antville/helma
antville/helma
1
1
Fork 0
Code Issues 5 Pull requests 7 Projects Releases 5 Activity Actions

simplified editing of server authentication.

Browse source 
as changes to server.properties are now immediately read and accessible
from the manage-application we just have a md5-encoding utility and leave
it to the admin to add the values to the server.properties file. this makes
sure that nothing can be changed via the web.

changes to allowadmin are effective immediately too.
This commit is contained in:
stefanp 2002-11-22 11:58:37 +00:00
parent cd8ebdd41b
commit 7bd5803a33
4 changed files with 24 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
Global/functions.js
View file

@ -15,6 +15,7 @@ function scheduler() {
*/
function onStart() {
app.data.addressFilter = createAddressFilter();
app.data.addressString = root.getProperty ("allowadmin");
}
/**
@ -75,9 +76,9 @@ function appStat () {
* utility function to sort object-arrays by name
*/
function sortByName(a,b) {
if ( a.getName () > b.getName ())
if (a.name > b.name)
return 1;
else if (a.getName () == b.getName ())
else if (a.name == b.name)
return 0;
else
return -1;
@ -126,7 +127,7 @@ function checkAuth(appObj) {
if ( md5username==rootUsername && md5password==rootPassword )
return true;
if ( appObj!=null && appObj.isActive() ) {
if (appObj!=null && appObj.isActive()) {
// check against application
var appUsername = appObj.getProperty("adminusername");
var appPassword = appObj.getProperty("adminpassword");
@ -141,6 +142,12 @@ function checkAuth(appObj) {
* check access to the manage-app by ip-addresses
*/
function checkAddress() {
// if allowadmin value in server.properties has changed,
// re-construct the addressFilter
if (app.data.addressString != root.getProperty ("allowadmin")){
app.data.addressFilter = createAddressFilter();
app.data.addressString = root.getProperty ("allowadmin");
}
if ( !app.data.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) {
app.log("denied request from " + req.data.http_remotehost );
// forceStealth seems a bit like overkill here.
@ -181,32 +188,21 @@ function createAuth() {
}
var obj = new Object();
obj.msg = "";
if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null ) {
if (req.data.username!=null && req.data.password!=null) {
// we have input from webform
if ( req.data.username=="" )
obj.msg += "username can't be left empty!<br>";
if ( req.data.password=="" )
obj.msg += "password can't be left empty!<br>";
else if ( req.data.password!=req.data.password2 )
obj.msg += "password and re-typed password don't match!<br>";
if ( obj.msg!="" ) {
obj.username = req.data.username;
res.reset();
renderSkin("pwdform",obj);
return false;
}
var f = new File(root.getHopHome().toString, "server.properties");
var str = f.readAll();
var sep = java.lang.System.getProperty("line.separator");
str += sep + "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + sep;
str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + sep;
f.remove();
f.open();
f.write(str);
f.close();
app.log( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties");
res.redirect ( root.href("main") );
var str = "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + "<br>\n";
str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + "<br>";
res.write ("<pre>" + str + "</pre>");
} else {
// no input from webform, so print it

4
Global/navig.skin
View file

@ -24,3 +24,7 @@
<li><a href="http://adele.helma.org/source/cvsweb.cgi/?cvsroot=hop">cvs</a><br/>
<li><a href="http://helma.org/download/">download</a><br/>
</p>
<p>
<li><a href="<% root.href action="makekey" %>">generate server password</a>
</p>

17
Global/pwdform.skin
View file

@ -1,26 +1,21 @@
<body bgcolor="white">
<table width="500" border="0" cellspacing="1" cellpadding="5" bgcolor="#000000">
<table width="500" border="0" cellspacing="0" cellpadding="5" bgcolor="#000000">
<tr>
<td width="500" align="left" valign="top" bgcolor="#ffffff">
<big>Username and password for helma's manager:</big><br>
<p>Please choose an username and password combination to access the
manage application of this server. They will be appended md5-encoded
to the server.properties file. You can change the settings manually
by editing the server.properties file or through this webinterface
in manage/makekey (from localhost only!).</p>
<p>This is a stupid script and doesn't check wheter these properties
are already set in this file. So if you've already set username and
password you need to delete the old values manually.</p>
manage application of this server. They will be printed md5-encoded
in a format that you've got to copy/paste into the server.properties
file.</p>
<font color="red"><% param.msg %></font>
<form method="post">
<input class="formEl" name="username" size="25" value="<% param.username %>"> (username)<br>
<input class="formEl" type="password" name="password" size="25"> (password)<br>
<input class="formEl" type="password" name="password2" size="25"> (password retyped)<br><br>
<input class="formEl" type="submit" value="save to server.properties"><br>
<input class="formEl" name="password" size="25"> (password)<br>
<input class="formEl" type="submit" value="md5 encode"><br>
</form>
<p><b>Warning:</b> The used http-authorization transmits username and password

7
Root/makekey.hac
View file

@ -1,10 +1,3 @@
//// strictly limit access to localhost:
//if ( req.data.http_remotehost!="localhost" && req.data.http_remotehost!="127.0.0.1" ) {
// app.logEvent( req.data.http_remotehost + " tried to access makekey");
// return;
//}
if ( checkAuth()==false )
return;