From 40a766a0a06b63706595bf207cf8f6ce03669886 Mon Sep 17 00:00:00 2001 From: Simon Arlott Date: Sat, 23 Feb 2019 12:40:27 +0000 Subject: [PATCH] m_sasl: Don't process authentication messages if SASL has been aborted, but track failures --- modules/m_sasl.c | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/modules/m_sasl.c b/modules/m_sasl.c index c76d6aab..3e0c06ab 100644 --- a/modules/m_sasl.c +++ b/modules/m_sasl.c @@ -235,6 +235,7 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_ int parc, const char *parv[]) { struct Client *target_p, *agent_p; + bool in_progress; /* Let propagate if not addressed to us, or if broadcast. * Only SASL agents can answer global requests. @@ -257,22 +258,29 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_ if(!IsService(agent_p)) return; + /* If SASL has been aborted, we only want to track authentication failures. */ + in_progress = target_p->localClient->sasl_out != 0; + /* Reject if someone has already answered. */ if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN)) return; - else if(!*target_p->localClient->sasl_agent) + else if(!*target_p->localClient->sasl_agent && in_progress) rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN); if(*parv[3] == 'C') { - sendto_one(target_p, "AUTHENTICATE %s", parv[4]); - target_p->localClient->sasl_messages++; + if (in_progress) { + sendto_one(target_p, "AUTHENTICATE %s", parv[4]); + target_p->localClient->sasl_messages++; + } } else if(*parv[3] == 'D') { if(*parv[4] == 'F') { - sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name); + if (in_progress) { + sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name); + } /* Failures with zero messages are just "unknown mechanism" errors; don't count those. */ if(target_p->localClient->sasl_messages > 0) { @@ -294,16 +302,22 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_ } else if(*parv[4] == 'S') { - sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name); - target_p->localClient->sasl_failures = 0; - target_p->localClient->sasl_complete = 1; - ServerStats.is_ssuc++; + if (in_progress) { + sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name); + target_p->localClient->sasl_failures = 0; + target_p->localClient->sasl_complete = 1; + ServerStats.is_ssuc++; + } } *target_p->localClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */ target_p->localClient->sasl_messages = 0; } else if(*parv[3] == 'M') - sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]); + { + if (in_progress) { + sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]); + } + } } static void