irc: implement IRCv3.2 SASL authentication, add command /auth (closes #413)

ChangeLog.adoc

@@ -22,6 +22,7 @@ New features::
 
   * core: add option "certs" in command /debug
   * api: add keys/values with tags in output of irc_message_parse_to_hashtable (issue #1654)
+  * irc: implement IRCv3.2 SASL authentication, add command /auth, reconnect by default to the server in case of SASL authentication failure (issue #413)
   * irc: add support of capability "message-tags" and TAGMSG messages (issue #1654)
   * irc: enable all capabilities by default (if supported by server and WeeChat), change default value of option irc.server_default.capabilities to "*" (issue #320)
   * irc: add options irc.look.display_account_message and irc.look.display_extended_join (issue #320)

doc/de/includes/autogen_api_hdata.de.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/de/includes/autogen_user_commands.de.adoc

@@ -100,6 +100,26 @@ Beispiele:
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: Nicknamen oder Hosts sperren/verbannen
 

doc/de/includes/autogen_user_options.de.adoc

@@ -2782,7 +2782,7 @@
 ** Beschreibung: pass:none[auszuführende Aktion falls die SASL Authentifizierung fehlschlägt: "continue" ignoriert das Problem welches bei der Authentifizierung aufgetreten ist, "reconnect" versucht erneut eine Verbindung herzustellen, "disconnect" trennt die Verbindung zum Server (siehe Option irc.network.sasl_fail_unavailable)]
 ** Typ: integer
 ** Werte: continue, reconnect, disconnect
-** Standardwert: `+continue+`
+** Standardwert: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** Beschreibung: pass:none[Datei mit privatem ECC-Schlüssel für den Mechanismus "ecdsa-nist256p-challenge" (Pfad ist evaluiert, siehe Funktion string_eval_path_home in der Plugin-API-Referenz)]

doc/en/includes/autogen_api_hdata.en.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/en/includes/autogen_user_commands.en.adoc

@@ -100,6 +100,26 @@ Examples:
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: ban nicks or hosts
 

doc/en/includes/autogen_user_options.en.adoc

@@ -2782,7 +2782,7 @@
 ** description: pass:none[action to perform if SASL authentication fails: "continue" to ignore the authentication problem, "reconnect" to schedule a reconnection to the server, "disconnect" to disconnect from server (see also option irc.network.sasl_fail_unavailable)]
 ** type: integer
 ** values: continue, reconnect, disconnect
-** default value: `+continue+`
+** default value: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** description: pass:none[file with ECC private key for mechanism "ecdsa-nist256p-challenge" (path is evaluated, see function string_eval_path_home in plugin API reference)]

doc/fr/includes/autogen_api_hdata.fr.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/fr/includes/autogen_user_commands.fr.adoc

@@ -100,6 +100,26 @@ Exemples :
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: s'authentifier avec SASL
+
+----
+/auth  [<utilisateur> <mot_de_passe>]
+
+ utilisateur : nom d'utilisateur SASL (le contenu est évalué, voir /help eval ; les options de serveur sont évaluées avec ${irc_server.xxx} et ${server} est remplacé par le nom du serveur)
+mot_de_passe : mot de passe SASL ou chemin vers le fichier de clé privée (le contenu est évalué, voir /help eval ; les options de serveur sont évaluées avec ${irc_server.xxx} et ${server} est remplacé par le nom du serveur)
+
+Si le nom d'utilisateur et mot de passe ne sont pas donnés, les valeurs des options serveur "sasl_username" et "sasl_password" (ou "sasl_key") sont utilisées.
+
+Exemples :
+  s'authentifier avec le nom d'utilisateur et mot de passe défini dans le serveur :
+    /auth
+  s'authentifier avec un utilisateur différent :
+    /auth utilisateur2 mot_de_passe2
+  s'authentifier avec un utilisateur différent et le mécanisme ecdsa-nist256p-challenge :
+    /auth utilisateur2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: bannir des pseudos ou hôtes
 

doc/fr/includes/autogen_user_options.fr.adoc

@@ -2782,7 +2782,7 @@
 ** description: pass:none[action à effectuer si l'authentification SASL échoue : "continue" pour ignorer le problème d'authentification, "reconnect" pour planifier une reconnexion au serveur, "disconnect" pour se déconnecter du serveur (voir aussi l'option irc.network.sasl_fail_unavailable)]
 ** type: entier
 ** valeurs: continue, reconnect, disconnect
-** valeur par défaut: `+continue+`
+** valeur par défaut: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** description: pass:none[fichier avec la clé privée ECC pour le mécanisme "ecdsa-nist256p-challenge" (le chemin est évalué, voir la fonction string_eval_path_home dans la référence API extension)]

doc/it/includes/autogen_api_hdata.it.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/it/includes/autogen_user_commands.it.adoc

