From bf5bf60e73b97d25a07818acfd7c345d8004659e Mon Sep 17 00:00:00 2001 From: tv Date: Wed, 29 Dec 2021 20:41:18 +0100 Subject: ircsink: add support for PLAIN SASL --- bin/ircsink | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 57 insertions(+), 1 deletion(-) diff --git a/bin/ircsink b/bin/ircsink index 4e1a844..3d1b0df 100755 --- a/bin/ircsink +++ b/bin/ircsink @@ -17,6 +17,21 @@ # # --port=PORT (default: 6667, or 6697 if --secure is specified) # +# --sasl=plain +# If specified, then use the PLAIN SASL mechanism. +# +# --sasl-pass=@FILE +# --sasl-pass=$VAR +# --sasl-pass="PASS +# Password to be used for SASL authentication, which can be read either +# from a file, an environment variable, or passed in as argument. +# +# Note: the characters @, $, and " have to be verbatim and might need to be +# quoted in the shell, e.g. ircsink --sasl-pass=\$SASL_PASS +# +# --sasl-user=USER (default: NICK) +# User to be used for SASL authentication. +# # --secure # If specified, then the connection will be made using openssl. # Otherwise netcat will be used. @@ -35,7 +50,7 @@ main() {( exec 3<&0 _args=$(getopt -n "$0" -s sh \ - -l help,nick:,port:,secure,server:,target: \ + -l help,nick:,port:,sasl:,sasl-pass:,sasl-user:,secure,server:,target: \ -- "$0" "$@") eval set -- "$_args" unset _args @@ -43,6 +58,9 @@ main() {( help= nick= port= + sasl_mech= + sasl_pass= + sasl_user= secure= server= target= @@ -51,6 +69,20 @@ main() {( --help) help=1; shift;; --nick) nick=$2; shift 2;; --port) port=$2; shift 2;; + --sasl) + case $2 in + plain) sasl_mech=$2; shift 2;; + *) echo "$0: unsupported SASL mechanism: $2" >&2; exit 1;; + esac + ;; + --sasl-pass) + case $2 in + \@*) sasl_pass=$(cat "${2:1}"); shift 2;; + \$*) sasl_pass=$(env | awk -F= -v name="${2:1}" '$1==name{print$2}'); shift 2;; + \"*) sasl_pass=${2:1}; shift 2;; + *) echo "$0: don't know how to get SASL password: $2" >&2; exit 1;; + esac + ;; --secure) secure=1; shift;; --server) server=$2; shift 2;; --target) target=$2; shift 2;; @@ -77,6 +109,15 @@ main() {( nick=$(hostname) fi + if test -n "$sasl_mech" && test -z "$sasl_user"; then + sasl_user=$nick + fi + + if test -n "$sasl_mech" && test -z "$secure"; then + echo "$0: error: cannot use --sasl without --secure" >&2 + exit 1 + fi + if test -z "$port"; then case $secure in '') port=6667;; @@ -158,6 +199,21 @@ main() {( s/^PING (:.*)/PONG \1/p ' + case $sasl_mech in + plain) + echo2 "CAP REQ :sasl" + sed -nru '/^:[^ ]* CAP [0-9A-Za-z]+ ACK sasl/q' + + echo2 "AUTHENTICATE PLAIN" + sed -nru '/^:[^ ]* AUTHENTICATE +/q' + + echo sasl user: $sasl_user >&2 + message=$(printf '\0%s\0%s' "$sasl_user" "$sasl_pass" | base64) + echo "AUTHENTICATE $message" + echo "AUTHENTICATE ***REDACTED***" >&2 + ;; + esac + if is_channel "$target"; then echo2 "JOIN $target" fi -- cgit v1.2.3