View Issue Details

IDProjectCategoryView StatusLast Update
0005485unrealircdpublic2019-12-07 10:17
ReporterPeGaSuS Assigned Tosyzop  
PriorityurgentSeveritymajorReproducibilityalways
Status resolvedResolutionfixed 
PlatformUnixOSUbuntu 
Fixed in Version5.0.0 
Summary0005485: SASL authentication only works in the server where services are directly linked
DescriptionOn a multiple servers setup, SASL seems to only work with the server where services are directly linked.

This bug was also reproduced in UnrealIRCd main network.
Steps To Reproduce1) Connect to irc1.unrealircd.org and irc2.unrealircd.org using SASL
2) irc1.* will auth you properly with SASL
3) irc2.* will say that SASL was successful but nonetheless NickServ will ask you for your nick password
Additional Information### Connections to both irc1.* and irc2.* and the result ###

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ Connection to irc1.unrealircd.org @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

[06/12/2019 - 22:52:20] * Looking up irc1.unrealircd.org
[06/12/2019 - 22:52:20] * Connecting to irc1.unrealircd.org (2a05:d018:8f:d100:1:3:3:7:6697)
[06/12/2019 - 22:52:23] * * Subject: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:52:23] * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:52:23] * * Subject: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[06/12/2019 - 22:52:23] * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:52:23] * * Subject: /CN=irc.unrealircd.org
[06/12/2019 - 22:52:23] * * Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[06/12/2019 - 22:52:23] * * Certification info:
[06/12/2019 - 22:52:23] * Subject:
[06/12/2019 - 22:52:23] * CN=irc.unrealircd.org
[06/12/2019 - 22:52:23] * Issuer:
[06/12/2019 - 22:52:23] * C=US
[06/12/2019 - 22:52:23] * O=Let's Encrypt
[06/12/2019 - 22:52:23] * CN=Let's Encrypt Authority X3
[06/12/2019 - 22:52:23] * Public key algorithm: id-ecPublicKey (384 bits)
[06/12/2019 - 22:52:23] * Sign algorithm sha256WithRSAEncryption
[06/12/2019 - 22:52:23] * Valid since Oct 28 23:55:23 2019 GM to Jan 26 23:55:23 2020 GM
[06/12/2019 - 22:52:23] * * Cipher info:
[06/12/2019 - 22:52:23] * Version: TLSv1.3, cipher TLS_CHACHA20_POLY1305_SHA256 (256 bits)
[06/12/2019 - 22:52:23] * Connected. Now logging in.
[06/12/2019 - 22:52:25] * Capabilities supported: unrealircd.org/link-security=2 unrealircd.org/plaintext-policy=user=allow,oper=deny,server=deny sts=port=6697,duration=2592000 extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl=EXTERNAL,PLAIN tls message-tags batch account-tag server-time echo-message draft/labeled-response-0.2
[06/12/2019 - 22:52:25] * Capabilities requested: extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl server-time
[06/12/2019 - 22:52:26] * Capabilities acknowledged: extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl server-time
[06/12/2019 - 22:52:29] * Authenticating via SASL as PeGaSuS (PLAIN)
[06/12/2019 - 22:52:31] * You are now logged in as PeGaSuS.
[06/12/2019 - 22:52:31] * SASL authentication successful
[06/12/2019 - 22:52:31] * Welcome to the Unreal IRC Network PeGaSuS!~PeGaSuS@2a02-8435-1403-8501-d66e-982d-dc23-edd7.rev.sfr.net
[06/12/2019 - 22:52:31] * Your host is irc1.unrealircd.org, running version UnrealIRCd-5.0.0-rc2
[06/12/2019 - 22:52:31] * This server was created Fri Nov 29 2019 at 08:30:09 UTC
[06/12/2019 - 22:52:31] * irc1.unrealircd.org UnrealIRCd-5.0.0-rc2 iowrsxzdHtIDZRqpWGTSB lvhopsmntikraqbeIHzMQNRTOVKDdGLPZSCcf
