diff options
author | ailin-nemui <ailin-nemui@users.noreply.github.com> | 2016-12-21 15:29:26 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2016-12-21 15:29:26 +0100 |
commit | 77ff8f5b7467dceb2e2f90e0e0aa5157cbb909ec (patch) | |
tree | b6871d487fef652f552b10e2a40c6ccda8d78ef0 | |
parent | 07050e2a3cca9688dde42a38ba4f76b02e7eed8c (diff) | |
parent | 7a7f6abc168b571a0db4fa65c760fe6e46edf199 (diff) | |
download | irssi-77ff8f5b7467dceb2e2f90e0e0aa5157cbb909ec.zip |
Merge pull request #514 from LemonBoy/sasl_fail
Add an option to stop the connection when SASL fails.
-rw-r--r-- | src/fe-common/irc/fe-sasl.c | 24 | ||||
-rw-r--r-- | src/irc/core/irc-servers.h | 1 | ||||
-rw-r--r-- | src/irc/core/sasl.c | 7 | ||||
-rw-r--r-- | src/perl/irc/Irc.xs | 1 |
4 files changed, 33 insertions, 0 deletions
diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c index 331b38b0..6cba1887 100644 --- a/src/fe-common/irc/fe-sasl.c +++ b/src/fe-common/irc/fe-sasl.c @@ -23,6 +23,9 @@ #include "signals.h" #include "levels.h" +#include "irc-servers.h" +#include "settings.h" + #include "printtext.h" static void sig_sasl_success(IRC_SERVER_REC *server) @@ -35,14 +38,35 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason) printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason); } +static void sig_cap_end(IRC_SERVER_REC *server) +{ + /* The negotiation has now been terminated, if we didn't manage to + * authenticate successfully with the server just disconnect. */ + if (!server->sasl_success && + settings_get_bool("sasl_disconnect_on_failure")) { + /* We can't use server_disconnect() here because we'd end up + * freeing the 'server' object and be guilty of a slew of UaF. */ + server->connection_lost = TRUE; + /* By setting connection_lost we make sure the communication is + * halted and when the control goes back to irc_parse_incoming + * the server object is safely destroyed. */ + signal_stop(); + } + +} + void fe_sasl_init(void) { + settings_add_bool("server", "sasl_disconnect_on_failure", TRUE); + signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); + signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end); } void fe_sasl_deinit(void) { signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); + signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end); } diff --git a/src/irc/core/irc-servers.h b/src/irc/core/irc-servers.h index bb100f86..09f3f81d 100644 --- a/src/irc/core/irc-servers.h +++ b/src/irc/core/irc-servers.h @@ -68,6 +68,7 @@ struct _IRC_SERVER_REC { unsigned int motd_got:1; /* We've received MOTD */ unsigned int isupport_sent:1; /* Server has sent us an isupport reply */ unsigned int cap_complete:1; /* We've done the initial CAP negotiation */ + unsigned int sasl_success:1; /* Did we authenticate successfully ? */ int max_kicks_in_cmd; /* max. number of people to kick with one /KICK command */ int max_modes_in_cmd; /* max. number of mode changes in one /MODE command */ diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c index a1c16cdd..1021bea4 100644 --- a/src/irc/core/sasl.c +++ b/src/irc/core/sasl.c @@ -48,6 +48,7 @@ static gboolean sasl_timeout(IRC_SERVER_REC *server) cap_finish_negotiation(server); server->sasl_timeout = 0; + server->sasl_success = FALSE; signal_emit("server sasl failure", 2, server, "The authentication timed out"); @@ -84,6 +85,8 @@ static void sasl_fail(IRC_SERVER_REC *server, const char *data, const char *from params = event_get_params(data, 2, NULL, &error); + server->sasl_success = FALSE; + signal_emit("server sasl failure", 2, server, error); /* Terminate the negotiation */ @@ -99,6 +102,8 @@ static void sasl_already(IRC_SERVER_REC *server, const char *data, const char *f server->sasl_timeout = 0; } + server->sasl_success = TRUE; + signal_emit("server sasl success", 1, server); /* We're already authenticated, do nothing */ @@ -112,6 +117,8 @@ static void sasl_success(IRC_SERVER_REC *server, const char *data, const char *f server->sasl_timeout = 0; } + server->sasl_success = TRUE; + signal_emit("server sasl success", 1, server); /* The authentication succeeded, time to finish the CAP negotiation */ diff --git a/src/perl/irc/Irc.xs b/src/perl/irc/Irc.xs index 8b3b0c45..41690010 100644 --- a/src/perl/irc/Irc.xs +++ b/src/perl/irc/Irc.xs @@ -32,6 +32,7 @@ static void perl_irc_server_fill_hash(HV *hv, IRC_SERVER_REC *server) (void) hv_store(hv, "isupport_sent", 13, newSViv(server->isupport_sent), 0); (void) hv_store(hv, "cap_complete", 12, newSViv(server->cap_complete), 0); + (void) hv_store(hv, "sasl_success", 12, newSViv(server->sasl_success), 0); av = newAV(); for (tmp = server->cap_supported; tmp != NULL; tmp = tmp->next) |