Mark Wooding [Sat, 16 May 2020 09:46:41 +0000 (10:46 +0100)]
chpwd.css: Make style match `distorted.org.uk' general house style.
Which is rather minimal, and hopefully not especially offensive. (Note
that, in particular, it doesn't override the body text face or size.)
Mark Wooding [Fri, 15 May 2020 17:10:28 +0000 (18:10 +0100)]
chpwd.css: Use the abbreviated border-setting notation.
Mark Wooding [Fri, 15 May 2020 17:04:47 +0000 (18:04 +0100)]
chpwd.css: Use tabs for indentation.
Mark Wooding [Fri, 15 May 2020 17:00:06 +0000 (18:00 +0100)]
chpwd.js: Only update DOM properties if they're actually going to change.
This might have a significant effect on the background-friendliness of
the validation machinery. Certainly, if I open Firefox's developer
tools, I used to see the various `whinge' elements highlighted as
changing all the time, which was rather distracting if nothing else, and
probably meant that DOM change-handling machinery was being engaged in
order to do nothing of any use.
Introduce a new function `update' which changes an object property only
if its value would actually change, and use this in the `check'
function.
Mark Wooding [Fri, 15 May 2020 16:59:48 +0000 (17:59 +0100)]
cookies.fhtml: Fix a stupid typo.
Mark Wooding [Tue, 10 Sep 2019 19:42:49 +0000 (20:42 +0100)]
format.py: Fix some commentary typos.
Mark Wooding [Mon, 10 Apr 2017 13:28:14 +0000 (14:28 +0100)]
format.py: Document `#' as a format parameter.
It's standard Common Lisp, but was unaccountably left out of the
documentation.
Mark Wooding [Sat, 4 Jul 2015 16:52:35 +0000 (17:52 +0100)]
userv.rc: Fix stupid configuration bug.
Mark Wooding [Fri, 24 Apr 2015 09:52:15 +0000 (10:52 +0100)]
sshsvc.conf: Configuration file for `sshsvc-mkauthkeys'.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
chpwd, operation.py: Allow administrative override of policy.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
chpwd: Publish command-line options to the `CFG' module.
They need to go somewhere and this seemed like the least bad choice.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
backend.py: Introduce protocol for alternative locking schemes.
It sounds fancier than it is. There's now a method for FlatFileBackend
subclasses to override if they want to apply different locking
semantics.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
backend.py: Change default lock directory.
All of the other state things end up under the working tree, so this
should too.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
operation.py: Fix stupid typo in commentary.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
cgi.py: Set the default static URL prefix from user's `SCRIPT_NAME'.
Otherwise you have to set them both, and that's just annoying.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
agpl.py: Python 2.5 compatibility.
Mark Wooding [Sun, 5 Apr 2015 21:40:15 +0000 (22:40 +0100)]
chpwd, config.py: Don't fail if there's no configuration file.
Things won't work well, but at least the initial make won't fail.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
chpwd, subcommand.py: Only show global options in admin context help.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
chpwd: Factor out option parsing.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
userv.rc: Don't clobber handling of `www-cgi'.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
chpwd, userv.rc: Change Userv service protocol to parse options properly.
Options passed apparently to the service were actually being handled at
top level, so you got the wrong help text if you said `userv chpwd list
-h', for example. This is very bad.
To fix this, we require the userv configuration to provide an explicit
non-option token to terminate top-level option handling at the right
time.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
service.py: Fix CommandRemoteService handling of vectors.
The CommandRemoteService class previously couldn't handle vector
arguments at all, and in particular it dropped the FIELDS argument to
`mkpwent' on the floor. It also dropped the PASSWORD argument, which
was just stupid.
Convert `_mkcmd' to handle all arguments as vectors, and fix the callers
to wrap their scalar arguments in little vectors. Now we take the cross
product of all of the arguments when substituting templates.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
service.py: Fix commentary, and default remote command.
Mark Wooding [Mon, 22 Dec 2014 20:32:58 +0000 (20:32 +0000)]
backend.py: Use configured delimiter for joining fields.
FlatFileRecord.create used `:' unconditionally.
Mark Wooding [Thu, 12 Jun 2014 14:02:54 +0000 (15:02 +0100)]
cgi.py: No, `QUERY_STRING' is not mandatory in GET requests.
