Commit Graph

1137 Commits

Author SHA1 Message Date
Simon Ser
bf931709db Drop permissions on Unix admin socket 2023-02-07 10:10:05 +01:00
Simon Ser
67ccc19fdd build: invoke go build once only 2023-02-06 15:26:10 +01:00
Simon Ser
09e1393453 build: don't record DESTDIR in config.DefaultPath 2023-02-06 15:23:54 +01:00
Simon Ser
0cec35a2f8 build: add RUNDIR variable 2023-02-06 15:23:14 +01:00
Simon Ser
c0b03b943f build: add sharedstatedir variable 2023-02-06 15:19:08 +01:00
delthas
f57492af56 Add cmd/sojuctl
This new command enables communicating with the unix administrative
endpoint (unix+admin) that can be enabled on soju.

The syntax is just that of BouncerServ.

Examples:
    sojuctl -config soju.config help
    sojuctl -config soju.config user status
2023-02-06 15:15:09 +01:00
delthas
6fe955e7ff Listen on the default unix admin endpoint in the default configuration
This preserves the previous behavior of *not* enabling any unix+admin
endpoint for developement purposes, but enables it in the default
configuration installed by the Makefile.
2023-02-06 15:15:09 +01:00
delthas
2713bcba34 Add administrative unix listen endpoint
This adds support for listening on a Unix socket for administrative
connections, that then use a simple protocol for communicating with
the service (BouncerServ) as an administrator with a global context.

The wire format used by the Unix socket is IRC, but without
registration or overheads.

Example session:

    >>> BOUNCERSERV
    <<< 461 * BOUNCERSERV :Not enough parameters
    >>> BOUNCERSERV :n s
    <<< :gensou FAIL BOUNCERSERV :this command must be run as a user
    >>> BOUNCERSERV :u s
    <<< :gensou PRIVMSG * :marisa: 2 networks
    <<< :gensou PRIVMSG * :alice: 1 networks
    <<< :gensou BOUNCERSERV OK
2023-02-06 15:15:09 +01:00
delthas
ab235f0099 sojuctl: rename to sojudb
sojuctl will be used to control the soju deamon directly.

sojudb is a better name because it operates on the database file only.
2023-02-06 15:15:09 +01:00
delthas
b920facdff service: Return the error rather than printing it
This enables callers to make the difference between a successful
service call and a failed one.
2023-02-06 15:15:09 +01:00
delthas
f05bd84787 service: Enable running additional commands from a global context
Some commands do not require admin rights but are also useful to
run in a global context. For example, help.
2023-02-06 15:15:09 +01:00
delthas
d17c7d57f2 service: Enable running service commands without users
This enables support for global service contexts, that are run
independently from a user context.

These contexts are considered to be admin. They only have access
to admin commands, because those are relevant in a global context.
2023-02-06 15:15:09 +01:00
delthas
4bd600c651 service: Store the admin capability independently the user
We can acquire admin contexts independently of the user.

This is mainly for a future commit that will introduce events
without a user.
2023-02-06 15:15:09 +01:00
Simon Ser
c031e08d71 Add a default path for the config file 2023-02-06 13:16:55 +01:00
Simon Ser
b4731cbd71 downstream: only send CHATHISTORY ISUPPORT when supported 2023-02-02 19:36:18 +01:00
Simon Ser
a331d2368a config: add missing "pam" case
Fixes: 24cae474db ("Add support for PAM authentication")
2023-01-30 23:32:07 +01:00
Kirill Primak
b2d9af22c3 service: update "user {create,update}" help 2023-01-30 20:33:30 +01:00
Simon Ser
24cae474db Add support for PAM authentication 2023-01-30 11:55:43 +01:00
Simon Ser
ca2d666056 Auto-create users after external auth when enable-user-on-auth is on 2023-01-30 11:53:01 +01:00
Simon Ser
c79fc0c19e Add support for SASL OAUTHBEARER 2023-01-30 11:53:01 +01:00
Simon Ser
22a88079c2 Add support for external OAuth 2.0 authentication 2023-01-30 11:53:01 +01:00
Simon Ser
63ca247354 Add infrastructure for external authentication 2023-01-30 11:53:01 +01:00
Simon Ser
d67e59658d Use database.User.SetPassword in server tests 2023-01-30 11:20:27 +01:00
Simon Ser
979fb319fe service: add -disable-password
This can be used to disable password authentication for a user.
This is useful to prevent a disabled user account from being
auto-enabled when enable-user-on-auth is on.
2023-01-26 20:03:37 +01:00
Simon Ser
db49bc120f Add enable-user-on-auth config directive 2023-01-26 19:51:35 +01:00
Simon Ser
9df9880301 Add disable-inactive-user config option
This can be used to automatically disable users if they don't
actively use the bouncer for a while.
2023-01-26 19:42:29 +01:00
Simon Ser
57f5ee8d6f Add user downstream interaction time 2023-01-26 19:42:29 +01:00
Simon Ser
05d7813835 service: indicate which users are disabled in "user status" 2023-01-26 19:42:13 +01:00
Simon Ser
d7d9d45b45 Add a flag to disable users
Add a new flag to disable users. This can be useful to temporarily
deactivate an account without erasing data.

