1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072 |
- // Copyright (c) 2012-2014 Jeremy Latt
- // Copyright (c) 2014-2015 Edmund Huber
- // Copyright (c) 2016-2017 Daniel Oaks <daniel@danieloaks.net>
- // released under the MIT license
-
- package irc
-
- import (
- "fmt"
- "net"
- "net/http"
- _ "net/http/pprof"
- "os"
- "os/signal"
- "runtime/debug"
- "strconv"
- "strings"
- "sync"
- "syscall"
- "time"
- "unsafe"
-
- "github.com/goshuirc/irc-go/ircfmt"
-
- "github.com/ergochat/ergo/irc/caps"
- "github.com/ergochat/ergo/irc/connection_limits"
- "github.com/ergochat/ergo/irc/flatip"
- "github.com/ergochat/ergo/irc/history"
- "github.com/ergochat/ergo/irc/logger"
- "github.com/ergochat/ergo/irc/modes"
- "github.com/ergochat/ergo/irc/mysql"
- "github.com/ergochat/ergo/irc/sno"
- "github.com/ergochat/ergo/irc/utils"
- "github.com/tidwall/buntdb"
- )
-
- const (
- alwaysOnExpirationPollPeriod = time.Hour
- )
-
- var (
- // common error line to sub values into
- errorMsg = "ERROR :%s\r\n"
-
- // three final parameters of 004 RPL_MYINFO, enumerating our supported modes
- rplMyInfo1, rplMyInfo2, rplMyInfo3 = modes.RplMyInfo()
-
- // CHANMODES isupport token
- chanmodesToken = modes.ChanmodesToken()
-
- // whitelist of caps to serve on the STS-only listener. In particular,
- // never advertise SASL, to discourage people from sending their passwords:
- stsOnlyCaps = caps.NewSet(caps.STS, caps.MessageTags, caps.ServerTime, caps.Batch, caps.LabeledResponse, caps.EchoMessage, caps.Nope)
-
- // we only have standard channels for now. TODO: any updates to this
- // will also need to be reflected in CasefoldChannel
- chanTypes = "#"
-
- throttleMessage = "You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect."
- )
-
- // Server is the main Oragono server.
- type Server struct {
- accounts AccountManager
- channels ChannelManager
- channelRegistry ChannelRegistry
- clients ClientManager
- config unsafe.Pointer
- configFilename string
- connectionLimiter connection_limits.Limiter
- ctime time.Time
- dlines *DLineManager
- helpIndexManager HelpIndexManager
- klines *KLineManager
- listeners map[string]IRCListener
- logger *logger.Manager
- monitorManager MonitorManager
- name string
- nameCasefolded string
- rehashMutex sync.Mutex // tier 4
- rehashSignal chan os.Signal
- pprofServer *http.Server
- signals chan os.Signal
- snomasks SnoManager
- store *buntdb.DB
- historyDB mysql.MySQL
- torLimiter connection_limits.TorLimiter
- whoWas WhoWasList
- stats Stats
- semaphores ServerSemaphores
- defcon uint32
- }
-
- // NewServer returns a new Oragono server.
- func NewServer(config *Config, logger *logger.Manager) (*Server, error) {
- // initialize data structures
- server := &Server{
- ctime: time.Now().UTC(),
- listeners: make(map[string]IRCListener),
- logger: logger,
- rehashSignal: make(chan os.Signal, 1),
- signals: make(chan os.Signal, len(ServerExitSignals)),
- defcon: 5,
- }
-
- server.clients.Initialize()
- server.semaphores.Initialize()
- server.whoWas.Initialize(config.Limits.WhowasEntries)
- server.monitorManager.Initialize()
- server.snomasks.Initialize()
-
- if err := server.applyConfig(config); err != nil {
- return nil, err
- }
-
- // Attempt to clean up when receiving these signals.
- signal.Notify(server.signals, ServerExitSignals...)
- signal.Notify(server.rehashSignal, syscall.SIGHUP)
-
- time.AfterFunc(alwaysOnExpirationPollPeriod, server.handleAlwaysOnExpirations)
-
- return server, nil
- }
-
- // Shutdown shuts down the server.
- func (server *Server) Shutdown() {
- //TODO(dan): Make sure we disallow new nicks
- for _, client := range server.clients.AllClients() {
- client.Notice("Server is shutting down")
- if client.AlwaysOn() {
- client.Store(IncludeLastSeen)
- }
- }
-
- if err := server.store.Close(); err != nil {
- server.logger.Error("shutdown", fmt.Sprintln("Could not close datastore:", err))
- }
-
- server.historyDB.Close()
- }
-
- // Run starts the server.
