SuperUser CLI flags, fix #20

Also adds some Murmur CLI flags, see #25 Since the only way right now to set the SuperUser pw is through the CLI on start, this commit also drops the config updates through the freezelog (probably a remnant of RPC), which the SetSuperUserPassword function was the last user of.
2025-12-19 21:59:59 -08:00 · 2018-02-14 15:29:16 +01:00 · 2018-02-14 15:29:16 +01:00 · 693dd6f4e8
commit 693dd6f4e8
parent 40ef449f6e
3 changed files with 67 additions and 12 deletions
--- a/cmd/grumble/args.go
+++ b/cmd/grumble/args.go
@ -21,7 +21,7 @@ var usageTmpl = `usage: grumble [options]
 grumble {{.Version}} ({{.BuildDate}})
 target: {{.OS}}, {{.Arch}}

- --help
+ --help, --version
     Shows this help listing.

 --datadir <data-dir> (default: {{.DefaultDataDir}})
@ -33,6 +33,17 @@ var usageTmpl = `usage: grumble [options]
 --ini <config-path> (default: $DATADIR/grumble.ini)
     Config file path.

+ --supw <password> [server-id]
+     Set password for SuperUser account. Optionally takes
+     the virtual server to modify as the first positional argument.
+
+ --readsupw [server-id]
+     Like --supw, but reads from stdin instead.
+
+ --disablesu [server-id]
+     Disables the SuperUser account. Optionally takes
+     the virtual server to modify as the first positional argument.
+
 --regen-keys
     Force grumble to regenerate its global RSA
     keypair (and certificate).
@ -53,7 +64,11 @@ type args struct {
 	DataDir     string
 	LogPath     string
 	ConfigPath  string
+	SuperUserPW string
+	ReadPass    bool
+	DisablePass bool
 	RegenKeys   bool
+	ServerId    int64
 	SQLiteDB    string
 	CleanUp     bool
 }
@ -90,11 +105,17 @@ var Args args
 func init() {
 	flag.Usage = Usage

+	flag.BoolVar(&Args.ShowHelp, "version", false, "")
 	flag.BoolVar(&Args.ShowHelp, "help", false, "")
+
 	flag.StringVar(&Args.DataDir, "datadir", defaultDataDir(), "")
 	flag.StringVar(&Args.LogPath, "log", "", "")
 	flag.StringVar(&Args.ConfigPath, "ini", "", "")

+	flag.StringVar(&Args.SuperUserPW, "supw", "", "")
+	flag.BoolVar(&Args.ReadPass, "readsupw", false, "")
+	flag.BoolVar(&Args.DisablePass, "disablesu", false, "")
+
 	flag.BoolVar(&Args.RegenKeys, "regen-keys", false, "")

 	flag.StringVar(&Args.SQLiteDB, "import-murmurdb", "", "")
--- a/cmd/grumble/grumble.go
+++ b/cmd/grumble/grumble.go
@ -7,10 +7,12 @@ package main
 import (
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"os"
 	"path/filepath"
 	"regexp"
+	"strconv"

 	"mumble.info/grumble/pkg/blobstore"
 	"mumble.info/grumble/pkg/logtarget"
@ -29,6 +31,20 @@ func main() {
 		Usage()
 		return
 	}
+	if Args.ReadPass {
+		data, err := ioutil.ReadAll(os.Stdin)
+		if err != nil {
+			log.Fatalf("Failed to read password from stdin: %v", err)
+		}
+		Args.SuperUserPW = string(data)
+	}
+	if flag.NArg() > 0 && (Args.SuperUserPW != "" || Args.DisablePass) {
+		Args.ServerId, err = strconv.ParseInt(flag.Arg(0), 10, 64)
+		if err != nil {
+			log.Fatalf("Failed to parse server id %v: %v", flag.Arg(0), err)
+			return
+		}
+	}

 	// Open the data dir to check whether it exists.
 	dataDir, err := os.Open(Args.DataDir)
@ -114,9 +130,7 @@ func main() {

 	// Check whether we should regenerate the default global keypair
 	// and corresponding certificate.
-	// These are used as the default certificate of all virtual servers
-	// and the SSH admin console, but can be overridden using the "key"
-	// and "cert" arguments to Grumble. todo(rubenseyer) implement override by cli
+	// These are used as the default certificate of all virtual servers.
 	certFn := config.PathValue("CertPath", Args.DataDir)
 	keyFn := config.PathValue("KeyPath", Args.DataDir)
 	shouldRegen := false
@ -232,6 +246,18 @@ func main() {
 			if err != nil {
 				log.Fatalf("Unable to load server: %v", err.Error())
 			}
+
+			// Check if SuperUser password should be updated.
+			if Args.ServerId == 0 || Args.ServerId == s.Id {
+				if Args.DisablePass {
+					s.cfg.Reset("SuperUserPassword")
+					log.Printf("Disabled SuperUser for server %v", name)
+				} else if Args.SuperUserPW != "" {
+					s.SetSuperUserPassword(Args.SuperUserPW)
+					log.Printf("Set SuperUser password for server %v", name)
+				}
+			}
+
 			err = s.FreezeToFile()
 			if err != nil {
 				log.Fatalf("Unable to freeze server to disk: %v", err.Error())
@ -240,6 +266,14 @@ func main() {
 		}
 	}

+	// If SuperUser password flags were passed, the servers should not start.
+	if Args.SuperUserPW != "" || Args.DisablePass {
+		if len(servers) == 0 {
+			log.Fatalf("No servers found to set password for")
+		}
+		return
+	}
+
 	// If no servers were found, create the default virtual server.
 	if len(servers) == 0 {
 		s, err := NewServer(1, configFile.ServerConfig(1, nil))
--- a/cmd/grumble/server.go
+++ b/cmd/grumble/server.go
@ -74,8 +74,8 @@ type Server struct {

 	incoming       chan *Message
 	voicebroadcast chan *VoiceBroadcast
-	cfgUpdate      chan *KeyValuePair
 	tempRemove     chan *Channel
+	//cfgUpdate      chan *KeyValuePair

 	// Signals to the server that a client has been successfully
 	// authenticated.