lnd.xprv/lncfg/address.go

package lncfg

import (
	"time"
	"net"
	"fmt"
	"crypto/tls"
	"strings"
)

var (
	loopBackAddrs = []string{"localhost", "127.0.0.1", "[::1]"}
)

// NormalizeAddresses returns a new slice with all the passed addresses
// normalized with the given default port and all duplicates removed.
func NormalizeAddresses(addrs []string,
	defaultPort string) ([]net.Addr, error) {
	result := make([]net.Addr, 0, len(addrs))
	seen := map[string]struct{}{}
	for _, strAddr := range addrs {
		addr, err := ParseAddressString(strAddr, defaultPort)
		if err != nil {
			return nil, err
		}

		if _, ok := seen[addr.String()]; !ok {
			result = append(result, addr)
			seen[addr.String()] = struct{}{}
		}
	}
	return result, nil
}

// EnforceSafeAuthentication enforces "safe" authentication taking into account
// the interfaces that the RPC servers are listening on, and if macaroons are
// activated or not. To protect users from using dangerous config combinations,
// we'll prevent disabling authentication if the sever is listening on a public
// interface.
func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {
	// We'll now examine all addresses that this RPC server is listening
	// on. If it's a localhost address, we'll skip it, otherwise, we'll
	// return an error if macaroons are inactive.
	for _, addr := range addrs {
		if IsLoopback(addr) || IsUnix(addr) {
			continue
		}

		if !macaroonsActive {
			return fmt.Errorf("Detected RPC server listening on "+
				"publicly reachable interface %v with "+
				"authentication disabled! Refusing to start "+
				"with --no-macaroons specified.", addr)
		}
	}

	return nil
}

// ListenOnAddress creates a listener that listens on the given
// address.
func ListenOnAddress(addr net.Addr) (net.Listener, error) {
	return net.Listen(addr.Network(), addr.String())
}

// TlsListenOnAddress creates a TLS listener that listens on the given
// address.
func TlsListenOnAddress(addr net.Addr,
	config *tls.Config) (net.Listener, error) {
	return tls.Listen(addr.Network(), addr.String(), config)
}

// IsLoopback returns true if an address describes a loopback interface.
func IsLoopback(addr net.Addr) bool {
	for _, loopback := range loopBackAddrs {
		if strings.Contains(addr.String(), loopback) {
			return true
		}
	}

	return false
}

// isUnix returns true if an address describes an Unix socket address.
func IsUnix(addr net.Addr) bool {
	return strings.HasPrefix(addr.Network(), "unix")
}

// ParseAddressString converts an address in string format to a net.Addr that is
// compatible with lnd. UDP is not supported because lnd needs reliable
// connections.
func ParseAddressString(strAddress string,
	defaultPort string) (net.Addr, error) {
	var parsedNetwork, parsedAddr string

	// Addresses can either be in network://address:port format or only
	// address:port. We want to support both.
	if strings.Contains(strAddress, "://") {
		parts := strings.Split(strAddress, "://")
		parsedNetwork, parsedAddr = parts[0], parts[1]
	} else if strings.Contains(strAddress, ":") {
		parts := strings.Split(strAddress, ":")
		parsedNetwork = parts[0]
		parsedAddr = strings.Join(parts[1:], ":")
	}

	// Only TCP and Unix socket addresses are valid. We can't use IP or
	// UDP only connections for anything we do in lnd.
	switch parsedNetwork {
	case "unix", "unixpacket":
		return net.ResolveUnixAddr(parsedNetwork, parsedAddr)
	case "tcp", "tcp4", "tcp6":
		return net.ResolveTCPAddr(parsedNetwork,
			verifyPort(parsedAddr, defaultPort))
	case "ip", "ip4", "ip6", "udp", "udp4", "udp6", "unixgram":
		return nil, fmt.Errorf("only TCP or unix socket "+
			"addresses are supported: %s", parsedAddr)
	default:
		// There was no network specified, just try to parse as host
		// and port.
		return net.ResolveTCPAddr(
			"tcp", verifyPort(strAddress, defaultPort),
		)
	}
}

