Opened 6 years ago

Last modified 8 months ago

#15451 new patch

IRC SASL uses the wrong user name

Reported by: grawity Owned by: elb
Milestone: Patches Needing Improvement Component: IRC
Version: 2.10.6 Keywords:
Cc: TheBayer

Description

Summary: Pidgin uses the current nickname as SASL login. Instead, it should always be using the one entered in Advanced|Username.

  • Sometimes, I want to log in using my alternate nickname. However, Atheme IRC services requires that the primary nickname be given for SASL authentication.
  • Sometimes, I want to log in using a nickname that isn't part of my account (e.g. grawity|home, grawity|test, or similar).
  • Sometimes, my primary nickname is already in use (from my other computer), causing Pidgin to automatically switch to an alternate nickname.

In all cases, Pidgin should use the static username in Advanced|Username, before falling back to the nickname.

Patch attached.

CAP REQ :sasl
:barjavel.freenode.net NOTICE * :*** Looking up your hostname...
USER grawity * chat.freenode.net :purple
NICK grawity
:barjavel.freenode.net NOTICE * :*** Checking Ident
:barjavel.freenode.net NOTICE * :*** Found your hostname
:barjavel.freenode.net NOTICE * :*** Got Ident response
:barjavel.freenode.net CAP * ACK :sasl 
:barjavel.freenode.net 433 * grawity :Nickname is already in use.
AUTHENTICATE GSSAPI
NICK grawity1
:barjavel.freenode.net 904 grawity1 :SASL authentication failed
AUTHENTICATE GS2-IAKERB
........
:barjavel.freenode.net 904 grawity1 :SASL authentication failed
AUTHENTICATE PLAIN
AUTHENTICATE +
AUTHENTICATE AGdyYXdpdHkxAGdvb2RwYXNzd29yZA==
:barjavel.freenode.net 904 grawity1 :SASL authentication failed
CAP END
QUIT :Leaving.

Attachments (4)

pidgin-fix-irc-sasl-usernames.patch (728 bytes) - added by grawity 6 years ago.
Patch
0002-Change-IRC-Username-label-to-Ident-name.patch (3.2 KB) - added by andy753421 6 years ago.
Change IRC Username label to Ident name
0003-Improve-IRC-whois-command.patch (3.9 KB) - added by andy753421 6 years ago.
Improve IRC whois command
0001-Add-separate-IRC-account-setting-for-SASL-login-name.patch (3.0 KB) - added by andy753421 6 years ago.
fall back to nickname if the login name is blank as well

Download all attachments as: .zip

Change History (19)

Changed 6 years ago by grawity

Patch

comment:1 Changed 6 years ago by grawity

  • Milestone set to 2.10.7

comment:2 follow-up: Changed 6 years ago by elb

Advanced|Username isn't what you think it is. That is your Unix username, not the username used for IRC auth. I don't think we have an appropriate field for what you're looking for. The nickname field is closer to correct than Advanced|Username is. I'm not sure what the right way to fix this is, but I suspect it would require adding another field.

comment:3 in reply to: ↑ 2 Changed 6 years ago by grawity

Replying to elb:

Advanced|Username isn't what you think it is. That is your Unix username, not the username used for IRC auth. I don't think we have an appropriate field for what you're looking for. The nickname field is closer to correct than Advanced|Username is. I'm not sure what the right way to fix this is, but I suspect it would require adding another field.

Hopefully this won't result in three identical "Username" fields?

I'm aware of the general meaning of the "Unix username" aka "Ident" field – but it is used for authentication by some programs, in particular ZNC and psyBNC

And after authenticating and entering IRC, the user field becomes practically meaningless (unless the client runs an identd, in which case the value supplied by Pidgin is discarded anyway).

On the other hand, I'm not sure how most people use it, and maybe three separate fields ("Nickname", "Login username", "Ident username") would be better...

...but regardless of UI decisions, please at least stop using display_name in the next release, as it results in unusable SASL for many people.

Last edited 6 years ago by grawity (previous) (diff)

comment:4 Changed 6 years ago by grawity

As a real-world example, Hexchat is using a single "username" field for both SASL and the USER command. Users are okay with this.

Last edited 6 years ago by grawity (previous) (diff)

comment:5 Changed 6 years ago by MarkDoliner

  • Type changed from defect to patch

comment:6 Changed 6 years ago by MarkDoliner

  • Milestone changed from 2.10.7 to 2.10.8

comment:7 Changed 6 years ago by elb

Ticket #15579 has been marked as a duplicate of this ticket.

Changed 6 years ago by andy753421

Change IRC Username label to Ident name

Changed 6 years ago by andy753421

Improve IRC whois command

comment:8 Changed 6 years ago by andy753421

Uh, sorry about the patch bomb. I didn't want to create a bunch of new tickets so I figured I would add these here since they're kind of related. They're also in the git email format, but I think mercurial can import those anyway.

In patch 1, I added an additional field to the Advanced tab for the "Login name" that will be used for SASL authentication. If it is not set it falls back to the nickname.

In patch 2, I renamed the Username field on the Advanced tab to "Ident name" to hopefully avoid some confusion. I was originally going to change the config variable name as well, but decided to leave it alone to avoid breaking people's configuration files.

In patch 3, I updated the whois command to parse the users login name as provided on Freenode. I also gave the Login and Ident fields the same names here as in the accounts dialog.

Changed 6 years ago by andy753421

fall back to nickname if the login name is blank as well

comment:9 Changed 5 years ago by Andy Spencer <andy753421@…>

(In [01b5caa9d79b]):
Change IRC Username label to Ident name

This field should really be the UNIX login name on the local machine and is used in the Ident protocol. It also shows up in the users hostmask.

Hopefully this will avoid confusion with the "Username" field on the general tab, which is really the preferred IRC nickname.

Refs #15451

comment:10 Changed 5 years ago by Andy Spencer <andy753421@…>

(In [639ec03ba1ba]):
Improve IRC whois command

This adds support for displaying the users login name on Freenode and also renames some of the other "names" to avoid confusion.

Refs #15451

comment:11 Changed 5 years ago by Daniel Atallah <datallah@…>

(In [9a21b3ce6ed7]):
Followup on 639ec03ba1ba related to the IRC security fixes - also fix debugging

Refs #15451

comment:12 Changed 5 years ago by datallah

  • Milestone changed from 2.10.8 to Patches Needing Improvement

comment:13 Changed 5 years ago by andy753421

Thanks for applying a couple of these. Is there anything I can do to improve the first patch?

comment:14 Changed 4 years ago by TheBayer

Please find some way to move this forward for patch #1. Andy has kindly provided a patch, but with no feedback as to what improvement is needed I fear this will never happen.

Due to the way this is currently handled, as I don't use the primary name any longer, I get a lovely stream of error messages. This took me days to figure out why and find this proposed patch.

PS - Andy, I'd suggest "SASL Auth Name" instead of login name to avoid the sort of confusing situation you managed to remedy with "Ident Name".

Last edited 4 years ago by TheBayer (previous) (diff)

comment:15 Changed 8 months ago by isleshocky77

Is there any update on this ticket? It's over 5 years old at this point and the behavior from #15579 which was supposed to be fixed in this ticket still exists.

Note: See TracTickets for help on using tickets.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!