@@ -100,6 +100,26 @@ Examples:
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: banna nick oppure host
 

doc/it/includes/autogen_user_options.it.adoc

@@ -2782,7 +2782,7 @@
 ** descrizione: pass:none[action to perform if SASL authentication fails: "continue" to ignore the authentication problem, "reconnect" to schedule a reconnection to the server, "disconnect" to disconnect from server (see also option irc.network.sasl_fail_unavailable)]
 ** tipo: intero
 ** valori: continue, reconnect, disconnect
-** valore predefinito: `+continue+`
+** valore predefinito: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** descrizione: pass:none[file with ECC private key for mechanism "ecdsa-nist256p-challenge" (path is evaluated, see function string_eval_path_home in plugin API reference)]

doc/ja/includes/autogen_api_hdata.ja.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/ja/includes/autogen_user_commands.ja.adoc

@@ -100,6 +100,26 @@ Examples:
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: ニックネームかホスト名を指定してバン
 

doc/ja/includes/autogen_user_options.ja.adoc

@@ -2782,7 +2782,7 @@
 ** 説明: pass:none[SASL 認証が失敗した場合の挙動: 認証の問題を無視する場合は "continue"、サーバへの再接続を予定する場合は "reconnect"、サーバから切断する場合は "disconnect" (irc.network.sasl_fail_unavailable も参照してください)]
 ** タイプ: 整数
 ** 値: continue, reconnect, disconnect
-** デフォルト値: `+continue+`
+** デフォルト値: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** 説明: pass:none[file with ECC private key for mechanism "ecdsa-nist256p-challenge" (path is evaluated, see function string_eval_path_home in plugin API reference)]

doc/pl/includes/autogen_api_hdata.pl.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/pl/includes/autogen_user_commands.pl.adoc

@@ -100,6 +100,26 @@ Przykłady:
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: banuje nick albo host
 

doc/pl/includes/autogen_user_options.pl.adoc

@@ -2782,7 +2782,7 @@
 ** opis: pass:none[akcja do wykonania jeśli uwierzytelnianie SASL się nie powiedzie: "continue" dla zignorowania problemu, "reconnect" ponownie połącz się z serwerem, "disconnect" odłącz od serwera (zobacz też opcję irc.network.sasl_fail_unavailable)]
 ** typ: liczba
 ** wartości: continue, reconnect, disconnect
-** domyślna wartość: `+continue+`
+** domyślna wartość: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** opis: pass:none[plik z kluczem prywatnym ECC dla mechanizmu "ecdsa-nist256p-challenge" (ścieżka jest przetwarzana, zobacz funkcję string_eval_path_home w opisie API wtyczek)]

doc/sr/includes/autogen_api_hdata.sr.adoc

@@ -237,6 +237,8 @@ _sasl_scram_client_first_   (string) +
 _sasl_scram_salted_pwd_   (other) +
 _sasl_scram_salted_pwd_size_   (integer) +
 _sasl_scram_auth_message_   (string) +
+_sasl_temp_username_   (string) +
+_sasl_temp_password_   (string) +
 _is_connected_   (integer) +
 _ssl_connected_   (integer) +
 _disconnected_   (integer) +

doc/sr/includes/autogen_user_commands.sr.adoc

@@ -100,6 +100,26 @@
     /allserv /whois $nick
 ----
 
+[[command_irc_auth]]
+* `+auth+`: authenticate with SASL
+
+----
+/auth  [<username> <password>]
+
+username: SASL username (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+password: SASL password or path to file with private key (content is evaluated, see /help eval; server options are evaluated with ${irc_server.xxx} and ${server} is replaced by the server name)
+
+If username and password are not provided, the values from server options "sasl_username" and "sasl_password" (or "sasl_key") are used.
+
+Examples:
+  authenticate with username/password defined in the server:
+    /auth
+  authenticate as a different user:
+    /auth user2 password2
+  authenticate as a different user with mechanism ecdsa-nist256p-challenge:
+    /auth user2 ${weechat_config_dir}/ecdsa2.pem
+----
+
 [[command_irc_ban]]
 * `+ban+`: забрана надимака или хостова
 

doc/sr/includes/autogen_user_options.sr.adoc

@@ -2782,7 +2782,7 @@
 ** опис: pass:none[радња која се преузима у случају да SASL аутентификација не успе: „continue” да се игнорише проблем аутентификације, „reconnect” да се закаже поновно повезивање са сервером, „disconnect” да се прекине веза са сервером (погледајте и опцију irc.network.sasl_fail_unavailable)]
 ** тип: целобројна
 ** вредности: continue, reconnect, disconnect
-** подразумевана вредност: `+continue+`
+** подразумевана вредност: `+reconnect+`
 
