Simon Arlott
24b8fd0063
m_sasl: Don't process authentication messages if SASL has been aborted
2019-06-08 22:07:36 +01:00
Aaron Jones
a589946b42
Revert "m_sasl: Don't process authentication messages if SASL has been aborted"
...
SASL does not work with this commit in the tree.
This reverts commit f44a0d7ea2
.
2019-06-08 20:59:36 +00:00
Simon Arlott
f44a0d7ea2
m_sasl: Don't process authentication messages if SASL has been aborted
2019-02-23 13:19:13 +00:00
Simon Arlott
3ea954da3a
m_nick/m_sasl/m_user: restore check for mixing of client and server protocol
2018-08-15 22:48:08 +01:00
Simon Arlott
03f04cd80e
m_sasl: check if the agent is present after every client_exit
...
When a server disconnects the client_exit hook will only be called once
but there could be multiple servers and clients behind that server.
After any client exits, check if the agent is still present.
2018-08-12 13:06:20 +01:00
Aaron Jones
bfffef7436
modules/m_sasl.c: prevent abort_sasl() sending 906 twice
2018-04-06 20:05:48 +00:00
Aaron Jones
11d111c3fa
modules/m_sasl.c: abort session if we receive '*' as data
...
Otherwise we'd send the * on to services as actual data, which is likely
to fail to decode it (it's not valid Base-64) and reply with an SASL ...
D F which will result in us sending a 904 numeric instead of a 906.
cf. https://github.com/ircv3/ircv3-specifications/pull/298#issuecomment-271336287
Reported-By: James Wheare
2018-04-06 19:45:56 +00:00
Simon Arlott
754c1edf2e
m_sasl: indicate client connection type for SASL
2017-08-13 21:52:04 +01:00
Aaron Jones
818a3fda94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
...
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:28:41 +00:00
Mantas Mikulėnas
6fb9f21449
sasl: reformat the other messages consistently
2015-03-06 17:19:16 +02:00
Mantas Mikulėnas
1cae2411d7
sasl: adjust 'H' message following commit 7d33cce8ef
2015-03-06 17:18:54 +02:00
William Pitcock
125652041b
cap-notify: implement cap-notify for sasl service ( closes #84 )
2015-03-01 00:58:40 -06:00
William Pitcock
c23902ae00
sasl: fix null deref on remote client exit
2015-03-01 00:01:24 -06:00
William Pitcock
51535fcbce
sasl: allow reauth without sasl-reauth capability (since it's being dropped)
2015-02-28 00:48:43 -06:00
William Pitcock
dd28e3f2a4
Merge pull request #82 from grawity/sasl-send-conn-info
...
m_sasl: send information about the client connection
2015-02-18 12:29:57 -06:00
William Pitcock
c6bc97fdcd
m_sasl: move some struct members around for sasl-reauth
2015-02-16 15:39:36 -06:00
William Pitcock
ef3ab8e3a5
cap: allow clients to do sasl reauth if they requested sasl and sasl-reauth (ref ircv3/ircv3#103 ).
2015-02-15 17:11:28 -06:00
Max Teufel
7d33cce8ef
m_sasl: add configuration option for the nick of the SASL agent
...
This allows multiple improvements to m_sasl. With this change, the SASL
authentication gets aborted immediately when services are offline.
Additionally, we send the SASL ENCAP messages directly to the specified
SASL agent.
2015-02-14 20:31:25 +01:00
Mantas Mikulėnas
a3fa9d81a2
m_sasl: send information about the client connection
2015-02-13 22:38:24 +02:00
Keith Buck
55abcbb20a
Remove trailing whitespace from all .c and .h files.
...
3134 bytes were removed.
2014-03-03 04:25:47 +00:00
Mantas Mikulėnas
dbd8ca2bf6
sasl: send RPL_SASLMECHS
2014-01-12 00:29:32 +02:00
Jilles Tjoelker
572488e029
If the sasl mechanism is EXTERNAL, send the certfp in the initial S message.
2011-04-04 00:59:20 +02:00
Jilles Tjoelker
f62f94b094
Back out AUTHENTICATE EXTERNAL so I can do it differently.
...
The current approach is fundamentally broken as it allows
anyone in that knows the certfp and uses an old ircd as
their server.
2011-04-04 00:44:07 +02:00
Jilles Tjoelker
1b19fe8b5e
Revert "sasl: remove checks for impossible conditions".
...
This check is not impossible and can be triggered by
sending a PASS command like a server would send first.
This backs out changeset 8cba4464feec.
2011-03-31 23:26:26 +02:00
William Pitcock
27126f911d
sasl: first attempt at ircv3.1 AUTHENTICATE EXTERNAL support
2011-03-31 00:35:58 -05:00
William Pitcock
d8c45202e3
sasl: remove checks for impossible conditions
2011-03-31 00:18:32 -05:00
Valery Yatsko
f427c8b00d
strlcpy -> rb_strlcpy
2008-04-20 08:40:40 +04:00
Valery Yatsko
47adde3def
s_stats.c removed, now we use new style of stats handling.
2008-04-04 19:54:37 +04:00
Valery Yatsko
54ac8b60a1
Reverting some changed related not to moving on libratbox3 but using ratbox3 source!
2008-04-02 19:37:50 +04:00
Valery Yatsko
39bdbd3f7d
'ServerStats->' -> 'ServerStats.'
2008-04-02 15:07:00 +04:00
nenolod
212380e3f4
[svn] - the new plan:
...
+ branches/release-2.1 -> 2.2 base
+ 3.0 -> branches/cxxconversion
+ backport some immediate 3.0 functionality for 2.2
+ other stuff
2007-01-24 22:40:21 -08:00