[06/12/2019 - 22:52:31] * AWAYLEN=307 CASEMAPPING=ascii CHANLIMIT=#:10 CHANMODES=beI,kLf,lH,psmntirzMQNRTOVKDdGPZSCc CHANNELLEN=32 CHANTYPES=# DEAF=d ELIST=MNUCT EXCEPTS EXTBAN=~,ptmTSOcarnqjf HCN INVEX :are supported by this server
[06/12/2019 - 22:52:31] * KICKLEN=307 KNOCK MAP MAXCHANNELS=10 MAXLIST=b:60,e:60,I:60 MAXNICKLEN=30 MINNICKLEN=0 MODES=12 NAMESX NETWORK=Unreal NICKLEN=30 PREFIX=(qaohv)~&@%+ :are supported by this server
[06/12/2019 - 22:52:31] * QUITLEN=307 SAFELIST SILENCE=15 STATUSMSG=~&@%+ TARGMAX=DCCALLOW:,ISON:,JOIN:,KICK:4,KILL:,LIST:,NAMES:1,NOTICE:1,PART:,PRIVMSG:4,SAJOIN:,SAPART:,USERHOST:,USERIP:,WATCH:,WHOIS:1,WHOWAS:1 TOPICLEN=360 UHNAMES USERIP WALLCHOPS WATCH=128 WATCHOPTS=A WHOX :are supported by this server
[06/12/2019 - 22:52:31] * Clk-BFBC260.rev.sfr.net :is now your displayed host
[06/12/2019 - 22:52:31] * *** You are connected to irc1.unrealircd.org with TLSv1.3-TLS_CHACHA20_POLY1305_SHA256
[06/12/2019 - 22:52:31] * There are 1 users and 91 invisible on 3 servers
[06/12/2019 - 22:52:31] * 7 :operator(s) online
[06/12/2019 - 22:52:31] * 24 :channels formed
[06/12/2019 - 22:52:31] * I have 50 clients and 2 servers
[06/12/2019 - 22:52:31] * 50 257 :Current local users 50, max 257
[06/12/2019 - 22:52:31] * 92 301 :Current global users 92, max 301
[06/12/2019 - 22:52:31] * - irc1.unrealircd.org Message of the Day -
[06/12/2019 - 22:52:31] * - 31/12/2016 12:06
[06/12/2019 - 22:52:31] * - Ports: Non-SSL 6667 & 7000; SSL 443 & 6697 & 6900
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - ** Official Channels **
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - UnrealIRCd Support Channels:
[06/12/2019 - 22:52:31] * - #Unreal-Support English Support for UnrealIRCd
[06/12/2019 - 22:52:31] * - #Unreal-Support.de German Support for UnrealIRCd
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - Other UnrealIRCd Channels:
[06/12/2019 - 22:52:31] * - #Unreal-Devel Discussions on the development of UnrealIRCd
[06/12/2019 - 22:52:31] * - Support for UnrealIRCd will only be given in #Unreal-Support
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - ** Other Channels **
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - #Anope Get help with Anope
[06/12/2019 - 22:52:31] * - #atheme Get help with atheme-services
[06/12/2019 - 22:52:31] * - #BOPM Get help with setting up and running a BOPM
[06/12/2019 - 22:52:31] * - #Chat General offtopic chat
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - ** Rules **
[06/12/2019 - 22:52:31] * -
[06/12/2019 - 22:52:31] * - 1. Usual IRC Rules (no flooding, harassing, spaming)
[06/12/2019 - 22:52:31] * - 2. Do not abuse services (excessive nick/channel registration)
[06/12/2019 - 22:52:31] * - 3. Getting support on this network is a privilege, not a
[06/12/2019 - 22:52:31] * - right. We reserve the right to terminate your connection
[06/12/2019 - 22:52:31] * - to this network for any reason, including none.
[06/12/2019 - 22:52:31] * - 4. Only #Unreal* channels are official UnrealIRCd channels.
[06/12/2019 - 22:52:31] * - All other channels claiming to be UnrealIRCd channels will
[06/12/2019 - 22:52:31] * - be closed.
[06/12/2019 - 22:52:31] * - 5. Proxies, open bouncers, and gateways are not permitted.
[06/12/2019 - 22:52:31] * - Private bouncers are permitted as long as they are properly
[06/12/2019 - 22:52:31] * - configured (ex. to not create a flood of nick changes).
[06/12/2019 - 22:52:31] * End of /MOTD command.
[06/12/2019 - 22:52:31] * PeGaSuS sets modes [PeGaSuS :+iwxz]
[06/12/2019 - 22:52:31] * NickServ sets modes [PeGaSuS :+r]