 * [[option_irc.server_default.sasl_key]] *irc.server_default.sasl_key*
 ** опис: pass:none[фајл са ECC приватним кључем за механизам „ecdsa-nist256p-challenge” (путања се израчунава, погледајте функцију string_eval_path_home у референтном приручнику API додатака)]

po/cs.po

@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Ondřej Súkup <mimi.vx@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6273,6 +6273,17 @@ msgid ""
 msgstr ""
 "%s%s: příkaz \"%s\" nemůže být spuštěn v irc bufferu (server nebo kanál)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: nejste připojen k serveru"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: Budoucí zpráva o nepřítomnosit: %s"
@@ -6720,6 +6731,34 @@ msgstr ""
 "  nastavit pryč na věech serverech:\n"
 "    /allserv away I'm away"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<uživatel> <heslo>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "zakázat přezdívky nebo hosty"
 

po/de.po

@@ -24,7 +24,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-06-25 09:27+0200\n"
 "Last-Translator: Nils Görs <weechatter@arcor.de>\n"
 "Language-Team: German <kde-i18n-de@kde.org>\n"
@@ -7871,6 +7871,17 @@ msgstr ""
 "%s%s: Der Befehl \"%s\" mit dem Parameter \"%s\" kann nur in einem IRC-"
 "Buffer ausgeführt werden (Server, Kanal oder privatem Buffer)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: Es besteht keine Verbindung zum Server"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: künftige Abwesenheit: %s"
@@ -8371,6 +8382,34 @@ msgstr ""
 "  führt ein whois mit meinem nick auf allen Servern aus:\n"
 "    /allserv /whois $nick"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<user> <password>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "Nicknamen oder Hosts sperren/verbannen"
 

po/es.po

@@ -22,7 +22,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Elián Hanisch <lambdae2@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6483,6 +6483,17 @@ msgstr ""
 "%s%s: el comando \"%s\" debe ser ejecutado en un buffer irc (canal o "
 "servidor)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: no estas conectado a ningún servidor"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: ausencia futura: %s"
@@ -6931,6 +6942,34 @@ msgstr ""
 "  poner ausente en todos los servidores:\n"
 "    /allserv away Estoy ausente"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<usuario> <clave>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "veta apodos o hosts"
 

po/fr.po

@@ -21,8 +21,8 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
-"PO-Revision-Date: 2021-06-24 21:04+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
+"PO-Revision-Date: 2021-06-25 11:14+0200\n"
 "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
 "Language: fr\n"
@@ -7713,6 +7713,19 @@ msgstr ""
 "%s%s : la commande \"%s\" avec l'option \"%s\" doit être exécutée sur un "
 "tampon irc (serveur, canal ou privé)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+"%s%s : la commande \"%s\" ne peut être exécutée que si SASL est activé avec "
+"les options serveur \"sasl_*\" (ou bien vous devez spécifier un nom "
+"d'utilisateur et mot de passe)"
+
+#, c-format
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s : SASL n'est pas supporté par le serveur"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s : future absence : %s"
@@ -8208,6 +8221,52 @@ msgstr ""
 "  faire un whois sur mon pseudo sur tous les serveurs :\n"
 "    /allserv /whois $nick"
 
+msgid "authenticate with SASL"
+msgstr "s'authentifier avec SASL"
+
+msgid "[<username> <password>]"
+msgstr "[<utilisateur> <mot_de_passe>]"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+" utilisateur : nom d'utilisateur SASL (le contenu est évalué, voir /help "
+"eval ; les options de serveur sont évaluées avec ${irc_server.xxx} et "
+"${server} est remplacé par le nom du serveur)\n"
+"mot_de_passe : mot de passe SASL ou chemin vers le fichier de clé privée (le "
+"contenu est évalué, voir /help eval ; les options de serveur sont évaluées "
+"avec ${irc_server.xxx} et ${server} est remplacé par le nom du serveur)\n"
+"\n"
+"Si le nom d'utilisateur et mot de passe ne sont pas donnés, les valeurs des "
+"options serveur \"sasl_username\" et \"sasl_password\" (ou \"sasl_key\") "
+"sont utilisées.\n"
+"\n"
+"Exemples :\n"
+"  s'authentifier avec le nom d'utilisateur et mot de passe défini dans le "
+"serveur :\n"
+"    /auth\n"
+"  s'authentifier avec un utilisateur différent :\n"
+"    /auth utilisateur2 mot_de_passe2\n"
+"  s'authentifier avec un utilisateur différent et le mécanisme ecdsa-"
+"nist256p-challenge :\n"
+"    /auth utilisateur2 ${weechat_config_dir}/ecdsa2.pem"
+
 msgid "ban nicks or hosts"
 msgstr "bannir des pseudos ou hôtes"
 

