Context Navigation

source: code/trunk/service.go@ 337

Last change on this file since 337 was 335, checked in by contact, 5 years ago
Fix missing appendServiceCommandSetHelp argument
File size: 15.5 KB

Rev	Line
[117]	1	package soju
	2
	3	import (
[307]	4	"crypto"
	5	"crypto/ecdsa"
	6	"crypto/ed25519"
	7	"crypto/elliptic"
	8	"crypto/rand"
	9	"crypto/rsa"
	10	"crypto/sha1"
	11	"crypto/sha256"
	12	"crypto/x509"
	13	"crypto/x509/pkix"
	14	"encoding/hex"
	15	"errors"
[120]	16	"flag"
[117]	17	"fmt"
[120]	18	"io/ioutil"
[307]	19	"math/big"
[117]	20	"strings"
[307]	21	"time"
[117]	22
	23	"github.com/google/shlex"
[252]	24	"golang.org/x/crypto/bcrypt"
[117]	25	"gopkg.in/irc.v3"
	26	)
	27
	28	const serviceNick = "BouncerServ"
	29
[220]	30	var servicePrefix = &irc.Prefix{
	31	Name: serviceNick,
	32	User: serviceNick,
	33	Host: serviceNick,
	34	}
	35
[150]	36	type serviceCommandSet map[string]*serviceCommand
	37
[117]	38	type serviceCommand struct {
[150]	39	usage string
	40	desc string
	41	handle func(dc *downstreamConn, params []string) error
	42	children serviceCommandSet
[328]	43	admin bool
[117]	44	}
	45
[218]	46	func sendServiceNOTICE(dc *downstreamConn, text string) {
	47	dc.SendMessage(&irc.Message{
[220]	48	Prefix: servicePrefix,
[218]	49	Command: "NOTICE",
	50	Params: []string{dc.nick, text},
	51	})
	52	}
	53
[117]	54	func sendServicePRIVMSG(dc *downstreamConn, text string) {
	55	dc.SendMessage(&irc.Message{
[220]	56	Prefix: servicePrefix,
[117]	57	Command: "PRIVMSG",
	58	Params: []string{dc.nick, text},
	59	})
	60	}
	61
	62	func handleServicePRIVMSG(dc *downstreamConn, text string) {
	63	words, err := shlex.Split(text)
	64	if err != nil {
	65	sendServicePRIVMSG(dc, fmt.Sprintf("error: failed to parse command: %v", err))
	66	return
	67	}
	68
[150]	69	cmd, params, err := serviceCommands.Get(words)
	70	if err != nil {
	71	sendServicePRIVMSG(dc, fmt.Sprintf(`error: %v (type "help" for a list of commands)`, err))
[117]	72	return
	73	}
[328]	74	if cmd.admin && !dc.user.Admin {
	75	sendServicePRIVMSG(dc, fmt.Sprintf(`error: you must be an admin to use this command`))
	76	return
	77	}
[117]	78
[334]	79	if cmd.handle == nil {
	80	if len(cmd.children) > 0 {
	81	var l []string
[335]	82	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
[334]	83	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	84	} else {
	85	// Pretend the command does not exist if it has neither children nor handler.
	86	// This is obviously a bug but it is better to not die anyway.