// verifyPort makes sure that an address string has both a host and a port.
// If there is no port found, the default port is appended.
func verifyPort(strAddress string, defaultPort string) string {
	host, port, err := net.SplitHostPort(strAddress)
	if err != nil {
		// If we already have an IPv6 address with brackets, don't use
		// the JoinHostPort function, since it will always add a pair
		// of brackets too.
		if strings.HasPrefix(strAddress, "[") {
			strAddress = strAddress + ":" + defaultPort
		} else {
			strAddress = net.JoinHostPort(strAddress, defaultPort)
		}
	} else if host == "" && port == "" {
		// The string ':' is parsed as valid empty host and empty port.
		// But in that case, we want the default port to be applied too.
		strAddress = ":" + defaultPort
	}

	return strAddress
}

// ClientAddressDialer creates a gRPC dialer that can also dial unix socket
// addresses instead of just TCP addresses.
func ClientAddressDialer(defaultPort string) func(string,
	time.Duration) (net.Conn, error) {
	return func(addr string, timeout time.Duration) (net.Conn, error) {
		parsedAddr, err := ParseAddressString(addr, defaultPort)
		if err != nil {
			return nil, err
		}
		return net.DialTimeout(parsedAddr.Network(),
			parsedAddr.String(), timeout)
	}
}
lncfg: move configuration helper methods to new package 2018-05-23 16:41:16 +03:00			`package lncfg`

			`import (`
			`"time"`
			`"net"`
			`"fmt"`
			`"crypto/tls"`
			`"strings"`
			`)`

			`var (`
			`loopBackAddrs = []string{"localhost", "127.0.0.1", "[::1]"}`
			`)`

			`// NormalizeAddresses returns a new slice with all the passed addresses`
			`// normalized with the given default port and all duplicates removed.`
			`func NormalizeAddresses(addrs []string,`
			`defaultPort string) ([]net.Addr, error) {`
			`result := make([]net.Addr, 0, len(addrs))`
			`seen := map[string]struct{}{}`
			`for _, strAddr := range addrs {`
			`addr, err := ParseAddressString(strAddr, defaultPort)`
			`if err != nil {`
			`return nil, err`
			`}`

			`if _, ok := seen[addr.String()]; !ok {`
			`result = append(result, addr)`
			`seen[addr.String()] = struct{}{}`
			`}`
			`}`
			`return result, nil`
			`}`

			`// EnforceSafeAuthentication enforces "safe" authentication taking into account`
			`// the interfaces that the RPC servers are listening on, and if macaroons are`
			`// activated or not. To protect users from using dangerous config combinations,`
			`// we'll prevent disabling authentication if the sever is listening on a public`
			`// interface.`
			`func EnforceSafeAuthentication(addrs []net.Addr, macaroonsActive bool) error {`
			`// We'll now examine all addresses that this RPC server is listening`
			`// on. If it's a localhost address, we'll skip it, otherwise, we'll`
			`// return an error if macaroons are inactive.`
			`for _, addr := range addrs {`
			`if IsLoopback(addr) \|\| IsUnix(addr) {`
			`continue`
			`}`

			`if !macaroonsActive {`
			`return fmt.Errorf("Detected RPC server listening on "+`
			`"publicly reachable interface %v with "+`
			`"authentication disabled! Refusing to start "+`
			`"with --no-macaroons specified.", addr)`
			`}`
			`}`

			`return nil`
			`}`

			`// ListenOnAddress creates a listener that listens on the given`
			`// address.`
			`func ListenOnAddress(addr net.Addr) (net.Listener, error) {`
			`return net.Listen(addr.Network(), addr.String())`
			`}`

