Add support to connect to server via unix socket

The syntax for AddServer command and config is chosen to be unix:/path or unix:ssl:/path For security reasons, only admins can add such servers, to prevent users from poking around the file system.
2026-03-28 17:42:41 +01:00 · 2025-04-20 22:20:52 +01:00
parent 66b17926cc
commit 63d10ccb17
10 changed files with 212 additions and 81 deletions
--- a/modules/webadmin.cpp
+++ b/modules/webadmin.cpp
@@ -972,6 +972,7 @@ class CWebAdminMod : public CModule {
            Tmpl["NetworkEdit"] =
                spSession->IsAdmin() || !spSession->GetUser()->DenySetNetwork()
                ? "true" : "false";
+            Tmpl["EditUnixSockets"] = spSession->IsAdmin() ? "true" : "false";

            Tmpl["FloodProtection"] =
                CString(CIRCSock::IsFloodProtected(pNetwork->GetFloodRate()));
@@ -1147,9 +1148,22 @@ class CWebAdminMod : public CModule {
        VCString vsArgs;

        if (spSession->IsAdmin() || !spSession->GetUser()->DenySetNetwork()) {
+            std::set<CServer> vAllowedUnixServers;
+            for (const CServer* pServer : pNetwork->GetServers()) {
+                if (pServer->IsUnixSocket()) {
+                    vAllowedUnixServers.insert(*pServer);
+                }
+            }
            pNetwork->DelServers();
            WebSock.GetRawParam("servers").Split("\n", vsArgs);
            for (const CString& sServer : vsArgs) {
+                CServer Server = CServer::Parse(sServer);
+                if (Server.IsUnixSocket() && !spSession->IsAdmin() &&
+                    vAllowedUnixServers.count(Server) == 0) {
+                    // For non-admins, allow unix sockets only if they had these
+                    // exact servers before.
+                    continue;
+                }
                pNetwork->AddServer(sServer.Trim_n());
            }
        }
@@ -1404,9 +1418,11 @@ class CWebAdminMod : public CModule {
                l["IRCNick"] = pNetwork->GetIRCNick().GetNick();
                CServer* pServer = pNetwork->GetCurrentServer();
                if (pServer) {
-                    l["Server"] = pServer->GetName() + ":" +
-                                  (pServer->IsSSL() ? "+" : "") +
-                                  CString(pServer->GetPort());
+                    l["Server"] = pServer->IsUnixSocket()
+                                      ? "unix:" + pServer->GetName()
+                                      : pServer->GetName() + ":" +
+                                            (pServer->IsSSL() ? "+" : "") +
+                                            CString(pServer->GetPort());
                }
            }