Merge commit 'kyo/pemfile_option'
This commit is contained in:
commit
ca785fd280
136
README
136
README
@ -1,3 +1,6 @@
|
||||
|
||||
This is the BIP IRC Proxy readme, you'll learn how to quickly use bip.
|
||||
|
||||
Bip can be used in two different way:
|
||||
- Old school bnc user style: easy and straightforward.
|
||||
- Unix service style with and init.d scripts and the logs in /var/log
|
||||
@ -7,47 +10,116 @@ This small README file explains the usage "Old school" with which :
|
||||
- gives easy access to the logs of the users of this bip to the one owning the
|
||||
shell.
|
||||
|
||||
Install bip on the machine that will be running bip (which is likely to be your
|
||||
personnal or shared server) either compiling the package or using your distro's
|
||||
package. Then create a configuration file:
|
||||
Table of contents :
|
||||
|
||||
If you are using a distribution package, the bip.conf sample configuration file
|
||||
is likely to be shipped in /usr/share/doc/bip/examples/bip.conf.gz or something
|
||||
similar.
|
||||
I. Installation
|
||||
II. Configuration
|
||||
A. Manual configuration
|
||||
B. Automated configuration
|
||||
III. Running bip
|
||||
IV. Using bip
|
||||
|
||||
Create your bip configuration an log directory:
|
||||
|
||||
# mkdir -p ~/.bip/logs
|
||||
|
||||
Put the uncompressed configuration file in your ~/.bip directory (it's path
|
||||
should be ~/.bip/bip.conf), and edit it, most importantly the "user" section
|
||||
that contains information about you and the servers you will want to connect
|
||||
to. The "name" field in the "user" section is your login to connect to bip.
|
||||
The "password" field is a hash of the password you will use to connect to bip.
|
||||
To generate a hash value from a password, use bipmkpw, program which comes in
|
||||
the bip package and source.
|
||||
The "name" field of the "connection" subsections are the server identifier for
|
||||
when you connect to bip.
|
||||
I. INSTALLATION
|
||||
|
||||
Once all this is configured, start bip as you regular user:
|
||||
Install bip on the machine that will be running bip (which is likely to be
|
||||
your personnal or shared server) either compiling the package or using your
|
||||
distro's package. Then create a configuration file.
|
||||
|
||||
|
||||
# bip
|
||||
II. CONFIGURATION
|
||||
|
||||
Once bip starts, it connects to the different servers your defined in
|
||||
"connection". Then you want to use your regular irc client and connect to bip.
|
||||
Point your client to the machine bip is running and set the proper port number
|
||||
(defined in your bip.conf). You should then configure the client to use a
|
||||
specific irc server password constructed this way:
|
||||
First of all, create your bip configuration an log directory:
|
||||
|
||||
# mkdir -p ~/.bip/logs
|
||||
|
||||
There are two ways to create your bip configuration :
|
||||
- edit the sample bip.conf file to match your needs
|
||||
- use the bipgenconfig script to easily generate a configuration
|
||||
|
||||
If you want to connect to bip using an SSL client, you'll need to create
|
||||
a certificate / key pair (in a bip.pem file) to allow bip to serve SSL
|
||||
sockets.
|
||||
|
||||
user:password:network
|
||||
A. MANUAL CONFIGURATION
|
||||
|
||||
The user is the name field of the "user" section, the password is the password
|
||||
(*not* the hash) corresponding to the "password" field of the same user section
|
||||
(which is the hash generated with bipmkpw) and the network is the "name" field
|
||||
of the "connection" subsection. This is how bip authenticates you and puts your
|
||||
client to the correct network.
|
||||
If you are using a distribution package, the bip.conf sample configuration
|
||||
file is likely to be shipped in /usr/share/doc/bip/examples/bip.conf.gz or
|
||||
something similar.
|
||||
|
||||
If not, you'll find sample configuration file in the source package's
|
||||
`samples' subdirectory.
|
||||
|
||||
Put the uncompressed configuration file in your ~/.bip directory (it's
|
||||
path should be ~/.bip/bip.conf), and edit it, most importantly the "user"
|
||||
section that contains information about you and the servers you will want
|
||||
to connect to. The "name" field in the "user" section is your login to
|
||||
connect to bip.
|
||||
The "name" field of the "connection" subsections are the server identifier
|
||||
for when you connect to bip.
|
||||
|
||||
Using the default (or sample file) configuration, logs are in ~/.bip/logs/
|
||||
The "password" field is a hash of the password you will use to connect to
|
||||
bip. To generate a hash value from a password, use bipmkpw, program which
|
||||
comes in the bip package and source.
|
||||
|
||||
Happy ircing!
