From 5e434214afe25796b884d66a87e684157c9c793a Mon Sep 17 00:00:00 2001 From: David Anderson Date: Sat, 29 Dec 2012 13:55:42 -0800 Subject: [PATCH] - client: disable remote access if - gui_rpc_auth.cfg is empty, or - it doesn't exist and we can't open it for writing, or - the write to it fails --- checkin_notes | 9 +++++++ client/gui_rpc_server.cpp | 49 ++++++++++++++++++++++++++------------- 2 files changed, 42 insertions(+), 16 deletions(-) diff --git a/checkin_notes b/checkin_notes index df8cdc5d30..ca5656e584 100644 --- a/checkin_notes +++ b/checkin_notes @@ -7972,3 +7972,12 @@ David 29 Dec 2012 api/ boinc_api.cpp + +David 29 Dec 2012 + - client: disable remote access if + - gui_rpc_auth.cfg is empty, or + - it doesn't exist and we can't open it for writing, or + - the write to it fails + + client/ + gui_rpc_server.cpp diff --git a/client/gui_rpc_server.cpp b/client/gui_rpc_server.cpp index 4174d9dfd1..fe9204f846 100644 --- a/client/gui_rpc_server.cpp +++ b/client/gui_rpc_server.cpp @@ -122,6 +122,12 @@ int GUI_RPC_CONN_SET::get_password() { strip_whitespace(password); } fclose(f); + if (strlen(password) == 0) { + msg_printf(NULL, MSG_USER_ALERT, + "gui_rpc_auth.cfg is empty; disabling remote access" + ); + return ERR_BAD_PASSWD; + } } else { // if no password file, make a random password // @@ -137,22 +143,32 @@ int GUI_RPC_CONN_SET::get_password() { gstate.host_info.make_random_string("guirpc", password); } f = fopen(GUI_RPC_PASSWD_FILE, "w"); - if (f) { - fputs(password, f); - fclose(f); -#ifndef _WIN32 - // if someone can read the password, - // they can cause code to execute as this user. - // So better protect it. - // - if (g_use_sandbox) { - // Allow group access so authorized administrator can modify it - chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP); - } else { - chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR); - } -#endif + if (!f) { + msg_printf(NULL, MSG_USER_ALERT, + "Can't open gui_rpc_auth.cfg; disabling remote access" + ); + return ERR_BAD_PASSWD; } + retval = fputs(password, f); + fclose(f); + if (retval == EOF) { + msg_printf(NULL, MSG_USER_ALERT, + "Can't write gui_rpc_auth.cfg; disabling remote access" + ); + return ERR_BAD_PASSWD; + } +#ifndef _WIN32 + // if someone can read the password, + // they can cause code to execute as this user. + // So better protect it. + // + if (g_use_sandbox) { + // Allow group access so authorized administrator can modify it + chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP); + } else { + chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR); + } +#endif } return 0; } @@ -213,7 +229,8 @@ int GUI_RPC_CONN_SET::init(bool last_time) { sockaddr_in addr; int retval; - get_password(); + retval = get_password(); + if (retval) return retval; get_allowed_hosts(); retval = boinc_socket(lsock);