From b68befc29a5058270692784e336848db6b9e94d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= Date: Wed, 9 Mar 2016 00:15:43 +0200 Subject: [PATCH 1/2] m_sasl: Send certfp for SASL EXTERNAL --- src/modules/m_sasl.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/modules/m_sasl.c b/src/modules/m_sasl.c index db38c65ce..92ddde277 100644 --- a/src/modules/m_sasl.c +++ b/src/modules/m_sasl.c @@ -238,8 +238,16 @@ CMD_FUNC(m_authenticate) agent_p = find_client(sptr->local->sasl_agent, NULL); if (agent_p == NULL) - sendto_server(NULL, 0, 0, ":%s SASL %s %s S %s", - me.name, SASL_SERVER, encode_puid(sptr), parv[1]); + { + char *certfp = moddata_client_get(sptr, "certfp"); + + if (certfp) + sendto_server(NULL, 0, 0, ":%s SASL %s %s S %s %s", + me.name, SASL_SERVER, encode_puid(sptr), parv[1], certfp); + else + sendto_server(NULL, 0, 0, ":%s SASL %s %s S %s", + me.name, SASL_SERVER, encode_puid(sptr), parv[1]); + } else sendto_server(NULL, 0, 0, ":%s SASL %s %s C %s", me.name, AGENT_SID(agent_p), encode_puid(sptr), parv[1]); From 6c1e9fc63b17a6aa421c9690b536df83d2604047 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mantas=20Mikul=C4=97nas?= Date: Wed, 9 Mar 2016 00:20:22 +0200 Subject: [PATCH 2/2] m_sasl: Send user IP address to services The user is not 'registered' yet at this point, so manually inform services of their IP address (the syntax is "H "). Services might use this when informing the user of failed auth attempts, or when ratelimiting bruteforce. --- src/modules/m_sasl.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/modules/m_sasl.c b/src/modules/m_sasl.c index 92ddde277..fe63d3154 100644 --- a/src/modules/m_sasl.c +++ b/src/modules/m_sasl.c @@ -239,8 +239,12 @@ CMD_FUNC(m_authenticate) if (agent_p == NULL) { + char *addr = BadPtr(sptr->ip) ? "0" : sptr->ip; char *certfp = moddata_client_get(sptr, "certfp"); + sendto_server(NULL, 0, 0, ":%s SASL %s %s H %s %s", + me.name, SASL_SERVER, encode_puid(sptr), addr, addr); + if (certfp) sendto_server(NULL, 0, 0, ":%s SASL %s %s S %s %s", me.name, SASL_SERVER, encode_puid(sptr), parv[1], certfp);