[WebUI] fix the security flaw in account (#764)
- In developement mode, if there is no default admin account, Node.js server WILL create admin/1423 account. - In production mode, even though there is no default admin account, Node.js server WILL NOT create admin/1423 account. 1. WebUI installation script will create default admin account if there is no account. $ curl -fsSL https://open5gs.org/open5gs/assets/webui/install | sudo -E bash - 2. Installation script will automatically uninstall WebUI if WebUI has already been installed.
This commit is contained in:
parent
ff4695bd5a
commit
26f14ee7ca
|
@ -68,16 +68,28 @@ exec_cmd() {
|
|||
}
|
||||
|
||||
uninstall() {
|
||||
exec_cmd_nobail "deb-systemd-invoke stop open5gs-webui"
|
||||
exec_cmd_nobail "systemctl disable open5gs-webui"
|
||||
exec_cmd_nobail "rm -f /lib/systemd/system/${PACKAGE}-webui.service"
|
||||
exec_cmd_nobail "systemctl daemon-reload"
|
||||
if [ -f /lib/systemd/system/${PACKAGE}-webui.service ]; then
|
||||
STATUS="$(systemctl is-active open5gs-webui.service)"
|
||||
if [ "${STATUS}" = "active" ]; then
|
||||
exec_cmd_nobail "deb-systemd-invoke stop open5gs-webui"
|
||||
fi
|
||||
|
||||
STATUS="$(systemctl is-enabled open5gs-webui.service)"
|
||||
if [ "${STATUS}" = "enabled" ]; then
|
||||
exec_cmd_nobail "systemctl disable open5gs-webui"
|
||||
fi
|
||||
|
||||
exec_cmd_nobail "rm -f /lib/systemd/system/${PACKAGE}-webui.service"
|
||||
exec_cmd_nobail "systemctl daemon-reload"
|
||||
fi
|
||||
|
||||
if [ -d /usr/lib/node_modules/${PACKAGE} ]; then
|
||||
exec_cmd_nobail "rm -rf /usr/lib/node_modules/${PACKAGE}"
|
||||
fi
|
||||
|
||||
exec_cmd "rm -rf ./${PACKAGE}-${VERSION}"
|
||||
exec_cmd "rm -rf /usr/lib/node_modules/${PACKAGE}"
|
||||
}
|
||||
|
||||
setup() {
|
||||
preinstall() {
|
||||
|
||||
PRE_INSTALL_PKGS=""
|
||||
|
||||
|
@ -259,6 +271,23 @@ exec_cmd "deb-systemd-invoke start open5gs-webui"
|
|||
exec_cmd "rm -rf ./${PACKAGE}-${VERSION}"
|
||||
}
|
||||
|
||||
postinstall() {
|
||||
|
||||
print_status "Default Administrator Account [Username:admin, Password:1423]..."
|
||||
|
||||
exec_cmd "cat << EOF > ./account.js
|
||||
db = db.getSiblingDB('open5gs')
|
||||
cursor = db.accounts.find()
|
||||
if ( cursor.count() == 0 ) {
|
||||
db.accounts.insert({ salt: 'f5c15fa72622d62b6b790aa8569b9339729801ab8bda5d13997b5db6bfc1d997', hash: '402223057db5194899d2e082aeb0802f6794622e1cbc47529c419e5a603f2cc592074b4f3323b239ffa594c8b756d5c70a4e1f6ecd3f9f0d2d7328c4cf8b1b766514effff0350a90b89e21eac54cd4497a169c0c7554a0e2cd9b672e5414c323f76b8559bc768cba11cad2ea3ae704fb36abc8abc2619231ff84ded60063c6e1554a9777a4a464ef9cfdfa90ecfdacc9844e0e3b2f91b59d9ff024aec4ea1f51b703a31cda9afb1cc2c719a09cee4f9852ba3cf9f07159b1ccf8133924f74df770b1a391c19e8d67ffdcbbef4084a3277e93f55ac60d80338172b2a7b3f29cfe8a36738681794f7ccbe9bc98f8cdeded02f8a4cd0d4b54e1d6ba3d11792ee0ae8801213691848e9c5338e39485816bb0f734b775ac89f454ef90992003511aa8cceed58a3ac2c3814f14afaaed39cbaf4e2719d7213f81665564eec02f60ede838212555873ef742f6666cc66883dcb8281715d5c762fb236d72b770257e7e8d86c122bb69028a34cf1ed93bb973b440fa89a23604cd3fefe85fbd7f55c9b71acf6ad167228c79513f5cfe899a2e2cc498feb6d2d2f07354a17ba74cecfbda3e87d57b147e17dcc7f4c52b802a8e77f28d255a6712dcdc1519e6ac9ec593270bfcf4c395e2531a271a841b1adefb8516a07136b0de47c7fd534601b16f0f7a98f1dbd31795feb97da59e1d23c08461cf37d6f2877d0f2e437f07e25015960f63', username: 'admin', roles: [ 'admin' ], "__v" : 0})
|
||||
}
|
||||
EOF"
|
||||
exec_cmd "mongo open5gs ./account.js"
|
||||
exec_cmd "rm -f ./account.js"
|
||||
}
|
||||
|
||||
## Defer setup until we have the complete script
|
||||
setup
|
||||
uninstall
|
||||
preinstall
|
||||
install
|
||||
postinstall
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "open5gs",
|
||||
"version": "2.2.6",
|
||||
"version": "2.2.8",
|
||||
"lockfileVersion": 2,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "open5gs",
|
||||
"version": "2.2.6",
|
||||
"version": "2.2.8",
|
||||
"description": "Open5gs",
|
||||
"main": "index.js",
|
||||
"repository": "https://github.com/open5gs/open5gs/webui",
|
||||
|
|
|
@ -41,24 +41,26 @@ co(function* () {
|
|||
/* other options */
|
||||
})
|
||||
|
||||
Account.count((err, count) => {
|
||||
if (err) {
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
if (dev) {
|
||||
Account.count((err, count) => {
|
||||
if (err) {
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
|
||||
if (!count) {
|
||||
const newAccount = new Account();
|
||||
newAccount.username = 'admin';
|
||||
newAccount.roles = [ 'admin' ];
|
||||
Account.register(newAccount, '1423', err => {
|
||||
if (err) {
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
if (!count) {
|
||||
const newAccount = new Account();
|
||||
newAccount.username = 'admin';
|
||||
newAccount.roles = [ 'admin' ];
|
||||
Account.register(newAccount, '1423', err => {
|
||||
if (err) {
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
})
|
||||
}
|
||||
})
|
||||
}
|
||||
|
||||
const server = express();
|
||||
|
||||
|
|
Loading…
Reference in New Issue