diff options
author | genius3000 <genius3000@g3k.solutions> | 2017-07-27 03:05:44 -0600 |
---|---|---|
committer | genius3000 <genius3000@g3k.solutions> | 2017-11-05 19:51:22 -0700 |
commit | 9d4b4344b49de3c474302e8316576b759249c409 (patch) | |
tree | 51e11ec2b668ac2bf16d992878e8eaf68f02abb7 | |
parent | 5c65a0a03dc41f3ed84dd4de4a1a5333365d6bb1 (diff) |
Inform the client when a SASL message cannot be sent
When SASL is properly configured with a 'target' server, we are able
to inform the client when the message fails to send.
Currently if a target is configured and it is offline, no response is
sent. This can cause some clients to time out while waiting for a response.
If a target isn't configured, behaviour will not change with this commit.
The default of '*' will still send to all servers.
Updated example config with 'target' variable.
-rw-r--r-- | docs/conf/modules.conf.example | 7 | ||||
-rw-r--r-- | src/modules/m_sasl.cpp | 4 |
2 files changed, 11 insertions, 0 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index b39ee5d2b..8e193904d 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -1591,6 +1591,13 @@ # Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded # for SASL to work. #<module name="m_sasl.so"> +# Define the following to your services server name to improve security +# by ensuring the SASL messages are only sent to the services server +# and not to all connected servers. This prevents a rogue server from +# capturing SASL messages. Having this defined can also improve client +# connections when your services are down, as the client will be told +# that SASL failed rather than just timing out on registration. +#<sasl target="services.mynetwork.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index 5afab9502..8ac43fba7 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -35,6 +35,10 @@ static void SendSASL(const parameterlist& params) { if (!ServerInstance->PI->SendEncapsulatedData(params)) { + User* u = ServerInstance->FindUUID(params[2]); + if (u) + u->WriteNumeric(904, "%s :SASL authentication failed", u->nick.c_str()); + SASLFallback(NULL, params); } } |