mirror of
https://github.com/ergochat/ergo.git
synced 2024-11-10 22:19:31 +01:00
PROXY: Restrict to specified addresses/hostnames
This commit is contained in:
Daniel Oaks
parent
77bf7173ff
commit
8885f14f19
@ -63,8 +63,7 @@ func (client *Client) run() {
|
|||||||
|
|
||||||
// Set the hostname for this client. The client may later send a PROXY
|
// Set the hostname for this client. The client may later send a PROXY
|
||||||
// command from stunnel that sets the hostname to something more accurate.
|
// command from stunnel that sets the hostname to something more accurate.
|
||||||
client.send(NewProxyCommand(AddrLookupHostname(
|
client.hostname = AddrLookupHostname(client.socket.conn.RemoteAddr())
|
||||||
client.socket.conn.RemoteAddr())))
|
|
||||||
|
|
||||||
for err == nil {
|
for err == nil {
|
||||||
//TODO(dan): does this read sockets correctly and split lines properly? (think that ZNC bug that kept happening with mammon)
|
//TODO(dan): does this read sockets correctly and split lines properly? (think that ZNC bug that kept happening with mammon)
|
||||||
|
|||||||
@ -46,12 +46,13 @@ type Config struct {
|
|||||||
|
|
||||||
Server struct {
|
Server struct {
|
||||||
PassConfig
|
PassConfig
|
||||||
Name string
|
Name string
|
||||||
Database string
|
Database string
|
||||||
Listen []string
|
Listen []string
|
||||||
Wslisten string
|
Wslisten string
|
||||||
Log string
|
Log string
|
||||||
MOTD string
|
MOTD string
|
||||||
|
ProxyAllowedFrom []string `yaml:"proxy-allowed-from"`
|
||||||
}
|
}
|
||||||
|
|
||||||
SSLListener map[string]*SSLListenConfig
|
SSLListener map[string]*SSLListenConfig
|
||||||
|
|||||||
@ -26,21 +26,22 @@ type RegServerCommand interface {
|
|||||||
}
|
}
|
||||||
|
|
||||||
type Server struct {
|
type Server struct {
|
||||||
channels ChannelNameMap
|
channels ChannelNameMap
|
||||||
clients *ClientLookupSet
|
clients *ClientLookupSet
|
||||||
commands chan Command
|
commands chan Command
|
||||||
ctime time.Time
|
ctime time.Time
|
||||||
db *sql.DB
|
db *sql.DB
|
||||||
idle chan *Client
|
idle chan *Client
|
||||||
motdLines []string
|
motdLines []string
|
||||||
name Name
|
name Name
|
||||||
newConns chan net.Conn
|
newConns chan net.Conn
|
||||||
operators map[Name][]byte
|
operators map[Name][]byte
|
||||||
password []byte
|
password []byte
|
||||||
signals chan os.Signal
|
signals chan os.Signal
|
||||||
whoWas *WhoWasList
|
proxyAllowedFrom []string
|
||||||
theaters map[Name][]byte
|
whoWas *WhoWasList
|
||||||
isupport *ISupportList
|
theaters map[Name][]byte
|
||||||
|
isupport *ISupportList
|
||||||
}
|
}
|
||||||
|
|
||||||
var (
|
var (
|
||||||
@ -50,18 +51,19 @@ var (
|
|||||||
|
|
||||||
func NewServer(config *Config) *Server {
|
func NewServer(config *Config) *Server {
|
||||||
server := &Server{
|
server := &Server{
|
||||||
channels: make(ChannelNameMap),
|
channels: make(ChannelNameMap),
|
||||||
clients: NewClientLookupSet(),
|
clients: NewClientLookupSet(),
|
||||||
commands: make(chan Command),
|
commands: make(chan Command),
|
||||||
ctime: time.Now(),
|
ctime: time.Now(),
|
||||||
db: OpenDB(config.Server.Database),
|
db: OpenDB(config.Server.Database),
|
||||||
idle: make(chan *Client),
|
idle: make(chan *Client),
|
||||||
name: NewName(config.Server.Name),
|
name: NewName(config.Server.Name),
|
||||||
newConns: make(chan net.Conn),
|
newConns: make(chan net.Conn),
|
||||||
operators: config.Operators(),
|
operators: config.Operators(),
|
||||||
signals: make(chan os.Signal, len(SERVER_SIGNALS)),
|
signals: make(chan os.Signal, len(SERVER_SIGNALS)),
|
||||||
whoWas: NewWhoWasList(100),
|
proxyAllowedFrom: config.Server.ProxyAllowedFrom,
|
||||||
theaters: config.Theaters(),
|
whoWas: NewWhoWasList(100),
|
||||||
|
theaters: config.Theaters(),
|
||||||
}
|
}
|
||||||
|
|
||||||
// ensure that there is a minimum number of args specified for every command
|
// ensure that there is a minimum number of args specified for every command
|
||||||
@ -369,7 +371,18 @@ func (msg *PassCommand) HandleRegServer(server *Server) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
func (msg *ProxyCommand) HandleRegServer(server *Server) {
|
func (msg *ProxyCommand) HandleRegServer(server *Server) {
|
||||||
msg.Client().hostname = msg.hostname
|
client := msg.Client()
|
||||||
|
clientAddress := IPString(client.socket.conn.RemoteAddr()).String()
|
||||||
|
clientHostname := client.hostname.String()
|
||||||
|
|
||||||
|
for _, address := range server.proxyAllowedFrom {
|
||||||
|
if clientHostname == address || clientAddress == address {
|
||||||
|
client.hostname = msg.hostname
|
||||||
|
return
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
client.Quit("PROXY command is not usable from your address")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (msg *UserCommand) HandleRegServer(server *Server) {
|
func (msg *UserCommand) HandleRegServer(server *Server) {
|
||||||
|
|||||||
@ -34,6 +34,11 @@ server:
|
|||||||
# if you change the motd, you should move it to ircd.motd
|
# if you change the motd, you should move it to ircd.motd
|
||||||
motd: oragono.motd
|
motd: oragono.motd
|
||||||
|
|
||||||
|
# addresses/hostnames the PROXY command can be used from
|
||||||
|
proxy-allowed-from:
|
||||||
|
- "localhost"
|
||||||
|
- "127.0.0.1"
|
||||||
|
|
||||||
# ssl listeners
|
# ssl listeners
|
||||||
ssllistener:
|
ssllistener:
|
||||||
# listener on ":6697"
|
# listener on ":6697"
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user