2017-10-15 08:18:14 +02:00
|
|
|
// Copyright (c) 2012-2014 Jeremy Latt
|
|
|
|
|
// Copyright (c) 2014-2015 Edmund Huber
|
|
|
|
|
// Copyright (c) 2017 Daniel Oaks <daniel@danieloaks.net>
|
|
|
|
|
// released under the MIT license
|
|
|
|
|
|
|
|
|
|
package irc
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"fmt"
|
|
|
|
|
"net"
|
|
|
|
|
|
2018-02-03 11:21:32 +01:00
|
|
|
"github.com/oragono/oragono/irc/modes"
|
2017-10-15 08:18:14 +02:00
|
|
|
"github.com/oragono/oragono/irc/passwd"
|
|
|
|
|
"github.com/oragono/oragono/irc/utils"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type webircConfig struct {
|
2017-10-15 10:15:18 +02:00
|
|
|
PasswordString string `yaml:"password"`
|
|
|
|
|
Password []byte `yaml:"password-bytes"`
|
2017-10-16 00:47:49 +02:00
|
|
|
Fingerprint string
|
2017-10-15 10:15:18 +02:00
|
|
|
Hosts []string
|
2017-10-15 08:18:14 +02:00
|
|
|
}
|
|
|
|
|
|
2017-10-16 00:47:49 +02:00
|
|
|
// Populate fills out our password or fingerprint.
|
|
|
|
|
func (wc *webircConfig) Populate() (err error) {
|
|
|
|
|
if wc.Fingerprint == "" && wc.PasswordString == "" {
|
2018-02-03 13:03:36 +01:00
|
|
|
return ErrNoFingerprintOrPassword
|
2017-10-16 00:47:49 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if wc.PasswordString != "" {
|
|
|
|
|
var password []byte
|
|
|
|
|
password, err = passwd.DecodePasswordHash(wc.PasswordString)
|
|
|
|
|
wc.Password = password
|
|
|
|
|
}
|
|
|
|
|
return err
|
2017-10-15 08:18:14 +02:00
|
|
|
}
|
|
|
|
|
|
2018-02-01 21:53:49 +01:00
|
|
|
func isGatewayAllowed(addr net.Addr, gatewaySpec string) bool {
|
|
|
|
|
// "localhost" includes any loopback IP or unix domain socket
|
|
|
|
|
if gatewaySpec == "localhost" {
|
|
|
|
|
return utils.AddrIsLocal(addr)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
ip := utils.AddrToIP(addr)
|
|
|
|
|
if ip == nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// exact IP match
|
|
|
|
|
if ip.String() == gatewaySpec {
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// CIDR match
|
|
|
|
|
_, gatewayNet, err := net.ParseCIDR(gatewaySpec)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return gatewayNet.Contains(ip)
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-15 08:18:14 +02:00
|
|
|
// ApplyProxiedIP applies the given IP to the client.
|
2017-10-16 00:47:49 +02:00
|
|
|
func (client *Client) ApplyProxiedIP(proxiedIP string, tls bool) (exiting bool) {
|
2017-10-15 08:18:14 +02:00
|
|
|
// ensure IP is sane
|
|
|
|
|
parsedProxiedIP := net.ParseIP(proxiedIP)
|
|
|
|
|
if parsedProxiedIP == nil {
|
2018-01-22 12:26:01 +01:00
|
|
|
client.Quit(fmt.Sprintf(client.t("Proxied IP address is not valid: [%s]"), proxiedIP))
|
2017-10-15 08:18:14 +02:00
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isBanned, banMsg := client.server.checkBans(parsedProxiedIP)
|
|
|
|
|
if isBanned {
|
|
|
|
|
client.Quit(banMsg)
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// given IP is sane! override the client's current IP
|
2018-04-23 08:38:35 +02:00
|
|
|
rawHostname := utils.LookupHostname(proxiedIP)
|
|
|
|
|
client.stateMutex.Lock()
|
2018-02-01 21:53:49 +01:00
|
|
|
client.proxiedIP = parsedProxiedIP
|
2018-04-23 08:38:35 +02:00
|
|
|
client.rawHostname = rawHostname
|
|
|
|
|
client.stateMutex.Unlock()
|
|
|
|
|
// nickmask will be updated when the client completes registration
|
2017-10-16 00:47:49 +02:00
|
|
|
|
|
|
|
|
// set tls info
|
|
|
|
|
client.certfp = ""
|
2018-04-23 00:47:10 +02:00
|
|
|
client.SetMode(modes.TLS, tls)
|
2017-10-16 00:47:49 +02:00
|
|
|
|
2017-10-15 08:18:14 +02:00
|
|
|
return false
|
|
|
|
|
}
|
