Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add external sasl with with key/cert (tested on freenode) #1062

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 13 additions & 1 deletion config.sample.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,8 @@ ircService:
# Should the connection attempt to identify via SASL (if a server or user password is given)
# If false, this will use PASS instead. If SASL fails, we do not fallback to PASS.
sasl: false
# Sasl authentication type. EXTERNAL or PLAIN are supported at the moment.
saslType: "PLAIN"
# Whether to allow expired certs when connecting to the IRC server.
# Usually this should be off. Default: false.
allowExpiredCerts: false
Expand All @@ -82,7 +84,17 @@ ircService:
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----

#
# Explicit key/cert to use when connecting. Optional.
# When setting up with https://freenode.net/kb/answer/certfp , you can copy these from the .pem file
#key: |
# -----BEGIN PRIVATE KEY-----
# ...
# -----END PRIVATE KEY-----
#cert: |
# -----BEGIN CERTIFICATE-----
# ...
# -----END CERTIFICATE-----
#
# The connection password to send for all clients as a PASS (or SASL, if enabled above) command. Optional.
# password: 'pa$$w0rd'
Expand Down
6 changes: 6 additions & 0 deletions config.schema.yml
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,12 @@ properties:
type: "boolean"
sasl:
type: "boolean"
saslType:
type: "string"
key:
type: "string"
cert:
type: "string"
allowExpiredCerts:
type: "boolean"
password:
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@
"extend": "^2.0.0",
"he": "^1.1.1",
"iconv": "^2.3.4",
"irc": "matrix-org/node-irc#9028c2197c216dd8e6fc2cb3cc07ce2d6bf741a7",
"irc": "matrix-org/node-irc#f222abe47897044aef89ee568e7edcb6b6260828",
"js-yaml": "^3.2.7",
"logform": "^2.1.2",
"matrix-appservice": "^0.4.1",
Expand Down
12 changes: 10 additions & 2 deletions src/irc/ConnectionInstance.ts
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ export interface ConnectionOpts {
nick: string;
secure?: {
ca?: string;
key?: string;
cert?: string;
};
encodingFallback: string;
}
Expand Down Expand Up @@ -368,6 +370,9 @@ export class ConnectionInstance {
if (!opts.nick || !server) {
throw new Error("Bad inputs. Nick: " + opts.nick);
}
if (!opts.password && server.saslType() !== "EXTERNAL") {
throw new Error("Using sasl with no password is invalid");
}
const connectionOpts = {
userName: opts.username,
realName: opts.realname,
Expand All @@ -383,8 +388,11 @@ export class ConnectionInstance {
retryCount: 0,
family: server.getIpv6Prefix() || server.getIpv6Only() ? 6 : null,
bustRfc3484: true,
sasl: opts.password ? server.useSasl() : false,
Francesco149 marked this conversation as resolved.
Show resolved Hide resolved
secure: server.useSsl() ? { ca: server.getCA() } : undefined,
sasl: server.useSasl(),
saslType: server.saslType(),
secure: server.useSsl() ? {
ca: server.getCA(), key: server.getKey(), cert: server.getCert()
} : undefined,
encodingFallback: opts.encodingFallback
};

Expand Down
15 changes: 15 additions & 0 deletions src/irc/IrcServer.ts
Original file line number Diff line number Diff line change
Expand Up @@ -229,6 +229,14 @@ export class IrcServer {
return this.config.ca;
}

public getKey() {
return this.config.key;
}

public getCert() {
return this.config.cert;
}

public useSsl() {
return Boolean(this.config.ssl);
}
Expand All @@ -241,6 +249,10 @@ export class IrcServer {
return Boolean(this.config.sasl);
}

public saslType() {
return this.config.saslType;
}

public allowExpiredCerts() {
return Boolean(this.config.allowExpiredCerts);
}
Expand Down Expand Up @@ -634,10 +646,13 @@ export interface IrcServerConfig {
port?: number;
icon?: string;
ca?: string;
key?: string;
cert?: string;
networkId?: string;
ssl?: boolean;
sslselfsign?: boolean;
sasl?: boolean;
saslType?: string;
password?: string;
allowExpiredCerts?: boolean;
additionalAddresses?: string[];
Expand Down