Security: Web admin password via YAMA_WEB_ADMIN_PASS, decoupled from master password

2026-05-18 23:56:05 +02:00
parent ccab37658a
commit 8dd1c936e2
2 changed files with 18 additions and 4 deletions
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -1877,11 +1877,20 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
    auto webSvrPort = THIS_CFG.GetInt("settings", "WebSvrPort", -1);
    if (webSvrPort > 0) {
        WebService().SetParentDlg(this);
-        // Use master password as web login password
-        if (!m_superPass.empty()) {
-            WebService().SetAdminPassword(m_superPass);
+        // Pick web admin password: prefer the web-specific env var so the
+        // Web UI password can be rotated independently of the master
+        // password (BRAND_ENV_VAR) used for licensing / sub-server HMAC.
+        // Fall back to m_superPass for backward compatibility — existing
+        // deployments keep working without changing env vars.
+        const char* webPassEnv = getenv(BRAND_WEB_ENV_VAR);
+        std::string webPass = (webPassEnv && *webPassEnv) ? webPassEnv : m_superPass;
+        if (!webPass.empty()) {
+            WebService().SetAdminPassword(webPass);
+            Mprintf("[WebService] Admin password configured from %s\n",
+                    (webPassEnv && *webPassEnv) ? BRAND_WEB_ENV_VAR : BRAND_ENV_VAR);
        } else {
-            Mprintf("[WebService] Warning: No master password set, web login disabled\n");
+            Mprintf("[WebService] Warning: neither %s nor %s set, web login disabled\n",
+                    BRAND_WEB_ENV_VAR, BRAND_ENV_VAR);
        }
        // HideWebSessions: 1=hide (default), 0=show (for debugging)
        WebService().SetHideWebSessions(THIS_CFG.GetInt("settings", "HideWebSessions", 1) != 0);