Context Navigation

source: code/trunk/service.go@ 340

Last change on this file since 340 was 339, checked in by contact, 5 years ago
service: list commands in lexicographic order
File size: 15.7 KB

Line
1	package soju
2
3	import (
4	"crypto"
5	"crypto/ecdsa"
6	"crypto/ed25519"
7	"crypto/elliptic"
8	"crypto/rand"
9	"crypto/rsa"
10	"crypto/sha1"
11	"crypto/sha256"
12	"crypto/x509"
13	"crypto/x509/pkix"
14	"encoding/hex"
15	"errors"
16	"flag"
17	"fmt"
18	"io/ioutil"
19	"math/big"
20	"sort"
21	"strings"
22	"time"
23
24	"github.com/google/shlex"
25	"golang.org/x/crypto/bcrypt"
26	"gopkg.in/irc.v3"
27	)
28
29	const serviceNick = "BouncerServ"
30
31	var servicePrefix = &irc.Prefix{
32	Name: serviceNick,
33	User: serviceNick,
34	Host: serviceNick,
35	}
36
37	type serviceCommandSet map[string]*serviceCommand
38
39	type serviceCommand struct {
40	usage string
41	desc string
42	handle func(dc *downstreamConn, params []string) error
43	children serviceCommandSet
44	admin bool
45	}
46
47	func sendServiceNOTICE(dc *downstreamConn, text string) {
48	dc.SendMessage(&irc.Message{
49	Prefix: servicePrefix,
50	Command: "NOTICE",
51	Params: []string{dc.nick, text},
52	})
53	}
54
55	func sendServicePRIVMSG(dc *downstreamConn, text string) {
56	dc.SendMessage(&irc.Message{
57	Prefix: servicePrefix,
58	Command: "PRIVMSG",
59	Params: []string{dc.nick, text},
60	})
61	}
62
63	func handleServicePRIVMSG(dc *downstreamConn, text string) {
64	words, err := shlex.Split(text)
65	if err != nil {
66	sendServicePRIVMSG(dc, fmt.Sprintf("error: failed to parse command: %v", err))
67	return
68	}
69
70	cmd, params, err := serviceCommands.Get(words)
71	if err != nil {
72	sendServicePRIVMSG(dc, fmt.Sprintf(`error: %v (type "help" for a list of commands)`, err))
73	return
74	}
75	if cmd.admin && !dc.user.Admin {
76	sendServicePRIVMSG(dc, fmt.Sprintf(`error: you must be an admin to use this command`))
77	return
78	}
79
80	if cmd.handle == nil {
81	if len(cmd.children) > 0 {
82	var l []string
83	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
84	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
85	} else {
86	// Pretend the command does not exist if it has neither children nor handler.
87	// This is obviously a bug but it is better to not die anyway.
88	dc.logger.Printf("command without handler and subcommands invoked:", words[0])
89	sendServicePRIVMSG(dc, fmt.Sprintf("command %q not found", words[0]))
90	}
91	return
92	}
93
94	if err := cmd.handle(dc, params); err != nil {
95	sendServicePRIVMSG(dc, fmt.Sprintf("error: %v", err))
96	}
97	}
98
99	func (cmds serviceCommandSet) Get(params []string) (*serviceCommand, []string, error) {
100	if len(params) == 0 {
101	return nil, nil, fmt.Errorf("no command specified")
102	}
103
104	name := params[0]
105	params = params[1:]
106
107	cmd, ok := cmds[name]
108	if !ok {
109	for k := range cmds {
110	if !strings.HasPrefix(k, name) {
111	continue
112	}
113	if cmd != nil {
114	return nil, params, fmt.Errorf("command %q is ambiguous", name)
115	}
116	cmd = cmds[k]
117	}
118	}
119	if cmd == nil {
120	return nil, params, fmt.Errorf("command %q not found", name)
121	}
122
123	if len(params) == 0 \|\| len(cmd.children) == 0 {
124	return cmd, params, nil
125	}
126	return cmd.children.Get(params)
127	}
128
129	func (cmds serviceCommandSet) Names() []string {
130	l := make([]string, 0, len(cmds))
131	for name := range cmds {
132	l = append(l, name)
133	}
134	sort.Strings(l)
135	return l
136	}
137
138	var serviceCommands serviceCommandSet
139
140	func init() {
141	serviceCommands = serviceCommandSet{
142	"help": {
143	usage: "[command]",
