Reply with RPL_SASLFAIL instead of NOTICE on invalid base64

progval · spb · commit 8353f2a42fbc · 2026-02-08T00:59:03.000Z
This is consistent with Ergo, InspIRCd, Solanum, UnrealIRCd
diff --git a/sable_ircd/src/command/handlers/services/sasl.rs b/sable_ircd/src/command/handlers/services/sasl.rs
@@ -6,6 +6,8 @@ use sable_network::{
 use super::*;
 use base64::prelude::*;
 
+const DEFAULT_SASL_FAIL: &str = "SASL authentication failed";
+
 #[command_handler("AUTHENTICATE")]
 async fn handle_authenticate(
     source: PreClientSource,
@@ -22,7 +24,7 @@ async fn handle_authenticate(
             RemoteServicesServerRequestType::AbortAuthenticate(*session)
         } else {
             let Ok(data) = BASE64_STANDARD.decode(text) else {
-                response.notice("Invalid base64");
+                response.numeric(make_numeric!(SaslFail, "Invalid Base64"));
                 return Ok(());
             };
 
@@ -39,7 +41,7 @@ async fn handle_authenticate(
 
         for ban in net.network_bans().find_pre_sasl(&user_details) {
             if let NetworkBanAction::DenySasl = ban.action {
-                response.numeric(make_numeric!(SaslFail));
+                response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));
                 return Ok(());
             }
         }
@@ -88,7 +90,7 @@ async fn handle_authenticate(
                     response.numeric(make_numeric!(SaslSuccess));
                 }
                 Fail => {
-                    response.numeric(make_numeric!(SaslFail));
+                    response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));
                 }
                 Aborted => {
                     response.numeric(make_numeric!(SaslAborted));
@@ -116,6 +118,6 @@ fn do_sasl_external(
         }
     }
 
-    response.numeric(make_numeric!(SaslFail));
+    response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));
     Ok(())
 }
diff --git a/sable_ircd/src/messages/numeric.rs b/sable_ircd/src/messages/numeric.rs
@@ -138,6 +138,6 @@ define_messages! {
 
     900(LoggedIn)           => { (account: &Nickname) => "* {account} :You are now logged in as {account}" },  // TODO: <nick>!<ident>@<host> instead of *
     903(SaslSuccess)        => { () => ":SASL authentication successful" },
-    904(SaslFail)           => { () => ":SASL authentication failed" },
+    904(SaslFail)           => { (reason: &str)                 => ":{reason}" },
     906(SaslAborted)        => { () => ":SASL authentication aborted" }
 }

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,8 @@ use sable_network::{`
`6`	`6`	`use super::*;`
`7`	`7`	`use base64::prelude::*;`
`8`	`8`
	`9`	`+const DEFAULT_SASL_FAIL: &str = "SASL authentication failed";`
	`10`	`+`
`9`	`11`	`#[command_handler("AUTHENTICATE")]`
`10`	`12`	`async fn handle_authenticate(`
`11`	`13`	`source: PreClientSource,`
`@@ -22,7 +24,7 @@ async fn handle_authenticate(`
`22`	`24`	`RemoteServicesServerRequestType::AbortAuthenticate(*session)`
`23`	`25`	`} else {`
`24`	`26`	`let Ok(data) = BASE64_STANDARD.decode(text) else {`
`25`		`- response.notice("Invalid base64");`
	`27`	`+ response.numeric(make_numeric!(SaslFail, "Invalid Base64"));`
`26`	`28`	`return Ok(());`
`27`	`29`	`};`
`28`	`30`
`@@ -39,7 +41,7 @@ async fn handle_authenticate(`
`39`	`41`
`40`	`42`	`for ban in net.network_bans().find_pre_sasl(&user_details) {`
`41`	`43`	`if let NetworkBanAction::DenySasl = ban.action {`
`42`		`- response.numeric(make_numeric!(SaslFail));`
	`44`	`+ response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));`
`43`	`45`	`return Ok(());`
`44`	`46`	`}`
`45`	`47`	`}`
`@@ -88,7 +90,7 @@ async fn handle_authenticate(`
`88`	`90`	`response.numeric(make_numeric!(SaslSuccess));`
`89`	`91`	`}`
`90`	`92`	`Fail => {`
`91`		`- response.numeric(make_numeric!(SaslFail));`
	`93`	`+ response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));`
`92`	`94`	`}`
`93`	`95`	`Aborted => {`
`94`	`96`	`response.numeric(make_numeric!(SaslAborted));`
`@@ -116,6 +118,6 @@ fn do_sasl_external(`
`116`	`118`	`}`
`117`	`119`	`}`
`118`	`120`
`119`		`- response.numeric(make_numeric!(SaslFail));`
	`121`	`+ response.numeric(make_numeric!(SaslFail, DEFAULT_SASL_FAIL));`
`120`	`122`	`Ok(())`
`121`	`123`	`}`
Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,6 @@ define_messages! {`
`138`	`138`
`139`	`139`	`900(LoggedIn) => { (account: &Nickname) => "* {account} :You are now logged in as {account}" }, // TODO: <nick>!<ident>@<host> instead of *`
`140`	`140`	`903(SaslSuccess) => { () => ":SASL authentication successful" },`
`141`		`- 904(SaslFail) => { () => ":SASL authentication failed" },`
	`141`	`+ 904(SaslFail) => { (reason: &str) => ":{reason}" },`
`142`	`142`	`906(SaslAborted) => { () => ":SASL authentication aborted" }`
`143`	`143`	`}`