mirror of https://github.com/BOINC/boinc.git
client: allow an empty GUI RPC password, but generate alert message
boinccmd: show alert messages after attach RPCs PR #3709 disallowed empty GUI RPC password files. This increased security on shared machines. But it meant that on Linux, after installing BOINC as a package, the user had to locate and change the protection and/or the ownership of the password file, which is undesirable. This change allows empty password files but tells the user that they should think about the security implications. With the Manager this is delivered as a notice. With boinccmd the message is written to stderr after an attach operation.
This commit is contained in:
parent
2ffd661925
commit
86d0e9fbd1
|
@ -163,6 +163,30 @@ void acct_mgr_do_rpc(
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Get messages from client, and show any that are USER_ALERT priority.
|
||||||
|
// Intended use: show user that GUI RPCs are not password-protected.
|
||||||
|
// For now, do this after attach to project or AM
|
||||||
|
//
|
||||||
|
void show_alerts(RPC_CLIENT &rpc) {
|
||||||
|
MESSAGES messages;
|
||||||
|
int retval = rpc.get_messages(0, messages);
|
||||||
|
if (retval) {
|
||||||
|
fprintf(stderr, "Can't get alerts from client: %s\n",
|
||||||
|
boincerror(retval)
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
for (unsigned int j=0; j<messages.messages.size(); j++) {
|
||||||
|
MESSAGE& md = *messages.messages[j];
|
||||||
|
if (md.priority != MSG_USER_ALERT) continue;
|
||||||
|
if (!md.project.empty()) continue;
|
||||||
|
strip_whitespace(md.body);
|
||||||
|
fprintf(stderr, "\nAlert from client: %s\n",
|
||||||
|
md.body.c_str()
|
||||||
|
);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char** argv) {
|
int main(int argc, char** argv) {
|
||||||
RPC_CLIENT rpc;
|
RPC_CLIENT rpc;
|
||||||
int i, retval, port=0;
|
int i, retval, port=0;
|
||||||
|
@ -382,6 +406,7 @@ int main(int argc, char** argv) {
|
||||||
canonicalize_master_url(url, sizeof(url));
|
canonicalize_master_url(url, sizeof(url));
|
||||||
char* auth = next_arg(argc, argv, i);
|
char* auth = next_arg(argc, argv, i);
|
||||||
retval = rpc.project_attach(url, auth, "");
|
retval = rpc.project_attach(url, auth, "");
|
||||||
|
show_alerts(rpc);
|
||||||
} else if (!strcmp(cmd, "--file_transfer")) {
|
} else if (!strcmp(cmd, "--file_transfer")) {
|
||||||
FILE_TRANSFER ft;
|
FILE_TRANSFER ft;
|
||||||
|
|
||||||
|
@ -529,6 +554,7 @@ int main(int argc, char** argv) {
|
||||||
char* am_name = next_arg(argc, argv, i);
|
char* am_name = next_arg(argc, argv, i);
|
||||||
char* am_passwd = next_arg(argc, argv, i);
|
char* am_passwd = next_arg(argc, argv, i);
|
||||||
acct_mgr_do_rpc(rpc, am_url, am_name, am_passwd);
|
acct_mgr_do_rpc(rpc, am_url, am_name, am_passwd);
|
||||||
|
show_alerts(rpc);
|
||||||
} else if (!strcmp(op, "info")) {
|
} else if (!strcmp(op, "info")) {
|
||||||
ACCT_MGR_INFO ami;
|
ACCT_MGR_INFO ami;
|
||||||
retval = rpc.acct_mgr_info(ami);
|
retval = rpc.acct_mgr_info(ami);
|
||||||
|
|
|
@ -120,7 +120,7 @@ bool GUI_RPC_CONN_SET::recent_rpc_needs_network(double interval) {
|
||||||
}
|
}
|
||||||
|
|
||||||
// read the GUI RPC password from gui_rpc_auth.cfg;
|
// read the GUI RPC password from gui_rpc_auth.cfg;
|
||||||
// create one if missing or empty.
|
// create one if missing
|
||||||
//
|
//
|
||||||
void GUI_RPC_CONN_SET::get_password() {
|
void GUI_RPC_CONN_SET::get_password() {
|
||||||
int retval;
|
int retval;
|
||||||
|
@ -132,17 +132,16 @@ void GUI_RPC_CONN_SET::get_password() {
|
||||||
strip_whitespace(password);
|
strip_whitespace(password);
|
||||||
}
|
}
|
||||||
fclose(f);
|
fclose(f);
|
||||||
if (strlen(password)) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
// File is empty; don't allow this.
|
// if password is empty, allow it but issue a warning
|
||||||
// Fall through and create a password.
|
|
||||||
//
|
//
|
||||||
msg_printf(NULL, MSG_INFO,
|
if (!strlen(password)) {
|
||||||
"%s is empty - assigning new GUI RPC password", GUI_RPC_PASSWD_FILE
|
msg_printf(NULL, MSG_USER_ALERT,
|
||||||
|
"Warning: GUI RPC password is empty. BOINC can be controlled by any user on this computer. See https://boinc.berkeley.edu/gui_rpc_passwd.php for more information."
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// make a random password
|
// make a random password
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in New Issue