mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-25 13:29:27 +01:00
config: Fix accounts registration/authentication
This commit is contained in:
parent
d1cb4b9b37
commit
3058161f62
@ -8,7 +8,8 @@ This project adheres to [Semantic Versioning](http://semver.org/). For the purpo
|
||||
New release of Oragono!
|
||||
|
||||
### Config Changes
|
||||
|
||||
* `registration` and `authentication-enabled` keys moved under `accounts` section.
|
||||
|
||||
### Security
|
||||
|
||||
### Added
|
||||
|
@ -78,7 +78,7 @@ func loadAccount(server *Server, tx *buntdb.Tx, accountKey string) *ClientAccoun
|
||||
// authenticateHandler parses the AUTHENTICATE command (for SASL authentication).
|
||||
func authenticateHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
||||
// sasl abort
|
||||
if !server.authenticationEnabled || len(msg.Params) == 1 && msg.Params[0] == "*" {
|
||||
if !server.accountAuthenticationEnabled || len(msg.Params) == 1 && msg.Params[0] == "*" {
|
||||
if client.saslInProgress {
|
||||
client.Send(nil, server.name, ERR_SASLABORTED, client.nick, "SASL authentication aborted")
|
||||
} else {
|
||||
|
@ -145,10 +145,9 @@ type Config struct {
|
||||
Path string
|
||||
}
|
||||
|
||||
AuthenticationEnabled bool `yaml:"authentication-enabled"`
|
||||
|
||||
Registration struct {
|
||||
Accounts AccountRegistrationConfig
|
||||
Accounts struct {
|
||||
Registration AccountRegistrationConfig
|
||||
AuthenticationEnabled bool `yaml:"authentication-enabled"`
|
||||
}
|
||||
|
||||
OperClasses map[string]*OperClassConfig `yaml:"oper-classes"`
|
||||
|
110
irc/server.go
110
irc/server.go
@ -80,44 +80,44 @@ type ListenerEvent struct {
|
||||
|
||||
// Server is the main Oragono server.
|
||||
type Server struct {
|
||||
accountRegistration *AccountRegistration
|
||||
accounts map[string]*ClientAccount
|
||||
authenticationEnabled bool
|
||||
channels ChannelNameMap
|
||||
checkIdent bool
|
||||
clients *ClientLookupSet
|
||||
commands chan Command
|
||||
configFilename string
|
||||
connectionThrottle *ConnectionThrottle
|
||||
connectionThrottleMutex sync.Mutex // used when affecting the connection limiter, to make sure rehashing doesn't make things go out-of-whack
|
||||
connectionLimits *ConnectionLimits
|
||||
connectionLimitsMutex sync.Mutex // used when affecting the connection limiter, to make sure rehashing doesn't make things go out-of-whack
|
||||
ctime time.Time
|
||||
currentOpers map[*Client]bool
|
||||
dlines *DLineManager
|
||||
idle chan *Client
|
||||
isupport *ISupportList
|
||||
klines *KLineManager
|
||||
limits Limits
|
||||
listenerEventActMutex sync.Mutex
|
||||
listeners map[string]ListenerInterface
|
||||
listenerUpdateMutex sync.Mutex
|
||||
monitoring map[string][]Client
|
||||
motdLines []string
|
||||
name string
|
||||
nameCasefolded string
|
||||
networkName string
|
||||
newConns chan clientConn
|
||||
operators map[string]Oper
|
||||
operclasses map[string]OperClass
|
||||
password []byte
|
||||
passwords *PasswordManager
|
||||
rehashMutex sync.Mutex
|
||||
rehashSignal chan os.Signal
|
||||
restAPI *RestAPIConfig
|
||||
signals chan os.Signal
|
||||
store *buntdb.DB
|
||||
whoWas *WhoWasList
|
||||
accountRegistration *AccountRegistration
|
||||
accounts map[string]*ClientAccount
|
||||
accountAuthenticationEnabled bool
|
||||
channels ChannelNameMap
|
||||
checkIdent bool
|
||||
clients *ClientLookupSet
|
||||
commands chan Command
|
||||
configFilename string
|
||||
connectionThrottle *ConnectionThrottle
|
||||
connectionThrottleMutex sync.Mutex // used when affecting the connection limiter, to make sure rehashing doesn't make things go out-of-whack
|
||||
connectionLimits *ConnectionLimits
|
||||
connectionLimitsMutex sync.Mutex // used when affecting the connection limiter, to make sure rehashing doesn't make things go out-of-whack
|
||||
ctime time.Time
|
||||
currentOpers map[*Client]bool
|
||||
dlines *DLineManager
|
||||
idle chan *Client
|
||||
isupport *ISupportList
|
||||
klines *KLineManager
|
||||
limits Limits
|
||||
listenerEventActMutex sync.Mutex
|
||||
listeners map[string]ListenerInterface
|
||||
listenerUpdateMutex sync.Mutex
|
||||
monitoring map[string][]Client
|
||||
motdLines []string
|
||||
name string
|
||||
nameCasefolded string
|
||||
