Fork 0

Add a 'change password' page.

flabbergast 9 years ago
parent 9e37264461
commit 5fc7e32681

@ -82,7 +82,16 @@ to configure `supervisord`, and restart it
Now you should have access to a basic info web page (on port `80`) and to `supervisord` web interface (on port `9001`).
The "Further info and configuration" webpage, as well as access to `supervisord`, is password protected (don't feel protected by this, it's not really secure). The name:pass is `admin:muflon`. If you want to change this, you need to edit two places: `/etc/supervisor/conf.d/daemons.conf` and `/opt/gps-timekeep/auth`. They need to match!
## Password protection
The "Further info and configuration" webpage, as well as access to `supervisord`, is password protected (don't feel protected by this, it's not really secure). The name:pass is `admin:muflon`. There is a web form to change this, but making it work is another privilege escalation (see also "Optional extras" below), so requires making two files writable by the `lighttpd` process. So:
sudo chgrp www-data /etc/supervisor/conf.d/daemons.conf
sudo chown g+w /etc/supervisor/conf.d/daemons.conf
The other file, `/opt/gps-timekeep/auth` should be set up OK already, but just in case it isn't:
chmod 0666 /opt/gps-timekeep/auth
If you want to remove the password protection:

@ -0,0 +1,107 @@
import subprocess
import sys
import os
import cgi
import cgitb; cgitb.enable() # for troubleshooting
# constants
SUPERVISOR_CONF = "/etc/supervisor/conf.d/daemons.conf"
AUTH_FILE = "/opt/gps-timekeep/auth"
<h3>Can't change password via web interface: permissions problem</h3>
<h4>Change password "manually"</h4>
<li>SSH into the machine.</li>
<li>Change name:pass by editing two files:
<li>Passwords need to match!!</li>
<li>Restart the machine (otherwise unexpected stuff can occur).</li>
<h4>Alternatively, fix the permissions</h4>
The two files above need to be write-accessible by the lighttpd process, so you can for instance (after SSHing into the machine):
sudo chgrp www-data /opt/gps-timekeep/auth
sudo chmod g+w /opt/gps-timekeep/auth
and the same with the other file.
print "Content-Type: text/html" # HTML is following
print # blank line, end of headers
# print html header
print """
<title>ntpi: change password</title>
<h1>ntpi: change password</h1>
# get the submitted form contents
form = cgi.FieldStorage()
# if rebooting requested, just print a message and exit
if "reboot-button" in form:
print "<h1>Rebooting now!</h1></body></html>"
# check if the appropriate files are writable
if (not os.access(SUPERVISOR_CONF, os.W_OK | os.R_OK)) or (not os.access(AUTH_FILE, os.W_OK | os.R_OK)):
# change of password requested
if "submit-button" in form:
username = form.getvalue("username")
password = form.getvalue("password")
with open(AUTH_FILE, "w") as f:
with open(SUPERVISOR_CONF) as f:
lines = f.readlines()
with open(SUPERVISOR_CONF, "w") as f:
for line in lines:
if line.startswith("username "):
f.write("username = " + username + "\n")
elif line.startswith("password "):
f.write("password = " + password + "\n")
print """
<form method="post" action="password.py">
</p><strong>Message:</strong> Username and password changed. You should
<input type="submit" value="Reboot!" name="reboot-button"> now.
# read username and password
username = "some error"
password = "has occured"
with open(AUTH_FILE) as f:
username, password = f.readline().strip().split(':')
# print the form
print """
<form method="post" action="password.py">
Username: <input type="text" name="username" value="%s"/><br />
Password: <input type="text" name="password" value="%s"/><br />
<input type="submit" value="Submit" name="submit-button"></p>
Note: No sanity checking is done, so be careful!
<a href="/cgi-bin/serverconfig.py">Go back.</a>
""" % (username, password)

@ -111,6 +111,9 @@ print """
# password instructions
print """
<h3>Changing the password ...</h3>
<p>... can be done <a href="/cgi-bin/password.py">here</a>.</p>
# reboot button