3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-29 15:40:02 +01:00

Merge pull request #476 from slingamn/doubleauth

disallow AUTHENTICATE when already auth'ed
This commit is contained in:
Daniel Oaks 2019-05-08 13:50:34 +10:00 committed by GitHub
commit 939729a7c0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -298,9 +298,15 @@ func accVerifyHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb
// AUTHENTICATE [<mechanism>|<data>|*] // AUTHENTICATE [<mechanism>|<data>|*]
func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool { func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *ResponseBuffer) bool {
details := client.Details()
if details.account != "" {
rb.Add(nil, server.name, ERR_SASLALREADY, details.nick, client.t("You're already logged into an account"))
return false
}
// sasl abort // sasl abort
if !server.AccountConfig().AuthenticationEnabled || len(msg.Params) == 1 && msg.Params[0] == "*" { if !server.AccountConfig().AuthenticationEnabled || len(msg.Params) == 1 && msg.Params[0] == "*" {
rb.Add(nil, server.name, ERR_SASLABORTED, client.nick, client.t("SASL authentication aborted")) rb.Add(nil, server.name, ERR_SASLABORTED, details.nick, client.t("SASL authentication aborted"))
client.saslInProgress = false client.saslInProgress = false
client.saslMechanism = "" client.saslMechanism = ""
client.saslValue = "" client.saslValue = ""
@ -317,7 +323,7 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
client.saslMechanism = mechanism client.saslMechanism = mechanism
rb.Add(nil, server.name, "AUTHENTICATE", "+") rb.Add(nil, server.name, "AUTHENTICATE", "+")
} else { } else {
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed")) rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed"))
} }
return false return false
@ -327,7 +333,7 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
rawData := msg.Params[0] rawData := msg.Params[0]
if len(rawData) > 400 { if len(rawData) > 400 {
rb.Add(nil, server.name, ERR_SASLTOOLONG, client.nick, client.t("SASL message too long")) rb.Add(nil, server.name, ERR_SASLTOOLONG, details.nick, client.t("SASL message too long"))
client.saslInProgress = false client.saslInProgress = false
client.saslMechanism = "" client.saslMechanism = ""
client.saslValue = "" client.saslValue = ""
@ -336,7 +342,7 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
client.saslValue += rawData client.saslValue += rawData
// allow 4 'continuation' lines before rejecting for length // allow 4 'continuation' lines before rejecting for length
if len(client.saslValue) > 400*4 { if len(client.saslValue) > 400*4 {
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: Passphrase too long")) rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Passphrase too long"))
client.saslInProgress = false client.saslInProgress = false
client.saslMechanism = "" client.saslMechanism = ""
client.saslValue = "" client.saslValue = ""
@ -353,7 +359,7 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
if client.saslValue != "+" { if client.saslValue != "+" {
data, err = base64.StdEncoding.DecodeString(client.saslValue) data, err = base64.StdEncoding.DecodeString(client.saslValue)
if err != nil { if err != nil {
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed: Invalid b64 encoding")) rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed: Invalid b64 encoding"))
client.saslInProgress = false client.saslInProgress = false
client.saslMechanism = "" client.saslMechanism = ""
client.saslValue = "" client.saslValue = ""
@ -366,7 +372,7 @@ func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage,
// like 100% not required, but it's good to be safe I guess // like 100% not required, but it's good to be safe I guess
if !handlerExists { if !handlerExists {
rb.Add(nil, server.name, ERR_SASLFAIL, client.nick, client.t("SASL authentication failed")) rb.Add(nil, server.name, ERR_SASLFAIL, details.nick, client.t("SASL authentication failed"))
client.saslInProgress = false client.saslInProgress = false
client.saslMechanism = "" client.saslMechanism = ""
client.saslValue = "" client.saslValue = ""