Mark Wooding [Sun, 25 May 2014 08:51:17 +0000 (09:51 +0100)]
chpwd.css, login.fhtml: Move the login whinge to underneath the widgets.
Mark Wooding [Sun, 25 May 2014 08:50:36 +0000 (09:50 +0100)]
httpauth.py: Capitalize the login whinges.
The look better like this, and match the list whinges.
Mark Wooding [Sat, 24 May 2014 23:02:23 +0000 (00:02 +0100)]
list.fhtml, login.fhtml: Add some missing access keys.
Mark Wooding [Sat, 24 May 2014 22:20:55 +0000 (23:20 +0100)]
Makefile: Add `dist' target.
I don't think source distributions are really the right answer for
Chopwood, but it's a tradition, and it doesn't seem like a harmful one.
For the record: you're expected to run Chopwood out of a Git clone; and
users should get distributions from you using the AGPL-required `source'
command.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
Automatically add and remove password database records.
Unless the service explicitly disables this, the `addacct' command now
creates a record in the appropriate database, and `delacct' removes it
again. This involves a chunk of additional service protocol, and new
remote commands. Also, deleting a user now involves explicitly removing
the associated records.
Mark Wooding [Fri, 23 May 2014 15:01:18 +0000 (16:01 +0100)]
backend.py: Separate out the main work of `_update'.
This makes it easier to add other kinds of operations on the database
later.
Also check for errors, such as a missing record.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
service.py: Incompatible changes to CommandRemoteService.
Rather than having a constructor argument for each possible remote
command, we now have a more complex and flexible system. Firstly,
there's a `default' command prefix, to which the remaining
remote-command arguments are appended. Secondly, there's a dictionary
mapping command names to full command lists with placeholders (like the
old system).
Mark Wooding [Fri, 23 May 2014 17:20:46 +0000 (18:20 +0100)]
Introduce a `warn' output operation.
Mostly warnings are just written to standard error. The HTML output
driver captures warnings and displays them in an obvious box.
Mark Wooding [Fri, 23 May 2014 14:58:24 +0000 (15:58 +0100)]
backend.py: Make FlatFileRecord._format include the trailing newline.
This makes things more convenient for callers, in general.
Mark Wooding [Sat, 24 May 2014 13:02:32 +0000 (14:02 +0100)]
service.py: Fix the RemoteService `_mkcmd' protocol.
The CommandRemoteService implementation was completely wrong.
Substitutions need know the user name in question, which isn't available
until the actual operation is invoked; so this needs to be passed
through to `_mkcmd'.
Therefore, we introduce a new argument to `_run', which is simply passed
on to `_mkcmd', and adjust implementations to cope.
Mark Wooding [Fri, 23 May 2014 22:51:07 +0000 (23:51 +0100)]
service.py: Have SSHRemoteService use its superclass's `name' slot.
For some reason it invented its own instead. This seems rather
pointless.
Mark Wooding [Sat, 24 May 2014 13:01:04 +0000 (14:01 +0100)]
service.py: Add missing `_describe' method for CommandRemoteService.
Mark Wooding [Fri, 23 May 2014 17:22:44 +0000 (18:22 +0100)]
cgi.py: Don't crash if we have three values for a parameter.
The first time we see a parameter, we add it to `PARAMDICT'. The second
time, we remove it again because it's multivalued. The third time, we
try to remove it again, and that fails because it's already gone.
Mark Wooding [Sat, 24 May 2014 13:00:03 +0000 (14:00 +0100)]
Cosmetic fiddling.
Fixing typos and layout issues.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
{cgi,cmd-cgi,httpauth}.py: Check request methods on CGI commands.
Mainly as a sanity check.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
cgi.py: Emit the error about `POST' content-type correctly.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
subcommand.py: Have `subcommand' pass unknown arguments to constructor.
Since it has an explicit class parameter, it should be able to pass
initargs to the class constructor.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
cgi.py: Implement the `HEAD' request method.
A simple hack in the HTTP output driver to escape after writing the
header.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
cgi.py: Export request method from `cgiparse'.
We'll want to know it later.
Mark Wooding [Sat, 13 Jul 2013 15:34:40 +0000 (16:34 +0100)]
cgi.py: Fix function name in comment.
Annoyingly misleading.
Mark Wooding [Tue, 4 Feb 2014 14:49:42 +0000 (14:49 +0000)]
chpwd: Remove redundant user-name check in the SSH-service path.
