|
|
@@ -1727,6 +1727,49 @@ rspamd_controller_accept_socket (gint fd, short what, void *arg) |
|
|
|
rspamd_http_router_handle_socket (ctx->http, nfd, nsession); |
|
|
|
} |
|
|
|
|
|
|
|
static void |
|
|
|
rspamd_controller_password_sane (const gchar *password, const gchar *type) |
|
|
|
{ |
|
|
|
const struct rspamd_controller_pbkdf *pbkdf = &pbkdf_list[0]; |
|
|
|
GString *msg; |
|
|
|
guchar *salt, *key; |
|
|
|
gchar *encoded_salt, *encoded_key; |
|
|
|
|
|
|
|
if (password == NULL) { |
|
|
|
msg_warn ("%s is not set, so you should filter controller availability " |
|
|
|
"by using of firewall or `secure_ip` option", type); |
|
|
|
return; |
|
|
|
} |
|
|
|
|
|
|
|
g_assert (pbkdf != NULL); |
|
|
|
|
|
|
|
if (!rspamd_is_encrypted_password (password, NULL)) { |
|
|
|
/* Suggest encryption to a user */ |
|
|
|
msg = g_string_new (NULL); |
|
|
|
|
|
|
|
rspamd_printf_gstring (msg, "your %s is not encrypted, we strongly " |
|
|
|
"recommend to replace it with the encrypted version: ", type); |
|
|
|
salt = g_alloca (pbkdf->salt_len); |
|
|
|
key = g_alloca (pbkdf->key_len); |
|
|
|
ottery_rand_bytes (salt, pbkdf->salt_len); |
|
|
|
/* Derive key */ |
|
|
|
rspamd_cryptobox_pbkdf (password, strlen (password), |
|
|
|
salt, pbkdf->salt_len, key, pbkdf->key_len, pbkdf->rounds); |
|
|
|
|
|
|
|
encoded_salt = rspamd_encode_base32 (salt, pbkdf->salt_len); |
|
|
|
encoded_key = rspamd_encode_base32 (key, pbkdf->key_len); |
|
|
|
|
|
|
|
rspamd_printf_gstring (msg, "$%d$%s$%s", pbkdf->id, encoded_salt, |
|
|
|
encoded_key); |
|
|
|
|
|
|
|
msg_warn ("%v", msg); |
|
|
|
|
|
|
|
g_string_free (msg, TRUE); |
|
|
|
g_free (encoded_salt); |
|
|
|
g_free (encoded_key); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
gpointer |
|
|
|
init_controller_worker (struct rspamd_config *cfg) |
|
|
|
{ |
|
|
@@ -1825,6 +1868,10 @@ start_controller_worker (struct rspamd_worker *worker) |
|
|
|
cur = g_list_next (cur); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
rspamd_controller_password_sane (ctx->password, "normal password"); |
|
|
|
rspamd_controller_password_sane (ctx->enable_password, "enable password"); |
|
|
|
|
|
|
|
/* Accept event */ |
|
|
|
cache = rspamd_keypair_cache_new (256); |
|
|
|
ctx->http = rspamd_http_router_new (rspamd_controller_error_handler, |