- client: disable remote access if

- gui_rpc_auth.cfg is empty, or
    - it doesn't exist and we can't open it for writing, or
    - the write to it fails
This commit is contained in:
David Anderson 2012-12-29 13:55:42 -08:00 committed by Oliver Bock
parent e393203ff7
commit 5e434214af
2 changed files with 42 additions and 16 deletions

View File

@ -7972,3 +7972,12 @@ David 29 Dec 2012
api/ api/
boinc_api.cpp boinc_api.cpp
David 29 Dec 2012
- client: disable remote access if
- gui_rpc_auth.cfg is empty, or
- it doesn't exist and we can't open it for writing, or
- the write to it fails
client/
gui_rpc_server.cpp

View File

@ -122,6 +122,12 @@ int GUI_RPC_CONN_SET::get_password() {
strip_whitespace(password); strip_whitespace(password);
} }
fclose(f); fclose(f);
if (strlen(password) == 0) {
msg_printf(NULL, MSG_USER_ALERT,
"gui_rpc_auth.cfg is empty; disabling remote access"
);
return ERR_BAD_PASSWD;
}
} else { } else {
// if no password file, make a random password // if no password file, make a random password
// //
@ -137,9 +143,20 @@ int GUI_RPC_CONN_SET::get_password() {
gstate.host_info.make_random_string("guirpc", password); gstate.host_info.make_random_string("guirpc", password);
} }
f = fopen(GUI_RPC_PASSWD_FILE, "w"); f = fopen(GUI_RPC_PASSWD_FILE, "w");
if (f) { if (!f) {
fputs(password, f); msg_printf(NULL, MSG_USER_ALERT,
"Can't open gui_rpc_auth.cfg; disabling remote access"
);
return ERR_BAD_PASSWD;
}
retval = fputs(password, f);
fclose(f); fclose(f);
if (retval == EOF) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't write gui_rpc_auth.cfg; disabling remote access"
);
return ERR_BAD_PASSWD;
}
#ifndef _WIN32 #ifndef _WIN32
// if someone can read the password, // if someone can read the password,
// they can cause code to execute as this user. // they can cause code to execute as this user.
@ -153,7 +170,6 @@ int GUI_RPC_CONN_SET::get_password() {
} }
#endif #endif
} }
}
return 0; return 0;
} }
@ -213,7 +229,8 @@ int GUI_RPC_CONN_SET::init(bool last_time) {
sockaddr_in addr; sockaddr_in addr;
int retval; int retval;
get_password(); retval = get_password();
if (retval) return retval;
get_allowed_hosts(); get_allowed_hosts();
retval = boinc_socket(lsock); retval = boinc_socket(lsock);