// Copyright (c) 2012-2014 Jeremy Latt // Copyright (c) 2014-2015 Edmund Huber // Copyright (c) 2016-2017 Daniel Oaks // released under the MIT license package irc import ( "crypto/x509" "fmt" "net" "runtime/debug" "strconv" "strings" "sync" "sync/atomic" "time" "github.com/goshuirc/irc-go/ircfmt" "github.com/goshuirc/irc-go/ircmsg" ident "github.com/oragono/go-ident" "github.com/oragono/oragono/irc/caps" "github.com/oragono/oragono/irc/connection_limits" "github.com/oragono/oragono/irc/flatip" "github.com/oragono/oragono/irc/history" "github.com/oragono/oragono/irc/modes" "github.com/oragono/oragono/irc/sno" "github.com/oragono/oragono/irc/utils" ) const ( // maximum line length not including tags; don't change this for a public server MaxLineLen = 512 // IdentTimeout is how long before our ident (username) check times out. IdentTimeout = time.Second + 500*time.Millisecond IRCv3TimestampFormat = utils.IRCv3TimestampFormat // limit the number of device IDs a client can use, as a DoS mitigation maxDeviceIDsPerClient = 64 // controls how often often we write an autoreplay-missed client's // deviceid->lastseentime mapping to the database lastSeenWriteInterval = time.Hour ) const ( // RegisterTimeout is how long clients have to register before we disconnect them RegisterTimeout = time.Minute // DefaultIdleTimeout is how long without traffic before we send the client a PING DefaultIdleTimeout = time.Minute + 30*time.Second // For Tor clients, we send a PING at least every 30 seconds, as a workaround for this bug // (single-onion circuits will close unless the client sends data once every 60 seconds): // https://bugs.torproject.org/29665 TorIdleTimeout = time.Second * 30 // This is how long a client gets without sending any message, including the PONG to our // PING, before we disconnect them: DefaultTotalTimeout = 2*time.Minute + 30*time.Second // Resumeable clients (clients who have negotiated caps.Resume) get longer: ResumeableTotalTimeout = 3*time.Minute + 30*time.Second // round off the ping interval by this much, see below: PingCoalesceThreshold = time.Second ) // ResumeDetails is a place to stash data at various stages of // the resume process: when handling the RESUME command itself, // when completing the registration, and when rejoining channels. type ResumeDetails struct { PresentedToken string Timestamp time.Time HistoryIncomplete bool } // Client is an IRC client. type Client struct { account string accountName string // display name of the account: uncasefolded, '*' if not logged in accountRegDate time.Time accountSettings AccountSettings away bool autoAway bool awayMessage string brbTimer BrbTimer channels ChannelSet ctime time.Time destroyed bool modes modes.ModeSet hostname string invitedTo map[string]channelInvite isSTSOnly bool languages []string lastActive time.Time // last time they sent a command that wasn't PONG or similar lastSeen map[string]time.Time // maps device ID (including "") to time of last received command lastSeenLastWrite time.Time // last time `lastSeen` was written to the datastore loginThrottle connection_limits.GenericThrottle nextSessionID int64 // Incremented when a new session is established nick string nickCasefolded string nickMaskCasefolded string nickMaskString string // cache for nickmask string since it's used with lots of replies oper *Oper preregNick string proxiedIP net.IP // actual remote IP if using the PROXY protocol rawHostname string cloakedHostname string realname string realIP net.IP requireSASLMessage string requireSASL bool registered bool registerCmdSent bool // already sent the draft/register command, can't send it again registrationTimer *time.Timer resumeID string server *Server skeleton string sessions []*Session stateMutex sync.RWMutex // tier 1 alwaysOn bool username string vhost string history history.Buffer dirtyBits uint writerSemaphore utils.Semaphore // tier 1.5 } type saslStatus struct { mechanism string value string } func (s *saslStatus) Clear() { *s = saslStatus{} } // what stage the client is at w.r.t. the PASS command: type serverPassStatus uint const ( serverPassUnsent serverPassStatus = iota serverPassSuccessful serverPassFailed ) // Session is an individual client connection to the server (TCP connection // and associated per-connection data, such as capabilities). There is a // many-one relationship between sessions and clients. type Session struct { client *Client deviceID string ctime time.Time lastActive time.Time // last non-CTCP PRIVMSG sent; updates publicly visible idle time lastTouch time.Time // last line sent; updates timer for idle timeouts idleTimer *time.Timer pingSent bool // we sent PING to a putatively idle connection and we're waiting for PONG sessionID int64 socket *Socket realIP net.IP proxiedIP net.IP rawHostname string isTor bool hideSTS bool fakelag Fakelag deferredFakelagCount int destroyed uint32 certfp string peerCerts []*x509.Certificate sasl saslStatus passStatus serverPassStatus batchCounter uint32 quitMessage string capabilities caps.Set capState caps.State capVersion caps.Version registrationMessages int resumeID string resumeDetails *ResumeDetails zncPlaybackTimes *zncPlaybackTimes autoreplayMissedSince time.Time batch MultilineBatch } // MultilineBatch tracks the state of a client-to-server multiline batch. type MultilineBatch struct { label string // this is the first param to BATCH (the "reference tag") command string target string responseLabel string // this is the value of the labeled-response tag sent with BATCH message utils.SplitMessage lenBytes int tags map[string]string } // Starts a multiline batch, failing if there's one already open func (s *Session) StartMultilineBatch(label, target, responseLabel string, tags map[string]string) (err error) { if s.batch.label != "" { return errInvalidMultilineBatch } s.batch.label, s.batch.target, s.batch.responseLabel, s.batch.tags = label, target, responseLabel, tags s.fakelag.Suspend() return } // Closes a multiline batch unconditionally; returns the batch and whether // it was validly terminated (pass "" as the label if you don't care about the batch) func (s *Session) EndMultilineBatch(label string) (batch MultilineBatch, err error) { batch = s.batch s.batch = MultilineBatch{} s.fakelag.Unsuspend() // heuristics to estimate how much data they used while fakelag was suspended fakelagBill := (batch.lenBytes / MaxLineLen) + 1 fakelagBillLines := (batch.message.LenLines() * 60) / MaxLineLen if fakelagBill < fakelagBillLines { fakelagBill = fakelagBillLines } s.deferredFakelagCount = fakelagBill if batch.label == "" || batch.label != label || !batch.message.ValidMultiline() { err = errInvalidMultilineBatch return } batch.message.SetTime() return } // sets the session quit message, if there isn't one already func (sd *Session) SetQuitMessage(message string) (set bool) { if message == "" { message = "Connection closed" } if sd.quitMessage == "" { sd.quitMessage = message return true } else { return false } } func (s *Session) IP() net.IP { if s.proxiedIP != nil { return s.proxiedIP } return s.realIP } // returns whether the session was actively destroyed (for example, by ping // timeout or NS GHOST). // avoids a race condition between asynchronous idle-timing-out of sessions, // and a condition that allows implicit BRB on connection errors (since // destroy()'s socket.Close() appears to socket.Read() as a connection error) func (session *Session) Destroyed() bool { return atomic.LoadUint32(&session.destroyed) == 1 } // sets the timed-out flag func (session *Session) SetDestroyed() { atomic.StoreUint32(&session.destroyed, 1) } // returns whether the client supports a smart history replay cap, // and therefore autoreplay-on-join and similar should be suppressed func (session *Session) HasHistoryCaps() bool { return session.capabilities.Has(caps.Chathistory) || session.capabilities.Has(caps.ZNCPlayback) } // generates a batch ID. the uniqueness requirements for this are fairly weak: // any two batch IDs that are active concurrently (either through interleaving // or nesting) on an individual session connection need to be unique. // this allows ~4 billion such batches which should be fine. func (session *Session) generateBatchID() string { id := atomic.AddUint32(&session.batchCounter, 1) return strconv.FormatInt(int64(id), 32) } // WhoWas is the subset of client details needed to answer a WHOWAS query type WhoWas struct { nick string nickCasefolded string username string hostname string realname string } // ClientDetails is a standard set of details about a client type ClientDetails struct { WhoWas nickMask string nickMaskCasefolded string account string accountName string } // RunClient sets up a new client and runs its goroutine. func (server *Server) RunClient(conn IRCConn) { config := server.Config() wConn := conn.UnderlyingConn() var isBanned, requireSASL bool var banMsg string realIP := utils.AddrToIP(wConn.RemoteAddr()) var proxiedIP net.IP if wConn.Config.Tor { // cover up details of the tor proxying infrastructure (not a user privacy concern, // but a hardening measure): proxiedIP = utils.IPv4LoopbackAddress isBanned, banMsg = server.checkTorLimits() } else { ipToCheck := realIP if wConn.ProxiedIP != nil { proxiedIP = wConn.ProxiedIP ipToCheck = proxiedIP } // XXX only run the check script now if the IP cannot be replaced by PROXY or WEBIRC, // otherwise we'll do it in ApplyProxiedIP. checkScripts := proxiedIP != nil || !utils.IPInNets(realIP, config.Server.proxyAllowedFromNets) isBanned, requireSASL, banMsg = server.checkBans(config, ipToCheck, checkScripts) } if isBanned { // this might not show up properly on some clients, // but our objective here is just to close the connection out before it has a load impact on us conn.WriteLine([]byte(fmt.Sprintf(errorMsg, banMsg))) conn.Close() return } server.logger.Info("connect-ip", fmt.Sprintf("Client connecting: real IP %v, proxied IP %v", realIP, proxiedIP)) now := time.Now().UTC() // give them 1k of grace over the limit: socket := NewSocket(conn, config.Server.MaxSendQBytes) client := &Client{ lastActive: now, channels: make(ChannelSet), ctime: now, isSTSOnly: wConn.Config.STSOnly, languages: server.Languages().Default(), loginThrottle: connection_limits.GenericThrottle{ Duration: config.Accounts.LoginThrottling.Duration, Limit: config.Accounts.LoginThrottling.MaxAttempts, }, server: server, accountName: "*", nick: "*", // * is used until actual nick is given nickCasefolded: "*", nickMaskString: "*", // * is used until actual nick is given realIP: realIP, proxiedIP: proxiedIP, requireSASL: requireSASL, nextSessionID: 1, } if requireSASL { client.requireSASLMessage = banMsg } client.writerSemaphore.Initialize(1) client.history.Initialize(config.History.ClientLength, time.Duration(config.History.AutoresizeWindow)) client.brbTimer.Initialize(client) session := &Session{ client: client, socket: socket, capVersion: caps.Cap301, capState: caps.NoneState, ctime: now, lastActive: now, realIP: realIP, proxiedIP: proxiedIP, isTor: wConn.Config.Tor, hideSTS: wConn.Config.Tor || wConn.Config.HideSTS, } client.sessions = []*Session{session} session.resetFakelag() if wConn.Secure { client.SetMode(modes.TLS, true) } if wConn.Config.TLSConfig != nil { // error is not useful to us here anyways so we can ignore it session.certfp, session.peerCerts, _ = utils.GetCertFP(wConn.Conn, RegisterTimeout) } if session.isTor { session.rawHostname = config.Server.TorListeners.Vhost client.rawHostname = session.rawHostname } else { if config.Server.CheckIdent { client.doIdentLookup(wConn.Conn) } } client.registrationTimer = time.AfterFunc(RegisterTimeout, client.handleRegisterTimeout) server.stats.Add() client.run(session) } func (server *Server) AddAlwaysOnClient(account ClientAccount, channelToModes map[string]string, lastSeen map[string]time.Time, uModes modes.Modes, realname string) { now := time.Now().UTC() config := server.Config() if lastSeen == nil && account.Settings.AutoreplayMissed { lastSeen = map[string]time.Time{"": now} } rawHostname, cloakedHostname := server.name, "" if config.Server.Cloaks.EnabledForAlwaysOn { cloakedHostname = config.Server.Cloaks.ComputeAccountCloak(account.Name) } username := "~u" if config.Server.CoerceIdent != "" { username = config.Server.CoerceIdent } client := &Client{ lastSeen: lastSeen, lastActive: now, channels: make(ChannelSet), ctime: now, languages: server.Languages().Default(), server: server, username: username, cloakedHostname: cloakedHostname, rawHostname: rawHostname, realIP: utils.IPv4LoopbackAddress, alwaysOn: true, realname: realname, nextSessionID: 1, } client.SetMode(modes.TLS, true) for _, m := range uModes { client.SetMode(m, true) } client.writerSemaphore.Initialize(1) client.history.Initialize(0, 0) client.brbTimer.Initialize(client) server.accounts.Login(client, account) client.resizeHistory(config) _, err, _ := server.clients.SetNick(client, nil, account.Name, false) if err != nil { server.logger.Error("internal", "could not establish always-on client", account.Name, err.Error()) return } else { server.logger.Debug("accounts", "established always-on client", account.Name) } // XXX set this last to avoid confusing SetNick: client.registered = true for chname, modeStr := range channelToModes { // XXX we're using isSajoin=true, to make these joins succeed even without channel key // this is *probably* ok as long as the persisted memberships are accurate server.channels.Join(client, chname, "", true, nil) if channel := server.channels.Get(chname); channel != nil { channel.setModesForClient(client, modeStr) } else { server.logger.Error("internal", "could not create channel", chname) } } if persistenceEnabled(config.Accounts.Multiclient.AutoAway, client.accountSettings.AutoAway) { client.autoAway = true client.away = true client.awayMessage = client.t("User is currently disconnected") } } func (client *Client) resizeHistory(config *Config) { status, _ := client.historyStatus(config) if status == HistoryEphemeral { client.history.Resize(config.History.ClientLength, time.Duration(config.History.AutoresizeWindow)) } else { client.history.Resize(0, 0) } } // resolve an IP to an IRC-ready hostname, using reverse DNS, forward-confirming if necessary, // and sending appropriate notices to the client func (client *Client) lookupHostname(session *Session, overwrite bool) { if session.isTor { return } // else: even if cloaking is enabled, look up the real hostname to show to operators config := client.server.Config() ip := session.realIP if session.proxiedIP != nil { ip = session.proxiedIP } ipString := ip.String() var hostname, candidate string if config.Server.lookupHostnames { session.Notice("*** Looking up your hostname...") names, err := net.LookupAddr(ipString) if err == nil && 0 < len(names) { candidate = strings.TrimSuffix(names[0], ".") } if utils.IsHostname(candidate) { if config.Server.ForwardConfirmHostnames { addrs, err := net.LookupHost(candidate) if err == nil { for _, addr := range addrs { if addr == ipString { hostname = candidate // successful forward confirmation break } } } } else { hostname = candidate } } } if hostname != "" { session.Notice("*** Found your hostname") } else { if config.Server.lookupHostnames { session.Notice("*** Couldn't look up your hostname") } hostname = utils.IPStringToHostname(ipString) } session.rawHostname = hostname cloakedHostname := config.Server.Cloaks.ComputeCloak(ip) client.stateMutex.Lock() defer client.stateMutex.Unlock() // update the hostname if this is a new connection or a resume, but not if it's a reattach if overwrite || client.rawHostname == "" { client.rawHostname = hostname client.cloakedHostname = cloakedHostname client.updateNickMaskNoMutex() } } func (client *Client) doIdentLookup(conn net.Conn) { localTCPAddr, ok := conn.LocalAddr().