global.conf->authmode == AUTHMODE_CLOSED && !(irc->status & USTATUS_AUTHORIZED)) {
 			irc_send_num(irc, 464, ":This server is password-protected.");
 			return 0;
+		} else if (global.conf->authmode == AUTHMODE_SASL &&
+		    (!(irc->caps & CAP_SASL) ||
+		     !(irc->status & USTATUS_SASL_AUTHENTICATED))) {
+			irc_send_num(irc, 464, ":This server requires sasl.");
+			return 0;
 		} else {
 			irc_channel_t *ic;
 			irc_user_t *iu = irc->user;
diff --git a/irc.h b/irc.h
index f8142ae3..27e164d3 100644
--- a/irc.h
+++ b/irc.h
@@ -58,6 +58,7 @@ typedef enum {
 	                           Currently just blocks irc_vawrite(). */
 	USTATUS_CAP_PENDING = 16,
 	USTATUS_SASL_PLAIN_PENDING = 32,
+	USTATUS_SASL_AUTHENTICATED = 64,
 
 	/* Not really status stuff, but other kinds of flags: For slightly
 	   better password security, since the only way to send passwords
diff --git a/irc_commands.c b/irc_commands.c
index f2d4ddf6..2696eb11 100644
--- a/irc_commands.c
+++ b/irc_commands.c
@@ -149,6 +149,7 @@ static void irc_cmd_authenticate(irc_t *irc, char **cmd)
 				/* no check_login here - wait for CAP END */
 				irc_setpass(irc, pass);
 			}
+			irc->status |= USTATUS_SASL_AUTHENTICATED;
 		}
 
 		g_free(user);
-- 
cgit v1.2.3