|
||||
If you've set client_side_ssl to true, you'll need to generate a bip.pem
|
||||
file containing a certificate / key pair. In order to do so, you can use
|
||||
the third party `openssl' binary :
|
||||
|
||||
# openssl req -new -x509 -days 365 -nodes -out bip.pem -keyout bip.pem
|
||||
|
||||
You can then remove the passphrase with :
|
||||
|
||||
# openssl x509 -subject -dates -fingerprint -noout -in bip.pem
|
||||
|
||||
B. AUTOMATED CONFIGURATION
|
||||
|
||||
You can also use the bipgenconfig script to generate a new configuration.
|
||||
This script will also help you generate the SSL certificate / key pair
|
||||
needed for clients to connect to BIP through SSL.
|
||||
|
||||
This script can be found either in the source package's `scripts'
|
||||
directory or shipped with your distribution's package.
|
||||
|
||||
Using the script is very simple, and it'll generate a configuration file
|
||||
but won't overwrite any existing configuration.
|
||||
|
||||
It'll ask you the path to the bipmkpw binary, to automatically hash the
|
||||
passwords you'll provide. Please make sure to enter the correct path to
|
||||
the binary or you might observe unexpected behaviour.
|
||||
|
||||
You'll need to move the generated configuration from bip.conf.autogen to
|
||||
bip.conf and the generated PEM file from bip.pem.autogen to bip.pem (or
|
||||
whatever path you've configured in bip.conf).
|
||||
|
||||
|
||||
III. RUNNING BIP
|
||||
|
||||
Once all this is configured, start bip as your regular user:
|
||||
|
||||
# bip
|
||||
|
||||
Once bip starts, it connects to the different servers your defined in
|
||||
all "user"'s "connection" blocks.
|
||||
|
||||
|
||||
IV. USING BIP
|
||||
|
||||
Then you want to use your regular irc client and connect to bip.
|
||||
Point your client to the machine bip is running and set the proper port number
|
||||
(defined in your bip.conf). You should then configure the client to use a
|
||||
specific irc server password constructed this way:
|
||||
|
||||
user:password:network
|
||||
|
||||
The user is the name field of the "user" section, the password is the password
|
||||
(*not* the hash) corresponding to the "password" field of the same user section
|
||||
(which is the hash generated with bipmkpw) and the network is the "name" field
|
||||
of the "connection" subsection. This is how bip authenticates you and puts your
|
||||
client to the correct network.
|
||||
|
||||
Using the default (or sample file) configuration, logs are in ~/.bip/logs/
|
||||
|
||||
Happy ircing!
|
||||
|
||||
|
@ -102,7 +102,12 @@ change, nick change, user quit/part/join will be backlogged upon connection.
|
||||
\fBclient_side_ssl\fP (default: \fBfalse\fP)
|
||||
When true, clients will need to connect to BIP using SSL.
|
||||
You'll also need to generate a SSL cert/key pair in <bipdir>/bip.pem (usually
|
||||
~bip/.bip/bip.pem or /var/lib/bip/bip.pem).
|
||||
~bip/.bip/bip.pem or /var/lib/bip/bip.pem) or <client_side_ssl_pem> if defined.
|
||||
|
||||
.TP
|
||||
\fBclient_side_ssl_pem\fP (default: \fB<bipdir>/bip.pem\fP)
|
||||
Set this to the full path of the cert/key pair bip should use to accept clients
|
||||
SSL connections.
|
||||
|
||||
.TP
|
||||
\fBip\fP
|
||||
|
@ -18,7 +18,7 @@ client_side_ssl = false;
|
||||
|
||||
# This is the file containing the SSL cert/key pair bip'll use to
|
||||
# serve SSL clients. If unset, it defaults to <biphome>/bip.pem
|
||||
#client_side_ssl_key = "/path/to/pemfile";
|
||||
#client_side_ssl_pem = "/path/to/pemfile";
|
||||
|
||||
log_level = 3;
|
||||
|
||||
|
@ -54,7 +54,7 @@ syn region bipMain start=/\%^/ end=/\%$/
|
||||
" Top level elements
|
||||
syn keyword bipKeyword contained nextgroup=bipBoolV client_side_ssl
|
||||
syn keyword bipKeyword contained nextgroup=bipStringV log_root
|
||||
