From cd6d7a2bb7967092f303dfd7fe09cf8748c12d39 Mon Sep 17 00:00:00 2001
From: Bram Matthys <syzop@vulnscan.org>
Date: Mon, 11 Jun 2018 08:22:29 +0200
Subject: [PATCH] Add allow::options::sasl (or require-sasl) to require SASL
 authentication as suggested in https://bugs.unrealircd.org/view.php?id=5098
 The allow block documentation has been updated, including an example at the
 end of the page - https://www.unrealircd.org/docs/Allow_block

---
 include/struct.h     | 1 +
 src/modules/m_nick.c | 2 ++
 src/s_conf.c         | 8 ++++++--
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/include/struct.h b/include/struct.h
index 1462b11d6..768b5edb4 100644
--- a/include/struct.h
+++ b/include/struct.h
@@ -1024,6 +1024,7 @@ struct _configflag_allow {
 	unsigned	useip :1;
 	unsigned	ssl :1;
 	unsigned	nopasscont :1;
+	unsigned	sasl :1;
 };
 
 struct _configitem_allow {
diff --git a/src/modules/m_nick.c b/src/modules/m_nick.c
index b3cdb759a..f9f18f90f 100644
--- a/src/modules/m_nick.c
+++ b/src/modules/m_nick.c
@@ -1712,6 +1712,8 @@ int	AllowClient(aClient *cptr, struct hostent *hp, char *sockhost, char *usernam
 			continue;
 		if (aconf->flags.ssl && !IsSecure(cptr))
 			continue;
+		if (aconf->flags.sasl && (!*cptr->user->svid || isdigit(*cptr->user->svid)))
+			continue;
 		if (hp && hp->h_name)
 		{
 			hname = hp->h_name;
diff --git a/src/s_conf.c b/src/s_conf.c
index 841866611..2bc4f4d2a 100644
--- a/src/s_conf.c
+++ b/src/s_conf.c
@@ -4932,8 +4932,10 @@ int	_conf_allow(ConfigFile *conf, ConfigEntry *ce)
 					allow->flags.noident = 1;
 				else if (!strcmp(cepp->ce_varname, "useip"))
 					allow->flags.useip = 1;
-				else if (!strcmp(cepp->ce_varname, "ssl"))
+				else if (!strcmp(cepp->ce_varname, "ssl") || !strcmp(cepp->ce_varname, "require-ssl"))
 					allow->flags.ssl = 1;
+				else if (!strcmp(cepp->ce_varname, "sasl") || !strcmp(cepp->ce_varname, "require-sasl"))
+					allow->flags.sasl = 1;
 				else if (!strcmp(cepp->ce_varname, "nopasscont"))
 					allow->flags.nopasscont = 1;
 			}
@@ -5131,7 +5133,9 @@ int	_test_allow(ConfigFile *conf, ConfigEntry *ce)
 				{}
 				else if (!strcmp(cepp->ce_varname, "useip"))
 				{}
-				else if (!strcmp(cepp->ce_varname, "ssl"))
+				else if (!strcmp(cepp->ce_varname, "ssl") || !strcmp(cepp->ce_varname, "require-ssl"))
+				{}
+				else if (!strcmp(cepp->ce_varname, "sasl") || !strcmp(cepp->ce_varname, "require-sasl"))
 				{}
 				else if (!strcmp(cepp->ce_varname, "nopasscont"))
 				{}