CEF/grumble
1
0
Fork 0
forked from External/grumble
Code Pull requests Activity

Merge pull request #55 from olabiniV2/server_password

Browse source 
Add support for server passwords
This commit is contained in:
Derrick 2020-04-11 19:08:29 -07:00 committed by GitHub
commit df98375463
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 34 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

40
cmd/grumble/server.go
View file

@ -175,8 +175,7 @@ func (server *Server) RootChannel() *Channel {
return root return root
} }
// Set password as the new SuperUser password func (server *Server) setConfigPassword(key, password string) {
func (server *Server) SetSuperUserPassword(password string) {
saltBytes := make([]byte, 24) saltBytes := make([]byte, 24)
_, err := rand.Read(saltBytes) _, err := rand.Read(saltBytes)
if err != nil { if err != nil {
@ -190,7 +189,6 @@ func (server *Server) SetSuperUserPassword(password string) {
digest := hex.EncodeToString(hasher.Sum(nil)) digest := hex.EncodeToString(hasher.Sum(nil))
// Could be racy, but shouldn't really matter... // Could be racy, but shouldn't really matter...
key := "SuperUserPassword"
val := "sha1$" + salt + "$" + digest val := "sha1$" + salt + "$" + digest
server.cfg.Set(key, val) server.cfg.Set(key, val)
@ -199,9 +197,18 @@ func (server *Server) SetSuperUserPassword(password string) {
} }
} }
// CheckSuperUserPassword checks whether password matches the set SuperUser password. // SetSuperUserPassword sets password as the new SuperUser password
func (server *Server) CheckSuperUserPassword(password string) bool { func (server *Server) SetSuperUserPassword(password string) {
parts := strings.Split(server.cfg.StringValue("SuperUserPassword"), "$") server.setConfigPassword("SuperUserPassword", password)
}
// SetServerPassword sets password as the new Server password
func (server *Server) SetServerPassword(password string) {
server.setConfigPassword("ServerPassword", password)
}
func (server *Server) checkConfigPassword(key, password string) bool {
parts := strings.Split(server.cfg.StringValue(key), "$")
if len(parts) != 3 { if len(parts) != 3 {
return false return false
} }
@ -239,6 +246,20 @@ func (server *Server) CheckSuperUserPassword(password string) bool {
return false return false
} }
// CheckSuperUserPassword checks whether password matches the set SuperUser password.
func (server *Server) CheckSuperUserPassword(password string) bool {
return server.checkConfigPassword("SuperUserPassword", password)
}
// CheckServerPassword checks whether password matches the set Server password.
func (server *Server) CheckServerPassword(password string) bool {
return server.checkConfigPassword("ServerPassword", password)
}
func (server *Server) hasServerPassword() bool {
return server.cfg.StringValue("ServerPassword") != ""
}
// Called by the server to initiate a new client connection. // Called by the server to initiate a new client connection.
func (server *Server) handleIncomingClient(conn net.Conn) (err error) { func (server *Server) handleIncomingClient(conn net.Conn) (err error) {
client := new(Client) client := new(Client)
@ -518,6 +539,13 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
} }
} }
if client.user == nil && server.hasServerPassword() {
if auth.Password == nil || !server.CheckServerPassword(*auth.Password) {
client.RejectAuth(mumbleproto.Reject_WrongServerPW, "Invalid server password")
return
}
}
// Setup the cryptstate for the client. // Setup the cryptstate for the client.
err = client.crypt.GenerateKey(client.CryptoMode) err = client.crypt.GenerateKey(client.CryptoMode)
if err != nil { if err != nil {