Re: About SASL authentication in rcirc

[amk@amk.ie]

[-- Attachment #1: Type: text/plain, Size: 1891 bytes --]

June 28, 2021 11:36 AM, "Tassilo Horn" <tsdh@gnu.org> wrote:

> Hi Alex,
> 
> thanks for bringing SASL authentication to rcirc. I'm using the
> rcirc-update branch of Philip for my IRC needs where Philip has
> cherry-picked your commit implementing SASL authentication for rcirc.
> So obviously I wanted to try that out and changed my
> 
> --8<---------------cut here---------------start------------->8---
> (setq rcirc-authinfo
> `(("libera" nickserv "tsdh" ,th/nickserv-password-liberachat)))
> --8<---------------cut here---------------end--------------->8---
> 
> to
> 
> --8<---------------cut here---------------start------------->8---
> (setq rcirc-authinfo
> `(("libera" sasl "tsdh" ,th/nickserv-password-liberachat)))
> --8<---------------cut here---------------end--------------->8---
> 
> and restarted my rcirc session after rebuilding emacs.
> 
> After that, the *irc.libera.chat* buffer contained a message that tsdh
> is a registered nick but not the message afterwards that I'm
> successfully registered now (as it is the case with nickserv
> authentication). And when querying NickServ, it told me that I'm not
> logged it.
> 
> If I understand SASL/IRC correctly, it should have logged in immediately
> on connecting, right?
> 
> So apparently, it seems that it didn't work when I've tried. I'd be
> happy to debug where it fails if you give me some pointers what to look
> for.
> 
> Bye,
> Tassilo

Hey, 

Correct, It should authenticate automatically

I think the issue is that some of the original sasl commit got lost in
cherry picking. I've attached a patch that fixes it, I'm not sure if
there is a better place to send a patch to a branch.

With this patch rcirc now checks that sasl authentication has completed
before running CAP END as specified here 
https://ircv3.net/specs/extensions/sasl-3.1

Thanks,
Alex

[-- Attachment #2: 0001-Fix-SASL-on-rcirc-update.patch --]
[-- Type: application/octet-stream, Size: 2971 bytes --]

From b86f9f022acf630dbeb4cd3cbeaf22212e1d8eed Mon Sep 17 00:00:00 2001
From: Alex McGrath <alexmcgraak@arista.com>
Date: Mon, 28 Jun 2021 13:41:31 +0100
Subject: [PATCH] Fix SASL on rcirc-update

---
 lisp/net/rcirc.el | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/lisp/net/rcirc.el b/lisp/net/rcirc.el
index 37c31be58f..4c197aea54 100644
--- a/lisp/net/rcirc.el
+++ b/lisp/net/rcirc.el
@@ -610,6 +610,8 @@ See `rcirc-connect' for more details on these variables.")
   "A list of capabilities that client has requested.")
 (defvar-local rcirc-acked-capabilities nil
   "A list of capabilities that the server supports.")
+(defvar-local rcirc-finished-sasl t
+  "Check whether SASL authentication has completed")
 
 (defun rcirc-get-server-method (server)
   "Return authentication method for SERVER."
@@ -650,10 +652,13 @@ that are joined after authentication."
 	   (user-name (or user-name rcirc-default-user-name))
 	   (full-name (or full-name rcirc-default-full-name))
 	   (startup-channels startup-channels)
+           (use-sasl (eq (rcirc-get-server-method server) 'sasl))
            (process (open-network-stream
                      (or server-alias server) nil server port-number
                      :type (or encryption 'plain))))
       ;; set up process
+      (when use-sasl
+        (setq-local rcirc-finished-sasl nil))
       (set-process-coding-system process 'raw-text 'raw-text)
       (switch-to-buffer (rcirc-generate-new-buffer-name process nil))
       (set-process-buffer process (current-buffer))
@@ -685,6 +690,10 @@ that are joined after authentication."
         (rcirc-send-string process "PASS" password))
       (rcirc-send-string process "NICK" nick)
       (rcirc-send-string process "USER" user-name "0" "*" : full-name)
+      ;; Setup sasl, and initiate authentication.
+      (when (and rcirc-auto -authenticate-flag
+                 use-sasl)
+        (rcirc-send-string process "AUTHENTICATE" "PLAIN"))
 
       ;; setup ping timer if necessary
       (unless rcirc-keepalive-timer
@@ -3435,7 +3444,7 @@ is the process object for the current connection."
               ((string= subcmd "NAK")
                (setq rcirc-requested-capabilities
                      (delete cap rcirc-requested-capabilities))))))
-    (when (null rcirc-requested-capabilities)
+    (when (and (null rcirc-requested-capabilities) rcirc-finished-sasl)
       ;; All requested capabilities have been responded to
       (rcirc-send-string process "CAP" "END"))))
 
@@ -3500,7 +3509,9 @@ PROCESS is the process object for the current connection."
    (base64-encode-string
     ;; use connection user-name
     (concat "\0" (nth 3 rcirc-connection-info)
-            "\0" (rcirc-get-server-password rcirc-server)))))
+            "\0" (rcirc-get-server-password rcirc-server))))
+  (setq-local rcirc-finished-sasl t)
+  (rcirc-send-string process "CAP" "END"))
 
 \f
 (defgroup rcirc-faces nil
-- 
2.25.1