add some minimal security to the admin console, requiring a passphrase to be entered when updating the clock offset

this works by a simple substring match of the URL - if the router.config contains the adminTimePassphrase=blah, the time update will only succeed if the URL contains "blah" in it if the router.config does NOT contain an adminTimePassphrase, the time update WILL BE REFUSED. aka to use the timestamper, you MUST set adminTimePassphrase AND update the clientApp.0.args= line to include the passphrase in the URL! e.g. clientApp.0.args=http://localhost:7655/setTime?blah pool.ntp.org pool.ntp.org pool.ntp.org
2004-06-25 17:18:21 +00:00
parent a351a29bf3
commit 7ef528bbde
2 changed files with 32 additions and 3 deletions
--- a/installer/java/src/router.config.template
+++ b/installer/java/src/router.config.template
@ -168,7 +168,13 @@ router.maxWaitingJobs=40
 clientApp.0.main=net.i2p.time.Timestamper
 clientApp.0.name=Timestamper
 clientApp.0.onBoot=true
-clientApp.0.args=http://localhost:7655/setTime?k=v pool.ntp.org pool.ntp.org pool.ntp.org
+clientApp.0.args=http://localhost:7655/setTime?putTheValueFromBelowHere pool.ntp.org pool.ntp.org pool.ntp.org
+
+# The admin time passphrase, used to prevent unauthorized people from updating your
+# routers time.  The value should be included in the timestamper's args above, 
+# otherwise it wont honor timestamp updates.  You shouldnt include any spaces or funky 
+# characters - just pick some random numbers.
+adminTimePassphrase=pleaseSetSomeValueHere

 # SAM bridge (a simplified socket based protocol for using I2P - listens on port 7656.  see
 # the specs at http://www.i2p.net/node/view/144 for more info)
--- a/router/java/src/net/i2p/router/admin/AdminRunner.java
+++ b/router/java/src/net/i2p/router/admin/AdminRunner.java
@ -51,8 +51,12 @@ class AdminRunner implements Runnable {
        } else if (command.indexOf("/profile/") >= 0) {
            replyText(out, getProfile(command));
        } else if (command.indexOf("setTime") >= 0) {
-            setTime(command);
-            reply(out, "<html><body>Time updated</body></html>");
+            if (allowTimeUpdate(command)) {
+                setTime(command);
+                reply(out, "<html><body>Time updated</body></html>");
+            } else {
+                reply(out, "<html><body>Time not updated</body></html>");
+            }
        } else if (command.indexOf("/shutdown") >= 0) {
            reply(out, shutdown(command));
        } else if (true || command.indexOf("routerConsole.html") > 0) {
@ -60,6 +64,25 @@ class AdminRunner implements Runnable {
        }
    }
    
+    private boolean allowTimeUpdate(String command) {
+        String pass = _context.getProperty("adminTimePassphrase");
+        if ( (pass == null) || (pass.trim().length() <= 0) ) {
+            if (_log.shouldLog(Log.ERROR))
+                _log.error("No passphrase for update time from " + _socket.getInetAddress() 
+                          + ":" + _socket.getPort());
+            return false;
+        }
+        
+        if (command.indexOf(pass) != -1) {
+            return true;
+        } else {
+            if (_log.shouldLog(Log.ERROR))
+                _log.error("Invalid passphrase for update time from " + _socket.getInetAddress() 
+                          + ":" + _socket.getPort());
+            return false;
+        }
+    }
+    
    private void reply(OutputStream out, String content) throws IOException {
        StringBuffer reply = new StringBuffer(10240);
        reply.append("HTTP/1.1 200 OK\n");