mirror of https://github.com/ergochat/ergo.git
Merge pull request #293 from slingamn/perms
configurable file mode for unix socket listeners
This commit is contained in:
Shivaram Lingamneni
GitHub
commit
f0491c2254
|
|
@ -1,7 +1,7 @@
|
|||
language: go
|
||||
|
||||
go:
|
||||
- "1.10.x"
|
||||
- "1.11.x"
|
||||
|
||||
install: make deps
|
||||
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ import (
|
|||
"fmt"
|
||||
"io/ioutil"
|
||||
"log"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
|
@ -212,6 +213,7 @@ type Config struct {
|
|||
Name string
|
||||
nameCasefolded string
|
||||
Listen []string
|
||||
UnixBindMode os.FileMode `yaml:"unix-bind-mode"`
|
||||
TLSListeners map[string]*TLSListenConfig `yaml:"tls-listeners"`
|
||||
STS STSConfig
|
||||
CheckIdent bool `yaml:"check-ident"`
|
||||
|
|
@ -240,7 +242,7 @@ type Config struct {
|
|||
Accounts AccountConfig
|
||||
|
||||
Channels struct {
|
||||
RawDefaultModes *string `yaml:"default-modes"`
|
||||
DefaultModes *string `yaml:"default-modes"`
|
||||
defaultModes modes.Modes
|
||||
Registration ChannelRegistrationConfig
|
||||
}
|
||||
|
|
@ -697,7 +699,7 @@ func LoadConfig(filename string) (config *Config, err error) {
|
|||
config.operators = opers
|
||||
|
||||
// parse default channel modes
|
||||
config.Channels.defaultModes = ParseDefaultChannelModes(config.Channels.RawDefaultModes)
|
||||
config.Channels.defaultModes = ParseDefaultChannelModes(config.Channels.DefaultModes)
|
||||
|
||||
if config.Server.Password != "" {
|
||||
config.Server.passwordBytes, err = decodeLegacyPasswordHash(config.Server.Password)
|
||||
|
|
|
|||
|
|
@ -255,7 +255,7 @@ func schemaChangeV2ToV3(config *Config, tx *buntdb.Tx) error {
|
|||
}
|
||||
|
||||
// explicitly store the channel modes
|
||||
defaultModes := ParseDefaultChannelModes(config.Channels.RawDefaultModes)
|
||||
defaultModes := config.Channels.defaultModes
|
||||
modeStrings := make([]string, len(defaultModes))
|
||||
for i, mode := range defaultModes {
|
||||
modeStrings[i] = string(mode)
|
||||
|
|
|
|||
|
|
@ -2411,6 +2411,11 @@ func webircHandler(server *Server, client *Client, msg ircmsg.IrcMessage, rb *Re
|
|||
}
|
||||
|
||||
proxiedIP := msg.Params[3]
|
||||
// see #211; websocket gateways will wrap ipv6 addresses in square brackets
|
||||
// because IRC parameters can't start with :
|
||||
if strings.HasPrefix(proxiedIP, "[") && strings.HasSuffix(proxiedIP, "]") {
|
||||
proxiedIP = proxiedIP[1 : len(proxiedIP)-1]
|
||||
}
|
||||
return client.ApplyProxiedIP(proxiedIP, secure)
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -309,7 +309,7 @@ func (server *Server) checkBans(ipaddr net.IP) (banned bool, message string) {
|
|||
//
|
||||
|
||||
// createListener starts a given listener.
|
||||
func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*ListenerWrapper, error) {
|
||||
func (server *Server) createListener(addr string, tlsConfig *tls.Config, bindMode os.FileMode) (*ListenerWrapper, error) {
|
||||
// make listener
|
||||
var listener net.Listener
|
||||
var err error
|
||||
|
|
@ -318,6 +318,9 @@ func (server *Server) createListener(addr string, tlsConfig *tls.Config) (*Liste
|
|||
// https://stackoverflow.com/a/34881585
|
||||
os.Remove(addr)
|
||||
listener, err = net.Listen("unix", addr)
|
||||
if err == nil && bindMode != 0 {
|
||||
os.Chmod(addr, bindMode)
|
||||
}
|
||||
} else {
|
||||
listener, err = net.Listen("tcp", addr)
|
||||
}
|
||||
|
|
@ -1033,7 +1036,7 @@ func (server *Server) setupListeners(config *Config) (err error) {
|
|||
if !exists {
|
||||
// make new listener
|
||||
tlsConfig := tlsListeners[newaddr]
|
||||
listener, listenerErr := server.createListener(newaddr, tlsConfig)
|
||||
listener, listenerErr := server.createListener(newaddr, tlsConfig, config.Server.UnixBindMode)
|
||||
if listenerErr != nil {
|
||||
server.logger.Error("rehash", "couldn't listen on", newaddr, listenerErr.Error())
|
||||
err = listenerErr
|
||||
|
|
|
|||
|
|
@ -16,9 +16,15 @@ server:
|
|||
- "127.0.0.1:6668"
|
||||
- "[::1]:6668"
|
||||
- ":6697" # ssl port
|
||||
# unix domain socket for proxying:
|
||||
# Unix domain socket for proxying:
|
||||
# - "/tmp/oragono_sock"
|
||||
|
||||
# sets the permissions for Unix listen sockets. on a typical Linux system,
|
||||
# the default is 0775 or 0755, which prevents other users/groups from connecting
|
||||
# to the socket. With 0777, it behaves like a normal TCP socket
|
||||
# where anyone can connect.
|
||||
unix-bind-mode: 0777
|
||||
|
||||
# tls listeners
|
||||
tls-listeners:
|
||||
# listener on ":6697"
|
||||
|
|
|
|||
Loading…
Reference in New Issue