aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVsevolod Stakhov <vsevolod@highsecure.ru>2016-10-17 10:25:37 +0100
committerVsevolod Stakhov <vsevolod@highsecure.ru>2016-10-17 10:26:04 +0100
commitb5582a8c06de7fb8625b5d61a4663b9032f7c455 (patch)
treea93b27499e5b8617f294ffd43945da13913498e1
parent548e7f185de1c029a3ac28b35e818f4d765d1045 (diff)
downloadrspamd-b5582a8c06de7fb8625b5d61a4663b9032f7c455.tar.gz
rspamd-b5582a8c06de7fb8625b5d61a4663b9032f7c455.zip
[Fix] Explicitly ban default passwords in webui
-rw-r--r--src/controller.c20
1 files changed, 12 insertions, 8 deletions
diff --git a/src/controller.c b/src/controller.c
index ed990c898..ba6ee7561 100644
--- a/src/controller.c
+++ b/src/controller.c
@@ -512,6 +512,13 @@ static gboolean rspamd_controller_check_password(
ret = FALSE;
}
else {
+ if (rspamd_ftok_cstr_equal (password, "q1", FALSE) ||
+ rspamd_ftok_cstr_equal (password, "q2", FALSE)) {
+ msg_info_session ("deny default password for remote access");
+ ret = FALSE;
+ goto end;
+ }
+
if (is_enable) {
/* For privileged commands we strictly require enable password */
if (ctx->enable_password != NULL) {
@@ -542,10 +549,6 @@ static gboolean rspamd_controller_check_password(
else {
msg_warn_session (
"no password to check while executing a privileged command");
- if (ctx->secure_map) {
- msg_info("deny unauthorized connection");
- ret = FALSE;
- }
ret = FALSE;
}
}
@@ -598,15 +601,16 @@ static gboolean rspamd_controller_check_password(
}
}
- if (query_args != NULL) {
- g_hash_table_unref (query_args);
- }
-
if (check_normal == FALSE && check_enable == FALSE) {
msg_info ("absent or incorrect password has been specified");
ret = FALSE;
}
+end:
+ if (query_args != NULL) {
+ g_hash_table_unref (query_args);
+ }
+
if (!ret) {
rspamd_controller_send_error (entry, 403, "Unauthorized");
}