Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
saslserv/main: Track EID we're pending login to
The existing model does not remember that we've sent a SVSLOGIN for a given SASL session, and simply assumes that if a client is introduced with a SASL session open, that session must have succeeded. The security of this approach requires ircd to implicitly abort SASL sessions on client registration. This also means that if a client successfully authenticates and then does something else its pending login is forgotten about, even though a SVSLOGIN has been sent for it, and the ircd is going to think it's logged in. This change removes the dependency on ircd's state machine by keeping explicit track of the pending login, i.e. the one we've most recently sent a SVSLOGIN for. The next commit will ensure that a client abort (even an implicit one) doesn't blow that information away.
- Loading branch information