3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

Merge pull request #1620 from slingamn/bugs

small fixes to kick off the 2.7 window
This commit is contained in:
Shivaram Lingamneni 2021-04-19 06:32:10 -04:00 committed by GitHub
commit 3ceb346c61
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 42 additions and 11 deletions

View File

@ -58,6 +58,8 @@ server:
# always send a PROXY protocol header ahead of the connection. See the # always send a PROXY protocol header ahead of the connection. See the
# manual ("Reverse proxies") for more details. # manual ("Reverse proxies") for more details.
proxy: false proxy: false
# set the minimum TLS version:
min-tls-version: 1.2
# Example of a Unix domain socket for proxying: # Example of a Unix domain socket for proxying:
# "/tmp/oragono_sock": # "/tmp/oragono_sock":

View File

@ -176,6 +176,10 @@ func (cm *ChannelManager) maybeCleanup(channel *Channel, afterJoin bool) {
return return
} }
cm.maybeCleanupInternal(cfname, entry, afterJoin)
}
func (cm *ChannelManager) maybeCleanupInternal(cfname string, entry *channelManagerEntry, afterJoin bool) {
if afterJoin { if afterJoin {
entry.pendingJoins -= 1 entry.pendingJoins -= 1
} }
@ -288,6 +292,9 @@ func (cm *ChannelManager) SetUnregistered(channelName string, account string) (e
entry.skeleton = skel entry.skeleton = skel
cm.chans[cfname] = entry cm.chans[cfname] = entry
} }
// #1619: if the channel has 0 members and was only being retained
// because it was registered, clean it up:
cm.maybeCleanupInternal(cfname, entry, false)
} }
return nil return nil
} }

View File

@ -59,6 +59,7 @@ type listenerConfigBlock struct {
TLS TLSListenConfig TLS TLSListenConfig
// SNI configuration, with multiple certificates: // SNI configuration, with multiple certificates:
TLSCertificates []TLSListenConfig `yaml:"tls-certificates"` TLSCertificates []TLSListenConfig `yaml:"tls-certificates"`
MinTLSVersion string `yaml:"min-tls-version"`
Proxy bool Proxy bool
Tor bool Tor bool
STSOnly bool `yaml:"sts-only"` STSOnly bool `yaml:"sts-only"`
@ -881,10 +882,29 @@ func loadTlsConfig(config listenerConfigBlock) (tlsConfig *tls.Config, err error
result := tls.Config{ result := tls.Config{
Certificates: certificates, Certificates: certificates,
ClientAuth: clientAuth, ClientAuth: clientAuth,
MinVersion: tlsMinVersionFromString(config.MinTLSVersion),
} }
return &result, nil return &result, nil
} }
func tlsMinVersionFromString(version string) uint16 {
version = strings.ToLower(version)
version = strings.TrimPrefix(version, "v")
switch version {
case "1", "1.0":
return tls.VersionTLS10
case "1.1":
return tls.VersionTLS11
case "1.2":
return tls.VersionTLS12
case "1.3":
return tls.VersionTLS13
default:
// tls package will fill in a sane value, currently 1.0
return 0
}
}
func loadCertWithLeaf(certFile, keyFile string) (cert tls.Certificate, err error) { func loadCertWithLeaf(certFile, keyFile string) (cert tls.Certificate, err error) {
// LoadX509KeyPair: "On successful return, Certificate.Leaf will be nil because // LoadX509KeyPair: "On successful return, Certificate.Leaf will be nil because
// the parsed form of the certificate is not retained." tls.Config: // the parsed form of the certificate is not retained." tls.Config:
@ -1477,11 +1497,6 @@ func LoadConfig(filename string) (config *Config, err error) {
return nil, err return nil, err
} }
err = config.prepareListeners()
if err != nil {
return nil, fmt.Errorf("failed to prepare listeners: %v", err)
}
// #1428: Tor listeners should never see STS // #1428: Tor listeners should never see STS
config.Server.supportedCapsWithoutSTS = caps.NewSet() config.Server.supportedCapsWithoutSTS = caps.NewSet()
config.Server.supportedCapsWithoutSTS.Union(config.Server.supportedCaps) config.Server.supportedCapsWithoutSTS.Union(config.Server.supportedCaps)

