I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

add some minimal security to the admin console, requiring a passphrase to be entered when updating the clock offset

Browse Source 
this works by a simple substring match of the URL - if the router.config contains the adminTimePassphrase=blah, the time update will only succeed if the URL contains "blah" in it
if the router.config does NOT contain an adminTimePassphrase, the time update WILL BE REFUSED.
aka to use the timestamper, you MUST set adminTimePassphrase AND update the clientApp.0.args= line to include the passphrase in the URL!
e.g.
 clientApp.0.args=http://localhost:7655/setTime?blah pool.ntp.org pool.ntp.org pool.ntp.org
This commit is contained in:
jrandom
2004-06-25 17:18:21 +00:00
committed by zzz
parent a351a29bf3
commit 7ef528bbde
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
router/java/src/net/i2p/router/admin/AdminRunner.java
View File

@ -51,8 +51,12 @@ class AdminRunner implements Runnable {
} else if (command.indexOf("/profile/") >= 0) {
replyText(out, getProfile(command));
} else if (command.indexOf("setTime") >= 0) {
setTime(command);
reply(out, "<html><body>Time updated</body></html>");
if (allowTimeUpdate(command)) {
setTime(command);
reply(out, "<html><body>Time updated</body></html>");
} else {
reply(out, "<html><body>Time not updated</body></html>");
}
} else if (command.indexOf("/shutdown") >= 0) {
reply(out, shutdown(command));
} else if (true || command.indexOf("routerConsole.html") > 0) {
@ -60,6 +64,25 @@ class AdminRunner implements Runnable {
}
}
private boolean allowTimeUpdate(String command) {
String pass = _context.getProperty("adminTimePassphrase");
if ( (pass == null) || (pass.trim().length() <= 0) ) {
if (_log.shouldLog(Log.ERROR))
_log.error("No passphrase for update time from " + _socket.getInetAddress()
+ ":" + _socket.getPort());
return false;
}
if (command.indexOf(pass) != -1) {
return true;
} else {
if (_log.shouldLog(Log.ERROR))
_log.error("Invalid passphrase for update time from " + _socket.getInetAddress()
+ ":" + _socket.getPort());
return false;
}
}
private void reply(OutputStream out, String content) throws IOException {
StringBuffer reply = new StringBuffer(10240);
reply.append("HTTP/1.1 200 OK\n");