[auth] Fix #13550; add auth support to Server; read master password file

2025-02-27 00:33:48 -05:00 · 2015-10-09 20:16:48 -06:00 · 2015-10-09 20:16:48 -06:00 · 0164b09d6d
commit 0164b09d6d
parent 5f82f1b11e
2 changed files with 51 additions and 0 deletions
--- a/src/server/CMakeLists.txt
+++ b/src/server/CMakeLists.txt
@ -115,6 +115,7 @@ TARGET_LINK_LIBRARIES(qgis_server
  ${FCGI_LIBRARY}
  ${POSTGRES_LIBRARY}
  ${GDAL_LIBRARY}
+  ${QCA_LIBRARY}
 )

 IF (WITH_BINDINGS)
@ -169,7 +170,9 @@ INCLUDE_DIRECTORIES(
  ${CMAKE_CURRENT_BINARY_DIR}
  ${QT_INCLUDE_DIR}
  ${QGIS_INCLUDE_DIR}
+  ${QCA_INCLUDE_DIR}
  ../core
+  ../core/auth
  ../core/dxf
  ../core/geometry
  ../core/raster
@ -192,6 +195,7 @@ TARGET_LINK_LIBRARIES(qgis_mapserv.fcgi
  ${FCGI_LIBRARY}
  ${POSTGRES_LIBRARY}
  ${GDAL_LIBRARY}
+  ${QCA_LIBRARY}
 )

 ########################################################
--- a/src/server/qgsserver.cpp
+++ b/src/server/qgsserver.cpp
@ -22,6 +22,7 @@
 #include "qgsconfig.h"
 #include "qgsserver.h"

+#include "qgsauthmanager.h"
 #include "qgscapabilitiescache.h"
 #include "qgsfontutils.h"
 #include "qgsgetrequesthandler.h"
@ -40,11 +41,13 @@
 #include "qgseditorwidgetregistry.h"

 #include <QDomDocument>
+#include <QFile>
 #include <QNetworkDiskCache>
 #include <QImage>
 #include <QSettings>
 #include <QDateTime>
 #include <QScopedPointer>
+#include <QTextStream>
 // TODO: remove, it's only needed by a single debug message
 #include <fcgi_stdio.h>
 #include <stdlib.h>
@ -350,10 +353,54 @@ bool QgsServer::init( int & argc, char ** argv )
  QgsDebugMsg( "Plugin  PATH: " + QgsApplication::pluginPath() );
  QgsDebugMsg( "PkgData PATH: " + QgsApplication::pkgDataPath() );
  QgsDebugMsg( "User DB PATH: " + QgsApplication::qgisUserDbFilePath() );
+  QgsDebugMsg( "Auth DB PATH: " + QgsApplication::qgisAuthDbFilePath() );
  QgsDebugMsg( "SVG PATHS: " + QgsApplication::svgPaths().join( ":" ) );

  QgsApplication::createDB(); //init qgis.db (e.g. necessary for user crs)

+  // Instantiate authentication system
+  //   creates or uses qgis-auth.db in ~/.qgis2/ or directory defined by QGIS_AUTH_DB_DIR_PATH env variable
+  QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
+  //   set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
+  const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
+  if ( getenv( passenv ) )
+  {
+    QString passpath( getenv( passenv ) );
+    // clear the env variable, so it can not be accessed from plugins, etc.
+#ifdef Q_OS_WIN
+    putenv( passenv );
+#else
+    unsetenv( passenv );
+#endif
+    QString masterpass;
+    QFile passfile( passpath );
+    if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
+    {
+      QTextStream passin( &passfile );
+      while ( !passin.atEnd() )
+      {
+        masterpass = passin.readLine();
+        break;
+      }
+      passfile.close();
+    }
+    if ( !masterpass.isEmpty() )
+    {
+      if ( QgsAuthManager::instance()->setMasterPassword( masterpass, true ) )
+      {
+        QgsDebugMsg( "Authentication master password set" );
+      }
+      else
+      {
+        QgsDebugMsg( "Setting authentication master password FAILED using file: " + passpath );
+      }
+    }
+    else
+    {
+      QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read file: " + passpath );
+    }
+  }
+
  QString defaultConfigFilePath;
  QFileInfo projectFileInfo = defaultProjectFile(); //try to find a .qgs file in the server directory
  if ( projectFileInfo.exists() )