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ Extracted info from above @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

### As it can be seen below, SASL authentication is successful

[06/12/2019 - 22:52:29] * Authenticating via SASL as PeGaSuS (PLAIN)
[06/12/2019 - 22:52:31] * You are now logged in as PeGaSuS.
[06/12/2019 - 22:52:31] * SASL authentication successful

### And i got umode +r

[06/12/2019 - 22:52:31] * PeGaSuS sets modes [PeGaSuS :+iwxz]
[06/12/2019 - 22:52:31] * NickServ sets modes [PeGaSuS :+r]


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ Connection to irc2.unrealircd.org @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

[06/12/2019 - 22:55:50] * Looking up irc2.unrealircd.org
[06/12/2019 - 22:55:50] * Connecting to irc2.unrealircd.org (2001:470:b163::8:6697)
[06/12/2019 - 22:55:53] * * Subject: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:55:53] * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:55:53] * * Subject: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[06/12/2019 - 22:55:53] * * Issuer: /O=Digital Signature Trust Co./CN=DST Root CA X3
[06/12/2019 - 22:55:53] * * Subject: /CN=irc.unrealircd.org
[06/12/2019 - 22:55:53] * * Issuer: /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
[06/12/2019 - 22:55:53] * * Certification info:
[06/12/2019 - 22:55:53] * Subject:
[06/12/2019 - 22:55:53] * CN=irc.unrealircd.org
[06/12/2019 - 22:55:53] * Issuer:
[06/12/2019 - 22:55:53] * C=US
[06/12/2019 - 22:55:53] * O=Let's Encrypt
[06/12/2019 - 22:55:53] * CN=Let's Encrypt Authority X3
[06/12/2019 - 22:55:53] * Public key algorithm: id-ecPublicKey (384 bits)
[06/12/2019 - 22:55:53] * Sign algorithm sha256WithRSAEncryption
[06/12/2019 - 22:55:53] * Valid since Nov 9 07:37:16 2019 GM to Feb 7 07:37:16 2020 GM
[06/12/2019 - 22:55:53] * * Cipher info:
[06/12/2019 - 22:55:53] * Version: TLSv1.3, cipher TLS_CHACHA20_POLY1305_SHA256 (256 bits)
[06/12/2019 - 22:55:53] * Connected. Now logging in.
[06/12/2019 - 22:55:54] * Capabilities supported: unrealircd.org/link-security=2 unrealircd.org/plaintext-policy=user=allow,oper=deny,server=deny sts=port=6697,duration=2592000 extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl=EXTERNAL,PLAIN tls message-tags batch account-tag server-time echo-message draft/labeled-response-0.2
[06/12/2019 - 22:55:54] * Capabilities requested: extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl server-time
[06/12/2019 - 22:55:54] * Capabilities acknowledged: extended-join chghost cap-notify userhost-in-names multi-prefix away-notify account-notify sasl server-time
[06/12/2019 - 22:55:55] * Authenticating via SASL as PeGaSuS (PLAIN)
[06/12/2019 - 22:55:56] * SASL authentication successful
[06/12/2019 - 22:55:57] * Welcome to the Unreal IRC Network PeGaSuS!~PeGaSuS@2a02-8435-1403-8501-d66e-982d-dc23-edd7.rev.sfr.net
[06/12/2019 - 22:55:57] * Your host is irc2.unrealircd.org, running version UnrealIRCd-5.0.0-rc2
[06/12/2019 - 22:55:57] * This server was created Fri Nov 29 2019 at 08:30:39 UTC
[06/12/2019 - 22:55:57] * irc2.unrealircd.org UnrealIRCd-5.0.0-rc2 iowrsxzdHtIDZRqpWGTSB lvhopsmntikraqbeIHzMQNRTOVKDdGLPZSCcf
[06/12/2019 - 22:55:57] * AWAYLEN=307 CASEMAPPING=ascii CHANLIMIT=#:10 CHANMODES=beI,kLf,lH,psmntirzMQNRTOVKDdGPZSCc CHANNELLEN=32 CHANTYPES=# DEAF=d ELIST=MNUCT EXCEPTS EXTBAN=~,pTSOcarnqjfmt HCN INVEX :are supported by this server
