Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

- client: if gui_rpc_auth.cfg is empty, print a warning but don't error out; 

an empty GUI RPC password is allowed.
This commit is contained in:
David Anderson 2013-01-02 22:51:56 -08:00 committed by Oliver Bock
parent 08126182b6
commit 369abbd9f8
4 changed files with 153 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
client/gui_rpc_server.cpp
View File

@ -112,7 +112,10 @@ bool GUI_RPC_CONN_SET::recent_rpc_needs_network(double interval) {
return false;
}
int GUI_RPC_CONN_SET::get_password() {
// read the GUI RPC password from gui_rpc_auth.cfg;
// create one if missing.
//
void GUI_RPC_CONN_SET::get_password() {
int retval;
strcpy(password, "");
@ -122,55 +125,56 @@ int GUI_RPC_CONN_SET::get_password() {
strip_whitespace(password);
}
fclose(f);
if (strlen(password) == 0) {
msg_printf(NULL, MSG_USER_ALERT,
"gui_rpc_auth.cfg is empty; disabling remote access"
if (!strlen(password)) {
msg_printf(NULL, MSG_INFO,
"gui_rpc_auth.cfg is empty - no GUI RPC password protection"
);
return ERR_BAD_PASSWD;
}
} else {
// if no password file, make a random password
//
retval = make_random_string(password);
if (retval) {
if (config.os_random_only) {
msg_printf(
NULL, MSG_INTERNAL_ERROR,
"OS random string generation failed, exiting"
);
exit(1);
}
gstate.host_info.make_random_string("guirpc", password);
}
f = fopen(GUI_RPC_PASSWD_FILE, "w");
if (!f) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't open gui_rpc_auth.cfg; disabling remote access"
);
return ERR_BAD_PASSWD;
}
retval = fputs(password, f);
fclose(f);
if (retval == EOF) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't write gui_rpc_auth.cfg; disabling remote access"
);
return ERR_BAD_PASSWD;
}
#ifndef _WIN32
// if someone can read the password,
// they can cause code to execute as this user.
// So better protect it.
//
if (g_use_sandbox) {
// Allow group access so authorized administrator can modify it
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP);
} else {
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR);
}
#endif
return;
}
return 0;
// if no password file, make a random password
//
retval = make_random_string(password);
if (retval) {
if (config.os_random_only) {
msg_printf(
NULL, MSG_INTERNAL_ERROR,
"OS random string generation failed, exiting"
);
exit(1);
}
gstate.host_info.make_random_string("guirpc", password);
}
// try to write it to the file.
// if fail, just return
//
f = fopen(GUI_RPC_PASSWD_FILE, "w");
if (!f) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't open gui_rpc_auth.cfg - fix permissions"
);
}
retval = fputs(password, f);
fclose(f);
if (retval == EOF) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't write gui_rpc_auth.cfg - fix permissions"
);
}
#ifndef _WIN32
// if someone can read the password,
// they can cause code to execute as this user.
// So better protect it.
//
if (g_use_sandbox) {
// Allow group access so authorized administrator can modify it
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP);
} else {
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR);
}
#endif
}
int GUI_RPC_CONN_SET::get_allowed_hosts() {
@ -221,17 +225,20 @@ int GUI_RPC_CONN_SET::insert(GUI_RPC_CONN* p) {
// If the client runs at boot time,
// it may be a while (~10 sec) before the DNS system is working.
// If this returns an error, it will get called once a second
// for up to 30 seconds.
// If this returns an error,
// it will get called once a second for up to 30 seconds.
// On the last call, "last_time" is set; print error messages then.
//
int GUI_RPC_CONN_SET::init(bool last_time) {
sockaddr_in addr;
int retval;
bool first = true;
retval = get_password();
if (retval) return retval;
get_allowed_hosts();
if (first) {
get_password();
get_allowed_hosts();
first = false;
}
retval = boinc_socket(lsock);
if (retval) {
@ -375,7 +382,6 @@ void GUI_RPC_CONN_SET::got_select(FDSET_GROUP& fg) {
int sock, retval;
vector<GUI_RPC_CONN*>::iterator iter;
GUI_RPC_CONN* gr;
bool is_local = false;
if (lsock < 0) return;
@ -405,24 +411,25 @@ void GUI_RPC_CONN_SET::got_select(FDSET_GROUP& fg) {
fcntl(sock, F_SETFD, FD_CLOEXEC);
#endif
bool allowed;
bool host_allowed;
// accept the connection if:
// 1) allow_remote_gui_rpc is set or
// 2) client host is included in "remote_hosts" file or
// 3) client is on localhost
//
if (is_localhost(addr)) {
allowed = true;
is_local = true;
if (config.allow_remote_gui_rpc) {
host_allowed = true;
} else if (is_localhost(addr)) {
host_allowed = true;
} else {
// reread host file because IP addresses might have changed
//
get_allowed_hosts();
allowed = check_allowed_list(addr);
host_allowed = check_allowed_list(addr);
}
if (!(config.allow_remote_gui_rpc) && !(allowed)) {
if (!host_allowed) {
show_connect_error(addr);
boinc_close_socket(sock);
} else {
@ -430,7 +437,7 @@ void GUI_RPC_CONN_SET::got_select(FDSET_GROUP& fg) {
if (strlen(password)) {
gr->auth_needed = true;
}
gr->is_local = is_local;
gr->is_local = is_localhost(addr);
if (log_flags.gui_rpc_debug) {
msg_printf(0, MSG_INFO,
"[gui_rpc] got new GUI RPC connection"

