2016-06-15 13:50:56 +02:00
|
|
|
// Copyright (c) 2012-2014 Jeremy Latt
|
|
|
|
// Copyright (c) 2014-2015 Edmund Huber
|
|
|
|
// Copyright (c) 2016- Daniel Oaks <daniel@danieloaks.net>
|
|
|
|
// released under the MIT license
|
|
|
|
|
2014-02-09 16:53:42 +01:00
|
|
|
package irc
|
|
|
|
|
|
|
|
import (
|
2016-04-13 12:45:09 +02:00
|
|
|
"crypto/tls"
|
2014-03-01 23:34:51 +01:00
|
|
|
"errors"
|
2016-10-23 02:47:11 +02:00
|
|
|
"fmt"
|
2016-04-12 15:00:09 +02:00
|
|
|
"io/ioutil"
|
2014-02-24 07:21:39 +01:00
|
|
|
"log"
|
2016-10-23 03:01:05 +02:00
|
|
|
"strings"
|
2017-01-12 08:40:01 +01:00
|
|
|
"time"
|
2016-04-12 15:00:09 +02:00
|
|
|
|
|
|
|
"gopkg.in/yaml.v2"
|
2014-02-09 16:53:42 +01:00
|
|
|
)
|
|
|
|
|
2014-03-01 23:34:51 +01:00
|
|
|
type PassConfig struct {
|
|
|
|
Password string
|
|
|
|
}
|
|
|
|
|
2016-04-28 12:12:23 +02:00
|
|
|
// TLSListenConfig defines configuration options for listening on TLS
|
|
|
|
type TLSListenConfig struct {
|
2016-04-13 12:45:09 +02:00
|
|
|
Cert string
|
|
|
|
Key string
|
|
|
|
}
|
|
|
|
|
2016-04-28 12:12:23 +02:00
|
|
|
// Certificate returns the TLS certificate assicated with this TLSListenConfig
|
|
|
|
func (conf *TLSListenConfig) Config() (*tls.Config, error) {
|
2016-04-13 12:45:09 +02:00
|
|
|
cert, err := tls.LoadX509KeyPair(conf.Cert, conf.Key)
|
|
|
|
if err != nil {
|
2016-04-28 12:12:23 +02:00
|
|
|
return nil, errors.New("tls cert+key: invalid pair")
|
2016-04-13 12:45:09 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return &tls.Config{
|
|
|
|
Certificates: []tls.Certificate{cert},
|
|
|
|
}, err
|
|
|
|
}
|
|
|
|
|
2014-03-01 23:34:51 +01:00
|
|
|
func (conf *PassConfig) PasswordBytes() []byte {
|
2016-10-13 09:36:44 +02:00
|
|
|
bytes, err := DecodePasswordHash(conf.Password)
|
2014-02-24 07:21:39 +01:00
|
|
|
if err != nil {
|
2014-03-06 08:07:55 +01:00
|
|
|
log.Fatal("decode password error: ", err)
|
2014-02-24 07:21:39 +01:00
|
|
|
}
|
|
|
|
return bytes
|
|
|
|
}
|
|
|
|
|
2016-09-04 11:25:33 +02:00
|
|
|
type AccountRegistrationConfig struct {
|
|
|
|
Enabled bool
|
|
|
|
EnabledCallbacks []string `yaml:"enabled-callbacks"`
|
|
|
|
Callbacks struct {
|
|
|
|
Mailto struct {
|
|
|
|
Server string
|
|
|
|
Port int
|
|
|
|
TLS struct {
|
|
|
|
Enabled bool
|
|
|
|
InsecureSkipVerify bool `yaml:"insecure_skip_verify"`
|
|
|
|
ServerName string `yaml:"servername"`
|
|
|
|
}
|
|
|
|
Username string
|
|
|
|
Password string
|
|
|
|
Sender string
|
|
|
|
VerifyMessageSubject string `yaml:"verify-message-subject"`
|
|
|
|
VerifyMessage string `yaml:"verify-message"`
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-10-23 02:47:11 +02:00
|
|
|
type OperClassConfig struct {
|
|
|
|
Title string
|
2016-10-23 03:01:05 +02:00
|
|
|
WhoisLine string
|
2016-10-23 02:47:11 +02:00
|
|
|
Extends string
|
|
|
|
Capabilities []string
|
|
|
|
}
|
|
|
|
|
|
|
|