Mark Wooding [Tue, 4 Feb 2014 14:33:41 +0000 (14:33 +0000)]
chpwd, operation.py: Logging for operations.
Probably about time we did this, really.
Mark Wooding [Tue, 4 Feb 2014 14:33:09 +0000 (14:33 +0000)]
service.py: Introduce a `name' attribute for services.
We'll want this soon. Set the names automatically, if configuration
doesn't provide them explicitly.
Mark Wooding [Tue, 4 Feb 2014 14:32:10 +0000 (14:32 +0000)]
operation.py: Fix stupid typo.
I don't think that attribute was used for anything. It will be soon,
though.
Mark Wooding [Thu, 23 Jan 2014 19:08:02 +0000 (19:08 +0000)]
httpauth.py: Improve the CSRF token stuff.
I used to use a simple XOR split, but while I was describing this
mitigation to someone else it struck me that it doesn't actually work:
the bad guy can accept a slowdown factor of 256 and guess corresponding
bytes of both halves to work through the whole token.
Replace the XOR split with a full-on all-or-nothing transform based on
OAEP.
Mark Wooding [Thu, 23 Jan 2014 19:06:06 +0000 (19:06 +0000)]
httpauth.py: Don't crash if Base-64 decoding of the CSRF token fails.
Mark Wooding [Thu, 23 Jan 2014 19:05:23 +0000 (19:05 +0000)]
list.fhtml: Make `logout' be a POST operation.
It's really not idempotent. And also it will spam the CSRF token into
the URL, which isn't what we want.
Mark Wooding [Thu, 23 Jan 2014 19:04:36 +0000 (19:04 +0000)]
cookies.fhtml: Fix stupid typo.
Mark Wooding [Thu, 23 Jan 2014 19:06:23 +0000 (19:06 +0000)]
httpauth.py: Fix stupid formatting error.
Mark Wooding [Sat, 28 Dec 2013 19:30:26 +0000 (19:30 +0000)]
cookies.fhtml: Stupid markup error.
Mark Wooding [Sat, 28 Dec 2013 19:29:54 +0000 (19:29 +0000)]
cookies.fhtml: Fix the epoch date.
Umm. I have no excuse.
Mark Wooding [Sat, 10 Aug 2013 12:31:30 +0000 (13:31 +0100)]
httpauth.py, cookies.fhtml: Randomize CSRF token to prevent BREACH.
The use of `gzip' compression by servers, combined with the possibility
of inserting request parameters in responses can leak information from
responses, notably the CSRF token. We can defend this by splitting it
into two XOR pieces and combining them together again in the server.
Mark Wooding [Sat, 10 Aug 2013 12:29:41 +0000 (13:29 +0100)]
httpauth.py: Use `base64' module's built-in character twiddles.
I hadn't noticed before: `b64encode' has an optional argument which you
can use to change the `+' and `/' characters. Use them instead of a
post-pass with `str.replace'.
Mark Wooding [Sat, 10 Aug 2013 12:28:17 +0000 (13:28 +0100)]
httpauth.py: Allow configuration of the hash function.
Mark Wooding [Sat, 13 Apr 2013 23:14:28 +0000 (00:14 +0100)]
wrapper.fhtml: Tell mobile browsers that we'll work on their screen.
Mark Wooding [Sat, 13 Apr 2013 23:13:00 +0000 (00:13 +0100)]
chpwd.js: Provide the CAPTUREP argument to `addEventListener'.
Otherwise MicroB, at least, raises an exception and none of the
remaining JavaScript will run.
Mark Wooding [Sat, 30 Mar 2013 14:55:12 +0000 (14:55 +0000)]
httpauth.py, cmd-cgi.py, list.fhtml: Implement explicit logout action.
Mark Wooding [Sat, 30 Mar 2013 14:46:31 +0000 (14:46 +0000)]
httpauth.py: Abstract out setting the various cookie attributes.
We'll want to use them elsewhere.
Mark Wooding [Sat, 30 Mar 2013 14:24:27 +0000 (14:24 +0000)]
cmd-cgi.py: Don't allow caching of the `list' page.
May further reduce the possibility of proxies crossing wires over.
Mark Wooding [Sat, 30 Mar 2013 14:00:27 +0000 (14:00 +0000)]
userv.rc: Example Userv configuration dropping.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
Makefile: Add some missing source files to the list.