4
client/gui_rpc_server.h
View File

@ -89,14 +89,14 @@ public:
};
// authentication for GUI RPCs:
// 1) if a IPaddr-list file is found, accept only from those addrs
// 1) if a host-list file is found, accept only from those hosts
// 2) if a password file file is found, ALSO demand password auth
class GUI_RPC_CONN_SET {
std::vector<GUI_RPC_CONN*> gui_rpcs;
std::vector<sockaddr_storage> allowed_remote_ip_addresses;
int get_allowed_hosts();
int get_password();
void get_password();
int insert(GUI_RPC_CONN*);
bool check_allowed_list(sockaddr_storage& ip_addr);
bool remote_hosts_file_exists;

8
doc/projects.inc
View File

@ -57,6 +57,14 @@ $cogsci = array(
$biomed = array(
tra("Biology and Medicine"),
array(
array(
"RNA World",
"http://www.rnaworld.de/rnaworld/",
"Rechenkraft.net e.V.",
"Molecular biology",
"RNA World seeks to identify, analyze, structurally predict and design RNA molecules on the basis of established bioinformatics software.",
"rna4.png"
),
array(
"FightMalaria@Home",
"http://boinc.ucd.ie/fmah/",

152
lib/prefs.cpp
View File

@ -46,88 +46,86 @@ void GLOBAL_PREFS_MASK::clear() {
}
void GLOBAL_PREFS_MASK::set_all() {
run_on_batteries = true;
run_if_user_active = true;
run_gpu_if_user_active = true;
idle_time_to_run = true;
suspend_if_no_recent_input = true;
suspend_cpu_usage = 0;
start_hour = true;
end_hour = true;
net_start_hour = true;
net_end_hour = true;
leave_apps_in_memory = true;
confirm_before_connecting = true;
hangup_if_dialed = true;
dont_verify_images = true;
work_buf_min_days = true;
work_buf_additional_days = true;
max_ncpus_pct = true;
max_ncpus= true;
cpu_scheduling_period_minutes = true;
cpu_usage_limit = true;
daily_xfer_limit_mb = true;
daily_xfer_period_days = true;
disk_interval = true;
disk_max_used_gb = true;
disk_max_used_pct = true;
disk_min_free_gb = true;
vm_max_used_frac = true;
dont_verify_images = true;
end_hour = true;
hangup_if_dialed = true;
idle_time_to_run = true;
leave_apps_in_memory = true;
max_bytes_sec_down = true;
max_bytes_sec_up = true;
max_ncpus= true;
max_ncpus_pct = true;
net_end_hour = true;
net_start_hour = true;
network_wifi_only = true;
ram_max_used_busy_frac = true;
ram_max_used_idle_frac = true;
idle_time_to_run = true;
max_bytes_sec_up = true;
max_bytes_sec_down = true;
cpu_usage_limit = true;
daily_xfer_limit_mb = true;
daily_xfer_period_days = true;
network_wifi_only = true;
run_gpu_if_user_active = true;
run_if_user_active = true;
run_on_batteries = true;
start_hour = true;
suspend_cpu_usage = 0;
suspend_if_no_recent_input = true;
vm_max_used_frac = true;
work_buf_additional_days = true;
work_buf_min_days = true;
}
bool GLOBAL_PREFS_MASK::are_prefs_set() {
if (run_on_batteries) return true;
if (run_if_user_active) return true;
if (run_gpu_if_user_active) return true;
if (idle_time_to_run) return true;
if (suspend_if_no_recent_input) return true;
if (suspend_cpu_usage) return true;
if (start_hour) return true;
if (end_hour) return true;
if (net_start_hour) return true;
if (net_end_hour) return true;
if (leave_apps_in_memory) return true;
if (confirm_before_connecting) return true;
if (hangup_if_dialed) return true;
if (dont_verify_images) return true;
if (work_buf_min_days) return true;
if (work_buf_additional_days) return true;
if (max_ncpus_pct) return true;
if (max_ncpus) return true;
if (cpu_scheduling_period_minutes) return true;
if (cpu_usage_limit) return true;
if (daily_xfer_limit_mb) return true;
