From 8e6ecfe23ff985e57675bd00b94860edb62de9ad Mon Sep 17 00:00:00 2001 From: Dennis Kaarsemaker Date: Tue, 23 Feb 2016 19:41:34 +0100 Subject: Authentication: scaffolding for multiple authentication backends Instead of always putting users passwords in XML files, allow site admins to configure a different authentication method to integrate authentication with other systems. This doesn't add any authentication backends yet, merely the scaffolding. Notably: - Password checking and loading/removing from storage has been decoupled. A new auth_check_pass function is used to check passwords. It does check against the configured storage first, but will handle the authentication backends as well. The XML storage merely signals that a user's password should be checked using an authentication backend. - If unknown-to-bitlbee users identify using an authentication backend, they are automatically registered. - If an authentication backend is used, that fact is stored in the XML file, the password is not. Passwords are also stored unencrypted in this case, as the password used to encrypt them can change underneath us. - configure and Makefile changes for the backend objects --- auth.c | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) create mode 100644 auth.c (limited to 'auth.c') diff --git a/auth.c b/auth.c new file mode 100644 index 00000000..e83a683f --- /dev/null +++ b/auth.c @@ -0,0 +1,46 @@ +#define BITLBEE_CORE +#include "bitlbee.h" + +GList *auth_init(const char *backend) +{ + GList *gl = NULL; + int ok = backend ? 0 : 1; + + return ok ? gl : NULL; +} + +storage_status_t auth_check_pass(irc_t *irc, const char *nick, const char *password) +{ + GList *gl; + storage_status_t status = storage_check_pass(irc, nick, password); + + if (status == STORAGE_CHECK_BACKEND) { + for (gl = global.auth; gl; gl = gl->next) { + auth_backend_t *be = gl->data; + if (!strcmp(be->name, irc->auth_backend)) { + status = be->check_pass(nick, password); + break; + } + } + } else if (status == STORAGE_NO_SUCH_USER && global.conf->auth_backend) { + for (gl = global.auth; gl; gl = gl->next) { + auth_backend_t *be = gl->data; + if (!strcmp(be->name, global.conf->auth_backend)) { + status = be->check_pass(nick, password); + /* Save the user so storage_load will pick them up, similar to + * what the register command would do */ + if (status == STORAGE_OK) { + irc->auth_backend = g_strdup(global.conf->auth_backend); + storage_save(irc, (char *)password, 0); + } + break; + } + } + } + + if (status == STORAGE_OK) { + irc_setpass(irc, password); + } + + return status; +} -- cgit v1.2.3