]> jfr.im git - irc/atheme/atheme.git/commit
projects / irc / atheme / atheme.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 19bcc5c)
saslserv/main: Track EID we're pending login to
authorEd Kellett <redacted>
Sun, 17 Oct 2021 13:13:22 +0000 (14:13 +0100)
committerEd Kellett <redacted>
Sun, 17 Oct 2021 22:38:01 +0000 (23:38 +0100)
commit4e664c75d0b280a052eb8b5e81aa41944e593c52
tree004d379dd20ecb2e72f976782b8b90691476df26tree | snapshot (tar.bz2 zip tar.gz)
parent19bcc5cc20c07774e79374e72c50b76467c352eccommit | diff
saslserv/main: Track EID we're pending login to

The existing model does not remember that we've sent a SVSLOGIN for a
given SASL session, and simply assumes that if a client is introduced
with a SASL session open, that session must have succeeded. The security
of this approach requires ircd to implicitly abort SASL sessions on
client registration.

This also means that if a client successfully authenticates and then
does something else its pending login is forgotten about, even though a
SVSLOGIN has been sent for it, and the ircd is going to think it's
logged in.

This change removes the dependency on ircd's state machine by keeping
explicit track of the pending login, i.e. the one we've most recently
sent a SVSLOGIN for. The next commit will ensure that a client abort
(even an implicit one) doesn't blow that information away.
include/atheme/sasl.h diff | blob | blame | history
modules/saslserv/main.c diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.