Eric Mertens
82436efb60
hook_fn casts were hiding UB ( #265 )
2021-08-19 20:09:40 -07:00
Eric Mertens
e83449d5be
Stop announcing SASL cap changes on services split/join ( #263 )
2021-08-15 16:25:46 -07:00
Aaron Jones
8b7110d6ba
modules/m_sasl.c: use IsSecure() instead of IsSSL()
...
Further to our implementation of the concept of "secure origins", we can
indicate to services that the client is connected securely, rather than
just that the client is using TLS. For example, connections from the
local host (from the IRCd's perspective) can be considered secure
against eavesdropping.
Allow this to factor into services' decision on whether to allow an SASL
negotiation or not. Atheme currently assumes this means the client is
using TLS, but I have changed that in atheme/atheme@412d50103c
2021-06-08 04:59:43 +00:00
Ed Kellett
738b5d291e
Mint CLICAP_FLAGS_PRIORITY
2020-10-19 19:30:43 -04:00
Ariadne Conill
3792c63dc0
sasl: use mapi_cap_list_v2 correctly
2020-07-09 17:47:28 -06:00
Simon Arlott
40a766a0a0
m_sasl: Don't process authentication messages if SASL has been aborted, but track failures
2019-02-23 13:02:15 +00:00
Simon Arlott
d5d52a994d
m_nick/m_sasl/m_user: restore check for mixing of client and server protocol
2018-08-15 22:48:21 +01:00
Simon Arlott
15b05f95f0
m_sasl: check if the agent is present after every client_exit
...
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.
After any client exits, check if the agent is still present.
2018-08-12 12:50:43 +01:00
Aaron Jones
6d8a8851df
modules/m_sasl.c: prevent abort_sasl() sending 906 twice
2018-04-06 20:07:08 +00:00
Aaron Jones
631c30890c
modules/m_sasl.c: command functions are void on this branch
2018-04-06 19:58:45 +00:00
Aaron Jones
280ce6a951
modules/m_sasl.c: abort session if we receive '*' as data
...
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.
cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287
Reported-By: James Wheare
2018-04-06 19:49:33 +00:00
Simon Arlott
0ee833da4a
m_sasl: indicate client connection type for SASL
2017-08-09 22:04:11 +01:00
Aaron Jones
23f5c31719
SASL: Relax rate limiting for failures a little
...
Begin at 8 seconds after 2 failures and up to ~4 minutes
2016-10-02 14:13:02 +00:00
Xenthys
46ef49c390
SASL: rate-limit after the 2nd failed attempt (m_sasl.c)
2016-10-02 03:57:11 +02:00
Aaron Jones
ac88154f94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
...
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:29:53 +00:00
Aaron Jones
4d5a902f08
strcpy: mass-migrate to strlcpy where appropriate
2016-05-15 03:57:16 +00:00
Mantas Mikulėnas
9d07a42d7a
m_sasl: rate-limit SASL REAUTH usage
2016-04-11 21:45:10 +03:00
Mantas Mikulėnas
834579cecd
m_sasl: fix coding style
2016-04-11 20:12:31 +03:00
Mantas Mikulėnas
37289346cd
m_sasl: temporarily reject clients after many failed attempts
2016-04-11 20:02:09 +03:00
Elizabeth Myers
3c7d6fcce7
Message handlers should return void.
...
Also fix up some return values and stuff to use bool (or void if
nothing). I just did it whilst I was here.
According to jilles, the return value used to signify whether or not the
client had exited. This was error-prone and was fixed a long, long time
ago, but the return value was left int for historical reasons.
Since the return type is not used (and has no clear use case anyway),
it's safe to just get rid of it.
2016-03-09 01:37:03 -06:00
Elizabeth Myers
eeabf33a7c
Move module description headers to the top
...
This is cleaner.
Note this was broken out of a much larger piece of work I did, so if
there's any problems, I apologise!
2016-03-09 01:29:41 -06:00
Andrew Wilcox
3abc337fe1
modules: Add AV2 descriptions to all m_s* modules
2016-03-07 02:05:28 -06:00
Elizabeth Myers
105a4985b4
Migrate remaining modules to AV2
...