type OperConfig struct {
|
2016-10-23 03:01:05 +02:00
|
|
|
Class string
|
|
|
|
Vhost string
|
|
|
|
WhoisLine string `yaml:"whois-line"`
|
|
|
|
Password string
|
2016-10-23 02:47:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *OperConfig) PasswordBytes() []byte {
|
|
|
|
bytes, err := DecodePasswordHash(conf.Password)
|
|
|
|
if err != nil {
|
|
|
|
log.Fatal("decode password error: ", err)
|
|
|
|
}
|
|
|
|
return bytes
|
|
|
|
}
|
|
|
|
|
2016-11-06 02:05:29 +01:00
|
|
|
type RestAPIConfig struct {
|
|
|
|
Enabled bool
|
|
|
|
Listen string
|
|
|
|
}
|
|
|
|
|
2016-10-23 15:05:00 +02:00
|
|
|
type ConnectionLimitsConfig struct {
|
2017-01-12 08:40:01 +01:00
|
|
|
Enabled bool
|
2016-10-23 15:05:00 +02:00
|
|
|
CidrLenIPv4 int `yaml:"cidr-len-ipv4"`
|
|
|
|
CidrLenIPv6 int `yaml:"cidr-len-ipv6"`
|
|
|
|
IPsPerCidr int `yaml:"ips-per-subnet"`
|
|
|
|
Exempted []string
|
|
|
|
}
|
|
|
|
|
2017-01-12 08:40:01 +01:00
|
|
|
type ConnectionThrottleConfig struct {
|
|
|
|
Enabled bool
|
|
|
|
CidrLenIPv4 int `yaml:"cidr-len-ipv4"`
|
|
|
|
CidrLenIPv6 int `yaml:"cidr-len-ipv6"`
|
|
|
|
ConnectionsPerCidr int `yaml:"max-connections"`
|
|
|
|
DurationString string `yaml:"duration"`
|
|
|
|
Duration time.Duration `yaml:"duration-time"`
|
|
|
|
BanDurationString string `yaml:"ban-duration"`
|
|
|
|
BanDuration time.Duration
|
|
|
|
BanMessage string `yaml:"ban-message"`
|
|
|
|
Exempted []string
|
|
|
|
}
|
|
|
|
|
2017-01-13 15:22:42 +01:00
|
|
|
type LineLenConfig struct {
|
|
|
|
Tags int
|
|
|
|
Rest int
|
|
|
|
}
|
|
|
|
|
2014-02-09 16:53:42 +01:00
|
|
|
type Config struct {
|
2016-04-12 07:44:00 +02:00
|
|
|
Network struct {
|
|
|
|
Name string
|
|
|
|
}
|
|
|
|
|
2014-03-01 23:34:51 +01:00
|
|
|
Server struct {
|
|
|
|
PassConfig
|
2017-01-12 08:40:01 +01:00
|
|
|
Password string
|
|
|
|
Name string
|
|
|
|
Listen []string
|
|
|
|
Wslisten string `yaml:"ws-listen"`
|
|
|
|
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
|
|
|
|
RestAPI RestAPIConfig `yaml:"rest-api"`
|
|
|
|
CheckIdent bool `yaml:"check-ident"`
|
|
|
|
Log string
|
|
|
|
MOTD string
|
|
|
|
ConnectionLimits ConnectionLimitsConfig `yaml:"connection-limits"`
|
|
|
|
ConnectionThrottle ConnectionThrottleConfig `yaml:"connection-throttling"`
|
2014-03-01 23:34:51 +01:00
|
|
|
}
|
2014-02-25 20:11:34 +01:00
|
|
|
|
2016-09-04 11:25:33 +02:00
|
|
|
Datastore struct {
|
2016-09-17 13:23:04 +02:00
|
|
|
Path string
|
2016-09-04 11:25:33 +02:00
|
|
|
}
|
|
|
|
|
2016-10-22 14:18:41 +02:00
|
|
|
AuthenticationEnabled bool `yaml:"authentication-enabled"`
|
|
|
|
|
2016-09-04 11:25:33 +02:00
|
|
|
Registration struct {
|
|
|
|
Accounts AccountRegistrationConfig
|
|
|
|
}
|
|
|
|
|
2016-10-23 02:47:11 +02:00
|
|
|
OperClasses map[string]*OperClassConfig `yaml:"oper-classes"`
|
|
|
|
|
|
|
|
Opers map[string]*OperConfig
|
2014-03-13 09:55:46 +01:00
|
|
|
|
2016-08-12 14:20:32 +02:00