(*net.TCPAddr) if !ok { return } serverPort := localTCPAddr.Port remoteTCPAddr, ok := conn.RemoteAddr().(*net.TCPAddr) if !ok { return } clientPort := remoteTCPAddr.Port client.Notice(client.t("*** Looking up your username")) resp, err := ident.Query(remoteTCPAddr.IP.String(), serverPort, clientPort, IdentTimeout) if err == nil { err := client.SetNames(resp.Identifier, "", true) if err == nil { client.Notice(client.t("*** Found your username")) // we don't need to updateNickMask here since nickMask is not used for anything yet } else { client.Notice(client.t("*** Got a malformed username, ignoring")) } } else { client.Notice(client.t("*** Could not find your username")) } } type AuthOutcome uint const ( authSuccess AuthOutcome = iota authFailPass authFailTorSaslRequired authFailSaslRequired ) func (client *Client) isAuthorized(server *Server, config *Config, session *Session, forceRequireSASL bool) AuthOutcome { saslSent := client.account != "" // PASS requirement if (config.Server.passwordBytes != nil) && session.passStatus != serverPassSuccessful && !(config.Accounts.SkipServerPassword && saslSent) { return authFailPass } // Tor connections may be required to authenticate with SASL if session.isTor && !saslSent && (config.Server.TorListeners.RequireSasl || server.Defcon() <= 4) { return authFailTorSaslRequired } // finally, enforce require-sasl if !saslSent && (forceRequireSASL || config.Accounts.RequireSasl.Enabled || server.Defcon() <= 2) && !utils.IPInNets(session.IP(), config.Accounts.RequireSasl.exemptedNets) { return authFailSaslRequired } return authSuccess } func (session *Session) resetFakelag() { var flc FakelagConfig = session.client.server.Config().Fakelag flc.Enabled = flc.Enabled && !session.client.HasRoleCapabs("nofakelag") session.fakelag.Initialize(flc) } // IP returns the IP address of this client. func (client *Client) IP() net.IP { client.stateMutex.RLock() defer client.stateMutex.RUnlock() if client.proxiedIP != nil { return client.proxiedIP } return client.realIP } // IPString returns the IP address of this client as a string. func (client *Client) IPString() string { ip := client.IP().String() if 0 < len(ip) && ip[0] == ':' { ip = "0" + ip } return ip } // t returns the translated version of the given string, based on the languages configured by the client. func (client *Client) t(originalString string) string { languageManager := client.server.Config().languageManager if !languageManager.Enabled() { return originalString } return languageManager.Translate(client.Languages(), originalString) } // main client goroutine: read lines and execute the corresponding commands // `proxyLine` is the PROXY-before-TLS line, if there was one func (client *Client) run(session *Session) { defer func() { if r := recover(); r != nil { client.server.logger.Error("internal", fmt.Sprintf("Client caused panic: %v\n%s", r, debug.Stack())) if client.server.Config().Debug.recoverFromErrors { client.server.logger.Error("internal", "Disconnecting client and attempting to recover") } else { panic(r) } } // ensure client connection gets closed client.destroy(session) }() isReattach := client.Registered() if isReattach { client.Touch(session) if session.resumeDetails != nil { session.playResume() session.resumeDetails = nil client.brbTimer.Disable() client.SetAway(false, "") // clear BRB message if any } else { client.playReattachMessages(session) } } firstLine := !isReattach for { var invalidUtf8 bool line, err := session.socket.Read() if err == errInvalidUtf8 { invalidUtf8 = true // handle as normal, including labeling } else if err != nil { quitMessage := "connection closed" if err == errReadQ { quitMessage = "readQ exceeded" } client.Quit(quitMessage, session) // since the client did not actually send us a QUIT, // give them a chance to resume if applicable: if !session.Destroyed() { client.brbTimer.Enable() } break } if client.server.logger.IsLoggingRawIO() { client.server.logger.Debug("userinput", client.nick, "<- ", line) } // special-cased handling of PROXY protocol, see `handleProxyCommand` for details: if firstLine { firstLine = false if strings.HasPrefix(line, "PROXY") { err = handleProxyCommand(client.server, client, session, line) if err != nil { break } else { continue } } } if client.registered { touches := session.deferredFakelagCount + 1 session.deferredFakelagCount = 0 for i := 0; i < touches; i++ { session.fakelag.Touch() } } else { // DoS hardening, #505 session.registrationMessages++ if client.server.Config().Limits.RegistrationMessages < session.registrationMessages { client.Send(nil, client.server.name, ERR_UNKNOWNERROR, "*", client.t("You have sent too many registration messages")) break } } msg, err := ircmsg.ParseLineStrict(line, true, MaxLineLen) if err == ircmsg.ErrorLineIsEmpty { continue } else if err == ircmsg.ErrorLineTooLong { session.Send(nil, client.server.name, ERR_INPUTTOOLONG, client.Nick(), client.t("Input line too long")) continue } else if err != nil { client.Quit(client.t("Received malformed line"), session) break } cmd, exists := Commands[msg.Command] if !exists { cmd = unknownCommand } else if invalidUtf8 { cmd = invalidUtf8Command } isExiting := cmd.Run(client.server, client, session, msg) if isExiting { break } else if session.client != client { // bouncer reattach go session.client.run(session) break } } } func (client *Client) playReattachMessages(session *Session) { client.server.playRegistrationBurst(session) hasHistoryCaps := session.HasHistoryCaps() for _, channel := range session.client.Channels() { channel.playJoinForSession(session) // clients should receive autoreplay-on-join lines, if applicable: if hasHistoryCaps { continue } // if they negotiated znc.in/playback or chathistory, they will receive nothing, // because those caps disable autoreplay-on-join and they haven't sent the relevant // *playback PRIVMSG or CHATHISTORY command yet rb := NewResponseBuffer(session) channel.autoReplayHistory(client, rb, "") rb.Send(true) } if !session.autoreplayMissedSince.IsZero() && !hasHistoryCaps { rb := NewResponseBuffer(session) zncPlayPrivmsgs(client, rb, "*", time.Now().UTC(), session.autoreplayMissedSince) rb.Send(true) } session.autoreplayMissedSince = time.Time{} } // // idle, quit, timers and timeouts // // Touch indicates that we received a line from the client (so the connection is healthy // at this time, modulo network latency and fakelag). func (client *Client) Touch(session *Session) { var markDirty bool now := time.Now().UTC() client.stateMutex.Lock() if client.accountSettings.AutoreplayMissed || session.deviceID != "" { client.setLastSeen(now, session.deviceID) if now.Sub(client.lastSeenLastWrite) > lastSeenWriteInterval { markDirty = true client.lastSeenLastWrite = now } } client.updateIdleTimer(session, now) client.stateMutex.Unlock() if markDirty { client.markDirty(IncludeLastSeen) } } func (client *Client) setLastSeen(now time.Time, deviceID string) { if client.lastSeen == nil { client.lastSeen = make(map[string]time.Time) } client.lastSeen[deviceID] = now // evict the least-recently-used entry if necessary if maxDeviceIDsPerClient < len(client.lastSeen) { var minLastSeen time.Time var minClientId string for deviceID, lastSeen := range client.lastSeen { if minLastSeen.IsZero() || lastSeen.Before(minLastSeen) { minClientId, minLastSeen = deviceID, lastSeen } } delete(client.lastSeen, minClientId) } } func (client *Client) updateIdleTimer(session *Session, now time.Time) { session.lastTouch = now session.pingSent = false if session.idleTimer == nil { pingTimeout := DefaultIdleTimeout if session.isTor { pingTimeout = TorIdleTimeout } session.idleTimer = time.AfterFunc(pingTimeout, session.handleIdleTimeout) } } func (session *Session) handleIdleTimeout() { totalTimeout := DefaultTotalTimeout if session.capabilities.Has(caps.Resume) { totalTimeout = ResumeableTotalTimeout } pingTimeout := DefaultIdleTimeout if session.isTor { pingTimeout = TorIdleTimeout } session.client.stateMutex.Lock() now := time.Now() timeUntilDestroy := session.lastTouch.Add(totalTimeout).Sub(now) timeUntilPing := session.lastTouch.Add(pingTimeout).Sub(now) shouldDestroy := session.pingSent && timeUntilDestroy <= 0 // XXX this should really be time <= 0, but let's do some hacky timer coalescing: // a typical idling client will do nothing other than respond immediately to our pings, // so we'll PING at t=0, they'll respond at t=0.05, then we'll wake up at t=90 and find // that we need to PING again at t=90.05. Rather than wake up again, just send it now: shouldSendPing := !session.pingSent && timeUntilPing <= PingCoalesceThreshold if !shouldDestroy { if shouldSendPing { session.pingSent = true } // check in again at the minimum of these 3 possible intervals: // 1. the ping timeout (assuming we PING and they reply immediately with PONG) // 2. the next time we would send PING (if they don't send any more lines) // 3. the next time we would destroy (if they don't send any more lines) nextTimeout := pingTimeout if PingCoalesceThreshold < timeUntilPing && timeUntilPing < nextTimeout { nextTimeout = timeUntilPing } if 0 < timeUntilDestroy && timeUntilDestroy < nextTimeout { nextTimeout = timeUntilDestroy } session.idleTimer.Stop() session.idleTimer.Reset(nextTimeout) } session.client.stateMutex.Unlock() if shouldDestroy { session.client.Quit(fmt.Sprintf("Ping timeout: %v", totalTimeout), session) session.client.destroy(session) } else if shouldSendPing { session.Ping() } } func (session *Session) stopIdleTimer() { session.client.stateMutex.Lock() defer session.client.stateMutex.Unlock() if session.idleTimer != nil { session.idleTimer.Stop() } } // Ping sends the client a PING message. func (session *Session) Ping() { session.Send(nil, "", "PING", session.client.Nick()) } // tryResume tries to resume if the client asked us to. func (session *Session) tryResume() (success bool) { var oldResumeID string defer func() { if success { // "On a successful request, the server [...] terminates the old client's connection" oldSession := session.client.GetSessionByResumeID(oldResumeID) if oldSession != nil { session.client.destroy(oldSession) } } else { session.resumeDetails = nil } }() client := session.client server := client.server config := server.Config() oldClient, oldResumeID := server.resumeManager.VerifyToken(client, session.resumeDetails.PresentedToken) if oldClient == nil { session.Send(nil, server.name, "FAIL", "RESUME", "INVALID_TOKEN", client.t("Cannot resume connection, token is not valid")) return } resumeAllowed := config.Server.AllowPlaintextResume || (oldClient.HasMode(modes.TLS) && client.HasMode(modes.TLS)) if !resumeAllowed { session.Send(nil, server.name, "FAIL", "RESUME", "INSECURE_SESSION", client.t("Cannot resume connection, old and new clients must have TLS")) return } err := server.clients.Resume(oldClient, session) if err != nil { session.Send(nil, server.name, "FAIL", "RESUME", "CANNOT_RESUME", client.t("Cannot resume connection")) return } success = true client.server.logger.Debug("quit", fmt.Sprintf("%s is being resumed", oldClient.Nick())) return } // playResume is called from the session's fresh goroutine after a resume; // it sends notifications to friends, then plays the registration burst and replays // stored history to the session func (session *Session) playResume() { client := session.client server := client.server config := server.Config() friends := make(ClientSet) var oldestLostMessage time.Time // work out how much time, if any, is not covered by history buffers // assume that a persistent buffer covers the whole resume period for _, channel := range client.Channels() { for _, member := range channel.auditoriumFriends(client) { friends.Add(member) } status, _ := channel.historyStatus(config) if status == HistoryEphemeral { lastDiscarded := channel.history.LastDiscarded() if oldestLostMessage.Before(lastDiscarded) { oldestLostMessage = lastDiscarded } } } cHistoryStatus, _ := client.historyStatus(config) if cHistoryStatus == HistoryEphemeral { lastDiscarded := client.history.LastDiscarded() if oldestLostMessage.Before(lastDiscarded) { oldestLostMessage = lastDiscarded } } _, privmsgSeq, _ := server.GetHistorySequence(nil, client, "*") if privmsgSeq != nil { privmsgs, _, _ := privmsgSeq.Between(history.Selector{}, history.Selector{}, config.History.ClientLength) for _, item := range privmsgs { sender := server.clients.Get(stripMaskFromNick(item.Nick)) if sender != nil { friends.Add(sender) } } } timestamp := session.resumeDetails.Timestamp gap := oldestLostMessage.Sub(timestamp) session.resumeDetails.HistoryIncomplete = gap > 0 || timestamp.IsZero() gapSeconds := int(gap.Seconds()) + 1 // round up to avoid confusion details := client.Details() oldNickmask := details.nickMask client.lookupHostname(session, true) hostname := client.Hostname() // may be a vhost timestampString := timestamp.Format(IRCv3TimestampFormat) // send quit/resume messages to friends for friend := range friends { if friend == client { continue } for _, fSession := range friend.Sessions() { if fSession.capabilities.Has(caps.Resume) { if !session.resumeDetails.HistoryIncomplete { fSession.Send(nil, oldNickmask, "RESUMED", hostname, "ok") } else if session.resumeDetails.HistoryIncomplete && !timestamp.IsZero() { fSession.Send(nil, oldNickmask, "RESUMED", hostname, timestampString) } else { fSession.Send(nil, oldNickmask, "RESUMED", hostname) } } else { if !session.resumeDetails.HistoryIncomplete { fSession.Send(nil, oldNickmask, "QUIT", friend.t("Client reconnected")) } else if session.resumeDetails.HistoryIncomplete && !timestamp.IsZero() { fSession.Send(nil, oldNickmask, "QUIT", fmt.Sprintf(friend.t("Client reconnected (up to %d seconds of message history lost)"), gapSeconds)) } else { fSession.Send(nil, oldNickmask, "QUIT", friend.t("Client