if (daily_xfer_period_days) return true;
if (disk_interval) return true;
if (disk_max_used_gb) return true;
if (disk_max_used_pct) return true;
if (disk_min_free_gb) return true;
if (vm_max_used_frac) return true;
if (dont_verify_images) return true;
if (end_hour) return true;
if (hangup_if_dialed) return true;
if (idle_time_to_run) return true;
if (leave_apps_in_memory) return true;
if (max_bytes_sec_down) return true;
if (max_bytes_sec_up) return true;
if (max_ncpus) return true;
if (max_ncpus_pct) return true;
if (net_start_hour) return true;
if (network_wifi_only) return true;
if (net_end_hour) return true;
if (ram_max_used_busy_frac) return true;
if (ram_max_used_idle_frac) return true;
if (idle_time_to_run) return true;
if (max_bytes_sec_up) return true;
if (max_bytes_sec_down) return true;
if (cpu_usage_limit) return true;
if (daily_xfer_limit_mb) return true;
if (daily_xfer_period_days) return true;
if (network_wifi_only) return true;
if (run_gpu_if_user_active) return true;
if (run_if_user_active) return true;
if (run_on_batteries) return true;
if (start_hour) return true;
if (suspend_if_no_recent_input) return true;
if (suspend_cpu_usage) return true;
if (vm_max_used_frac) return true;
if (work_buf_additional_days) return true;
if (work_buf_min_days) return true;
return false;
}
bool GLOBAL_PREFS_MASK::are_simple_prefs_set() {
if (start_hour) return true;
if (end_hour) return true;
if (cpu_usage_limit) return true;
if (disk_max_used_gb) return true;
if (idle_time_to_run) return true;
if (net_start_hour) return true;
if (net_end_hour) return true;
if (disk_max_used_gb) return true;
if (cpu_usage_limit) return true;
if (run_on_batteries) return true;
if (run_if_user_active) return true;
if (idle_time_to_run) return true;
if (start_hour) return true;
return false;
}
@ -207,36 +205,38 @@ void WEEK_PREFS::unset(int day) {
// so that the client can do the RPC and get the global prefs from the server
//
void GLOBAL_PREFS::defaults() {
run_on_batteries = true;
run_if_user_active = true;
run_gpu_if_user_active = false;
idle_time_to_run = 3;
suspend_if_no_recent_input = 0;
suspend_cpu_usage = 25;
cpu_times.clear();
net_times.clear();
leave_apps_in_memory = false;
confirm_before_connecting = true;
hangup_if_dialed = false;
dont_verify_images = false;
work_buf_min_days = 0.1;
work_buf_additional_days = 0.5;
max_ncpus_pct = 0;
max_ncpus = 0;
cpu_scheduling_period_minutes = 60;
cpu_times.clear();
cpu_usage_limit = 100;
daily_xfer_limit_mb = 0;
daily_xfer_period_days = 0;
disk_interval = 60;
disk_max_used_gb = 1000;
disk_max_used_pct = 90;
disk_min_free_gb = 0.1;
vm_max_used_frac = 0.75;
dont_verify_images = false;
end_hour = 0;
hangup_if_dialed = false;
idle_time_to_run = 3;
leave_apps_in_memory = false;
max_bytes_sec_down = 0;
max_bytes_sec_up = 0;
max_ncpus = 0;
max_ncpus_pct = 0;
net_times.clear();
network_wifi_only = false;
ram_max_used_busy_frac = 0.5;
ram_max_used_idle_frac = 0.9;
max_bytes_sec_up = 0;
max_bytes_sec_down = 0;
cpu_usage_limit = 100;
daily_xfer_limit_mb = 0;
daily_xfer_period_days = 0;
network_wifi_only = false;
run_gpu_if_user_active = false;
run_if_user_active = true;
run_on_batteries = true;
start_hour = 0;
suspend_cpu_usage = 25;
suspend_if_no_recent_input = 0;
vm_max_used_frac = 0.75;
work_buf_additional_days = 0.5;
work_buf_min_days = 0.1;
// don't initialize source_project, source_scheduler,
// mod_time, host_specific here