[Libreoffice-commits] online.git: loolwsd/FileServer.hpp loolwsd/LOOLWSD.cpp loolwsd/LOOLWSD.hpp

Ashod Nakashian ashod.nakashian at collabora.co.uk
Thu Apr 7 04:42:33 UTC 2016 

 loolwsd/FileServer.hpp |   14 ++++++++++----
 loolwsd/LOOLWSD.cpp    |   29 +++++++++++++++++++++++++++--
 loolwsd/LOOLWSD.hpp    |    2 +-
 3 files changed, 38 insertions(+), 7 deletions(-)

New commits:
commit 1f88aede00b2b5a48e91d3cc652cb0a9ea0770ab
Author: Ashod Nakashian <ashod.nakashian at collabora.co.uk>
Date:   Wed Apr 6 23:36:54 2016 -0400

    loolwsd: Admin Console credentials passed on the command line
    
    A new command-line argument, admincreds, must be provided
    to set the Admin Console credentials.
    
    The new command-line argument specifies the username
    and password in the following format: username/password
    
    If not provided, Admin Console is disabled for security
    reasons. A warning is emitted at startup and an error
    on every invocation of Admin Console is logged when
    no credentials are defined.
    
    Change-Id: I348623949fd0b292f5066e4955759c708204540f
    Reviewed-on: https://gerrit.libreoffice.org/23878
    Reviewed-by: Ashod Nakashian <ashnakash at gmail.com>
    Tested-by: Ashod Nakashian <ashnakash at gmail.com>

diff --git a/loolwsd/FileServer.hpp b/loolwsd/FileServer.hpp
index 52d4429..2dbbc4c 100644
--- a/loolwsd/FileServer.hpp
+++ b/loolwsd/FileServer.hpp
@@ -72,11 +72,17 @@ public:
             Log::info("Invalid JWT token, let the administrator re-login");
         }
 
-        HTTPBasicCredentials credentials(request);
+        const auto user = Application::instance().config().getString("admin_console_username", "");
+        const auto pass = Application::instance().config().getString("admin_console_password", "");
+        if (user.empty() || pass.empty())
+        {
+            Log::error("Admin Console credentials missing. Denying access until set.");
+            return false;
+        }
 
-        // TODO: Read username and password from config file
-        if (credentials.getUsername() == "admin"
-                && credentials.getPassword() == "admin")
+        HTTPBasicCredentials credentials(request);
+        if (credentials.getUsername() == user &&
+            credentials.getPassword() == pass)
         {
             const std::string htmlMimeType = "text/html";
             // generate and set the cookie
diff --git a/loolwsd/LOOLWSD.cpp b/loolwsd/LOOLWSD.cpp
index ef4775c..78b3915 100644
--- a/loolwsd/LOOLWSD.cpp
+++ b/loolwsd/LOOLWSD.cpp
@@ -963,6 +963,7 @@ std::string LOOLWSD::LoTemplate;
 std::string LOOLWSD::ChildRoot;
 std::string LOOLWSD::LoSubPath = "lo";
 std::string LOOLWSD::FileServerRoot;
+std::string LOOLWSD::AdminCreds;
 
 int LOOLWSD::NumPreSpawnedChildren = 10;
 bool LOOLWSD::DoTest = false;
@@ -977,13 +978,25 @@ LOOLWSD::~LOOLWSD()
 
 void LOOLWSD::initialize(Application& self)
 {
-    // load default configuration files, if present
+    // Load default configuration files, if present.
     if (loadConfiguration() == 0)
     {
-        std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml";
+        // Fallback to the default path.
+        const std::string configPath = LOOLWSD_CONFIGDIR "/loolwsd.xml";
         loadConfiguration(configPath);
     }
 
+    if (!AdminCreds.empty())
+    {
+        // Set the Admin Console credentials, if provided.
+        StringTokenizer tokens(AdminCreds, "/", StringTokenizer::TOK_IGNORE_EMPTY | StringTokenizer::TOK_TRIM);
+        if (tokens.count() == 2)
+        {
+            config().setString("admin_console_username", tokens[0]);
+            config().setString("admin_console_password", tokens[1]);
+        }
+    }
+
     ServerApplication::initialize(self);
 }
 
@@ -1084,6 +1097,11 @@ void LOOLWSD::defineOptions(OptionSet& optionSet)
                         .repeatable(false)
                         .argument("number"));
 
+    optionSet.addOption(Option("admincreds", "", "Admin 'username/password' used to access the admin console.")
+                        .required(false)
+                        .repeatable(false)
+                        .argument("directory"));
+
     optionSet.addOption(Option("test", "", "Interactive testing.")
                         .required(false)
                         .repeatable(false));
@@ -1119,6 +1137,8 @@ void LOOLWSD::handleOption(const std::string& optionName, const std::string& val
         FileServerRoot = value;
     else if (optionName == "numprespawns")
         NumPreSpawnedChildren = std::stoi(value);
+    else if (optionName == "admincreds")
+        AdminCreds = value;
     else if (optionName == "test")
         LOOLWSD::DoTest = true;
 }
@@ -1206,6 +1226,11 @@ int LOOLWSD::main(const std::vector<std::string>& /*args*/)
     if (LOOLWSD::DoTest)
         NumPreSpawnedChildren = 1;
 
+    if (AdminCreds.empty())
+    {
+        Log::warn("No admin credentials set via 'admincreds' command-line argument. Admin Console will be disabled.");
+    }
+
     const Path pipePath = Path::forDirectory(ChildRoot + Path::separator() + FIFO_PATH);
     if (!File(pipePath).exists() && !File(pipePath).createDirectory())
     {
diff --git a/loolwsd/LOOLWSD.hpp b/loolwsd/LOOLWSD.hpp
index f4964bb..76e5246 100644
--- a/loolwsd/LOOLWSD.hpp
+++ b/loolwsd/LOOLWSD.hpp
@@ -45,7 +45,7 @@ public:
     static std::string ChildRoot;
     static std::string LoSubPath;
     static std::string FileServerRoot;
-    //static Auth AuthAgent;
+    static std::string AdminCreds;
 
     static
     std::string GenSessionId()

More information about the Libreoffice-commits mailing list