Fix SASL on some networks

This commit is contained in:
TingPing 2013-10-20 22:29:16 -04:00
parent 62735c54fb
commit 19e3fce2eb
2 changed files with 28 additions and 0 deletions

View File

@ -586,6 +586,7 @@ typedef struct server
unsigned int skip_next_whois:1; /* hide whois output */ unsigned int skip_next_whois:1; /* hide whois output */
unsigned int inside_whois:1; unsigned int inside_whois:1;
unsigned int doing_dns:1; /* /dns has been done */ unsigned int doing_dns:1; /* /dns has been done */
unsigned int retry_sasl:1; /* retrying another sasl mech */
unsigned int end_of_motd:1; /* end of motd reached (logged in) */ unsigned int end_of_motd:1; /* end of motd reached (logged in) */
unsigned int sent_quit:1; /* sent a QUIT already? */ unsigned int sent_quit:1; /* sent a QUIT already? */
unsigned int use_listargs:1; /* undernet and dalnet need /list >0,<10000 */ unsigned int use_listargs:1; /* undernet and dalnet need /list >0,<10000 */

View File

@ -1771,6 +1771,29 @@ inbound_sasl_authenticate (server *serv, char *data)
ircnet *net = (ircnet*)serv->network; ircnet *net = (ircnet*)serv->network;
char *user, *pass = NULL; char *user, *pass = NULL;
const char *mech = sasl_mechanisms[serv->sasl_mech]; const char *mech = sasl_mechanisms[serv->sasl_mech];
int i;
/* Got a list of supported mechanisms */
if (strchr (data, ',') != NULL)
{
if (serv->sasl_mech == MECH_EXTERNAL)
goto sasl_abort;
/* Use most secure one supported */
for (i = MECH_AES; i >= MECH_PLAIN; i--)
{
if (strstr (data, sasl_mechanisms[i]) != NULL)
{
serv->sasl_mech = i;
serv->retry_sasl = TRUE;
tcp_sendf (serv, "AUTHENTICATE %s\r\n", sasl_mechanisms[i]);
return;
}
}
/* Nothing we support */
goto sasl_abort;
}
if (net->user && !(net->flags & FLAG_USE_GLOBAL)) if (net->user && !(net->flags & FLAG_USE_GLOBAL))
user = net->user; user = net->user;
@ -1795,6 +1818,7 @@ inbound_sasl_authenticate (server *serv, char *data)
#endif #endif
} }
sasl_abort:
if (pass == NULL) if (pass == NULL)
{ {
/* something went wrong abort */ /* something went wrong abort */
@ -1815,6 +1839,9 @@ inbound_sasl_authenticate (server *serv, char *data)
int int
inbound_sasl_error (server *serv) inbound_sasl_error (server *serv)
{ {
if (serv->retry_sasl && !serv->sent_saslauth)
return 1;
/* If server sent 904 before we sent password, /* If server sent 904 before we sent password,
* mech not support so fallback to next mech */ * mech not support so fallback to next mech */
if (!serv->sent_saslauth && serv->sasl_mech != MECH_EXTERNAL && serv->sasl_mech != MECH_PLAIN) if (!serv->sent_saslauth && serv->sasl_mech != MECH_EXTERNAL && serv->sasl_mech != MECH_PLAIN)