Skip to content
Permalink
Browse files

Messages, Murmur.ice: make username checking case insensitive through…

…out Murmur.

The database query for looking up users in ServerDB has always been
case insensitive.

This commit makes the "duplicate user"-check in Messages.cpp case
insensitive as well.

Furthermore, this commit updates the documentation for the authenticate()
callback in Murmur.ice to document that authenticators should strive to
make usernames case insensitive.

Fixes #1078
  • Loading branch information...
mkrautz committed Dec 27, 2015
1 parent c56cb01 commit c22393e9db954c2a0ceac305e32e76b043a21559
Showing with 7 additions and 1 deletion.
  1. +1 −1 src/murmur/Messages.cpp
  2. +6 −0 src/murmur/Murmur.ice
@@ -149,7 +149,7 @@ void Server::msgAuthenticate(ServerUser *uSource, MumbleProto::Authenticate &msg
if (u == uSource)
continue;
if (((u->iId>=0) && (u->iId == uSource->iId)) ||
(u->qsName == uSource->qsName)) {
(u->qsName.toLower() == uSource->qsName.toLower())) {
uOld = u;
break;
}
@@ -345,6 +345,12 @@ module Murmur
* The data in the certificate (name, email addresses etc), as well as the list of signing certificates,
* should only be trusted if certstrong is true.
*
* Internally, Murmur treats usernames as case-insensitive. It is recommended
* that authenticators do the same. Murmur checks if a username is in use when
* a user connects. If the connecting user is registered, the other username is
* kicked. If the connecting user is not registered, the connecting user is not
* allowed to join the server.
*
* @param name Username to authenticate.
* @param pw Password to authenticate with.
* @param certificates List of der encoded certificates the user connected with.

0 comments on commit c22393e

Please sign in to comment.
You can’t perform that action at this time.