3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-01 16:39:26 +01:00

Merge pull request #709 from slingamn/authzid

add more authzid/authcid clarifications
This commit is contained in:
Shivaram Lingamneni 2019-12-24 13:13:31 -05:00 committed by GitHub
commit 4f8439ac4f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -410,36 +410,34 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
func authPlainHandler(server *Server, client *Client, mechanism string, value []byte, rb *ResponseBuffer) bool { func authPlainHandler(server *Server, client *Client, mechanism string, value []byte, rb *ResponseBuffer) bool {
splitValue := bytes.Split(value, []byte{'\000'}) splitValue := bytes.Split(value, []byte{'\000'})
var accountKey, authcid string // PLAIN has separate "authorization ID" (which user you want to become)
// and "authentication ID" (whose password you want to use). the first is optional:
nick := client.Nick() // [authzid] \x00 authcid \x00 password
var authzid, authcid string
if len(splitValue) == 3 { if len(splitValue) == 3 {
accountKey = string(splitValue[0]) authzid, authcid = string(splitValue[0]), string(splitValue[1])
authcid = string(splitValue[1])
if accountKey == "" { if authzid != "" && authcid != authzid {
accountKey = authcid rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), client.t("SASL authentication failed: authcid and authzid should be the same"))
} else if accountKey != authcid {
rb.Add(nil, server.name, ERR_SASLFAIL, nick, client.t("SASL authentication failed: authcid and authzid should be the same"))
return false return false
} }
} else { } else {
rb.Add(nil, server.name, ERR_SASLFAIL, nick, client.t("SASL authentication failed: Invalid auth blob")) rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), client.t("SASL authentication failed: Invalid auth blob"))
return false return false
} }
throttled, remainingTime := client.loginThrottle.Touch() throttled, remainingTime := client.loginThrottle.Touch()
if throttled { if throttled {
rb.Add(nil, server.name, ERR_SASLFAIL, nick, fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime)) rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf(client.t("Please wait at least %v and try again"), remainingTime))
return false return false
} }
password := string(splitValue[2]) password := string(splitValue[2])
err := server.accounts.AuthenticateByPassphrase(client, accountKey, password) err := server.accounts.AuthenticateByPassphrase(client, authcid, password)
if err != nil { if err != nil {
msg := authErrorToMessage(server, err) msg := authErrorToMessage(server, err)
rb.Add(nil, server.name, ERR_SASLFAIL, nick, fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg))) rb.Add(nil, server.name, ERR_SASLFAIL, client.Nick(), fmt.Sprintf("%s: %s", client.t("SASL authentication failed"), client.t(msg)))
return false return false
} }