Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add external sasl with with key/cert (tested on freenode) #1062

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

Add external sasl with with key/cert (tested on freenode) #1062

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion config.sample.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ ircService:
# Should the connection attempt to identify via SASL (if a server or user password is given)
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
sasl: false
# Sasl authentication type. EXTERNAL or PLAIN are supported at the moment.
saslType: "PLAIN"
# Whether to allow expired certs when connecting to the IRC server.
# Usually this should be off. Default: false.
allowExpiredCerts: false
Expand All @@ -82,7 +84,17 @@ ircService:
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----

#
# Explicit key/cert to use when connecting. Optional.
# When setting up with https://freenode.net/kb/answer/certfp , you can copy these from the .pem file
#key: |
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
#cert: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
#
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# password: 'pa$$w0rd'
Expand Down
6 changes: 6 additions & 0 deletions config.schema.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,12 @@ properties:
type: "boolean"
sasl:
type: "boolean"
saslType:
type: "string"
key:
type: "string"
cert:
type: "string"
allowExpiredCerts:
type: "boolean"
password:
Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"extend": "^2.0.0",
"he": "^1.1.1",
"iconv": "^2.3.4",
"irc": "matrix-org/node-irc#9028c2197c216dd8e6fc2cb3cc07ce2d6bf741a7",
"irc": "matrix-org/node-irc#f222abe47897044aef89ee568e7edcb6b6260828",
"js-yaml": "^3.2.7",
"logform": "^2.1.2",
"matrix-appservice": "^0.4.1",
Expand Down
12 changes: 10 additions & 2 deletions src/irc/ConnectionInstance.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ export interface ConnectionOpts {
nick: string;
secure?: {
ca?: string;
key?: string;
cert?: string;
};
encodingFallback: string;
}
Expand Down Expand Up @@ -368,6 +370,9 @@ export class ConnectionInstance {
if (!opts.nick || !server) {
throw new Error("Bad inputs. Nick: " + opts.nick);
}
if (!opts.password && server.saslType() !== "EXTERNAL") {
throw new Error("Using sasl with no password is invalid");
}
const connectionOpts = {
userName: opts.username,
realName: opts.realname,
Expand All @@ -383,8 +388,11 @@ export class ConnectionInstance {
retryCount: 0,
family: server.getIpv6Prefix() || server.getIpv6Only() ? 6 : null,
bustRfc3484: true,
sasl: opts.password ? server.useSasl() : false,
Francesco149 marked this conversation as resolved.
Show resolved Hide resolved
secure: server.useSsl() ? { ca: server.getCA() } : undefined,
sasl: server.useSasl(),
saslType: server.saslType(),
secure: server.useSsl() ? {
ca: server.getCA(), key: server.getKey(), cert: server.getCert()
} : undefined,
encodingFallback: opts.encodingFallback
};

Expand Down
15 changes: 15 additions & 0 deletions src/irc/IrcServer.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,14 @@ export class IrcServer {
return this.config.ca;
}

public getKey() {
return this.config.key;
}

public getCert() {
return this.config.cert;
}

public useSsl() {
return Boolean(this.config.ssl);
}
Expand All @@ -241,6 +249,10 @@ export class IrcServer {
return Boolean(this.config.sasl);
}

public saslType() {
return this.config.saslType;
}

public allowExpiredCerts() {
return Boolean(this.config.allowExpiredCerts);
}
Expand Down Expand Up @@ -634,10 +646,13 @@ export interface IrcServerConfig {
port?: number;
icon?: string;
ca?: string;
key?: string;
cert?: string;
networkId?: string;
ssl?: boolean;
sslselfsign?: boolean;
sasl?: boolean;
saslType?: string;
password?: string;
allowExpiredCerts?: boolean;
additionalAddresses?: string[];
Expand Down