Context Navigation

source: code/trunk/service.go@ 325

Last change on this file since 325 was 325, checked in by delthas, 5 years ago

Rename handleServiceCreateNetwork to handleServiceNetworkCreate

This renames handleServiceCreateNetwork for consistency with other
service commands.

File size: 13.7 KB

Line
1	package soju
2
3	import (
4	"crypto"
5	"crypto/ecdsa"
6	"crypto/ed25519"
7	"crypto/elliptic"
8	"crypto/rand"
9	"crypto/rsa"
10	"crypto/sha1"
11	"crypto/sha256"
12	"crypto/x509"
13	"crypto/x509/pkix"
14	"encoding/hex"
15	"errors"
16	"flag"
17	"fmt"
18	"io/ioutil"
19	"math/big"
20	"strings"
21	"time"
22
23	"github.com/google/shlex"
24	"golang.org/x/crypto/bcrypt"
25	"gopkg.in/irc.v3"
26	)
27
28	const serviceNick = "BouncerServ"
29
30	var servicePrefix = &irc.Prefix{
31	Name: serviceNick,
32	User: serviceNick,
33	Host: serviceNick,
34	}
35
36	type serviceCommandSet map[string]*serviceCommand
37
38	type serviceCommand struct {
39	usage string
40	desc string
41	handle func(dc *downstreamConn, params []string) error
42	children serviceCommandSet
43	}
44
45	func sendServiceNOTICE(dc *downstreamConn, text string) {
46	dc.SendMessage(&irc.Message{
47	Prefix: servicePrefix,
48	Command: "NOTICE",
49	Params: []string{dc.nick, text},
50	})
51	}
52
53	func sendServicePRIVMSG(dc *downstreamConn, text string) {
54	dc.SendMessage(&irc.Message{
55	Prefix: servicePrefix,
56	Command: "PRIVMSG",
57	Params: []string{dc.nick, text},
58	})
59	}
60
61	func handleServicePRIVMSG(dc *downstreamConn, text string) {
62	words, err := shlex.Split(text)
63	if err != nil {
64	sendServicePRIVMSG(dc, fmt.Sprintf("error: failed to parse command: %v", err))
65	return
66	}
67
68	cmd, params, err := serviceCommands.Get(words)
69	if err != nil {
70	sendServicePRIVMSG(dc, fmt.Sprintf(`error: %v (type "help" for a list of commands)`, err))
71	return
72	}
73
74	if err := cmd.handle(dc, params); err != nil {
75	sendServicePRIVMSG(dc, fmt.Sprintf("error: %v", err))
76	}
77	}
78
79	func (cmds serviceCommandSet) Get(params []string) (*serviceCommand, []string, error) {
80	if len(params) == 0 {
81	return nil, nil, fmt.Errorf("no command specified")
82	}
83
84	name := params[0]
85	params = params[1:]
86
87	cmd, ok := cmds[name]
88	if !ok {
89	for k := range cmds {
90	if !strings.HasPrefix(k, name) {
91	continue
92	}
93	if cmd != nil {
94	return nil, params, fmt.Errorf("command %q is ambiguous", name)
95	}
96	cmd = cmds[k]
97	}
98	}
99	if cmd == nil {
100	return nil, params, fmt.Errorf("command %q not found", name)
101	}
102
103	if len(params) == 0 \|\| len(cmd.children) == 0 {
104	return cmd, params, nil
105	}
106	return cmd.children.Get(params)
107	}
108
109	var serviceCommands serviceCommandSet
110
111	func init() {
112	serviceCommands = serviceCommandSet{
113	"help": {
114	usage: "[command]",
115	desc: "print help message",
116	handle: handleServiceHelp,
117	},
118	"network": {
119	children: serviceCommandSet{
120	"create": {
121	usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
122	desc: "add a new network",
123	handle: handleServiceNetworkCreate,
124	},
125	"status": {
126	desc: "show a list of saved networks and their current status",
127	handle: handleServiceNetworkStatus,
128	},
129	"update": {
130	usage: "[-addr addr] [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
131	desc: "update a network",
132	handle: handleServiceNetworkUpdate,
133	},
134	"delete": {
135	usage: "<name>",
136	desc: "delete a network",
137	handle: handleServiceNetworkDelete,
138	},
139	},
140	},
141	"certfp": {
142	children: serviceCommandSet{
143	"generate": {
144	usage: "[-key-type rsa\|ecdsa\|ed25519] [-bits N] <network name>",
145	desc: "generate a new self-signed certificate, defaults to using RSA-3072 key",
146	handle: handleServiceCertfpGenerate,