[06/12/2019 - 22:55:57] * KICKLEN=307 KNOCK MAP MAXCHANNELS=10 MAXLIST=b:60,e:60,I:60 MAXNICKLEN=30 MINNICKLEN=0 MODES=12 NAMESX NETWORK=Unreal NICKLEN=30 PREFIX=(qaohv)~&@%+ :are supported by this server
[06/12/2019 - 22:55:57] * QUITLEN=307 SAFELIST SILENCE=15 STATUSMSG=~&@%+ TARGMAX=DCCALLOW:,ISON:,JOIN:,KICK:4,KILL:,LIST:,NAMES:1,NOTICE:1,PART:,PRIVMSG:4,SAJOIN:,SAPART:,USERHOST:,USERIP:,WATCH:,WHOIS:1,WHOWAS:1 TOPICLEN=360 UHNAMES USERIP WALLCHOPS WATCH=128 WATCHOPTS=A WHOX :are supported by this server
[06/12/2019 - 22:55:57] * Clk-BFBC260.rev.sfr.net :is now your displayed host
[06/12/2019 - 22:55:57] * *** You are connected to irc2.unrealircd.org with TLSv1.3-TLS_CHACHA20_POLY1305_SHA256
[06/12/2019 - 22:55:57] * There are 1 users and 91 invisible on 3 servers
[06/12/2019 - 22:55:57] * 7 :operator(s) online
[06/12/2019 - 22:55:57] * 24 :channels formed
[06/12/2019 - 22:55:57] * I have 38 clients and 1 servers
[06/12/2019 - 22:55:57] * 38 86 :Current local users 38, max 86
[06/12/2019 - 22:55:57] * 92 301 :Current global users 92, max 301
[06/12/2019 - 22:55:57] * - irc2.unrealircd.org Message of the Day -
[06/12/2019 - 22:55:57] * - 31/12/2016 12:05
[06/12/2019 - 22:55:57] * - Ports: Non-SSL 6667 & 7000; SSL 443 & 6697 & 6900
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - ** Official Channels **
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - UnrealIRCd Support Channels:
[06/12/2019 - 22:55:57] * - #Unreal-Support English Support for UnrealIRCd
[06/12/2019 - 22:55:57] * - #Unreal-Support.de German Support for UnrealIRCd
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - Other UnrealIRCd Channels:
[06/12/2019 - 22:55:57] * - #Unreal-Devel Discussions on the development of UnrealIRCd
[06/12/2019 - 22:55:57] * - Support for UnrealIRCd will only be given in #Unreal-Support
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - ** Other Channels **
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - #Anope Get help with Anope
[06/12/2019 - 22:55:57] * - #atheme Get help with atheme-services
[06/12/2019 - 22:55:57] * - #BOPM Get help with setting up and running a BOPM
[06/12/2019 - 22:55:57] * - #Chat General offtopic chat
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - ** Rules **
[06/12/2019 - 22:55:57] * -
[06/12/2019 - 22:55:57] * - 1. Usual IRC Rules (no flooding, harassing, spaming)
[06/12/2019 - 22:55:57] * - 2. Do not abuse services (excessive nick/channel registration)
[06/12/2019 - 22:55:57] * - 3. Getting support on this network is a privilege, not a
[06/12/2019 - 22:55:57] * - right. We reserve the right to terminate your connection
[06/12/2019 - 22:55:57] * - to this network for any reason, including none.
[06/12/2019 - 22:55:57] * - 4. Only #Unreal* channels are official UnrealIRCd channels.
[06/12/2019 - 22:55:57] * - All other channels claiming to be UnrealIRCd channels will
[06/12/2019 - 22:55:57] * - be closed.
[06/12/2019 - 22:55:57] * - 5. Proxies, open bouncers, and gateways are not permitted.
[06/12/2019 - 22:55:57] * - Private bouncers are permitted as long as they are properly
[06/12/2019 - 22:55:57] * - configured (ex. to not create a flood of nick changes).
[06/12/2019 - 22:55:57] * End of /MOTD command.
[06/12/2019 - 22:55:57] * PeGaSuS sets modes [PeGaSuS :+iwxz]
[06/12/2019 - 22:55:57] -NickServ- This nickname is registered and protected. If it is your
[06/12/2019 - 22:55:57] -NickServ- nick, type /msg NickServ IDENTIFY password. Otherwise,
[06/12/2019 - 22:55:57] -NickServ- please choose a different nick.

