View Issue Details

IDProjectCategoryView StatusLast Update
0005205unrealircdpublic2019-02-11 09:57
ReportersyzopAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version4.2.2-rc1 
Target VersionFixed in Version4.2.2-rc2 
Summary0005205: post-registration SASL not working
DescriptionIt seems the AUTHENTICATE command is not available to regular users.
TagsNo tags attached.
3rd party modules

Activities

Koragg

2019-02-09 09:52

reporter   ~0020483

Dear syzop,

The way SASL authentication works, that is not a flaw but by design as SASL is only available DURING registration and NOT post registration. Thus, it is more of a feature or rather by design, rather than a bug.

Regards,

Koragg

jesopo

2019-02-09 10:25

reporter   ~0020484

Hi Koragg

That's not the case - https://ircv3.net/specs/extensions/sasl-3.2.html#sasl-reauthentication

The idea is that when services go offline, the server sends `CAP DEL :sasl`; when services come back online, the server sends `CAP NEW :sasl` thus allowing the users to automatically reauthenticate with nickserv.

Cheers.

Koragg

2019-02-09 10:44

reporter   ~0020485

Hello jesopo,

Thank You for the clarification I was not taking this aspect into consideration. You are right with that of course, thanks a lot for the correction.

Regards,

Koragg

syzop

2019-02-09 15:32

administrator   ~0020486

Last edited: 2019-02-09 15:33

View 3 revisions

Right, so yeah, this feature is not new to me. I already decided in 2017 to announce CAP NEW sasl when services return to fix this problem when services link in (too late) after a server restart and users are already connected (post-handshake). See https://github.com/ircv3/ircv3-specifications/issues/332
It's just unfortunate that apparently the actual AUTHENTICATION was not tested and never worked ;)

Anyway, in order to fix this we need changes in both UnrealIRCd and anope. I have not checked other services.

1) UnrealIRCd:
Fixed in https://github.com/unrealircd/unrealircd/commit/78cd122a050d32b1c352c7142a41e9264344f9aa
commit 78cd122a050d32b1c352c7142a41e9264344f9aa (HEAD -> unreal42, origin/unreal42, origin/HEAD)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sat Feb 9 14:39:34 2019 +0100

    Allow SASL post-registration. Unfortunately the anope unreal4 protocol
    module also requires an update to support this.

2) anope
 Pull request available here https://github.com/anope/anope/pull/235
 This is necessary because anope assumes PUID's, but with above change in UnrealIRCd we use UID's for post-handshake users (otherwise anope would not know which user it targetted)

Issue History

Date Modified Username Field Change
2019-02-09 09:45 syzop New Issue
2019-02-09 09:52 Koragg Note Added: 0020483
2019-02-09 10:25 jesopo Note Added: 0020484
2019-02-09 10:44 Koragg Note Added: 0020485
2019-02-09 15:32 syzop Assigned To => syzop
2019-02-09 15:32 syzop Status new => resolved
2019-02-09 15:32 syzop Resolution open => fixed
2019-02-09 15:32 syzop Fixed in Version => 4.2.2-rc1
2019-02-09 15:32 syzop Note Added: 0020486
2019-02-09 15:33 syzop Note Edited: 0020486 View Revisions
2019-02-09 15:33 syzop Note Edited: 0020486 View Revisions
2019-02-11 09:57 syzop Product Version 4.2.2-rc1 => 4.2.2-rc2
2019-02-11 09:57 syzop Product Version 4.2.2-rc2 => 4.2.2-rc1
2019-02-11 09:57 syzop Fixed in Version 4.2.2-rc1 => 4.2.2-rc2