Skip to content

Commit

Permalink
Add "forceExternalAuth" config option to Murmur
Browse files Browse the repository at this point in the history 
Without this option (or when it's set to false), Murmur's default
authentication will kick in when your external authenticator plugin
crashes and basically allow *anyone* to login and register.

When it's enabled, Murmur will instead return a temporary login
failure to the client.
  • Loading branch information
@main-- @mkrautz
main-- authored and mkrautz committed Jul 17, 2014
1 parent cf51bf3 commit dc3b78c
Show file tree
Hide file tree
Showing 5 changed files with 10 additions and 1 deletion.
3 changes: 3 additions & 0 deletions src/murmur/Meta.cpp
View file
Expand Up @@ -71,6 +71,7 @@ MetaParams::MetaParams() {
bBonjour = true; bBonjour = true;
bAllowPing = true; bAllowPing = true;
bCertRequired = false; bCertRequired = false;
bForceExternalAuth = false;


iBanTries = 10; iBanTries = 10;
iBanTimeframe = 120; iBanTimeframe = 120;
Expand Down Expand Up @@ -269,6 +270,7 @@ void MetaParams::read(QString fname) {
iMaxUsersPerChannel = typeCheckedFromSettings("usersperchannel", iMaxUsersPerChannel); iMaxUsersPerChannel = typeCheckedFromSettings("usersperchannel", iMaxUsersPerChannel);
qsWelcomeText = typeCheckedFromSettings("welcometext", qsWelcomeText); qsWelcomeText = typeCheckedFromSettings("welcometext", qsWelcomeText);
bCertRequired = typeCheckedFromSettings("certrequired", bCertRequired); bCertRequired = typeCheckedFromSettings("certrequired", bCertRequired);
bForceExternalAuth = typeCheckedFromSettings("forceExternalAuth", bForceExternalAuth);


qsDatabase = typeCheckedFromSettings("database", qsDatabase); qsDatabase = typeCheckedFromSettings("database", qsDatabase);


Expand Down Expand Up @@ -474,6 +476,7 @@ void MetaParams::read(QString fname) {
qmConfig.insert(QLatin1String("username"),qrUserName.pattern()); qmConfig.insert(QLatin1String("username"),qrUserName.pattern());
qmConfig.insert(QLatin1String("channelname"),qrChannelName.pattern()); qmConfig.insert(QLatin1String("channelname"),qrChannelName.pattern());
qmConfig.insert(QLatin1String("certrequired"), bCertRequired ? QLatin1String("true") : QLatin1String("false")); qmConfig.insert(QLatin1String("certrequired"), bCertRequired ? QLatin1String("true") : QLatin1String("false"));
qmConfig.insert(QLatin1String("forceExternalAuth"), bForceExternalAuth ? QLatin1String("true") : QLatin1String("false"));
qmConfig.insert(QLatin1String("suggestversion"), qvSuggestVersion.isNull() ? QString() : qvSuggestVersion.toString()); qmConfig.insert(QLatin1String("suggestversion"), qvSuggestVersion.isNull() ? QString() : qvSuggestVersion.toString());
qmConfig.insert(QLatin1String("suggestpositional"), qvSuggestPositional.isNull() ? QString() : qvSuggestPositional.toString()); qmConfig.insert(QLatin1String("suggestpositional"), qvSuggestPositional.isNull() ? QString() : qvSuggestPositional.toString());
qmConfig.insert(QLatin1String("suggestpushtotalk"), qvSuggestPushToTalk.isNull() ? QString() : qvSuggestPushToTalk.toString()); qmConfig.insert(QLatin1String("suggestpushtotalk"), qvSuggestPushToTalk.isNull() ? QString() : qvSuggestPushToTalk.toString());
Expand Down
1 change: 1 addition & 0 deletions src/murmur/Meta.h
View file
Expand Up @@ -67,6 +67,7 @@ class MetaParams {
QString qsPassword; QString qsPassword;
QString qsWelcomeText; QString qsWelcomeText;
bool bCertRequired; bool bCertRequired;
bool bForceExternalAuth;


