From 05bc814d838ec067705d24278bd7d9bea0bd240e Mon Sep 17 00:00:00 2001 From: Melissa Draper Date: Fri, 9 Jul 2021 15:31:17 -0700 Subject: [PATCH] Create configurable client rejection message for SASL only (#236) --- doc/ircd.conf.example | 1 + doc/reference.conf | 5 +++++ include/s_conf.h | 1 + ircd/newconf.c | 1 + ircd/s_conf.c | 2 ++ ircd/s_user.c | 11 +++++++++-- modules/m_info.c | 5 +++++ 7 files changed, 24 insertions(+), 2 deletions(-) diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example index 19475b93..470e8be6 100644 --- a/doc/ircd.conf.example +++ b/doc/ircd.conf.example @@ -579,6 +579,7 @@ general { kline_with_reason = yes; hide_tkdline_duration = no; kline_reason = "K-Lined"; + sasl_only_client_message = "You need to identify via SASL to use to use this server."; identify_service = "NickServ@services.int"; identify_command = "IDENTIFY"; non_redundant_klines = yes; diff --git a/doc/reference.conf b/doc/reference.conf index 380fde7c..fc088ff3 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -1148,6 +1148,11 @@ general { */ kline_reason = "Connection closed"; + /* SASL access only client message: give users a message that + * informs them + */ + sasl_only_client_message = "You need to identify via SASL to use to use this server."; + /* identify to services via server password * if auth{} block had no password but the user specified a * server password anyway, send a PRIVMSG to diff --git a/include/s_conf.h b/include/s_conf.h index 1bad8090..a859feb5 100644 --- a/include/s_conf.h +++ b/include/s_conf.h @@ -257,6 +257,7 @@ struct config_file_entry int hide_opers; char *drain_reason; + char *sasl_only_client_message; }; struct config_channel_entry diff --git a/ircd/newconf.c b/ircd/newconf.c index 01fbcc0b..382d8c79 100644 --- a/ircd/newconf.c +++ b/ircd/newconf.c @@ -2707,6 +2707,7 @@ static struct ConfEntry conf_general_table[] = { "hide_opers", CF_YESNO, NULL, 0, &ConfigFileEntry.hide_opers }, { "certfp_method", CF_STRING, conf_set_general_certfp_method, 0, NULL }, { "drain_reason", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.drain_reason }, + { "sasl_only_client_message", CF_QSTRING, NULL, BUFSIZE, &ConfigFileEntry.sasl_only_client_message }, { "tls_ciphers_oper_only", CF_YESNO, NULL, 0, &ConfigFileEntry.tls_ciphers_oper_only }, { "oper_secure_only", CF_YESNO, NULL, 0, &ConfigFileEntry.oper_secure_only }, { "\0", 0, NULL, 0, NULL } diff --git a/ircd/s_conf.c b/ircd/s_conf.c index b6924300..6513b342 100644 --- a/ircd/s_conf.c +++ b/ircd/s_conf.c @@ -1550,6 +1550,8 @@ clear_out_old_conf(void) ConfigFileEntry.sasl_service = NULL; rb_free(ConfigFileEntry.drain_reason); ConfigFileEntry.drain_reason = NULL; + rb_free(ConfigFileEntry.sasl_only_client_message); + ConfigFileEntry.sasl_only_client_message = NULL; if (ConfigFileEntry.hidden_caps != NULL) { diff --git a/ircd/s_user.c b/ircd/s_user.c index 3184eba4..54a32fb9 100644 --- a/ircd/s_user.c +++ b/ircd/s_user.c @@ -491,9 +491,16 @@ register_local_user(struct Client *client_p, struct Client *source_p) if(IsNeedSasl(aconf) && !*source_p->user->suser) { + + const char *sasl_only_client_message = ConfigFileEntry.sasl_only_client_message; + + if (sasl_only_client_message == NULL) + sasl_only_client_message = "You need to identify via SASL to use to use this server."; + ServerStats.is_ref++; - sendto_one_notice(source_p, ":*** Notice -- You need to identify via SASL to use this server"); - exit_client(client_p, source_p, &me, "SASL access only"); + sendto_one_notice(source_p, ":*** Notice -- %s", sasl_only_client_message); + + exit_client(client_p, source_p, &me, sasl_only_client_message); return (CLIENT_EXITED); } diff --git a/modules/m_info.c b/modules/m_info.c index d1b286f6..5a08ec8a 100644 --- a/modules/m_info.c +++ b/modules/m_info.c @@ -200,6 +200,11 @@ static struct InfoStruct info_table[] = { "Message to quit users with if this server is draining.", INFO_STRING(&ConfigFileEntry.drain_reason), }, + { + "sasl_only_client_message", + "Message to quit users with if they require SASL authentication.", + INFO_STRING(&ConfigFileEntry.sasl_only_client_message), + }, { "disable_auth", "Controls whether auth checking is disabled or not",