po/hu.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Andras Voroskoi <voroskoi@frugalware.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5861,6 +5861,16 @@ msgid ""
 "(server, channel or private)"
 msgstr "%s \"%s\" parancs nem futtatható a szerverablakban\n"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s nincs csatlakozva szerverhez!\n"
+
 #, fuzzy, c-format
 msgid "%s: future away: %s"
 msgstr "CTCP %sVERSION%s válasz %s%s%s felhasználótól: %s\n"
@@ -6265,6 +6275,33 @@ msgid ""
 "    /allserv /whois $nick"
 msgstr ""
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+msgid "[<username> <password>]"
+msgstr "felhasználó jelszó"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 #, fuzzy
 msgid "ban nicks or hosts"
 msgstr "név vagy gép letiltása"

po/it.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Esteban I. Ruiz Moreno <exio4.com@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6613,6 +6613,17 @@ msgstr ""
 "%s%s: il comando \"%s\" deve essere eseguito su un buffer IRC (server o "
 "canale)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: non connesso al server"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: prossima assenza: %s"
@@ -7064,6 +7075,34 @@ msgstr ""
 "  imposta l'assenza su tutti i server:\n"
 "    /allserv away sono assente"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<utente> <password>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "banna nick oppure host"
 

po/ja.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: AYANOKOUZI, Ryuunosuke <i38w7i3@yahoo.co.jp>\n"
 "Language-Team: Japanese <https://github.com/l/weechat/tree/master/"
@@ -7349,6 +7349,17 @@ msgstr ""
 "%1$s%2$s: オプション \"%4$s\" 付きのコマンド \"%3$s\" は irc バッファで実行し"
 "てください (サーバ、チャンネル、プライベートバッファ)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: サーバに接続していません"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: 離席予約: %s"
@@ -7817,6 +7828,34 @@ msgstr ""
 "  全てのサーバに対して自分のニックネームに関する whois を実行:\n"
 "    /allserv whois $nick"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<user> <password>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "ニックネームかホスト名を指定してバン"
 

po/pl.po

@@ -22,7 +22,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-06-13 14:40+0200\n"
 "Last-Translator: Krzysztof Korościk <soltys@soltys.info>\n"
 "Language-Team: Polish <kde-i18n-doc@kde.org>\n"
@@ -7556,6 +7556,17 @@ msgstr ""
 "%s%s: komenda \"%s\" z opcją \"%s\" musi zostać wykonana w buforze irc "
 "(serwer, kanał lub prywatne)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: nie jesteś połączony z serwerem"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: przyszła nieobecność: %s"
@@ -8040,6 +8051,34 @@ msgstr ""
 "  wykonuje whois na własnym nicku na wszystkich serwerach:\n"
 "    /allserv /whois $nick"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<użytkownik> <hasło>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "banuje nick albo host"
 

po/pt.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Vasco Almeida <vascomalmeida@sapo.pt>\n"
 "Language-Team: Portuguese <>\n"
@@ -7127,6 +7127,17 @@ msgid ""
 msgstr ""
 "%s%s: o comando \"%s\" deve ser executado num buffer irc (servidor ou canal)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: não está conectado ao servidor"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: futuro ausente: %s"
@@ -7584,6 +7595,34 @@ msgstr ""
 "  efetuar whois sobre o meu nick em todos os servidores:\n"
 "    /allserv whois $nick"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<utilizador> <palavra-passe>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "banir nicks ou hosts"
 

po/pt_BR.po

@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Érico Nogueira <ericonr@disroot.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -6519,6 +6519,17 @@ msgid ""
 "(server, channel or private)"
 msgstr "%s%s: não foi possível criar novo canal \"%s\""
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: você não está conectado ao servidor"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr ""
@@ -6913,6 +6924,34 @@ msgid ""
 "    /allserv /whois $nick"
 msgstr ""
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<user> <password>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr ""
 

po/ru.po

@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Aleksey V Zapparov AKA ixti <ixti@member.fsf.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5900,6 +5900,16 @@ msgid ""
 "(server, channel or private)"
 msgstr "%s \"%s\" команда может быть выполнена только в буфере сервера\n"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s вы не подключены к серверу\n"
+
 #, fuzzy, c-format
 msgid "%s: future away: %s"
 msgstr "Планирование статуса на %s%s%s: %s\n"
@@ -6308,6 +6318,33 @@ msgid ""
 "    /allserv /whois $nick"
 msgstr ""
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+msgid "[<username> <password>]"
+msgstr "пользователь пароль"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 #, fuzzy
 msgid "ban nicks or hosts"
 msgstr "банит ник или хост"

