Add CertificateLockFile() for more secure connections

2015-02-19 16:48:40 -08:00 · 2015-02-19 16:48:40 -08:00 · ca558ffdd6
parent 5c3644797a
commit ca558ffdd6
2 changed files with 16 additions and 8 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,10 @@
 MumbleDJ Changelog
 ==================

+### February 19, 2015 -- `v2.6.3`
+* Added `gumbleutil.CertificateLockFile()` for more secure connections.
+* Added `-insecure` boolean commandline flag to allow MumbleDJ to connect to a server without overwriting `~/.mumbledj/cert.lock`.
+
 ### February 18, 2015 -- `v2.6.2`
 * Fixed bot crashing after 5 minutes if there is nothing in the song queue.
 * Fixed queue freezing up if the download of the first song in queue fails.
--- a/main.go
+++ b/main.go
@ -43,10 +43,6 @@ func (dj *mumbledj) OnConnect(e *gumble.ConnectEvent) {
 		fmt.Println("Channel doesn't exist or one was not provided, staying in root channel...")
 	}

-	if currentUser, err := user.Current(); err == nil {
-		dj.homeDir = currentUser.HomeDir
-	}
-
 	if err := loadConfiguration(); err == nil {
 		fmt.Println("Configuration successfully loaded!")
 	} else {
@ -134,6 +130,7 @@ var dj = mumbledj{
 // args, sets up the gumble client and its listeners, and then connects to the server.
 func main() {
 	var address, port, username, password, channel, pemCert, pemKey string
+	var insecure bool

 	flag.StringVar(&address, "server", "localhost", "address for Mumble server")
 	flag.StringVar(&port, "port", "64738", "port for Mumble server")
@ -142,14 +139,24 @@ func main() {
 	flag.StringVar(&channel, "channel", "root", "default channel for MumbleDJ")
 	flag.StringVar(&pemCert, "cert", "", "path to user PEM certificate for MumbleDJ")
 	flag.StringVar(&pemKey, "key", "", "path to user PEM key for MumbleDJ")
+	flag.BoolVar(&insecure, "insecure", false, "skip certificate checking")
 	flag.Parse()

-	dj.client = gumble.NewClient(&dj.config)
 	dj.config = gumble.Config{
 		Username: username,
 		Password: password,
 		Address:  address + ":" + port,
 	}
+	dj.client = gumble.NewClient(&dj.config)
+
+	if currentUser, err := user.Current(); err == nil {
+		dj.homeDir = currentUser.HomeDir
+	}
+
+	dj.config.TLSConfig.InsecureSkipVerify = true
+	if !insecure {
+		gumbleutil.CertificateLockFile(dj.client, fmt.Sprintf("%s/.mumbledj/cert.lock", dj.homeDir))
+	}
 	if pemCert != "" {
 		if pemKey == "" {
 			pemKey = pemCert
@ -171,9 +178,6 @@ func main() {
 	})
 	dj.client.Attach(gumbleutil.AutoBitrate)

-	// IMPORTANT NOTE: This will be changed later once released. Not really safe at the
-	// moment.
-	dj.config.TLSConfig.InsecureSkipVerify = true
 	if err := dj.client.Connect(); err != nil {
 		fmt.Printf("Could not connect to Mumble server at %s:%s.\n", address, port)
 		os.Exit(1)