Add "forceExternalAuth" config option to Murmur

Without this option (or when it's set to false), Murmur's default authentication will kick in when your external authenticator plugin crashes and basically allow *anyone* to login and register. When it's enabled, Murmur will instead return a temporary login failure to the client.
author: main() <main@ehvag.eu.org> 2014-07-17 19:54:49 +0400
committer: Mikkel Krautz <mikkel@krautz.dk> 2014-07-17 22:55:44 +0400
commit: dc3b78c9147fe7da57ec7de58cf952d4ae281b4e (patch)
tree: 2cb544ff6479297d3c7153397485911be16cbdd3 /src/murmur/ServerDB.cpp
parent: cf51bf3b21704469fd5a480d09b103d970b76aca (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/murmur/ServerDB.cpp b/src/murmur/ServerDB.cpp
index 819dc459d..67720d3ae 100644
--- a/src/murmur/ServerDB.cpp
+++ b/src/murmur/ServerDB.cpp
@@ -843,7 +843,7 @@ QMap<int, QString> Server::getRegistration(int id) {
 /// @return UserID of authenticated user, -1 for authentication failures, -2 for unknown user (fallthrough),
 ///         -3 for authentication failures where the data could (temporarily) not be verified.
 int Server::authenticate(QString &name, const QString &pw, int sessionId, const QStringList &emails, const QString &certhash, bool bStrongCert, const QList<QSslCertificate> &certs) {
-	int res = -2;
+	int res = bForceExternalAuth ? -3 : -2;
 
 	emit authenticateSig(res, name, sessionId, certs, certhash, bStrongCert, pw);
author	main() <main@ehvag.eu.org>	2014-07-17 19:54:49 +0400
committer	Mikkel Krautz <mikkel@krautz.dk>	2014-07-17 22:55:44 +0400
commit	dc3b78c9147fe7da57ec7de58cf952d4ae281b4e (patch)
tree	2cb544ff6479297d3c7153397485911be16cbdd3 /src/murmur/ServerDB.cpp
parent	cf51bf3b21704469fd5a480d09b103d970b76aca (diff)