144	desc: "print help message",
145	handle: handleServiceHelp,
146	},
147	"network": {
148	children: serviceCommandSet{
149	"create": {
150	usage: "-addr <addr> [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
151	desc: "add a new network",
152	handle: handleServiceNetworkCreate,
153	},
154	"status": {
155	desc: "show a list of saved networks and their current status",
156	handle: handleServiceNetworkStatus,
157	},
158	"update": {
159	usage: "[-addr addr] [-name name] [-username username] [-pass pass] [-realname realname] [-nick nick] [-connect-command command]...",
160	desc: "update a network",
161	handle: handleServiceNetworkUpdate,
162	},
163	"delete": {
164	usage: "<name>",
165	desc: "delete a network",
166	handle: handleServiceNetworkDelete,
167	},
168	},
169	},
170	"certfp": {
171	children: serviceCommandSet{
172	"generate": {
173	usage: "[-key-type rsa\|ecdsa\|ed25519] [-bits N] <network name>",
174	desc: "generate a new self-signed certificate, defaults to using RSA-3072 key",
175	handle: handleServiceCertfpGenerate,
176	},
177	"fingerprint": {
178	usage: "<network name>",
179	desc: "show fingerprints of certificate associated with the network",
180	handle: handleServiceCertfpFingerprints,
181	},
182	"reset": {
183	usage: "<network name>",
184	desc: "disable SASL EXTERNAL authentication and remove stored certificate",
185	handle: handleServiceCertfpReset,
186	},
187	},
188	},
189	"user": {
190	children: serviceCommandSet{
191	"create": {
192	usage: "-username <username> -password <password> [-admin]",
193	desc: "create a new soju user",
194	handle: handleUserCreate,
195	admin: true,
196	},
197	},
198	admin: true,
199	},
200	"change-password": {
201	usage: "<new password>",
202	desc: "change your password",
203	handle: handlePasswordChange,
204	},
205	}
206	}
207
208	func appendServiceCommandSetHelp(cmds serviceCommandSet, prefix []string, admin bool, l *[]string) {
209	for _, name := range cmds.Names() {
210	cmd := cmds[name]
211	if cmd.admin && !admin {
212	continue
213	}
214	words := append(prefix, name)
215	if len(cmd.children) == 0 {
216	s := strings.Join(words, " ")
217	l = append(l, s)
218	} else {
219	appendServiceCommandSetHelp(cmd.children, words, admin, l)
220	}
221	}
222	}
223
224	func handleServiceHelp(dc *downstreamConn, params []string) error {
225	if len(params) > 0 {
226	cmd, rest, err := serviceCommands.Get(params)
227	if err != nil {
228	return err
229	}
230	words := params[:len(params)-len(rest)]
231
232	if len(cmd.children) > 0 {
233	var l []string
234	appendServiceCommandSetHelp(cmd.children, words, dc.user.Admin, &l)
235	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
236	} else {
237	text := strings.Join(words, " ")
238	if cmd.usage != "" {
239	text += " " + cmd.usage
240	}
241	text += ": " + cmd.desc
242
243	sendServicePRIVMSG(dc, text)
244	}
245	} else {
246	var l []string
247	appendServiceCommandSetHelp(serviceCommands, nil, dc.user.Admin, &l)
248	sendServicePRIVMSG(dc, "available commands: "+strings.Join(l, ", "))
249	}
250	return nil
251	}
252
253	func newFlagSet() *flag.FlagSet {
254	fs := flag.NewFlagSet("", flag.ContinueOnError)
255	fs.SetOutput(ioutil.Discard)
256	return fs
257	}
258
259	type stringSliceFlag []string
260
261	func (v *stringSliceFlag) String() string {
262	return fmt.Sprint([]string(*v))
263	}
264
265	func (v *stringSliceFlag) Set(s string) error {
266	v = append(v, s)
267	return nil
268	}
269
270	// stringPtrFlag is a flag value populating a string pointer. This allows to
271	// disambiguate between a flag that hasn't been set and a flag that has been
272	// set to an empty string.
