View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0006464 | unreal | ircd | public | 2024-08-30 13:38 | 2024-08-30 20:03 |
| Reporter | Jellis | Assigned To | syzop | ||
| Priority | low | Severity | minor | Reproducibility | always |
| Status | resolved | Resolution | fixed | ||
| Platform | Linux | OS | Debian Bookworm | OS Version | 12 |
| Product Version | 6.1.7.1 | ||||
| Fixed in Version | 6.1.8 | ||||
| Summary | 0006464: require authentication { } not allowing SASL users in | ||||
| Description | It appears that the require authentication { } block correctly issues a K-Line when using ASNs (which is expected), but the ban is not applied as a soft ban. As a result, while the user is denied access when attempting to connect (as intended), they are also denied access even after successfully authenticating via SASL. The services log shows that the IP/User successfully identifies with SASL, but the IRCd still disconnects the user regardless of whether SASL was used. The disconnection occurs with the reason specified in the block. Example: require authentication { mask { asn { 9009; 137409; } } reason "You need SASL auth to make use of this ASN/VPN"; } When connecting from ASN 9009 or 137409, the user is disconnected with the message: K-Lined: You need SASL auth to make use of this ASN/VPN. When connecting from ASN 9009 or 137409 with correct SASL authentication, the user is also disconnected with the same message: K-Lined: You need SASL auth to make use of this ASN/VPN. However, when using soft bans (e.g., /gline %~asn:9009 0 You need SASL auth to make use of this ASN/VPN), everything works as intended. | ||||
| Steps To Reproduce | Place a require authentication { } in config with ASN as mask-type and try to connect, then try to connect via SASL. | ||||
| Additional Information | Bug looks confirmed (via IRC chat #unreal-support) by PeGaSuS | ||||
| Tags | No tags attached. | ||||
| 3rd party modules | |||||
|
|
Can confirm. When using: /gline %~asn:19969 0 :Too many abuses from this ASN. Use SASL to identify to your account. I get: [30/08/2024 - 13:43:46] <irc.domain.tld> [info] Soft G-Line added: '%~asn:19969' [reason: Too many abuses from this ASN. Use SASL to identify to your account.] [by: James!ubuntu@<hostname>] [duration: permanent] and the user is able to connect: /* Services Channel */ [30/08/2024 - 13:45:47] <+NickServ> SASL: <redacted> (<redacted>) identified to account Test2024 using SASL /* UnrealIRCd connect notice */ [30/08/2024 - 13:45:47] <irc2.ptirc.org> [info] Client connecting: Test2024 (~Wockets@<redacted>) [<redacted>] [vhost: <vhost>] [class: clients] [secure: TLSv1.3-TLS_CHACHA20_POLY1305_SHA256] [account: Test2024] [country: US] [asn: 19969] [asname: JOESDATACENTER] [reputation: 0] [security-groups: known-users,websocket-users,tls-users] But when using: require authentication {
mask {
asn {
19969;
}
}
reason "Too many abuses from this ASN. Use SASL to identify to your account.";
}
I get: /* Services channel */ [30/08/2024 - 13:50:20] <+NickServ> SASL: <redacted> (<redacted>) identified to account Test2024 using SASL /* IRC client (KiwiIRC)*/ You are not welcome on this server. K-Lined: Too many abuses from this ASN. Use SASL to identify to your account.. Email [email protected] for more information. Closing Link: Test2024[<redacted>] (Banned (K-Lined): Too many abuses from this ASN. Use SASL to identify to your account.) and the user is unable to connect. |
|
|
Thanks for the report. This affects all require authentication { } blocks, asn or not. Fixed in https://github.com/unrealircd/unrealircd/commit/99bc061a741224cf667cc558f455b627c71cd6f9 commit 99bc061a741224cf667cc558f455b627c71cd6f9 (HEAD -> unreal60_dev, origin/unreal60_dev, origin/HEAD) Author: Bram Matthys <[email protected]> Date: Fri Aug 30 19:59:56 2024 +0200 Fix require authentication { } not allowing SASL users in. It was behaving like a ban user { } block. Reported by Jellis in https://bugs.unrealircd.org/view.php?id=6464 |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-08-30 13:38 | Jellis | New Issue | |
| 2024-08-30 14:02 | PeGaSuS | Note Added: 0023324 | |
| 2024-08-30 20:00 | syzop | Summary | require authentication { } not allowing SASL when used with ~asn => require authentication { } not allowing SASL users in |
| 2024-08-30 20:03 | syzop | Assigned To | => syzop |
| 2024-08-30 20:03 | syzop | Status | new => resolved |
| 2024-08-30 20:03 | syzop | Resolution | open => fixed |
| 2024-08-30 20:03 | syzop | Fixed in Version | => 6.1.8 |
| 2024-08-30 20:03 | syzop | Note Added: 0023325 |