- func (server *Server) Run() {
- // defer closing db/store
- defer server.store.Close()
-
- for {
- select {
- case <-server.signals:
- server.Shutdown()
- return
-
- case <-server.rehashSignal:
- server.logger.Info("server", "Rehashing due to SIGHUP")
- go server.rehash()
- }
- }
- }
-
- func (server *Server) checkBans(config *Config, ipaddr net.IP, checkScripts bool) (banned bool, requireSASL bool, message string) {
- // #671: do not enforce bans against loopback, as a failsafe
- // note that this function is not used for Tor connections (checkTorLimits is used instead)
- if ipaddr.IsLoopback() {
- return
- }
-
- if server.Defcon() == 1 {
- if !utils.IPInNets(ipaddr, server.Config().Server.secureNets) {
- return true, false, "New connections to this server are temporarily restricted"
- }
- }
-
- flat := flatip.FromNetIP(ipaddr)
-
- // check DLINEs
- isBanned, info := server.dlines.CheckIP(flat)
- if isBanned {
- if info.RequireSASL {
- server.logger.Info("connect-ip", "Requiring SASL from client due to d-line", ipaddr.String())
- return false, true, info.BanMessage("You must authenticate with SASL to connect from this IP (%s)")
- } else {
- server.logger.Info("connect-ip", "Client rejected by d-line", ipaddr.String())
- return true, false, info.BanMessage("You are banned from this server (%s)")
- }
- }
-
- // check connection limits
- err := server.connectionLimiter.AddClient(flat)
- if err == connection_limits.ErrLimitExceeded {
- // too many connections from one client, tell the client and close the connection
- server.logger.Info("connect-ip", "Client rejected for connection limit", ipaddr.String())
- return true, false, "Too many clients from your network"
- } else if err == connection_limits.ErrThrottleExceeded {
- server.logger.Info("connect-ip", "Client exceeded connection throttle", ipaddr.String())
- return true, false, throttleMessage
- } else if err != nil {
- server.logger.Warning("internal", "unexpected ban result", err.Error())
- }
-
- if checkScripts && config.Server.IPCheckScript.Enabled {
- output, err := CheckIPBan(server.semaphores.IPCheckScript, config.Server.IPCheckScript, ipaddr)
- if err != nil {
- server.logger.Error("internal", "couldn't check IP ban script", ipaddr.String(), err.Error())
- return false, false, ""
- }
- // TODO: currently no way to cache IPAccepted
- if (output.Result == IPBanned || output.Result == IPRequireSASL) && output.CacheSeconds != 0 {
- network, err := flatip.ParseToNormalizedNet(output.CacheNet)
- if err != nil {
- server.logger.Error("internal", "invalid dline net from IP ban script", ipaddr.String(), output.CacheNet)
- } else {
- dlineDuration := time.Duration(output.CacheSeconds) * time.Second
- err := server.dlines.AddNetwork(network, dlineDuration, output.Result == IPRequireSASL, output.BanMessage, "", "")
- if err != nil {
- server.logger.Error("internal", "couldn't set dline from IP ban script", ipaddr.String(), err.Error())
- }
- }
- }
- if output.Result == IPBanned {
- // XXX roll back IP connection/throttling addition for the IP
- server.connectionLimiter.RemoveClient(flat)
- server.logger.Info("connect-ip", "Rejected client due to ip-check-script", ipaddr.String())
- return true, false, output.BanMessage
- } else if output.Result == IPRequireSASL {
- server.logger.Info("connect-ip", "Requiring SASL from client due to ip-check-script", ipaddr.String())
- return false, true, output.BanMessage
- }
- }
-
- return false, false, ""
- }
-
- func (server *Server) checkTorLimits() (banned bool, message string) {
- switch server.torLimiter.AddClient() {
- case connection_limits.ErrLimitExceeded:
- return true, "Too many clients from the Tor network"
- case connection_limits.ErrThrottleExceeded:
- return true, "Exceeded connection throttle for the Tor network"
- default:
- return false, ""
- }
- }
-
- func (server *Server) handleAlwaysOnExpirations() {
- defer func() {
- if r := recover(); r != nil {
- server.logger.Error("internal",
- fmt.Sprintf("Panic in always-on cleanup: %v\n%s", r, debug.Stack()))
- }
- // either way, reschedule
- time.AfterFunc(alwaysOnExpirationPollPeriod, server.handleAlwaysOnExpirations)
- }()
-
- config := server.Config()
- deadline := time.Duration(config.Accounts.Multiclient.AlwaysOnExpiration)
- if deadline == 0 {
- return
- }
- server.logger.Info("accounts", "Checking always-on clients for expiration")
- for _, client := range server.clients.AllClients() {
- if client.IsExpiredAlwaysOn(config) {
- // TODO save the channels list, use it for autojoin if/when they return?
- server.logger.Info("accounts", "Expiring always-on client", client.AccountName())
- client.destroy(nil)
- }
- }
- }
-
- //
- // server functionality
- //
-
- func (server *Server) tryRegister(c *Client, session *Session) (exiting bool) {
- // XXX PROXY or WEBIRC MUST be sent as the first line of the session;
- // if we are here at all that means we have the final value of the IP
- if session.rawHostname == "" {
- session.client.lookupHostname(session, false)
- }
-
- // try to complete registration normally
- // XXX(#1057) username can be filled in by an ident query without the client
- // having sent USER: check for both username and realname to ensure they did
- if c.preregNick == "" || c.username == "" || c.realname == "" || session.capState == caps.NegotiatingState {
- return
- }
-
- if c.isSTSOnly {
- server.playSTSBurst(session)
- return true
- }
-
- // client MUST send PASS if necessary, or authenticate with SASL if necessary,
- // before completing the other registration commands
- config := server.Config()
- authOutcome := c.isAuthorized(server, config, session, c.requireSASL)
- var quitMessage string
- switch authOutcome {
- case authFailPass:
- quitMessage = c.t("Password incorrect")
- c.Send(nil, server.name, ERR_PASSWDMISMATCH, "*", quitMessage)
- case authFailSaslRequired, authFailTorSaslRequired:
- quitMessage = c.requireSASLMessage
- if quitMessage == "" {
- quitMessage = c.t("You must log in with SASL to join this server")
- }
- c.Send(nil, c.server.name, "FAIL", "*", "ACCOUNT_REQUIRED", quitMessage)
- }
- if authOutcome != authSuccess {
- c.Quit(quitMessage, nil)
- return true
- }
- c.requireSASLMessage = ""
-
- rb := NewResponseBuffer(session)
- nickError := performNickChange(server, c, c, session, c.preregNick, rb)
- rb.Send(true)
- if nickError == errInsecureReattach {
- c.Quit(c.t("You can't mix secure and insecure connections to this account"), nil)
- return true
- } else if nickError != nil {
- c.preregNick = ""
- return false
- }
-
- if session.client != c {
- // reattached, bail out.