	87	dc.logger.Printf("command without handler and subcommands invoked:", words[0])
	88	sendServicePRIVMSG(dc, fmt.Sprintf("command %q not found", words[0]))
	89	}
	90	return
	91	}
	92
[117]	93	if err := cmd.handle(dc, params); err != nil {
	94	sendServicePRIVMSG(dc, fmt.Sprintf("error: %v", err))
	95	}
	96	}
	97
[150]	98	func (cmds serviceCommandSet) Get(params []string) (*serviceCommand, []string, error) {
	99	if len(params) == 0 {
	100	return nil, nil, fmt.Errorf("no command specified")
	101	}
[117]	102
[150]	103	name := params[0]
	104	params = params[1:]
	105
	106	cmd, ok := cmds[name]
	107	if !ok {
	108	for k := range cmds {
	109	if !strings.HasPrefix(k, name) {
	110	continue
	111	}
	112	if cmd != nil {
	113	return nil, params, fmt.Errorf("command %q is ambiguous", name)
	114	}
	115	cmd = cmds[k]
	116	}
	117	}
	118	if cmd == nil {
	119	return nil, params, fmt.Errorf("command %q not found", name)
	120	}
	121
	122	if len(params) == 0 \|\| len(cmd.children) == 0 {
	123	return cmd, params, nil
	124	}
	125	return cmd.children.Get(params)
	126	}
	127
	128	var serviceCommands serviceCommandSet
	129
[117]	130	func init() {
[150]	131	serviceCommands = serviceCommandSet{
[117]	132	"help": {
	133	usage: "[command]",
	134	desc: "print help message",
	135	handle: handleServiceHelp,
	136	},
[150]	137	"network": {
	138	children: serviceCommandSet{
	139	"create": {
[313]	140	usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
[150]	141	desc: "add a new network",
[325]	142	handle: handleServiceNetworkCreate,
[150]	143	},
[151]	144	"status": {
	145	desc: "show a list of saved networks and their current status",
	146	handle: handleServiceNetworkStatus,
	147	},
[313]	148	"update": {
[315]	149	usage: "[-addr addr] [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
	150	desc: "update a network",
[313]	151	handle: handleServiceNetworkUpdate,
	152	},
[202]	153	"delete": {
	154	usage: "<name>",
	155	desc: "delete a network",
	156	handle: handleServiceNetworkDelete,
	157	},
[150]	158	},
[120]	159	},
[307]	160	"certfp": {
	161	children: serviceCommandSet{
	162	"generate": {
	163	usage: "[-key-type rsa\|ecdsa\|ed25519] [-bits N] <network name>",
	164	desc: "generate a new self-signed certificate, defaults to using RSA-3072 key",
	165	handle: handleServiceCertfpGenerate,
	166	},
	167	"fingerprint": {
	168	usage: "<network name>",
	169	desc: "show fingerprints of certificate associated with the network",
	170	handle: handleServiceCertfpFingerprints,
	171	},
	172	"reset": {
	173	usage: "<network name>",
	174	desc: "disable SASL EXTERNAL authentication and remove stored certificate",
	175	handle: handleServiceCertfpReset,
	176	},
	177	},
	178	},
[329]	179	"user": {
	180	children: serviceCommandSet{
	181	"create": {
	182	usage: "-username <username> -password <password> [-admin]",
	183	desc: "create a new soju user",
	184	handle: handleUserCreate,
	185	admin: true,
	186	},
	187	},
	188	admin: true,
	189	},
[252]	190	"change-password": {
	191	usage: "<new password>",
	192	desc: "change your password",
	193	handle: handlePasswordChange,
	194	},
[117]	195	}
	196	}
	197
[328]	198	func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, admin bool, l *[]string) {
[150]	199	for name, cmd := range cmds {
[328]	200	if cmd.admin && !admin {
	201	continue
	202	}
[150]	203	words := append(prefix, name)
	204	if len(cmd.children) == 0 {
	205	s := strings.Join(words, " ")
	206	l = append(l, s)
	207	} else {
[328]	208	appendServiceCommandSetHelp(cmd.children, words, admin, l)
[150]	209	}
	210	}
	211	}
	212
[117]	213	func handleServiceHelp(dc *downstreamConn, params []string) error {
	214	if len(params) > 0 {
[150]	215	cmd, rest, err := serviceCommands.Get(params)
	216	if err != nil {
	217	return err
[117]	218	}
[150]	219	words := params[:len(params)-len(rest)]
[117]	220
[150]	221	if len(cmd.children) > 0 {
	222	var l []string
[328]	223	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
[150]	224	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	225	} else {
	226	text := strings.Join(words, " ")
	227	if cmd.usage != "" {
	228	text += " " + cmd.usage
	229	}
	230	text += ": " + cmd.desc
	231
	232	sendServicePRIVMSG(dc, text)
[117]	233	}
	234	} else {
	235	var l []string
[328]	236	appendServiceCommandSetHelp(serviceCommands, nil, dc.user.Admin, &l)
[117]	237	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	238	}
	239	return nil
	240	}
[120]	241
[202]	242	func newFlagSet() *flag.FlagSet {
[120]	243	fs := flag.NewFlagSet("", flag.ContinueOnError)
	244	fs.SetOutput(ioutil.Discard)
[202]	245	return fs
	246	}
	247
[313]	248	type stringSliceFlag []string
[263]	249
[313]	250	func (v *stringSliceFlag) String() string {
[263]	251	return fmt.Sprint([]string(*v))
	252	}
	253
[313]	254	func (v *stringSliceFlag) Set(s string) error {
[263]	255	v = append(v, s)
	256	return nil
	257	}
	258
[313]	259	// stringPtrFlag is a flag value populating a string pointer. This allows to
	260	// disambiguate between a flag that hasn't been set and a flag that has been
	261	// set to an empty string.
