aniani/irssi
1
0
Fork 0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00
Code

Disconnect SASL properly in case the sasl module got unloaded from server

Browse Source 
stops from getting on the network when sasl is unavailable

fixes #629
This commit is contained in:
ailin-nemui 2018-09-04 15:50:58 +02:00
parent 7f14d4d744
commit c80946bcf5
3 changed files with 37 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/fe-common/irc/fe-sasl.c
View File

@ -40,36 +40,14 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason)
printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason); printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason);
} }
static void sig_cap_end(IRC_SERVER_REC *server)
{
/* The negotiation has now been terminated, if we didn't manage to
* authenticate successfully with the server just disconnect. */
if (!server->sasl_success &&
server->connrec->sasl_mechanism != SASL_MECHANISM_NONE &&
settings_get_bool("sasl_disconnect_on_failure")) {
/* We can't use server_disconnect() here because we'd end up
* freeing the 'server' object and be guilty of a slew of UaF. */
server->connection_lost = TRUE;
/* By setting connection_lost we make sure the communication is
* halted and when the control goes back to irc_parse_incoming
* the server object is safely destroyed. */
signal_stop();
}
}
void fe_sasl_init(void) void fe_sasl_init(void)
{ {
settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end);
} }
void fe_sasl_deinit(void) void fe_sasl_deinit(void)
{ {
signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success);
signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure);
signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end);
} }

2
src/irc/core/irc-servers-setup.c
View File

@ -98,9 +98,9 @@ static void sig_server_setup_fill_chatnet(IRC_SERVER_CONNECT_REC *conn,
if (ircnet->sasl_mechanism != NULL) { if (ircnet->sasl_mechanism != NULL) {
if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) { if (!g_ascii_strcasecmp(ircnet->sasl_mechanism, "plain")) {
/* The PLAIN method needs both the username and the password */ /* The PLAIN method needs both the username and the password */
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
if (ircnet->sasl_username != NULL && *ircnet->sasl_username && if (ircnet->sasl_username != NULL && *ircnet->sasl_username &&
ircnet->sasl_password != NULL && *ircnet->sasl_password) { ircnet->sasl_password != NULL && *ircnet->sasl_password) {
conn->sasl_mechanism = SASL_MECHANISM_PLAIN;
conn->sasl_username = ircnet->sasl_username; conn->sasl_username = ircnet->sasl_username;
conn->sasl_password = ircnet->sasl_password; conn->sasl_password = ircnet->sasl_password;
} else } else

36
src/irc/core/sasl.c
View File

@ -301,9 +301,42 @@ static void sasl_disconnected(IRC_SERVER_REC *server)
sasl_timeout_stop(server); sasl_timeout_stop(server);
} }
static void sig_sasl_over(IRC_SERVER_REC *server)
{
if (!IS_IRC_SERVER(server))
return;
/* The negotiation has now been terminated, if we didn't manage to
* authenticate successfully with the server just disconnect. */
if (!server->sasl_success &&
server->connrec->sasl_mechanism != SASL_MECHANISM_NONE) {
if (server->cap_supported == NULL ||
!g_hash_table_lookup_extended(server->cap_supported, "sasl", NULL, NULL)) {
signal_emit("server sasl failure", 2, server, "The server did not offer SASL");
}
if (settings_get_bool("sasl_disconnect_on_failure")) {
/* We can't use server_disconnect() here because we'd end up
* freeing the 'server' object and be guilty of a slew of UaF. */
server->connection_lost = TRUE;
/* By setting connection_lost we make sure the communication is
* halted and when the control goes back to irc_parse_incoming
* the server object is safely destroyed. */
signal_stop();
}
}
}
void sasl_init(void) void sasl_init(void)
{ {
settings_add_bool("server", "sasl_disconnect_on_failure", TRUE);
signal_add_first("event 001", (SIGNAL_FUNC) sig_sasl_over);
/* this event can get us connected on broken ircds, see irc-servers.c */
signal_add_first("event 375", (SIGNAL_FUNC) sig_sasl_over);
signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start); signal_add_first("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
signal_add_first("server cap end", (SIGNAL_FUNC) sig_sasl_over);
signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step); signal_add_first("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_add_first("event 903", (SIGNAL_FUNC) sasl_success); signal_add_first("event 903", (SIGNAL_FUNC) sasl_success);
signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail); signal_add_first("event 902", (SIGNAL_FUNC) sasl_fail);
@ -316,7 +349,10 @@ void sasl_init(void)
void sasl_deinit(void) void sasl_deinit(void)
{ {
signal_remove("event 001", (SIGNAL_FUNC) sig_sasl_over);
signal_remove("event 375", (SIGNAL_FUNC) sig_sasl_over);
signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start); signal_remove("server cap ack sasl", (SIGNAL_FUNC) sasl_start);
signal_remove("server cap end", (SIGNAL_FUNC) sig_sasl_over);
signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step); signal_remove("event authenticate", (SIGNAL_FUNC) sasl_step);
signal_remove("event 903", (SIGNAL_FUNC) sasl_success); signal_remove("event 903", (SIGNAL_FUNC) sasl_success);
signal_remove("event 902", (SIGNAL_FUNC) sasl_fail); signal_remove("event 902", (SIGNAL_FUNC) sasl_fail);