po/sr.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-06-03 15:15+0400\n"
 "Last-Translator: Ivan Pešić <ivan.pesic@gmail.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -7549,6 +7549,17 @@ msgstr ""
 "%s%s: команда „%s” са опцијом „%s” мора да се изврши у irc баферу (серверу, "
 "каналу или приватном разговору)"
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, fuzzy, c-format
+#| msgid "%s%s: you are not connected to server"
+msgid "%s%s: SASL is not supported by the server"
+msgstr "%s%s: нисте повезани са сервером"
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr "%s: будућа одсутност: %s"
@@ -8025,6 +8036,34 @@ msgstr ""
 "  обавља whois на сопственом надимку на свим серверима:\n"
 "    /allserv /whois $nick"
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<корисник> <лозинка>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr "забрана надимака или хостова"
 

po/tr.po

@@ -20,7 +20,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2021-05-25 18:28+0200\n"
 "Last-Translator: Emir SARI <bitigchi@me.com>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5858,6 +5858,16 @@ msgid ""
 "(server, channel or private)"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, c-format
+msgid "%s%s: SASL is not supported by the server"
+msgstr ""
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr ""
@@ -6250,6 +6260,34 @@ msgid ""
 "    /allserv /whois $nick"
 msgstr ""
 
+msgid "authenticate with SASL"
+msgstr ""
+
+#, fuzzy
+#| msgid "<user> <password>"
+msgid "[<username> <password>]"
+msgstr "<kullanıcı><parola>"
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr ""
 

po/weechat.pot

@@ -21,7 +21,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: WeeChat\n"
 "Report-Msgid-Bugs-To: flashcode@flashtux.org\n"
-"POT-Creation-Date: 2021-06-24 21:03+0200\n"
+"POT-Creation-Date: 2021-06-25 11:14+0200\n"
 "PO-Revision-Date: 2014-08-16 10:27+0200\n"
 "Last-Translator: Sébastien Helleu <flashcode@flashtux.org>\n"
 "Language-Team: weechat-dev <weechat-dev@nongnu.org>\n"
@@ -5361,6 +5361,16 @@ msgid ""
 "(server, channel or private)"
 msgstr ""
 
+#, c-format
+msgid ""
+"%s%s: \"%s\" command can only be executed if SASL is enabled via server "
+"options \"sasl_*\" (or you must give username and password)"
+msgstr ""
+
+#, c-format
+msgid "%s%s: SASL is not supported by the server"
+msgstr ""
+
 #, c-format
 msgid "%s: future away: %s"
 msgstr ""
@@ -5750,6 +5760,32 @@ msgid ""
 "    /allserv /whois $nick"
 msgstr ""
 
+msgid "authenticate with SASL"
+msgstr ""
+
+msgid "[<username> <password>]"
+msgstr ""
+
+msgid ""
+"username: SASL username (content is evaluated, see /help eval; server "
+"options are evaluated with ${irc_server.xxx} and ${server} is replaced by "
+"the server name)\n"
+"password: SASL password or path to file with private key (content is "
+"evaluated, see /help eval; server options are evaluated with ${irc_server."
+"xxx} and ${server} is replaced by the server name)\n"
+"\n"
+"If username and password are not provided, the values from server options "
+"\"sasl_username\" and \"sasl_password\" (or \"sasl_key\") are used.\n"
+"\n"
+"Examples:\n"
+"  authenticate with username/password defined in the server:\n"
+"    /auth\n"
+"  authenticate as a different user:\n"
+"    /auth user2 password2\n"
+"  authenticate as a different user with mechanism ecdsa-nist256p-challenge:\n"
+"    /auth user2 ${weechat_config_dir}/ecdsa2.pem"
+msgstr ""
+
 msgid "ban nicks or hosts"
 msgstr ""
 

