I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

add some minimal security to the admin console, requiring a passphrase to be entered when updating the clock offset

Browse Source 
this works by a simple substring match of the URL - if the router.config contains the adminTimePassphrase=blah, the time update will only succeed if the URL contains "blah" in it
if the router.config does NOT contain an adminTimePassphrase, the time update WILL BE REFUSED.
aka to use the timestamper, you MUST set adminTimePassphrase AND update the clientApp.0.args= line to include the passphrase in the URL!
e.g.
 clientApp.0.args=http://localhost:7655/setTime?blah pool.ntp.org pool.ntp.org pool.ntp.org
This commit is contained in:
jrandom
2004-06-25 17:18:21 +00:00
committed by zzz
parent a351a29bf3
commit 7ef528bbde
2 changed files with 32 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
installer/java/src/router.config.template
View File

@ -168,7 +168,13 @@ router.maxWaitingJobs=40
clientApp.0.main=net.i2p.time.Timestamper clientApp.0.main=net.i2p.time.Timestamper
clientApp.0.name=Timestamper clientApp.0.name=Timestamper
clientApp.0.onBoot=true clientApp.0.onBoot=true
clientApp.0.args=http://localhost:7655/setTime?k=v pool.ntp.org pool.ntp.org pool.ntp.org clientApp.0.args=http://localhost:7655/setTime?putTheValueFromBelowHere pool.ntp.org pool.ntp.org pool.ntp.org
# The admin time passphrase, used to prevent unauthorized people from updating your
# routers time. The value should be included in the timestamper's args above,
# otherwise it wont honor timestamp updates. You shouldnt include any spaces or funky
# characters - just pick some random numbers.
adminTimePassphrase=pleaseSetSomeValueHere
# SAM bridge (a simplified socket based protocol for using I2P - listens on port 7656. see # SAM bridge (a simplified socket based protocol for using I2P - listens on port 7656. see
# the specs at http://www.i2p.net/node/view/144 for more info) # the specs at http://www.i2p.net/node/view/144 for more info)

23
router/java/src/net/i2p/router/admin/AdminRunner.java
View File

@ -51,8 +51,12 @@ class AdminRunner implements Runnable {
} else if (command.indexOf("/profile/") >= 0) { } else if (command.indexOf("/profile/") >= 0) {
replyText(out, getProfile(command)); replyText(out, getProfile(command));
} else if (command.indexOf("setTime") >= 0) { } else if (command.indexOf("setTime") >= 0) {
if (allowTimeUpdate(command)) {
setTime(command); setTime(command);
reply(out, "<html><body>Time updated</body></html>"); reply(out, "<html><body>Time updated</body></html>");
} else {
reply(out, "<html><body>Time not updated</body></html>");
}
} else if (command.indexOf("/shutdown") >= 0) { } else if (command.indexOf("/shutdown") >= 0) {
reply(out, shutdown(command)); reply(out, shutdown(command));
} else if (true || command.indexOf("routerConsole.html") > 0) { } else if (true || command.indexOf("routerConsole.html") > 0) {
@ -60,6 +64,25 @@ class AdminRunner implements Runnable {
} }
} }
private boolean allowTimeUpdate(String command) {
String pass = _context.getProperty("adminTimePassphrase");
if ( (pass == null) || (pass.trim().length() <= 0) ) {
if (_log.shouldLog(Log.ERROR))
_log.error("No passphrase for update time from " + _socket.getInetAddress()
+ ":" + _socket.getPort());
return false;
}
if (command.indexOf(pass) != -1) {
return true;
} else {
if (_log.shouldLog(Log.ERROR))
_log.error("Invalid passphrase for update time from " + _socket.getInetAddress()
+ ":" + _socket.getPort());
return false;
}
}
private void reply(OutputStream out, String content) throws IOException { private void reply(OutputStream out, String content) throws IOException {
StringBuffer reply = new StringBuffer(10240); StringBuffer reply = new StringBuffer(10240);
reply.append("HTTP/1.1 200 OK\n"); reply.append("HTTP/1.1 200 OK\n");