From: Richard Kettlewell Date: Tue, 22 Apr 2008 17:59:32 +0000 (+0100) Subject: By default, disable user management over TCP (since it tends to have X-Git-Tag: 4.0~109 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~mdw/git/disorder/commitdiff_plain/810b8083772d8f82e589ed70fa5e7d6d5292ccd8 By default, disable user management over TCP (since it tends to have passwords in it). The remote_userman configuration directive can be used to re-enable it. --- diff --git a/CHANGES b/CHANGES index 91ab4e1..32822ef 100644 --- a/CHANGES +++ b/CHANGES @@ -21,6 +21,9 @@ This has been completely rewritten to support new features: There is now a new user management window. From here you can add and remove users or modify their settings. +Relatedly, the server will only allow remote user management if you set +remote_userman to 'yes'. + * Changes up to version 3.0.2 Builds --without-server should work again. diff --git a/doc/disorder_config.5.in b/doc/disorder_config.5.in index a9549ed..e714a22 100644 --- a/doc/disorder_config.5.in +++ b/doc/disorder_config.5.in @@ -593,6 +593,10 @@ The default is 10. The minimum number of seconds that must elapse between password reminders. The default is 600, i.e. 10 minutes. .TP +.B remote_userman yes\fR|\fBno +User management over TCP connection is only allowed if this is set to +\fByes\fR. By default it is set to \fBno\fR. +.TP .B replay_min \fISECONDS\fR The minimum number of seconds that must elapse after a track has been played before it can be picked at random. The default is 8 hours. If this is set to diff --git a/lib/configuration.c b/lib/configuration.c index b93e1e9..bcce6c7 100644 --- a/lib/configuration.c +++ b/lib/configuration.c @@ -960,6 +960,7 @@ static const struct conf conf[] = { { C(replay_min), &type_integer, validate_non_negative }, { C(refresh), &type_integer, validate_positive }, { C(reminder_interval), &type_integer, validate_positive }, + { C(remote_userman), &type_boolean, validate_any }, { C2(restrict, restrictions), &type_restrict, validate_any }, { C(sample_format), &type_sample_format, validate_sample_format }, { C(scratch), &type_string_accum, validate_isreg }, diff --git a/lib/configuration.h b/lib/configuration.h index de25197..78c31ef 100644 --- a/lib/configuration.h +++ b/lib/configuration.h @@ -270,6 +270,9 @@ struct config { /** @brief Minimum interval between password reminder emails */ long reminder_interval; + + /** @brief Whether to allow user management over TCP */ + int remote_userman; /* derived values: */ int nparts; /* number of distinct name parts */ diff --git a/server/server.c b/server/server.c index e03ff9c..cbeb0ab 100644 --- a/server/server.c +++ b/server/server.c @@ -1096,6 +1096,10 @@ static int c_adduser(struct conn *c, int nvec) { const char *rights; + if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) { + sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n"); + return 1; + } if(nvec > 2) { rights = vec[2]; if(parse_rights(vec[2], 0, 1)) { @@ -1117,6 +1121,10 @@ static int c_deluser(struct conn *c, int attribute((unused)) nvec) { struct conn *d; + if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) { + sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n"); + return 1; + } if(trackdb_deluser(vec[0])) { sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n"); return 1; @@ -1134,6 +1142,10 @@ static int c_edituser(struct conn *c, int attribute((unused)) nvec) { struct conn *d; + if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) { + sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n"); + return 1; + } /* RIGHT_ADMIN can do anything; otherwise you can only set your own email * address and password. */ if((c->rights & RIGHT_ADMIN) @@ -1172,6 +1184,10 @@ static int c_userinfo(struct conn *c, struct kvp *k; const char *value; + if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) { + sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n"); + return 1; + } /* RIGHT_ADMIN allows anything; otherwise you can only get your own email * address and rights list. */ if((c->rights & RIGHT_ADMIN)