Browse Source

Add a basic password protection.

master
flabbergast 7 years ago
parent
commit
9e37264461
  1. 12
      README.md
  2. 1
      auth
  3. 5
      cgi-bin/serverconfig.py
  4. 14
      configs/lighttpd.conf
  5. 1
      time-from-gps/auth
  6. 12
      time-from-gps/time-from-gps.py
  7. 1
      watcher-daemon/auth
  8. 17
      watcher-daemon/gps-watcher.py

12
README.md

@ -82,6 +82,14 @@ to configure `supervisord`, and restart it
Now you should have access to a basic info web page (on port `80`) and to `supervisord` web interface (on port `9001`).
The "Further info and configuration" webpage, as well as access to `supervisord`, is password protected (don't feel protected by this, it's not really secure). The name:pass is `admin:muflon`. If you want to change this, you need to edit two places: `/etc/supervisor/conf.d/daemons.conf` and `/opt/gps-timekeep/auth`. They need to match!
If you want to remove the password protection:
+ Edit `/etc/supervisor/conf.d/daemons.conf` and remove the two lines (`username` and `password`).
+ Remove `/opt/gps-timekeep/auth`.
+ Edit `/opt/gps-timekeep/configs/lighttpd.conf` and comment out the `auth.require` block.
## Optional extras
Some actions from the web interface require privilege escalation (I couldn't convince `lighttpd` to run as root), so:
@ -123,10 +131,6 @@ Similarly, if you want to be able to reboot from the web interface, you need to
+ `supervisord` runs its own web interface on port 9001.
+ One python CGI script is provided (`serverconfig.py`), which gives more system info, and lets you edit `/etc/network/interfaces` and reboot the Pi (see "Optional Extras" for what's needed to make this work).
#### Warning
The setup is completely insecure: everything is accessible, no attempt has been done to lock things down. So, please, **don't** put a Pi set up like this on the net (or baaad things will happen)!
#### Other notes (about configuration, etc...)
+ `gpsd` parameters should contain `-n`. This is so that gpsd starts listening to the GPS device even before a client (like cgps or such) asks for it. we need this so that the timekeeping starts right away on boot.

1
auth

@ -0,0 +1 @@
admin:muflon

5
cgi-bin/serverconfig.py

@ -108,6 +108,11 @@ print """
""" % (interfaces_contents)
# cgi.escape(message)
# password instructions
print """
<h3>Changing the password ...</h3>
"""
# reboot button
print """
<h3>Reboot the machine</h3>

14
configs/lighttpd.conf

@ -2,8 +2,9 @@ server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_cgi",
"mod_redirect",
"mod_cgi",
"mod_auth",
)
server.document-root = "/run/www"
@ -21,6 +22,15 @@ static-file.exclude-extensions = ( ".php", ".pl", ".fcgi", ".py" )
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
auth.backend = "plain"
auth.backend.plain.userfile = "/opt/gps-timekeep/auth"
auth.require = ( "/cgi-bin/" =>
( "method" => "basic",
"realm" => "Admin Realm",
"require" => "valid-user",
))
# redirect cgi-bin to /opt/gps-timekeep
$HTTP["url"] =~ "/cgi-bin/" { cgi.assign = ( "" => "" ) }
alias.url = ( "/cgi-bin/" => "/opt/gps-timekeep/cgi-bin/" )

1
time-from-gps/auth

@ -0,0 +1 @@
../auth

12
time-from-gps/time-from-gps.py

@ -7,6 +7,8 @@ import time
#import datetime
#import dateutil.parser
SUPERVISOR_AUTH = "auth"
# write a temporary html report
HTML_OUTPUT_DIR = "/run/www"
HTML_OUTPUT_FILE = "/index.html"
@ -34,6 +36,14 @@ time.sleep(1)
session = gps.gps("localhost", "2947")
session.stream(gps.WATCH_ENABLE | gps.WATCH_NEWSTYLE)
# preparation: read the supervisor user and pass
if os.path.isfile(SUPERVISOR_AUTH):
with open(SUPERVISOR_AUTH) as f:
supervisor_namepass = f.readline().strip() + "@"
else:
supervisor_namepass = ""
# main loop: wait for a time report from GPS
while True:
try:
@ -52,7 +62,7 @@ while True:
#print gpstime.isoformat('T')
#print datetime.datetime.now().isoformat('T')
# connect to supervisor
supervisord = xmlrpclib.Server('http://localhost:9001/RPC2')
supervisord = xmlrpclib.Server("http://"+supervisor_namepass+"localhost:9001/RPC2")
# start the watcher daemon
supervisord.supervisor.startProcess('gps-watcher')
break

1
watcher-daemon/auth

@ -0,0 +1 @@
../auth

17
watcher-daemon/gps-watcher.py

@ -25,6 +25,8 @@ HTML_OUTPUT_DIR = "/run/www"
HTML_OUTPUT_FILE = "/index.html"
HTML_TEMPLATE_FILE = "index.template.html"
SUPERVISOR_AUTH = "auth"
# auxiliary functions: for supervisord
supervisor_states = {
0: False, # stopped
@ -55,9 +57,8 @@ if not os.path.exists(HTML_OUTPUT_DIR):
os.makedirs(HTML_OUTPUT_DIR)
# preparation: read the html template file
fin = open(HTML_TEMPLATE_FILE)
html_template = fin.read()
fin.close()
with open(HTML_TEMPLATE_FILE) as f:
html_template = f.read()
# auxiliary function: generate a webpage with basic gps/ntpd info
def generate_html_file():
@ -72,8 +73,16 @@ def generate_html_file():
fout.write(html_template.format(**locals()))
fout.close()
# preparation: read the supervisor user and pass
if os.path.isfile(SUPERVISOR_AUTH):
with open(SUPERVISOR_AUTH) as f:
supervisor_namepass = f.readline().strip() + "@"
print "is"
else:
supervisor_namepass = ""
# connect to supervisor
supervisord = xmlrpclib.Server('http://localhost:9001/RPC2')
supervisord = xmlrpclib.Server("http://"+supervisor_namepass+"localhost:9001/RPC2")
# this class does the threaded polling of the gpsd daemon
class GpsPoller(threading.Thread):

Loading…
Cancel
Save