diff options
author | Thorvald Natvig <slicer@users.sourceforge.net> | 2010-01-18 03:45:35 +0300 |
---|---|---|
committer | Thorvald Natvig <slicer@users.sourceforge.net> | 2010-01-18 03:45:35 +0300 |
commit | 5cd6a1be959005191423372847bb7f3dcd7c5c59 (patch) | |
tree | 3a047942fa3b89a15fb4b3e1d40f93cd0c643fc8 /scripts | |
parent | c129ba404d3e80f0d2607b014e2549f92a035b64 (diff) |
Add icesecret .ini parameter to "protect" local Ice connections
Diffstat (limited to 'scripts')
-rw-r--r-- | scripts/mkwrapper.pl | 7 | ||||
-rw-r--r-- | scripts/murmur.ini | 17 | ||||
-rwxr-xr-x | scripts/testcallback.py | 15 |
3 files changed, 27 insertions, 12 deletions
diff --git a/scripts/mkwrapper.pl b/scripts/mkwrapper.pl index 740c1c141..246e37d01 100644 --- a/scripts/mkwrapper.pl +++ b/scripts/mkwrapper.pl @@ -18,6 +18,13 @@ sub func($$\@\@\@) { print I "void ::Murmur::${class}I::${func}_async(". join(", ", @{$wrapargs}).") {\n"; # print I "\tqWarning(\"CALL ${func}\");\n"; + print I "\tif (! meta->mp.qsIceSecret.isEmpty()) {\n"; + print I "\t\t::Ice::Context::const_iterator i = current.ctx.find(\"secret\");\n"; + print I "\t\tif((i == current.ctx.end()) || (u8((*i).second) != meta->mp.qsIceSecret)) {\n"; + print I "\t\t\tcb->ice_exception(InvalidSecretException());\n"; + print I "\t\t\treturn;\n"; + print I "\t\t}\n"; + print I "\t}\n"; print I "\tExecEvent *ie = new ExecEvent(boost::bind(&impl_${class}_$func, " . join(", ", @${callargs})."));\n"; print I "\tQCoreApplication::instance()->postEvent(mi, ie);\n"; print I "};\n"; diff --git a/scripts/murmur.ini b/scripts/murmur.ini index 65178ac24..d454223f9 100644 --- a/scripts/murmur.ini +++ b/scripts/murmur.ini @@ -24,13 +24,19 @@ dbus=session # murmurd processes connected to the same D-Bus daemon. #dbusservice=net.sourceforge.mumble.murmur -# If you want to use ZeroC ICE to communicate with Murmur, you need +# If you want to use ZeroC Ice to communicate with Murmur, you need # to specify the endpoint to use. Since there is no authentication # with ICE, you should only use it if you trust all the users who have # shell access to your machine. # Please see the ICE documentation on how to specify endpoints. #ice="tcp -h 127.0.0.1 -p 6502" +# Ice primarily uses local sockets. This means anyone who has a +# user account on your machine can connect to the Ice services. +# You can set a plaintext "secret" on the Ice conntection, and +# any script attempting to access must then have this secret. +#icesecret= + # How many login attempts do we tolerate from one IP # inside a given timeframe before we ban the connection? # Note that this is global (shared between all virtual servers), and that @@ -115,15 +121,6 @@ users=100 #sslCert= #sslKey= -# To enable username registration through -# http://webserver/cgi-bin/mumble-server/register.cgi -# then this value must be set to a valid email -# and you must be running a SMTP server on this -# machine. -# This option is only used for a pre-packaged system-wide installation, -# and does nothing if you just start murmurd yourself. -#emailfrom= - # If murmur is started as root, which user should it switch to? # This option is ignored if murmur isn't started with root privileges. #uname= diff --git a/scripts/testcallback.py b/scripts/testcallback.py index d31125a1d..0939794be 100755 --- a/scripts/testcallback.py +++ b/scripts/testcallback.py @@ -32,6 +32,8 @@ class ServerCallbackI(Murmur.ServerCallback): hash.update(cert) cert = X509.load_cert_der_string(cert) print cert.get_subject(), "issued by", cert.get_issuer(), "hash", hash.hexdigest() + if current: + print current.ctx def userDisconnected(self, p, current=None): print "disconnected" @@ -72,11 +74,20 @@ class ServerContextCallbackI(Murmur.ServerContextCallback): if __name__ == "__main__": global contextR + prop = Ice.createProperties(sys.argv) + prop.setProperty("Ice.ImplicitContext", "Shared") + + idd = Ice.InitializationData() + idd.properties = prop + + ice = Ice.initialize(idd) + print "Creating callbacks...", - ice = Ice.initialize(sys.argv) - meta = Murmur.MetaPrx.checkedCast(ice.stringToProxy('Meta:tcp -h 127.0.0.1 -p 6502')) + # If icesecret is set, we need to set it here as well. + ice.getImplicitContext().put("secret", "fourtytwo") + meta = Murmur.MetaPrx.checkedCast(ice.stringToProxy('Meta:tcp -h 127.0.0.1 -p 6502')) adapter = ice.createObjectAdapterWithEndpoints("Callback.Client", "tcp -h 127.0.0.1") metaR=Murmur.MetaCallbackPrx.uncheckedCast(adapter.addWithUUID(MetaCallbackI())) |