mirror of
https://github.com/jlu5/PyLink.git
synced 2024-12-25 04:02:45 +01:00
clientbot: whitelist supported SASL mechanisms, and abort on invalid ones
This commit is contained in:
parent
90e10f948e
commit
9bfa0c9bb8
@ -418,23 +418,29 @@ class ClientbotWrapperProtocol(Protocol):
|
|||||||
|
|
||||||
sasl_mech = self.irc.serverdata.get('sasl_mechanism')
|
sasl_mech = self.irc.serverdata.get('sasl_mechanism')
|
||||||
if sasl_mech:
|
if sasl_mech:
|
||||||
|
sasl_mech = sasl_mech.upper()
|
||||||
sasl_user = self.irc.serverdata.get('sasl_username')
|
sasl_user = self.irc.serverdata.get('sasl_username')
|
||||||
sasl_pass = self.irc.serverdata.get('sasl_password')
|
sasl_pass = self.irc.serverdata.get('sasl_password')
|
||||||
ssl_cert = self.irc.serverdata.get('ssl_certfile')
|
ssl_cert = self.irc.serverdata.get('ssl_certfile')
|
||||||
ssl_key = self.irc.serverdata.get('ssl_keyfile')
|
ssl_key = self.irc.serverdata.get('ssl_keyfile')
|
||||||
ssl = self.irc.serverdata.get('ssl')
|
ssl = self.irc.serverdata.get('ssl')
|
||||||
|
|
||||||
if sasl_mech == 'PLAIN' and not (sasl_user and sasl_pass):
|
if sasl_mech == 'PLAIN':
|
||||||
log.warning("(%s) Not attempting PLAIN authentication; sasl_username and/or "
|
if not (sasl_user and sasl_pass):
|
||||||
"sasl_password aren't correctly set.", self.irc.name)
|
log.warning("(%s) Not attempting PLAIN authentication; sasl_username and/or "
|
||||||
return False
|
"sasl_password aren't correctly set.", self.irc.name)
|
||||||
elif sasl_mech == 'EXTERNAL' and not (ssl_cert and ssl_key):
|
return False
|
||||||
log.warning("(%s) Not attempting EXTERNAL authentication; ssl_certfile and/or "
|
elif sasl_mech == 'EXTERNAL':
|
||||||
"ssl_keyfile aren't correctly set.", self.irc.name)
|
if not ssl:
|
||||||
return False
|
log.warning("(%s) Not attempting EXTERNAL authentication; SASL external requires "
|
||||||
elif sasl_mech == 'EXTERNAL' and not ssl:
|
"SSL, but it isn't enabled.", self.irc.name)
|
||||||
log.warning("(%s) Not attempting EXTERNAL authentication; SASL external requires "
|
return False
|
||||||
"SSL, but it isn't enabled.", self.irc.name)
|
elif not (ssl_cert and ssl_key):
|
||||||
|
log.warning("(%s) Not attempting EXTERNAL authentication; ssl_certfile and/or "
|
||||||
|
"ssl_keyfile aren't correctly set.", self.irc.name)
|
||||||
|
return False
|
||||||
|
else:
|
||||||
|
log.warning('(%s) Unsupported SASL mechanism %s; aborting SASL.', self.irc.name, sasl_mech)
|
||||||
return False
|
return False
|
||||||
self.irc.send('AUTHENTICATE %s' % sasl_mech, queue=False)
|
self.irc.send('AUTHENTICATE %s' % sasl_mech, queue=False)
|
||||||
return True
|
return True
|
||||||
@ -455,7 +461,7 @@ class ClientbotWrapperProtocol(Protocol):
|
|||||||
if not args:
|
if not args:
|
||||||
return
|
return
|
||||||
if args[0] == '+':
|
if args[0] == '+':
|
||||||
sasl_mech = self.irc.serverdata['sasl_mechanism']
|
sasl_mech = self.irc.serverdata['sasl_mechanism'].upper()
|
||||||
if sasl_mech == 'PLAIN':
|
if sasl_mech == 'PLAIN':
|
||||||
sasl_user = self.irc.serverdata['sasl_username'].encode('utf-8')
|
sasl_user = self.irc.serverdata['sasl_username'].encode('utf-8')
|
||||||
sasl_pass = self.irc.serverdata['sasl_password'].encode('utf-8')
|
sasl_pass = self.irc.serverdata['sasl_password'].encode('utf-8')
|
||||||
|
Loading…
Reference in New Issue
Block a user