Enable basicauth by default, remove the option to supply it on the command line

2021-03-25 11:25:30 +02:00
parent 93d3bf052d
commit 1632f4888d
9 changed files with 24 additions and 30 deletions
--- a/common/network/TcpSocket.cxx
+++ b/common/network/TcpSocket.cxx
@@ -462,7 +462,7 @@ static uint8_t givecontrolCb(void *messager, const char name[])
 WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
                         socklen_t listenaddrlen,
                         bool sslonly, const char *cert, const char *certkey,
-                         const char *basicauth,
+                         bool disablebasicauth,
                         const char *httpdir)
 {
  int one = 1;
@@ -532,7 +532,7 @@ WebsocketListener::WebsocketListener(const struct sockaddr *listenaddr,
    settings.passwdfile = strdup(wexp.we_wordv[0]);
  wordfree(&wexp);

-  settings.basicauth = basicauth;
+  settings.disablebasicauth = disablebasicauth;
  settings.cert = cert;
  settings.key = certkey;
  settings.ssl_only = sslonly;
@@ -718,7 +718,7 @@ void network::createTcpListeners(std::list<SocketListener*> *listeners,
 void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                                 const struct addrinfo *ai,
                                 bool sslonly, const char *cert, const char *certkey,
-                                 const char *basicauth,
+                                 bool disablebasicauth,
                                 const char *httpdir)
 {
  const struct addrinfo *current;
@@ -745,7 +745,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
    try {
      new_listeners.push_back(new WebsocketListener(current->ai_addr,
                                              current->ai_addrlen,
-                                              sslonly, cert, certkey, basicauth,
+                                              sslonly, cert, certkey, disablebasicauth,
                                              httpdir));
    } catch (SocketException& e) {
      // Ignore this if it is due to lack of address family support on
@@ -774,7 +774,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                                 bool sslonly,
                                 const char *cert,
                                 const char *certkey,
-                                 const char *basicauth,
+                                 bool disablebasicauth,
                                 const char *httpdir)
 {
  if (addr && !strcmp(addr, "local")) {
@@ -802,7 +802,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
    ai[1].ai_addrlen = sizeof(sa[1].u.sin6);
    ai[1].ai_next = NULL;

-    createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
+    createWebsocketListeners(listeners, ai, sslonly, cert, certkey, disablebasicauth, httpdir);
  } else {
    struct addrinfo *ai, hints;
    char service[16];
@@ -825,7 +825,7 @@ void network::createWebsocketListeners(std::list<SocketListener*> *listeners,
                           gai_strerror(result));

    try {
-      createWebsocketListeners(listeners, ai, sslonly, cert, certkey, basicauth, httpdir);
+      createWebsocketListeners(listeners, ai, sslonly, cert, certkey, disablebasicauth, httpdir);
    } catch(...) {
      freeaddrinfo(ai);
      throw;
--- a/common/network/TcpSocket.h
+++ b/common/network/TcpSocket.h
@@ -91,7 +91,7 @@ namespace network {
  public:
    WebsocketListener(const struct sockaddr *listenaddr, socklen_t listenaddrlen,
                      bool sslonly, const char *cert, const char *certkey,
-                      const char *basicauth,
+                      bool disablebasicauth,
                      const char *httpdir);

    virtual int getMyPort();
@@ -116,7 +116,7 @@ namespace network {
                          bool sslonly,
                          const char *cert,
                          const char *certkey,
-                          const char *basicauth,
+                          bool disablebasicauth,
                          const char *httpdir);
  void createTcpListeners(std::list<SocketListener*> *listeners,
                          const char *addr,
@@ -128,7 +128,7 @@ namespace network {
                          bool sslonly,
                          const char *cert,
                          const char *certkey,
-                          const char *basicauth,
+                          bool disablebasicauth,
                          const char *httpdir);

  typedef struct vnc_sockaddr {
--- a/common/network/websocket.c
+++ b/common/network/websocket.c
@@ -1152,9 +1152,8 @@ ws_ctx_t *do_handshake(int sock) {
        usleep(10);
    }

-    const char *colon;
    unsigned char owner = 0;
-    if ((colon = strchr(settings.basicauth, ':'))) {
+    if (!settings.disablebasicauth) {
        const char *hdr = strstr(handshake, "Authorization: Basic ");
        if (!hdr) {
            handler_emsg("BasicAuth required, but client didn't send any. 401 Unauth\n");
@@ -1179,15 +1178,13 @@ ws_ctx_t *do_handshake(int sock) {
        tmp[len] = '\0';
        len = ws_b64_pton(tmp, response, 256);

-        char authbuf[4096];
-        strncpy(authbuf, settings.basicauth, 4096);
-        authbuf[4095] = '\0';
+        char authbuf[4096] = "";

        // Do we need to read it from the file?
        char *resppw = strchr(response, ':');
        if (resppw && *resppw)
            resppw++;
-        if (!colon[1] && settings.passwdfile) {
+        if (settings.passwdfile) {
            if (resppw && *resppw && resppw - response < 32) {
                char pwbuf[4096];
                struct kasmpasswd_t *set = readkasmpasswd(settings.passwdfile);
--- a/common/network/websocket.h
+++ b/common/network/websocket.h
@@ -71,7 +71,7 @@ typedef struct {
    unsigned int handler_id;
    const char *cert;
    const char *key;
-    const char *basicauth;
+    uint8_t disablebasicauth;
    const char *passwdfile;
    int ssl_only;
    const char *httpdir;