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ Extracted info from above @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

### As it can be seen below, SASL authentication is marked as successful (although the "You are now logged in as PeGaSuS." part is missing)

[06/12/2019 - 22:55:55] * Authenticating via SASL as PeGaSuS (PLAIN)
[06/12/2019 - 22:55:56] * SASL authentication successful

### But NickServ still asks to identify to the account

[06/12/2019 - 22:55:57] -NickServ- This nickname is registered and protected. If it is your
[06/12/2019 - 22:55:57] -NickServ- nick, type /msg NickServ IDENTIFY password. Otherwise,
[06/12/2019 - 22:55:57] -NickServ- please choose a different nick.
Tagsbug, link, sasl
3rd party modules

Activities

PeGaSuS

2019-12-07 07:31

reporter   ~0021142

I've set the priority to major and severity to major as this is a blocking feature to release a stable release of UnrealIRCd 5.

syzop

2019-12-07 09:30

administrator   ~0021143

Thanks the report, indeed major.

It's a pitty unrealircd-tests only tests post-registration SASL (which works OK), otherwise this would be discovered by the tests.

syzop

2019-12-07 10:17

administrator   ~0021144

Fixed now and the test frameworks tests it properly. As said, thanks for the report from both of you.

commit 55cad6fe05c607bce87af75a4c5445333f9569ad (HEAD -> unreal50, origin/unreal50)
Author: Bram Matthys <syzop@vulnscan.org>
Date: Sat Dec 7 10:08:27 2019 +0100

    Fix SASL authentication not working properly on servers 2+ hops away
    from services. Reported by Koragg and The_Myth in
    https://bugs.unrealircd.org/view.php?id=5485
    The test framework has been updated to test these cases better.

Issue History

Date Modified Username Field Change
2019-12-06 23:18 PeGaSuS New Issue
2019-12-06 23:18 PeGaSuS Tag Attached: bug
2019-12-06 23:18 PeGaSuS Tag Attached: link
2019-12-06 23:18 PeGaSuS Tag Attached: sasl
2019-12-07 07:31 PeGaSuS Note Added: 0021142
2019-12-07 09:30 syzop Note Added: 0021143
2019-12-07 09:30 syzop Assigned To => syzop
2019-12-07 09:30 syzop Status new => confirmed
2019-12-07 10:17 syzop Status confirmed => resolved
2019-12-07 10:17 syzop Resolution open => fixed
2019-12-07 10:17 syzop Fixed in Version => 5.0.0
2019-12-07 10:17 syzop Note Added: 0021144