diff --git a/README b/README index 183e164..faae872 100644 --- a/README +++ b/README @@ -56,11 +56,18 @@ Just execute goircd daemon. It has following optional arguments: * -statedir: directory where all channels states will be saved and loaded during startup. If omitted, then states will be lost after daemon termination -* -tls_key/-tls_cert: enable TLS and specify key and certificate file +* -tlsbind/-tlskey/-tlscert: enable TLS, specify address to listen on, + certificate and key files * -passwords: enable client authentication and specify path to passwords file * -verbose: increase log messages verbosity +TLS + +If you specify -bind and -tlsbind simultaneously, then you will have +both raw and encrypted listening sockets. You can use -bind "" to +disable raw socket. + AUTHENTICATION You can turn on optional client authentication by preparing passwords diff --git a/goircd.go b/goircd.go index f70e11c..a0633ad 100644 --- a/goircd.go +++ b/goircd.go @@ -40,14 +40,26 @@ var ( statedir = flag.String("statedir", "", "Absolute path to directory for states") passwords = flag.String("passwords", "", "Optional path to passwords file") - tlsKey = flag.String("tls_key", "", "TLS keyfile") - tlsCert = flag.String("tls_cert", "", "TLS certificate") + tlsBind = flag.String("tlsbind", "", "TLS address to bind to") + tlsKey = flag.String("tlskey", "", "TLS keyfile") + tlsCert = flag.String("tlscert", "", "TLS certificate") verbose = flag.Bool("v", false, "Enable verbose logging.") ) +func listenerLoop(sock net.Listener, events chan<- ClientEvent) { + for { + conn, err := sock.Accept() + if err != nil { + log.Println("Error during accepting connection", err) + continue + } + client := NewClient(*hostname, conn) + go client.Processor(events) + } +} + func Run() { - var client *Client events := make(chan ClientEvent) log.SetFlags(log.Ldate | log.Lmicroseconds | log.Lshortfile) @@ -70,6 +82,7 @@ func Run() { stateSink := make(chan StateEvent) daemon := NewDaemon(version, *hostname, *motd, logSink, stateSink) daemon.Verbose = *verbose + log.Println("goircd "+daemon.version+" is starting") if *statedir == "" { // Dummy statekeeper go func() { @@ -103,26 +116,6 @@ func Run() { log.Println(*statedir, "statekeeper initialized") } - var listener net.Listener - if *tlsKey != "" { - cert, err := tls.LoadX509KeyPair(*tlsCert, *tlsKey) - if err != nil { - log.Fatalf("Could not load TLS keys from %s and %s: %s", *tlsCert, *tlsKey, err) - } - config := tls.Config{Certificates: []tls.Certificate{cert}} - listener, err = tls.Listen("tcp", *bind, &config) - if err != nil { - log.Fatalf("Can not listen on %s: %v", *bind, err) - } - } else { - var err error - listener, err = net.Listen("tcp", *bind) - if err != nil { - log.Fatalf("Can not listen on %s: %v", *bind, err) - } - } - log.Println("goircd "+daemon.version+" listening on", *bind) - if *passwords != "" { daemon.PasswordsRefresh() hups := make(chan os.Signal) @@ -135,16 +128,30 @@ func Run() { }() } - go daemon.Processor(events) - for { - conn, err := listener.Accept() + + if *bind != "" { + listener, err := net.Listen("tcp", *bind) if err != nil { - log.Println("Error during accepting connection", err) - continue + log.Fatalf("Can not listen on %s: %v", *bind, err) } - client = NewClient(*hostname, conn) - go client.Processor(events) + log.Println("Raw listening on", *bind) + go listenerLoop(listener, events) } + if *tlsBind != "" { + cert, err := tls.LoadX509KeyPair(*tlsCert, *tlsKey) + if err != nil { + log.Fatalf("Could not load TLS keys from %s and %s: %s", *tlsCert, *tlsKey, err) + } + config := tls.Config{Certificates: []tls.Certificate{cert}} + listenerTLS, err := tls.Listen("tcp", *tlsBind, &config) + if err != nil { + log.Fatalf("Can not listen on %s: %v", *tlsBind, err) + } + log.Println("TLS listening on", *tlsBind) + go listenerLoop(listenerTLS, events) + } + + daemon.Processor(events) } func main() {