Context Navigation

source: code/trunk/service.go@ 375

Last change on this file since 375 was 374, checked in by hubert, 5 years ago

Fix help message for BouncerServ's network update

It was missing the network name as first argument.

File size: 16.5 KB

Rev	Line
[117]	1	package soju
	2
	3	import (
[307]	4	"crypto"
	5	"crypto/ecdsa"
	6	"crypto/ed25519"
	7	"crypto/elliptic"
	8	"crypto/rand"
	9	"crypto/rsa"
	10	"crypto/sha1"
	11	"crypto/sha256"
	12	"crypto/x509"
	13	"crypto/x509/pkix"
	14	"encoding/hex"
	15	"errors"
[120]	16	"flag"
[117]	17	"fmt"
[120]	18	"io/ioutil"
[307]	19	"math/big"
[339]	20	"sort"
[117]	21	"strings"
[307]	22	"time"
[117]	23
	24	"github.com/google/shlex"
[252]	25	"golang.org/x/crypto/bcrypt"
[117]	26	"gopkg.in/irc.v3"
	27	)
	28
	29	const serviceNick = "BouncerServ"
[343]	30	const serviceRealname = "soju bouncer service"
[117]	31
[220]	32	var servicePrefix = &irc.Prefix{
	33	Name: serviceNick,
	34	User: serviceNick,
	35	Host: serviceNick,
	36	}
	37
[150]	38	type serviceCommandSet map[string]*serviceCommand
	39
[117]	40	type serviceCommand struct {
[150]	41	usage string
	42	desc string
	43	handle func(dc *downstreamConn, params []string) error
	44	children serviceCommandSet
[328]	45	admin bool
[117]	46	}
	47
[218]	48	func sendServiceNOTICE(dc *downstreamConn, text string) {
	49	dc.SendMessage(&irc.Message{
[220]	50	Prefix: servicePrefix,
[218]	51	Command: "NOTICE",
	52	Params: []string{dc.nick, text},
	53	})
	54	}
	55
[117]	56	func sendServicePRIVMSG(dc *downstreamConn, text string) {
	57	dc.SendMessage(&irc.Message{
[220]	58	Prefix: servicePrefix,
[117]	59	Command: "PRIVMSG",
	60	Params: []string{dc.nick, text},
	61	})
	62	}
	63
	64	func handleServicePRIVMSG(dc *downstreamConn, text string) {
	65	words, err := shlex.Split(text)
	66	if err != nil {
	67	sendServicePRIVMSG(dc, fmt.Sprintf("error: failed to parse command: %v", err))
	68	return
	69	}
	70
[150]	71	cmd, params, err := serviceCommands.Get(words)
	72	if err != nil {
	73	sendServicePRIVMSG(dc, fmt.Sprintf(`error: %v (type "help" for a list of commands)`, err))
[117]	74	return
	75	}
[328]	76	if cmd.admin && !dc.user.Admin {
	77	sendServicePRIVMSG(dc, fmt.Sprintf(`error: you must be an admin to use this command`))
	78	return
	79	}
[117]	80
[334]	81	if cmd.handle == nil {
	82	if len(cmd.children) > 0 {
	83	var l []string
[335]	84	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
[334]	85	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	86	} else {
	87	// Pretend the command does not exist if it has neither children nor handler.
	88	// This is obviously a bug but it is better to not die anyway.
