m_sasl: Don't process authentication messages if SASL has been aborted, but track...

diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index c76d6aabe97b0ea795e57efc6e53c1bcbdcb3fa5..3e0c06abbe8e89ef6609e33475c831c649e4eecd 100644 (file)
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -235,6 +235,7 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
        int parc, const char *parv[])
 {
        struct Client *target_p, *agent_p;
+       bool in_progress;
 
        /* Let propagate if not addressed to us, or if broadcast.
         * Only SASL agents can answer global requests.
@@ -257,22 +258,29 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
        if(!IsService(agent_p))
                return;
 
+       /* If SASL has been aborted, we only want to track authentication failures. */
+       in_progress = target_p->localClient->sasl_out != 0;
+
        /* Reject if someone has already answered. */
        if(*target_p->localClient->sasl_agent && strncmp(parv[1], target_p->localClient->sasl_agent, IDLEN))
                return;
-       else if(!*target_p->localClient->sasl_agent)
+       else if(!*target_p->localClient->sasl_agent && in_progress)
                rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN);
 
        if(*parv[3] == 'C')
        {
-               sendto_one(target_p, "AUTHENTICATE %s", parv[4]);
-               target_p->localClient->sasl_messages++;
+               if (in_progress) {
+                       sendto_one(target_p, "AUTHENTICATE %s", parv[4]);
+                       target_p->localClient->sasl_messages++;
+               }
        }
        else if(*parv[3] == 'D')
        {
                if(*parv[4] == 'F')
                {
-                       sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
+                       if (in_progress) {
+                               sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
+                       }
                        /* Failures with zero messages are just "unknown mechanism" errors; don't count those. */
                        if(target_p->localClient->sasl_messages > 0)
                        {
@@ -294,16 +302,22 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
                }
                else if(*parv[4] == 'S')
                {
-                       sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
-                       target_p->localClient->sasl_failures = 0;
-                       target_p->localClient->sasl_complete = 1;
-                       ServerStats.is_ssuc++;
+                       if (in_progress) {
+                               sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
+                               target_p->localClient->sasl_failures = 0;
+                               target_p->localClient->sasl_complete = 1;
+                               ServerStats.is_ssuc++;
+                       }
                }
                *target_p->localClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
                target_p->localClient->sasl_messages = 0;
        }
        else if(*parv[3] == 'M')
-               sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]);
+       {
+               if (in_progress) {
+                       sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]);
+               }
+       }
 }
 
 static void