You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

gateways.go 2.1KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. // Copyright (c) 2012-2014 Jeremy Latt
  2. // Copyright (c) 2014-2015 Edmund Huber
  3. // Copyright (c) 2017 Daniel Oaks <daniel@danieloaks.net>
  4. // released under the MIT license
  5. package irc
  6. import (
  7. "fmt"
  8. "net"
  9. "github.com/oragono/oragono/irc/modes"
  10. "github.com/oragono/oragono/irc/utils"
  11. )
  12. type webircConfig struct {
  13. PasswordString string `yaml:"password"`
  14. Password []byte `yaml:"password-bytes"`
  15. Fingerprint string
  16. Hosts []string
  17. }
  18. // Populate fills out our password or fingerprint.
  19. func (wc *webircConfig) Populate() (err error) {
  20. if wc.Fingerprint == "" && wc.PasswordString == "" {
  21. return ErrNoFingerprintOrPassword
  22. }
  23. if wc.PasswordString != "" {
  24. var password []byte
  25. wc.Password, err = decodeLegacyPasswordHash(wc.PasswordString)
  26. wc.Password = password
  27. }
  28. return err
  29. }
  30. func isGatewayAllowed(addr net.Addr, gatewaySpec string) bool {
  31. // "localhost" includes any loopback IP or unix domain socket
  32. if gatewaySpec == "localhost" {
  33. return utils.AddrIsLocal(addr)
  34. }
  35. ip := utils.AddrToIP(addr)
  36. if ip == nil {
  37. return false
  38. }
  39. // exact IP match
  40. if ip.String() == gatewaySpec {
  41. return true
  42. }
  43. // CIDR match
  44. _, gatewayNet, err := net.ParseCIDR(gatewaySpec)
  45. if err != nil {
  46. return false
  47. }
  48. return gatewayNet.Contains(ip)
  49. }
  50. // ApplyProxiedIP applies the given IP to the client.
  51. func (client *Client) ApplyProxiedIP(proxiedIP string, tls bool) (exiting bool) {
  52. // ensure IP is sane
  53. parsedProxiedIP := net.ParseIP(proxiedIP)
  54. if parsedProxiedIP == nil {
  55. client.Quit(fmt.Sprintf(client.t("Proxied IP address is not valid: [%s]"), proxiedIP))
  56. return true
  57. }
  58. isBanned, banMsg := client.server.checkBans(parsedProxiedIP)
  59. if isBanned {
  60. client.Quit(banMsg)
  61. return true
  62. }
  63. // given IP is sane! override the client's current IP
  64. rawHostname := utils.LookupHostname(proxiedIP)
  65. client.stateMutex.Lock()
  66. client.proxiedIP = parsedProxiedIP
  67. client.rawHostname = rawHostname
  68. client.stateMutex.Unlock()
  69. // nickmask will be updated when the client completes registration
  70. // set tls info
  71. client.certfp = ""
  72. client.SetMode(modes.TLS, tls)
  73. return false
  74. }