	89	dc.logger.Printf("command without handler and subcommands invoked:", words[0])
	90	sendServicePRIVMSG(dc, fmt.Sprintf("command %q not found", words[0]))
	91	}
	92	return
	93	}
	94
[117]	95	if err := cmd.handle(dc, params); err != nil {
	96	sendServicePRIVMSG(dc, fmt.Sprintf("error: %v", err))
	97	}
	98	}
	99
[150]	100	func (cmds serviceCommandSet) Get(params []string) (*serviceCommand, []string, error) {
	101	if len(params) == 0 {
	102	return nil, nil, fmt.Errorf("no command specified")
	103	}
[117]	104
[150]	105	name := params[0]
	106	params = params[1:]
	107
	108	cmd, ok := cmds[name]
	109	if !ok {
	110	for k := range cmds {
	111	if !strings.HasPrefix(k, name) {
	112	continue
	113	}
	114	if cmd != nil {
	115	return nil, params, fmt.Errorf("command %q is ambiguous", name)
	116	}
	117	cmd = cmds[k]
	118	}
	119	}
	120	if cmd == nil {
	121	return nil, params, fmt.Errorf("command %q not found", name)
	122	}
	123
	124	if len(params) == 0 \|\| len(cmd.children) == 0 {
	125	return cmd, params, nil
	126	}
	127	return cmd.children.Get(params)
	128	}
	129
[339]	130	func (cmds serviceCommandSet) Names() []string {
	131	l := make([]string, 0, len(cmds))
	132	for name := range cmds {
	133	l = append(l, name)
	134	}
	135	sort.Strings(l)
	136	return l
	137	}
	138
[150]	139	var serviceCommands serviceCommandSet
	140
[117]	141	func init() {
[150]	142	serviceCommands = serviceCommandSet{
[117]	143	"help": {
	144	usage: "[command]",
	145	desc: "print help message",
	146	handle: handleServiceHelp,
	147	},
[150]	148	"network": {
	149	children: serviceCommandSet{
	150	"create": {
[313]	151	usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
[150]	152	desc: "add a new network",
[325]	153	handle: handleServiceNetworkCreate,
[150]	154	},
[151]	155	"status": {
	156	desc: "show a list of saved networks and their current status",
	157	handle: handleServiceNetworkStatus,
	158	},
[313]	159	"update": {
[374]	160	usage: "<name> [-addr addr] [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
[315]	161	desc: "update a network",
[313]	162	handle: handleServiceNetworkUpdate,
	163	},
[202]	164	"delete": {
	165	usage: "<name>",
	166	desc: "delete a network",
	167	handle: handleServiceNetworkDelete,
	168	},
[150]	169	},
[120]	170	},
[307]	171	"certfp": {
	172	children: serviceCommandSet{
	173	"generate": {
	174	usage: "[-key-type rsa\|ecdsa\|ed25519] [-bits N] <network name>",
	175	desc: "generate a new self-signed certificate, defaults to using RSA-3072 key",
	176	handle: handleServiceCertfpGenerate,
	177	},
	178	"fingerprint": {
	179	usage: "<network name>",
	180	desc: "show fingerprints of certificate associated with the network",
	181	handle: handleServiceCertfpFingerprints,
	182	},
	183	},
	184	},
[363]	185	"sasl": {
	186	children: serviceCommandSet{
	187	"set-plain": {
	188	usage: "<network name> <username> <password>",
	189	desc: "set SASL PLAIN credentials",
	190	handle: handleServiceSASLSetPlain,
	191	},
[364]	192	"reset": {
	193	usage: "<network name>",
	194	desc: "disable SASL authentication and remove stored credentials",
	195	handle: handleServiceSASLReset,
	196	},
[363]	197	},
	198	},
[329]	199	"user": {
	200	children: serviceCommandSet{
	201	"create": {
	202	usage: "-username <username> -password <password> [-admin]",
	203	desc: "create a new soju user",
	204	handle: handleUserCreate,
	205	admin: true,
	206	},
	207	},
	208	admin: true,
	209	},
[252]	210	"change-password": {
	211	usage: "<new password>",
	212	desc: "change your password",
	213	handle: handlePasswordChange,
	214	},
[117]	215	}
	216	}
	217
[328]	218	func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, admin bool, l *[]string) {
[339]	219	for _, name := range cmds.Names() {
	220	cmd := cmds[name]
[328]	221	if cmd.admin && !admin {
	222	continue
	223	}
[150]	224	words := append(prefix, name)
	225	if len(cmd.children) == 0 {
	226	s := strings.Join(words, " ")
	227	l = append(l, s)
	228	} else {
[328]	229	appendServiceCommandSetHelp(cmd.children, words, admin, l)
[150]	230	}
	231	}
	232	}
	233
[117]	234	func handleServiceHelp(dc *downstreamConn, params []string) error {
	235	if len(params) > 0 {
[150]	236	cmd, rest, err := serviceCommands.Get(params)
	237	if err != nil {
	238	return err
[117]	239	}
[150]	240	words := params[:len(params)-len(rest)]
[117]	241
[150]	242	if len(cmd.children) > 0 {
	243	var l []string
[328]	244	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
[150]	245	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	246	} else {
	247	text := strings.Join(words, " ")
	248	if cmd.usage != "" {
	249	text += " " + cmd.usage
	250	}
	251	text += ": " + cmd.desc
	252
	253	sendServicePRIVMSG(dc, text)
[117]	254	}
	255	} else {
	256	var l []string
[328]	257	appendServiceCommandSetHelp(serviceCommands, nil, dc.user.Admin, &l)
[117]	258	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
	259	}
	260	return nil
	261	}
[120]	262
[202]	263	func newFlagSet() *flag.FlagSet {
[120]	264	fs := flag.NewFlagSet("", flag.ContinueOnError)
	265	fs.SetOutput(ioutil.Discard)
[202]	266	return fs
	267	}
	268
[313]	269	type stringSliceFlag []string
[263]	270
[313]	271	func (v *stringSliceFlag) String() string {
[263]	272	return fmt.Sprint([]string(*v))
	273	}
	274
[313]	275	func (v *stringSliceFlag) Set(s string) error {
[263]	276	v = append(v, s)
	277	return nil
	278	}
	279
[313]	280	// stringPtrFlag is a flag value populating a string pointer. This allows to
	281	// disambiguate between a flag that hasn't been set and a flag that has been
	282	// set to an empty string.
