Add simple SASL PLAIN authentication

10 years ago · 9755e7a825
parent 1c549df3d9
commit 9755e7a825
2 changed files with 32 additions and 2 deletions
--- a/tipbot/config.py
+++ b/tipbot/config.py
@ -19,6 +19,8 @@ irc_welcome_line = 'Welcome to the freenode Internet Relay Chat Network'
 irc_channels = ['#txtptest000']
 irc_timeout_seconds = 600
 irc_use_ssl = True
+irc_use_sasl = True
+irc_sasl_name = "monero-tipbot"

 redis_host="127.0.0.1"
 redis_port=7777
--- a/tipbot/ircutils.py
+++ b/tipbot/ircutils.py
@ -16,6 +16,7 @@ import ssl
 import select
 import time
 import string
+import base64
 import tipbot.config as config
 from tipbot.log import log_error, log_warn, log_info, log_log, log_IRCSEND, log_IRCRECV

@ -103,7 +104,10 @@ def connect_to_irc(network,port,name,password,delay):
    log_error( 'Error initializing IRC: %s' % str(e))
    exit()
  log_IRCRECV(irc_recv(4096))
-  SendIRC ( 'PASS *********')
+  if config.irc_use_sasl:
+    SendIRC('CAP REQ :sasl')
+  else:
+    SendIRC ( 'PASS *********')
  SendIRC ( 'NICK %s' % name)
  SendIRC ( 'USER %s %s %s :%s' % (name, name, name, name))
  return irc
@ -278,7 +282,8 @@ def IRCLoop(on_idle,on_identified,on_command):
    if data.find ( config.irc_welcome_line ) != -1:
      userstable = dict()
      registered_users.clear()
-      SendTo("nickserv", "IDENTIFY %s" % irc_password)
+      if not config.irc_use_sasl:
+        SendTo("nickserv", "IDENTIFY %s" % irc_password)
      for chan in config.irc_channels:
        Join(chan)
        #ScanWho(None,[chan])
@ -289,6 +294,13 @@ def IRCLoop(on_idle,on_identified,on_command):
      SendIRC ( 'PONG ' + data.split() [ 1 ])
      continue

+    if data.startswith('AUTHENTICATE +'):
+      if config.irc_use_sasl:
+        authstring = config.irc_sasl_name + chr(0) + config.irc_sasl_name + chr(0) + irc_password
+        SendIRC('AUTHENTICATE %s' % base64.b64encode(authstring))
+      else:
+        log_warn('Got AUTHENTICATE while not using SASL')
+
    if data.find('ERROR :Closing Link:') == 0:
      if irc_quitting:
        log_info('IRC stopped, bye')
@ -337,6 +349,16 @@ def IRCLoop(on_idle,on_identified,on_command):

    #----------------------------- Actions -----------------------------------#
    try:
+      if action == 'CAP':
+        if parts[2] == '*' and parts[3] == 'ACK':
+          log_info('CAP ACK received from server')
+          SendIRC('AUTHENTICATE PLAIN')
+        elif parts[2] == '*' and parts[3] == 'NAK':
+          log_info('CAP NAK received from server')
+          log_error('Failed to negotiate SASL')
+          exit()
+        else:
+          log_warn('Unknown CAP line received from server: %s' % data)
      if action == 'NOTICE':
        if text.find ('throttled due to flooding') >= 0:
          log_warn('Flood protection kicked in, outgoing messages lost')
@ -364,6 +386,12 @@ def IRCLoop(on_idle,on_identified,on_command):
              else:
                log_error('ACC line not as expected...')

+      elif action == '903':
+        log_info('SASL authentication success')
+        SendIRC('CAP END')
+      elif action in ['902', '904', '905', '906']:
+        log_error('SASL authentication failed (%s)' % action)
+
      elif action == '352':
        try:
          who_chan = parts[3]