Skip to content

Commit 872d5b3

Browse files
committed
[auth] Move pass file support to manager class; for both server/app
- Ensure pass file env var is skipped by application and later stripped
1 parent 545a90d commit 872d5b3

File tree

3 files changed

+51
-42
lines changed

3 files changed

+51
-42
lines changed

src/core/auth/qgsauthmanager.cpp

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818

1919
#include <QDir>
2020
#include <QEventLoop>
21+
#include <QFile>
2122
#include <QFileInfo>
2223
#include <QMutexLocker>
2324
#include <QObject>
@@ -200,6 +201,49 @@ bool QgsAuthManager::init( const QString& pluginPath )
200201
initSslCaches();
201202
#endif
202203

204+
// set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
205+
const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
206+
if ( getenv( passenv ) && masterPasswordHashInDb() )
207+
{
208+
QString passpath( getenv( passenv ) );
209+
// clear the env variable, so it can not be accessed from plugins, etc.
210+
// (note: stored QgsApplication::systemEnvVars() skips this env variable as well)
211+
#ifdef Q_OS_WIN
212+
putenv( passenv );
213+
#else
214+
unsetenv( passenv );
215+
#endif
216+
QString masterpass;
217+
QFile passfile( passpath );
218+
if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
219+
{
220+
QTextStream passin( &passfile );
221+
while ( !passin.atEnd() )
222+
{
223+
masterpass = passin.readLine();
224+
break;
225+
}
226+
passfile.close();
227+
}
228+
if ( !masterpass.isEmpty() )
229+
{
230+
if ( setMasterPassword( masterpass, true ) )
231+
{
232+
QgsDebugMsg( "Authentication master password set from QGIS_AUTH_PASSWORD_FILE" );
233+
}
234+
else
235+
{
236+
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to set password using: " + passpath );
237+
return false;
238+
}
239+
}
240+
else
241+
{
242+
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read password from: " + passpath );
243+
return false;
244+
}
245+
}
246+
203247
return true;
204248
}
205249
}

src/core/qgsapplication.cpp

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -196,14 +196,18 @@ void QgsApplication::init( QString customConfigPath )
196196

197197
// store system environment variables passed to application, before they are adjusted
198198
QMap<QString, QString> systemEnvVarMap;
199+
QString passfile( "QGIS_AUTH_PASSWORD_FILE" ); // QString, for comparison
199200
Q_FOREACH ( const QString &varStr, QProcess::systemEnvironment() )
200201
{
201202
int pos = varStr.indexOf( QLatin1Char( '=' ) );
202203
if ( pos == -1 )
203204
continue;
204205
QString varStrName = varStr.left( pos );
205206
QString varStrValue = varStr.mid( pos + 1 );
206-
systemEnvVarMap.insert( varStrName, varStrValue );
207+
if ( varStrName != passfile )
208+
{
209+
systemEnvVarMap.insert( varStrName, varStrValue );
210+
}
207211
}
208212
ABISYM( mSystemEnvVars ) = systemEnvVarMap;
209213

src/server/qgsserver.cpp

Lines changed: 2 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -41,13 +41,11 @@
4141
#include "qgseditorwidgetregistry.h"
4242

4343
#include <QDomDocument>
44-
#include <QFile>
4544
#include <QNetworkDiskCache>
4645
#include <QImage>
4746
#include <QSettings>
4847
#include <QDateTime>
4948
#include <QScopedPointer>
50-
#include <QTextStream>
5149
// TODO: remove, it's only needed by a single debug message
5250
#include <fcgi_stdio.h>
5351
#include <stdlib.h>
@@ -360,46 +358,9 @@ bool QgsServer::init( int & argc, char ** argv )
360358

361359
// Instantiate authentication system
362360
// creates or uses qgis-auth.db in ~/.qgis2/ or directory defined by QGIS_AUTH_DB_DIR_PATH env variable
361+
// set the master password as first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
362+
// (QGIS_AUTH_PASSWORD_FILE variable removed from environment after accessing)
363363
QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
364-
// set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
365-
const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
366-
if ( getenv( passenv ) )
367-
{
368-
QString passpath( getenv( passenv ) );
369-
// clear the env variable, so it can not be accessed from plugins, etc.
370-
#ifdef Q_OS_WIN
371-
putenv( passenv );
372-
#else
373-
unsetenv( passenv );
374-
#endif
375-
QString masterpass;
376-
QFile passfile( passpath );
377-
if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
378-
{
379-
QTextStream passin( &passfile );
380-
while ( !passin.atEnd() )
381-
{
382-
masterpass = passin.readLine();
383-
break;
384-
}
385-
passfile.close();
386-
}
387-
if ( !masterpass.isEmpty() )
388-
{
389-
if ( QgsAuthManager::instance()->setMasterPassword( masterpass, true ) )
390-
{
391-
QgsDebugMsg( "Authentication master password set" );
392-
}
393-
else
394-
{
395-
QgsDebugMsg( "Setting authentication master password FAILED using file: " + passpath );
396-
}
397-
}
398-
else
399-
{
400-
QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read file: " + passpath );
401-
}
402-
}
403364

404365
QString defaultConfigFilePath;
405366
QFileInfo projectFileInfo = defaultProjectFile(); //try to find a .qgs file in the server directory

0 commit comments

Comments
 (0)