IRC: used nickname makes authentication fail

Diego Nieto Cid dnietoc at gmail.com
Sat May 7 15:35:28 EDT 2016 

Hello

I've noticed an issue when Pidgin tries to reconnect to IRC after network
interruptions. I'm connecting to "chat.freenode.net" to a registered
nickname and authenticating via SASL.

The problem is that if the reconnection happens before the original
connection is removed from the FreeNode network, Pidgin will keep saying
that the password is incorrect.

Using Wireshark, I captured the packets[*] sent during a reconnection to
analyse what was happening and I found that the nickname was changed to an
alternate one (by appending the digit 1) in the middle of the
authentication process. Thus, the server believes the authentication is
done against the alternative nickname which may or may not have the same
password as the account configuration says.

The packet capture also shows that after SASL authentication is aborted
(with "CAP END" I think) the IRC network accepts our connection and sends
back welcome messages. Unfortunately, it's too late because Pidgin already
closed the connection.

A solution could be to avoid authentication when using an alternative
nickname (for instance by aborting the SASL procedure in irc_msg_nickused?).

Of course I could also register my nickname with a 1 appended, or try again
later, etc. Just wanted to know what developers thought about the issue.

Thanks,
Diego

----

[*] (if your MUA has a variable width font, see
http://paste.debian.net/682789/ )

Dir    Message                           recv/send order
=============================================================================
C>S    CAP REQ :sasl                      1. irc.c:405:do_login
S>C    NOTICE *                           4. msgs.c:1202:irc_msg_notice
C>S    USER name * host :purple           2. irc.c:441:do_login
       NICK name                          3. irc.c:450:do_login
S>C    NOTICE *                           5. msgs.c:1202:irc_msg_notice
S>C    NOTICE *                           6. msgs.c:1202:irc_msg_notice
S>C    NOTICE *                           7. msgs.c:1202:irc_msg_notice
S>C    CAP * ACK :sasl                    8. msgs.c:1573:irc_msg_cap
       433 * name :Nickname in use       10. msgs.c:1161:irc_msg_nickused
C>S    AUTHENTICATE <digest-md5>          9.
msgs.c:1565:irc_auth_start_cyrus
C>S    NICK name1                        11. msgs.c:1196:irc_msg_nickused
S>C    904 * :sasl auth failed           12.
msgs.c:1710:irc_msg_authtryagain
C>S    AUTHENTICATE <external>           13.
msgs.c:1565:irc_auth_start_cyrus
S>C    904 name1 :sasl auth failed       14.
msgs.c:1710:irc_msg_authtryagain
C>S    AUTHENTICATE <cram-md5>           15.
msgs.c:1565:irc_auth_start_cyrus
S>C    904 name1 :sasl auth failed       16.
msgs.c:1710:irc_msg_authtryagain
C>S    AUTHENTICATE <plain>              17.
msgs.c:1565:irc_auth_start_cyrus
S>C    AUTHENTICATE +                    18. msgs.c:1647:irc_msg_auth
C>S    AUTHENTICATE <name's password>    19. msgs.c:1687:irc_msg_auth
S>C    904 name1 :sasl auth failed       20.
msgs.c:1710:irc_msg_authtryagain
C>S    CAP END                           21. msgs.c:1782:irc_sasl_finish
C>S    QUIT                              22. cmds.c:466:irc_cmd_quit
                                         ( eventually as a result of
                                           purple_connection_error_reason
                                           called at msgs.c:1719)
S>C    906 name1 :sals auth aborted
C>S    [TCP RST,ACK]
S>C    001 name1 :Welcome ....
       002 name1 :Your host is...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pidgin.im/pipermail/devel/attachments/20160507/65175202/attachment.html>

More information about the Devel mailing list