	262	type stringPtrFlag struct {
	263	ptr **string
	264	}
	265
	266	func (f stringPtrFlag) String() string {
[333]	267	if f.ptr == nil \|\| *f.ptr == nil {
[313]	268	return ""
	269	}
	270	return **f.ptr
	271	}
	272
	273	func (f stringPtrFlag) Set(s string) error {
	274	*f.ptr = &s
	275	return nil
	276	}
	277
	278	type networkFlagSet struct {
	279	*flag.FlagSet
	280	Addr, Name, Nick, Username, Pass, Realname *string
[315]	281	ConnectCommands []string
[313]	282	}
	283
	284	func newNetworkFlagSet() *networkFlagSet {
	285	fs := &networkFlagSet{FlagSet: newFlagSet()}
	286	fs.Var(stringPtrFlag{&fs.Addr}, "addr", "")
	287	fs.Var(stringPtrFlag{&fs.Name}, "name", "")
	288	fs.Var(stringPtrFlag{&fs.Nick}, "nick", "")
	289	fs.Var(stringPtrFlag{&fs.Username}, "username", "")
	290	fs.Var(stringPtrFlag{&fs.Pass}, "pass", "")
	291	fs.Var(stringPtrFlag{&fs.Realname}, "realname", "")
	292	fs.Var((*stringSliceFlag)(&fs.ConnectCommands), "connect-command", "")
	293	return fs
	294	}
	295
	296	func (fs networkFlagSet) update(network Network) error {
	297	if fs.Addr != nil {
	298	if addrParts := strings.SplitN(*fs.Addr, "://", 2); len(addrParts) == 2 {
	299	scheme := addrParts[0]
	300	switch scheme {
	301	case "ircs", "irc+insecure":
	302	default:
	303	return fmt.Errorf("unknown scheme %q (supported schemes: ircs, irc+insecure)", scheme)
	304	}
	305	}
	306	network.Addr = *fs.Addr
	307	}
	308	if fs.Name != nil {
	309	network.Name = *fs.Name
	310	}
	311	if fs.Nick != nil {
	312	network.Nick = *fs.Nick
	313	}
	314	if fs.Username != nil {
	315	network.Username = *fs.Username
	316	}
	317	if fs.Pass != nil {
	318	network.Pass = *fs.Pass
	319	}
	320	if fs.Realname != nil {
	321	network.Realname = *fs.Realname
	322	}
	323	if fs.ConnectCommands != nil {
	324	if len(fs.ConnectCommands) == 1 && fs.ConnectCommands[0] == "" {
	325	network.ConnectCommands = nil
	326	} else {
	327	for _, command := range fs.ConnectCommands {
	328	_, err := irc.ParseMessage(command)
	329	if err != nil {
	330	return fmt.Errorf("flag -connect-command must be a valid raw irc command string: %q: %v", command, err)
	331	}
	332	}
	333	network.ConnectCommands = fs.ConnectCommands
	334	}
	335	}
	336	return nil
	337	}
	338
[325]	339	func handleServiceNetworkCreate(dc *downstreamConn, params []string) error {
[313]	340	fs := newNetworkFlagSet()
[120]	341	if err := fs.Parse(params); err != nil {
	342	return err
	343	}
[313]	344	if fs.Addr == nil {
[150]	345	return fmt.Errorf("flag -addr is required")
[120]	346	}
	347
[313]	348	record := &Network{
	349	Addr: *fs.Addr,
	350	Nick: dc.nick,
[269]	351	}
[313]	352	if err := fs.update(record); err != nil {
	353	return err
[263]	354	}
	355
[313]	356	network, err := dc.user.createNetwork(record)
[120]	357	if err != nil {
	358	return fmt.Errorf("could not create network: %v", err)
	359	}
	360
[202]	361	sendServicePRIVMSG(dc, fmt.Sprintf("created network %q", network.GetName()))
[120]	362	return nil
	363	}
[151]	364
	365	func handleServiceNetworkStatus(dc *downstreamConn, params []string) error {
	366	dc.user.forEachNetwork(func(net *network) {
	367	var statuses []string
	368	var details string
[279]	369	if uc := net.conn; uc != nil {
[271]	370	if dc.nick != uc.nick {
	371	statuses = append(statuses, "connected as "+uc.nick)
