loolwsd/FileServer.hpp | 14 ++++++++++----
loolwsd/LOOLWSD.cpp | 29 +++++++++++++++++++++++++++--
loolwsd/LOOLWSD.hpp | 2 +-
3 files changed, 38 insertions(+), 7 deletions(-)
New commits:
commit 1f88aede00b2b5a48e91d3cc652cb0a9ea0770ab
Author: Ashod Nakashian <ashod.nakash...@collabora.co.uk>
Date: Wed Apr 6 23:36:54 2016 -0400
loolwsd: Admin Console credentials passed on the command line
A new command-line argument, admincreds, must be provided
to set the Admin Console credentials.
The new command-line argument specifies the username
and password in the following format: username/password
If not provided, Admin Console is disabled for security
reasons. A warning is emitted at startup and an error
on every invocation of Admin Console is logged when
no credentials are defined.
Change-Id: I348623949fd0b292f5066e4955759c708204540f
Reviewed-on: https://gerrit.libreoffice.org/23878
Reviewed-by: Ashod Nakashian <ashnak...@gmail.com>
Tested-by: Ashod Nakashian <ashnak...@gmail.com>
diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp
index 52d4429..2dbbc4c 100644
--- a/loolwsd/FileServer.hpp
+++ b/loolwsd/FileServer.hpp
@@ -72,11 +72,17 @@ public:
Log::info("Invalid JWT token, let the administrator re-login");
}
- HTTPBasicCredentials credentials(request);
+ const auto user =
Application::instance().config().getString("admin_console_username", "");
+ const auto pass =
Application::instance().config().getString("admin_console_password", "");
+ if (user.empty() || pass.empty())
+ {
+ Log::error("Admin Console credentials missing. Denying access
until set.");
+ return false;
+ }
- // TODO: Read username and password from config file
- if (credentials.getUsername() == "admin"
- && credentials.getPassword() == "admin")
+ HTTPBasicCredentials credentials(request);
+ if (credentials.getUsername() == user &&
+ credentials.getPassword() == pass)
{
const std::string htmlMimeType = "text/html";
// generate and set the cookie
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index ef4775c..78b3915 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -963,6 +963,7 @@ std::string LOOLWSD::LoTemplate;
std::string LOOLWSD::ChildRoot;
std::string LOOLWSD::LoSubPath = "lo";
std::string LOOLWSD::FileServerRoot;
+std::string LOOLWSD::AdminCreds;
int LOOLWSD::NumPreSpawnedChildren = 10;
bool LOOLWSD::DoTest = false;
@@ -977,13 +978,25 @@ LOOLWSD::~LOOLWSD()
void LOOLWSD::initialize(Application& self)
{
- // load default configuration files, if present
+ // Load default configuration files, if present.
if (loadConfiguration() == 0)
{
- std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml";
+ // Fallback to the default path.
+ const std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml";
loadConfiguration(configPath);
}
+ if (!AdminCreds.empty())
+ {
+ // Set the Admin Console credentials, if provided.
+ StringTokenizer tokens(AdminCreds, "/",
StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM);
+ if (tokens.count() == 2)
+ {
+ config().setString("admin_console_username", tokens[0]);
+ config().setString("admin_console_password", tokens[1]);
+ }
+ }
+
ServerApplication::initialize(self);
}
@@ -1084,6 +1097,11 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
.repeatable(false)
.argument("number"));
+ optionSet.addOption(Option("admincreds", "", "Admin 'username/password'
used to access the admin console.")
+ .required(false)
+ .repeatable(false)
+ .argument("directory"));
+
optionSet.addOption(Option("test", "", "Interactive testing.")
.required(false)
.repeatable(false));
@@ -1119,6 +1137,8 @@ void LOOLWSD::handleOption(const std::string& optionName,
const std::string& val
FileServerRoot = value;
else if (optionName == "numprespawns")
NumPreSpawnedChildren = std::stoi(value);
+ else if (optionName == "admincreds")
+ AdminCreds = value;
else if (optionName == "test")
LOOLWSD::DoTest = true;
}
@@ -1206,6 +1226,11 @@ int LOOLWSD::main(const std::vector<std::string>&
/*args*/)
if (LOOLWSD::DoTest)
NumPreSpawnedChildren = 1;
+ if (AdminCreds.empty())
+ {
+ Log::warn("No admin credentials set via 'admincreds' command-line
argument. Admin Console will be disabled.");
+ }
+
const Path pipePath = Path::forDirectory(ChildRoot + Path::separator() +
FIFO_PATH);
if (!File(pipePath).exists() && !File(pipePath).createDirectory())
{
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index f4964bb..76e5246 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -45,7 +45,7 @@ public:
static std::string ChildRoot;
static std::string LoSubPath;
static std::string FileServerRoot;
- //static Auth AuthAgent;
+ static std::string AdminCreds;
static
std::string GenSessionId()
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
