- client: disable remote access if

- gui_rpc_auth.cfg is empty, or
    - it doesn't exist and we can't open it for writing, or
    - the write to it fails
This commit is contained in:
David Anderson 2012-12-29 13:55:42 -08:00 committed by Oliver Bock
parent e393203ff7
commit 5e434214af
2 changed files with 42 additions and 16 deletions

View File

@ -7972,3 +7972,12 @@ David 29 Dec 2012
api/ api/
boinc_api.cpp boinc_api.cpp
David 29 Dec 2012
- client: disable remote access if
- gui_rpc_auth.cfg is empty, or
- it doesn't exist and we can't open it for writing, or
- the write to it fails
client/
gui_rpc_server.cpp

View File

@ -122,6 +122,12 @@ int GUI_RPC_CONN_SET::get_password() {
strip_whitespace(password); strip_whitespace(password);
} }
fclose(f); fclose(f);
if (strlen(password) == 0) {
msg_printf(NULL, MSG_USER_ALERT,
"gui_rpc_auth.cfg is empty; disabling remote access"
);
return ERR_BAD_PASSWD;
}
} else { } else {
// if no password file, make a random password // if no password file, make a random password
// //
@ -137,22 +143,32 @@ int GUI_RPC_CONN_SET::get_password() {
gstate.host_info.make_random_string("guirpc", password); gstate.host_info.make_random_string("guirpc", password);
} }
f = fopen(GUI_RPC_PASSWD_FILE, "w"); f = fopen(GUI_RPC_PASSWD_FILE, "w");
if (f) { if (!f) {
fputs(password, f); msg_printf(NULL, MSG_USER_ALERT,
fclose(f); "Can't open gui_rpc_auth.cfg; disabling remote access"
#ifndef _WIN32 );
// if someone can read the password, return ERR_BAD_PASSWD;
// they can cause code to execute as this user.
// So better protect it.
//
if (g_use_sandbox) {
// Allow group access so authorized administrator can modify it
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP);
} else {
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR);
}
#endif
} }
retval = fputs(password, f);
fclose(f);
if (retval == EOF) {
msg_printf(NULL, MSG_USER_ALERT,
"Can't write gui_rpc_auth.cfg; disabling remote access"
);
return ERR_BAD_PASSWD;
}
#ifndef _WIN32
// if someone can read the password,
// they can cause code to execute as this user.
// So better protect it.
//
if (g_use_sandbox) {
// Allow group access so authorized administrator can modify it
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR | S_IRGRP | S_IWGRP);
} else {
chmod(GUI_RPC_PASSWD_FILE, S_IRUSR|S_IWUSR);
}
#endif
} }
return 0; return 0;
} }
@ -213,7 +229,8 @@ int GUI_RPC_CONN_SET::init(bool last_time) {
sockaddr_in addr; sockaddr_in addr;
int retval; int retval;
get_password(); retval = get_password();
if (retval) return retval;
get_allowed_hosts(); get_allowed_hosts();
retval = boinc_socket(lsock); retval = boinc_socket(lsock);