Using SASL to authenticate before connecting causes timeouts

[duckspike]

I'm not the server administrator in this instance, however I would like to report this as a bug.

Version: elemental-ircd-6.6.2
Client(s) Tested: HexChat 2.10.2 on Windows 8.1 x64, AndChat v1.4.3.2 (LG G3)
IRC Services: atheme 7.2.6. services.ext3.net c961688c910803158202b27d4b9237acb100f251 :ceFljtR [elemental-ircd] [enc:posix] Build Date: Jul 26 2015

Issue Proof:

HexChat
[17:44:48] -!- Connection established, authenticating..
[17:44:48] -!- *** Looking up your hostname...
[17:44:48] -!- *** Checking Ident
[17:44:48] -!- *** No Ident response
[17:44:48] -!- *** Couldn't look up your hostname
[17:44:48] * Capabilities supported: account-notify extended-join multi-prefix sasl
[17:44:48] * Capabilities requested: account-notify extended-join multi-prefix sasl
[17:44:48] -!- Nickname Duck is already in use, trying for Duck_
[17:44:48] * Capabilities acknowledged: account-notify extended-join multi-prefix sasl
[17:45:26] -!- Closing Link: 1.2.3.4 (Connection timed out)
[17:45:26] -!- Lost connection to server (Remote host closed socket).

AndChat

It should be worth noting that HexChat did not appear to bother with trying, whereas AndChat printed the line "Attempting SASL authentication". I believe that the AndChat app simply prints that line whenever the connection is set up to use SASL, and is not a reliable indication of functionality. To close, the network being tested has been known to handle SASL authentication properly in the past.

[ariscop]

Can you get a screenshot of the raw log from hexchat? It's under the window menu

[duckspike]

Here you go:
[19:03:42] << CAP LS
[19:03:42] << NICK Duck
[19:03:42] << USER Duck Duck irc.ext3.net :Duck
[19:03:42] >> :cameleon.ext3.net NOTICE * :* Looking up your hostname...
[19:03:42] >> :cameleon.ext3.net NOTICE * :* Checking Ident
[19:03:42] >> :cameleon.ext3.net NOTICE * :* Couldn't look up your hostname
[19:03:42] >> :cameleon.ext3.net NOTICE * :* No Ident response
[19:03:42] >> :cameleon.ext3.net CAP * LS :account-notify extended-join multi-prefix sasl
[19:03:42] << CAP REQ :account-notify extended-join multi-prefix sasl
[19:03:42] >> :cameleon.ext3.net 433 * Duck :Nickname is already in use.
[19:03:42] << NICK NyanCat
[19:03:42] >> :cameleon.ext3.net CAP * ACK :account-notify extended-join multi-prefix sasl
[19:03:42] << AUTHENTICATE DH-AES
[19:03:42] >> PING :FA449D60
[19:03:44] << PONG :FA449D60
[19:04:39] >> ERROR :Closing Link: 1.2.3.4 (Connection timed out)

[ariscop]

elemental relies on an external agent to handle AUTHENTICATE messages
the atheme side used by ext3.net
the elemental side

[ariscop]

Consensus on irc was that it's a network issue, perhaps elemental can do better here though?
when there's no agent or the agent is unreachable some kind of error would be preferable to a timeout

[kaniini]

Charybdis 3.5 and later disable the sasl capability if a defined SASL agent is unavailable.

[demize]

I'm also having this issue, but only on the server not directly linked to the services. Is it possible it just hasn't been told where the SASL agent is? I've tried to add it to the config, but the general::sasl_service option Charybdis has doesn't work here and I can't find anything else that might fit.

[ariscop]

@duckspike 's issue appeared to be that saslserv was online but not responding, so the irc server would have a known agent

Connection timed out during sasl should just cancel sasl

[janicez]

Hey.

m_sasl.c is not actually compiling on my instance, I had to fucker the Makefile to get it to. Luckily once the makefile in sourceroot/modules is modified to include an entry for m_sasl.la, everything compiles cleanly and it slides in smoother than a... I'm not going to go there.

[Xe]

Can you please open a new issue for this?

[janicez]

Okay.