GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-10 22:19:31 +01:00
Code Issues Projects Releases Wiki Activity

accounts: Only allow verified accounts to SASL auth

Browse Source
This commit is contained in:
Daniel Oaks 2017-01-11 01:02:26 +10:00
parent 7bce531914
commit 658d1656fa
1 changed files with 12 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
irc/accounts.go
View File

@ -198,6 +198,12 @@ func authPlainHandler(server *Server, client *Client, mechanism string, value []
// load and check acct data all in one update to prevent races. // load and check acct data all in one update to prevent races.
// as noted elsewhere, change to proper locking for Account type later probably // as noted elsewhere, change to proper locking for Account type later probably
err = server.store.Update(func(tx *buntdb.Tx) error { err = server.store.Update(func(tx *buntdb.Tx) error {
// confirm account is verified
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
if err != nil {
return errSaslFail
}
creds, err := loadAccountCredentials(tx, accountKey) creds, err := loadAccountCredentials(tx, accountKey)
if err != nil { if err != nil {
return err return err
@ -251,6 +257,12 @@ func authExternalHandler(server *Server, client *Client, mechanism string, value
return errSaslFail return errSaslFail
} }
// confirm account is verified
_, err = tx.Get(fmt.Sprintf(keyAccountVerified, accountKey))
if err != nil {
return errSaslFail
}
// confirm the certfp in that account's credentials // confirm the certfp in that account's credentials
creds, err := loadAccountCredentials(tx, accountKey) creds, err := loadAccountCredentials(tx, accountKey)
if err != nil || creds.Certificate != client.certfp { if err != nil || creds.Certificate != client.certfp {