From 9f1d465ac411ef2efc5930bbdf56b8ea67b48690 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Mon, 7 Jun 2021 20:42:01 +0200 Subject: specify if we accept invalid server certs or not --- mumctl/src/main.rs | 31 +++++++++++++++++++++++++------ 1 file changed, 25 insertions(+), 6 deletions(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index bde24a1..cb0ec2f 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -236,7 +236,7 @@ fn match_opt() -> Result<(), Error> { } => { let port = port.unwrap_or(mumlib::DEFAULT_PORT); - let (host, username, password, port) = + let (host, username, password, port, accept_invalid_cert) = match config.servers.iter().find(|e| e.name == host) { Some(server) => ( &server.host, @@ -247,27 +247,45 @@ fn match_opt() -> Result<(), Error> { .ok_or(CliError::NoUsername)?, server.password.as_ref().or(password.as_ref()), server.port.unwrap_or(port), + server.accept_invalid_cert, ), None => ( &host, username.as_ref().ok_or(CliError::NoUsername)?, password.as_ref(), port, + None, ), }; + let accept_invalid_cert = accept_invalid_cert + .or(config.allow_invalid_server_cert); + let specified_accept_invalid_cert = accept_invalid_cert.is_some(); + let response = send_command(MumCommand::ServerConnect { host: host.to_string(), port, username: username.to_string(), password: password.map(|x| x.to_string()), - accept_invalid_cert: true, //TODO + accept_invalid_cert: accept_invalid_cert.unwrap_or(false), //TODO force true/false via flags })??; - if let Some(CommandResponse::ServerConnect { welcome_message }) = response { - println!("Connected to {}", host); - if let Some(message) = welcome_message { - println!("Welcome: {}", message); + match response { + Some(CommandResponse::ServerConnect { welcome_message }) => { + println!("Connected to {}", host); + if let Some(message) = welcome_message { + println!("Welcome: {}", message); + } + } + Some(CommandResponse::ServerCertReject) => { + error!("Connection rejected since the server supplied an invalid certificate."); + if !specified_accept_invalid_cert { + eprintln!("help: If you trust this server anyway, you can do any of the following to connect:"); + // eprintln!(" 1. Temporarily trust this server by passing --accept-invalid-cert when connecting."); + eprintln!(" 1. Permanently trust this server by setting accept_invalid_cert=true in the server's config."); + eprintln!(" 2. Permantently trust all invalid certificates by setting accept_all_invalid_certs=true globally"); + } } + other => unreachable!("Response should only be a ServerConnect or ServerCertReject. Got {:?}", other) } } Command::Disconnect => { @@ -536,6 +554,7 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( port, username, password, + accept_invalid_cert: None, //TODO }); } } -- cgit v1.2.1 From 8744d7bff9941302dba05ddbfa98d50a255fc8d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Mon, 7 Jun 2021 22:09:27 +0200 Subject: mumctl config for invalid certs --- mumctl/src/main.rs | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index cb0ec2f..c7f2335 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -331,6 +331,11 @@ fn match_opt() -> Result<(), Error> { config.audio.output_volume = Some(volume); } } + "accept_all_invalid_certs" => { + if let Ok(b) = value.parse() { + config.allow_invalid_server_cert = Some(b); + } + } _ => { return Err(CliError::ConfigKeyNotFound(key).into()); } @@ -461,7 +466,7 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( match (key.as_deref(), value) { (None, _) => { print!( - "{}{}{}{}", + "{}{}{}{}{}", format!("host: {}\n", server.host.to_string()), server .port @@ -477,6 +482,10 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( .as_ref() .map(|s| format!("password: {}\n", s)) .unwrap_or_else(|| "".to_string()), + server + .accept_invalid_cert + .map(|b| format!("accept_invalid_cert: {}\n", if b { "true" } else { "false" })) + .unwrap_or_else(|| "".to_string()), ); } (Some("name"), None) => { @@ -509,6 +518,15 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( .ok_or(CliError::NotSet("password".to_string()))? ); } + (Some("accept_invalid_cert"), None) => { + println!( + "{}", + server + .accept_invalid_cert + .map(|b| if b { "true" } else { "false "}) + .ok_or(CliError::NotSet("accept_invalid_cert".to_string()))? + ); + } (Some("name"), Some(_)) => { return Err(CliError::UseServerRename)?; } @@ -525,6 +543,13 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( server.password = Some(value); //TODO ask stdin if empty } + (Some("accept_invalid_cert"), Some(value)) => { + match value.as_ref() { + "true" => server.accept_invalid_cert = Some(true), + "false" => server.accept_invalid_cert = Some(false), + v => warn!