133 lines
5.2 KiB
Diff
133 lines
5.2 KiB
Diff
From 0a77b366d33bc5e3d7251235defa68650586af4c Mon Sep 17 00:00:00 2001
|
|
From: ailin-nemui <ailin-nemui@users.noreply.github.com>
|
|
Date: Thu, 4 Feb 2021 15:44:21 +0800
|
|
Subject: [PATCH] Disconnect SASL properly in case the sasl module got unloaded
|
|
from server
|
|
|
|
stops from getting on the network when sasl is unavailable
|
|
|
|
fixes #629
|
|
---
|
|
src/fe-common/irc/fe-sasl.c | 22 -------------------
|
|
src/irc/core/irc-servers-setup.c | 2 +-
|
|
src/irc/core/sasl.c | 36 ++++++++++++++++++++++++++++++++
|
|
3 files changed, 37 insertions(+), 23 deletions(-)
|
|
|
|
diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c
|
|
index fc8105f..ed11f04 100644
|
|
--- a/src/fe-common/irc/fe-sasl.c
|
|
+++ b/src/fe-common/irc/fe-sasl.c
|
|
@@ -40,36 +40,14 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason)
|
|
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason);
|
|
}
|
|
|
|
-static void sig_cap_end(IRC_SERVER_REC *server)
|
|
-{
|
|
- /* The negotiation has now been terminated, if we didn't manage to
|
|
- * authenticate successfully with the server just disconnect. */
|
|
- if (!server->sasl_success &&
|
|
- server->connrec->sasl_mechanism != SASL_MECHANISM_NONE &&
|
|
- settings_get_bool("sasl_disconnect_on_failure")) {
|
|
- /* We can't use server_disconnect() here because we'd end up
|
|
- * freeing the 'server' object and be guilty of a slew of UaF. */
|
|
- server->connection_lost = TRUE;
|
|
- /* By setting connection_lost we make sure the communication is
|
|
- * halted and when the control goes back to irc_parse_incoming
|
|
- * the server object is safely destroyed. */
|
|
- signal_stop();
|
|
- }
|
|
-
|
|
-}
|
|
-
|
|
void fe_sasl_init(void)
|
|
{
|
|
- settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
|
|
-
|
|
signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
|
|
signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
|
|
- signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end);
|
|
}
|
|
|
|
void fe_sasl_deinit(void)
|
|
{
|
|
signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
|
|
signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
|
|
- signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end);
|
|
}
|
|
diff --git a/src/irc/core/irc-servers-setup.c b/src/irc/core/irc-servers-setup.c
|
|
index e79557a..0af9390 100644
|
|
--- a/src/irc/core/irc-servers-setup.c
|
|
+++ b/src/irc/core/irc-servers-setup.c
|
|
@@ -98,9 +98,9 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
|
|
if (ircnet->sasl_mechanism != NULL) {
|
|
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
|
|
/* The PLAIN method needs both the username and the password */
|
|
+ conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
|
if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
|
|
ircnet->sasl_password != NULL && *ircnet->sasl_password) {
|
|
- conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
|
|
conn->sasl_username = ircnet->sasl_username;
|
|
conn->sasl_password = ircnet->sasl_password;
|
|
} else
|
|
diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c
|
|
index c5aa2ca..b7abe74 100644
|
|
--- a/src/irc/core/sasl.c
|
|
+++ b/src/irc/core/sasl.c
|
|
@@ -301,9 +301,42 @@ static void sasl_disconnected(IRC_SERVER_REC *server)
|
|
sasl_timeout_stop(server);
|
|
}
|
|
|
|
+static void sig_sasl_over(IRC_SERVER_REC *server)
|
|
+{
|
|
+ if (!IS_IRC_SERVER(server))
|
|
+ return;
|
|
+
|
|
+ /* The negotiation has now been terminated, if we didn't manage to
|
|
+ * authenticate successfully with the server just disconnect. */
|
|
+ if (!server->sasl_success &&
|
|
+ server->connrec->sasl_mechanism != SASL_MECHANISM_NONE) {
|
|
+ if (server->cap_supported == NULL ||
|
|
+ !g_hash_table_lookup_extended(server->cap_supported, "sasl", NULL, NULL)) {
|
|
+ signal_emit("server sasl failure", 2, server, "The server did not offer SASL");
|
|
+ }
|
|
+
|
|
+ if (settings_get_bool("sasl_disconnect_on_failure")) {
|
|
+ /* We can't use server_disconnect() here because we'd end up
|
|
+ * freeing the 'server' object and be guilty of a slew of UaF. */
|
|
+ server->connection_lost = TRUE;
|
|
+ /* By setting connection_lost we make sure the communication is
|
|
+ * halted and when the control goes back to irc_parse_incoming
|
|
+ * the server object is safely destroyed. */
|
|
+ signal_stop();
|
|
+ }
|
|
+ }
|
|
+
|
|
+}
|
|
+
|
|
void sasl_init(void)
|
|
{
|
|
+ settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
|
|
+
|
|
+ signal_add_first("event 001", (SIGNAL_FUNC) sig_sasl_over);
|
|
+ /* this event can get us connected on broken ircds, see irc-servers.c */
|
|
+ signal_add_first("event 375", (SIGNAL_FUNC) sig_sasl_over);
|
|
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
|
+ signal_add_first("server cap end", (SIGNAL_FUNC) sig_sasl_over);
|
|
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
|
|
signal_add_first("event 903", (SIGNAL_FUNC) sasl_success);
|
|
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
|
|
@@ -316,7 +349,10 @@ void sasl_init(void)
|
|
|
|
void sasl_deinit(void)
|
|
{
|
|
+ signal_remove("event 001", (SIGNAL_FUNC) sig_sasl_over);
|
|
+ signal_remove("event 375", (SIGNAL_FUNC) sig_sasl_over);
|
|
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
|
|
+ signal_remove("server cap end", (SIGNAL_FUNC) sig_sasl_over);
|
|
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
|
|
signal_remove("event 903", (SIGNAL_FUNC) sasl_success);
|
|
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);
|
|
--
|
|
2.23.0
|
|
|