Skip to content
Permalink
Browse files

Add "forceExternalAuth" config option to Murmur

Without this option (or when it's set to false), Murmur's default
authentication will kick in when your external authenticator plugin
crashes and basically allow *anyone* to login and register.

When it's enabled, Murmur will instead return a temporary login
failure to the client.
  • Loading branch information...
main-- authored and mkrautz committed Jul 17, 2014
1 parent cf51bf3 commit dc3b78c9147fe7da57ec7de58cf952d4ae281b4e
Showing with 10 additions and 1 deletion.
  1. +3 −0 src/murmur/Meta.cpp
  2. +1 −0 src/murmur/Meta.h
  3. +4 −0 src/murmur/Server.cpp
  4. +1 −0 src/murmur/Server.h
  5. +1 −1 src/murmur/ServerDB.cpp
@@ -71,6 +71,7 @@ MetaParams::MetaParams() {
bBonjour = true;
bAllowPing = true;
bCertRequired = false;
bForceExternalAuth = false;

iBanTries = 10;
iBanTimeframe = 120;
@@ -269,6 +270,7 @@ void MetaParams::read(QString fname) {
iMaxUsersPerChannel = typeCheckedFromSettings("usersperchannel", iMaxUsersPerChannel);
qsWelcomeText = typeCheckedFromSettings("welcometext", qsWelcomeText);
bCertRequired = typeCheckedFromSettings("certrequired", bCertRequired);
bForceExternalAuth = typeCheckedFromSettings("forceExternalAuth", bForceExternalAuth);

qsDatabase = typeCheckedFromSettings("database", qsDatabase);

@@ -474,6 +476,7 @@ void MetaParams::read(QString fname) {
qmConfig.insert(QLatin1String("username"),qrUserName.pattern());
qmConfig.insert(QLatin1String("channelname"),qrChannelName.pattern());
qmConfig.insert(QLatin1String("certrequired"), bCertRequired ? QLatin1String("true") : QLatin1String("false"));
qmConfig.insert(QLatin1String("forceExternalAuth"), bForceExternalAuth ? QLatin1String("true") : QLatin1String("false"));
qmConfig.insert(QLatin1String("suggestversion"), qvSuggestVersion.isNull() ? QString() : qvSuggestVersion.toString());
qmConfig.insert(QLatin1String("suggestpositional"), qvSuggestPositional.isNull() ? QString() : qvSuggestPositional.toString());
qmConfig.insert(QLatin1String("suggestpushtotalk"), qvSuggestPushToTalk.isNull() ? QString() : qvSuggestPushToTalk.toString());
@@ -67,6 +67,7 @@ class MetaParams {
QString qsPassword;
QString qsWelcomeText;
bool bCertRequired;
bool bForceExternalAuth;

int iBanTries;
int iBanTimeframe;
@@ -329,6 +329,7 @@ void Server::readParams() {
bBonjour = Meta::mp.bBonjour;
bAllowPing = Meta::mp.bAllowPing;
bCertRequired = Meta::mp.bCertRequired;
bForceExternalAuth = Meta::mp.bForceExternalAuth;
qrUserName = Meta::mp.qrUserName;
qrChannelName = Meta::mp.qrChannelName;
qvSuggestVersion = Meta::mp.qvSuggestVersion;
@@ -385,6 +386,7 @@ void Server::readParams() {
bBonjour = getConf("bonjour", bBonjour).toBool();
bAllowPing = getConf("allowping", bAllowPing).toBool();
bCertRequired = getConf("certrequired", bCertRequired).toBool();
bForceExternalAuth = getConf("forceExternalAuth", bForceExternalAuth).toBool();

qvSuggestVersion = getConf("suggestversion", qvSuggestVersion);
if (qvSuggestVersion.toUInt() == 0)
@@ -492,6 +494,8 @@ void Server::setLiveConf(const QString &key, const QString &value) {
qurlRegWeb = !v.isNull() ? v : Meta::mp.qurlRegWeb;
else if (key == "certrequired")
bCertRequired = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bCertRequired;
else if (key == "forceExternalAuth")
bForceExternalAuth = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bForceExternalAuth;
else if (key == "bonjour") {
bBonjour = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bBonjour;
#ifdef USE_BONJOUR
@@ -141,6 +141,7 @@ class Server : public QThread {
QString qsPassword;
QString qsWelcomeText;
bool bCertRequired;
bool bForceExternalAuth;

QString qsRegName;
QString qsRegPassword;
@@ -843,7 +843,7 @@ QMap<int, QString> Server::getRegistration(int id) {
/// @return UserID of authenticated user, -1 for authentication failures, -2 for unknown user (fallthrough),
/// -3 for authentication failures where the data could (temporarily) not be verified.
int Server::authenticate(QString &name, const QString &pw, int sessionId, const QStringList &emails, const QString &certhash, bool bStrongCert, const QList<QSslCertificate> &certs) {
int res = -2;
int res = bForceExternalAuth ? -3 : -2;

emit authenticateSig(res, name, sessionId, certs, certhash, bStrongCert, pw);

0 comments on commit dc3b78c

Please sign in to comment.
You can’t perform that action at this time.