mammon.ext.ircv3.sasl: Allow 400-length continuation lines

[DanielOaks]

This lets the AUTHENTICATE command accept the 400-length continuation lines. This allows four 400-length lines and one more line (either just a + or the rest of the password).

If they send more 400-length lines after those first four, it will reject it for length. We can change that without too much trouble, but it's probably good to limit it to stop it from just endlessly growing.

Fixes #87 and #70.

Also threw in a small fix in m_sasl_plain to dump 904 when they send an invalid line.

[progval]

Could you make this configurable?

[DanielOaks]

Could if we really wanted to, but I don't think users can REG a passphrase
long enough to overrun this right now. (Though, given we accept 2048 rather
than 512... might do it actually. Don't think I took that into account)

Once we have other mechanisms than PLAIN, might be good to allow larger
values too.

On Saturday, January 30, 2016, Valentin Lorentz notifications@github.com
wrote:

In mammon/ext/ircv3/sasl.py
#89 (comment):

         cli.dump_numeric('905', ['SASL message too long'])
         cli.sasl = None

•        cli.sasl_tmp = ''
  

•        return
  

•    elif len(raw_data) == 400:
  

•        if not hasattr(cli, 'sasl_tmp'):
  

•            cli.sasl_tmp = ''
  

•        cli.sasl_tmp += raw_data
  

•        # allow 4 'continuation' lines before rejecting for length
  

•        if len(cli.sasl_tmp) > 400 \* 4:
  

Could you make this configurable?

—
Reply to this email directly or view it on GitHub
https://github.com/mammon-ircd/mammon/pull/89/files#r51342828.

[progval]

👍