273	type stringPtrFlag struct {
274	ptr **string
275	}
276
277	func (f stringPtrFlag) String() string {
278	if f.ptr == nil \|\| *f.ptr == nil {
279	return ""
280	}
281	return **f.ptr
282	}
283
284	func (f stringPtrFlag) Set(s string) error {
285	*f.ptr = &s
286	return nil
287	}
288
289	type networkFlagSet struct {
290	*flag.FlagSet
291	Addr, Name, Nick, Username, Pass, Realname *string
292	ConnectCommands []string
293	}
294
295	func newNetworkFlagSet() *networkFlagSet {
296	fs := &networkFlagSet{FlagSet: newFlagSet()}
297	fs.Var(stringPtrFlag{&fs.Addr}, "addr", "")
298	fs.Var(stringPtrFlag{&fs.Name}, "name", "")
299	fs.Var(stringPtrFlag{&fs.Nick}, "nick", "")
300	fs.Var(stringPtrFlag{&fs.Username}, "username", "")
301	fs.Var(stringPtrFlag{&fs.Pass}, "pass", "")
302	fs.Var(stringPtrFlag{&fs.Realname}, "realname", "")
303	fs.Var((*stringSliceFlag)(&fs.ConnectCommands), "connect-command", "")
304	return fs
305	}
306
307	func (fs networkFlagSet) update(network Network) error {
308	if fs.Addr != nil {
309	if addrParts := strings.SplitN(*fs.Addr, "://", 2); len(addrParts) == 2 {
310	scheme := addrParts[0]
311	switch scheme {
312	case "ircs", "irc+insecure":
313	default:
314	return fmt.Errorf("unknown scheme %q (supported schemes: ircs, irc+insecure)", scheme)
315	}
316	}
317	network.Addr = *fs.Addr
318	}
319	if fs.Name != nil {
320	network.Name = *fs.Name
321	}
322	if fs.Nick != nil {
323	network.Nick = *fs.Nick
324	}
325	if fs.Username != nil {
326	network.Username = *fs.Username
327	}
328	if fs.Pass != nil {
329	network.Pass = *fs.Pass
330	}
331	if fs.Realname != nil {
332	network.Realname = *fs.Realname
333	}
334	if fs.ConnectCommands != nil {
335	if len(fs.ConnectCommands) == 1 && fs.ConnectCommands[0] == "" {
336	network.ConnectCommands = nil
337	} else {
338	for _, command := range fs.ConnectCommands {
339	_, err := irc.ParseMessage(command)
340	if err != nil {
341	return fmt.Errorf("flag -connect-command must be a valid raw irc command string: %q: %v", command, err)
342	}
343	}
344	network.ConnectCommands = fs.ConnectCommands
345	}
346	}
347	return nil
348	}
349
350	func handleServiceNetworkCreate(dc *downstreamConn, params []string) error {
351	fs := newNetworkFlagSet()
352	if err := fs.Parse(params); err != nil {
353	return err
354	}
355	if fs.Addr == nil {
356	return fmt.Errorf("flag -addr is required")
357	}
358
359	record := &Network{
360	Addr: *fs.Addr,
361	Nick: dc.nick,
362	}
363	if err := fs.update(record); err != nil {
364	return err
365	}
366
367	network, err := dc.user.createNetwork(record)
368	if err != nil {
369	return fmt.Errorf("could not create network: %v", err)
370	}
371
372	sendServicePRIVMSG(dc, fmt.Sprintf("created network %q", network.GetName()))
373	return nil
374	}
375
376	func handleServiceNetworkStatus(dc *downstreamConn, params []string) error {
377	dc.user.forEachNetwork(func(net *network) {
378	var statuses []string
379	var details string
380	if uc := net.conn; uc != nil {
381	if dc.nick != uc.nick {
382	statuses = append(statuses, "connected as "+uc.nick)
383	} else {
384	statuses = append(statuses, "connected")
385	}
386	details = fmt.Sprintf("%v channels", len(uc.channels))
387	} else {