- // we'll play the reg burst later, on the new goroutine associated with
- // (thisSession, otherClient). This is to avoid having to transfer state
- // like nickname, hostname, etc. to show the correct values in the reg burst.
- return false
- }
-
- // Apply default user modes (without updating the invisible counter)
- // The number of invisible users will be updated by server.stats.Register
- // if we're using default user mode +i.
- for _, defaultMode := range config.Accounts.defaultUserModes {
- c.SetMode(defaultMode, true)
- }
-
- // count new user in statistics (before checking KLINEs, see #1303)
- server.stats.Register(c.HasMode(modes.Invisible))
-
- // check KLINEs (#671: ignore KLINEs for loopback connections)
- if !session.IP().IsLoopback() || session.isTor {
- isBanned, info := server.klines.CheckMasks(c.AllNickmasks()...)
- if isBanned {
- c.Quit(info.BanMessage(c.t("You are banned from this server (%s)")), nil)
- return true
- }
- }
-
- server.playRegistrationBurst(session)
- return false
- }
-
- func (server *Server) playSTSBurst(session *Session) {
- nick := utils.SafeErrorParam(session.client.preregNick)
- session.Send(nil, server.name, RPL_WELCOME, nick, fmt.Sprintf("Welcome to the Internet Relay Network %s", nick))
- session.Send(nil, server.name, RPL_YOURHOST, nick, fmt.Sprintf("Your host is %[1]s, running version %[2]s", server.name, "ergo"))
- session.Send(nil, server.name, RPL_CREATED, nick, fmt.Sprintf("This server was created %s", time.Time{}.Format(time.RFC1123)))
- session.Send(nil, server.name, RPL_MYINFO, nick, server.name, "ergo", "o", "o", "o")
- session.Send(nil, server.name, RPL_ISUPPORT, nick, "CASEMAPPING=ascii", "are supported by this server")
- session.Send(nil, server.name, ERR_NOMOTD, nick, "MOTD is unavailable")
- for _, line := range server.Config().Server.STS.bannerLines {
- session.Send(nil, server.name, "NOTICE", nick, line)
- }
- }
-
- func (server *Server) playRegistrationBurst(session *Session) {
- c := session.client
- // continue registration
- d := c.Details()
- server.logger.Info("connect", fmt.Sprintf("Client connected [%s] [u:%s] [r:%s]", d.nick, d.username, d.realname))
- server.snomasks.Send(sno.LocalConnects, fmt.Sprintf("Client connected [%s] [u:%s] [h:%s] [ip:%s] [r:%s]", d.nick, d.username, session.rawHostname, session.IP().String(), d.realname))
- if d.account != "" {
- server.sendLoginSnomask(d.nickMask, d.accountName)
- }
-
- // send welcome text
- //NOTE(dan): we specifically use the NICK here instead of the nickmask
- // see http://modern.ircdocs.horse/#rplwelcome-001 for details on why we avoid using the nickmask
- config := server.Config()
- session.Send(nil, server.name, RPL_WELCOME, d.nick, fmt.Sprintf(c.t("Welcome to the %s IRC Network %s"), config.Network.Name, d.nick))
- session.Send(nil, server.name, RPL_YOURHOST, d.nick, fmt.Sprintf(c.t("Your host is %[1]s, running version %[2]s"), server.name, Ver))
- session.Send(nil, server.name, RPL_CREATED, d.nick, fmt.Sprintf(c.t("This server was created %s"), server.ctime.Format(time.RFC1123)))
- session.Send(nil, server.name, RPL_MYINFO, d.nick, server.name, Ver, rplMyInfo1, rplMyInfo2, rplMyInfo3)
-
- rb := NewResponseBuffer(session)
- server.RplISupport(c, rb)
- server.Lusers(c, rb)
- server.MOTD(c, rb)
- rb.Send(true)
-
- modestring := c.ModeString()
- if modestring != "+" {
- session.Send(nil, server.name, RPL_UMODEIS, d.nick, modestring)
- }
-
- c.attemptAutoOper(session)
-
- if server.logger.IsLoggingRawIO() {
- session.Send(nil, c.server.name, "NOTICE", d.nick, c.t("This server is in debug mode and is logging all user I/O. If you do not wish for everything you send to be readable by the server owner(s), please disconnect."))
- }
- }
-
- // RplISupport outputs our ISUPPORT lines to the client. This is used on connection and in VERSION responses.
