Allow the Admin console to be disabled in the configuration.
Change-Id: Iacde8e891f42e9ef9399ebbebbd2b2978188d4c4private/kendy/monitoring-rebased
parent
f68d54e02a
commit
ce06a9ae37
|
@ -107,6 +107,7 @@
|
|||
<tile_cache_persistent desc="Should the tiles persist between two editing sessions of the given document?" type="bool" default="true">true</tile_cache_persistent>
|
||||
|
||||
<admin_console desc="Web admin console settings.">
|
||||
<enable desc="Enable the admin console functionality" type="bool" default="true">true</enable>
|
||||
<enable_pam desc="Enable admin user authentication with PAM" type="bool" default="true">true</enable_pam>
|
||||
<username desc="The username of the admin console. Must be set, if PAM is not enabled, otherwise it's optional."></username>
|
||||
<password desc="The password of the admin console. Deprecated on most platforms. Instead, use loolconfig to set up a secure password."></password>
|
||||
|
|
|
@ -294,6 +294,12 @@ bool AdminSocketHandler::handleInitialRequest(
|
|||
const std::weak_ptr<StreamSocket> &socketWeak,
|
||||
const Poco::Net::HTTPRequest& request)
|
||||
{
|
||||
if (!LOOLWSD::AdminEnabled)
|
||||
{
|
||||
LOG_ERR("Request for disabled admin console");
|
||||
return false;
|
||||
}
|
||||
|
||||
std::shared_ptr<StreamSocket> socket = socketWeak.lock();
|
||||
|
||||
// Different session id pool for admin sessions (?)
|
||||
|
@ -607,4 +613,10 @@ void Admin::dumpState(std::ostream& os)
|
|||
SocketPoll::dumpState(os);
|
||||
}
|
||||
|
||||
void Admin::start()
|
||||
{
|
||||
if (LOOLWSD::AdminEnabled)
|
||||
startThread();
|
||||
}
|
||||
|
||||
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
||||
|
|
|
@ -60,11 +60,7 @@ public:
|
|||
return admin;
|
||||
}
|
||||
|
||||
void start()
|
||||
{
|
||||
// FIXME: not if admin console is not enabled ?
|
||||
startThread();
|
||||
}
|
||||
void start();
|
||||
|
||||
/// Custom poll thread function
|
||||
void pollingThread() override;
|
||||
|
|
|
@ -113,6 +113,8 @@ bool isPamAuthOk(const std::string& user, const std::string& pass)
|
|||
bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request,
|
||||
HTTPResponse &response)
|
||||
{
|
||||
assert(LOOLWSD::AdminEnabled);
|
||||
|
||||
const auto& config = Application::instance().config();
|
||||
const std::string sslKeyPath = config.getString("ssl.key_file_path", "");
|
||||
|
||||
|
@ -250,11 +252,16 @@ void FileServerRequestHandler::handleRequest(const HTTPRequest& request, Poco::M
|
|||
if (request.getMethod() == HTTPRequest::HTTP_GET)
|
||||
{
|
||||
if (endPoint == "admin.html" ||
|
||||
endPoint == "admin-bundle.js" ||
|
||||
endPoint == "admin-localizations.js" ||
|
||||
endPoint == "adminSettings.html" ||
|
||||
endPoint == "adminAnalytics.html")
|
||||
{
|
||||
noCache = true;
|
||||
|
||||
if (!LOOLWSD::AdminEnabled)
|
||||
throw Poco::FileAccessDeniedException("Admin console disabled");
|
||||
|
||||
if (!FileServerRequestHandler::isAdminLoggedIn(request, response))
|
||||
throw Poco::Net::NotAuthenticatedException("Invalid admin login");
|
||||
|
||||
|
|
|
@ -569,6 +569,7 @@ std::atomic<int> LOOLWSD::ForKitProcId(-1);
|
|||
#endif
|
||||
bool LOOLWSD::NoSeccomp = false;
|
||||
bool LOOLWSD::NoCapsForKit = false;
|
||||
bool LOOLWSD::AdminEnabled = true;
|
||||
#ifdef FUZZER
|
||||
bool LOOLWSD::DummyLOK = false;
|
||||
std::string LOOLWSD::FuzzFileName;
|
||||
|
@ -856,6 +857,7 @@ void LOOLWSD::initialize(Application& self)
|
|||
|
||||
NoSeccomp = !getConfigValue<bool>(conf, "security.seccomp", true);
|
||||
NoCapsForKit = !getConfigValue<bool>(conf, "security.capabilities", true);
|
||||
AdminEnabled = getConfigValue<bool>(conf, "admin_console.enable", true);
|
||||
|
||||
#if ENABLE_SUPPORT_KEY
|
||||
const std::string supportKeyString = getConfigValue<std::string>(conf, "support_key", "");
|
||||
|
|
|
@ -44,6 +44,7 @@ public:
|
|||
static unsigned int NumPreSpawnedChildren;
|
||||
static bool NoCapsForKit;
|
||||
static bool NoSeccomp;
|
||||
static bool AdminEnabled;
|
||||
static std::atomic<int> ForKitWritePipe;
|
||||
static std::atomic<int> ForKitProcId;
|
||||
static bool DummyLOK;
|
||||
|
|
Loading…
Reference in New Issue