mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-14 07:59:31 +01:00
PROXY: Remove command, I don't think it's that useful
This commit is contained in:
parent
06028e0117
commit
43e28e2fef
@ -20,6 +20,7 @@ Improved compatibility, more features, etc.
|
|||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
* Removed channel persistence with the `+P` mode (not too useful as currently implemented, to be replaced later).
|
* Removed channel persistence with the `+P` mode (not too useful as currently implemented, to be replaced later).
|
||||||
|
* Removed the `PROXY` command (breaks our TLS user mode, and our integrated support for TLS should be fine).
|
||||||
|
|
||||||
### Fixed
|
### Fixed
|
||||||
|
|
||||||
|
@ -25,14 +25,6 @@ This project adheres to [Semantic Versioning](http://semver.org/). For the purpo
|
|||||||
* client accounts and SASL
|
* client accounts and SASL
|
||||||
* IRCv3 support
|
* IRCv3 support
|
||||||
|
|
||||||
### What about TLS/SSL?
|
|
||||||
|
|
||||||
There is inbuilt TLS support using the Go TLS implementation. However,
|
|
||||||
[stunnel](https://www.stunnel.org/index.html) version 4.56 with haproxy's
|
|
||||||
[PROXY protocol](http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)
|
|
||||||
may also be used. This will allow the server to get the client's original
|
|
||||||
addresses for hostname lookups.
|
|
||||||
|
|
||||||
## Installation
|
## Installation
|
||||||
|
|
||||||
```sh
|
```sh
|
||||||
|
@ -126,8 +126,7 @@ func (client *Client) run() {
|
|||||||
var line string
|
var line string
|
||||||
var msg ircmsg.IrcMessage
|
var msg ircmsg.IrcMessage
|
||||||
|
|
||||||
// Set the hostname for this client. The client may later send a PROXY
|
// Set the hostname for this client
|
||||||
// command from stunnel that sets the hostname to something more accurate.
|
|
||||||
client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
|
client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
|
||||||
|
|
||||||
//TODO(dan): Make this a socketreactor from ircbnc
|
//TODO(dan): Make this a socketreactor from ircbnc
|
||||||
|
@ -146,11 +146,6 @@ var Commands = map[string]Command{
|
|||||||
handler: privmsgHandler,
|
handler: privmsgHandler,
|
||||||
minParams: 2,
|
minParams: 2,
|
||||||
},
|
},
|
||||||
"PROXY": {
|
|
||||||
handler: proxyHandler,
|
|
||||||
usablePreReg: true,
|
|
||||||
minParams: 5,
|
|
||||||
},
|
|
||||||
"SANICK": {
|
"SANICK": {
|
||||||
handler: sanickHandler,
|
handler: sanickHandler,
|
||||||
minParams: 2,
|
minParams: 2,
|
||||||
|
@ -80,7 +80,6 @@ type Config struct {
|
|||||||
CheckIdent bool `yaml:"check-ident"`
|
CheckIdent bool `yaml:"check-ident"`
|
||||||
Log string
|
Log string
|
||||||
MOTD string
|
MOTD string
|
||||||
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
|
|
||||||
}
|
}
|
||||||
|
|
||||||
Datastore struct {
|
Datastore struct {
|
||||||
|
@ -187,13 +187,6 @@ Replies to a PING. Used to check link connectivity.`,
|
|||||||
text: `PRIVMSG <target>{,<target>} <text to be sent>
|
text: `PRIVMSG <target>{,<target>} <text to be sent>
|
||||||
|
|
||||||
Sends the text to the given targets as a PRIVMSG.`,
|
Sends the text to the given targets as a PRIVMSG.`,
|
||||||
},
|
|
||||||
"proxy": {
|
|
||||||
oper: true, // not really, but it's restricted anyways
|
|
||||||
text: `PROXY TCP4/6 <sourceip> <destip> <sourceport> <destport>
|
|
||||||
|
|
||||||
Used by haproxy's PROXY protocol, to allow for alternate TLS support:
|
|
||||||
http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt`,
|
|
||||||
},
|
},
|
||||||
"sanick": {
|
"sanick": {
|
||||||
oper: true,
|
oper: true,
|
||||||
|
@ -51,7 +51,6 @@ type Server struct {
|
|||||||
passwords *PasswordManager
|
passwords *PasswordManager
|
||||||
accountRegistration *AccountRegistration
|
accountRegistration *AccountRegistration
|
||||||
signals chan os.Signal
|
signals chan os.Signal
|
||||||
proxyAllowedFrom []string
|
|
||||||
whoWas *WhoWasList
|
whoWas *WhoWasList
|
||||||
isupport *ISupportList
|
isupport *ISupportList
|
||||||
checkIdent bool
|
checkIdent bool
|
||||||
@ -97,7 +96,6 @@ func NewServer(config *Config) *Server {
|
|||||||
newConns: make(chan clientConn),
|
newConns: make(chan clientConn),
|
||||||
operators: config.Operators(),
|
operators: config.Operators(),
|
||||||
signals: make(chan os.Signal, len(SERVER_SIGNALS)),
|
signals: make(chan os.Signal, len(SERVER_SIGNALS)),
|
||||||
proxyAllowedFrom: config.Server.ProxyAllowedFrom,
|
|
||||||
whoWas: NewWhoWasList(config.Limits.WhowasEntries),
|
whoWas: NewWhoWasList(config.Limits.WhowasEntries),
|
||||||
checkIdent: config.Server.CheckIdent,
|
checkIdent: config.Server.CheckIdent,
|
||||||
}
|
}
|
||||||
@ -416,23 +414,6 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
|||||||
return false
|
return false
|
||||||
}
|
}
|
||||||
|
|
||||||
// PROXY TCP4/6 SOURCEIP DESTIP SOURCEPORT DESTPORT
|
|
||||||
// http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
|
|
||||||
func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
|
||||||
clientAddress := IPString(client.socket.conn.RemoteAddr())
|
|
||||||
clientHostname := client.hostname
|
|
||||||
|
|
||||||
for _, address := range server.proxyAllowedFrom {
|
|
||||||
if clientHostname == address || clientAddress == address {
|
|
||||||
client.hostname = LookupHostname(msg.Params[1])
|
|
||||||
return false
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
client.Quit("PROXY command is not usable from your address")
|
|
||||||
return true
|
|
||||||
}
|
|
||||||
|
|
||||||
// USER <username> * 0 <realname>
|
// USER <username> * 0 <realname>
|
||||||
func userHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
func userHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
|
||||||
if client.registered {
|
if client.registered {
|
||||||
|
@ -41,11 +41,6 @@ server:
|
|||||||
# if you change the motd, you should move it to ircd.motd
|
# if you change the motd, you should move it to ircd.motd
|
||||||
motd: oragono.motd
|
motd: oragono.motd
|
||||||
|
|
||||||
# addresses/hostnames the PROXY command can be used from
|
|
||||||
proxy-allowed-from:
|
|
||||||
- "localhost"
|
|
||||||
- "127.0.0.1"
|
|
||||||
|
|
||||||
# account/channel registration
|
# account/channel registration
|
||||||
registration:
|
registration:
|
||||||
# account registration
|
# account registration
|
||||||
|
Loading…
Reference in New Issue
Block a user