- func (server *Server) RplISupport(client *Client, rb *ResponseBuffer) {
- translatedISupport := client.t("are supported by this server")
- nick := client.Nick()
- config := server.Config()
- for _, cachedTokenLine := range config.Server.isupport.CachedReply {
- length := len(cachedTokenLine) + 2
- tokenline := make([]string, length)
- tokenline[0] = nick
- copy(tokenline[1:], cachedTokenLine)
- tokenline[length-1] = translatedISupport
- rb.Add(nil, server.name, RPL_ISUPPORT, tokenline...)
- }
- }
-
- func (server *Server) Lusers(client *Client, rb *ResponseBuffer) {
- nick := client.Nick()
- stats := server.stats.GetValues()
-
- rb.Add(nil, server.name, RPL_LUSERCLIENT, nick, fmt.Sprintf(client.t("There are %[1]d users and %[2]d invisible on %[3]d server(s)"), stats.Total-stats.Invisible, stats.Invisible, 1))
- rb.Add(nil, server.name, RPL_LUSEROP, nick, strconv.Itoa(stats.Operators), client.t("IRC Operators online"))
- rb.Add(nil, server.name, RPL_LUSERUNKNOWN, nick, strconv.Itoa(stats.Unknown), client.t("unregistered connections"))
- rb.Add(nil, server.name, RPL_LUSERCHANNELS, nick, strconv.Itoa(server.channels.Len()), client.t("channels formed"))
- rb.Add(nil, server.name, RPL_LUSERME, nick, fmt.Sprintf(client.t("I have %[1]d clients and %[2]d servers"), stats.Total, 0))
- total := strconv.Itoa(stats.Total)
- max := strconv.Itoa(stats.Max)
- rb.Add(nil, server.name, RPL_LOCALUSERS, nick, total, max, fmt.Sprintf(client.t("Current local users %[1]s, max %[2]s"), total, max))
- rb.Add(nil, server.name, RPL_GLOBALUSERS, nick, total, max, fmt.Sprintf(client.t("Current global users %[1]s, max %[2]s"), total, max))
- }
-
- // MOTD serves the Message of the Day.
- func (server *Server) MOTD(client *Client, rb *ResponseBuffer) {
- motdLines := server.Config().Server.motdLines
-
- if len(motdLines) < 1 {
- rb.Add(nil, server.name, ERR_NOMOTD, client.nick, client.t("MOTD File is missing"))
- return
- }
-
- rb.Add(nil, server.name, RPL_MOTDSTART, client.nick, fmt.Sprintf(client.t("- %s Message of the day - "), server.name))
- for _, line := range motdLines {
- rb.Add(nil, server.name, RPL_MOTD, client.nick, line)
- }
- rb.Add(nil, server.name, RPL_ENDOFMOTD, client.nick, client.t("End of MOTD command"))
- }
-
- func (client *Client) whoisChannelsNames(target *Client, multiPrefix bool, hasPrivs bool) []string {
- var chstrs []string
- targetInvis := target.HasMode(modes.Invisible)
- for _, channel := range target.Channels() {
- if !hasPrivs && (targetInvis || channel.flags.HasMode(modes.Secret)) && !channel.hasClient(client) {
- // client can't see *this* channel membership
- continue
- }
- chstrs = append(chstrs, channel.ClientPrefixes(target, multiPrefix)+channel.name)
- }
- return chstrs
- }
-
- func (client *Client) getWhoisOf(target *Client, hasPrivs bool, rb *ResponseBuffer) {
- oper := client.Oper()
- cnick := client.Nick()
- targetInfo := target.Details()
- rb.Add(nil, client.server.name, RPL_WHOISUSER, cnick, targetInfo.nick, targetInfo.username, targetInfo.hostname, "*", targetInfo.realname)
- tnick := targetInfo.nick
-
- whoischannels := client.whoisChannelsNames(target, rb.session.capabilities.Has(caps.MultiPrefix), oper.HasRoleCapab("sajoin"))
- if whoischannels != nil {
- rb.Add(nil, client.server.name, RPL_WHOISCHANNELS, cnick, tnick, strings.Join(whoischannels, " "))
- }
- if target.HasMode(modes.Operator) && operStatusVisible(client, target, oper != nil) {
- tOper := target.Oper()
- if tOper != nil {
- rb.Add(nil, client.server.name, RPL_WHOISOPERATOR, cnick, tnick, tOper.WhoisLine)
- }
- }
- if client == target || oper.HasRoleCapab("ban") {
- rb.Add(nil, client.server.name, RPL_WHOISACTUALLY, cnick, tnick, fmt.Sprintf("%s@%s", targetInfo.username, target.RawHostname()), target.IPString(), client.t("Actual user@host, Actual IP"))
- }
- if client == target || oper.HasRoleCapab("samode") {
- rb.Add(nil, client.server.name, RPL_WHOISMODES, cnick, tnick, fmt.Sprintf(client.t("is using modes +%s"), target.modes.String()))
- }
- if target.HasMode(modes.TLS) {
- rb.Add(nil, client.server.name, RPL_WHOISSECURE, cnick, tnick, client.t("is using a secure connection"))
- }
- if targetInfo.accountName != "*" {
- rb.Add(nil, client.server.name, RPL_WHOISACCOUNT, cnick, tnick, targetInfo.accountName, client.t("is logged in as"))
- }
- if target.HasMode(modes.Bot) {
- rb.Add(nil, client.server.name, RPL_WHOISBOT, cnick, tnick, fmt.Sprintf(ircfmt.Unescape(client.t("is a $bBot$b on %s")), client.server.Config().Network.Name))
- }
-
- if client == target || oper.HasRoleCapab("ban") {
- for _, session := range target.Sessions() {
- if session.certfp != "" {
- rb.Add(nil, client.server.name, RPL_WHOISCERTFP, cnick, tnick, fmt.Sprintf(client.t("has client certificate fingerprint %s"), session.certfp))
- }
- }
- }
- rb.Add(nil, client.server.name, RPL_WHOISIDLE, cnick, tnick, strconv.FormatUint(target.IdleSeconds(), 10), strconv.FormatInt(target.SignonTime(), 10), client.t("seconds idle, signon time"))
- if away, awayMessage := target.Away(); away {
- rb.Add(nil, client.server.name, RPL_AWAY, cnick, tnick, awayMessage)
- }
- }
-
- // rehash reloads the config and applies the changes from the config file.
- func (server *Server) rehash() error {
- // #1570; this needs its own panic handling because it can be invoked via SIGHUP
- defer func() {
- if r := recover(); r != nil {
- if server.Config().Debug.recoverFromErrors {
- server.logger.Error("internal",
- fmt.Sprintf("Panic during rehash: %v\n%s", r, debug.Stack()))
- } else {
- panic(r)
- }
- }
- }()
-
- server.logger.Info("server", "Attempting rehash")
-
- // only let one REHASH go on at a time
- server.rehashMutex.Lock()
- defer server.rehashMutex.Unlock()
-
- config, err := LoadConfig(server.configFilename)
- if err != nil {
- server.logger.Error("server", "failed to load config file", err.Error())
- return err
- }
-
- err = server.applyConfig(config)
- if err != nil {
- server.logger.Error("server", "Failed to rehash", err.Error())
- return err
- }
-
- server.logger.Info("server", "Rehash completed successfully")
- return nil
- }
-
- func (server *Server) applyConfig(config *Config) (err error) {
- oldConfig := server.Config()
- initial := oldConfig == nil
-
- if initial {
- server.configFilename = config.Filename
- server.name = config.Server.Name
- server.nameCasefolded = config.Server.nameCasefolded
- globalCasemappingSetting = config.Server.Casemapping
- globalUtf8EnforcementSetting = config.Server.EnforceUtf8
- MaxLineLen = config.Server.MaxLineLen
- } else {
- // enforce configs that can't be changed after launch:
- if server.name != config.Server.Name {
- return fmt.Errorf("Server name cannot be changed after launching the server, rehash aborted")
- } else if oldConfig.Datastore.Path != config.Datastore.Path {
- return fmt.Errorf("Datastore path cannot be changed after launching the server, rehash aborted")
- } else if globalCasemappingSetting != config.Server.Casemapping {
- return fmt.Errorf("Casemapping cannot be changed after launching the server, rehash aborted")
- } else if globalUtf8EnforcementSetting != config.Server.EnforceUtf8 {
- return fmt.Errorf("UTF-8 enforcement cannot be changed after launching the server, rehash aborted")
- } else if oldConfig.Accounts.Multiclient.AlwaysOn != config.Accounts.Multiclient.AlwaysOn {
- return fmt.Errorf("Default always-on setting cannot be changed after launching the server, rehash aborted")
- } else if oldConfig.Server.Relaymsg.Enabled != config.Server.Relaymsg.Enabled {
- return fmt.Errorf("Cannot enable or disable relaying after launching the server, rehash aborted")
- } else if oldConfig.Server.Relaymsg.Separators != config.Server.Relaymsg.Separators {
- return fmt.Errorf("Cannot change relaying separators after launching the server, rehash aborted")
- } else if oldConfig.Server.IPCheckScript.MaxConcurrency != config.Server.IPCheckScript.MaxConcurrency ||
- oldConfig.Accounts.AuthScript.MaxConcurrency != config.Accounts.AuthScript.MaxConcurrency {
- return fmt.Errorf("Cannot change max-concurrency for scripts after launching the server, rehash aborted")
- } else if oldConfig.Server.OverrideServicesHostname != config.Server.OverrideServicesHostname {
- return fmt.Errorf("Cannot change override-services-hostname after launching the server, rehash aborted")
- } else if !oldConfig.Datastore.MySQL.Enabled && config.Datastore.MySQL.Enabled {
- return fmt.Errorf("Cannot enable MySQL after launching the server, rehash aborted")
- } else if oldConfig.Server.MaxLineLen != config.Server.MaxLineLen {
- return fmt.Errorf("Cannot change max-line-len after launching the server, rehash aborted")
- }
- }
-
- server.logger.Info("server", "Using config file", server.configFilename)
-
- // first, reload config sections for functionality implemented in subpackages:
- wasLoggingRawIO := !initial && server.logger.IsLoggingRawIO()
- err = server.logger.ApplyConfig(config.Logging)
- if err != nil {
- return err
- }
- nowLoggingRawIO := server.logger.IsLoggingRawIO()
- // notify existing clients if raw i/o logging was enabled by a rehash
- sendRawOutputNotice := !wasLoggingRawIO && nowLoggingRawIO
-
- server.connectionLimiter.ApplyConfig(&config.Server.IPLimits)
-
- tlConf := &config.Server.TorListeners
- server.torLimiter.Configure(tlConf.MaxConnections, tlConf.ThrottleDuration, tlConf.MaxConnectionsPerDuration)
-
- // Translations
- server.logger.Debug("server", "Regenerating HELP indexes for new languages")
- server.helpIndexManager.GenerateIndices(config.languageManager)
-