No descriptions yet. :(
2016-03-07 00:03:39 -06:00
Elizabeth Myers
cbeab4bc34
Remove $Id tags from everything.
...
These are obsolete and none have changed since 10 years gao...
2016-03-06 02:47:27 -06:00
William Pitcock
38ffccf8c3
cap: allow modules to return client-specific responses for capability inquiries
2016-03-05 18:56:36 -06:00
mniip
802710b59a
Always send the certificate fingerprint when doing SASL because the services might need it for SOME REASON
2016-02-29 03:29:08 +03:00
William Pitcock
da3e5fcb42
sasl: implement support for distributing mechlists
2016-02-28 01:02:10 -06:00
William Pitcock
193d4db30c
sasl: transfer ownership of 'sasl' capability to m_sasl module
2016-02-28 00:29:26 -06:00
William Pitcock
7baa37a9ef
msg: remove last vestiges of the fakelag system. charybdis has never supported fakelag.
2016-02-19 16:43:39 -06:00
William Pitcock
428ca87b01
modules: chase MsgBuf API change
2016-02-10 20:54:17 -06:00
Mantas Mikulėnas
6fb9f21449
sasl: reformat the other messages consistently
2015-03-06 17:19:16 +02:00
Mantas Mikulėnas
1cae2411d7
sasl: adjust 'H' message following commit 7d33cce8ef
2015-03-06 17:18:54 +02:00
William Pitcock
125652041b
cap-notify: implement cap-notify for sasl service ( closes #84 )
2015-03-01 00:58:40 -06:00
William Pitcock
c23902ae00
sasl: fix null deref on remote client exit
2015-03-01 00:01:24 -06:00
William Pitcock
51535fcbce
sasl: allow reauth without sasl-reauth capability (since it's being dropped)
2015-02-28 00:48:43 -06:00
William Pitcock
dd28e3f2a4
Merge pull request #82 from grawity/sasl-send-conn-info
...
m_sasl: send information about the client connection
2015-02-18 12:29:57 -06:00
William Pitcock
c6bc97fdcd
m_sasl: move some struct members around for sasl-reauth
2015-02-16 15:39:36 -06:00
William Pitcock
ef3ab8e3a5
cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103 ).
2015-02-15 17:11:28 -06:00
Max Teufel
7d33cce8ef
m_sasl: add configuration option for the nick of the SASL agent
...
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Mantas Mikulėnas
a3fa9d81a2
m_sasl: send information about the client connection
2015-02-13 22:38:24 +02:00
Keith Buck
55abcbb20a
Remove trailing whitespace from all .c and .h files.
...
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Mantas Mikulėnas
dbd8ca2bf6
sasl: send RPL_SASLMECHS
2014-01-12 00:29:32 +02:00
Jilles Tjoelker
572488e029
If the sasl mechanism is EXTERNAL, send the certfp in the initial S message.
2011-04-04 00:59:20 +02:00
Jilles Tjoelker
f62f94b094
Back out AUTHENTICATE EXTERNAL so I can do it differently.
...
The current approach is fundamentally broken as it allows
anyone in that knows the certfp and uses an old ircd as
their server.
2011-04-04 00:44:07 +02:00
Jilles Tjoelker
1b19fe8b5e
Revert "sasl: remove checks for impossible conditions".
...
This check is not impossible and can be triggered by
sending a PASS command like a server would send first.
This backs out changeset 8cba4464feec.
2011-03-31 23:26:26 +02:00
William Pitcock
27126f911d
sasl: first attempt at ircv3.1 AUTHENTICATE EXTERNAL support
2011-03-31 00:35:58 -05:00
William Pitcock
d8c45202e3
sasl: remove checks for impossible conditions
2011-03-31 00:18:32 -05:00
Valery Yatsko
f427c8b00d
strlcpy -> rb_strlcpy
2008-04-20 08:40:40 +04:00
Valery Yatsko
47adde3def
s_stats.c removed, now we use new style of stats handling.
2008-04-04 19:54:37 +04:00
Valery Yatsko
54ac8b60a1
Reverting some changed related not to moving on libratbox3 but using ratbox3 source!
2008-04-02 19:37:50 +04:00