X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fmodules%2Fm_sasl.cpp;h=fe1438ccffe7c59a8c1d747a58d72a8f8f476693;hb=9de9231380d42955a13f07d7843897c77af704e4;hp=f1c4672048b7f53fb09ded64037020be6b466eea;hpb=6226ed9a29edb636506a6ab0fd756cfcc1267cdb;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/src/modules/m_sasl.cpp b/src/modules/m_sasl.cpp index f1c467204..fe1438ccf 100644 --- a/src/modules/m_sasl.cpp +++ b/src/modules/m_sasl.cpp @@ -30,6 +30,7 @@ enum // From IRCv3 sasl-3.1 RPL_SASLSUCCESS = 903, ERR_SASLFAIL = 904, + ERR_SASLTOOLONG = 905, ERR_SASLABORTED = 906, RPL_SASLMECHS = 908 }; @@ -142,8 +143,14 @@ enum SaslResult { SASL_OK, SASL_FAIL, SASL_ABORT }; static Events::ModuleEventProvider* saslevprov; -static void SendSASL(const parameterlist& params) +static void SendSASL(LocalUser* user, const std::string& agent, char mode, const parameterlist& parameters) { + parameterlist params(parameters.size() + 3); + params.push_back(user->uuid); + params.push_back(agent); + params.push_back(ConvToStr(mode)); + params.insert(params.end(), parameters.begin(), parameters.end()); + if (!ServerInstance->PI->SendEncapsulatedData(sasl_target, "SASL", params)) { FOREACH_MOD_CUSTOM(*saslevprov, SASLEventListener, OnSASLAuth, (params)); @@ -165,15 +172,10 @@ class SaslAuthenticator void SendHostIP() { parameterlist params; - params.push_back(sasl_target); - params.push_back("SASL"); - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("H"); params.push_back(user->host); params.push_back(user->GetIPString()); - SendSASL(params); + SendSASL(user, "*", 'H', params); } public: @@ -183,16 +185,13 @@ class SaslAuthenticator SendHostIP(); parameterlist params; - params.push_back(user->uuid); - params.push_back("*"); - params.push_back("S"); params.push_back(method); const std::string fp = SSLClientCert::GetFingerprint(&user->eh); if (fp.size()) params.push_back(fp); - SendSASL(params); + SendSASL(user, "*", 'S', params); } SaslResult GetSaslResult(const std::string &result_) @@ -245,29 +244,17 @@ class SaslAuthenticator return this->state; } - void Abort(void) - { - this->state = SASL_DONE; - this->result = SASL_ABORT; - } - bool SendClientMessage(const std::vector& parameters) { if (this->state != SASL_COMM) return true; - parameterlist params; - params.push_back(this->user->uuid); - params.push_back(this->agent); - params.push_back("C"); - - params.insert(params.end(), parameters.begin(), parameters.end()); - - SendSASL(params); + SendSASL(this->user, this->agent, 'C', parameters); if (parameters[0].c_str()[0] == '*') { - this->Abort(); + this->state = SASL_DONE; + this->result = SASL_ABORT; return false; } @@ -300,6 +287,10 @@ class SaslAuthenticator class CommandAuthenticate : public SplitCommand { + private: + // The maximum length of an AUTHENTICATE request. + static const size_t MAX_AUTHENTICATE_SIZE = 400; + public: SimpleExtItem& authExt; Cap::Capability& cap; @@ -321,6 +312,12 @@ class CommandAuthenticate : public SplitCommand if (parameters[0].find(' ') != std::string::npos || parameters[0][0] == ':') return CMD_FAILURE; + if (parameters[0].length() > MAX_AUTHENTICATE_SIZE) + { + user->WriteNumeric(ERR_SASLTOOLONG, "SASL message too long"); + return CMD_FAILURE; + } + SaslAuthenticator *sasl = authExt.get(user); if (!sasl) authExt.set(user, new SaslAuthenticator(user, parameters[0])); @@ -404,16 +401,6 @@ class ModuleSASL : public Module servertracker.Reset(); } - void OnUserConnect(LocalUser *user) CXX11_OVERRIDE - { - SaslAuthenticator *sasl_ = authExt.get(user); - if (sasl_) - { - sasl_->Abort(); - authExt.unset(user); - } - } - void OnDecodeMetaData(Extensible* target, const std::string& extname, const std::string& extdata) CXX11_OVERRIDE { if ((target == NULL) && (extname == "saslmechlist"))