- if initial {
- maxIPConc := int(config.Server.IPCheckScript.MaxConcurrency)
- if maxIPConc != 0 {
- server.semaphores.IPCheckScript = utils.NewSemaphore(maxIPConc)
- }
- maxAuthConc := int(config.Accounts.AuthScript.MaxConcurrency)
- if maxAuthConc != 0 {
- server.semaphores.AuthScript = utils.NewSemaphore(maxAuthConc)
- }
-
- if err := overrideServicePrefixes(config.Server.OverrideServicesHostname); err != nil {
- return err
- }
- }
-
- if oldConfig != nil {
- // if certain features were enabled by rehash, we need to load the corresponding data
- // from the store
- if !oldConfig.Accounts.NickReservation.Enabled {
- server.accounts.buildNickToAccountIndex(config)
- }
- if !oldConfig.Channels.Registration.Enabled {
- server.channels.loadRegisteredChannels(config)
- }
- // resize history buffers as needed
- if config.historyChangedFrom(oldConfig) {
- for _, channel := range server.channels.Channels() {
- channel.resizeHistory(config)
- }
- for _, client := range server.clients.AllClients() {
- client.resizeHistory(config)
- }
- }
- if oldConfig.Accounts.Registration.Throttling != config.Accounts.Registration.Throttling {
- server.accounts.resetRegisterThrottle(config)
- }
- }
-
- server.logger.Info("server", "Using datastore", config.Datastore.Path)
- if initial {
- if err := server.loadDatastore(config); err != nil {
- return err
- }
- } else {
- if config.Datastore.MySQL.Enabled && config.Datastore.MySQL != oldConfig.Datastore.MySQL {
- server.historyDB.SetConfig(config.Datastore.MySQL)
- }
- }
-
- // now that the datastore is initialized, we can load the cloak secret from it
- // XXX this modifies config after the initial load, which is naughty,
- // but there's no data race because we haven't done SetConfig yet
- config.Server.Cloaks.SetSecret(LoadCloakSecret(server.store))
-
- // activate the new config
- server.SetConfig(config)
-
- // load [dk]-lines, registered users and channels, etc.
- if initial {
- if err := server.loadFromDatastore(config); err != nil {
- return err
- }
- }
-
- // burst new and removed caps
- addedCaps, removedCaps := config.Diff(oldConfig)
- var capBurstSessions []*Session
- added := make(map[caps.Version][]string)
- var removed []string
-
- if !addedCaps.Empty() || !removedCaps.Empty() {
- capBurstSessions = server.clients.AllWithCapsNotify()
-
- added[caps.Cap301] = addedCaps.Strings(caps.Cap301, config.Server.capValues, 0)
- added[caps.Cap302] = addedCaps.Strings(caps.Cap302, config.Server.capValues, 0)
- // removed never has values, so we leave it as Cap301
- removed = removedCaps.Strings(caps.Cap301, config.Server.capValues, 0)
- }
-
- for _, sSession := range capBurstSessions {
- // DEL caps and then send NEW ones so that updated caps get removed/added correctly
- if !removedCaps.Empty() {
- for _, capStr := range removed {
- sSession.Send(nil, server.name, "CAP", sSession.client.Nick(), "DEL", capStr)
- }
- }
- if !addedCaps.Empty() {
- for _, capStr := range added[sSession.capVersion] {
- sSession.Send(nil, server.name, "CAP", sSession.client.Nick(), "NEW", capStr)
- }
- }
- }
-
- server.setupPprofListener(config)
-
- // set RPL_ISUPPORT
- var newISupportReplies [][]string
- if oldConfig != nil {
- newISupportReplies = oldConfig.Server.isupport.GetDifference(&config.Server.isupport)
- }
-
- if len(config.Server.ProxyAllowedFrom) != 0 {
- server.logger.Info("server", "Proxied IPs will be accepted from", strings.Join(config.Server.ProxyAllowedFrom, ", "))
- }
-
- // we are now open for business
- err = server.setupListeners(config)
- // send other config warnings
- if config.Accounts.RequireSasl.Enabled && config.Accounts.Registration.Enabled {
- server.logger.Warning("server", "Warning: although require-sasl is enabled, users can still register accounts. If your server is not intended to be public, you must set accounts.registration.enabled to false.")
- }
-
- if !initial {
- // push new info to all of our clients
- for _, sClient := range server.clients.AllClients() {
- for _, tokenline := range newISupportReplies {
- sClient.Send(nil, server.name, RPL_ISUPPORT, append([]string{sClient.nick}, tokenline...)...)
- }
-
- if sendRawOutputNotice {
- sClient.Notice(sClient.t("This server is in debug mode and is logging all user I/O. If you do not wish for everything you send to be readable by the server owner(s), please disconnect."))