			`// TlsListenOnAddress creates a TLS listener that listens on the given`
			`// address.`
			`func TlsListenOnAddress(addr net.Addr,`
			`config *tls.Config) (net.Listener, error) {`
			`return tls.Listen(addr.Network(), addr.String(), config)`
			`}`

			`// IsLoopback returns true if an address describes a loopback interface.`
			`func IsLoopback(addr net.Addr) bool {`
			`for _, loopback := range loopBackAddrs {`
			`if strings.Contains(addr.String(), loopback) {`
			`return true`
			`}`
			`}`

			`return false`
			`}`

			`// isUnix returns true if an address describes an Unix socket address.`
			`func IsUnix(addr net.Addr) bool {`
			`return strings.HasPrefix(addr.Network(), "unix")`
			`}`

			`// ParseAddressString converts an address in string format to a net.Addr that is`
			`// compatible with lnd. UDP is not supported because lnd needs reliable`
			`// connections.`
			`func ParseAddressString(strAddress string,`
			`defaultPort string) (net.Addr, error) {`
			`var parsedNetwork, parsedAddr string`

			`// Addresses can either be in network://address:port format or only`
			`// address:port. We want to support both.`
			`if strings.Contains(strAddress, "://") {`
			`parts := strings.Split(strAddress, "://")`
			`parsedNetwork, parsedAddr = parts[0], parts[1]`
			`} else if strings.Contains(strAddress, ":") {`
			`parts := strings.Split(strAddress, ":")`
			`parsedNetwork = parts[0]`
			`parsedAddr = strings.Join(parts[1:], ":")`
			`}`

			`// Only TCP and Unix socket addresses are valid. We can't use IP or`
			`// UDP only connections for anything we do in lnd.`
			`switch parsedNetwork {`
			`case "unix", "unixpacket":`
			`return net.ResolveUnixAddr(parsedNetwork, parsedAddr)`
			`case "tcp", "tcp4", "tcp6":`
			`return net.ResolveTCPAddr(parsedNetwork,`
			`verifyPort(parsedAddr, defaultPort))`
			`case "ip", "ip4", "ip6", "udp", "udp4", "udp6", "unixgram":`
			`return nil, fmt.Errorf("only TCP or unix socket "+`
			`"addresses are supported: %s", parsedAddr)`
			`default:`
			`// There was no network specified, just try to parse as host`
			`// and port.`
			`return net.ResolveTCPAddr(`
			`"tcp", verifyPort(strAddress, defaultPort),`
			`)`
			`}`
			`}`

			`// verifyPort makes sure that an address string has both a host and a port.`
			`// If there is no port found, the default port is appended.`
			`func verifyPort(strAddress string, defaultPort string) string {`
			`host, port, err := net.SplitHostPort(strAddress)`
			`if err != nil {`
			`// If we already have an IPv6 address with brackets, don't use`
			`// the JoinHostPort function, since it will always add a pair`
			`// of brackets too.`
			`if strings.HasPrefix(strAddress, "[") {`
			`strAddress = strAddress + ":" + defaultPort`
			`} else {`
			`strAddress = net.JoinHostPort(strAddress, defaultPort)`
			`}`
			`} else if host == "" && port == "" {`
			`// The string ':' is parsed as valid empty host and empty port.`
			`// But in that case, we want the default port to be applied too.`
			`strAddress = ":" + defaultPort`
			`}`

			`return strAddress`
			`}`

			`// ClientAddressDialer creates a gRPC dialer that can also dial unix socket`
			`// addresses instead of just TCP addresses.`
			`func ClientAddressDialer(defaultPort string) func(string,`
			`time.Duration) (net.Conn, error) {`
			`return func(addr string, timeout time.Duration) (net.Conn, error) {`
			`parsedAddr, err := ParseAddressString(addr, defaultPort)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return net.DialTimeout(parsedAddr.Network(),`
			`parsedAddr.String(), timeout)`
			`}`
			`}`