diff options
author | Derrick <actown@users.noreply.github.com> | 2020-04-12 05:08:29 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-04-12 05:08:29 +0300 |
commit | df983754639dbe9b689f47584bffabae9f438137 (patch) | |
tree | f1e753b02a38d874414d57df209a96517a9e36a3 | |
parent | a31e58979d3780c0ad367c21aecce61c1f6f8362 (diff) | |
parent | 495d699ec82b30187eca72cadfdd1c755798b6e5 (diff) |
Merge pull request #55 from olabiniV2/server_password
Add support for server passwords
-rw-r--r-- | cmd/grumble/server.go | 40 |
1 files changed, 34 insertions, 6 deletions
diff --git a/cmd/grumble/server.go b/cmd/grumble/server.go index 7a1c45b..d46552d 100644 --- a/cmd/grumble/server.go +++ b/cmd/grumble/server.go @@ -175,8 +175,7 @@ func (server *Server) RootChannel() *Channel { return root } -// Set password as the new SuperUser password -func (server *Server) SetSuperUserPassword(password string) { +func (server *Server) setConfigPassword(key, password string) { saltBytes := make([]byte, 24) _, err := rand.Read(saltBytes) if err != nil { @@ -190,7 +189,6 @@ func (server *Server) SetSuperUserPassword(password string) { digest := hex.EncodeToString(hasher.Sum(nil)) // Could be racy, but shouldn't really matter... - key := "SuperUserPassword" val := "sha1$" + salt + "$" + digest server.cfg.Set(key, val) @@ -199,9 +197,18 @@ func (server *Server) SetSuperUserPassword(password string) { } } -// CheckSuperUserPassword checks whether password matches the set SuperUser password. -func (server *Server) CheckSuperUserPassword(password string) bool { - parts := strings.Split(server.cfg.StringValue("SuperUserPassword"), "$") +// SetSuperUserPassword sets password as the new SuperUser password +func (server *Server) SetSuperUserPassword(password string) { + server.setConfigPassword("SuperUserPassword", password) +} + +// SetServerPassword sets password as the new Server password +func (server *Server) SetServerPassword(password string) { + server.setConfigPassword("ServerPassword", password) +} + +func (server *Server) checkConfigPassword(key, password string) bool { + parts := strings.Split(server.cfg.StringValue(key), "$") if len(parts) != 3 { return false } @@ -239,6 +246,20 @@ func (server *Server) CheckSuperUserPassword(password string) bool { return false } +// CheckSuperUserPassword checks whether password matches the set SuperUser password. +func (server *Server) CheckSuperUserPassword(password string) bool { + return server.checkConfigPassword("SuperUserPassword", password) +} + +// CheckServerPassword checks whether password matches the set Server password. +func (server *Server) CheckServerPassword(password string) bool { + return server.checkConfigPassword("ServerPassword", password) +} + +func (server *Server) hasServerPassword() bool { + return server.cfg.StringValue("ServerPassword") != "" +} + // Called by the server to initiate a new client connection. func (server *Server) handleIncomingClient(conn net.Conn) (err error) { client := new(Client) @@ -518,6 +539,13 @@ func (server *Server) handleAuthenticate(client *Client, msg *Message) { } } + if client.user == nil && server.hasServerPassword() { + if auth.Password == nil || !server.CheckServerPassword(*auth.Password) { + client.RejectAuth(mumbleproto.Reject_WrongServerPW, "Invalid server password") + return + } + } + // Setup the cryptstate for the client. err = client.crypt.GenerateKey(client.CryptoMode) if err != nil { |