- }
- }
- }
-
- return err
- }
-
- func (server *Server) setupPprofListener(config *Config) {
- pprofListener := ""
- if config.Debug.PprofListener != nil {
- pprofListener = *config.Debug.PprofListener
- }
- if server.pprofServer != nil {
- if pprofListener == "" || (pprofListener != server.pprofServer.Addr) {
- server.logger.Info("server", "Stopping pprof listener", server.pprofServer.Addr)
- server.pprofServer.Close()
- server.pprofServer = nil
- }
- }
- if pprofListener != "" && server.pprofServer == nil {
- ps := http.Server{
- Addr: pprofListener,
- }
- go func() {
- if err := ps.ListenAndServe(); err != nil {
- server.logger.Error("server", "pprof listener failed", err.Error())
- }
- }()
- server.pprofServer = &ps
- server.logger.Info("server", "Started pprof listener", server.pprofServer.Addr)
- }
- }
-
- func (server *Server) loadDatastore(config *Config) error {
- // open the datastore and load server state for which it (rather than config)
- // is the source of truth
-
- _, err := os.Stat(config.Datastore.Path)
- if os.IsNotExist(err) {
- server.logger.Warning("server", "database does not exist, creating it", config.Datastore.Path)
- err = initializeDB(config.Datastore.Path)
- if err != nil {
- return err
- }
- }
-
- db, err := OpenDatabase(config)
- if err == nil {
- server.store = db
- return nil
- } else {
- return fmt.Errorf("Failed to open datastore: %s", err.Error())
- }
- }
-
- func (server *Server) loadFromDatastore(config *Config) (err error) {
- // load *lines (from the datastores)
- server.logger.Debug("server", "Loading D/Klines")
- server.loadDLines()
- server.loadKLines()
-
- server.channelRegistry.Initialize(server)
- server.channels.Initialize(server)
- server.accounts.Initialize(server)
-
- if config.Datastore.MySQL.Enabled {
- server.historyDB.Initialize(server.logger, config.Datastore.MySQL)
- err = server.historyDB.Open()
- if err != nil {
- server.logger.Error("internal", "could not connect to mysql", err.Error())
- return err
- }
- }
-
- return nil
- }
-
- func (server *Server) setupListeners(config *Config) (err error) {
- logListener := func(addr string, config utils.ListenerConfig) {
- server.logger.Info("listeners",
- fmt.Sprintf("now listening on %s, tls=%t, proxy=%t, tor=%t, websocket=%t.", addr, (config.TLSConfig != nil), config.RequireProxy, config.Tor, config.WebSocket),
- )
- }
-
- // update or destroy all existing listeners
- for addr := range server.listeners {
- currentListener := server.listeners[addr]
- newConfig, stillConfigured := config.Server.trueListeners[addr]
-
- if stillConfigured {
- if reloadErr := currentListener.Reload(newConfig); reloadErr == nil {
- logListener(addr, newConfig)
- } else {
- // stop the listener; we will attempt to replace it below
- currentListener.Stop()
- delete(server.listeners, addr)
- }
- } else {
- currentListener.Stop()
- delete(server.listeners, addr)
- server.logger.Info("listeners", fmt.Sprintf("stopped listening on %s.", addr))
- }
- }
-
- publicPlaintextListener := ""
- // create new listeners that were not previously configured,
- // or that couldn't be reloaded above:
- for newAddr, newConfig := range config.Server.trueListeners {
- if strings.HasPrefix(newAddr, ":") && !newConfig.Tor && !newConfig.STSOnly && newConfig.TLSConfig == nil {
- publicPlaintextListener = newAddr
- }
- _, exists := server.listeners[newAddr]
- if !exists {
- // make a new listener
- newListener, newErr := NewListener(server, newAddr, newConfig, config.Server.UnixBindMode)
- if newErr == nil {
- server.listeners[newAddr] = newListener
- logListener(newAddr, newConfig)
- } else {
- server.logger.Error("server", "couldn't listen on", newAddr, newErr.Error())
- err = newErr
- }
- }
- }
-
- if publicPlaintextListener != "" {
- server.logger.Warning("listeners", fmt.Sprintf("Warning: your server is configured with public plaintext listener %s. Consider disabling it for improved security and privacy.", publicPlaintextListener))
- }
-
- return
- }
-
- // Gets the abstract sequence from which we're going to query history;
- // we may already know the channel we're querying, or we may have
- // to look it up via a string query. This function is responsible for
- // privilege checking.
- // XXX: call this with providedChannel==nil and query=="" to get a sequence
- // suitable for ListCorrespondents (i.e., this function is still used to
- // decide whether the ringbuf or mysql is authoritative about the client's
- // message history).
- func (server *Server) GetHistorySequence(providedChannel *Channel, client *Client, query string) (channel *Channel, sequence history.Sequence, err error) {
- config := server.Config()
- // 4 cases: {persistent, ephemeral} x {normal, conversation}
- // with ephemeral history, target is implicit in the choice of `hist`,
- // and correspondent is "" if we're retrieving a channel or *, and the correspondent's name
- // if we're retrieving a DM conversation ("query buffer"). with persistent history,
- // target is always nonempty, and correspondent is either empty or nonempty as before.
