FIX ACL group lookups

cmd/grumble/freeze.go

@@ -12,6 +12,7 @@ import (
 	"os"
 	"path/filepath"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/golang/protobuf/proto"
@@ -483,7 +484,7 @@ func NewServerFromFrozen(name string) (s *Server, err error) {
 		// Update the server's user maps to point correctly
 		// to the new user.
 		s.Users[u.Id] = u
-		s.UserNameMap[u.Name] = u
+		s.UserNameMap[strings.ToLower(u.Name)] = u
 		if len(u.CertHash) > 0 {
 			s.UserCertMap[u.CertHash] = u
 		}
@@ -553,7 +554,7 @@ func NewServerFromFrozen(name string) (s *Server, err error) {
 				// Update the various user maps in the server to
 				// be able to correctly look up the user.
 				s.Users[user.Id] = user
-				s.UserNameMap[user.Name] = user
+				s.UserNameMap[strings.ToLower(user.Name)] = user
 				if len(user.CertHash) > 0 {
 					s.UserCertMap[user.CertHash] = user
 				}
@@ -574,7 +575,7 @@ func NewServerFromFrozen(name string) (s *Server, err error) {
 				if ok {
 					// Clear the server maps. That should do it.
 					delete(s.Users, userId)
-					delete(s.UserNameMap, user.Name)
+					delete(s.UserNameMap, strings.ToLower(user.Name))
 					if len(user.CertHash) > 0 {
 						delete(s.UserCertMap, user.CertHash)
 					}

cmd/grumble/message.go

@@ -9,6 +9,7 @@ import (
 	"crypto/tls"
 	"fmt"
 	"net"
+	"strings"
 	"time"
 
 	"github.com/golang/protobuf/proto"
@@ -1269,7 +1270,7 @@ func (server *Server) handleQueryUsers(client *Client, msg *Message) {
 	}
 
 	for _, name := range query.Names {
-		user, exists := server.UserNameMap[name]
+		user, exists := server.UserNameMap[strings.ToLower(name)]
 		if exists {
 			reply.Ids = append(reply.Ids, user.Id)
 			reply.Names = append(reply.Names, name)

cmd/grumble/server.go

@@ -149,7 +149,7 @@ func NewServer(id int64) (s *Server, err error) {
 	s.UserCertMap = make(map[string]*User)
 	s.UserNameMap = make(map[string]*User)
 	s.Users[0], err = NewUser(0, "SuperUser")
-	s.UserNameMap["SuperUser"] = s.Users[0]
+	s.UserNameMap["superuser"] = s.Users[0]
 	s.nextUserId = 1
 
 	s.Channels = make(map[int]*Channel)
@@ -508,7 +508,7 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
 		} else {
 			if server.CheckSuperUserPassword(*auth.Password) {
 				ok := false
-				client.user, ok = server.UserNameMap[client.Username]
+				client.user, ok = server.UserNameMap[strings.ToLower(client.Username)]
 				if !ok {
 					client.RejectAuth(mumbleproto.Reject_InvalidUsername, "")
 					return
@@ -520,7 +520,7 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) {
 		}
 	} else {
 		// First look up registration by name.
-		user, exists := server.UserNameMap[client.Username]
+		user, exists := server.UserNameMap[strings.ToLower(client.Username)]
 		if exists {
 			if client.HasCertificate() && user.CertHash == client.CertHash() {
 				client.user = user
@@ -1138,7 +1138,7 @@ func (s *Server) RegisterClient(client *Client) (uid uint32, err error) {
 	uid = s.nextUserId
 	s.Users[uid] = user
 	s.UserCertMap[client.CertHash()] = user
-	s.UserNameMap[client.Username] = user
+	s.UserNameMap[strings.ToLower(client.Username)] = user
 
 	return uid, nil
 }
@@ -1153,7 +1153,7 @@ func (s *Server) RemoveRegistration(uid uint32) (err error) {
 	// Remove from user maps
 	delete(s.Users, uid)
 	delete(s.UserCertMap, user.CertHash)
-	delete(s.UserNameMap, user.Name)
+	delete(s.UserNameMap, strings.ToLower(user.Name))
 
 	// Remove from groups and ACLs.
 	s.removeRegisteredUserFromChannel(uid, s.RootChannel())

pkg/acl/group.go

@@ -344,7 +344,7 @@ func GroupMemberCheck(current *Context, acl *Context, name string, user User) (o
 func (ctx *Context) GroupNames() []string {
 	names := map[string]bool{}
 	origCtx := ctx
-	contexts := []*Context{}
+	contexts := buildChain(ctx)
 
 	// Walk through the whole context chain and all groups in it.
 	for _, ctx := range contexts {