The user goroutine is kept alive for simplicity's sake. Most of the
infrastructure assumes that each user always has a running goroutine.
A disabled user's goroutine is responsible for sending back an error
to downstream connections, and listening for potential events to
re-enable the account.
2023-01-26 18:33:55 +01:00
Simon Ser
bbf234d441 user: take context in user.stop 2023-01-26 17:12:58 +01:00
Simon Ser
5a9dced249 database: store user creation date
This is useful to figure out which users were created recently.
2023-01-26 17:12:58 +01:00
Simon Ser
2abe231eef database/sqlite: introduce sqliteTime type
This implements sql.Scanner and sql/driver.Valuer, so that we can
load/store time values into SQLite with the format we want, and
properly handle NULL (which the go-sqlite3 package doesn't do
correctly).
2023-01-26 14:38:28 +01:00
Enterprisey
d74b66f240 contrib/clients: Warn about Hexchat password limit
Hexchat truncates passwords, so add a warning about that and a
workaround for Sourcehut users.
2023-01-25 00:06:40 +01:00
delthas
8b558e39b7 xirc: Fix sending hostnames starting with ':' in WHO replies
Some IPv6 hostnames can start with a colon (eg '::1'). This breaks
the IRC line format.

To work around this issue, prefix the hostname with a '0'. This
changes the representation of the IP but not its value.

References: https://todo.sr.ht/~taiite/senpai/109
Co-authored-by: Simon Ser <contact@emersion.fr>
2023-01-25 00:02:26 +01:00
delthas
959baa964f service: add user status
This lists all the users of the instances, along with the number
of networks they have.

Limited to 50 users to avoid flooding with thousands of messages
on large instances.
2023-01-18 16:24:12 +01:00
Simon Ser
1ad2ee7ef5 service: drop unnecessary admin check in handleUserRun
The command is marked as admin-only already.
2023-01-18 16:05:41 +01:00
Simon Ser
bdb470484f doc: add "user run" to man page 2023-01-18 16:04:54 +01:00
delthas
b29c9ef09a service: add user run
This enables to run commands as other users, like sudo.

This is useful for eg fixing a user networks on their behalf.
2023-01-18 15:12:33 +01:00
delthas
e7a06fe208 service: refactor downstreamConn to serviceContext
This will enable running service commands from other contexts.
2023-01-18 15:12:33 +01:00
Simon Ser
59dfa05d13 downstream: set empty CHANTYPES for bouncer connection 2023-01-16 16:46:46 +01:00
delthas
e71cdbf6e3 service: reject commands with unexpected arguments
This avoids issues where a user misstypes the following message:

     network update foobar enabled -false

This is obviously a typo of:

     network update foobar -enabled false

But we currently accept it without failing, and ignore the trailing
parameter "false".

This fixes this behavior by failing on unexpected arguments.
2023-01-15 16:52:37 +01:00
Simon Ser
6734c5f8f0 doc: document command parsing rules for the service 2023-01-09 18:31:19 +01:00
Simon Ser
bd4aee3f31 service: fix typo in network -cerfp flag name
Reported-by: rj1 <rj1@riseup.net>
Fixes: be185fba33 ("Implement TLS fingerprint pinning")
2022-12-18 17:55:31 +01:00
rj1
be185fba33 Implement TLS fingerprint pinning
Closes: https://todo.sr.ht/~emersion/soju/56
2022-12-16 17:44:14 +01:00
delthas
2604a14b7f Store only select TAGMSG types in message stores
We only want to store TAGMSG that should be persistent. +typing TAGMSG
should be dropped, but +react messages should be kept.

This introduces a whitelist for TAGMSG labels. We only store TAGMSG
having a least one tag in that whitelist.
2022-12-16 13:08:44 +01:00
Simon Ser
6ddfc943f5 service: send PART in channel delete 2022-12-08 16:04:01 +01:00
Simon Ser
0edf3a40c2 service: add channel delete command 2022-12-08 16:00:00 +01:00
Simon Ser
f44e922c42 downstream: use ERR_BADCHANMASK for invalid channel name
It's more appropriate than ERR_NOSUCHCHANNEL.
2022-12-08 15:27:02 +01:00
Simon Ser
6d64c164a7 downstream: check channel name validity on JOIN
Avoid storing garbage in the DB.
2022-12-08 15:25:39 +01:00
delthas
58ee475265 Avoid sending push notifications for all channel context messages
...Instead, send them only when their text content contains the user
nick, as if they were regular channel messages.
2022-12-01 18:18:04 +01:00