- client: get BOINCView to work again;

allow one auth failure before closing connection.

svn path=/trunk/boinc/; revision=15942
This commit is contained in:
David Anderson 2008-08-26 20:49:54 +00:00
parent fa9f71143f
commit 63b49cd290
4 changed files with 42 additions and 9 deletions

View File

@ -7076,3 +7076,11 @@ Rom 26 Aug 2008
libcudart64.so libcudart64.so
sea/ sea/
Makefile.am Makefile.am
David 26 Aug 2008
- client: get BOINCView to work again;
allow one auth failure before closing connection.
client/
gui_rpc_server.C,h
gui_rpc_server_ops.C

View File

@ -66,6 +66,7 @@ GUI_RPC_CONN::GUI_RPC_CONN(int s):
au_mgr_state = AU_MGR_INIT; au_mgr_state = AU_MGR_INIT;
got_auth1 = false; got_auth1 = false;
got_auth2 = false; got_auth2 = false;
sent_unauthorized = false;
} }
GUI_RPC_CONN::~GUI_RPC_CONN() { GUI_RPC_CONN::~GUI_RPC_CONN() {
@ -395,6 +396,11 @@ void GUI_RPC_CONN_SET::got_select(FDSET_GROUP& fg) {
gr->auth_needed = true; gr->auth_needed = true;
} }
gr->is_local = is_local; gr->is_local = is_local;
if (log_flags.guirpc_debug) {
msg_printf(0, MSG_INFO,
"[guirpc_debug] got new GUI RPC connection"
);
}
insert(gr); insert(gr);
} }
} }

View File

@ -44,6 +44,9 @@ public:
bool got_auth2; bool got_auth2;
// keep track of whether we've got the 2 authentication msgs; // keep track of whether we've got the 2 authentication msgs;
// don't accept more than one of each (to prevent DoS) // don't accept more than one of each (to prevent DoS)
bool sent_unauthorized;
// we've send one <unauthorized>.
// On next auth failure, disconnect
bool is_local; bool is_local;
// connection is from local host // connection is from local host
int au_ss_state; int au_ss_state;

View File

@ -1011,18 +1011,31 @@ int GUI_RPC_CONN::handle_rpc() {
); );
} }
// Policy:
// - the first auth failure gets an error message; after that, disconnect
// - if we get an unexpected auth1 or auth2, disconnect
mf.printf("<boinc_gui_rpc_reply>\n"); mf.printf("<boinc_gui_rpc_reply>\n");
if (match_tag(request_msg, "<auth1")) { if (match_tag(request_msg, "<auth1")) {
if (got_auth1 && auth_needed) return ERR_AUTHENTICATOR; if (got_auth1 && auth_needed) {
handle_auth1(mf); retval = ERR_AUTHENTICATOR;
got_auth1 = true; } else {
handle_auth1(mf);
got_auth1 = true;
}
} else if (match_tag(request_msg, "<auth2")) { } else if (match_tag(request_msg, "<auth2")) {
if (!got_auth1 || got_auth2 && auth_needed) return ERR_AUTHENTICATOR; if ((!got_auth1 || got_auth2) && auth_needed) {
retval = handle_auth2(request_msg, mf); retval = ERR_AUTHENTICATOR;
got_auth2 = true; } else {
retval = handle_auth2(request_msg, mf);
got_auth2 = true;
}
} else if (auth_needed && !is_local) { } else if (auth_needed && !is_local) {
auth_failure(mf); auth_failure(mf);
retval = ERR_AUTHENTICATOR; if (sent_unauthorized) {
retval = ERR_AUTHENTICATOR;
}
sent_unauthorized = true;
// operations that require authentication only for non-local clients start here. // operations that require authentication only for non-local clients start here.
// Use this only for information that should be available to people // Use this only for information that should be available to people
@ -1064,7 +1077,10 @@ int GUI_RPC_CONN::handle_rpc() {
} else if (auth_needed) { } else if (auth_needed) {
auth_failure(mf); auth_failure(mf);
retval = ERR_AUTHENTICATOR; if (sent_unauthorized) {
retval = ERR_AUTHENTICATOR;
}
sent_unauthorized = true;
} else if (match_tag(request_msg, "<project_nomorework")) { } else if (match_tag(request_msg, "<project_nomorework")) {
handle_project_op(request_msg, mf, "nomorework"); handle_project_op(request_msg, mf, "nomorework");
} else if (match_tag(request_msg, "<project_allowmorework")) { } else if (match_tag(request_msg, "<project_allowmorework")) {
@ -1172,7 +1188,7 @@ int GUI_RPC_CONN::handle_rpc() {
// AUTHENTICATION AND NETWORK REQUIREMENTS FIRST // AUTHENTICATION AND NETWORK REQUIREMENTS FIRST
} else { } else {
mf.printf("<error>unrecognized op</error>\n"); mf.printf("<error>unrecognized op: %s</error>\n", request_msg);
gstate.gui_rpcs.time_of_last_rpc_needing_network = saved_time; gstate.gui_rpcs.time_of_last_rpc_needing_network = saved_time;
} }
} }