	283	type stringPtrFlag struct {
	284	ptr **string
	285	}
	286
	287	func (f stringPtrFlag) String() string {
[333]	288	if f.ptr == nil \|\| *f.ptr == nil {
[313]	289	return ""
	290	}
	291	return **f.ptr
	292	}
	293
	294	func (f stringPtrFlag) Set(s string) error {
	295	*f.ptr = &s
	296	return nil
	297	}
	298
	299	type networkFlagSet struct {
	300	*flag.FlagSet
	301	Addr, Name, Nick, Username, Pass, Realname *string
[315]	302	ConnectCommands []string
[313]	303	}
	304
	305	func newNetworkFlagSet() *networkFlagSet {
	306	fs := &networkFlagSet{FlagSet: newFlagSet()}
	307	fs.Var(stringPtrFlag{&fs.Addr}, "addr", "")
	308	fs.Var(stringPtrFlag{&fs.Name}, "name", "")
	309	fs.Var(stringPtrFlag{&fs.Nick}, "nick", "")
	310	fs.Var(stringPtrFlag{&fs.Username}, "username", "")
	311	fs.Var(stringPtrFlag{&fs.Pass}, "pass", "")
	312	fs.Var(stringPtrFlag{&fs.Realname}, "realname", "")
	313	fs.Var((*stringSliceFlag)(&fs.ConnectCommands), "connect-command", "")
	314	return fs
	315	}
	316
	317	func (fs networkFlagSet) update(network Network) error {
	318	if fs.Addr != nil {
	319	if addrParts := strings.SplitN(*fs.Addr, "://", 2); len(addrParts) == 2 {
	320	scheme := addrParts[0]
	321	switch scheme {
[358]	322	case "ircs", "irc+insecure", "unix":
[313]	323	default:
[358]	324	return fmt.Errorf("unknown scheme %q (supported schemes: ircs, irc+insecure, unix)", scheme)
[313]	325	}
	326	}
	327	network.Addr = *fs.Addr
	328	}
	329	if fs.Name != nil {
	330	network.Name = *fs.Name
	331	}
	332	if fs.Nick != nil {
	333	network.Nick = *fs.Nick
	334	}
	335	if fs.Username != nil {
	336	network.Username = *fs.Username
	337	}
	338	if fs.Pass != nil {
	339	network.Pass = *fs.Pass
	340	}
	341	if fs.Realname != nil {
	342	network.Realname = *fs.Realname
	343	}
	344	if fs.ConnectCommands != nil {
	345	if len(fs.ConnectCommands) == 1 && fs.ConnectCommands[0] == "" {
	346	network.ConnectCommands = nil
	347	} else {
	348	for _, command := range fs.ConnectCommands {
	349	_, err := irc.ParseMessage(command)
	350	if err != nil {
	351	return fmt.Errorf("flag -connect-command must be a valid raw irc command string: %q: %v", command, err)
	352	}
	353	}
	354	network.ConnectCommands = fs.ConnectCommands
	355	}
	356	}
	357	return nil
	358	}
	359
[325]	360	func handleServiceNetworkCreate(dc *downstreamConn, params []string) error {
[313]	361	fs := newNetworkFlagSet()
[120]	362	if err := fs.Parse(params); err != nil {
	363	return err
	364	}
[313]	365	if fs.Addr == nil {
[150]	366	return fmt.Errorf("flag -addr is required")
[120]	367	}
	368
[313]	369	record := &Network{
	370	Addr: *fs.Addr,
	371	Nick: dc.nick,
[269]	372	}
[313]	373	if err := fs.update(record); err != nil {
	374	return err
[263]	375	}
	376
[313]	377	network, err := dc.user.createNetwork(record)
[120]	378	if err != nil {
	379	return fmt.Errorf("could not create network: %v", err)
	380	}
	381
[202]	382	sendServicePRIVMSG(dc, fmt.Sprintf("created network %q", network.GetName()))
[120]	383	return nil
	384	}
[151]	385
	386	func handleServiceNetworkStatus(dc *downstreamConn, params []string) error {
	387	dc.user.forEachNetwork(func(net *network) {
	388	var statuses []string
	389	var details string
[279]	390	if uc := net.conn; uc != nil {
[271]	391	if dc.nick != uc.nick {
	392	statuses = append(statuses, "connected as "+uc.nick)
	393	} else {
	394	statuses = append(statuses, "connected")
	395	}