|
|
|
Limits struct {
|
2017-01-13 15:22:42 +01:00
|
|
|
AwayLen uint `yaml:"awaylen"`
|
|
|
|
ChanListModes uint `yaml:"chan-list-modes"`
|
|
|
|
ChannelLen uint `yaml:"channellen"`
|
|
|
|
KickLen uint `yaml:"kicklen"`
|
|
|
|
MonitorEntries uint `yaml:"monitor-entries"`
|
|
|
|
NickLen uint `yaml:"nicklen"`
|
|
|
|
TopicLen uint `yaml:"topiclen"`
|
|
|
|
WhowasEntries uint `yaml:"whowas-entries"`
|
|
|
|
LineLen LineLenConfig `yaml:"linelen"`
|
2016-08-12 14:20:32 +02:00
|
|
|
}
|
2014-02-24 07:21:39 +01:00
|
|
|
}
|
|
|
|
|
2016-10-23 02:47:11 +02:00
|
|
|
type OperClass struct {
|
|
|
|
Title string
|
2016-10-23 03:01:05 +02:00
|
|
|
WhoisLine string `yaml:"whois-line"`
|
2016-10-23 02:47:11 +02:00
|
|
|
Capabilities map[string]bool // map to make lookups much easier
|
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *Config) OperatorClasses() (*map[string]OperClass, error) {
|
|
|
|
ocs := make(map[string]OperClass)
|
|
|
|
|
|
|
|
// loop from no extends to most extended, breaking if we can't add any more
|
|
|
|
lenOfLastOcs := -1
|
|
|
|
for {
|
|
|
|
if lenOfLastOcs == len(ocs) {
|
|
|
|
return nil, errors.New("OperClasses contains a looping dependency, or a class extends from a class that doesn't exist")
|
|
|
|
}
|
|
|
|
lenOfLastOcs = len(ocs)
|
|
|
|
|
|
|
|
var anyMissing bool
|
|
|
|
for name, info := range conf.OperClasses {
|
|
|
|
_, exists := ocs[name]
|
|
|
|
_, extendsExists := ocs[info.Extends]
|
|
|
|
if exists {
|
|
|
|
// class already exists
|
|
|
|
continue
|
|
|
|
} else if len(info.Extends) > 0 && !extendsExists {
|
|
|
|
// class we extend on doesn't exist
|
|
|
|
_, exists := conf.OperClasses[info.Extends]
|
|
|
|
if !exists {
|
|
|
|
return nil, fmt.Errorf("Operclass [%s] extends [%s], which doesn't exist", name, info.Extends)
|
|
|
|
}
|
|
|
|
anyMissing = true
|
|
|
|
continue
|
|
|
|
}
|
|
|
|
|
|
|
|
// create new operclass
|
|
|
|
var oc OperClass
|
|
|
|
oc.Capabilities = make(map[string]bool)
|
|
|
|
|
|
|
|
// get inhereted info from other operclasses
|
|
|
|
if len(info.Extends) > 0 {
|
|
|
|
einfo, _ := ocs[info.Extends]
|
|
|
|
|
|
|
|
for capab := range einfo.Capabilities {
|
|
|
|
oc.Capabilities[capab] = true
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// add our own info
|
|
|
|
oc.Title = info.Title
|
|
|
|
for _, capab := range info.Capabilities {
|
|
|
|
oc.Capabilities[capab] = true
|
|
|
|
}
|
2016-10-23 03:01:05 +02:00
|
|
|
if len(info.WhoisLine) > 0 {
|
|
|
|
oc.WhoisLine = info.WhoisLine
|
|
|
|
} else {
|
|
|
|
oc.WhoisLine = "is a"
|
|
|
|
if strings.Contains(strings.ToLower(string(oc.Title[0])), "aeiou") {
|
|
|
|
oc.WhoisLine += "n"
|
|
|
|
}
|
|
|
|
oc.WhoisLine += " "
|
|
|
|
oc.WhoisLine += oc.Title
|
|
|
|
}
|
2016-10-23 02:47:11 +02:00
|
|
|
|
|
|
|
ocs[name] = oc
|
|
|
|
}
|
|
|
|
|
|
|
|
if !anyMissing {
|
|
|
|
// we've got every operclass!