src/plugins/irc/irc-command.c

@@ -792,6 +792,95 @@ IRC_COMMAND_CALLBACK(allserv)
     return WEECHAT_RC_OK;
 }
 
+/*
+ * Callback for command "/auth": authenticates with SASL.
+ */
+
+IRC_COMMAND_CALLBACK(auth)
+{
+    char str_msg_auth[512];
+    int sasl_mechanism;
+
+    IRC_BUFFER_GET_SERVER(buffer);
+    IRC_COMMAND_CHECK_SERVER("auth", 1, 1);
+
+    /* make C compiler happy */
+    (void) pointer;
+    (void) data;
+
+    if (ptr_server->sasl_temp_username)
+    {
+        free (ptr_server->sasl_temp_username);
+        ptr_server->sasl_temp_username = NULL;
+    }
+    if (ptr_server->sasl_temp_password)
+    {
+        free (ptr_server->sasl_temp_password);
+        ptr_server->sasl_temp_password = NULL;
+    }
+
+    if ((argc < 3) && !irc_server_sasl_enabled (ptr_server))
+    {
+        weechat_printf (
+            ptr_server->buffer,
+            _("%s%s: \"%s\" command can only be executed if SASL is enabled "
+              "via server options \"sasl_*\" (or you must give username and "
+              "password)"),
+            weechat_prefix ("error"), IRC_PLUGIN_NAME, "auth");
+        return WEECHAT_RC_OK;
+    }
+
+    if (weechat_hashtable_has_key (ptr_server->cap_list, "sasl"))
+    {
+        /* SASL capability already enabled, authenticate */
+        sasl_mechanism = IRC_SERVER_OPTION_INTEGER(
+            ptr_server, IRC_SERVER_OPTION_SASL_MECHANISM);
+        if ((sasl_mechanism >= 0)
+            && (sasl_mechanism < IRC_NUM_SASL_MECHANISMS))
+        {
+            if (argc > 2)
+            {
+                ptr_server->sasl_temp_username = strdup (argv[1]);
+                ptr_server->sasl_temp_password = strdup (argv_eol[2]);
+            }
+            snprintf (str_msg_auth, sizeof (str_msg_auth),
+                      "AUTHENTICATE %s",
+                      irc_sasl_mechanism_string[sasl_mechanism]);
+            weechat_string_toupper (str_msg_auth);
+            irc_server_sendf (ptr_server, IRC_SERVER_SEND_OUTQ_PRIO_HIGH, NULL,
+                              str_msg_auth);
+        }
+    }
+    else
+    {
+        /* "sasl" capability supported by the server? */
+        if (weechat_hashtable_has_key (ptr_server->cap_ls, "sasl"))
+        {
+            /*
+             * request "sasl" capability, then the server should ask
+             * immediately to authenticate by sending a message
+             * "AUTHENTICATE +"
+             */
+            if (argc > 2)
+            {
+                ptr_server->sasl_temp_username = strdup (argv[1]);
+                ptr_server->sasl_temp_password = strdup (argv_eol[2]);
+            }
+            irc_server_sendf (ptr_server, IRC_SERVER_SEND_OUTQ_PRIO_HIGH, NULL,
+                              "CAP REQ sasl");
+        }
+        else
+        {
+            weechat_printf (
+                ptr_server->buffer,
+                _("%s%s: SASL is not supported by the server"),
+                weechat_prefix ("error"), IRC_PLUGIN_NAME);
+        }
+    }
+
+    return WEECHAT_RC_OK;
+}
+
 /*
  * Displays a ctcp action on a channel.
  */
@@ -6474,6 +6563,31 @@ irc_command_init ()
            "  do a whois on my nick on all servers:\n"
            "    /allserv /whois $nick"),
         NULL, &irc_command_allserv, NULL, NULL);
+    weechat_hook_command (
+        "auth",
+        N_("authenticate with SASL"),
+        N_("[<username> <password>]"),
+        N_("username: SASL username (content is evaluated, see /help eval; "
+           "server options are evaluated with ${irc_server.xxx} and ${server} "
+           "is replaced by the server name)\n"
+           "password: SASL password or path to file with private key "
+           "(content is evaluated, see /help eval; server options are "
+           "evaluated with ${irc_server.xxx} and ${server} is replaced by the "
+           "server name)\n"
+           "\n"
+           "If username and password are not provided, the values from server "
+           "options \"sasl_username\" and \"sasl_password\" (or \"sasl_key\") "
+           "are used.\n"
+           "\n"
+           "Examples:\n"
+           "  authenticate with username/password defined in the server:\n"
+           "    /auth\n"
+           "  authenticate as a different user:\n"
+           "    /auth user2 password2\n"
+           "  authenticate as a different user with mechanism "
+           "ecdsa-nist256p-challenge:\n"
+           "    /auth user2 ${weechat_config_dir}/ecdsa2.pem"),
+        NULL, &irc_command_auth, NULL, NULL);
     weechat_hook_command_run ("/away", &irc_command_run_away, NULL, NULL);
     weechat_hook_command (
         "ban",

src/plugins/irc/irc-protocol.c

@@ -398,23 +398,19 @@ IRC_PROTOCOL_CALLBACK(account)
 IRC_PROTOCOL_CALLBACK(authenticate)
 {
     int sasl_mechanism;
-    char *sasl_username, *sasl_password, *answer, *sasl_error;
-    const char *sasl_key;
+    char *sasl_username, *sasl_password, *sasl_key, *answer, *sasl_error;
 