388	statuses = append(statuses, "disconnected")
389	if net.lastError != nil {
390	details = net.lastError.Error()
391	}
392	}
393
394	if net == dc.network {
395	statuses = append(statuses, "current")
396	}
397
398	name := net.GetName()
399	if name != net.Addr {
400	name = fmt.Sprintf("%v (%v)", name, net.Addr)
401	}
402
403	s := fmt.Sprintf("%v [%v]", name, strings.Join(statuses, ", "))
404	if details != "" {
405	s += ": " + details
406	}
407	sendServicePRIVMSG(dc, s)
408	})
409	return nil
410	}
411
412	func handleServiceNetworkUpdate(dc *downstreamConn, params []string) error {
413	if len(params) < 1 {
414	return fmt.Errorf("expected exactly one argument")
415	}
416
417	fs := newNetworkFlagSet()
418	if err := fs.Parse(params[1:]); err != nil {
419	return err
420	}
421
422	net := dc.user.getNetwork(params[0])
423	if net == nil {
424	return fmt.Errorf("unknown network %q", params[0])
425	}
426
427	record := net.Network // copy network record because we'll mutate it
428	if err := fs.update(&record); err != nil {
429	return err
430	}
431
432	network, err := dc.user.updateNetwork(&record)
433	if err != nil {
434	return fmt.Errorf("could not update network: %v", err)
435	}
436
437	sendServicePRIVMSG(dc, fmt.Sprintf("updated network %q", network.GetName()))
438	return nil
439	}
440
441	func handleServiceNetworkDelete(dc *downstreamConn, params []string) error {
442	if len(params) != 1 {
443	return fmt.Errorf("expected exactly one argument")
444	}
445
446	net := dc.user.getNetwork(params[0])
447	if net == nil {
448	return fmt.Errorf("unknown network %q", params[0])
449	}
450
451	if err := dc.user.deleteNetwork(net.ID); err != nil {
452	return err
453	}
454
455	sendServicePRIVMSG(dc, fmt.Sprintf("deleted network %q", net.GetName()))
456	return nil
457	}
458
459	func handleServiceCertfpGenerate(dc *downstreamConn, params []string) error {
460	fs := newFlagSet()
461	keyType := fs.String("key-type", "rsa", "key type to generate (rsa, ecdsa, ed25519)")
462	bits := fs.Int("bits", 3072, "size of key to generate, meaningful only for RSA")
463
464	if err := fs.Parse(params); err != nil {
465	return err
466	}
467
468	if len(fs.Args()) != 1 {
469	return errors.New("exactly one argument is required")
470	}
471
472	net := dc.user.getNetwork(fs.Arg(0))
473	if net == nil {
474	return fmt.Errorf("unknown network %q", fs.Arg(0))
475	}
476
477	var (
478	privKey crypto.PrivateKey
479	pubKey crypto.PublicKey
480	)
481	switch *keyType {
482	case "rsa":
483	key, err := rsa.GenerateKey(rand.Reader, *bits)
484	if err != nil {
485	return err
486	}
487	privKey = key
488	pubKey = key.Public()
489	case "ecdsa":
490	key, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
491	if err != nil {
492	return err
493	}
494	privKey = key
495	pubKey = key.Public()
496	case "ed25519":
497	var err error
498	pubKey, privKey, err = ed25519.GenerateKey(rand.Reader)
499	if err != nil {
500	return err
501	}
502	}
503
504	// Using PKCS#8 allows easier extension for new key types.
505	privKeyBytes, err := x509.MarshalPKCS8PrivateKey(privKey)
506	if err != nil {
507	return err
508	}
509
510	notBefore := time.Now()
511	// Lets make a fair assumption nobody will use the same cert for more than 20 years...