147	},
148	"fingerprint": {
149	usage: "<network name>",
150	desc: "show fingerprints of certificate associated with the network",
151	handle: handleServiceCertfpFingerprints,
152	},
153	"reset": {
154	usage: "<network name>",
155	desc: "disable SASL EXTERNAL authentication and remove stored certificate",
156	handle: handleServiceCertfpReset,
157	},
158	},
159	},
160	"change-password": {
161	usage: "<new password>",
162	desc: "change your password",
163	handle: handlePasswordChange,
164	},
165	}
166	}
167
168	func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, l *[]string) {
169	for name, cmd := range cmds {
170	words := append(prefix, name)
171	if len(cmd.children) == 0 {
172	s := strings.Join(words, " ")
173	l = append(l, s)
174	} else {
175	appendServiceCommandSetHelp(cmd.children, words, l)
176	}
177	}
178	}
179
180	func handleServiceHelp(dc *downstreamConn, params []string) error {
181	if len(params) > 0 {
182	cmd, rest, err := serviceCommands.Get(params)
183	if err != nil {
184	return err
185	}
186	words := params[:len(params)-len(rest)]
187
188	if len(cmd.children) > 0 {
189	var l []string
190	appendServiceCommandSetHelp(cmd.children, words, &l)
191	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
192	} else {
193	text := strings.Join(words, " ")
194	if cmd.usage != "" {
195	text += " " + cmd.usage
196	}
197	text += ": " + cmd.desc
198
199	sendServicePRIVMSG(dc, text)
200	}
201	} else {
202	var l []string
203	appendServiceCommandSetHelp(serviceCommands, nil, &l)
204	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
205	}
206	return nil
207	}
208
209	func newFlagSet() *flag.FlagSet {
210	fs := flag.NewFlagSet("", flag.ContinueOnError)
211	fs.SetOutput(ioutil.Discard)
212	return fs
213	}
214
215	type stringSliceFlag []string
216
217	func (v *stringSliceFlag) String() string {
218	return fmt.Sprint([]string(*v))
219	}
220
221	func (v *stringSliceFlag) Set(s string) error {
222	v = append(v, s)
223	return nil
224	}
225
226	// stringPtrFlag is a flag value populating a string pointer. This allows to
227	// disambiguate between a flag that hasn't been set and a flag that has been
228	// set to an empty string.
229	type stringPtrFlag struct {
230	ptr **string
231	}
232
233	func (f stringPtrFlag) String() string {
234	if *f.ptr == nil {
235	return ""
236	}
237	return **f.ptr
238	}
239
240	func (f stringPtrFlag) Set(s string) error {
241	*f.ptr = &s
242	return nil
243	}
244
245	type networkFlagSet struct {
246	*flag.FlagSet
247	Addr, Name, Nick, Username, Pass, Realname *string
248	ConnectCommands []string
249	}
250
251	func newNetworkFlagSet() *networkFlagSet {
252	fs := &networkFlagSet{FlagSet: newFlagSet()}
253	fs.Var(stringPtrFlag{&fs.Addr}, "addr", "")
254	fs.Var(stringPtrFlag{&fs.Name}, "name", "")
255	fs.Var(stringPtrFlag{&fs.Nick}, "nick", "")
256	fs.Var(stringPtrFlag{&fs.Username}, "username", "")
257	fs.Var(stringPtrFlag{&fs.Pass}, "pass", "")
258	fs.Var(stringPtrFlag{&fs.Realname}, "realname", "")
259	fs.Var((*stringSliceFlag)(&fs.ConnectCommands), "connect-command", "")
260	return fs
261	}
262
263	func (fs networkFlagSet) update(network Network) error {
264	if fs.Addr != nil {
265	if addrParts := strings.SplitN(*fs.Addr, "://", 2); len(addrParts) == 2 {
266	scheme := addrParts[0]
267	switch scheme {
268	case "ircs", "irc+insecure":
269	default:
270	return fmt.Errorf("unknown scheme %q (supported schemes: ircs, irc+insecure)", scheme)
271	}
272	}
273	network.Addr = *fs.Addr
274	}
275	if fs.Name != nil {
276	network.Name = *fs.Name
277	}
278	if fs.Nick != nil {
279	network.Nick = *fs.Nick
280	}
281	if fs.Username != nil {
282	network.Username = *fs.Username
283	}
284	if fs.Pass != nil {
285	network.Pass = *fs.Pass
286	}
287	if fs.Realname != nil {