	372	} else {
	373	statuses = append(statuses, "connected")
	374	}
[151]	375	details = fmt.Sprintf("%v channels", len(uc.channels))
	376	} else {
	377	statuses = append(statuses, "disconnected")
[219]	378	if net.lastError != nil {
	379	details = net.lastError.Error()
	380	}
[151]	381	}
	382
	383	if net == dc.network {
	384	statuses = append(statuses, "current")
	385	}
	386
[224]	387	name := net.GetName()
	388	if name != net.Addr {
	389	name = fmt.Sprintf("%v (%v)", name, net.Addr)
	390	}
	391
	392	s := fmt.Sprintf("%v [%v]", name, strings.Join(statuses, ", "))
[151]	393	if details != "" {
	394	s += ": " + details
	395	}
	396	sendServicePRIVMSG(dc, s)
	397	})
	398	return nil
	399	}
[202]	400
[313]	401	func handleServiceNetworkUpdate(dc *downstreamConn, params []string) error {
	402	if len(params) < 1 {
	403	return fmt.Errorf("expected exactly one argument")
	404	}
	405
	406	fs := newNetworkFlagSet()
	407	if err := fs.Parse(params[1:]); err != nil {
	408	return err
	409	}
	410
	411	net := dc.user.getNetwork(params[0])
	412	if net == nil {
	413	return fmt.Errorf("unknown network %q", params[0])
	414	}
	415
	416	record := net.Network // copy network record because we'll mutate it
	417	if err := fs.update(&record); err != nil {
	418	return err
	419	}
	420
	421	network, err := dc.user.updateNetwork(&record)
	422	if err != nil {
	423	return fmt.Errorf("could not update network: %v", err)
	424	}
	425
	426	sendServicePRIVMSG(dc, fmt.Sprintf("updated network %q", network.GetName()))
	427	return nil
	428	}
	429
[202]	430	func handleServiceNetworkDelete(dc *downstreamConn, params []string) error {
	431	if len(params) != 1 {
	432	return fmt.Errorf("expected exactly one argument")
	433	}
	434
	435	net := dc.user.getNetwork(params[0])
	436	if net == nil {
	437	return fmt.Errorf("unknown network %q", params[0])
	438	}
	439
	440	if err := dc.user.deleteNetwork(net.ID); err != nil {
	441	return err
	442	}
	443
	444	sendServicePRIVMSG(dc, fmt.Sprintf("deleted network %q", net.GetName()))
	445	return nil
	446	}
[252]	447
[325]	448	func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
	449	fs := newFlagSet()
	450	keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
	451	bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
	452
	453	if err := fs.Parse(params); err != nil {
	454	return err
	455	}
	456
	457	if len(fs.Args()) != 1 {
	458	return errors.New("exactly one argument is required")
	459	}
	460
	461	net := dc.user.getNetwork(fs.Arg(0))
	462	if net == nil {
	463	return fmt.Errorf("unknown network %q", fs.Arg(0))
	464	}
	465
	466	var (
	467	privKey crypto.PrivateKey
	468	pubKey crypto.PublicKey
	469	)
	470	switch *keyType {
	471	case "rsa":
	472	key, err := rsa.GenerateKey(rand.Reader, *bits)
	473	if err != nil {
	474	return err
	475	}
	476	privKey = key
	477	pubKey = key.Public()
	478	case "ecdsa":
	479	key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
	480	if err != nil {
	481	return err
	482	}
	483	privKey = key
	484	pubKey = key.Public()
	485	case "ed25519":
	486	var err error
	487	pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
	488	if err != nil {
	489	return err
	490	}
	491	}
	492
	493	// Using PKCS#8 allows easier extension for new key types.
