Skip to content

Commit

Permalink
Add external sasl with with key/cert (tested on freenode)
Browse files Browse the repository at this point in the history
  • Loading branch information
Francesco149 committed Aug 10, 2020
1 parent 6c99cef commit 3407926
Show file tree
Hide file tree
Showing 5 changed files with 45 additions and 4 deletions.
14 changes: 13 additions & 1 deletion config.sample.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ ircService:
# Should the connection attempt to identify via SASL (if a server or user password is given)
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
sasl: false
# Sasl authentication type. EXTERNAL or PLAIN are supported at the moment.
saslType: "PLAIN"
# Whether to allow expired certs when connecting to the IRC server.
# Usually this should be off. Default: false.
allowExpiredCerts: false
Expand All @@ -82,7 +84,17 @@ ircService:
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----

#
# Explicit key/cert to use when connecting. Optional.
# When setting up with https://freenode.net/kb/answer/certfp , you can copy these from the .pem file
#key: |
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
#cert: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
#
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# password: 'pa$$w0rd'
Expand Down
6 changes: 6 additions & 0 deletions config.schema.yml
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,12 @@ properties:
type: "boolean"
sasl:
type: "boolean"
saslType:
type: "string"
key:
type: "string"
cert:
type: "string"
allowExpiredCerts:
type: "boolean"
password:
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"extend": "^2.0.0",
"he": "^1.1.1",
"iconv": "^2.3.4",
"irc": "matrix-org/node-irc#9028c2197c216dd8e6fc2cb3cc07ce2d6bf741a7",
"irc": "matrix-org/node-irc#f222abe47897044aef89ee568e7edcb6b6260828",
"js-yaml": "^3.2.7",
"logform": "^2.1.2",
"matrix-appservice": "^0.4.1",
Expand Down
12 changes: 10 additions & 2 deletions src/irc/ConnectionInstance.ts
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ export interface ConnectionOpts {
nick: string;
secure?: {
ca?: string;
key?: string;
cert?: string;
};
encodingFallback: string;
}
Expand Down Expand Up @@ -368,6 +370,9 @@ export class ConnectionInstance {
if (!opts.nick || !server) {
throw new Error("Bad inputs. Nick: " + opts.nick);
}
if (!opts.password && server.saslType() !== "EXTERNAL") {
throw new Error("Using sasl with no password is invalid");
}
const connectionOpts = {
userName: opts.username,
realName: opts.realname,
Expand All @@ -383,8 +388,11 @@ export class ConnectionInstance {
retryCount: 0,
family: server.getIpv6Prefix() || server.getIpv6Only() ? 6 : null,
bustRfc3484: true,
sasl: opts.password ? server.useSasl() : false,
secure: server.useSsl() ? { ca: server.getCA() } : undefined,
sasl: server.useSasl(),
saslType: server.saslType(),
secure: server.useSsl() ? {
ca: server.getCA(), key: server.getKey(), cert: server.getCert()
} : undefined,
encodingFallback: opts.encodingFallback
};

Expand Down
15 changes: 15 additions & 0 deletions src/irc/IrcServer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,14 @@ export class IrcServer {
return this.config.ca;
}

public getKey() {
return this.config.key;
}

public getCert() {
return this.config.cert;
}

public useSsl() {
return Boolean(this.config.ssl);
}
Expand All @@ -241,6 +249,10 @@ export class IrcServer {
return Boolean(this.config.sasl);
}

public saslType() {
return this.config.saslType;
}

public allowExpiredCerts() {
return Boolean(this.config.allowExpiredCerts);
}
Expand Down Expand Up @@ -633,10 +645,13 @@ export interface IrcServerConfig {
port?: number;
icon?: string;
ca?: string;
key?: string;
cert?: string;
networkId?: string;
ssl?: boolean;
sslselfsign?: boolean;
sasl?: boolean;
saslType?: string;
password?: string;
allowExpiredCerts?: boolean;
additionalAddresses?: string[];
Expand Down

0 comments on commit 3407926

Please sign in to comment.