288	network.Realname = *fs.Realname
289	}
290	if fs.ConnectCommands != nil {
291	if len(fs.ConnectCommands) == 1 && fs.ConnectCommands[0] == "" {
292	network.ConnectCommands = nil
293	} else {
294	for _, command := range fs.ConnectCommands {
295	_, err := irc.ParseMessage(command)
296	if err != nil {
297	return fmt.Errorf("flag -connect-command must be a valid raw irc command string: %q: %v", command, err)
298	}
299	}
300	network.ConnectCommands = fs.ConnectCommands
301	}
302	}
303	return nil
304	}
305
306	func handleServiceNetworkCreate(dc *downstreamConn, params []string) error {
307	fs := newNetworkFlagSet()
308	if err := fs.Parse(params); err != nil {
309	return err
310	}
311	if fs.Addr == nil {
312	return fmt.Errorf("flag -addr is required")
313	}
314
315	record := &Network{
316	Addr: *fs.Addr,
317	Nick: dc.nick,
318	}
319	if err := fs.update(record); err != nil {
320	return err
321	}
322
323	network, err := dc.user.createNetwork(record)
324	if err != nil {
325	return fmt.Errorf("could not create network: %v", err)
326	}
327
328	sendServicePRIVMSG(dc, fmt.Sprintf("created network %q", network.GetName()))
329	return nil
330	}
331
332	func handleServiceNetworkStatus(dc *downstreamConn, params []string) error {
333	dc.user.forEachNetwork(func(net *network) {
334	var statuses []string
335	var details string
336	if uc := net.conn; uc != nil {
337	if dc.nick != uc.nick {
338	statuses = append(statuses, "connected as "+uc.nick)
339	} else {
340	statuses = append(statuses, "connected")
341	}
342	details = fmt.Sprintf("%v channels", len(uc.channels))
343	} else {
344	statuses = append(statuses, "disconnected")
345	if net.lastError != nil {
346	details = net.lastError.Error()
347	}
348	}
349
350	if net == dc.network {
351	statuses = append(statuses, "current")
352	}
353
354	name := net.GetName()
355	if name != net.Addr {
356	name = fmt.Sprintf("%v (%v)", name, net.Addr)
357	}
358
359	s := fmt.Sprintf("%v [%v]", name, strings.Join(statuses, ", "))
360	if details != "" {
361	s += ": " + details
362	}
363	sendServicePRIVMSG(dc, s)
364	})
365	return nil
366	}
367
368	func handleServiceNetworkUpdate(dc *downstreamConn, params []string) error {
369	if len(params) < 1 {
370	return fmt.Errorf("expected exactly one argument")
371	}
372
373	fs := newNetworkFlagSet()
374	if err := fs.Parse(params[1:]); err != nil {
375	return err
376	}
377
378	net := dc.user.getNetwork(params[0])
379	if net == nil {
380	return fmt.Errorf("unknown network %q", params[0])
381	}
382
383	record := net.Network // copy network record because we'll mutate it
384	if err := fs.update(&record); err != nil {
385	return err
386	}
387
388	network, err := dc.user.updateNetwork(&record)
389	if err != nil {
390	return fmt.Errorf("could not update network: %v", err)
391	}
392
393	sendServicePRIVMSG(dc, fmt.Sprintf("updated network %q", network.GetName()))
394	return nil
395	}
396
397	func handleServiceNetworkDelete(dc *downstreamConn, params []string) error {
398	if len(params) != 1 {
399	return fmt.Errorf("expected exactly one argument")
400	}
401
402	net := dc.user.getNetwork(params[0])
403	if net == nil {
404	return fmt.Errorf("unknown network %q", params[0])
405	}
406
407	if err := dc.user.deleteNetwork(net.ID); err != nil {
408	return err
409	}
410
411	sendServicePRIVMSG(dc, fmt.Sprintf("deleted network %q", net.GetName()))
412	return nil
413	}
414
415	func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
416	fs := newFlagSet()
417	keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
418	bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
419
420	if err := fs.Parse(params); err != nil {
421	return err
422	}
423
424	if len(fs.Args()) != 1 {
425	return errors.New("exactly one argument is required")
426	}
427
428	net := dc.user.getNetwork(fs.Arg(0))