[151]	396	details = fmt.Sprintf("%v channels", len(uc.channels))
	397	} else {
	398	statuses = append(statuses, "disconnected")
[219]	399	if net.lastError != nil {
	400	details = net.lastError.Error()
	401	}
[151]	402	}
	403
	404	if net == dc.network {
	405	statuses = append(statuses, "current")
	406	}
	407
[224]	408	name := net.GetName()
	409	if name != net.Addr {
	410	name = fmt.Sprintf("%v (%v)", name, net.Addr)
	411	}
	412
	413	s := fmt.Sprintf("%v [%v]", name, strings.Join(statuses, ", "))
[151]	414	if details != "" {
	415	s += ": " + details
	416	}
	417	sendServicePRIVMSG(dc, s)
	418	})
	419	return nil
	420	}
[202]	421
[313]	422	func handleServiceNetworkUpdate(dc *downstreamConn, params []string) error {
	423	if len(params) < 1 {
	424	return fmt.Errorf("expected exactly one argument")
	425	}
	426
	427	fs := newNetworkFlagSet()
	428	if err := fs.Parse(params[1:]); err != nil {
	429	return err
	430	}
	431
	432	net := dc.user.getNetwork(params[0])
	433	if net == nil {
	434	return fmt.Errorf("unknown network %q", params[0])
	435	}
	436
	437	record := net.Network // copy network record because we'll mutate it
	438	if err := fs.update(&record); err != nil {
	439	return err
	440	}
	441
	442	network, err := dc.user.updateNetwork(&record)
	443	if err != nil {
	444	return fmt.Errorf("could not update network: %v", err)
	445	}
	446
	447	sendServicePRIVMSG(dc, fmt.Sprintf("updated network %q", network.GetName()))
	448	return nil
	449	}
	450
[202]	451	func handleServiceNetworkDelete(dc *downstreamConn, params []string) error {
	452	if len(params) != 1 {
	453	return fmt.Errorf("expected exactly one argument")
	454	}
	455
	456	net := dc.user.getNetwork(params[0])
	457	if net == nil {
	458	return fmt.Errorf("unknown network %q", params[0])
	459	}
	460
	461	if err := dc.user.deleteNetwork(net.ID); err != nil {
	462	return err
	463	}
	464
	465	sendServicePRIVMSG(dc, fmt.Sprintf("deleted network %q", net.GetName()))
	466	return nil
	467	}
[252]	468
[325]	469	func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
	470	fs := newFlagSet()
	471	keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
	472	bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
	473
	474	if err := fs.Parse(params); err != nil {
	475	return err
	476	}
	477
	478	if len(fs.Args()) != 1 {
	479	return errors.New("exactly one argument is required")
	480	}
	481
	482	net := dc.user.getNetwork(fs.Arg(0))
	483	if net == nil {
	484	return fmt.Errorf("unknown network %q", fs.Arg(0))
	485	}
	486
	487	var (
	488	privKey crypto.PrivateKey
	489	pubKey crypto.PublicKey
	490	)
	491	switch *keyType {
	492	case "rsa":
	493	key, err := rsa.GenerateKey(rand.Reader, *bits)
	494	if err != nil {
	495	return err
	496	}
	497	privKey = key
	498	pubKey = key.Public()
	499	case "ecdsa":
	500	key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
	501	if err != nil {
	502	return err
	503	}
	504	privKey = key
	505	pubKey = key.Public()
	506	case "ed25519":
	507	var err error
	508	pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
	509	if err != nil {
	510	return err
	511	}
	512	}
	513
	514	// Using PKCS#8 allows easier extension for new key types.
	515	privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
	516	if err != nil {
	517	return err
	518	}
	519
	520	notBefore := time.Now()
	521	// Lets make a fair assumption nobody will use the same cert for more than 20 years...