networkName string
|
||||
newConns chan clientConn
|
||||
operators map[string]Oper
|
||||
operclasses map[string]OperClass
|
||||
password []byte
|
||||
passwords *PasswordManager
|
||||
rehashMutex sync.Mutex
|
||||
rehashSignal chan os.Signal
|
||||
restAPI *RestAPIConfig
|
||||
signals chan os.Signal
|
||||
store *buntdb.DB
|
||||
whoWas *WhoWasList
|
||||
}
|
||||
|
||||
var (
|
||||
@ -150,7 +150,7 @@ func NewServer(configFilename string, config *Config) *Server {
|
||||
}
|
||||
}
|
||||
|
||||
if config.AuthenticationEnabled {
|
||||
if config.Accounts.AuthenticationEnabled {
|
||||
SupportedCapabilities[SASL] = true
|
||||
}
|
||||
|
||||
@ -178,17 +178,17 @@ func NewServer(configFilename string, config *Config) *Server {
|
||||
}
|
||||
|
||||
server := &Server{
|
||||
accounts: make(map[string]*ClientAccount),
|
||||
authenticationEnabled: config.AuthenticationEnabled,
|
||||
channels: make(ChannelNameMap),
|
||||
clients: NewClientLookupSet(),
|
||||
commands: make(chan Command),
|
||||
configFilename: configFilename,
|
||||
connectionLimits: connectionLimits,
|
||||
connectionThrottle: connectionThrottle,
|
||||
ctime: time.Now(),
|
||||
currentOpers: make(map[*Client]bool),
|
||||
idle: make(chan *Client),
|
||||
accounts: make(map[string]*ClientAccount),
|
||||
accountAuthenticationEnabled: config.Accounts.AuthenticationEnabled,
|
||||
channels: make(ChannelNameMap),
|
||||
clients: NewClientLookupSet(),
|
||||
commands: make(chan Command),
|
||||
configFilename: configFilename,
|
||||
connectionLimits: connectionLimits,
|
||||
connectionThrottle: connectionThrottle,
|
||||
ctime: time.Now(),
|
||||
currentOpers: make(map[*Client]bool),
|
||||
idle: make(chan *Client),
|
||||
limits: Limits{
|
||||
AwayLen: int(config.Limits.AwayLen),
|
||||
ChannelLen: int(config.Limits.ChannelLen),
|
||||
@ -297,7 +297,7 @@ func NewServer(configFilename string, config *Config) *Server {
|
||||
}
|
||||
|
||||
// registration
|
||||
accountReg := NewAccountRegistration(config.Registration.Accounts)
|
||||
accountReg := NewAccountRegistration(config.Accounts.Registration)
|
||||
server.accountRegistration = &accountReg
|
||||
|
||||
// Attempt to clean up when receiving these signals.
|
||||
@ -1286,17 +1286,17 @@ func (server *Server) rehash() error {
|
||||
removedCaps := make(CapabilitySet)
|
||||
|
||||
// SASL
|
||||
if config.AuthenticationEnabled && !server.authenticationEnabled {
|
||||
if config.Accounts.AuthenticationEnabled && !server.accountAuthenticationEnabled {
|
||||
// enabling SASL
|
||||
SupportedCapabilities[SASL] = true
|
||||
addedCaps[SASL] = true
|
||||
}
|
||||
if !config.AuthenticationEnabled && server.authenticationEnabled {
|
||||
if !config.Accounts.AuthenticationEnabled && server.accountAuthenticationEnabled {
|
||||
// disabling SASL
|
||||
SupportedCapabilities[SASL] = false
|
||||
removedCaps[SASL] = true
|
||||
}
|
||||
server.authenticationEnabled = config.AuthenticationEnabled
|
||||
server.accountAuthenticationEnabled = config.Accounts.AuthenticationEnabled
|
||||
|
||||
// burst new and removed caps
|
||||
var capBurstClients ClientSet
|
||||
@ -1336,7 +1336,7 @@ func (server *Server) rehash() error {
|
||||
server.checkIdent = config.Server.CheckIdent
|
||||
|
||||
// registration
|
||||
accountReg := NewAccountRegistration(config.Registration.Accounts)
|
||||
accountReg := NewAccountRegistration(config.Accounts.Registration)
|
||||
server.accountRegistration = &accountReg
|
||||
|
||||
// set RPL_ISUPPORT
|
||||
|
10
oragono.yaml
10
oragono.yaml
@ -97,10 +97,10 @@ server:
|
||||
- "127.0.0.1/8"
|
||||
- "::1/128"
|
||||
|
||||
# account/channel registration
|
||||
registration:
|
||||
# account options
|
||||
accounts:
|
||||
# account registration
|
||||
accounts:
|
||||
registration:
|
||||
# can users register new accounts?
|
||||
enabled: true
|
||||
|
||||
@ -112,8 +112,8 @@ registration:
|
||||
enabled-callbacks:
|
||||
- none # no verification needed, will instantly register successfully
|
||||
|
||||
# whether account authentication is enabled
|
||||
authentication-enabled: true
|
||||
# is account authentication enabled?
|
||||
authentication-enabled: true
|
||||
|
||||
# operator classes
|
||||
oper-classes:
|
||||
|
Loading…
Reference in New Issue
Block a user