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return &ocs, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
type Oper struct {
|
2016-10-23 03:01:05 +02:00
|
|
|
Class *OperClass
|
|
|
|
WhoisLine string
|
2016-10-23 03:28:31 +02:00
|
|
|
Vhost string
|
2016-10-23 03:01:05 +02:00
|
|
|
Pass []byte
|
2016-10-23 02:47:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
func (conf *Config) Operators(oc *map[string]OperClass) (map[string]Oper, error) {
|
|
|
|
operators := make(map[string]Oper)
|
|
|
|
for name, opConf := range conf.Opers {
|
|
|
|
var oper Oper
|
|
|
|
|
|
|
|
// oper name
|
2016-10-11 15:51:46 +02:00
|
|
|
name, err := CasefoldName(name)
|
2016-10-23 02:47:11 +02:00
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Could not casefold oper name: %s", err.Error())
|
|
|
|
}
|
|
|
|
|
|
|
|
oper.Pass = opConf.PasswordBytes()
|
2016-10-23 03:28:31 +02:00
|
|
|
oper.Vhost = opConf.Vhost
|
2016-10-23 02:47:11 +02:00
|
|
|
class, exists := (*oc)[opConf.Class]
|
|
|
|
if !exists {
|
|
|
|
return nil, fmt.Errorf("Could not load operator [%s] - they use operclass [%s] which does not exist", name, opConf.Class)
|
2016-10-11 15:51:46 +02:00
|
|
|
}
|
2016-10-23 02:47:11 +02:00
|
|
|
oper.Class = &class
|
2016-10-23 03:01:05 +02:00
|
|
|
if len(opConf.WhoisLine) > 0 {
|
|
|
|
oper.WhoisLine = opConf.WhoisLine
|
|
|
|
} else {
|
|
|
|
oper.WhoisLine = class.WhoisLine
|
|
|
|
}
|
2016-10-23 02:47:11 +02:00
|
|
|
|
|
|
|
// successful, attach to list of opers
|
|
|
|
operators[name] = oper
|
2014-02-24 18:41:09 +01:00
|
|
|
}
|
2016-10-23 02:47:11 +02:00
|
|
|
return operators, nil
|
2014-02-24 18:41:09 +01:00
|
|
|
}
|
|
|
|
|
2016-10-11 15:51:46 +02:00
|
|
|
func (conf *Config) TLSListeners() map[string]*tls.Config {
|
|
|
|
tlsListeners := make(map[string]*tls.Config)
|
2016-04-28 12:12:23 +02:00
|
|
|
for s, tlsListenersConf := range conf.Server.TLSListeners {
|
|
|
|
config, err := tlsListenersConf.Config()
|
2016-04-13 12:45:09 +02:00
|
|
|
if err != nil {
|
|
|
|
log.Fatal(err)
|
|
|
|
}
|
2016-10-11 15:51:46 +02:00
|
|
|
name, err := CasefoldName(s)
|
|
|
|
if err == nil {
|
|
|
|
tlsListeners[name] = config
|
|
|
|
} else {
|
|
|
|
log.Println("Could not casefold TLS listener:", err.Error())
|
|
|
|
}
|
2016-04-13 12:45:09 +02:00
|
|
|
}
|
2016-04-28 12:12:23 +02:00
|
|
|
return tlsListeners
|
2016-04-13 12:45:09 +02:00
|
|
|
}
|
|
|
|
|
2014-02-24 07:21:39 +01:00
|
|
|
func LoadConfig(filename string) (config *Config, err error) {
|
2016-04-12 15:00:09 +02:00
|
|
|
data, err := ioutil.ReadFile(filename)
|
