Support SASL authentication

Fixes: https://github.com/google/alertmanager-irc-relay/issues/12
2025-01-12 05:02:34 +01:00 · 2022-11-14 19:39:14 +02:00 · 2022-11-14 19:39:14 +02:00 · bd4523a7f2
commit bd4523a7f2
parent 2cb8078717
5 changed files with 28 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -33,6 +33,8 @@ irc_host_password: myserver_password
 irc_nickname: myalertbot
 # Password used to identify with NickServ
 irc_nickname_password: mynickserv_key
+# If true, SASL authentication will be used to log in to the server.
+irc_use_sasl: false
 # Use this IRC real name
 irc_realname: myrealname

@ -113,5 +115,3 @@ be sent to:
 send_resolved: false
 url: http://localhost:8000/mychannel
 ```
-
-
--- a/config.go
+++ b/config.go
@ -37,6 +37,7 @@ type Config struct {
 	HTTPPort        int          `yaml:"http_port"`
 	IRCNick         string       `yaml:"irc_nickname"`
 	IRCNickPass     string       `yaml:"irc_nickname_password"`
+	IRCUseSASL      bool         `yaml:"irc_use_sasl"`
 	IRCRealName     string       `yaml:"irc_realname"`
 	IRCHost         string       `yaml:"irc_host"`
 	IRCPort         int          `yaml:"irc_port"`
@ -60,6 +61,7 @@ func LoadConfig(configFile string) (*Config, error) {
 		HTTPPort:        8000,
 		IRCNick:         "alertmanager-irc-relay",
 		IRCNickPass:     "",
+		IRCUseSASL:      false,
 		IRCRealName:     "Alertmanager IRC Relay",
 		IRCHost:         "example.com",
 		IRCPort:         7000,
--- a/go.mod
+++ b/go.mod
@ -3,7 +3,8 @@ module github.com/google/alertmanager-irc-relay
 go 1.13

 require (
-	github.com/fluffle/goirc v1.1.1
+	github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead
+	github.com/fluffle/goirc v1.3.0
 	github.com/gorilla/mux v1.8.0
 	github.com/prometheus/alertmanager v0.21.0
 	github.com/prometheus/client_golang v1.11.1
--- a/go.sum
+++ b/go.sum
@ -62,12 +62,14 @@ github.com/eapache/go-resiliency v1.1.0/go.mod h1:kFI+JgMyC7bLPUVY133qvEBtVayf5m
 github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21/go.mod h1:+020luEh2TKB4/GOp8oxxtq0Daoen/Cii55CzbTV6DU=
 github.com/eapache/queue v1.1.0/go.mod h1:6eCeP0CKFpHLu8blIFXhExK/dRa7WDZfr6jVFPTqq+I=
 github.com/edsrzf/mmap-go v1.0.0/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
+github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead h1:fI1Jck0vUrXT8bnphprS1EoVRe2Q5CKCX8iDlpqjQ/Y=
+github.com/emersion/go-sasl v0.0.0-20220912192320-0145f2c60ead/go.mod h1:iL2twTeMvZnrg54ZoPDNfJaJaqy0xIQFuBdrLsmspwQ=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
-github.com/fluffle/goirc v1.1.1 h1:6nO+7rrED3Kp3mngoi9OmQmQHevNwDfjGpYUdWc1s0k=
-github.com/fluffle/goirc v1.1.1/go.mod h1:iRzPLv2vkuZEtbns5LioYguJkRh/bvshuWg7izf1yeE=
+github.com/fluffle/goirc v1.3.0 h1:6G38L9XiXD+XCo5+sLKQcz156W8YIc5Q6ZXM+SqXJNA=
+github.com/fluffle/goirc v1.3.0/go.mod h1:CHys34YkX6L6VYpOPCc8PYBjEldgE8M/bBuRa/+fxZw=
 github.com/franela/goblin v0.0.0-20200105215937-c9ffbefa60db/go.mod h1:7dvUGVsVBjqR7JHJk0brhHOZYGmfBYOrK0ZhYMEtBr4=
 github.com/franela/goreq v0.0.0-20171204163338-bcd34c9993f8/go.mod h1:ZhphrRTfi2rbfLwlschooIH4+wKKDR4Pdxhh+TRoA20=
 github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
--- a/irc.go
+++ b/irc.go
@ -22,6 +22,7 @@ import (
 	"sync"
 	"time"

+	"github.com/emersion/go-sasl"
 	irc "github.com/fluffle/goirc/client"
 	"github.com/google/alertmanager-irc-relay/logging"
 	"github.com/prometheus/client_golang/prometheus"
@ -73,6 +74,11 @@ func makeGOIRCConfig(config *Config) *irc.Config {
 	ircConfig.Timeout = connectionTimeoutSecs * time.Second
 	ircConfig.NewNick = func(n string) string { return n + "^" }

+	if config.IRCUseSASL && config.IRCNickPass != "" {
+		ircConfig.EnableCapabilityNegotiation = true
+		ircConfig.Sasl = sasl.NewPlainClient("", config.IRCNick, config.IRCNickPass)
+	}
+
 	return ircConfig
 }

@ -81,6 +87,7 @@ type IRCNotifier struct {
 	// might change its copy.
 	Nick         string
 	NickPassword string
+	UseSASL      bool

 	NickservName string
 	NickservIdentifyPatterns []string
@ -122,6 +129,7 @@ func NewIRCNotifier(config *Config, alertMsgs chan AlertMsg, delayerMaker Delaye
 	notifier := &IRCNotifier{
 		Nick:                     config.IRCNick,
 		NickPassword:             config.IRCNickPass,
+		UseSASL:                  config.IRCUseSASL,
 		NickservName:             config.NickservName,
 		NickservIdentifyPatterns: config.NickservIdentifyPatterns,
 		Client:                   client,
@ -171,6 +179,11 @@ func (n *IRCNotifier) HandleNotice(nick string, msg string) {
 }

 func (n *IRCNotifier) HandleNickservMsg(msg string) {
+	if n.UseSASL {
+		logging.Debug("Skip processing NickServ request, SASL is enabled instead")
+		return
+	}
+
 	if n.NickPassword == "" {
 		logging.Debug("Skip processing NickServ request, no password configured")
 		return
@ -216,6 +229,11 @@ func (n *IRCNotifier) MaybeGhostNick() {
 }

 func (n *IRCNotifier) MaybeWaitForNickserv() {
+	if n.UseSASL {
+		logging.Debug("Skip NickServ wait, SASL is enabled instead")
+		return
+	}
+
 	if n.NickPassword == "" {
 		logging.Debug("Skip NickServ wait, no password configured")
 		return