429	if net == nil {
430	return fmt.Errorf("unknown network %q", fs.Arg(0))
431	}
432
433	var (
434	privKey crypto.PrivateKey
435	pubKey crypto.PublicKey
436	)
437	switch *keyType {
438	case "rsa":
439	key, err := rsa.GenerateKey(rand.Reader, *bits)
440	if err != nil {
441	return err
442	}
443	privKey = key
444	pubKey = key.Public()
445	case "ecdsa":
446	key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
447	if err != nil {
448	return err
449	}
450	privKey = key
451	pubKey = key.Public()
452	case "ed25519":
453	var err error
454	pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
455	if err != nil {
456	return err
457	}
458	}
459
460	// Using PKCS#8 allows easier extension for new key types.
461	privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
462	if err != nil {
463	return err
464	}
465
466	notBefore := time.Now()
467	// Lets make a fair assumption nobody will use the same cert for more than 20 years...
468	notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
469	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
470	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
471	if err != nil {
472	return err
473	}
474	cert := &x509.Certificate{
475	SerialNumber: serialNumber,
476	Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
477	NotBefore: notBefore,
478	NotAfter: notAfter,
479	KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,
480	ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
481	}
482	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
483	if err != nil {
484	return err
485	}
486
487	net.SASL.External.CertBlob = derBytes
488	net.SASL.External.PrivKeyBlob = privKeyBytes
489	net.SASL.Mechanism = "EXTERNAL"
490
491	if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
492	return err
493	}
494
495	sendServicePRIVMSG(dc, "certificate generated")
496
497	sha1Sum := sha1.Sum(derBytes)
498	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
499	sha256Sum := sha256.Sum256(derBytes)
500	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
501
502	return nil
503	}
504
505	func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
506	if len(params) != 1 {
507	return fmt.Errorf("expected exactly one argument")
508	}
509
510	net := dc.user.getNetwork(params[0])
511	if net == nil {
512	return fmt.Errorf("unknown network %q", params[0])
513	}
514
515	sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
516	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
517	sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
518	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
519	return nil
520	}
521
522	func handleServiceCertfpReset(dc *downstreamConn, params []string) error {
523	if len(params) != 1 {
524	return fmt.Errorf("expected exactly one argument")
525	}
526
527	net := dc.user.getNetwork(params[0])
528	if net == nil {
529	return fmt.Errorf("unknown network %q", params[0])
530	}
531
532	net.SASL.External.CertBlob = nil
533	net.SASL.External.PrivKeyBlob = nil
534
535	if net.SASL.Mechanism == "EXTERNAL" {
536	net.SASL.Mechanism = ""
537	}
538	if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
539	return err
540	}
541
542	sendServicePRIVMSG(dc, "certificate reset")
543	return nil
544	}
545
546	func handlePasswordChange(dc *downstreamConn, params []string) error {
547	if len(params) != 1 {
548	return fmt.Errorf("expected exactly one argument")
549	}
550
551	hashed, err := bcrypt.GenerateFromPassword([]byte(params[0]), bcrypt.DefaultCost)
552	if err != nil {
553	return fmt.Errorf("failed to hash password: %v", err)
554	}
555	if err := dc.user.updatePassword(string(hashed)); err != nil {
556	return err
557	}
558
559	sendServicePRIVMSG(dc, "password updated")
560	return nil
561	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: