summaryrefslogtreecommitdiff
path: root/src/plugins/irc
diff options
context:
space:
mode:
Diffstat (limited to 'src/plugins/irc')
-rw-r--r--src/plugins/irc/irc-config.c6
-rw-r--r--src/plugins/irc/irc-protocol.c25
-rw-r--r--src/plugins/irc/irc-sasl.c2
-rw-r--r--src/plugins/irc/irc-sasl.h1
-rw-r--r--src/plugins/irc/irc-server.c13
5 files changed, 33 insertions, 14 deletions
diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c
index 435b45691..b7f0a339a 100644
--- a/src/plugins/irc/irc-config.c
+++ b/src/plugins/irc/irc-config.c
@@ -1465,8 +1465,10 @@ irc_config_server_new_option (struct t_config_file *config_file,
new_option = weechat_config_new_option (
config_file, section,
option_name, "integer",
- N_("mechanism for SASL authentication"),
- "plain|dh-blowfish", 0, 0,
+ N_("mechanism for SASL authentication: \"plain\" for plain text "
+ "password, \"dh-blowfish\" for crypted password, \"external\" "
+ "for authentication using client side SSL cert"),
+ "plain|dh-blowfish|external", 0, 0,
default_value, value,
null_value_allowed,
callback_check_value, callback_check_value_data,
diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c
index 17aea6459..60762ad0f 100644
--- a/src/plugins/irc/irc-protocol.c
+++ b/src/plugins/irc/irc-protocol.c
@@ -139,6 +139,7 @@ irc_protocol_tags (const char *command, const char *tags, const char *nick)
IRC_PROTOCOL_CALLBACK(authenticate)
{
+ int sasl_mechanism;
const char *sasl_username, *sasl_password;
char *answer;
@@ -150,21 +151,25 @@ IRC_PROTOCOL_CALLBACK(authenticate)
IRC_PROTOCOL_MIN_ARGS(2);
- sasl_username = IRC_SERVER_OPTION_STRING(server,
- IRC_SERVER_OPTION_SASL_USERNAME);
- sasl_password = IRC_SERVER_OPTION_STRING(server,
- IRC_SERVER_OPTION_SASL_PASSWORD);
- if (sasl_username && sasl_username[0]
- && sasl_password && sasl_password[0])
+ if (irc_server_sasl_enabled (server))
{
- switch (IRC_SERVER_OPTION_INTEGER(server,
- IRC_SERVER_OPTION_SASL_MECHANISM))
+ sasl_mechanism = IRC_SERVER_OPTION_INTEGER(server,
+ IRC_SERVER_OPTION_SASL_MECHANISM);
+ sasl_username = IRC_SERVER_OPTION_STRING(server,
+ IRC_SERVER_OPTION_SASL_USERNAME);
+ sasl_password = IRC_SERVER_OPTION_STRING(server,
+ IRC_SERVER_OPTION_SASL_PASSWORD);
+ answer = NULL;
+ switch (sasl_mechanism)
{
case IRC_SASL_MECHANISM_DH_BLOWFISH:
answer = irc_sasl_mechanism_dh_blowfish (argv_eol[1],
sasl_username,
sasl_password);
break;
+ case IRC_SASL_MECHANISM_EXTERNAL:
+ answer = strdup ("++");
+ break;
case IRC_SASL_MECHANISM_PLAIN:
default:
answer = irc_sasl_mechanism_plain (sasl_username,
@@ -340,6 +345,10 @@ IRC_PROTOCOL_CALLBACK(cap)
irc_server_sendf (server, 0, NULL, "CAP END");
#endif
break;
+ case IRC_SASL_MECHANISM_EXTERNAL:
+ irc_server_sendf (server, 0, NULL,
+ "AUTHENTICATE EXTERNAL");
+ break;
case IRC_SASL_MECHANISM_PLAIN:
default:
irc_server_sendf (server, 0, NULL,
diff --git a/src/plugins/irc/irc-sasl.c b/src/plugins/irc/irc-sasl.c
index 7519bce72..0231183a6 100644
--- a/src/plugins/irc/irc-sasl.c
+++ b/src/plugins/irc/irc-sasl.c
@@ -37,7 +37,7 @@
char *irc_sasl_mechanism_string[IRC_NUM_SASL_MECHANISMS] =
-{ "plain", "dh-blowfish" };
+{ "plain", "dh-blowfish", "external" };
/*
diff --git a/src/plugins/irc/irc-sasl.h b/src/plugins/irc/irc-sasl.h
index 6ae1d1670..c4fea5785 100644
--- a/src/plugins/irc/irc-sasl.h
+++ b/src/plugins/irc/irc-sasl.h
@@ -26,6 +26,7 @@ enum t_irc_sasl_mechanism
{
IRC_SASL_MECHANISM_PLAIN = 0,
IRC_SASL_MECHANISM_DH_BLOWFISH,
+ IRC_SASL_MECHANISM_EXTERNAL,
/* number of SASL mechanisms */
IRC_NUM_SASL_MECHANISMS,
};
diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c
index c492ab0c7..60f0c1b09 100644
--- a/src/plugins/irc/irc-server.c
+++ b/src/plugins/irc/irc-server.c
@@ -251,16 +251,23 @@ irc_server_strncasecmp (struct t_irc_server *server,
int
irc_server_sasl_enabled (struct t_irc_server *server)
{
+ int sasl_mechanism;
const char *sasl_username, *sasl_password;
+ sasl_mechanism = IRC_SERVER_OPTION_INTEGER(server,
+ IRC_SERVER_OPTION_SASL_MECHANISM);
sasl_username = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_USERNAME);
sasl_password = IRC_SERVER_OPTION_STRING(server,
IRC_SERVER_OPTION_SASL_PASSWORD);
- /* SASL is enabled if username AND password are set */
- return (sasl_username && sasl_username[0]
- && sasl_password && sasl_password[0]) ? 1 : 0;
+ /*
+ * SASL is enabled if using mechanism "externel"
+ * or if both username AND password are set
+ */
+ return ((sasl_mechanism == IRC_SASL_MECHANISM_EXTERNAL)
+ || (sasl_username && sasl_username[0]
+ && sasl_password && sasl_password[0])) ? 1 : 0;
}
/*