Rooba
/
boinc
mirror of https://github.com/BOINC/boinc.git
1
0
Fork 0
Code Issues 1 Packages Projects Releases Wiki Activity

*** empty log message *** 

svn path=/trunk/boinc/; revision=9064
This commit is contained in:
David Anderson 2005-12-14 01:44:11 +00:00
parent d0df76e6aa
commit bcb5d07cb8
5 changed files with 37 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
checkin_notes
View File

@ -14424,3 +14424,12 @@ David 13 Dec 2005
en.po en.po
lib/ lib/
gui_rpc_client.h gui_rpc_client.h
David 13 Dec 2005
- Core client: the account manager password is now
stored and communicated in a hashed form
(hashed with the lower-cased account name)
client/
acct_mgr.C,h
gui_rpc_server_ops.C

22
client/acct_mgr.C
View File

@ -39,7 +39,7 @@
static const char *run_mode_name[] = {"", "always", "auto", "never"}; static const char *run_mode_name[] = {"", "always", "auto", "never"};
int ACCT_MGR_OP::do_rpc( int ACCT_MGR_OP::do_rpc(
std::string url, std::string name, std::string password std::string url, std::string name, std::string password_hash
) { ) {
int retval; int retval;
unsigned int i; unsigned int i;
@ -66,18 +66,18 @@ int ACCT_MGR_OP::do_rpc(
strcpy(ami.acct_mgr_url, url.c_str()); strcpy(ami.acct_mgr_url, url.c_str());
strcpy(ami.acct_mgr_name, ""); strcpy(ami.acct_mgr_name, "");
strcpy(ami.login_name, name.c_str()); strcpy(ami.login_name, name.c_str());
strcpy(ami.password, password.c_str()); strcpy(ami.password_hash, password_hash.c_str());
FILE* f = boinc_fopen(ACCT_MGR_REQUEST_FILENAME, "w"); FILE* f = boinc_fopen(ACCT_MGR_REQUEST_FILENAME, "w");
if (!f) return ERR_FOPEN; if (!f) return ERR_FOPEN;
fprintf(f, fprintf(f,
"<acct_mgr_request>\n" "<acct_mgr_request>\n"
" <name>%s</name>\n" " <name>%s</name>\n"
" <password>%s</password>\n" " <password_hash>%s</password_hash>\n"
" <host_cpid>%s</host_cpid>\n" " <host_cpid>%s</host_cpid>\n"
" <client_version>%d.%d.%d</client_version>\n" " <client_version>%d.%d.%d</client_version>\n"
" <run_mode>%s</run_mode>\n", " <run_mode>%s</run_mode>\n",
name.c_str(), password.c_str(), name.c_str(), password_hash.c_str(),
gstate.host_info.host_cpid, gstate.host_info.host_cpid,
gstate.core_client_major_version, gstate.core_client_major_version,
gstate.core_client_minor_version, gstate.core_client_minor_version,
@ -92,10 +92,12 @@ int ACCT_MGR_OP::do_rpc(
" <url>%s</url>\n" " <url>%s</url>\n"
" <project_name>%s</project_name>\n" " <project_name>%s</project_name>\n"
" <suspended_via_gui>%d</suspended_via_gui>\n" " <suspended_via_gui>%d</suspended_via_gui>\n"
" <account_key>%s</account_key>\n"
" </project>\n", " </project>\n",
p->master_url, p->master_url,
p->project_name, p->project_name,
p->suspended_via_gui p->suspended_via_gui,
p->authenticator
); );
} }
} }
@ -238,11 +240,11 @@ int ACCT_MGR_INFO::write_info() {
p, p,
"<acct_mgr_login>\n" "<acct_mgr_login>\n"
" <login>%s</login>\n" " <login>%s</login>\n"
" <password>%s</password>\n" " <password_hash>%s</password_hash>\n"
" <next_rpc_time>%f</next_rpc_time>\n" " <next_rpc_time>%f</next_rpc_time>\n"
"</acct_mgr_login>\n", "</acct_mgr_login>\n",
login_name, login_name,
password, password_hash,
next_rpc_time next_rpc_time
); );
fclose(p); fclose(p);
@ -255,7 +257,7 @@ void ACCT_MGR_INFO::clear() {
strcpy(acct_mgr_name, ""); strcpy(acct_mgr_name, "");
strcpy(acct_mgr_url, ""); strcpy(acct_mgr_url, "");
strcpy(login_name, ""); strcpy(login_name, "");
strcpy(password, ""); strcpy(password_hash, "");
next_rpc_time = 0; next_rpc_time = 0;
} }
@ -288,7 +290,7 @@ int ACCT_MGR_INFO::init() {
while(mf.fgets(buf, sizeof(buf))) { while(mf.fgets(buf, sizeof(buf))) {
if (match_tag(buf, "</acct_mgr_login>")) break; if (match_tag(buf, "</acct_mgr_login>")) break;
else if (parse_str(buf, "<login>", login_name, 256)) continue; else if (parse_str(buf, "<login>", login_name, 256)) continue;
else if (parse_str(buf, "<password>", password, 256)) continue; else if (parse_str(buf, "<password_hash>", password_hash, 256)) continue;
else if (parse_double(buf, "<next_rpc_time>", next_rpc_time)) continue; else if (parse_double(buf, "<next_rpc_time>", next_rpc_time)) continue;
} }
fclose(p); fclose(p);
@ -300,7 +302,7 @@ bool ACCT_MGR_INFO::poll() {
if (gstate.acct_mgr_op.error_num == ERR_IN_PROGRESS) return false; if (gstate.acct_mgr_op.error_num == ERR_IN_PROGRESS) return false;
if (gstate.now > next_rpc_time) { if (gstate.now > next_rpc_time) {
next_rpc_time = gstate.now + 86400; next_rpc_time = gstate.now + 86400;
gstate.acct_mgr_op.do_rpc(acct_mgr_url, login_name, password); gstate.acct_mgr_op.do_rpc(acct_mgr_url, login_name, password_hash);
return true; return true;
} }
return false; return false;

