From da69797f319dc0994141c7564faec4b8c40b89c1 Mon Sep 17 00:00:00 2001 From: Scott Hardin Date: Sun, 28 May 2017 21:16:46 +0200 Subject: [PATCH] add initial support for client certs --- MumbleCommunicator.cpp | 2 ++ MumbleCommunicator.hpp | 2 ++ config.ini.example | 6 +++- main.cpp | 8 +++++ make-client-certs.sh | 66 ++++++++++++++++++++++++++++++++++++++++++ 5 files changed, 83 insertions(+), 1 deletion(-) create mode 100755 make-client-certs.sh diff --git a/MumbleCommunicator.cpp b/MumbleCommunicator.cpp index 8e4d980..948c769 100644 --- a/MumbleCommunicator.cpp +++ b/MumbleCommunicator.cpp @@ -76,6 +76,8 @@ void mumble::MumbleCommunicator::connect(MumbleCommunicatorConfig &config) { mumConfig = mumlib::MumlibConfiguration(); mumConfig.opusEncoderBitrate = config.opusEncoderBitrate; + mumConfig.cert_file = config.cert_file; + mumConfig.privkey_file = config.privkey_file; mum.reset(new mumlib::Mumlib(*callback, ioService, mumConfig)); callback->communicator = this; diff --git a/MumbleCommunicator.hpp b/MumbleCommunicator.hpp index 6d59936..39b04b9 100644 --- a/MumbleCommunicator.hpp +++ b/MumbleCommunicator.hpp @@ -26,6 +26,8 @@ namespace mumble { std::string user; std::string password; std::string host; + std::string cert_file; + std::string privkey_file; int opusEncoderBitrate; int port = 0; bool autodeaf; diff --git a/config.ini.example b/config.ini.example index 62690c2..d661fb7 100644 --- a/config.ini.example +++ b/config.ini.example @@ -30,12 +30,16 @@ channelNameExpression = # When here is no SIP connection, the mumble state is set to self_mute/self_deaf # so the other users can easily see whether the SIP is connected even when not # in the same group -autodeaf = 0 +autodeaf = 1 # Bitrate of Opus encoder in B/s # Adjust it if you need to meet the specific bandwidth requirements of Murmur server opusEncoderBitrate = 16000 +# Set to 1 to use client certificates. The certs must be named -cert.pem and +# the private keys -key.pem. +use_certs = 0 + [app] # Caller PIN needed to authenticate the phone call itself. The caller presses diff --git a/main.cpp b/main.cpp index 789a3a8..f345cf2 100644 --- a/main.cpp +++ b/main.cpp @@ -228,6 +228,14 @@ int main(int argc, char *argv[]) { mumcom); mumbleConf.user = conf.getString("mumble.user") + '-' + std::to_string(i); + try { + if ( conf.getBool("mumble.use_certs") ) { + mumbleConf.cert_file = mumbleConf.user + "-cert.pem"; + mumbleConf.privkey_file = mumbleConf.user + "-key.pem"; + } + } catch (...) { + logger.info("Client certs not enabled in config"); + } mumcom->connect(mumbleConf); } diff --git a/make-client-certs.sh b/make-client-certs.sh new file mode 100755 index 0000000..2b57794 --- /dev/null +++ b/make-client-certs.sh @@ -0,0 +1,66 @@ +#!/bin/bash +# +# make-client-certs.sh - creates the client certs for registering with Mumble +# +# Usage: +# +# make-client-certs.sh +# +# make-client-certs.sh +# +# Notes: +# +# * The certs are self-signed and are not passphrase protected. Depending on +# the target environment and usage, this may or may not be OK. If you need +# a passphrase, you'll need to hack Mumlib. +# +# * The names are hard-coded in mumsi to match -key.pem and +# -cert.pem. This is done to make it easier to configure multi-line +# functionality. +# +# * When generating files for a series of users, the counter is appended to the +# user name, from '0' to one less than the COUNT. + +function usage { + cat <