package main
import (
"encoding/base64"
"bytes"
)
type ExtraSasl struct {
AuthMethod string
}
const (
RPL_LOGGEDIN = "900"
RPL_LOGGEDOUT = "901"
ERR_NICKLOCKED = "902"
RPL_SASLSUCCESS = "903"
ERR_SASLFAIL = "904"
ERR_SASLTOOLONG = "905"
ERR_SASLABORTED = "906"
ERR_SASLALREADY = "907"
RPL_SASLMECHS = "908"
)
const (
panicSaslMethod = "stored illegal SASL method"
)
func init() {
Caps["sasl"] = "PLAIN,EXTERNAL"
CommandHandlers["AUTHENTICATE"] = handleClientAuthenticate
}
func handleClientAuthenticate(msg RMsg, client *Client) error {
_, ok := client.Caps["sasl"]
if !ok {
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed (capability not requested)"))
}
if len(msg.Params) < 1 {
return client.Send(MakeMsg(self, ERR_NEEDMOREPARAMS, "AUTHENTICATE", "Not enough parameters"))
}
extraSasl_, ok := client.Extra["sasl"]
if !ok {
client.Extra["sasl"] = &ExtraSasl{}
extraSasl_ = client.Extra["sasl"]
}
extraSasl, ok := extraSasl_.(*ExtraSasl)
if !ok {
panic(panicType)
}
switch extraSasl.AuthMethod {
case "":
if msg.Params[0] != "PLAIN" && msg.Params[0] != "EXTERNAL" {
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed (invalid method)"))
}
extraSasl.AuthMethod = msg.Params[0]
return client.Send(MakeMsg(self, "AUTHENTICATE", "+"))
case "*": // Abort
extraSasl.AuthMethod = ""
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed (aborted)"))
case "EXTERNAL":
extraSasl.AuthMethod = ""
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed"))
case "PLAIN":
extraSasl.AuthMethod = ""
saslPlainData, err := base64.StdEncoding.DecodeString(msg.Params[0])
if err != nil {
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed (base64 decoding error)"))
}
saslPlainSegments := bytes.Split(saslPlainData, []byte{0})
if len(saslPlainSegments) != 3 {
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed (not three segments)"))
}
_ = string(saslPlainSegments[0]) // authzid unused
authcid := string(saslPlainSegments[1])
passwd := string(saslPlainSegments[2])
if authcid == "runxiyu" && passwd == "hunter2" {
return client.Send(MakeMsg(self, RPL_SASLSUCCESS, client.Nick, "SASL authentication successful"))
}
return client.Send(MakeMsg(self, ERR_SASLFAIL, client.Nick, "SASL authentication failed"))
default:
panic(panicSaslMethod)
}
}