3
0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-14 07:59:31 +01:00

allow WEBIRC to set the TLS flag over local plaintext connections

This commit is contained in:
Shivaram Lingamneni 2018-01-31 21:07:57 -05:00
parent 09a17b32be
commit b7f66fb1de
2 changed files with 16 additions and 3 deletions

View File

@ -58,12 +58,14 @@ func webircHandler(server *Server, client *Client, msg ircmsg.IrcMessage) bool {
key = x key = x
} }
if strings.ToLower(key) == "tls" {
// only accept "tls" flag if the gateway's connection to us is secure as well // only accept "tls" flag if the gateway's connection to us is secure as well
if strings.ToLower(key) == "tls" && client.flags[TLS] { if client.flags[TLS] || utils.AddrIsLocal(client.socket.conn.RemoteAddr()) {
secure = true secure = true
} }
} }
} }
}
clientAddress := utils.IPString(client.socket.conn.RemoteAddr()) clientAddress := utils.IPString(client.socket.conn.RemoteAddr())
clientHostname := client.hostname clientHostname := client.hostname

View File

@ -25,6 +25,17 @@ func AddrLookupHostname(addr net.Addr) string {
return LookupHostname(IPString(addr)) return LookupHostname(IPString(addr))
} }
// AddrIsLocal returns whether the address is from a trusted local connection (loopback or unix).
func AddrIsLocal(addr net.Addr) bool {
if tcpaddr, ok := addr.(*net.TCPAddr); ok {
return tcpaddr.IP.IsLoopback()
}
if _, ok := addr.(*net.UnixAddr); ok {
return true
}
return false
}
// LookupHostname returns the hostname for `addr` if it has one. Otherwise, just returns `addr`. // LookupHostname returns the hostname for `addr` if it has one. Otherwise, just returns `addr`.
func LookupHostname(addr string) string { func LookupHostname(addr string) string {
names, err := net.LookupAddr(addr) names, err := net.LookupAddr(addr)