reconnected (message history may have been lost)")) } } } } if session.resumeDetails.HistoryIncomplete { if !timestamp.IsZero() { session.Send(nil, client.server.name, "WARN", "RESUME", "HISTORY_LOST", fmt.Sprintf(client.t("Resume may have lost up to %d seconds of history"), gapSeconds)) } else { session.Send(nil, client.server.name, "WARN", "RESUME", "HISTORY_LOST", client.t("Resume may have lost some message history")) } } session.Send(nil, client.server.name, "RESUME", "SUCCESS", details.nick) server.playRegistrationBurst(session) for _, channel := range client.Channels() { channel.Resume(session, timestamp) } // replay direct PRIVSMG history if !timestamp.IsZero() && privmsgSeq != nil { after := history.Selector{Time: timestamp} items, complete, _ := privmsgSeq.Between(after, history.Selector{}, config.History.ZNCMax) if len(items) != 0 { rb := NewResponseBuffer(session) client.replayPrivmsgHistory(rb, items, "", complete) rb.Send(true) } } session.resumeDetails = nil } func (client *Client) replayPrivmsgHistory(rb *ResponseBuffer, items []history.Item, target string, complete bool) { var batchID string details := client.Details() nick := details.nick if target == "" { target = nick } batchID = rb.StartNestedHistoryBatch(target) hasEventPlayback := rb.session.capabilities.Has(caps.EventPlayback) hasTags := rb.session.capabilities.Has(caps.MessageTags) for _, item := range items { var command string switch item.Type { case history.Invite: if hasEventPlayback { rb.AddFromClient(item.Message.Time, item.Message.Msgid, item.Nick, item.AccountName, nil, "INVITE", item.Params[0]) } else { rb.AddFromClient(item.Message.Time, utils.MungeSecretToken(item.Message.Msgid), histservService.prefix, "*", nil, "PRIVMSG", fmt.Sprintf(client.t("%[1]s invited you to channel %[2]s"), stripMaskFromNick(item.Nick), item.Params[0])) } continue case history.Privmsg: command = "PRIVMSG" case history.Notice: command = "NOTICE" case history.Tagmsg: if hasEventPlayback && hasTags { command = "TAGMSG" } else { continue } default: continue } var tags map[string]string if hasTags { tags = item.Tags } // XXX: Params[0] is the message target. if the source of this message is an in-memory // buffer, then it's "" for an incoming message and the recipient's nick for an outgoing // message. if the source of the message is mysql, then mysql only sees one copy of the // message, and it's the version with the recipient's nick filled in. so this is an // incoming message if Params[0] (the recipient's nick) equals the client's nick: if item.Params[0] == "" || item.Params[0] == nick { rb.AddSplitMessageFromClient(item.Nick, item.AccountName, tags, command, nick, item.Message) } else { // this message was sent *from* the client to another nick; the target is item.Params[0] // substitute client's current nickmask in case client changed nick rb.AddSplitMessageFromClient(details.nickMask, item.AccountName, tags, command, item.Params[0], item.Message) } } rb.EndNestedBatch(batchID) if !complete { rb.Add(nil, histservService.prefix, "NOTICE", nick, client.t("Some additional message history may have been lost")) } } // IdleTime returns how long this client's been idle. func (client *Client) IdleTime() time.Duration { client.stateMutex.RLock() defer client.stateMutex.RUnlock() return time.Since(client.lastActive) } // SignonTime returns this client's signon time as a unix timestamp. func (client *Client) SignonTime() int64 { return client.ctime.Unix() } // IdleSeconds returns the number of seconds this client's been idle. func (client *Client) IdleSeconds() uint64 { return uint64(client.IdleTime().Seconds()) } // SetNames sets the client's ident and realname. func (client *Client) SetNames(username, realname string, fromIdent bool) error { config := client.server.Config() limit := config.Limits.IdentLen if !fromIdent { limit -= 1 // leave room for the prepended ~ } if limit < len(username) { username = username[:limit] } if !isIdent(username) { return errInvalidUsername } if config.Server.CoerceIdent != "" { username = config.Server.CoerceIdent } else if !fromIdent { username = "~" + username } client.stateMutex.Lock() defer client.stateMutex.Unlock() if client.username == "" { client.username = username } if client.realname == "" { client.realname = realname } return nil } // HasRoleCapabs returns true if client has the given (role) capabilities. func (client *Client) HasRoleCapabs(capabs ...string) bool { oper := client.Oper() if oper == nil { return false } for _, capab := range capabs { if !oper.Class.Capabilities.Has(capab) { return false } } return true } // ModeString returns the mode string for this client. func (client *Client) ModeString() (str string) { return "+" + client.modes.String() } // Friends refers to clients that share a channel with this client. func (client *Client) Friends(capabs ...caps.Capability) (result map[*Session]empty) { result = make(map[*Session]empty) // look at the client's own sessions addFriendsToSet(result, client, capabs...) for _, channel := range client.Channels() { for _, member := range channel.auditoriumFriends(client) { addFriendsToSet(result, member, capabs...) } } return } // helper for Friends func addFriendsToSet(set map[*Session]empty, client *Client, capabs ...caps.Capability) { client.stateMutex.RLock() defer client.stateMutex.RUnlock() for _, session := range client.sessions { if session.capabilities.HasAll(capabs...) { set[session] = empty{} } } } func (client *Client) SetOper(oper *Oper) { client.stateMutex.Lock() defer client.stateMutex.Unlock() client.oper = oper // operators typically get a vhost, update the nickmask client.updateNickMaskNoMutex() } // XXX: CHGHOST requires prefix nickmask to have original hostname, // this is annoying to do correctly func (client *Client) sendChghost(oldNickMask string, vhost string) { details := client.Details() for fClient := range client.Friends(caps.ChgHost) { fClient.sendFromClientInternal(false, time.Time{}, "", oldNickMask, details.accountName, nil, "CHGHOST", details.username, vhost) } } // choose the correct vhost to display func (client *Client) getVHostNoMutex() string { // hostserv vhost OR operclass vhost OR nothing (i.e., normal rdns hostmask) if client.vhost != "" { return client.vhost } else if client.oper != nil && !client.oper.Hidden { return client.oper.Vhost } else { return "" } } // SetVHost updates the client's hostserv-based vhost func (client *Client) SetVHost(vhost string) (updated bool) { client.stateMutex.Lock() defer client.stateMutex.Unlock() updated = (client.vhost != vhost) client.vhost = vhost if updated { client.updateNickMaskNoMutex() } return } // SetNick gives the client a nickname and marks it as registered, if necessary func (client *Client) SetNick(nick, nickCasefolded, skeleton string) (success bool) { client.stateMutex.Lock() defer client.stateMutex.Unlock() if client.destroyed { return false } else if !client.registered { // XXX test this before setting it to avoid annoying the race detector client.registered = true if client.registrationTimer != nil { client.registrationTimer.Stop() client.registrationTimer = nil } } client.nick = nick client.nickCasefolded = nickCasefolded client.skeleton = skeleton client.updateNickMaskNoMutex() return true } // updateNickMaskNoMutex updates the casefolded nickname and nickmask, not acquiring any mutexes. func (client *Client) updateNickMaskNoMutex() { if client.nick == "*" { return // pre-registration, don't bother generating the hostname } client.hostname = client.getVHostNoMutex() if client.hostname == "" { client.hostname = client.cloakedHostname if client.hostname == "" { client.hostname = client.rawHostname } } cfhostname := strings.ToLower(client.hostname) client.nickMaskString = fmt.Sprintf("%s!