By default, disable user management over TCP (since it tends to have

passwords in it).  The remote_userman configuration directive can be
used to re-enable it.

diff --git a/CHANGES b/CHANGES
index 91ab4e1..32822ef 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,9 @@ This has been completely rewritten to support new features:
 There is now a new user management window.  From here you can add and
 remove users or modify their settings.
 
+Relatedly, the server will only allow remote user management if you set
+remote_userman to 'yes'.
+
 * Changes up to version 3.0.2
 
 Builds --without-server should work again.

diff --git a/doc/disorder_config.5.in b/doc/disorder_config.5.in
index a9549ed..e714a22 100644 (file)
--- a/doc/disorder_config.5.in
+++ b/doc/disorder_config.5.in
@@ -593,6 +593,10 @@ The default is 10.
 The minimum number of seconds that must elapse between password reminders.
 The default is 600, i.e. 10 minutes.
 .TP
+.B remote_userman yes\fR|\fBno
+User management over TCP connection is only allowed if this is set to
+\fByes\fR.  By default it is set to \fBno\fR.
+.TP
 .B replay_min \fISECONDS\fR
 The minimum number of seconds that must elapse after a track has been played
 before it can be picked at random.  The default is 8 hours.  If this is set to

diff --git a/lib/configuration.c b/lib/configuration.c
index b93e1e9..bcce6c7 100644 (file)
--- a/lib/configuration.c
+++ b/lib/configuration.c
@@ -960,6 +960,7 @@ static const struct conf conf[] = {
   { C(replay_min),       &type_integer,          validate_non_negative },
   { C(refresh),          &type_integer,          validate_positive },
   { C(reminder_interval), &type_integer,         validate_positive },
+  { C(remote_userman),   &type_boolean,          validate_any },
   { C2(restrict, restrictions),         &type_restrict,         validate_any },
   { C(sample_format),    &type_sample_format,    validate_sample_format },
   { C(scratch),          &type_string_accum,     validate_isreg },

diff --git a/lib/configuration.h b/lib/configuration.h
index de25197..78c31ef 100644 (file)
--- a/lib/configuration.h
+++ b/lib/configuration.h
@@ -270,6 +270,9 @@ struct config {
 
   /** @brief Minimum interval between password reminder emails */
   long reminder_interval;
+
+  /** @brief Whether to allow user management over TCP */
+  int remote_userman;
   
   /* derived values: */
   int nparts;                          /* number of distinct name parts */

diff --git a/server/server.c b/server/server.c
index e03ff9c..cbeb0ab 100644 (file)
--- a/server/server.c
+++ b/server/server.c
@@ -1096,6 +1096,10 @@ static int c_adduser(struct conn *c,
                     int nvec) {
   const char *rights;
 
+  if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+    sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+    return 1;
+  }
   if(nvec > 2) {
     rights = vec[2];
     if(parse_rights(vec[2], 0, 1)) {
@@ -1117,6 +1121,10 @@ static int c_deluser(struct conn *c,
                     int attribute((unused)) nvec) {
   struct conn *d;
 
+  if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+    sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+    return 1;
+  }
   if(trackdb_deluser(vec[0])) {
     sink_writes(ev_writer_sink(c->w), "550 Cannot delete user\n");
     return 1;
@@ -1134,6 +1142,10 @@ static int c_edituser(struct conn *c,
                      int attribute((unused)) nvec) {
   struct conn *d;
 
+  if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+    sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+    return 1;
+  }
   /* RIGHT_ADMIN can do anything; otherwise you can only set your own email
    * address and password. */
   if((c->rights & RIGHT_ADMIN)
@@ -1172,6 +1184,10 @@ static int c_userinfo(struct conn *c,
   struct kvp *k;
   const char *value;
 
+  if(!config->remote_userman && !(c->rights & RIGHT__LOCAL)) {
+    sink_writes(ev_writer_sink(c->w), "550 Remote user management is disabled\n");
+    return 1;
+  }
   /* RIGHT_ADMIN allows anything; otherwise you can only get your own email
    * address and rights list. */
   if((c->rights & RIGHT_ADMIN)