\ log_format pid_file client_side_ssl_key
|
||||
\ log_format pid_file client_side_ssl_pem
|
||||
syn keyword bipKeyword contained nextgroup=bipNumericV port log_level
|
||||
\ log_sync_interval
|
||||
syn keyword bipKeyword contained nextgroup=bipIPV ip
|
||||
|
@ -46,6 +46,9 @@ my %optdesc = (
|
||||
'client_side_ssl' => { 'type' => 'b', 'adv' => 1, 'default' => 'true',
|
||||
'optional' => 1,
|
||||
'desc' => 'Do you want to enable client side SSL ?' },
|
||||
'client_side_ssl_pem' => { 'type' => 's', 'adv' => 1, 'optional' => 1,
|
||||
'default' => '',
|
||||
'desc' => 'Where is the bip.pem file (cert/key pair) ?' },
|
||||
'pid_file' => { 'type' => 's', 'adv' => 1, 'optional' => 1,
|
||||
'default' => $bipdir . '/bip.pid',
|
||||
'desc' => 'Where do you want the pidfile to be stored ?' },
|
||||
@ -216,6 +219,7 @@ my %optorder = (
|
||||
'ip' ,
|
||||
'port' ,
|
||||
'client_side_ssl' ,
|
||||
'client_side_ssl_pem' ,
|
||||
'pid_file' ,
|
||||
undef,
|
||||
'log' ,
|
||||
|
@ -968,12 +968,12 @@ int fireup(bip_t *bip, FILE *conf)
|
||||
case LEX_CSS:
|
||||
conf_css = t->ndata;
|
||||
break;
|
||||
case LEX_CSS_KEY:
|
||||
case LEX_CSS_PEM:
|
||||
MOVE_STRING(conf_ssl_certfile, t->pdata);
|
||||
break;
|
||||
#else
|
||||
case LEX_CSS:
|
||||
case LEX_CSS_KEY:
|
||||
case LEX_CSS_PEM:
|
||||
mylog(LOG_WARN, "Found SSL option whereas bip is "
|
||||
"not built with SSL support.");
|
||||
break;
|
||||
|
@ -68,7 +68,7 @@ struct tuple *tuple_l_new(int type, void *p)
|
||||
|
||||
%}
|
||||
|
||||
%token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_SSL_CHECK_MODE LEX_SSL_CHECK_STORE LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG_NO_TIMESTAMP LEX_BACKLOG LEX_LOG LEX_LOG_SYSTEM LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_BLRESET_ON_TALK LEX_DEFAULT_USER LEX_DEFAULT_NICK LEX_DEFAULT_REALNAME LEX_NO_CLIENT_AWAY_MSG LEX_BL_MSG_ONLY LEX_ADMIN LEX_BIP_USE_NOTICE LEX_CSS_KEY
|
||||
%token LEX_IP LEX_EQ LEX_PORT LEX_CSS LEX_SEMICOLON LEX_CONNECTION LEX_NETWORK LEX_LBRA LEX_RBRA LEX_USER LEX_NAME LEX_NICK LEX_SERVER LEX_PASSWORD LEX_SRCIP LEX_HOST LEX_VHOST LEX_SOURCE_PORT LEX_NONE LEX_COMMENT LEX_BUNCH LEX_REALNAME LEX_SSL LEX_SSL_CHECK_MODE LEX_SSL_CHECK_STORE LEX_CHANNEL LEX_KEY LEX_LOG_ROOT LEX_LOG_FORMAT LEX_LOG_LEVEL LEX_BACKLOG_LINES LEX_BACKLOG_NO_TIMESTAMP LEX_BACKLOG LEX_LOG LEX_LOG_SYSTEM LEX_LOG_SYNC_INTERVAL LEX_FOLLOW_NICK LEX_ON_CONNECT_SEND LEX_AWAY_NICK LEX_PID_FILE LEX_IGN_FIRST_NICK LEX_ALWAYS_BACKLOG LEX_BLRESET_ON_TALK LEX_DEFAULT_USER LEX_DEFAULT_NICK LEX_DEFAULT_REALNAME LEX_NO_CLIENT_AWAY_MSG LEX_BL_MSG_ONLY LEX_ADMIN LEX_BIP_USE_NOTICE LEX_CSS_PEM
|
||||
|
||||
%union {
|
||||
int number;
|
||||
@ -97,7 +97,7 @@ command:
|
||||
| LEX_IP LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_IP, $3); }
|
||||
| LEX_PORT LEX_EQ LEX_INT { $$ = tuple_i_new(LEX_PORT, $3); }
|
||||
| LEX_CSS LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_CSS, $3); }
|
||||
| LEX_CSS_KEY LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_CSS_KEY, $3); }
|
||||
| LEX_CSS_PEM LEX_EQ LEX_STRING { $$ = tuple_s_new(LEX_CSS_PEM, $3); }
|
||||
| LEX_LOG LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_LOG, $3); }
|
||||
| LEX_LOG_SYSTEM LEX_EQ LEX_BOOL { $$ = tuple_i_new(LEX_LOG_SYSTEM, $3); }
|
||||
| LEX_LOG_SYNC_INTERVAL LEX_EQ LEX_INT { $$ = tuple_i_new(
|
||||
|
@ -111,7 +111,7 @@ list_t *parse_conf(FILE *file, int *err)
|
||||
"no_client_away_msg" { return LEX_NO_CLIENT_AWAY_MSG; }
|
||||
"pid_file" { return LEX_PID_FILE; }
|
||||
"bip_use_notice" { return LEX_BIP_USE_NOTICE; }
|
||||
"client_side_ssl_key" { return LEX_CSS_KEY; }
|
||||
"client_side_ssl_pem" { return LEX_CSS_PEM; }
|
||||
\"[^"]*\" {
|
||||
size_t len = strlen(yytext) - 2;
|
||||
yylval.string = malloc(len + 1);
|
||||
|
Loading…
x
Reference in New Issue
Block a user