     IRC_PROTOCOL_MIN_ARGS(2);
 
     if (!irc_server_sasl_enabled (server))
         return WEECHAT_RC_OK;
 
+    irc_server_sasl_get_creds (server, &sasl_username, &sasl_password,
+                               &sasl_key);
+
     sasl_mechanism = IRC_SERVER_OPTION_INTEGER(
         server, IRC_SERVER_OPTION_SASL_MECHANISM);
-    sasl_username = irc_server_eval_expression (
-        server,
-        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_USERNAME));
-    sasl_password = irc_server_eval_expression (
-        server,
-        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_PASSWORD));
-    sasl_key = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_KEY);
+
     answer = NULL;
     sasl_error = NULL;
     switch (sasl_mechanism)
@@ -471,6 +467,8 @@ IRC_PROTOCOL_CALLBACK(authenticate)
         free (sasl_username);
     if (sasl_password)
         free (sasl_password);
+    if (sasl_key)
+        free (sasl_key);
     if (sasl_error)
         free (sasl_error);
 
@@ -6621,8 +6619,9 @@ IRC_PROTOCOL_CALLBACK(sasl_end_fail)
                              ignored, argc, argv, argv_eol);
 
     sasl_fail = IRC_SERVER_OPTION_INTEGER(server, IRC_SERVER_OPTION_SASL_FAIL);
-    if ((sasl_fail == IRC_SERVER_SASL_FAIL_RECONNECT)
-        || (sasl_fail == IRC_SERVER_SASL_FAIL_DISCONNECT))
+    if (!server->is_connected
+        && ((sasl_fail == IRC_SERVER_SASL_FAIL_RECONNECT)
+            || (sasl_fail == IRC_SERVER_SASL_FAIL_DISCONNECT)))
     {
         irc_server_disconnect (
             server, 0,

src/plugins/irc/irc-server.c

@@ -93,7 +93,7 @@ char *irc_server_options[IRC_SERVER_NUM_OPTIONS][2] =
   { "sasl_password",        ""                        },
   { "sasl_key",             "",                       },
   { "sasl_timeout",         "15"                      },
-  { "sasl_fail",            "continue"                },
+  { "sasl_fail",            "reconnect"               },
   { "autoconnect",          "off"                     },
   { "autoreconnect",        "on"                      },
   { "autoreconnect_delay",  "10"                      },
@@ -508,6 +508,33 @@ irc_server_eval_fingerprint (struct t_irc_server *server)
     return fingerprint_eval;
 }
 
+/*
+ * Gets SASL credentials on server (uses temporary SASL username/password if
+ * set by the command /auth <user> <pass>).
+ */
+
+void
+irc_server_sasl_get_creds (struct t_irc_server *server,
+                           char **username, char **password, char **key)
+{
+    const char *ptr_username, *ptr_password, *ptr_key;
+
+    ptr_username = (server->sasl_temp_username) ?
+        server->sasl_temp_username :
+        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_USERNAME);
+    ptr_password = (server->sasl_temp_password) ?
+        server->sasl_temp_password :
+        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_PASSWORD);
+    /* temporary password can also be a path to file with private key */
+    ptr_key = (server->sasl_temp_password) ?
+        server->sasl_temp_password :
+        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_KEY);
+
+    *username = irc_server_eval_expression (server, ptr_username);
+    *password = irc_server_eval_expression (server, ptr_password);
+    *key = irc_server_eval_expression (server, ptr_key);
+}
+
 /*
  * Checks if SASL is enabled on server.
  *
@@ -520,18 +547,13 @@ int
 irc_server_sasl_enabled (struct t_irc_server *server)
 {
     int sasl_mechanism, rc;
-    char *sasl_username, *sasl_password;
-    const char *sasl_key;
+    char *sasl_username, *sasl_password, *sasl_key;
+
+    irc_server_sasl_get_creds (server,
+                               &sasl_username, &sasl_password, &sasl_key);
 
     sasl_mechanism = IRC_SERVER_OPTION_INTEGER(
         server, IRC_SERVER_OPTION_SASL_MECHANISM);
-    sasl_username = irc_server_eval_expression (
-        server,
-        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_USERNAME));
-    sasl_password = irc_server_eval_expression (
-        server,
-        IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_PASSWORD));
-    sasl_key = IRC_SERVER_OPTION_STRING(server, IRC_SERVER_OPTION_SASL_KEY);
 
