client: allow an empty GUI RPC password, but generate alert message

boinccmd: show alert messages after attach RPCs PR #3709 disallowed empty GUI RPC password files. This increased security on shared machines. But it meant that on Linux, after installing BOINC as a package, the user had to locate and change the protection and/or the ownership of the password file, which is undesirable. This change allows empty password files but tells the user that they should think about the security implications. With the Manager this is delivered as a notice. With boinccmd the message is written to stderr after an attach operation.
2020-10-27 19:21:49 -07:00 · 2020-10-27 19:21:49 -07:00 · 86d0e9fbd1
parent 2ffd661925
commit 86d0e9fbd1
2 changed files with 34 additions and 9 deletions
--- a/client/boinc_cmd.cpp
+++ b/client/boinc_cmd.cpp
@ -163,6 +163,30 @@ void acct_mgr_do_rpc(
    }
 }

+// Get messages from client, and show any that are USER_ALERT priority.
+// Intended use: show user that GUI RPCs are not password-protected.
+// For now, do this after attach to project or AM
+//
+void show_alerts(RPC_CLIENT &rpc) {
+    MESSAGES messages;
+    int retval = rpc.get_messages(0, messages);
+    if (retval) {
+        fprintf(stderr, "Can't get alerts from client: %s\n",
+            boincerror(retval)
+        );
+        return;
+    }
+    for (unsigned int j=0; j<messages.messages.size(); j++) {
+        MESSAGE& md = *messages.messages[j];
+        if (md.priority != MSG_USER_ALERT) continue;
+        if (!md.project.empty()) continue;
+        strip_whitespace(md.body);
+        fprintf(stderr, "\nAlert from client: %s\n",
+            md.body.c_str()
+        );
+    }
+}
+
 int main(int argc, char** argv) {
    RPC_CLIENT rpc;
    int i, retval, port=0;
@ -382,6 +406,7 @@ int main(int argc, char** argv) {
        canonicalize_master_url(url, sizeof(url));
        char* auth = next_arg(argc, argv, i);
        retval = rpc.project_attach(url, auth, "");
+        show_alerts(rpc);
    } else if (!strcmp(cmd, "--file_transfer")) {
        FILE_TRANSFER ft;

@ -529,6 +554,7 @@ int main(int argc, char** argv) {
            char* am_name = next_arg(argc, argv, i);
            char* am_passwd = next_arg(argc, argv, i);
            acct_mgr_do_rpc(rpc, am_url, am_name, am_passwd);
+            show_alerts(rpc);
        } else if (!strcmp(op, "info")) {
            ACCT_MGR_INFO ami;
            retval = rpc.acct_mgr_info(ami);
--- a/client/gui_rpc_server.cpp
+++ b/client/gui_rpc_server.cpp
@ -120,7 +120,7 @@ bool GUI_RPC_CONN_SET::recent_rpc_needs_network(double interval) {
 }

 // read the GUI RPC password from gui_rpc_auth.cfg;
-// create one if missing or empty.
+// create one if missing
 //
 void GUI_RPC_CONN_SET::get_password() {
    int retval;
@ -132,16 +132,15 @@ void GUI_RPC_CONN_SET::get_password() {
            strip_whitespace(password);
        }
        fclose(f);
-        if (strlen(password)) {
-            return;
-        }

-        // File is empty; don't allow this.
-        // Fall through and create a password.
+        // if password is empty, allow it but issue a warning
        //
-        msg_printf(NULL, MSG_INFO,
-            "%s is empty - assigning new GUI RPC password", GUI_RPC_PASSWD_FILE
-        );
+        if (!strlen(password)) {
+            msg_printf(NULL, MSG_USER_ALERT,
+                "Warning: GUI RPC password is empty.  BOINC can be controlled by any user on this computer.  See https://boinc.berkeley.edu/gui_rpc_passwd.php for more information."
+            );
+        }
+        return;
    }

    // make a random password