3
client/acct_mgr.h
View File

@ -35,7 +35,8 @@ struct ACCT_MGR_INFO {
char acct_mgr_name[256]; char acct_mgr_name[256];
char acct_mgr_url[256]; char acct_mgr_url[256];
char login_name[256]; char login_name[256];
char password[256]; char password_hash[256];
// md5 of password.lowercase(login_name)
double next_rpc_time; double next_rpc_time;
ACCT_MGR_INFO(); ACCT_MGR_INFO();

10
client/gui_rpc_server_ops.C
View File

@ -701,25 +701,31 @@ static void handle_project_attach_poll(char*, MIOFILE& fout) {
static void handle_acct_mgr_rpc(char* buf, MIOFILE& fout) { static void handle_acct_mgr_rpc(char* buf, MIOFILE& fout) {
std::string url, name, password; std::string url, name, password;
std::string password_hash, name_lc;
bool use_config_file = false; bool use_config_file = false;
bool bad_arg = false; bool bad_arg = false;
if (!parse_bool(buf, "use_config_file", use_config_file)) { if (!parse_bool(buf, "use_config_file", use_config_file)) {
if (!parse_str(buf, "<url>", url)) bad_arg = true; if (!parse_str(buf, "<url>", url)) bad_arg = true;
if (!parse_str(buf, "<name>", name)) bad_arg = true; if (!parse_str(buf, "<name>", name)) bad_arg = true;
if (!parse_str(buf, "<password>", password)) bad_arg = true; if (!parse_str(buf, "<password>", password)) bad_arg = true;
if (!bad_arg) {
name_lc = name;
downcase_string(name_lc);
password_hash = md5_string(password+name_lc);
}
} else { } else {
if (!strlen(gstate.acct_mgr_info.acct_mgr_url) || !strlen(gstate.acct_mgr_info.acct_mgr_url) || !strlen(gstate.acct_mgr_info.acct_mgr_url)) { if (!strlen(gstate.acct_mgr_info.acct_mgr_url) || !strlen(gstate.acct_mgr_info.acct_mgr_url) || !strlen(gstate.acct_mgr_info.acct_mgr_url)) {
bad_arg = true; bad_arg = true;
} else { } else {
url = gstate.acct_mgr_info.acct_mgr_url; url = gstate.acct_mgr_info.acct_mgr_url;
name = gstate.acct_mgr_info.login_name; name = gstate.acct_mgr_info.login_name;
password = gstate.acct_mgr_info.password; password_hash = gstate.acct_mgr_info.password_hash;
} }
} }
if (bad_arg) { if (bad_arg) {
fout.printf("<error>bad arg</error>\n"); fout.printf("<error>bad arg</error>\n");
} else { } else {
gstate.acct_mgr_op.do_rpc(url, name, password); gstate.acct_mgr_op.do_rpc(url, name, password_hash);
fout.printf("<success/>\n"); fout.printf("<success/>\n");
} }
} }

8
doc/acct_mgt.php
View File

@ -92,10 +92,13 @@ Its format is:
".html_text(" ".html_text("
<acct_mgr_login> <acct_mgr_login>
<login>name</login> <login>name</login>
<password>xxx</password> <password_hash>xxx</password_hash>
</acct_mgr_login> </acct_mgr_login>
")." ")."
</dl> </dl>
<p>
The password is stored as MD5(password_lowercase(login)).
<p>
If the core client finds acct_mgr_url.xml but not acct_mgr_login.xml, If the core client finds acct_mgr_url.xml but not acct_mgr_login.xml,
it prompts for a name and password, it prompts for a name and password,
stores them in acct_mgr_login.xml, stores them in acct_mgr_login.xml,
@ -115,7 +118,7 @@ list_item("URL", "<b>BASE_URL/rpc.php</b>, where BASE_URL is the URL
list_item("input", html_text(" list_item("input", html_text("
<acct_mgr_request> <acct_mgr_request>
<name>John</name> <name>John</name>
<password>xxx</password> <password_hash>xxx</password_hash>
<host_cpid>b11ddc5f36c9a86ff093c96e6930646a</host_cpid> <host_cpid>b11ddc5f36c9a86ff093c96e6930646a</host_cpid>
<client_version>5.3.2</client_version> <client_version>5.3.2</client_version>
<run_mode>auto</run_mode> <run_mode>auto</run_mode>
@ -145,6 +148,7 @@ list_item("output",
); );
list_item("action", list_item("action",
"Returns a list of the accounts associated with this meta-account. "Returns a list of the accounts associated with this meta-account.
The password is passed as MD5(password_lowercase(name)).
The 'host_cpid' argument identifies the host. The 'host_cpid' argument identifies the host.
To make it comparable with the host CPID in stats files, To make it comparable with the host CPID in stats files,
the value MD5(host_cpid+email_addr) is passed. the value MD5(host_cpid+email_addr) is passed.