summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/plugins/irc/irc-config.c12
-rw-r--r--src/plugins/irc/irc-protocol.c15
-rw-r--r--src/plugins/irc/irc-server.c21
-rw-r--r--src/plugins/irc/irc-server.h1
4 files changed, 45 insertions, 4 deletions
diff --git a/src/plugins/irc/irc-config.c b/src/plugins/irc/irc-config.c
index 81c4742ab..ce92f271a 100644
--- a/src/plugins/irc/irc-config.c
+++ b/src/plugins/irc/irc-config.c
@@ -1772,6 +1772,18 @@ irc_config_server_new_option (struct t_config_file *config_file,
callback_change, callback_change_data,
NULL, NULL);
break;
+ case IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL:
+ new_option = weechat_config_new_option (
+ config_file, section,
+ option_name, "boolean",
+ N_("disconnect if SASL authentication fails (to prevent hostname leaks)"),
+ NULL, 0, 0,
+ default_value, value,
+ null_value_allowed,
+ callback_check_value, callback_check_value_data,
+ callback_change, callback_change_data,
+ NULL, NULL);
+ break;
case IRC_SERVER_OPTION_AUTOCONNECT:
new_option = weechat_config_new_option (
config_file, section,
diff --git a/src/plugins/irc/irc-protocol.c b/src/plugins/irc/irc-protocol.c
index 3ba40e417..b6b3c97c4 100644
--- a/src/plugins/irc/irc-protocol.c
+++ b/src/plugins/irc/irc-protocol.c
@@ -5076,7 +5076,7 @@ IRC_PROTOCOL_CALLBACK(901)
}
/*
- * Callback for the IRC messages "903" to "907".
+ * Callback for the IRC messages "902" to "907".
*
* Messages look like:
* :server 903 nick :SASL authentication successful
@@ -5089,6 +5089,18 @@ IRC_PROTOCOL_CALLBACK(sasl_end)
date, nick, address, host, command,
ignored, argc, argv, argv_eol);
+ if (strcmp (argv[1], "903") != 0 && IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL))
+ {
+ /* Check if we are already connected to the server,
+ * to prevent disconnects in case of 907.
+ */
+
+ if (!server->is_connected)
+ irc_server_disconnect (server, 0, 1);
+
+ return WEECHAT_RC_OK;
+ }
+
if (!server->is_connected)
irc_server_sendf (server, 0, NULL, "CAP END");
@@ -5363,6 +5375,7 @@ irc_protocol_recv_command (struct t_irc_server *server,
{ "734", /* monitor list is full */ 1, 0, &irc_protocol_cb_734 },
{ "900", /* logged in as (SASL) */ 1, 0, &irc_protocol_cb_900 },
{ "901", /* you are now logged in */ 1, 0, &irc_protocol_cb_901 },
+ { "902", /* SASL authentication failed because account is locked or held */ 1, 0, &irc_protocol_cb_sasl_end },
{ "903", /* SASL authentication successful */ 1, 0, &irc_protocol_cb_sasl_end },
{ "904", /* SASL authentication failed */ 1, 0, &irc_protocol_cb_sasl_end },
{ "905", /* SASL message too long */ 1, 0, &irc_protocol_cb_sasl_end },
diff --git a/src/plugins/irc/irc-server.c b/src/plugins/irc/irc-server.c
index cf8cef15b..1bc67feb9 100644
--- a/src/plugins/irc/irc-server.c
+++ b/src/plugins/irc/irc-server.c
@@ -76,7 +76,7 @@ char *irc_server_option_string[IRC_SERVER_NUM_OPTIONS] =
"ssl", "ssl_cert", "ssl_priorities", "ssl_dhkey_size", "ssl_fingerprint",
"ssl_verify",
"password", "capabilities",
- "sasl_mechanism", "sasl_username", "sasl_password", "sasl_timeout",
+ "sasl_mechanism", "sasl_username", "sasl_password", "sasl_timeout", "sasl_disconnect_on_fail",
"autoconnect", "autoreconnect", "autoreconnect_delay",
"nicks", "username", "realname", "local_hostname",
"command", "command_delay", "autojoin", "autorejoin", "autorejoin_delay",
@@ -92,7 +92,7 @@ char *irc_server_option_default[IRC_SERVER_NUM_OPTIONS] =
"off", "", "NORMAL:-VERS-SSL3.0", "2048", "",
"on",
"", "",
- "plain", "", "", "15",
+ "plain", "", "", "15", "off",
"off", "on", "10",
"", "", "", "",
"", "0", "", "off", "30",
@@ -2786,7 +2786,10 @@ irc_server_timer_sasl_cb (void *data, int remaining_calls)
weechat_printf (server->buffer,
_("%s%s: sasl authentication timeout"),
weechat_prefix ("error"), IRC_PLUGIN_NAME);
- irc_server_sendf (server, 0, NULL, "CAP END");
+ if (IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL))
+ irc_server_disconnect (server, 0, 1);
+ else
+ irc_server_sendf (server, 0, NULL, "CAP END");
}
return WEECHAT_RC_OK;
@@ -5067,6 +5070,9 @@ irc_server_add_to_infolist (struct t_infolist *infolist,
if (!weechat_infolist_new_var_string (ptr_item, "sasl_password",
IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_PASSWORD)))
return 0;
+ if (!weechat_infolist_new_var_integer (ptr_item, "sasl_disconnect_on_fail",
+ IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL)))
+ return 0;
if (!weechat_infolist_new_var_integer (ptr_item, "autoconnect",
IRC_SERVER_OPTION_BOOLEAN(server, IRC_SERVER_OPTION_AUTOCONNECT)))
return 0;
@@ -5325,6 +5331,15 @@ irc_server_print_log ()
weechat_log_printf (" sasl_password. . . . : null");
else
weechat_log_printf (" sasl_password. . . . : (hidden)");
+ /* sasl_disconnect_on_fail */
+ if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL]))
+ weechat_log_printf (" sasl_disconnect_on_fail: null (%s)",
+ (IRC_SERVER_OPTION_BOOLEAN(ptr_server, IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL)) ?
+ "on" : "off");
+ else
+ weechat_log_printf (" sasl_disconnect_on_fail: %s",
+ weechat_config_boolean (ptr_server->options[IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL]) ?
+ "on" : "off");
/* autoconnect */
if (weechat_config_option_is_null (ptr_server->options[IRC_SERVER_OPTION_AUTOCONNECT]))
weechat_log_printf (" autoconnect. . . . . : null (%s)",
diff --git a/src/plugins/irc/irc-server.h b/src/plugins/irc/irc-server.h
index 1a85588e9..1f1bbaaa0 100644
--- a/src/plugins/irc/irc-server.h
+++ b/src/plugins/irc/irc-server.h
@@ -49,6 +49,7 @@ enum t_irc_server_option
IRC_SERVER_OPTION_SASL_USERNAME, /* username for SASL authentication */
IRC_SERVER_OPTION_SASL_PASSWORD, /* password for SASL authentication */
IRC_SERVER_OPTION_SASL_TIMEOUT, /* timeout for SASL authentication */
+ IRC_SERVER_OPTION_SASL_DISCONNECT_ON_FAIL, /* disconnect on SASL fail */
IRC_SERVER_OPTION_AUTOCONNECT, /* autoconnect to server at startup */
IRC_SERVER_OPTION_AUTORECONNECT, /* autoreconnect when disconnected */
IRC_SERVER_OPTION_AUTORECONNECT_DELAY, /* delay before trying again reco */