Security: Web admin password via YAMA_WEB_ADMIN_PASS, decoupled from master password

2026-05-18 23:56:05 +02:00
parent ccab37658a
commit 8dd1c936e2
2 changed files with 18 additions and 4 deletions
--- a/server/2015Remote/2015RemoteDlg.cpp
+++ b/server/2015Remote/2015RemoteDlg.cpp
@@ -1877,11 +1877,20 @@ BOOL CMy2015RemoteDlg::OnInitDialog()
    auto webSvrPort = THIS_CFG.GetInt("settings", "WebSvrPort", -1);
    if (webSvrPort > 0) {
        WebService().SetParentDlg(this);
-        // Use master password as web login password
-        if (!m_superPass.empty()) {
-            WebService().SetAdminPassword(m_superPass);
+        // Pick web admin password: prefer the web-specific env var so the
+        // Web UI password can be rotated independently of the master
+        // password (BRAND_ENV_VAR) used for licensing / sub-server HMAC.
+        // Fall back to m_superPass for backward compatibility — existing
+        // deployments keep working without changing env vars.
+        const char* webPassEnv = getenv(BRAND_WEB_ENV_VAR);
+        std::string webPass = (webPassEnv && *webPassEnv) ? webPassEnv : m_superPass;
+        if (!webPass.empty()) {
+            WebService().SetAdminPassword(webPass);
+            Mprintf("[WebService] Admin password configured from %s\n",
+                    (webPassEnv && *webPassEnv) ? BRAND_WEB_ENV_VAR : BRAND_ENV_VAR);
        } else {
-            Mprintf("[WebService] Warning: No master password set, web login disabled\n");
+            Mprintf("[WebService] Warning: neither %s nor %s set, web login disabled\n",
+                    BRAND_WEB_ENV_VAR, BRAND_ENV_VAR);
        }
        // HideWebSessions: 1=hide (default), 0=show (for debugging)
        WebService().SetHideWebSessions(THIS_CFG.GetInt("settings", "HideWebSessions", 1) != 0);
--- a/server/2015Remote/UIBranding.h
+++ b/server/2015Remote/UIBranding.h
@@ -293,6 +293,11 @@
 #define BRAND_LICENSE_MAGIC     "YAMA"      // 许可证魔数
 #define BRAND_EVENT_PREFIX      "YAMA"      // 进程事件名前缀
 #define BRAND_ENV_VAR           "YAMA_PWD"  // 环境变量名（set YAMA_PWD=密码）
+// Web UI 专用 admin 密码；优先级高于 BRAND_ENV_VAR。两者都未设置时退回到
+// 兼容行为（用 m_superPass）。隔离的目的是让公网 Web 登录密码与下级授权
+// 用的 master password 解耦——后者一旦泄漏影响面更大，应避免在公网登录
+// 时复用。与 Go 服务端的 YAMA_WEB_ADMIN_PASS 语义一致。
+#define BRAND_WEB_ENV_VAR       "YAMA_WEB_ADMIN_PASS"

 // --- 宽字符版本（自动生成）---
 #define BRAND_APP_NAME_W        _T(BRAND_APP_NAME)