configure.ac | 12 ++++++++++++ tools/Config.cpp | 5 +++++ wsd/FileServer.cpp | 7 +++++++ 3 files changed, 24 insertions(+)
New commits: commit c2b056cdde9c8645a8b2201d2d329414c80ce454 Author: Andras Timar <[email protected]> Date: Mon Jul 10 18:22:05 2017 +0200 wsd: fix compilation with old OpenSSL that does not have PKCS5_PBKDF2_HMAC() Change-Id: If48641f6cbcc4d4ded78ea5cc9c9f66063a2ac0a Reviewed-on: https://gerrit.libreoffice.org/39779 Reviewed-by: Michael Meeks <[email protected]> Tested-by: Michael Meeks <[email protected]> diff --git a/configure.ac b/configure.ac index 54b48669..f187e78a 100644 --- a/configure.ac +++ b/configure.ac @@ -280,6 +280,18 @@ else AC_DEFINE([DISABLE_SECCOMP],1,[Whether to disable SECCOMP]) fi +AC_MSG_CHECKING([Whether OpenSSL has PKCS5_PBKDF2_HMAC()]) +AC_COMPILE_IFELSE([AC_LANG_SOURCE([ +#include <openssl/opensslv.h> +#if OPENSSL_VERSION_NUMBER < 0x10001000L +#error PKCS5_PBKDF2_HMAC() is in OpenSSL 1.0.1 or newer +#endif +])], + [AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_PKCS5_PBKDF2_HMAC],1,[whether OpenSSL has PKCS5_PBKDF2_HMAC()])], + [AC_MSG_RESULT([no]) + AC_MSG_WARN([OpenSSL is too old. Secure password storage for Admin Console is not supported.]) + AC_DEFINE([HAVE_PKCS5_PBKDF2_HMAC],0,[Whether OpenSSL has PKCS5_PBKDF2_HMAC()])]) AC_MSG_CHECKING([POCO version]) AC_COMPILE_IFELSE([AC_LANG_SOURCE([ diff --git a/tools/Config.cpp b/tools/Config.cpp index 1692453d..e51681a8 100644 --- a/tools/Config.cpp +++ b/tools/Config.cpp @@ -154,6 +154,7 @@ int Config::main(const std::vector<std::string>& args) return Application::EXIT_NOINPUT; } +#if HAVE_PKCS5_PBKDF2_HMAC _loolConfig.load(ConfigFile); for (unsigned i = 0; i < args.size(); i++) { @@ -222,6 +223,10 @@ int Config::main(const std::vector<std::string>& args) // This tool only handles options, nothing to do here return Application::EXIT_OK; +#else + std::cerr << "This application was compiled with old OpenSSL. Operation not supported. You can use plain text password in /etc/loolwsd/loolwsd.xml." << std::endl; + return Application::EXIT_UNAVAILABLE; +#endif } POCO_APP_MAIN(Config); diff --git a/wsd/FileServer.cpp b/wsd/FileServer.cpp index b8609823..0f5fb0aa 100644 --- a/wsd/FileServer.cpp +++ b/wsd/FileServer.cpp @@ -80,8 +80,10 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, // If no cookie found, or is invalid, let admin re-login const std::string user = config.getString("admin_console.username", ""); std::string pass = config.getString("admin_console.password", ""); + if (config.has("admin_console.secure_password")) { +#if HAVE_PKCS5_PBKDF2_HMAC pass = config.getString("admin_console.secure_password"); // Extract the salt from the config std::vector<unsigned char> saltData; @@ -110,6 +112,11 @@ bool FileServerRequestHandler::isAdminLoggedIn(const HTTPRequest& request, userProvidedPwd = stream.str(); pass = tokens[4]; +#else + LOG_ERR("The config file has admin_console.secure_password setting, " + << "but this application was compiled with old OpenSSL version, " + << "and this setting cannot be used. Falling back to plain text password, if it is set."); +#endif } if (user.empty() || pass.empty()) _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
