From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Mon, 12 Nov 2018 14:28:49 +0000 (+0100)
Subject: webserver: Refactor password into a class var
X-Git-Tag: auth-4.2.0-alpha1~31^2~11
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0c3b088c5979f21d6ea644df5da0c4bca8585cba;p=thirdparty%2Fpdns.git

webserver: Refactor password into a class var
---

diff --git a/pdns/webserver.cc b/pdns/webserver.cc
index f71a144071..d375dd2a28 100644
--- a/pdns/webserver.cc
+++ b/pdns/webserver.cc
@@ -175,11 +175,9 @@ void WebServer::registerApiHandler(const string& url, HandlerFunction handler) {
   d_registerApiHandlerCalled = true;
 }
 
-static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp) {
-  const string& web_password = arg()["webserver-password"];
-
-  if (!web_password.empty()) {
-    bool auth_ok = req->compareAuthorization(web_password);
+static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, HttpResponse* resp, const string &password) {
+  if (!password.empty()) {
+    bool auth_ok = req->compareAuthorization(password);
     if (!auth_ok) {
       g_log<<Logger::Debug<<"HTTP Request \"" << req->url.path << "\": Web Authentication failed" << endl;
       throw HttpUnauthorizedException("Basic");
@@ -190,7 +188,7 @@ static void webWrapper(WebServer::HandlerFunction handler, HttpRequest* req, Htt
 }
 
 void WebServer::registerWebHandler(const string& url, HandlerFunction handler) {
-  HandlerFunction f = boost::bind(&webWrapper, handler, _1, _2);
+  HandlerFunction f = boost::bind(&webWrapper, handler, _1, _2, d_webserverPassword);
   registerBareHandler(url, f);
 }
 
diff --git a/pdns/webserver.hh b/pdns/webserver.hh
index 4271457233..196d1bb33e 100644
--- a/pdns/webserver.hh
+++ b/pdns/webserver.hh
@@ -152,6 +152,13 @@ public:
     d_apikey = apikey;
   }
 
+  void setPassword(const string &password) {
+    if (d_registerWebHandlerCalled) {
+      throw PDNSException("registerWebHandler has been called, can not change password");
+    }
+    d_webserverPassword = password;
+  }
+
   void bind();
   void go();
 
@@ -176,6 +183,9 @@ protected:
 
   std::string d_apikey;
   bool d_registerApiHandlerCalled{false};
+
+  std::string d_webserverPassword;
+  bool d_registerWebHandlerCalled{false};
 };
 
 #endif /* WEBSERVER_HH */
diff --git a/pdns/ws-auth.cc b/pdns/ws-auth.cc
index 48e8977737..96f3ac52f1 100644
--- a/pdns/ws-auth.cc
+++ b/pdns/ws-auth.cc
@@ -63,6 +63,7 @@ AuthWebServer::AuthWebServer()
   if(arg().mustDo("webserver") || arg().mustDo("api")) {
     d_ws = new WebServer(arg()["webserver-address"], arg().asNum("webserver-port"));
     d_ws->setApiKey(arg()["api-key"]);
+    d_ws->setPassword(arg()["webserver-password"]);
     d_ws->bind();
   }
 }
diff --git a/pdns/ws-recursor.cc b/pdns/ws-recursor.cc
index e9d48615cc..012ce3c9b2 100644
--- a/pdns/ws-recursor.cc
+++ b/pdns/ws-recursor.cc
@@ -451,6 +451,7 @@ RecursorWebServer::RecursorWebServer(FDMultiplexer* fdm)
 
   d_ws = new AsyncWebServer(fdm, arg()["webserver-address"], arg().asNum("webserver-port"));
   d_ws->setApiKey(arg()["api-key"]);
+  d_ws->setPassword(arg()["webserver-password"]);
   d_ws->bind();
 
   // legacy dispatch