diff --git a/data/nickserv.example.conf b/data/nickserv.example.conf index 472ce43d3..9b0328111 100644 --- a/data/nickserv.example.conf +++ b/data/nickserv.example.conf @@ -605,6 +605,22 @@ module * The nick of the client which operates as the SASL agent. */ #agent = "NickServ" + + + /* + * Sets the number of invalid SASL authentication attempts before services + * removes a partially-connected user from the network. If not defined then + * the value specified in options:badpasslimit will be used instead. + */ + #badpasslimit = 1 + + /* + * Sets the time after which invalid SASL authentication attempts are + * forgotten about. If a user does not fail to authenticate in this amount + * of time, the incorrect password count will reset to zero. If not defined + * then the value specified in options:badpasstimeout will be used instead. + */ + #badpasstimeout = 15m } /* diff --git a/modules/nickserv/ns_sasl.cpp b/modules/nickserv/ns_sasl.cpp index 39c336736..2d33a230c 100644 --- a/modules/nickserv/ns_sasl.cpp +++ b/modules/nickserv/ns_sasl.cpp @@ -239,6 +239,9 @@ private: Anope::map sessions; public: + unsigned badpasslimit; + unsigned badpasstimeout; + SASLService(Module *o) : SASL::Service(o) , Timer(o, 60, true) @@ -403,7 +406,6 @@ public: return; } - const auto badpasslimit = Config->GetBlock("options").Get("badpasslimit"); if (!badpasslimit) return; @@ -412,7 +414,6 @@ public: it = badpasswords.emplace(session->uid, std::make_pair(0, 0)).first; auto &[invalid_pw_time, invalid_pw_count] = it->second; - const auto badpasstimeout = Config->GetBlock("options").Get("badpasstimeout"); if (badpasstimeout > 0 && invalid_pw_time > 0 && invalid_pw_time < Anope::CurTime - badpasstimeout) invalid_pw_count = 0; @@ -437,7 +438,6 @@ public: void Tick() override { - const auto badpasstimeout = Config->GetBlock("options").Get("badpasstimeout"); for (auto it = badpasswords.begin(); it != badpasswords.end(); ) { if (it->second.first + badpasstimeout < Anope::CurTime) @@ -500,6 +500,18 @@ public: catch (ModuleException &) { } } + void OnReload(Configuration::Conf &conf) override + { + const auto &modconf = conf.GetModule(this); + const auto &options = conf.GetBlock("options"); + + sasl.badpasslimit = modconf.Get("badpasslimit"); + if(!sasl.badpasslimit) + sasl.badpasslimit = options.Get("badpasslimit"); + + sasl.badpasstimeout = options.Get("badpasstimeout"); + } + ~ModuleSASL() override { delete external;