     /*
      * SASL is enabled if one of these conditions is true:
@@ -550,6 +572,8 @@ irc_server_sasl_enabled (struct t_irc_server *server)
         free (sasl_username);
     if (sasl_password)
         free (sasl_password);
+    if (sasl_key)
+        free (sasl_key);
 
     return rc;
 }
@@ -1468,6 +1492,8 @@ irc_server_alloc (const char *name)
     new_server->sasl_scram_salted_pwd = NULL;
     new_server->sasl_scram_salted_pwd_size = 0;
     new_server->sasl_scram_auth_message = NULL;
+    new_server->sasl_temp_username = NULL;
+    new_server->sasl_temp_password = NULL;
     new_server->is_connected = 0;
     new_server->ssl_connected = 0;
     new_server->disconnected = 0;
@@ -1970,6 +1996,16 @@ irc_server_free_sasl_data (struct t_irc_server *server)
         free (server->sasl_scram_auth_message);
         server->sasl_scram_auth_message = NULL;
     }
+    if (server->sasl_temp_username)
+    {
+        free (server->sasl_temp_username);
+        server->sasl_temp_username = NULL;
+    }
+    if (server->sasl_temp_password)
+    {
+        free (server->sasl_temp_password);
+        server->sasl_temp_password = NULL;
+    }
 }
 
 /*
@@ -5914,6 +5950,8 @@ irc_server_hdata_server_cb (const void *pointer, void *data,
         WEECHAT_HDATA_VAR(struct t_irc_server, sasl_scram_salted_pwd, OTHER, 0, NULL, NULL);
         WEECHAT_HDATA_VAR(struct t_irc_server, sasl_scram_salted_pwd_size, INTEGER, 0, NULL, NULL);
         WEECHAT_HDATA_VAR(struct t_irc_server, sasl_scram_auth_message, STRING, 0, NULL, NULL);
+        WEECHAT_HDATA_VAR(struct t_irc_server, sasl_temp_username, STRING, 0, NULL, NULL);
+        WEECHAT_HDATA_VAR(struct t_irc_server, sasl_temp_password, STRING, 0, NULL, NULL);
         WEECHAT_HDATA_VAR(struct t_irc_server, is_connected, INTEGER, 0, NULL, NULL);
         WEECHAT_HDATA_VAR(struct t_irc_server, ssl_connected, INTEGER, 0, NULL, NULL);
         WEECHAT_HDATA_VAR(struct t_irc_server, disconnected, INTEGER, 0, NULL, NULL);
@@ -6554,6 +6592,8 @@ irc_server_print_log ()
         weechat_log_printf ("  sasl_scram_salted_pwd . . : (hidden)");
         weechat_log_printf ("  sasl_scram_salted_pwd_size: %d",    ptr_server->sasl_scram_salted_pwd_size);
         weechat_log_printf ("  sasl_scram_auth_message . : (hidden)");
+        weechat_log_printf ("  sasl_temp_username. . . . : '%s'",  ptr_server->sasl_temp_username);
+        weechat_log_printf ("  sasl_temp_password. . . . : (hidden)");
         weechat_log_printf ("  is_connected. . . . . . . : %d",    ptr_server->is_connected);
         weechat_log_printf ("  ssl_connected . . . . . . : %d",    ptr_server->ssl_connected);
         weechat_log_printf ("  disconnected. . . . . . . : %d",    ptr_server->disconnected);

src/plugins/irc/irc-server.h

@@ -197,6 +197,8 @@ struct t_irc_server
     char *sasl_scram_salted_pwd;    /* salted password for SASL SCRAM        */
     int sasl_scram_salted_pwd_size; /* size of salted password for SASL SCRAM*/
     char *sasl_scram_auth_message;  /* auth message for SASL SCRAM           */
+    char *sasl_temp_username;       /* temp SASL username (set by /auth cmd) */
+    char *sasl_temp_password;       /* temp SASL password (set by /auth cmd) */
     int is_connected;               /* 1 if WeeChat is connected to server   */
     int ssl_connected;              /* = 1 if connected with SSL             */
     int disconnected;               /* 1 if server has been disconnected     */
@@ -310,6 +312,10 @@ extern int irc_server_strncasecmp (struct t_irc_server *server,
                                    int max);
 extern char *irc_server_eval_expression (struct t_irc_server *server,
                                          const char *string);
+extern void irc_server_sasl_get_creds (struct t_irc_server *server,
+                                       char **username,
+                                       char **password,
+                                       char **key);
 extern int irc_server_sasl_enabled (struct t_irc_server *server);
 extern char *irc_server_get_name_without_port (const char *name);
 extern int irc_server_set_addresses (struct t_irc_server *server,