From 9cc817d544158f02516db4b102d9a3fe391f5c82 Mon Sep 17 00:00:00 2001 From: James Lu Date: Sat, 17 Dec 2016 15:47:15 -0800 Subject: [PATCH] clientbot: require SSL for SASL external, better grammar in SASL misconfiguration errors --- protocols/clientbot.py | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) diff --git a/protocols/clientbot.py b/protocols/clientbot.py index 9c4e2f4..70de407 100644 --- a/protocols/clientbot.py +++ b/protocols/clientbot.py @@ -417,20 +417,25 @@ class ClientbotWrapperProtocol(Protocol): return sasl_mech = self.irc.serverdata.get('sasl_mech') - sasl_user = self.irc.serverdata.get('sasl_username') - ssl_cert = self.irc.serverdata.get('ssl_certfile') - ssl_key = self.irc.serverdata.get('ssl_keyfile') - if sasl_user and sasl_mech: + if sasl_mech: + sasl_user = self.irc.serverdata.get('sasl_username') sasl_pass = self.irc.serverdata.get('sasl_password') + ssl_cert = self.irc.serverdata.get('ssl_certfile') + ssl_key = self.irc.serverdata.get('ssl_keyfile') + ssl = self.irc.serverdata.get('ssl') if sasl_mech == 'PLAIN' and not (sasl_user and sasl_pass): - log.warning("(%s) Not attempting PLAIN authentication; either sasl_username or " + log.warning("(%s) Not attempting PLAIN authentication; sasl_username and/or " "sasl_password aren't correctly set.", self.irc.name) return False elif sasl_mech == 'EXTERNAL' and not (ssl_cert and ssl_key): - log.warning("(%s) Not attempting EXTERNAL authentication; either ssl_certfile or " + log.warning("(%s) Not attempting EXTERNAL authentication; ssl_certfile and/or " "ssl_keyfile aren't correctly set.", self.irc.name) return False + elif sasl_mech == 'EXTERNAL' and not ssl: + log.warning("(%s) Not attempting EXTERNAL authentication; SASL external requires " + "SSL, but it isn't enabled.", self.irc.name) + return False self.irc.send('AUTHENTICATE %s' % sasl_mech, queue=False) return True return False