View File

@ -32,6 +32,9 @@ var (
// to confirm that the client actually has a valid operclass) // to confirm that the client actually has a valid operclass)
func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, oper *Oper) modes.ModeChanges { func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool, oper *Oper) modes.ModeChanges {
applied := make(modes.ModeChanges, 0) applied := make(modes.ModeChanges, 0)
// #1617: if the user is offline, they are not counted in LUSERS,
// so don't modify the LUSERS stats for +i or +o.
present := len(client.Sessions()) != 0
for _, change := range changes { for _, change := range changes {
if change.Mode != modes.ServerNotice { if change.Mode != modes.ServerNotice {
@ -42,9 +45,9 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool,
} }
if client.SetMode(change.Mode, true) { if client.SetMode(change.Mode, true) {
if change.Mode == modes.Invisible { if change.Mode == modes.Invisible && present {
client.server.stats.ChangeInvisible(1) client.server.stats.ChangeInvisible(1)
} else if change.Mode == modes.Operator { } else if change.Mode == modes.Operator && present {
client.server.stats.ChangeOperators(1) client.server.stats.ChangeOperators(1)
} }
applied = append(applied, change) applied = append(applied, change)
@ -53,11 +56,13 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool,
case modes.Remove: case modes.Remove:
var removedSnomasks string var removedSnomasks string
if client.SetMode(change.Mode, false) { if client.SetMode(change.Mode, false) {
if change.Mode == modes.Invisible { if change.Mode == modes.Invisible && present {
client.server.stats.ChangeInvisible(-1) client.server.stats.ChangeInvisible(-1)
} else if change.Mode == modes.Operator { } else if change.Mode == modes.Operator {
removedSnomasks = client.server.snomasks.String(client) removedSnomasks = client.server.snomasks.String(client)
if present {
client.server.stats.ChangeOperators(-1) client.server.stats.ChangeOperators(-1)
}
applyOper(client, nil, nil) applyOper(client, nil, nil)
if removedSnomasks != "" { if removedSnomasks != "" {
client.server.snomasks.RemoveClient(client) client.server.snomasks.RemoveClient(client)
@ -86,7 +91,7 @@ func ApplyUserModeChanges(client *Client, changes modes.ModeChanges, force bool,
if len(addMasks) != 0 { if len(addMasks) != 0 {
oper := client.Oper() oper := client.Oper()
// #1176: require special operator privileges to subscribe to snomasks // #1176: require special operator privileges to subscribe to snomasks
if oper.HasRoleCapab("snomasks") || oper.HasRoleCapab("ban") { if force || oper.HasRoleCapab("snomasks") || oper.HasRoleCapab("ban") {
success = true success = true
client.server.snomasks.AddMasks(client, addMasks...) client.server.snomasks.AddMasks(client, addMasks...)
} }

@ -1 +1 @@
Subproject commit 5e622a34d38be329aec98b3b983a239fe3e1b4b7 Subproject commit 322cb7ae26a2a94a0daec5458373319fa4e0e743

View File

@ -32,6 +32,8 @@ server:
# always send a PROXY protocol header ahead of the connection. See the # always send a PROXY protocol header ahead of the connection. See the
# manual ("Reverse proxies") for more details. # manual ("Reverse proxies") for more details.
proxy: false proxy: false
# optionally set the minimum TLS version (defaults to 1.0):
# min-tls-version: 1.2
# Example of a Unix domain socket for proxying: # Example of a Unix domain socket for proxying:
# "/tmp/oragono_sock": # "/tmp/oragono_sock":