Martchus
/
syncthing
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Warn the user if they're running with an insecure looking setup (fixes #2139)

This commit is contained in:
Jakob Borg 2015-11-16 21:33:55 +01:00
parent 9ae419201d
commit b1a86fbc98
6 changed files with 51 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
cmd/syncthing/main.go
View File

@ -892,6 +892,10 @@ func setupGUI(mainSvc *suture.Supervisor, cfg *config.Wrapper, m *model.Model, a
return return
} }
if guiCfg.InsecureAdminAccess {
l.Warnln("Insecure admin access is enabled.")
}
api, err := newAPISvc(myID, cfg, guiAssets, m, apiSub, discoverer, relaySvc, errors, systemLog) api, err := newAPISvc(myID, cfg, guiAssets, m, apiSub, discoverer, relaySvc, errors, systemLog)
if err != nil { if err != nil {
l.Fatalln("Cannot start GUI:", err) l.Fatalln("Cannot start GUI:", err)

4
gui/assets/lang/lang-en.json
View File

@ -32,6 +32,7 @@
"Copied from elsewhere": "Copied from elsewhere", "Copied from elsewhere": "Copied from elsewhere",
"Copied from original": "Copied from original", "Copied from original": "Copied from original",
"Copyright © 2015 the following Contributors:": "Copyright © 2015 the following Contributors:", "Copyright © 2015 the following Contributors:": "Copyright © 2015 the following Contributors:",
"Danger!": "Danger!",
"Delete": "Delete", "Delete": "Delete",
"Deleted": "Deleted", "Deleted": "Deleted",
"Device ID": "Device ID", "Device ID": "Device ID",
@ -117,6 +118,7 @@
"Pause": "Pause", "Pause": "Pause",
"Paused": "Paused", "Paused": "Paused",
"Please consult the release notes before performing a major upgrade.": "Please consult the release notes before performing a major upgrade.", "Please consult the release notes before performing a major upgrade.": "Please consult the release notes before performing a major upgrade.",
"Please set a GUI Authentication User and Password in the Settings dialog.": "Please set a GUI Authentication User and Password in the Settings dialog.",
"Please wait": "Please wait", "Please wait": "Please wait",
"Preview": "Preview", "Preview": "Preview",
"Preview Usage Report": "Preview Usage Report", "Preview Usage Report": "Preview Usage Report",
@ -169,6 +171,7 @@
"Syncthing is upgrading.": "Syncthing is upgrading.", "Syncthing is upgrading.": "Syncthing is upgrading.",
"Syncthing seems to be down, or there is a problem with your Internet connection. Retrying…": "Syncthing seems to be down, or there is a problem with your Internet connection. Retrying…", "Syncthing seems to be down, or there is a problem with your Internet connection. Retrying…": "Syncthing seems to be down, or there is a problem with your Internet connection. Retrying…",
"Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.": "Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.", "Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.": "Syncthing seems to be experiencing a problem processing your request. Please refresh the page or restart Syncthing if the problem persists.",
"The Syncthing admin interface is configured to allow remote access without a password.": "The Syncthing admin interface is configured to allow remote access without a password.",
"The aggregated statistics are publicly available at {%url%}.": "The aggregated statistics are publicly available at {{url}}.", "The aggregated statistics are publicly available at {%url%}.": "The aggregated statistics are publicly available at {{url}}.",
"The configuration has been saved but not activated. Syncthing must restart to activate the new configuration.": "The configuration has been saved but not activated. Syncthing must restart to activate the new configuration.", "The configuration has been saved but not activated. Syncthing must restart to activate the new configuration.": "The configuration has been saved but not activated. Syncthing must restart to activate the new configuration.",
"The device ID cannot be blank.": "The device ID cannot be blank.", "The device ID cannot be blank.": "The device ID cannot be blank.",
@ -193,6 +196,7 @@
"The rate limit must be a non-negative number (0: no limit)": "The rate limit must be a non-negative number (0: no limit)", "The rate limit must be a non-negative number (0: no limit)": "The rate limit must be a non-negative number (0: no limit)",
"The rescan interval must be a non-negative number of seconds.": "The rescan interval must be a non-negative number of seconds.", "The rescan interval must be a non-negative number of seconds.": "The rescan interval must be a non-negative number of seconds.",
"They are retried automatically and will be synced when the error is resolved.": "They are retried automatically and will be synced when the error is resolved.", "They are retried automatically and will be synced when the error is resolved.": "They are retried automatically and will be synced when the error is resolved.",
"This can easily give hackers access to read and change any files on your computer.": "This can easily give hackers access to read and change any files on your computer.",
"This is a major version upgrade.": "This is a major version upgrade.", "This is a major version upgrade.": "This is a major version upgrade.",
"Trash Can File Versioning": "Trash Can File Versioning", "Trash Can File Versioning": "Trash Can File Versioning",
"Unknown": "Unknown", "Unknown": "Unknown",