2014-02-09 16:53:42 +01:00
|
|
|
if err != nil {
|
2016-04-12 15:00:09 +02:00
|
|
|
return nil, err
|
2014-02-09 16:53:42 +01:00
|
|
|
}
|
2016-04-12 15:00:09 +02:00
|
|
|
|
|
|
|
err = yaml.Unmarshal(data, &config)
|
|
|
|
if err != nil {
|
|
|
|
return nil, err
|
|
|
|
}
|
|
|
|
|
2016-06-28 08:06:17 +02:00
|
|
|
// we need this so PasswordBytes returns the correct info
|
|
|
|
if config.Server.Password != "" {
|
|
|
|
config.Server.PassConfig.Password = config.Server.Password
|
|
|
|
}
|
|
|
|
|
2016-04-12 07:44:00 +02:00
|
|
|
if config.Network.Name == "" {
|
|
|
|
return nil, errors.New("Network name missing")
|
|
|
|
}
|
2014-03-01 23:34:51 +01:00
|
|
|
if config.Server.Name == "" {
|
2016-04-12 15:00:09 +02:00
|
|
|
return nil, errors.New("Server name missing")
|
2014-03-01 23:34:51 +01:00
|
|
|
}
|
2016-04-21 02:48:15 +02:00
|
|
|
if !IsHostname(config.Server.Name) {
|
|
|
|
return nil, errors.New("Server name must match the format of a hostname")
|
|
|
|
}
|
2016-08-19 15:21:52 +02:00
|
|
|
if config.Datastore.Path == "" {
|
|
|
|
return nil, errors.New("Datastore path missing")
|
|
|
|
}
|
2014-03-01 23:34:51 +01:00
|
|
|
if len(config.Server.Listen) == 0 {
|
2016-04-12 15:00:09 +02:00
|
|
|
return nil, errors.New("Server listening addresses missing")
|
2014-02-10 22:52:28 +01:00
|
|
|
}
|
2016-10-16 12:14:56 +02:00
|
|
|
if config.Limits.NickLen < 1 || config.Limits.ChannelLen < 2 || config.Limits.AwayLen < 1 || config.Limits.KickLen < 1 || config.Limits.TopicLen < 1 {
|
2016-08-12 14:20:32 +02:00
|
|
|
return nil, errors.New("Limits aren't setup properly, check them and make them sane")
|
|
|
|
}
|
2017-01-12 08:40:01 +01:00
|
|
|
if config.Server.ConnectionThrottle.Enabled {
|
|
|
|
config.Server.ConnectionThrottle.Duration, err = time.ParseDuration(config.Server.ConnectionThrottle.DurationString)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Could not parse connection-throttle duration: %s", err.Error())
|
|
|
|
}
|
|
|
|
config.Server.ConnectionThrottle.BanDuration, err = time.ParseDuration(config.Server.ConnectionThrottle.BanDurationString)
|
|
|
|
if err != nil {
|
|
|
|
return nil, fmt.Errorf("Could not parse connection-throttle ban-duration: %s", err.Error())
|
|
|
|
}
|
|
|
|
}
|
2017-01-13 15:22:42 +01:00
|
|
|
if config.Limits.LineLen.Tags < 512 || config.Limits.LineLen.Rest < 512 {
|
2016-11-29 09:38:04 +01:00
|
|
|
return nil, errors.New("Line length must be 512 or greater")
|
|
|
|
}
|
2016-10-23 02:47:11 +02:00
|
|
|
|
2016-04-12 15:00:09 +02:00
|
|
|
return config, nil
|
2014-02-09 16:53:42 +01:00
|
|
|
}
|