From f3cdf8442ae3d7464bcbc7153b7e2faab00816e4 Mon Sep 17 00:00:00 2001
From: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Date: Mon, 14 Sep 2020 08:11:56 -0400
Subject: [PATCH] pass the require-sasl message through from the script

---
 irc/client.go   | 4 ++++
 irc/gateways.go | 3 +++
 irc/server.go   | 8 ++++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/irc/client.go b/irc/client.go
index 090ab35b..20bf4244 100644
--- a/irc/client.go
+++ b/irc/client.go
@@ -101,6 +101,7 @@ type Client struct {
 	cloakedHostname    string
 	realname           string
 	realIP             net.IP
+	requireSASLMessage string
 	requireSASL        bool
 	registered         bool
 	registrationTimer  *time.Timer
@@ -353,6 +354,9 @@ func (server *Server) RunClient(conn IRCConn) {
 		proxiedIP:      proxiedIP,
 		requireSASL:    requireSASL,
 	}
+	if requireSASL {
+		client.requireSASLMessage = banMsg
+	}
 	client.writerSemaphore.Initialize(1)
 	client.history.Initialize(config.History.ClientLength, time.Duration(config.History.AutoresizeWindow))
 	client.brbTimer.Initialize(client)
diff --git a/irc/gateways.go b/irc/gateways.go
index 2997143f..0acbe5e7 100644
--- a/irc/gateways.go
+++ b/irc/gateways.go
@@ -82,6 +82,9 @@ func (client *Client) ApplyProxiedIP(session *Session, proxiedIP net.IP, tls boo
 		return errBanned, banMsg
 	}
 	client.requireSASL = requireSASL
+	if requireSASL {
+		client.requireSASLMessage = banMsg
+	}
 	// successfully added a limiter entry for the proxied IP;
 	// remove the entry for the real IP if applicable (#197)
 	client.server.connectionLimiter.RemoveClient(session.realIP)
diff --git a/irc/server.go b/irc/server.go
index 6c9ac5cb..f6cfd87e 100644
--- a/irc/server.go
+++ b/irc/server.go
@@ -213,7 +213,7 @@ func (server *Server) checkBans(config *Config, ipaddr net.IP, checkScripts bool
 			return true, false, output.BanMessage
 		} else if output.Result == IPRequireSASL {
 			server.logger.Info("connect-ip", "Requiring SASL from client due to ip-check-script", ipaddr.String())
-			return false, true, ""
+			return false, true, output.BanMessage
 		}
 	}
 
@@ -270,13 +270,17 @@ func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
 		quitMessage = c.t("Password incorrect")
 		c.Send(nil, server.name, ERR_PASSWDMISMATCH, "*", quitMessage)
 	case authFailSaslRequired, authFailTorSaslRequired:
-		quitMessage = c.t("You must log in with SASL to join this server")
+		quitMessage = c.requireSASLMessage
+		if quitMessage == "" {
+			quitMessage = c.t("You must log in with SASL to join this server")
+		}
 		c.Send(nil, c.server.name, "FAIL", "*", "ACCOUNT_REQUIRED", quitMessage)
 	}
 	if authOutcome != authSuccess {
 		c.Quit(quitMessage, nil)
 		return true
 	}
+	c.requireSASLMessage = ""
 
 	rb := NewResponseBuffer(session)
 	nickError := performNickChange(server, c, c, session, c.preregNick, rb)