summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorgenius3000 <genius3000@g3k.solutions>2017-07-27 03:05:44 -0600
committergenius3000 <genius3000@g3k.solutions>2017-11-05 19:51:22 -0700
commit9d4b4344b49de3c474302e8316576b759249c409 (patch)
tree51e11ec2b668ac2bf16d992878e8eaf68f02abb7
parent5c65a0a03dc41f3ed84dd4de4a1a5333365d6bb1 (diff)
Inform the client when a SASL message cannot be sent
When SASL is properly configured with a 'target' server, we are able to inform the client when the message fails to send. Currently if a target is configured and it is offline, no response is sent. This can cause some clients to time out while waiting for a response. If a target isn't configured, behaviour will not change with this commit. The default of '*' will still send to all servers. Updated example config with 'target' variable.
-rw-r--r--docs/conf/modules.conf.example7
-rw-r--r--src/modules/m_sasl.cpp4
2 files changed, 11 insertions, 0 deletions
diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index b39ee5d2b..8e193904d 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -1591,6 +1591,13 @@
# Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded
# for SASL to work.
#<module name="m_sasl.so">
+# Define the following to your services server name to improve security
+# by ensuring the SASL messages are only sent to the services server
+# and not to all connected servers. This prevents a rogue server from
+# capturing SASL messages. Having this defined can also improve client
+# connections when your services are down, as the client will be told
+# that SASL failed rather than just timing out on registration.
+#<sasl target="services.mynetwork.com">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent /LIST in the first minute of connection,
diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp
index 5afab9502..8ac43fba7 100644
--- a/src/modules/m_sasl.cpp
+++ b/src/modules/m_sasl.cpp
@@ -35,6 +35,10 @@ static void SendSASL(const parameterlist& params)
{
if (!ServerInstance->PI->SendEncapsulatedData(params))
{
+ User* u = ServerInstance->FindUUID(params[2]);
+ if (u)
+ u->WriteNumeric(904, "%s :SASL authentication failed", u->nick.c_str());
+
SASLFallback(NULL, params);
}
}