Skip to content
Permalink
Browse files

[auth] Move pass file support to manager class; for both server/app

- Ensure pass file env var is skipped by application and later stripped
  • Loading branch information
dakcarto committed Oct 16, 2015
1 parent 545a90d commit 872d5b3a8277de884300adf5ce25bf2b9eb43595
Showing with 51 additions and 42 deletions.
  1. +44 −0 src/core/auth/qgsauthmanager.cpp
  2. +5 −1 src/core/qgsapplication.cpp
  3. +2 −41 src/server/qgsserver.cpp
@@ -18,6 +18,7 @@

#include <QDir>
#include <QEventLoop>
#include <QFile>
#include <QFileInfo>
#include <QMutexLocker>
#include <QObject>
@@ -200,6 +201,49 @@ bool QgsAuthManager::init( const QString& pluginPath )
initSslCaches();
#endif

// set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
if ( getenv( passenv ) && masterPasswordHashInDb() )
{
QString passpath( getenv( passenv ) );
// clear the env variable, so it can not be accessed from plugins, etc.
// (note: stored QgsApplication::systemEnvVars() skips this env variable as well)
#ifdef Q_OS_WIN
putenv( passenv );
#else
unsetenv( passenv );
#endif
QString masterpass;
QFile passfile( passpath );
if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
{
QTextStream passin( &passfile );
while ( !passin.atEnd() )
{
masterpass = passin.readLine();
break;
}
passfile.close();
}
if ( !masterpass.isEmpty() )
{
if ( setMasterPassword( masterpass, true ) )
{
QgsDebugMsg( "Authentication master password set from QGIS_AUTH_PASSWORD_FILE" );
}
else
{
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to set password using: " + passpath );
return false;
}
}
else
{
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read password from: " + passpath );
return false;
}
}

return true;
}
}
@@ -196,14 +196,18 @@ void QgsApplication::init( QString customConfigPath )

// store system environment variables passed to application, before they are adjusted
QMap<QString, QString> systemEnvVarMap;
QString passfile( "QGIS_AUTH_PASSWORD_FILE" ); // QString, for comparison
Q_FOREACH ( const QString &varStr, QProcess::systemEnvironment() )
{
int pos = varStr.indexOf( QLatin1Char( '=' ) );
if ( pos == -1 )
continue;
QString varStrName = varStr.left( pos );
QString varStrValue = varStr.mid( pos + 1 );
systemEnvVarMap.insert( varStrName, varStrValue );
if ( varStrName != passfile )
{
systemEnvVarMap.insert( varStrName, varStrValue );
}
}
ABISYM( mSystemEnvVars ) = systemEnvVarMap;

@@ -41,13 +41,11 @@
#include "qgseditorwidgetregistry.h"

#include <QDomDocument>
#include <QFile>
#include <QNetworkDiskCache>
#include <QImage>
#include <QSettings>
#include <QDateTime>
#include <QScopedPointer>
#include <QTextStream>
// TODO: remove, it's only needed by a single debug message
#include <fcgi_stdio.h>
#include <stdlib.h>
@@ -360,46 +358,9 @@ bool QgsServer::init( int & argc, char ** argv )

// Instantiate authentication system
// creates or uses qgis-auth.db in ~/.qgis2/ or directory defined by QGIS_AUTH_DB_DIR_PATH env variable
// set the master password as first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
// (QGIS_AUTH_PASSWORD_FILE variable removed from environment after accessing)
QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
// set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
if ( getenv( passenv ) )
{
QString passpath( getenv( passenv ) );
// clear the env variable, so it can not be accessed from plugins, etc.
#ifdef Q_OS_WIN
putenv( passenv );
#else
unsetenv( passenv );
#endif
QString masterpass;
QFile passfile( passpath );
if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
{
QTextStream passin( &passfile );
while ( !passin.atEnd() )
{
masterpass = passin.readLine();
break;
}
passfile.close();
}
if ( !masterpass.isEmpty() )
{
if ( QgsAuthManager::instance()->setMasterPassword( masterpass, true ) )
{
QgsDebugMsg( "Authentication master password set" );
}
else
{
QgsDebugMsg( "Setting authentication master password FAILED using file: " + passpath );
}
}
else
{
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read file: " + passpath );
}
}

QString defaultConfigFilePath;
QFileInfo projectFileInfo = defaultProjectFile(); //try to find a .qgs file in the server directory

0 comments on commit 872d5b3

Please sign in to comment.
You can’t perform that action at this time.