- var status HistoryStatus
- var target, correspondent string
- var hist *history.Buffer
- restriction := HistoryCutoffNone
- channel = providedChannel
- if channel == nil {
- if strings.HasPrefix(query, "#") {
- channel = server.channels.Get(query)
- if channel == nil {
- return
- }
- }
- }
- var joinTimeCutoff time.Time
- if channel != nil {
- if present, cutoff := channel.joinTimeCutoff(client); present {
- joinTimeCutoff = cutoff
- } else {
- err = errInsufficientPrivs
- return
- }
- status, target, restriction = channel.historyStatus(config)
- switch status {
- case HistoryEphemeral:
- hist = &channel.history
- case HistoryPersistent:
- // already set `target`
- default:
- return
- }
- } else {
- status, target = client.historyStatus(config)
- if query != "" {
- correspondent, err = CasefoldName(query)
- if err != nil {
- return
- }
- }
- switch status {
- case HistoryEphemeral:
- hist = &client.history
- case HistoryPersistent:
- // already set `target`, and `correspondent` if necessary
- default:
- return
- }
- }
-
- var cutoff time.Time
- if config.History.Restrictions.ExpireTime != 0 {
- cutoff = time.Now().UTC().Add(-time.Duration(config.History.Restrictions.ExpireTime))
- }
- // #836: registration date cutoff is always enforced for DMs
- // either way, take the later of the two cutoffs
- if restriction == HistoryCutoffRegistrationTime || channel == nil {
- regCutoff := client.historyCutoff()
- if regCutoff.After(cutoff) {
- cutoff = regCutoff
- }
- } else if restriction == HistoryCutoffJoinTime {
- if joinTimeCutoff.After(cutoff) {
- cutoff = joinTimeCutoff
- }
- }
-
- // #836 again: grace period is never applied to DMs
- if !cutoff.IsZero() && channel != nil && restriction != HistoryCutoffJoinTime {
- cutoff = cutoff.Add(-time.Duration(config.History.Restrictions.GracePeriod))
- }
-
- if hist != nil {
- sequence = hist.MakeSequence(correspondent, cutoff)
- } else if target != "" {
- sequence = server.historyDB.MakeSequence(target, correspondent, cutoff)
- }
- return
- }
-
- func (server *Server) ForgetHistory(accountName string) {
- // sanity check
- if accountName == "*" {
- return
- }
-
- config := server.Config()
- if !config.History.Enabled {
- return
- }
-
- if cfAccount, err := CasefoldName(accountName); err == nil {
- server.historyDB.Forget(cfAccount)
- }
-
- persistent := config.History.Persistent
- if persistent.Enabled && persistent.UnregisteredChannels && persistent.RegisteredChannels == PersistentMandatory && persistent.DirectMessages == PersistentMandatory {
- return
- }
-
- predicate := func(item *history.Item) bool { return item.AccountName == accountName }
-
- for _, channel := range server.channels.Channels() {
- channel.history.Delete(predicate)
- }
-
- for _, client := range server.clients.AllClients() {
- client.history.Delete(predicate)
- }
- }
-
- // deletes a message. target is a hint about what buffer it's in (not required for
- // persistent history, where all the msgids are indexed together). if accountName
- // is anything other than "*", it must match the recorded AccountName of the message
- func (server *Server) DeleteMessage(target, msgid, accountName string) (err error) {
- config := server.Config()
- var hist *history.Buffer
-
- if target != "" {
- if target[0] == '#' {
- channel := server.channels.Get(target)
- if channel != nil {
- if status, _, _ := channel.historyStatus(config); status == HistoryEphemeral {
- hist = &channel.history
- }
- }
- } else {
- client := server.clients.Get(target)
- if client != nil {
- if status, _ := client.historyStatus(config); status == HistoryEphemeral {
- hist = &client.history
- }
- }
- }
- }
-
- if hist == nil {
- err = server.historyDB.DeleteMsgid(msgid, accountName)
- } else {
- count := hist.Delete(func(item *history.Item) bool {
- return item.Message.Msgid == msgid && (accountName == "*" || item.AccountName == accountName)
- })
- if count == 0 {
- err = errNoop
- }
- }
-
- return
- }
-
- func (server *Server) UnfoldName(cfname string) (name string) {
- if strings.HasPrefix(cfname, "#") {
- return server.channels.UnfoldName(cfname)
- }
- return server.clients.UnfoldNick(cfname)
- }
-
- // elistMatcher takes and matches ELIST conditions
- type elistMatcher struct {
- MinClientsActive bool
- MinClients int
- MaxClientsActive bool
- MaxClients int
- }
-
- // Matches checks whether the given channel matches our matches.
- func (matcher *elistMatcher) Matches(channel *Channel) bool {
- if matcher.MinClientsActive {
- if len(channel.Members()) < matcher.MinClients {
- return false
- }
- }
-
- if matcher.MaxClientsActive {
- if len(channel.Members()) < len(channel.members) {
- return false
- }
- }
-
- return true
- }
-
- var (
- infoString1 = strings.Split(` ▄▄▄ ▄▄▄· ▄▄ • ▐ ▄
- ▪ ▀▄ █·▐█ ▀█ ▐█ ▀ ▪▪ •█▌▐█▪
- ▄█▀▄ ▐▀▀▄ ▄█▀▀█ ▄█ ▀█▄ ▄█▀▄▪▐█▐▐▌ ▄█▀▄
- ▐█▌.▐▌▐█•█▌▐█ ▪▐▌▐█▄▪▐█▐█▌ ▐▌██▐█▌▐█▌.▐▌
- ▀█▄▀▪.▀ ▀ ▀ ▀ ·▀▀▀▀ ▀█▄▀ ▀▀ █▪ ▀█▄▀▪
-
- https://ergo.chat/
- https://github.com/ergochat/ergo
- https://crowdin.com/project/oragono
- `, "\n")
- infoString2 = strings.Split(` Daniel Oakley, DanielOaks, <daniel@danieloaks.net>
- Shivaram Lingamneni, slingamn, <slingamn@cs.stanford.edu>
- `, "\n")
- infoString3 = strings.Split(` Jeremy Latt, jlatt
- Edmund Huber, edmund-huber
- `, "\n")
- )
|