("Couldn't parse '{}' as bool", v), + } + } (Some(_), _) => { return Err(CliError::ConfigKeyNotFound(key.unwrap()))?; } -- cgit v1.2.1 From a1d831bb330961e37292910584d31c85afb6c137 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Fri, 11 Jun 2021 17:36:46 +0200 Subject: add cli-option --accept-invalid-cert --- mumctl/src/main.rs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index c7f2335..2c73f7b 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -55,6 +55,8 @@ enum Command { password: Option, #[structopt(short = "p", long = "port")] port: Option, + #[structopt(long = "accept-invalid-cert")] + accept_invalid_cert: bool, }, /// Disconnect from the currently connected server Disconnect, @@ -233,10 +235,12 @@ fn match_opt() -> Result<(), Error> { username, password, port, + accept_invalid_cert: cli_accept_invalid_cert, } => { let port = port.unwrap_or(mumlib::DEFAULT_PORT); - let (host, username, password, port, accept_invalid_cert) = + + let (host, username, password, port, server_accept_invalid_cert) = match config.servers.iter().find(|e| e.name == host) { Some(server) => ( &server.host, @@ -258,16 +262,16 @@ fn match_opt() -> Result<(), Error> { ), }; - let accept_invalid_cert = accept_invalid_cert + let config_accept_invalid_cert = server_accept_invalid_cert .or(config.allow_invalid_server_cert); - let specified_accept_invalid_cert = accept_invalid_cert.is_some(); + let specified_accept_invalid_cert = cli_accept_invalid_cert || config_accept_invalid_cert.is_some(); let response = send_command(MumCommand::ServerConnect { host: host.to_string(), port, username: username.to_string(), password: password.map(|x| x.to_string()), - accept_invalid_cert: accept_invalid_cert.unwrap_or(false), //TODO force true/false via flags + accept_invalid_cert: cli_accept_invalid_cert || config_accept_invalid_cert.unwrap_or(false), })??; match response { Some(CommandResponse::ServerConnect { welcome_message }) => { @@ -280,9 +284,9 @@ fn match_opt() -> Result<(), Error> { error!("Connection rejected since the server supplied an invalid certificate."); if !specified_accept_invalid_cert { eprintln!("help: If you trust this server anyway, you can do any of the following to connect:"); - // eprintln!(" 1. Temporarily trust this server by passing --accept-invalid-cert when connecting."); - eprintln!(" 1. Permanently trust this server by setting accept_invalid_cert=true in the server's config."); - eprintln!(" 2. Permantently trust all invalid certificates by setting accept_all_invalid_certs=true globally"); + eprintln!(" 1. Temporarily trust this server by passing --accept-invalid-cert when connecting."); + eprintln!(" 2. Permanently trust this server by setting accept_invalid_cert=true in the server's config."); + eprintln!(" 3. Permantently trust all invalid certificates by setting accept_all_invalid_certs=true globally"); } } other => unreachable!("Response should only be a ServerConnect or ServerCertReject. Got {:?}", other) -- cgit v1.2.1 From f9b258d41e1224e273198abb45bca2343fa7cca4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Fri, 11 Jun 2021 17:39:19 +0200 Subject: stringbools --- mumctl/src/main.rs | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index 2c73f7b..9019f71 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -527,7 +527,7 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( "{}", server .accept_invalid_cert - .map(|b| if b { "true" } else { "false "}) + .map(|b| b.to_string()) .ok_or(CliError::NotSet("accept_invalid_cert".to_string()))? ); } @@ -548,10 +548,9 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( //TODO ask stdin if empty } (Some("accept_invalid_cert"), Some(value)) => { - match value.as_ref() { - "true" => server.accept_invalid_cert = Some(true), - "false" => server.accept_invalid_cert = Some(false), - v => warn!("Couldn't parse '{}' as bool", v), + match value.parse() { + Ok(b) => server.accept_invalid_cert = Some(b), + Err(e) => warn!("{}", e) } } (Some(_), _) => { -- cgit v1.2.1 From 47eb3c8835695ffba375d79efc8a91989003ea2b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Fri, 11 Jun 2021 17:39:52 +0200 Subject: remove todo --- mumctl/src/main.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index 9019f71..9de946e 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -582,7 +582,7 @@ fn match_server_command(server_command: Server, config: &mut Config) -> Result<( port, username, password, - accept_invalid_cert: None, //TODO + accept_invalid_cert: None, }); } } -- cgit v1.2.1 From 24ab81363b18f874c68690ae54ba8a27bd46acd3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustav=20S=C3=B6rn=C3=A4s?= Date: Fri, 11 Jun 2021 18:35:00 +0200 Subject: servert cert reject is error --- mumctl/src/main.rs | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'mumctl') diff --git a/mumctl/src/main.rs b/mumctl/src/main.rs index 9de946e..bf1ffdc 100644 --- a/mumctl/src/main.rs +++ b/mumctl/src/main.rs @@ -272,15 +272,15 @@ fn match_opt() -> Result<(), Error> { username: username.to_string(), password: password.map(|x| x.to_string()), accept_invalid_cert: cli_accept_invalid_cert || config_accept_invalid_cert.unwrap_or(false), - })??; + })?; match response { - Some(CommandResponse::ServerConnect { welcome_message }) => { + Ok(Some(CommandResponse::ServerConnect { welcome_message })) => { println!("Connected to {}", host); if let Some(message) = welcome_message { println!("Welcome: {}", message); } } - Some(CommandResponse::ServerCertReject) => { + Err(mumlib::error::Error::ServerCertReject) => { error!("Connection rejected since the server supplied an invalid certificate."); if !specified_accept_invalid_cert { eprintln!("help: If you trust this server anyway, you can do any of the following to connect:"); @@ -289,7 +289,8 @@ fn match_opt() -> Result<(), Error> { eprintln!(" 3. Permantently trust all invalid certificates by setting accept_all_invalid_certs=true globally"); } } - other => unreachable!("Response should only be a ServerConnect or ServerCertReject. Got {:?}", other) + Ok(other) => unreachable!("Response should only be a ServerConnect or ServerCertReject. Got {:?}", other), + Err(e) => return Err(e.into()), } } Command::Disconnect => { -- cgit v1.2.1