23
gui/index.html
View File

@ -72,6 +72,29 @@
<div class="container" id="content"> <div class="container" id="content">
<!-- Panel: Open, no auth -->
<div ng-if="openNoAuth" class="row">
<div class="col-md-12">
<div class="panel panel-danger">
<div class="panel-heading"><h3 class="panel-title"><span class="fa fa-exclamation-circle"></span><span translate>Danger!</span></h3></div>
<div class="panel-body">
<p>
<span translate>The Syncthing admin interface is configured to allow remote access without a password.</span>
<b><span translate>This can easily give hackers access to read and change any files on your computer.</span></b>
<span translate>Please set a GUI Authentication User and Password in the Settings dialog.</span>
</p>
</div>
<div class="panel-footer">
<button type="button" class="btn btn-sm btn-default pull-right" ng-click="editSettings()">
<span class="fa fa-cog"></span>&nbsp;<span translate>Settings</span>
</button>
<div class="clearfix"></div>
</div>
</div>
</div>
</div>
<!-- Panel: Restart Needed --> <!-- Panel: Restart Needed -->
<div ng-if="!configInSync" class="row"> <div ng-if="!configInSync" class="row">

9
gui/syncthing/core/syncthingController.js
View File

@ -368,6 +368,15 @@ angular.module('syncthing.core')
}); });
}); });
// If we're not listening on localhost, and there is no
// authentication configured, and the magic setting to silence the
// warning isn't set, then yell at the user.
var guiCfg = $scope.config.gui;
$scope.openNoAuth = guiCfg.address.substr(0, 4) != "127."
&& guiCfg.address.substr(0, 6) != "[::1]:"
&& (!guiCfg.user || !guiCfg.password)
&& !guiCfg.insecureAdminAccess;
if (!hasConfig) { if (!hasConfig) {
$scope.$emit('ConfigLoaded'); $scope.$emit('ConfigLoaded');
} }

8
lib/auto/gui.files.go
View File

File diff suppressed because one or more lines are too long

13
lib/config/guiconfiguration.go
View File

@ -13,12 +13,13 @@ import (
) )
type GUIConfiguration struct { type GUIConfiguration struct {
Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"` Enabled bool `xml:"enabled,attr" json:"enabled" default:"true"`
RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"` RawAddress string `xml:"address" json:"address" default:"127.0.0.1:8384"`
User string `xml:"user,omitempty" json:"user"` User string `xml:"user,omitempty" json:"user"`
Password string `xml:"password,omitempty" json:"password"` Password string `xml:"password,omitempty" json:"password"`
RawUseTLS bool `xml:"tls,attr" json:"useTLS"` RawUseTLS bool `xml:"tls,attr" json:"useTLS"`
RawAPIKey string `xml:"apikey,omitempty" json:"apiKey"` RawAPIKey string `xml:"apikey,omitempty" json:"apiKey"`
InsecureAdminAccess bool `xml:"insecureAdminAccess,omitempty" json:"insecureAdminAccess"`
} }
func (c GUIConfiguration) Address() string { func (c GUIConfiguration) Address() string {