Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SASL AUTHENTICATE does not work with a prefix #1212

Closed
DanielOaks opened this Issue Dec 21, 2015 · 3 comments

Comments

Projects
None yet
3 participants
@DanielOaks
Copy link

DanielOaks commented Dec 21, 2015

When an AUTHENTICATE message is sent from the server and it includes a prefix, it does not seem to be parsed as a proper SASL message. This causes a hang when trying to authenticate with our server (mammon).

RFC1459 specifies that prefixes are an optional part of messages, and the SASL specification does not prohibit prefixes on this specific message.

I believe this is related to how the AUTHENTICATE/etc messages are parsed here, but I'm not a ZNC dev.

Here's an example log taken with znc -D:

[2015-12-21 18:35:39.322267] (dan/testnet) IRC -> ZNC [:mammon.dnt CAP dan ACK :sasl ]
[2015-12-21 18:35:39.322502] (dan/testnet) ZNC -> IRC [AUTHENTICATE PLAIN] (queued)
[2015-12-21 18:35:40.325589] (dan/testnet) ZNC -> IRC [CAP REQ :server-time]
[2015-12-21 18:35:40.327845] (dan/testnet) IRC -> ZNC [:mammon.dnt CAP dan ACK :server-time ]
[2015-12-21 18:35:41.331506] (dan/testnet) ZNC -> IRC [AUTHENTICATE PLAIN]
[2015-12-21 18:35:41.333488] (dan/testnet) IRC -> ZNC [@time=2015-12-21T08:35:40.000Z :mammon.dnt AUTHENTICATE +]
[2015-12-21 18:35:41.333844] (dan/testnet) ZNC -> CLI [:mammon.dnt AUTHENTICATE +]
[2015-12-21 18:36:27.275089] (dan/testnet) CLI -> ZNC [PING localhost]
[2015-12-21 18:36:27.275283] (dan/testnet) ZNC -> CLI [:irc.znc.in PONG irc.znc.in localhost]
[2015-12-21 18:36:27.275404] (dan/testnet) ZNC -> IRC [PING localhost]
[2015-12-21 18:36:27.277628] (dan/testnet) IRC -> ZNC [@time=2015-12-21T08:36:26.000Z :mammon.dnt PONG localhost]

And here's me continuing the registration manually with CAP END to the raw module:

[2015-12-21 18:38:00.230835] (dan/testnet) CLI -> ZNC [PRIVMSG *raw :CAP END]
[2015-12-21 18:38:00.230954] (dan/testnet) ZNC -> CLI [:*raw!znc@znc.in PRIVMSG dan :YOU -> [PRIVMSG *raw :CAP END]]
[2015-12-21 18:38:00.231177] (dan/testnet) ZNC -> IRC [CAP END]
[2015-12-21 18:38:00.300740] (dan/testnet) IRC -> ZNC [@time=2015-12-21T08:37:59.000Z :mammon.dnt NOTICE dan :*** You are connected using TLSv1/SSLv3-ECDHE-RSA-AES256-GCM-SHA384-256]
[2015-12-21 18:38:00.300867] (dan/testnet) ZNC -> CLI [:*raw!znc@znc.in PRIVMSG dan :IRC -> [@time=2015-12-21T08:37:59.000Z :mammon.dnt NOTICE dan :*** You are connected using TLSv1/SSLv3-ECDHE-RSA-AES256-GCM-SHA384-256]]
[2015-12-21 18:38:00.301112] (dan/testnet) ZNC -> CLI [:mammon.dnt NOTICE dan :*** You are connected using TLSv1/SSLv3-ECDHE-RSA-AES256-GCM-SHA384-256]
[2015-12-21 18:38:00.301185] (dan/testnet) IRC -> ZNC [@time=2015-12-21T08:37:59.000Z :mammon.dnt 906 dan :SASL authentication aborted]
[2015-12-21 18:38:00.301234] (dan/testnet) ZNC -> CLI [:*raw!znc@znc.in PRIVMSG dan :IRC -> [@time=2015-12-21T08:37:59.000Z :mammon.dnt 906 dan :SASL authentication aborted]]
[2015-12-21 18:38:00.301398] (dan/testnet) ZNC -> CLI [:mammon.dnt 906 dan :SASL authentication aborted]
[2015-12-21 18:38:00.301461] (dan/testnet) IRC -> ZNC [@time=2015-12-21T08:37:59.000Z :mammon.dnt 001 dan :Welcome to the DanNet IRC Network, dan!~d@localhost.localdomain]

Please note that we also send prefixes with all of our numerics (and we can also send tags with numerics and AUTHENTICATE if they are enabled, as with server-time there). I'm not sure how that's handled by/with the sasl module.

OS version: Fedora 23 - Linux twi 4.2.6-300.fc23.x86_64 #1 SMP Tue Nov 10 19:32:21 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
ZNC version: 16a8c77

@Mikaela

This comment has been minimized.

Copy link
Contributor

Mikaela commented Dec 21, 2015

And mammon's behaviour is what I am asking with #1210.

@DarthGandalf

This comment has been minimized.

Copy link
Member

DarthGandalf commented Dec 22, 2015

RFC1459 specifies that prefixes are an optional part of messages

It looks like you mean tags, not prefixes. But RFC 1459 doesn't mention message tags at all; they appeared much later, in IRCv3.

@DanielOaks

This comment has been minimized.

Copy link
Author

DanielOaks commented Dec 22, 2015

Sorry, "that a prefix is an optional part of messages" is what I probably should have said. It's just the prefix which is causing this main issue, but I figured I'd mention tags further down just to keep in mind if the parsing already has to be changed to allow for a prefix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.