Anope Bug Tracker - Anope Development (1.9.x series)
View Issue Details
0001482Anope Development (1.9.x series)Otherpublic2013-02-16 09:322013-02-19 06:22
nenolod 
DukePyrolator 
normalminoralways
resolvedfixed 
 
1.9.x-GIT 
0001482: SASL support should authfail if the requested mechanism isn't implemented
Requesting mechanisms like DH-BLOWFISH or ECDSA-NIST256P-CHALLENGE which are unsupported presently in Anope are instead interpreted to be the same as PLAIN.

They should, instead, authfail so that the client may properly fallback to PLAIN.
No tags attached.
patch anope-sasl-authfail.patch (1,710) 2013-02-16 23:42
https://bugs.anope.org/file_download.php?file_id=342&type=bug
Issue History
2013-02-16 09:32nenolodNew Issue
2013-02-16 23:42nenolodFile Added: anope-sasl-authfail.patch
2013-02-16 23:43nenolodNote Added: 0006378
2013-02-17 13:27DukePyrolatorAssigned To => DukePyrolator
2013-02-17 13:27DukePyrolatorStatusnew => assigned
2013-02-17 13:30DukePyrolatorNote Added: 0006379
2013-02-17 13:30DukePyrolatorStatusassigned => resolved
2013-02-17 13:30DukePyrolatorFixed in Version => 1.9.x-GIT
2013-02-17 13:30DukePyrolatorResolutionopen => fixed
2013-02-18 02:29nenolodNote Added: 0006383
2013-02-18 02:29nenolodStatusresolved => feedback
2013-02-18 02:29nenolodResolutionfixed => reopened
2013-02-19 06:22DukePyrolatorNote Added: 0006384
2013-02-19 06:22DukePyrolatorStatusfeedback => resolved
2013-02-19 06:22DukePyrolatorResolutionreopened => fixed

Notes
(0006384)
DukePyrolator   
2013-02-19 06:22   
fixed in https://github.com/anope/anope/commit/d0e1f3b66a9bbee91bade0b57c3335908704c2e5 [^]
(0006383)
nenolod   
2013-02-18 02:29   
hello,

i typoed the patch, and it worked simply as a side effect of most SASL stacks not understanding the input given back by services.

the "C F" should be changed to "D F" to indicate "done" verb instead of "continue" verb. this will trigger a server-side abort instead of client-side abort.
(0006379)
DukePyrolator   
2013-02-17 13:30   
thanks for reporting :)

fixed in https://github.com/anope/anope/commit/bcf99d599862d8a7a6741b5f805c593fe7bf4aea0 [^]
(0006378)
nenolod   
2013-02-16 23:43   
Attached patch adds a check to ensure that the requested mechanism is PLAIN and fails the authentication request if it is not.