%s@%s", client.nick, client.username, client.hostname) client.nickMaskCasefolded = fmt.Sprintf("%s!%s@%s", client.nickCasefolded, strings.ToLower(client.username), cfhostname) } // AllNickmasks returns all the possible nickmasks for the client. func (client *Client) AllNickmasks() (masks []string) { client.stateMutex.RLock() nick := client.nickCasefolded username := client.username rawHostname := client.rawHostname cloakedHostname := client.cloakedHostname vhost := client.getVHostNoMutex() client.stateMutex.RUnlock() username = strings.ToLower(username) if len(vhost) > 0 { cfvhost := strings.ToLower(vhost) masks = append(masks, fmt.Sprintf("%s!%s@%s", nick, username, cfvhost)) } var rawhostmask string cfrawhost := strings.ToLower(rawHostname) rawhostmask = fmt.Sprintf("%s!%s@%s", nick, username, cfrawhost) masks = append(masks, rawhostmask) if cloakedHostname != "" { masks = append(masks, fmt.Sprintf("%s!%s@%s", nick, username, cloakedHostname)) } ipmask := fmt.Sprintf("%s!%s@%s", nick, username, client.IPString()) if ipmask != rawhostmask { masks = append(masks, ipmask) } return } // LoggedIntoAccount returns true if this client is logged into an account. func (client *Client) LoggedIntoAccount() bool { return client.Account() != "" } // Quit sets the given quit message for the client. // (You must ensure separately that destroy() is called, e.g., by returning `true` from // the command handler or calling it yourself.) func (client *Client) Quit(message string, session *Session) { setFinalData := func(sess *Session) { message := sess.quitMessage var finalData []byte // #364: don't send QUIT lines to unregistered clients if client.registered { quitMsg := ircmsg.MakeMessage(nil, client.nickMaskString, "QUIT", message) finalData, _ = quitMsg.LineBytesStrict(false, MaxLineLen) } errorMsg := ircmsg.MakeMessage(nil, "", "ERROR", message) errorMsgBytes, _ := errorMsg.LineBytesStrict(false, MaxLineLen) finalData = append(finalData, errorMsgBytes...) sess.socket.SetFinalData(finalData) } client.stateMutex.Lock() defer client.stateMutex.Unlock() var sessions []*Session if session != nil { sessions = []*Session{session} } else { sessions = client.sessions } for _, session := range sessions { if session.SetQuitMessage(message) { setFinalData(session) } } } // destroy gets rid of a client, removes them from server lists etc. // if `session` is nil, destroys the client unconditionally, removing all sessions; // otherwise, destroys one specific session, only destroying the client if it // has no more sessions. func (client *Client) destroy(session *Session) { config := client.server.Config() var sessionsToDestroy []*Session var saveLastSeen bool client.stateMutex.Lock() details := client.detailsNoMutex() brbState := client.brbTimer.state brbAt := client.brbTimer.brbAt wasReattach := session != nil && session.client != client sessionRemoved := false registered := client.registered // XXX a temporary (reattaching) client can be marked alwaysOn when it logs in, // but then the session attaches to another client and we need to clean it up here alwaysOn := registered && client.alwaysOn var remainingSessions int if session == nil { sessionsToDestroy = client.sessions client.sessions = nil remainingSessions = 0 } else { sessionRemoved, remainingSessions = client.removeSession(session) if sessionRemoved { sessionsToDestroy = []*Session{session} } } // save last seen if applicable: if alwaysOn { if client.accountSettings.AutoreplayMissed { saveLastSeen = true } else { for _, session := range sessionsToDestroy { if session.deviceID != "" { saveLastSeen = true break } } } } // should we destroy the whole client this time? // BRB is not respected if this is a destroy of the whole client (i.e., session == nil) brbEligible := session != nil && brbState == BrbEnabled shouldDestroy := !client.destroyed && remainingSessions == 0 && !brbEligible && !alwaysOn // decrement stats on a true destroy, or for the removal of the last connected session // of an always-on client shouldDecrement := shouldDestroy || (alwaysOn && len(sessionsToDestroy) != 0 && len(client.sessions) == 0) if shouldDestroy { // if it's our job to destroy it, don't let anyone else try client.destroyed = true } if saveLastSeen { client.dirtyBits |= IncludeLastSeen } autoAway := false var awayMessage string if alwaysOn && !client.away && remainingSessions == 0 && persistenceEnabled(config.Accounts.Multiclient.AutoAway, client.accountSettings.AutoAway) { autoAway = true client.autoAway = true client.away = true awayMessage = config.languageManager.Translate(client.languages, `User is currently disconnected`) client.awayMessage = awayMessage } if client.registrationTimer != nil { // unconditionally stop; if the client is still unregistered it must be destroyed client.registrationTimer.Stop() } client.stateMutex.Unlock() // XXX there is no particular reason to persist this state here rather than // any other place: it would be correct to persist it after every `Touch`. However, // I'm not comfortable introducing that many database writes, and I don't want to // design a throttle. if saveLastSeen { client.wakeWriter() } // destroy all applicable sessions: var quitMessage string for _, session := range sessionsToDestroy { if session.client != client { // session has been attached to a new client; do not destroy it continue } session.stopIdleTimer() // send quit/error message to client if they haven't been sent already client.Quit("", session) quitMessage = session.quitMessage session.SetDestroyed() session.socket.Close() // clean up monitor state client.server.monitorManager.RemoveAll(session) // remove from connection limits var source string if session.isTor { client.server.torLimiter.RemoveClient() source = "tor" } else { ip := session.realIP if session.proxiedIP != nil { ip = session.proxiedIP } client.server.connectionLimiter.RemoveClient(flatip.FromNetIP(ip)) source = ip.String() } client.server.logger.Info("connect-ip", fmt.Sprintf("disconnecting session of %s from %s", details.nick, source)) } // decrement stats if we have no more sessions, even if the client will not be destroyed if shouldDecrement { invisible := client.HasMode(modes.Invisible) operator := client.HasMode(modes.LocalOperator) || client.HasMode(modes.Operator) client.server.stats.Remove(registered, invisible, operator) } if autoAway { dispatchAwayNotify(client, true, awayMessage) } if !shouldDestroy { return } splitQuitMessage := utils.MakeMessage(quitMessage) quitItem := history.Item{ Type: history.Quit, Nick: details.nickMask, AccountName: details.accountName, Message: splitQuitMessage, } var channels []*Channel // use a defer here to avoid writing to mysql while holding the destroy semaphore: defer func() { for _, channel := range channels { channel.AddHistoryItem(quitItem, details.account) } }() // see #235: deduplicating the list of PART recipients uses (comparatively speaking) // a lot of RAM, so limit concurrency to avoid thrashing client.server.semaphores.ClientDestroy.Acquire() defer client.server.semaphores.ClientDestroy.Release() if !wasReattach { client.server.logger.Debug("quit", fmt.Sprintf("%s is no longer on the server", details.nick)) } if registered { client.server.whoWas.Append(client.WhoWas()) } client.server.resumeManager.Delete(client) // alert monitors if registered { client.server.monitorManager.AlertAbout(details.nick, details.nickCasefolded, false) } // clean up channels // (note that if this is a reattach, client has no channels and therefore no friends) friends := make(ClientSet) channels = client.Channels() for _, channel := range channels { for _, member := range channel.auditoriumFriends(client) { friends.Add(member) } channel.Quit(client) } friends.Remove(client) // clean up server client.server.clients.Remove(client) // clean up self client.brbTimer.Disable() client.server.accounts.Logout(client) // this happens under failure to return from BRB if quitMessage == "" { if brbState == BrbDead && !brbAt.IsZero() { awayMessage := client.AwayMessage() if awayMessage == "" { awayMessage = "Disconnected" // auto-BRB } quitMessage = fmt.Sprintf("%s [%s ago]", awayMessage, time.Since(brbAt).Truncate(time.Second).String()) } } if quitMessage == "" { quitMessage = "Exited" } var cache MessageCache cache.Initialize(client.server, splitQuitMessage.Time, splitQuitMessage.Msgid, details.nickMask, details.accountName, nil, "QUIT", quitMessage) for friend := range friends { for _, session := range friend.Sessions() { cache.Send(session) } } if registered { client.server.snomasks.Send(sno.LocalQuits, fmt.Sprintf(ircfmt.Unescape("%s$r exited the network"), details.nick)) } } // SendSplitMsgFromClient sends an IRC PRIVMSG/NOTICE coming from a specific client. // Adds account-tag to the line as well. func (session *Session) sendSplitMsgFromClientInternal(blocking bool, nickmask, accountName string, tags map[string]string, command, target string, message utils.SplitMessage) { if message.Is512() { session.sendFromClientInternal(blocking, message.Time, message.Msgid, nickmask, accountName, tags, command, target, message.Message) } else { if session.capabilities.Has(caps.Multiline) { for _, msg := range composeMultilineBatch(session.generateBatchID(), nickmask, accountName, tags, command, target, message) { session.SendRawMessage(msg, blocking) } } else { msgidSent := false // send msgid on the first nonblank line for _, messagePair := range message.Split { if len(messagePair.Message) == 0 { continue } var msgid string if !msgidSent { msgidSent = true msgid = message.Msgid } session.sendFromClientInternal(blocking, message.Time, msgid, nickmask, accountName, tags, command, target, messagePair.Message) } } } } // Sends a line with `nickmask` as the prefix, adding `time` and `account` tags if supported func (client *Client) sendFromClientInternal(blocking bool, serverTime time.Time, msgid string, nickmask, accountName string, tags map[string]string, command string, params ...string) (err error) { for _, session := range client.Sessions() { err_ := session.sendFromClientInternal(blocking, serverTime, msgid, nickmask, accountName, tags, command, params...) if err_ != nil { err = err_ } } return } func (session *Session) sendFromClientInternal(blocking bool, serverTime time.Time, msgid string, nickmask, accountName string, tags map[string]string, command string, params ...string) (err error) { msg := ircmsg.MakeMessage(tags, nickmask, command, params...) // attach account-tag if session.capabilities.Has(caps.AccountTag) && accountName != "*" { msg.SetTag("account", accountName) } // attach message-id if msgid != "" && session.capabilities.Has(caps.MessageTags) { msg.SetTag("msgid", msgid) } // attach server-time session.setTimeTag(&msg, serverTime) return session.SendRawMessage(msg, blocking) } func composeMultilineBatch(batchID, fromNickMask, fromAccount string, tags map[string]string, command, target string, message utils.SplitMessage) (result []ircmsg.IrcMessage) { batchStart := ircmsg.MakeMessage(tags, fromNickMask, "BATCH", "+"+batchID, caps.MultilineBatchType, target) batchStart.SetTag("time", message.Time.Format(IRCv3TimestampFormat)) batchStart.SetTag("msgid", message.Msgid) if fromAccount != "*" { batchStart.SetTag("account", fromAccount) } result = append(result, batchStart) for _, msg := range message.Split { message := ircmsg.MakeMessage(nil, fromNickMask, command, target, msg.Message) message.SetTag("batch", batchID) if msg.Concat { message.SetTag(caps.MultilineConcatTag, "") } result = append(result, message) } result = append(result, ircmsg.MakeMessage(nil, fromNickMask, "BATCH", "-"+batchID)) return } var ( // these are all the output commands that MUST have their last param be a trailing. // this is needed because dumb clients like to treat trailing params separately from the // other params in messages. commandsThatMustUseTrailing = map[string]bool{ "PRIVMSG": true, "NOTICE": true, RPL_WHOISCHANNELS: true, RPL_USERHOST: true, // mirc's handling of RPL_NAMREPLY is broken: // https://forums.mirc.com/ubbthreads.php/topics/266939/re-nick-list RPL_NAMREPLY: true, } ) // SendRawMessage sends a raw message to the client. func (session *Session) SendRawMessage(message ircmsg.IrcMessage, blocking bool) error { // use dumb hack to force the last param to be a trailing param if required config := session.client.server.Config() if config.Server.Compatibility.forceTrailing && commandsThatMustUseTrailing[message.Command] { message.ForceTrailing() } // assemble message line, err := message.LineBytesStrict(false, MaxLineLen) if err != nil { errorParams := []string{"Error assembling message for sending", err.Error(), message.Command} errorParams = append(errorParams, message.Params...) session.client.server.logger.Error("internal", errorParams...) message = ircmsg.MakeMessage(nil, session.client.server.name, ERR_UNKNOWNERROR, "*", "Error assembling message for sending") line, _ := message.LineBytesStrict(false, 0) if blocking { session.socket.BlockingWrite(line) } else { session.socket.Write(line) } return err } return session.sendBytes(line, blocking) } func (session *Session) sendBytes(line []byte, blocking bool) (err error) { if session.client.server.logger.IsLoggingRawIO() { logline := string(line[:len(line)-2]) // strip "\r\n" session.client.server.logger.Debug("useroutput", session.client.Nick(), " ->", logline) } if blocking { err = session.socket.BlockingWrite(line) } else { err = session.socket.Write(line) } if err != nil { session.client.server.logger.Info("quit", "send error to client", fmt.Sprintf("%s [%d]", session.client.Nick(), session.sessionID), err.Error()) } return err } // Send sends an IRC line to the client. func (client *Client) Send(tags map[string]string, prefix string, command string, params ...string) (err error) { for _, session := range client.Sessions() { err_ := session.Send(tags, prefix, command, params...) if err_ != nil { err = err_ } } return } func (session *Session) Send(tags map[string]string, prefix string, command string, params ...string) (err error) { msg := ircmsg.MakeMessage(tags, prefix, command, params...) session.setTimeTag(&msg, time.Time{}) return session.SendRawMessage(msg, false) } func (session *Session) setTimeTag(msg *ircmsg.IrcMessage, serverTime time.Time) { if session.capabilities.Has(caps.ServerTime) && !msg.HasTag("time") { if serverTime.IsZero() { serverTime = time.Now() } msg.SetTag("time", serverTime.UTC().Format(IRCv3TimestampFormat)) } } // Notice