int iBanTries; int iBanTries;
int iBanTimeframe; int iBanTimeframe;
Expand Down
4 changes: 4 additions & 0 deletions src/murmur/Server.cpp
View file
Expand Up @@ -329,6 +329,7 @@ void Server::readParams() {
bBonjour = Meta::mp.bBonjour; bBonjour = Meta::mp.bBonjour;
bAllowPing = Meta::mp.bAllowPing; bAllowPing = Meta::mp.bAllowPing;
bCertRequired = Meta::mp.bCertRequired; bCertRequired = Meta::mp.bCertRequired;
bForceExternalAuth = Meta::mp.bForceExternalAuth;
qrUserName = Meta::mp.qrUserName; qrUserName = Meta::mp.qrUserName;
qrChannelName = Meta::mp.qrChannelName; qrChannelName = Meta::mp.qrChannelName;
qvSuggestVersion = Meta::mp.qvSuggestVersion; qvSuggestVersion = Meta::mp.qvSuggestVersion;
Expand Down Expand Up @@ -385,6 +386,7 @@ void Server::readParams() {
bBonjour = getConf("bonjour", bBonjour).toBool(); bBonjour = getConf("bonjour", bBonjour).toBool();
bAllowPing = getConf("allowping", bAllowPing).toBool(); bAllowPing = getConf("allowping", bAllowPing).toBool();
bCertRequired = getConf("certrequired", bCertRequired).toBool(); bCertRequired = getConf("certrequired", bCertRequired).toBool();
bForceExternalAuth = getConf("forceExternalAuth", bForceExternalAuth).toBool();


qvSuggestVersion = getConf("suggestversion", qvSuggestVersion); qvSuggestVersion = getConf("suggestversion", qvSuggestVersion);
if (qvSuggestVersion.toUInt() == 0) if (qvSuggestVersion.toUInt() == 0)
Expand Down Expand Up @@ -492,6 +494,8 @@ void Server::setLiveConf(const QString &key, const QString &value) {
qurlRegWeb = !v.isNull() ? v : Meta::mp.qurlRegWeb; qurlRegWeb = !v.isNull() ? v : Meta::mp.qurlRegWeb;
else if (key == "certrequired") else if (key == "certrequired")
bCertRequired = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bCertRequired; bCertRequired = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bCertRequired;
else if (key == "forceExternalAuth")
bForceExternalAuth = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bForceExternalAuth;
else if (key == "bonjour") { else if (key == "bonjour") {
bBonjour = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bBonjour; bBonjour = !v.isNull() ? QVariant(v).toBool() : Meta::mp.bBonjour;
#ifdef USE_BONJOUR #ifdef USE_BONJOUR
Expand Down
1 change: 1 addition & 0 deletions src/murmur/Server.h
View file
Expand Up @@ -141,6 +141,7 @@ class Server : public QThread {
QString qsPassword; QString qsPassword;
QString qsWelcomeText; QString qsWelcomeText;
bool bCertRequired; bool bCertRequired;
bool bForceExternalAuth;


QString qsRegName; QString qsRegName;
QString qsRegPassword; QString qsRegPassword;
Expand Down
2 changes: 1 addition & 1 deletion src/murmur/ServerDB.cpp
View file
Expand Up @@ -843,7 +843,7 @@ QMap<int, QString> Server::getRegistration(int id) {
/// @return UserID of authenticated user, -1 for authentication failures, -2 for unknown user (fallthrough), /// @return UserID of authenticated user, -1 for authentication failures, -2 for unknown user (fallthrough),
/// -3 for authentication failures where the data could (temporarily) not be verified. /// -3 for authentication failures where the data could (temporarily) not be verified.
int Server::authenticate(QString &name, const QString &pw, int sessionId, const QStringList &emails, const QString &certhash, bool bStrongCert, const QList<QSslCertificate> &certs) { int Server::authenticate(QString &name, const QString &pw, int sessionId, const QStringList &emails, const QString &certhash, bool bStrongCert, const QList<QSslCertificate> &certs) {
int res = -2; int res = bForceExternalAuth ? -3 : -2;


emit authenticateSig(res, name, sessionId, certs, certhash, bStrongCert, pw); emit authenticateSig(res, name, sessionId, certs, certhash, bStrongCert, pw);


Expand Down

0 comments on commit dc3b78c

Please sign in to comment.