[smuxi] Engine-IRC: added NickServ authentication support (closes: #784)

From: Mirco M. M. Bauer <mmmbauer src gnome org>
To: commits-list gnome org
Cc:
Subject: [smuxi] Engine-IRC: added NickServ authentication support (closes: #784)
Date: Thu, 21 May 2015 16:57:00 +0000 (UTC)
commit faa15eebf9c00be65b81e6974977bab81ae8fe8c
Author: Mirco Bauer <meebey meebey net>
Date:   Thu May 21 18:18:20 2015 +0200

    Engine-IRC: added NickServ authentication support (closes: #784)
    
    Here the discussion on #ircv3 how an IRC client can rely on NickServ auth
    without knowing in advance if NickServ is available or not.  A simple "PRIVMSG
    NickServ" can lead to information leak as some user could try to use that nick
    on networks without NickServ or try to overtake that nick if the official
    NickServ goes "down" and is not protected by the IRC network during that
    downtime.
    
    So the idea is to use a server-alias for NickServ called NS, if the server does
    not support that, it will simply ignore it as unknown command and no harm is
    done. If it does support the server-alias then the NickServ authentication will
    work without relying on PRIVMSG or any other heuristic probing of services.
    
    [2015-03-16 21:28:49] <meebey> is there a way to detect if an IRCd supports NickServ? before you well 
SASL to me, not all networks support SASL
    [2015-03-16 21:29:22] <meebey> so far Smuxi rejects the idea of NickServ auth because it puts the user in 
danger, one can try to impersonate NickServ
    [2015-03-16 21:29:52] <meebey> yes SASL and CertFP is the solution, but see above not all networks have 
SASL and/or CertFP
    [2015-03-16 21:30:33] <b_jonas> meebey: isn't it enough if you just who nickserv to see if it has a 
service hostname?
    [2015-03-16 21:30:48] <meebey> b_jonas: how do I detect a service-hostname?
    [2015-03-16 21:30:51] <b_jonas> meebey: that won't work if services isn't currently online
    [2015-03-16 21:31:11] <Aerdan> there is no one-size-fits-all way to do this.
    ...
    [2015-03-16 21:36:18] <meebey> b_jonas: so your point is that PRIVMSG NickServ can/should be considered 
safe? not sure if I agree
    [2015-03-16 21:36:32] <meebey> if you say all networks have banned it
    [2015-03-16 21:36:43] <b_jonas> meebey: no
    [2015-03-16 21:36:48] <meebey> because it is all about that assumption
    [2015-03-16 21:36:51] <b_jonas> meebey: I'm saying that the NICKSERV command should be safe
    [2015-03-16 21:36:54] <b_jonas> not PRIVMSG
    ...
    [2015-03-16 21:37:09] <jwheare> it's safe enough
    [2015-03-16 21:37:27] <jwheare> /ns is actually more widely deployed as an alias
    ...
    [2015-03-16 21:37:39] <b_jonas> but if they don't have nickserv, then they probably won't have a NICKSERV 
command set up
    [2015-03-16 21:37:39] <jwheare> if they're not present no big deal
    [2015-03-16 21:37:44] <jwheare> they won't be pming anyone
    ...
    [2015-03-16 21:38:10] <jwheare> if the network maps it to a nick called nickserv without services and 
without banning the nickserv nick, then um, that network is never going to be secure
    [2015-03-16 21:38:13] <jwheare> so don't even try
    [2015-03-16 21:38:21] <jwheare> just use /ns and be happy
    [2015-03-16 21:42:44] <meebey> jwheare: I think NS is a good idea
    [2015-03-16 21:42:50] <meebey> jwheare: thanks

 src/Engine-IRC/Protocols/Irc/IrcProtocolManager.cs |   11 ++++++++++-
 1 files changed, 10 insertions(+), 1 deletions(-)
---
diff --git a/src/Engine-IRC/Protocols/Irc/IrcProtocolManager.cs 
b/src/Engine-IRC/Protocols/Irc/IrcProtocolManager.cs
index 2f1acf5..0b2584d 100644
--- a/src/Engine-IRC/Protocols/Irc/IrcProtocolManager.cs
+++ b/src/Engine-IRC/Protocols/Irc/IrcProtocolManager.cs
@@ -1,7 +1,7 @@
 /*
  * Smuxi - Smart MUltipleXed Irc
  *
- * Copyright (c) 2005-2014 Mirco Bauer <meebey meebey net>
+ * Copyright (c) 2005-2015 Mirco Bauer <meebey meebey net>
  *
  * Full GPL License: <http://www.gnu.org/licenses/gpl.txt>
  *
@@ -3735,6 +3735,15 @@ namespace Smuxi.Engine
 
             // WHO ourself so OnWho() can retrieve our ident, host and realname
             _IrcClient.RfcWho(_IrcClient.Nickname);
+
+            // NickServ authentication
+            if (_ServerModel != null &&
+                !String.IsNullOrEmpty(_ServerModel.Password)) {
+                _IrcClient.WriteLine(
+                    String.Format("NS IDENTIFY {0}", _ServerModel.Password),
+                    Priority.Critical
+                );
+            }
         }
 
         protected override void OnConnected(EventArgs e)
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]