512	notAfter := notBefore.Add(24 * time.Hour * 365 * 20)
513	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
514	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
515	if err != nil {
516	return err
517	}
518	cert := &x509.Certificate{
519	SerialNumber: serialNumber,
520	Subject: pkix.Name{CommonName: "soju auto-generated certificate"},
521	NotBefore: notBefore,
522	NotAfter: notAfter,
523	KeyUsage: x509.KeyUsageKeyEncipherment \| x509.KeyUsageDigitalSignature,
524	ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageClientAuth},
525	}
526	derBytes, err := x509.CreateCertificate(rand.Reader, cert, cert, pubKey, privKey)
527	if err != nil {
528	return err
529	}
530
531	net.SASL.External.CertBlob = derBytes
532	net.SASL.External.PrivKeyBlob = privKeyBytes
533	net.SASL.Mechanism = "EXTERNAL"
534
535	if err := dc.srv.db.StoreNetwork(net.Username, &net.Network); err != nil {
536	return err
537	}
538
539	sendServicePRIVMSG(dc, "certificate generated")
540
541	sha1Sum := sha1.Sum(derBytes)
542	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
543	sha256Sum := sha256.Sum256(derBytes)
544	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
545
546	return nil
547	}
548
549	func handleServiceCertfpFingerprints(dc *downstreamConn, params []string) error {
550	if len(params) != 1 {
551	return fmt.Errorf("expected exactly one argument")
552	}
553
554	net := dc.user.getNetwork(params[0])
555	if net == nil {
556	return fmt.Errorf("unknown network %q", params[0])
557	}
558
559	sha1Sum := sha1.Sum(net.SASL.External.CertBlob)
560	sendServicePRIVMSG(dc, "SHA-1 fingerprint: "+hex.EncodeToString(sha1Sum[:]))
561	sha256Sum := sha256.Sum256(net.SASL.External.CertBlob)
562	sendServicePRIVMSG(dc, "SHA-256 fingerprint: "+hex.EncodeToString(sha256Sum[:]))
563	return nil
564	}
565
566	func handleServiceCertfpReset(dc *downstreamConn, params []string) error {
567	if len(params) != 1 {
568	return fmt.Errorf("expected exactly one argument")
569	}
570
571	net := dc.user.getNetwork(params[0])
572	if net == nil {
573	return fmt.Errorf("unknown network %q", params[0])
574	}
575
576	net.SASL.External.CertBlob = nil
577	net.SASL.External.PrivKeyBlob = nil
578
579	if net.SASL.Mechanism == "EXTERNAL" {
580	net.SASL.Mechanism = ""
581	}
582	if err := dc.srv.db.StoreNetwork(dc.user.Username, &net.Network); err != nil {
583	return err
584	}
585
586	sendServicePRIVMSG(dc, "certificate reset")
587	return nil
588	}
589
590	func handlePasswordChange(dc *downstreamConn, params []string) error {
591	if len(params) != 1 {
592	return fmt.Errorf("expected exactly one argument")
593	}
594
595	hashed, err := bcrypt.GenerateFromPassword([]byte(params[0]), bcrypt.DefaultCost)
596	if err != nil {
597	return fmt.Errorf("failed to hash password: %v", err)
598	}
599	if err := dc.user.updatePassword(string(hashed)); err != nil {
600	return err
601	}
602
603	sendServicePRIVMSG(dc, "password updated")
604	return nil
605	}
606
607	func handleUserCreate(dc *downstreamConn, params []string) error {
608	fs := newFlagSet()
609	username := fs.String("username", "", "")
610	password := fs.String("password", "", "")
611	admin := fs.Bool("admin", false, "")
612
613	if err := fs.Parse(params); err != nil {
614	return err
615	}
616	if *username == "" {
617	return fmt.Errorf("flag -username is required")
618	}
619	if *password == "" {
620	return fmt.Errorf("flag -password is required")
621	}
622
623	hashed, err := bcrypt.GenerateFromPassword([]byte(*password), bcrypt.DefaultCost)
624	if err != nil {
625	return fmt.Errorf("failed to hash password: %v", err)
626	}
627
628	user := &User{
629	Username: *username,
630	Password: string(hashed),
631	Admin: *admin,
632	}
633	if _, err := dc.srv.createUser(user); err != nil {
634	return fmt.Errorf("could not create user: %v", err)
635	}
636
637	sendServicePRIVMSG(dc, fmt.Sprintf("created user %q", *username))
638	return nil
639	}

Note: See TracBrowser for help on using the repository browser.

Download in other formats: