]> jfr.im git - solanum.git/commitdiff
projects / solanum.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side (parent: c9b6f58)
m_sasl: temporarily reject clients after many failed attempts
authorMantas Mikulėnas <redacted>
Fri, 13 Feb 2015 18:13:06 +0000 (20:13 +0200)
committerMantas Mikulėnas <redacted>
Mon, 11 Apr 2016 17:02:09 +0000 (20:02 +0300)
include/client.h patch | blob | blame | history
modules/m_sasl.c patch | blob | blame | history

diff --git a/include/client.h b/include/client.h
index a97b67bd09b435eb630dd132b2121587d09ec456..c97bf8ab7487246181cbbab628ed73bb58a0a17b 100644 (file)
--- a/include/client.h
+++ b/include/client.h
@@ -285,6 +285,7 @@ struct LocalUser
        char sasl_agent[IDLEN];
        unsigned char sasl_out;
        unsigned char sasl_complete;
+       unsigned short sasl_messages;
 };
 
 struct AuthClient
diff --git a/modules/m_sasl.c b/modules/m_sasl.c
index 23a5e313e14d959a96d2e7b5fed1c6cadf475def..b06ce69225cbaf1faf3feda3e0b3b0831ddfc54e 100644 (file)
--- a/modules/m_sasl.c
+++ b/modules/m_sasl.c
@@ -35,6 +35,7 @@
 #include "msg.h"
 #include "modules.h"
 #include "numeric.h"
+#include "reject.h"
 #include "s_serv.h"
 #include "s_stats.h"
 #include "string.h"
@@ -223,17 +224,30 @@ me_sasl(struct MsgBuf *msgbuf_p, struct Client *client_p, struct Client *source_
                rb_strlcpy(target_p->localClient->sasl_agent, parv[1], IDLEN);
 
        if(*parv[3] == 'C')
+       {
                sendto_one(target_p, "AUTHENTICATE %s", parv[4]);
+               target_p->localClient->sasl_messages++;
+       }
        else if(*parv[3] == 'D')
        {
-               if(*parv[4] == 'F')
+               if(*parv[4] == 'F') {
                        sendto_one(target_p, form_str(ERR_SASLFAIL), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
+                       if (target_p->localClient->sasl_messages > 0)
+                       {
+                               if (throttle_add((struct sockaddr*)&target_p->localClient->ip))
+                               {
+                                       exit_client(target_p, target_p, &me, "Too many failed authentication attempts");
+                                       return;
+                               }
+                       }
+               }
                else if(*parv[4] == 'S') {
                        sendto_one(target_p, form_str(RPL_SASLSUCCESS), me.name, EmptyString(target_p->name) ? "*" : target_p->name);
                        target_p->localClient->sasl_complete = 1;
                        ServerStats.is_ssuc++;
                }
                *target_p->localClient->sasl_agent = '\0'; /* Blank the stored agent so someone else can answer */
+               target_p->localClient->sasl_messages = 0;
        }
        else if(*parv[3] == 'M')
                sendto_one(target_p, form_str(RPL_SASLMECHS), me.name, EmptyString(target_p->name) ? "*" : target_p->name, parv[4]);
Fork of solanum ircd, history is rebased regularly