3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-12-22 18:52:41 +01:00

PROXY: Remove command, I don't think it's that useful

This commit is contained in:
Daniel Oaks 2016-10-15 16:29:34 +10:00
parent 06028e0117
commit 43e28e2fef
8 changed files with 10 additions and 55 deletions

View File

@ -20,6 +20,7 @@ Improved compatibility, more features, etc.
### Removed ### Removed
* Removed channel persistence with the `+P` mode (not too useful as currently implemented, to be replaced later). * Removed channel persistence with the `+P` mode (not too useful as currently implemented, to be replaced later).
* Removed the `PROXY` command (breaks our TLS user mode, and our integrated support for TLS should be fine).
### Fixed ### Fixed

View File

@ -25,14 +25,6 @@ This project adheres to [Semantic Versioning](http://semver.org/). For the purpo
* client accounts and SASL * client accounts and SASL
* IRCv3 support * IRCv3 support
### What about TLS/SSL?
There is inbuilt TLS support using the Go TLS implementation. However,
[stunnel](https://www.stunnel.org/index.html) version 4.56 with haproxy's
[PROXY protocol](http://haproxy.1wt.eu/download/1.5/doc/proxy-protocol.txt)
may also be used. This will allow the server to get the client's original
addresses for hostname lookups.
## Installation ## Installation
```sh ```sh

View File

@ -126,8 +126,7 @@ func (client *Client) run() {
var line string var line string
var msg ircmsg.IrcMessage var msg ircmsg.IrcMessage
// Set the hostname for this client. The client may later send a PROXY // Set the hostname for this client
// command from stunnel that sets the hostname to something more accurate.
client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr()) client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
//TODO(dan): Make this a socketreactor from ircbnc //TODO(dan): Make this a socketreactor from ircbnc

View File

@ -146,11 +146,6 @@ var Commands = map[string]Command{
handler: privmsgHandler, handler: privmsgHandler,
minParams: 2, minParams: 2,
}, },
"PROXY": {
handler: proxyHandler,
usablePreReg: true,
minParams: 5,
},
"SANICK": { "SANICK": {
handler: sanickHandler, handler: sanickHandler,
minParams: 2, minParams: 2,

View File

@ -72,15 +72,14 @@ type Config struct {
Server struct { Server struct {
PassConfig PassConfig
Password string Password string
Name string Name string
Listen []string Listen []string
Wslisten string `yaml:"ws-listen"` Wslisten string `yaml:"ws-listen"`
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"` TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
CheckIdent bool `yaml:"check-ident"` CheckIdent bool `yaml:"check-ident"`
Log string Log string
MOTD string MOTD string
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
} }
Datastore struct { Datastore struct {

View File

@ -187,13 +187,6 @@ Replies to a PING. Used to check link connectivity.`,
text: `PRIVMSG <target>{,<target>} <text to be sent> text: `PRIVMSG <target>{,<target>} <text to be sent>
Sends the text to the given targets as a PRIVMSG.`, Sends the text to the given targets as a PRIVMSG.`,
},
"proxy": {
oper: true, // not really, but it's restricted anyways
text: `PROXY TCP4/6 <sourceip> <destip> <sourceport> <destport>
Used by haproxy's PROXY protocol, to allow for alternate TLS support:
http://www.haproxy.org/download/1.7/doc/proxy-protocol.txt`,
}, },
"sanick": { "sanick": {
oper: true, oper: true,

View File

@ -51,7 +51,6 @@ type Server struct {
passwords *PasswordManager passwords *PasswordManager
accountRegistration *AccountRegistration accountRegistration *AccountRegistration
signals chan os.Signal signals chan os.Signal
proxyAllowedFrom []string
whoWas *WhoWasList whoWas *WhoWasList
isupport *ISupportList isupport *ISupportList
checkIdent bool checkIdent bool
@ -97,7 +96,6 @@ func NewServer(config *Config) *Server {
newConns: make(chan clientConn), newConns: make(chan clientConn),
operators: config.Operators(), operators: config.Operators(),
signals: make(chan os.Signal, len(SERVER_SIGNALS)), signals: make(chan os.Signal, len(SERVER_SIGNALS)),
proxyAllowedFrom: config.Server.ProxyAllowedFrom,
whoWas: NewWhoWasList(config.Limits.WhowasEntries), whoWas: NewWhoWasList(config.Limits.WhowasEntries),
checkIdent: config.Server.CheckIdent, checkIdent: config.Server.CheckIdent,
} }
@ -416,23 +414,6 @@ func passHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
return false return false
} }
// PROXY TCP4/6 SOURCEIP DESTIP SOURCEPORT DESTPORT
// http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt
func proxyHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
clientAddress := IPString(client.socket.conn.RemoteAddr())
clientHostname := client.hostname
for _, address := range server.proxyAllowedFrom {
if clientHostname == address || clientAddress == address {
client.hostname = LookupHostname(msg.Params[1])
return false
}
}
client.Quit("PROXY command is not usable from your address")
return true
}
// USER <username> * 0 <realname> // USER <username> * 0 <realname>
func userHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool { func userHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
if client.registered { if client.registered {

View File

@ -41,11 +41,6 @@ server:
# if you change the motd, you should move it to ircd.motd # if you change the motd, you should move it to ircd.motd
motd: oragono.motd motd: oragono.motd
# addresses/hostnames the PROXY command can be used from
proxy-allowed-from:
- "localhost"
- "127.0.0.1"
# account/channel registration # account/channel registration
registration: registration:
# account registration # account registration