handles server.ip-check-script.exempt-sasl: run the ip check script at the end of the handshake, only for anonymous connections
(config *Config, session *Session)
| 350 | // handles server.ip-check-script.exempt-sasl: |
| 351 | // run the ip check script at the end of the handshake, only for anonymous connections |
| 352 | func (server *Server) checkBanScriptExemptSASL(config *Config, session *Session) (outcome AuthOutcome) { |
| 353 | // TODO add caching for this; see related code in (*server).checkBans; |
| 354 | // we should probably just put an LRU around this instead of using the DLINE system |
| 355 | ipaddr := session.IP() |
| 356 | output, err := CheckIPBan(server.semaphores.IPCheckScript, config.Server.IPCheckScript, ipaddr) |
| 357 | if err != nil { |
| 358 | server.logger.Error("internal", "couldn't check IP ban script", ipaddr.String(), err.Error()) |
| 359 | return authSuccess |
| 360 | } |
| 361 | if output.Result == IPBanned || output.Result == IPRequireSASL { |
| 362 | server.logger.Info("connect-ip", session.connID, "Rejecting unauthenticated client due to ip-check-script", ipaddr.String()) |
| 363 | if output.BanMessage != "" { |
| 364 | session.client.requireSASLMessage = output.BanMessage |
| 365 | } |
| 366 | return authFailSaslRequired |
| 367 | } |
| 368 | return authSuccess |
| 369 | } |
| 370 | |
| 371 | func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) { |
| 372 | // XXX PROXY or WEBIRC MUST be sent as the first line of the session; |
no test coverage detected