GitHub
/
ergo
mirror of https://github.com/ergochat/ergo.git
3
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #293 from slingamn/perms 

configurable file mode for unix socket listeners
This commit is contained in:
Shivaram Lingamneni 2018-08-29 14:51:25 -04:00 committed by GitHub
parent 831969f1f0 72599ba01f
commit f0491c2254
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 25 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -1,7 +1,7 @@
language: go language: go
go: go:
- "1.10.x" - "1.11.x"
install: make deps install: make deps

6
irc/config.go
View File

@ -12,6 +12,7 @@ import (
"fmt" "fmt"
"io/ioutil" "io/ioutil"
"log" "log"
"os"
"path/filepath" "path/filepath"
"regexp" "regexp"
"strings" "strings"
@ -212,6 +213,7 @@ type Config struct {
Name string Name string
nameCasefolded string nameCasefolded string
Listen []string Listen []string
UnixBindMode os.FileMode `yaml:"unix-bind-mode"`
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"` TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
STS STSConfig STS STSConfig
CheckIdent bool `yaml:"check-ident"` CheckIdent bool `yaml:"check-ident"`
@ -240,7 +242,7 @@ type Config struct {
Accounts AccountConfig Accounts AccountConfig
Channels struct { Channels struct {
RawDefaultModes *string `yaml:"default-modes"` DefaultModes *string `yaml:"default-modes"`
defaultModes modes.Modes defaultModes modes.Modes
Registration ChannelRegistrationConfig Registration ChannelRegistrationConfig
} }
@ -697,7 +699,7 @@ func LoadConfig(filename string) (config *Config, err error) {
config.operators = opers config.operators = opers
// parse default channel modes // parse default channel modes
config.Channels.defaultModes = ParseDefaultChannelModes(config.Channels.RawDefaultModes) config.Channels.defaultModes = ParseDefaultChannelModes(config.Channels.DefaultModes)
if config.Server.Password != "" { if config.Server.Password != "" {
config.Server.passwordBytes, err = decodeLegacyPasswordHash(config.Server.Password) config.Server.passwordBytes, err = decodeLegacyPasswordHash(config.Server.Password)

2
irc/database.go
View File

@ -255,7 +255,7 @@ func schemaChangeV2ToV3(config *Config, tx *buntdb.Tx) error {
} }
// explicitly store the channel modes // explicitly store the channel modes
defaultModes := ParseDefaultChannelModes(config.Channels.RawDefaultModes) defaultModes := config.Channels.defaultModes
modeStrings := make([]string, len(defaultModes)) modeStrings := make([]string, len(defaultModes))
for i, mode := range defaultModes { for i, mode := range defaultModes {
modeStrings[i] = string(mode) modeStrings[i] = string(mode)

5
irc/handlers.go
View File

@ -2411,6 +2411,11 @@ func webircHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Re
} }
proxiedIP := msg.Params[3] proxiedIP := msg.Params[3]
// see #211; websocket gateways will wrap ipv6 addresses in square brackets
// because IRC parameters can't start with :
if strings.HasPrefix(proxiedIP, "[") && strings.HasSuffix(proxiedIP, "]") {
proxiedIP = proxiedIP[1 : len(proxiedIP)-1]
}
return client.ApplyProxiedIP(proxiedIP, secure) return client.ApplyProxiedIP(proxiedIP, secure)
} }
} }

7
irc/server.go
View File

@ -309,7 +309,7 @@ func (server *Server) checkBans(ipaddr net.IP) (banned bool, message string) {
// //
// createListener starts a given listener. // createListener starts a given listener.
func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*ListenerWrapper, error) { func (server *Server) createListener(addr string, tlsConfig *tls.Config, bindMode os.FileMode) (*ListenerWrapper, error) {
// make listener // make listener
var listener net.Listener var listener net.Listener
var err error var err error
@ -318,6 +318,9 @@ func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*Liste
// https://stackoverflow.com/a/34881585 // https://stackoverflow.com/a/34881585
os.Remove(addr) os.Remove(addr)
listener, err = net.Listen("unix", addr) listener, err = net.Listen("unix", addr)
if err == nil && bindMode != 0 {
os.Chmod(addr, bindMode)
}
} else { } else {
listener, err = net.Listen("tcp", addr) listener, err = net.Listen("tcp", addr)
} }
@ -1033,7 +1036,7 @@ func (server *Server) setupListeners(config *Config) (err error) {
if !exists { if !exists {
// make new listener // make new listener
tlsConfig := tlsListeners[newaddr] tlsConfig := tlsListeners[newaddr]
listener, listenerErr := server.createListener(newaddr, tlsConfig) listener, listenerErr := server.createListener(newaddr, tlsConfig, config.Server.UnixBindMode)
if listenerErr != nil { if listenerErr != nil {
server.logger.Error("rehash", "couldn't listen on", newaddr, listenerErr.Error()) server.logger.Error("rehash", "couldn't listen on", newaddr, listenerErr.Error())
err = listenerErr err = listenerErr

8
oragono.yaml
View File

@ -16,9 +16,15 @@ server:
- "127.0.0.1:6668" - "127.0.0.1:6668"
- "[::1]:6668" - "[::1]:6668"
- ":6697" # ssl port - ":6697" # ssl port
# unix domain socket for proxying: # Unix domain socket for proxying:
# - "/tmp/oragono_sock" # - "/tmp/oragono_sock"
# sets the permissions for Unix listen sockets. on a typical Linux system,
# the default is 0775 or 0755, which prevents other users/groups from connecting
# to the socket. With 0777, it behaves like a normal TCP socket
# where anyone can connect.
unix-bind-mode: 0777
# tls listeners # tls listeners
tls-listeners: tls-listeners:
# listener on ":6697" # listener on ":6697"