[auth] Fix #13550; add auth support to Server; read master password file

qgis · Oct 12, 2015 · 0164b09 · 0164b09
1 parent 5f82f1b
commit 0164b09
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 0 deletions.
diff --git a/src/server/CMakeLists.txt b/src/server/CMakeLists.txt
@@ -115,6 +115,7 @@ TARGET_LINK_LIBRARIES(qgis_server
   ${FCGI_LIBRARY}
   ${POSTGRES_LIBRARY}
   ${GDAL_LIBRARY}
+  ${QCA_LIBRARY}
 )
 
 IF (WITH_BINDINGS)
@@ -169,7 +170,9 @@ INCLUDE_DIRECTORIES(
   ${CMAKE_CURRENT_BINARY_DIR}
   ${QT_INCLUDE_DIR}
   ${QGIS_INCLUDE_DIR}
+  ${QCA_INCLUDE_DIR}
   ../core
+  ../core/auth
   ../core/dxf
   ../core/geometry
   ../core/raster
@@ -192,6 +195,7 @@ TARGET_LINK_LIBRARIES(qgis_mapserv.fcgi
   ${FCGI_LIBRARY}
   ${POSTGRES_LIBRARY}
   ${GDAL_LIBRARY}
+  ${QCA_LIBRARY}
 )
 
 ########################################################

diff --git a/src/server/qgsserver.cpp b/src/server/qgsserver.cpp
@@ -22,6 +22,7 @@
 #include "qgsconfig.h"
 #include "qgsserver.h"
 
+#include "qgsauthmanager.h"
 #include "qgscapabilitiescache.h"
 #include "qgsfontutils.h"
 #include "qgsgetrequesthandler.h"
@@ -40,11 +41,13 @@
 #include "qgseditorwidgetregistry.h"
 
 #include <QDomDocument>
+#include <QFile>
 #include <QNetworkDiskCache>
 #include <QImage>
 #include <QSettings>
 #include <QDateTime>
 #include <QScopedPointer>
+#include <QTextStream>
 // TODO: remove, it's only needed by a single debug message
 #include <fcgi_stdio.h>
 #include <stdlib.h>
@@ -350,10 +353,54 @@ bool QgsServer::init( int & argc, char ** argv )
   QgsDebugMsg( "Plugin  PATH: " + QgsApplication::pluginPath() );
   QgsDebugMsg( "PkgData PATH: " + QgsApplication::pkgDataPath() );
   QgsDebugMsg( "User DB PATH: " + QgsApplication::qgisUserDbFilePath() );
+  QgsDebugMsg( "Auth DB PATH: " + QgsApplication::qgisAuthDbFilePath() );
   QgsDebugMsg( "SVG PATHS: " + QgsApplication::svgPaths().join( ":" ) );
 
   QgsApplication::createDB(); //init qgis.db (e.g. necessary for user crs)
 
+  // Instantiate authentication system
+  //   creates or uses qgis-auth.db in ~/.qgis2/ or directory defined by QGIS_AUTH_DB_DIR_PATH env variable
+  QgsAuthManager::instance()->init( QgsApplication::pluginPath() );
+  //   set the master password from first line of file defined by QGIS_AUTH_PASSWORD_FILE env variable
+  const char* passenv = "QGIS_AUTH_PASSWORD_FILE";
+  if ( getenv( passenv ) )
+  {
+    QString passpath( getenv( passenv ) );
+    // clear the env variable, so it can not be accessed from plugins, etc.
+#ifdef Q_OS_WIN
+    putenv( passenv );
+#else
+    unsetenv( passenv );
+#endif
+    QString masterpass;
+    QFile passfile( passpath );
+    if ( passfile.exists() && passfile.open( QIODevice::ReadOnly | QIODevice::Text ) )
+    {
+      QTextStream passin( &passfile );
+      while ( !passin.atEnd() )
+      {
+        masterpass = passin.readLine();
+        break;
+      }
+      passfile.close();
+    }
+    if ( !masterpass.isEmpty() )
+    {
+      if ( QgsAuthManager::instance()->setMasterPassword( masterpass, true ) )
+      {
+        QgsDebugMsg( "Authentication master password set" );
+      }
+      else
+      {
+        QgsDebugMsg( "Setting authentication master password FAILED using file: " + passpath );
+      }
+    }
+    else
+    {
+      QgsDebugMsg( "QGIS_AUTH_PASSWORD_FILE set, but FAILED to read file: " + passpath );
+    }
+  }
+
   QString defaultConfigFilePath;
   QFileInfo projectFileInfo = defaultProjectFile(); //try to find a .qgs file in the server directory
   if ( projectFileInfo.exists() )