	494	privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
	495	if err != nil {
	496	return err
	497	}
	498
	499	notBefore := time.Now()
	500	// Lets make a fair assumption nobody will use the same cert for more than 20 years...
	501	notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
	502	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	503	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	504	if err != nil {
	505	return err
	506	}
	507	cert := &x509.Certificate{
	508	SerialNumber: serialNumber,
	509	Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
	510	NotBefore: notBefore,
	511	NotAfter: notAfter,
	512	KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,
	513	ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
	514	}
	515	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
	516	if err != nil {
	517	return err
	518	}
	519
	520	net.SASL.External.CertBlob = derBytes
	521	net.SASL.External.PrivKeyBlob = privKeyBytes
	522	net.SASL.Mechanism = "EXTERNAL"
	523
	524	if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
	525	return err
	526	}
	527
	528	sendServicePRIVMSG(dc, "certificate generated")
	529
	530	sha1Sum := sha1.Sum(derBytes)
	531	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
	532	sha256Sum := sha256.Sum256(derBytes)
	533	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
	534
	535	return nil
	536	}
	537
	538	func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
	539	if len(params) != 1 {
	540	return fmt.Errorf("expected exactly one argument")
	541	}
	542
	543	net := dc.user.getNetwork(params[0])
	544	if net == nil {
	545	return fmt.Errorf("unknown network %q", params[0])
	546	}
	547
	548	sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
	549	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
	550	sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
	551	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
	552	return nil
	553	}
	554
	555	func handleServiceCertfpReset(dc *downstreamConn, params []string) error {
	556	if len(params) != 1 {
	557	return fmt.Errorf("expected exactly one argument")
	558	}
	559
	560	net := dc.user.getNetwork(params[0])
	561	if net == nil {
	562	return fmt.Errorf("unknown network %q", params[0])
	563	}
	564
	565	net.SASL.External.CertBlob = nil
	566	net.SASL.External.PrivKeyBlob = nil
	567
	568	if net.SASL.Mechanism == "EXTERNAL" {
	569	net.SASL.Mechanism = ""
	570	}
	571	if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
	572	return err
	573	}
	574
	575	sendServicePRIVMSG(dc, "certificate reset")
	576	return nil
	577	}
	578
[252]	579	func handlePasswordChange(dc *downstreamConn, params []string) error {
	580	if len(params) != 1 {
	581	return fmt.Errorf("expected exactly one argument")
	582	}
	583
	584	hashed, err := bcrypt.GenerateFromPassword([]byte(params[0]), bcrypt.DefaultCost)
	585	if err != nil {
	586	return fmt.Errorf("failed to hash password: %v", err)
	587	}
	588	if err := dc.user.updatePassword(string(hashed)); err != nil {
	589	return err
	590	}
	591
	592	sendServicePRIVMSG(dc, "password updated")
	593	return nil
	594	}
[329]	595
	596	func handleUserCreate(dc *downstreamConn, params []string) error {
	597	fs := newFlagSet()
	598	username := fs.String("username", "", "")
	599	password := fs.String("password", "", "")
	600	admin := fs.Bool("admin", false, "")
	601
	602	if err := fs.Parse(params); err != nil {
	603	return err
	604	}
	605	if *username == "" {
	606	return fmt.Errorf("flag -username is required")
	607	}
	608	if *password == "" {
	609	return fmt.Errorf("flag -password is required")
	610	}
	611
	612	hashed, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)
	613	if err != nil {
	614	return fmt.Errorf("failed to hash password: %v", err)
	615	}
	616
	617	user := &User{
	618	Username: *username,
	619	Password: string(hashed),
	620	Admin: *admin,
	621	}
	622	if _, err := dc.srv.createUser(user); err != nil {
	623	return fmt.Errorf("could not create user: %v", err)
	624	}
	625
	626	sendServicePRIVMSG(dc, fmt.Sprintf("created user %q", *username))
	627	return nil
	628	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: