From 534939c342f2a625399429b7a6a393b331d01a92 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Fri, 11 Dec 2020 05:04:56 -0500
Subject: [PATCH] DEFCON 4 and lower should require SASL from Tor users

---
 irc/client.go | 2 +-
 irc/help.go   | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/irc/client.go b/irc/client.go
index 68bc680b..75c7b828 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -596,7 +596,7 @@ func (client *Client) isAuthorized(server *Server, config *Config, session *Sess
 		return authFailPass
 	}
 	// Tor connections may be required to authenticate with SASL
-	if session.isTor && config.Server.TorListeners.RequireSasl && !saslSent {
+	if session.isTor && !saslSent && (config.Server.TorListeners.RequireSasl || server.Defcon() <= 4) {
 		return authFailTorSaslRequired
 	}
 	// finally, enforce require-sasl
diff --git a/irc/help.go b/irc/help.go
index 60804b2b..5ff28702 100644
--- a/irc/help.go
+++ b/irc/help.go
@@ -182,7 +182,8 @@ spam or other hostile activity. It has five levels, which are cumulative
 (i.e., level 3 includes all restrictions from level 4 and so on):
 
 5: Normal operation
-4: No new account or channel registrations
+4: No new account or channel registrations; if Tor is enabled, no new
+   unauthenticated connections from Tor
 3: All users are +R; no changes to vhosts
 2: No new unauthenticated connections; all channels are +R
 1: No new connections except from localhost or other trusted IPs`,