Feature Requests item #3015488, was opened at 2010-06-13 14:41
Message generated for change (Comment added) made by sf-robot
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=672824&aid=3015488&group_id=115828
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Engine
Group: None
>Status: Closed
Priority: 5
Private: No
Submitted By: Christian Bauer (turin42)
Assigned to: Nobody/Anonymous (nobody)
Summary: Passthrough user's login password
Initial Comment:
My IRC server requires authentication with the IRC PASS operation, which works fine if I provide my password in cleartext in znc.conf:
<User...>
Server = myserver.local 6667 secret
</User>
This is the same password I use to connect to ZNC, which is stored in znc.conf as well but hashed. Ideally, I'd like to get rid of the clear text password here. I think ZNC should be able to simply use the connecting users password when ZNC itself connects to the server.
If that means that we can only login to the target IRC server when a user connects to ZNC (because only then will the cleartext password be available), that is probably fine. ZNC doesn't have to connect on startup, it can delay the initial outgoing connection until the first client incoming connection is made.
If ZNC is a proxy then it is probably safe to assume that both a connection to ZNC _as well_ as to the target server requires authentication. That authentication should occur at the same time so cleartext passwords do not have to be stored permanently.
----------------------------------------------------------------------
>Comment By: SourceForge Robot (sf-robot)
Date: 2010-09-29 19:24
Message:
This Tracker item was closed automatically by the system. It was
previously set to a Pending status, and the original submitter
did not respond within 14 days (the time period specified by
the administrator of this Tracker).
----------------------------------------------------------------------
Comment By: Psychon (psychon)
Date: 2010-06-18 16:23
Message:
Whoops, changed line 56 from the first one to the second one:
if (pServer->GetPass() != PASS)
if (!pServer || pServer->GetPass() != PASS)
Dunno if this is the cause, but I don't have any better idea.
----------------------------------------------------------------------
Comment By: Christian Bauer (turin42)
Date: 2010-06-17 13:00
Message:
(gdb) run -f -D --datadir=/dlh/native/znc.confd
Starting program: /Users/cb/work/server/native/znc/bin/znc -f -D
--datadir=/dlh/native/znc.confd
Reading symbols for shared libraries .++++.. done
[ ok ] Opening Config [/dlh/native/znc.confd/configs/znc.conf]...
[ ok ] Binding to port [+6667] using ipv4...
[ ** ] Loading user [cb]
[ ] Loading Module [colloquy]... Reading symbols for shared libraries .
done
[ ok ]native/znc.confd/modules/colloquy.so]
[ ok ] Adding Server [localhost 6668 __PASS_THROUGH__]...
[ ** ] Loading user [myuser]
[ ok ] Loading Module [colloquy]...
[/dlh/native/znc.confd/modules/colloquy.so]
[ ] Loading Global Module [passthrough_auth]... Reading symbols for
shared libraries . done
[ ok ]native/znc/lib/znc/passthrough_auth.so]
[ ** ] Staying open for debugging [pid: 682]
[ ok ] Writing pid file [/dlh/run/znc.pid]...
[ ** ] ZNC 0.090 - http://znc.sourceforge.net
Connecting user [cb]
User [cb] is connecting to [localhost 6668] ...
Some module aborted the connection attempt
(cb) ZNC -> IRC [QUIT :Quit.]
[Connection from client follows...]
_LISTENER == ConnectionFrom(77.57.177.178, 49476) [Allowed]
There are [0] clients from [77.57.177.178]
_LISTENER == ConnectionFrom(77.57.177.178, 49473) [Allowed]
There are [1] clients from [77.57.177.178]
(77.57.177.178) CLI -> ZNC [PASS mysecret]
(77.57.177.178) CLI -> ZNC [PASS mysecret]
(77.57.177.178) CLI -> ZNC [NICK myuser]
(77.57.177.178) CLI -> ZNC [USER myuser 0 * :Christian Bauer]
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000010
0x00007fff803219bf in std::string::compare ()
(gdb) bt
#0 0x00007fff803219bf in std::string::compare ()
#1 0x00000001001ab08a in CPassthroughMod::OnLoginAttempt ()
#2 0x000000010008bcd3 in CGlobalModules::OnLoginAttempt ()
#3 0x00000001000188af in CZNC::AuthUser ()
#4 0x0000000100065f0f in CClient::AuthUser ()
#5 0x000000010006ba68 in CClient::ReadLine ()
#6 0x00000001000129fa in Csock::PushBuff ()
#7 0x000000010003ab2e in TSocketManager<CZNCSock>::Loop ()
#8 0x000000010002f9df in CZNC::Loop ()
#9 0x0000000100002ef4 in main ()
It looks like a trivial problem but my C skills are underwhelming.
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2010-06-13 18:00
Message:
Hi,
dunno how much C++ you know, but here is my try at this.
Attached is (or rather will hopefully be...) a global module. It has to be
a global module or else it can't intercept the user's login password. For
making this work, set the server password of all the users you are
interested in to __PASS_THROUGH__, this will make the module pick them up.
I doubt this module will make it into an official release. :/
It's ugly and contains races. When two clients connect to the same znc
user and one of them sends a wrong password (and thus his login fails),
it's not exactly clear whether the module will work. Also, if you use auth
modules like e.g. imapauth, this module is some russian roulette, too.
psychon
----------------------------------------------------------------------
Comment By: Nobody/Anonymous (nobody)
Date: 2010-06-13 17:19
Message:
Might be possible as a module, I'll look into this.
btw: nice summary tinkery :P
psychon
who is just too lazy to log in
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=672824&aid=3015488&group_id=115828
|