	522	notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
	523	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
	524	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
	525	if err != nil {
	526	return err
	527	}
	528	cert := &x509.Certificate{
	529	SerialNumber: serialNumber,
	530	Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
	531	NotBefore: notBefore,
	532	NotAfter: notAfter,
	533	KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,
	534	ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
	535	}
	536	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
	537	if err != nil {
	538	return err
	539	}
	540
	541	net.SASL.External.CertBlob = derBytes
	542	net.SASL.External.PrivKeyBlob = privKeyBytes
	543	net.SASL.Mechanism = "EXTERNAL"
	544
	545	if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
	546	return err
	547	}
	548
	549	sendServicePRIVMSG(dc, "certificate generated")
	550
	551	sha1Sum := sha1.Sum(derBytes)
	552	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
	553	sha256Sum := sha256.Sum256(derBytes)
	554	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
	555
	556	return nil
	557	}
	558
	559	func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
	560	if len(params) != 1 {
	561	return fmt.Errorf("expected exactly one argument")
	562	}
	563
	564	net := dc.user.getNetwork(params[0])
	565	if net == nil {
	566	return fmt.Errorf("unknown network %q", params[0])
	567	}
	568
	569	sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
	570	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
	571	sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
	572	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
	573	return nil
	574	}
	575
[364]	576	func handleServiceSASLSetPlain(dc *downstreamConn, params []string) error {
	577	if len(params) != 3 {
	578	return fmt.Errorf("expected exactly 3 arguments")
[325]	579	}
	580
	581	net := dc.user.getNetwork(params[0])
	582	if net == nil {
	583	return fmt.Errorf("unknown network %q", params[0])
	584	}
	585
[364]	586	net.SASL.Plain.Username = params[1]
	587	net.SASL.Plain.Password = params[2]
	588	net.SASL.Mechanism = "PLAIN"
[325]	589
[364]	590	if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
[325]	591	return err
	592	}
	593
[364]	594	sendServicePRIVMSG(dc, "credentials saved")
[325]	595	return nil
	596	}
	597
[364]	598	func handleServiceSASLReset(dc *downstreamConn, params []string) error {
	599	if len(params) != 1 {
	600	return fmt.Errorf("expected exactly one argument")
[363]	601	}
	602
	603	net := dc.user.getNetwork(params[0])
	604	if net == nil {
	605	return fmt.Errorf("unknown network %q", params[0])
	606	}
	607
[364]	608	net.SASL.Plain.Username = ""
	609	net.SASL.Plain.Password = ""
	610	net.SASL.External.CertBlob = nil
	611	net.SASL.External.PrivKeyBlob = nil
	612	net.SASL.Mechanism = ""
[363]	613
[364]	614	if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
[363]	615	return err
	616	}
	617
[364]	618	sendServicePRIVMSG(dc, "credentials reset")
[363]	619	return nil
	620	}
	621
[252]	622	func handlePasswordChange(dc *downstreamConn, params []string) error {
	623	if len(params) != 1 {
	624	return fmt.Errorf("expected exactly one argument")
	625	}
	626
	627	hashed, err := bcrypt.GenerateFromPassword([]byte(params[0]), bcrypt.DefaultCost)
	628	if err != nil {
	629	return fmt.Errorf("failed to hash password: %v", err)
	630	}
	631	if err := dc.user.updatePassword(string(hashed)); err != nil {
	632	return err
	633	}
	634
	635	sendServicePRIVMSG(dc, "password updated")
	636	return nil
	637	}
[329]	638
	639	func handleUserCreate(dc *downstreamConn, params []string) error {
	640	fs := newFlagSet()
	641	username := fs.String("username", "", "")
	642	password := fs.String("password", "", "")
	643	admin := fs.Bool("admin", false, "")
	644
	645	if err := fs.Parse(params); err != nil {
	646	return err
	647	}
	648	if *username == "" {
	649	return fmt.Errorf("flag -username is required")
	650	}
	651	if *password == "" {
	652	return fmt.Errorf("flag -password is required")
	653	}
	654
	655	hashed, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)
	656	if err != nil {
	657	return fmt.Errorf("failed to hash password: %v", err)
	658	}
	659
	660	user := &User{
	661	Username: *username,
	662	Password: string(hashed),
	663	Admin: *admin,
	664	}
	665	if _, err := dc.srv.createUser(user); err != nil {
	666	return fmt.Errorf("could not create user: %v", err)
	667	}
	668
	669	sendServicePRIVMSG(dc, fmt.Sprintf("created user %q", *username))
	670	return nil
	671	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: