From 7bd5803a33a49394df9fb87ffc22cb57db0b8980 Mon Sep 17 00:00:00 2001 From: stefanp Date: Fri, 22 Nov 2002 11:58:37 +0000 Subject: [PATCH] simplified editing of server authentication. as changes to server.properties are now immediately read and accessible from the manage-application we just have a md5-encoding utility and leave it to the admin to add the values to the server.properties file. this makes sure that nothing can be changed via the web. changes to allowadmin are effective immediately too. --- Global/functions.js | 32 ++++++++++++++------------------ Global/navig.skin | 4 ++++ Global/pwdform.skin | 17 ++++++----------- Root/makekey.hac | 7 ------- 4 files changed, 24 insertions(+), 36 deletions(-) diff --git a/Global/functions.js b/Global/functions.js index b95b947a..b77db3dc 100644 --- a/Global/functions.js +++ b/Global/functions.js @@ -15,6 +15,7 @@ function scheduler() { */ function onStart() { app.data.addressFilter = createAddressFilter(); + app.data.addressString = root.getProperty ("allowadmin"); } /** @@ -75,9 +76,9 @@ function appStat () { * utility function to sort object-arrays by name */ function sortByName(a,b) { - if ( a.getName () > b.getName ()) + if (a.name > b.name) return 1; - else if (a.getName () == b.getName ()) + else if (a.name == b.name) return 0; else return -1; @@ -126,7 +127,7 @@ function checkAuth(appObj) { if ( md5username==rootUsername && md5password==rootPassword ) return true; - if ( appObj!=null && appObj.isActive() ) { + if (appObj!=null && appObj.isActive()) { // check against application var appUsername = appObj.getProperty("adminusername"); var appPassword = appObj.getProperty("adminpassword"); @@ -141,6 +142,12 @@ function checkAuth(appObj) { * check access to the manage-app by ip-addresses */ function checkAddress() { + // if allowadmin value in server.properties has changed, + // re-construct the addressFilter + if (app.data.addressString != root.getProperty ("allowadmin")){ + app.data.addressFilter = createAddressFilter(); + app.data.addressString = root.getProperty ("allowadmin"); + } if ( !app.data.addressFilter.matches(java.net.InetAddress.getByName(req.data.http_remotehost)) ) { app.log("denied request from " + req.data.http_remotehost ); // forceStealth seems a bit like overkill here. @@ -181,32 +188,21 @@ function createAuth() { } var obj = new Object(); obj.msg = ""; - - if ( req.data.username!=null && req.data.password!=null && req.data.password2!=null ) { + if (req.data.username!=null && req.data.password!=null) { // we have input from webform if ( req.data.username=="" ) obj.msg += "username can't be left empty!
"; if ( req.data.password=="" ) obj.msg += "password can't be left empty!
"; - else if ( req.data.password!=req.data.password2 ) - obj.msg += "password and re-typed password don't match!
"; if ( obj.msg!="" ) { obj.username = req.data.username; res.reset(); renderSkin("pwdform",obj); return false; } - var f = new File(root.getHopHome().toString, "server.properties"); - var str = f.readAll(); - var sep = java.lang.System.getProperty("line.separator"); - str += sep + "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + sep; - str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + sep; - f.remove(); - f.open(); - f.write(str); - f.close(); - app.log( req.data.http_remotehost + " saved new adminUsername/adminPassword to server.properties"); - res.redirect ( root.href("main") ); + var str = "adminUsername=" + Packages.helma.util.MD5Encoder.encode(req.data.username) + "
\n"; + str += "adminPassword=" + Packages.helma.util.MD5Encoder.encode(req.data.password) + "
"; + res.write ("
" + str + "
"); } else { // no input from webform, so print it diff --git a/Global/navig.skin b/Global/navig.skin index f19ff3df..fecbbaf7 100644 --- a/Global/navig.skin +++ b/Global/navig.skin @@ -24,3 +24,7 @@
  • cvs
  • download

    + +

    +

  • ">generate server password +

    \ No newline at end of file diff --git a/Global/pwdform.skin b/Global/pwdform.skin index 641aaa2d..20eb1a01 100644 --- a/Global/pwdform.skin +++ b/Global/pwdform.skin @@ -1,26 +1,21 @@ - +
    Username and password for helma's manager:

    Please choose an username and password combination to access the -manage application of this server. They will be appended md5-encoded -to the server.properties file. You can change the settings manually -by editing the server.properties file or through this webinterface -in manage/makekey (from localhost only!).

    -

    This is a stupid script and doesn't check wheter these properties -are already set in this file. So if you've already set username and -password you need to delete the old values manually.

    +manage application of this server. They will be printed md5-encoded +in a format that you've got to copy/paste into the server.properties +file.

    <% param.msg %>
    (username)
    - (password)
    - (password retyped)

    -
    + (password)
    +

    Warning: The used http-authorization transmits username and password diff --git a/Root/makekey.hac b/Root/makekey.hac index 4800e2e4..edcf8857 100644 --- a/Root/makekey.hac +++ b/Root/makekey.hac @@ -1,10 +1,3 @@ - -//// strictly limit access to localhost: -//if ( req.data.http_remotehost!="localhost" && req.data.http_remotehost!="127.0.0.1" ) { -// app.logEvent( req.data.http_remotehost + " tried to access makekey"); -// return; -//} - if ( checkAuth()==false ) return;