GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-25 21:39:25 +01:00
Code Issues Projects Releases Wiki Activity

review fix

Browse Source
This commit is contained in:
Shivaram Lingamneni 2020-06-04 02:03:15 -04:00
parent 61738782c0
commit 75e9476026
3 changed files with 20 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
docs/MANUAL.md
View File

@ -851,15 +851,16 @@ Oragono can emulate certain capabilities of the ZNC bouncer for the benefit of c
Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys: Oragono can be configured to call arbitrary scripts to authenticate users; see the `auth-script` section of the config. The API for these scripts is as follows: Oragono will invoke the script with a configurable set of arguments, then send it the authentication data as JSON on the first line (`\n`-terminated) of stdin. The input is a JSON-encoded dictionary with the following keys:
* `AccountName`: this is a string during passphrase-based authentication, otherwise the empty string * `accountName`: during passphrase-based authentication, this is a string, otherwise omitted
* `Passphrase`: this is a string during passphrase-based authentication, otherwise the empty string * `passphrase`: during passphrase-based authentication, this is a string, otherwise omitted
* `Certfp`: this is a string during certfp-based authentication, otherwise the empty string * `certfp`: during certfp-based authentication, this is a string, otherwise omitted
* `ip`: a string representation of the client's IP address
The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys: The script must print a single line (`\n`-terminated) to its output and exit. This line must be a JSON-encoded dictionary with the following keys:
* `Success`, a boolean indicating whether the authentication was successful * `success`, a boolean indicating whether the authentication was successful
* `AccountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value) * `accountName`, a string containing the normalized account name (in the case of passphrase-based authentication, it is permissible to return the empty string or omit the value)
* `Error`, containing a human-readable description of the authentication error to be logged if applicable * `error`, containing a human-readable description of the authentication error to be logged if applicable
Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp): Here is a toy example of an authentication script in Python that checks that the account name and the password are equal (and rejects any attempts to authenticate via certfp):
@ -870,10 +871,10 @@ import sys, json
raw_input = sys.stdin.readline() raw_input = sys.stdin.readline()
input = json.loads(b) input = json.loads(b)
account_name = input.get("AccountName") account_name = input.get("accountName")
passphrase = input.get("Passphrase") passphrase = input.get("passphrase")
success = bool(account_name) and bool(passphrase) and account_name == passphrase success = bool(account_name) and bool(passphrase) and account_name == passphrase
print(json.dumps({"Success": success}) print(json.dumps({"success": success})
``` ```
Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database. Note that after a failed script invocation, Oragono will proceed to check the credentials against its local database.

5
irc/accounts.go
View File

@ -1073,7 +1073,7 @@ func (am *AccountManager) AuthenticateByPassphrase(client *Client, accountName s
if config.Accounts.AuthScript.Enabled { if config.Accounts.AuthScript.Enabled {
var output AuthScriptOutput var output AuthScriptOutput
output, err = CheckAuthScript(config.Accounts.AuthScript, output, err = CheckAuthScript(config.Accounts.AuthScript,
AuthScriptInput{AccountName: accountName, Passphrase: passphrase}) AuthScriptInput{AccountName: accountName, Passphrase: passphrase, IP: client.IP().String()})
if err != nil { if err != nil {
am.server.logger.Error("internal", "failed shell auth invocation", err.Error()) am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
return err return err
@ -1411,7 +1411,8 @@ func (am *AccountManager) AuthenticateByCertFP(client *Client, certfp, authzid s
config := am.server.Config() config := am.server.Config()
if config.Accounts.AuthScript.Enabled { if config.Accounts.AuthScript.Enabled {
var output AuthScriptOutput var output AuthScriptOutput
output, err = CheckAuthScript(config.Accounts.AuthScript, AuthScriptInput{Certfp: certfp}) output, err = CheckAuthScript(config.Accounts.AuthScript,
AuthScriptInput{Certfp: certfp, IP: client.IP().String()})
if err != nil { if err != nil {
am.server.logger.Error("internal", "failed shell auth invocation", err.Error()) am.server.logger.Error("internal", "failed shell auth invocation", err.Error())
return err return err

13
irc/authscript.go
View File

@ -15,15 +15,16 @@ import (
// JSON-serializable input and output types for the script // JSON-serializable input and output types for the script
type AuthScriptInput struct { type AuthScriptInput struct {
AccountName string AccountName string `json:"accountName,omitempty"`
Passphrase string Passphrase string `json:"passphrase,omitempty"`
Certfp string Certfp string `json:"certfp,omitempty"`
IP string `json:"ip,omitempty"`
} }
type AuthScriptOutput struct { type AuthScriptOutput struct {
AccountName string AccountName string `json:"accountName"`
Success bool Success bool `json:"success"`
Error string Error string `json:"error"`
} }
// internal tupling of output and error for passing over a channel // internal tupling of output and error for passing over a channel