sends the client a notice from the server. func (client *Client) Notice(text string) { client.Send(nil, client.server.name, "NOTICE", client.Nick(), text) } func (session *Session) Notice(text string) { session.Send(nil, session.client.server.name, "NOTICE", session.client.Nick(), text) } // `simulated` is for the fake join of an always-on client // (we just read the channel name from the database, there's no need to write it back) func (client *Client) addChannel(channel *Channel, simulated bool) (err error) { config := client.server.Config() client.stateMutex.Lock() alwaysOn := client.alwaysOn if client.destroyed { err = errClientDestroyed } else if client.oper == nil && len(client.channels) >= config.Channels.MaxChannelsPerClient { err = errTooManyChannels } else { client.channels[channel] = empty{} // success } client.stateMutex.Unlock() if err == nil && alwaysOn && !simulated { client.markDirty(IncludeChannels) } return } func (client *Client) removeChannel(channel *Channel) { client.stateMutex.Lock() delete(client.channels, channel) alwaysOn := client.alwaysOn client.stateMutex.Unlock() if alwaysOn { client.markDirty(IncludeChannels) } } type channelInvite struct { channelCreatedAt time.Time invitedAt time.Time } // Records that the client has been invited to join an invite-only channel func (client *Client) Invite(casefoldedChannel string, channelCreatedAt time.Time) { now := time.Now().UTC() client.stateMutex.Lock() defer client.stateMutex.Unlock() if client.invitedTo == nil { client.invitedTo = make(map[string]channelInvite) } client.invitedTo[casefoldedChannel] = channelInvite{ channelCreatedAt: channelCreatedAt, invitedAt: now, } return } func (client *Client) Uninvite(casefoldedChannel string) { client.stateMutex.Lock() defer client.stateMutex.Unlock() delete(client.invitedTo, casefoldedChannel) } // Checks that the client was invited to join a given channel func (client *Client) CheckInvited(casefoldedChannel string, createdTime time.Time) (invited bool) { config := client.server.Config() expTime := time.Duration(config.Channels.InviteExpiration) now := time.Now().UTC() client.stateMutex.Lock() defer client.stateMutex.Unlock() curInvite, ok := client.invitedTo[casefoldedChannel] if ok { // joining an invited channel "uses up" your invite, so you can't rejoin on kick delete(client.invitedTo, casefoldedChannel) } invited = ok && (expTime == time.Duration(0) || now.Sub(curInvite.invitedAt) < expTime) && createdTime.Equal(curInvite.channelCreatedAt) return } // Implements auto-oper by certfp (scans for an auto-eligible operator block that matches // the client's cert, then applies it). func (client *Client) attemptAutoOper(session *Session) { if session.certfp == "" || client.HasMode(modes.Operator) { return } for _, oper := range client.server.Config().operators { if oper.Auto && oper.Pass == nil && oper.Certfp != "" && oper.Certfp == session.certfp { rb := NewResponseBuffer(session) applyOper(client, oper, rb) rb.Send(true) return } } } func (client *Client) checkLoginThrottle() (throttled bool, remainingTime time.Duration) { client.stateMutex.Lock() defer client.stateMutex.Unlock() return client.loginThrottle.Touch() } func (client *Client) historyStatus(config *Config) (status HistoryStatus, target string) { if !config.History.Enabled { return HistoryDisabled, "" } client.stateMutex.RLock() target = client.account historyStatus := client.accountSettings.DMHistory client.stateMutex.RUnlock() if target == "" { return HistoryEphemeral, "" } status = historyEnabled(config.History.Persistent.DirectMessages, historyStatus) if status != HistoryPersistent { target = "" } return } func (client *Client) addHistoryItem(target *Client, item history.Item, details, tDetails *ClientDetails, config *Config) (err error) { if !itemIsStorable(&item, config) { return } item.Nick = details.nickMask item.AccountName = details.accountName targetedItem := item targetedItem.Params[0] = tDetails.nick cStatus, _ := client.historyStatus(config) tStatus, _ := target.historyStatus(config) // add to ephemeral history if cStatus == HistoryEphemeral { targetedItem.CfCorrespondent = tDetails.nickCasefolded client.history.Add(targetedItem) } if tStatus == HistoryEphemeral && client != target { item.CfCorrespondent = details.nickCasefolded target.history.Add(item) } if cStatus == HistoryPersistent || tStatus == HistoryPersistent { targetedItem.CfCorrespondent = "" client.server.historyDB.AddDirectMessage(details.nickCasefolded, details.account, tDetails.nickCasefolded, tDetails.account, targetedItem) } return nil } func (client *Client) handleRegisterTimeout() { client.Quit(fmt.Sprintf("Registration timeout: %v", RegisterTimeout), nil) client.destroy(nil) } func (client *Client) copyLastSeen() (result map[string]time.Time) { client.stateMutex.RLock() defer client.stateMutex.RUnlock() result = make(map[string]time.Time, len(client.lastSeen)) for id, lastSeen := range client.lastSeen { result[id] = lastSeen } return } // these are bit flags indicating what part of the client status is "dirty" // and needs to be read from memory and written to the db const ( IncludeChannels uint = 1 << iota IncludeLastSeen IncludeUserModes IncludeRealname ) func (client *Client) markDirty(dirtyBits uint) { client.stateMutex.Lock() alwaysOn := client.alwaysOn client.dirtyBits = client.dirtyBits | dirtyBits client.stateMutex.Unlock() if alwaysOn { client.wakeWriter() } } func (client *Client) wakeWriter() { if client.writerSemaphore.TryAcquire() { go client.writeLoop() } } func (client *Client) writeLoop() { for { client.performWrite(0) client.writerSemaphore.Release() client.stateMutex.RLock() isDirty := client.dirtyBits != 0 client.stateMutex.RUnlock() if !isDirty || !client.writerSemaphore.TryAcquire() { return } } } func (client *Client) performWrite(additionalDirtyBits uint) { client.stateMutex.Lock() dirtyBits := client.dirtyBits | additionalDirtyBits client.dirtyBits = 0 account := client.account client.stateMutex.Unlock() if account == "" { client.server.logger.Error("internal", "attempting to persist logged-out client", client.Nick()) return } if (dirtyBits & IncludeChannels) != 0 { channels := client.Channels() channelToModes := make(map[string]string, len(channels)) for _, channel := range channels { chname, modes := channel.nameAndModes(client) channelToModes[chname] = modes } client.server.accounts.saveChannels(account, channelToModes) } if (dirtyBits & IncludeLastSeen) != 0 { client.server.accounts.saveLastSeen(account, client.copyLastSeen()) } if (dirtyBits & IncludeUserModes) != 0 { uModes := make(modes.Modes, 0, len(modes.SupportedUserModes)) for _, m := range modes.SupportedUserModes { switch m { case modes.Operator, modes.ServerNotice: // these can't be persisted because they depend on the operator block default: if client.HasMode(m) { uModes = append(uModes, m) } } } client.server.accounts.saveModes(account, uModes) } if (dirtyBits & IncludeRealname) != 0 { client.server.accounts.saveRealname(account, client.realname) } } // Blocking store; see Channel.Store and Socket.BlockingWrite func (client *Client) Store(dirtyBits uint) (err error) { defer func() { client.stateMutex.Lock() isDirty := client.dirtyBits != 0 client.stateMutex.Unlock() if isDirty { client.wakeWriter() } }() client.writerSemaphore.Acquire() defer client.writerSemaphore.Release() client.performWrite(dirtyBits) return nil }