This isn't working out. There must be a better way.
Mark Wooding [Thu, 28 Mar 2013 00:05:33 +0000 (00:05 +0000)]
agpl.py (dump_dir): Replace unpleasant control-flow variable with an escape.
If only Python had a proper `goto'.
Mark Wooding [Thu, 28 Mar 2013 00:05:01 +0000 (00:05 +0000)]
agpl.py (filez): Slightly better detection of toplevels.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
agpl.py (filez): Check the exit code from the command.
Mark Wooding [Thu, 28 Mar 2013 00:02:38 +0000 (00:02 +0000)]
agpl.py: Document and prettify.
No actual code changes.
agpl.py: Document and prettify.
No actual code changes.
Mark Wooding [Wed, 27 Mar 2013 21:27:02 +0000 (21:27 +0000)]
wrapper.fhtml: Put `html' in lowercase in the DOCTYPE declaration.
Mark Wooding [Wed, 27 Mar 2013 21:26:39 +0000 (21:26 +0000)]
agpl.py: Fix up symbolic links between directories being dumped.
This should make deployment from generated tarballs easier.
Mark Wooding [Wed, 27 Mar 2013 21:25:50 +0000 (21:25 +0000)]
agpl.py: Exclude the root directory from listers.
Otherwise we'll get a strange number of them. Instead, include it
manually.
Mark Wooding [Wed, 27 Mar 2013 21:24:16 +0000 (21:24 +0000)]
agpl.py: Include a `MANIFEST' file explaining where things came from.
Mark Wooding [Sat, 16 Mar 2013 17:43:05 +0000 (17:43 +0000)]
cgi.py: Implement a wrapping operation.
That is, a format control obtained as an argument can be invoked,
passing it a number of other formatting controls, which it can then
invoke in turn as it wishes.
No use for this yet, but it seems like a cool thing to have lying about.
Mark Wooding [Sat, 16 Mar 2013 17:29:39 +0000 (17:29 +0000)]
cgi.py: Export the template cache to the templates.
Now they can invoke each other with `~=TMPL[NAME]@?'.
Mark Wooding [Sat, 16 Mar 2013 17:28:37 +0000 (17:28 +0000)]
format.py: Allow general format controls more widely.
In particular, allow them as inputs to `compile', and to the `~{~}' and
`~?' directives.
Mark Wooding [Sat, 16 Mar 2013 00:35:34 +0000 (00:35 +0000)]
cgi.py, operation.py, list.fhtml: Request-level policy switch.
* Introduce a new configuration variable `ALLOWOP' with a policy flag
for each request type;
* have `BaseRequest.check' ensure that the corresponding policy flag
is set;
* export this policy switch to the template language; and
* only show widgets for the permitted operations in the web interface.
The commands still appear in the userv/SSH interface, which is a bit
gnarly.
Mark Wooding [Sat, 16 Mar 2013 00:31:03 +0000 (00:31 +0000)]
operation.py: Refactor `polswitch' a little.
We're going to use this structure again.
Mark Wooding [Sat, 16 Mar 2013 00:29:40 +0000 (00:29 +0000)]
chpwd: Put `user' into template arguments when run from command-line.
Mark Wooding [Thu, 14 Mar 2013 01:12:09 +0000 (01:12 +0000)]
cgi.py: Fix documentation for `~:H' format operation.
Once upon a time it was going to do form-urlencoding, but it turns out
that quotification is much more useful.
Mark Wooding [Wed, 13 Mar 2013 14:41:51 +0000 (14:41 +0000)]
cgi.py: Escape quote signs in `htmlescape' and `html_quotify'.
This helps protect against XSS attacks.
Mark Wooding [Wed, 13 Mar 2013 14:40:50 +0000 (14:40 +0000)]
format.py: Document the formatting directive syntax.
This was always meant to be here, but got missed out in the rush.
Mark Wooding [Wed, 13 Mar 2013 02:46:40 +0000 (02:46 +0000)]
crypto.py: Another missing import.
Mark Wooding [Tue, 12 Mar 2013 23:11:46 +0000 (23:11 +0000)]
service.py: Yet more unqualified names needing qualification.
Maybe this is the last batch.
Mark Wooding [Tue, 12 Mar 2013 22:17:16 +0000 (22:17 +0000)]
Fix some stupid unknown-variable errors.
Leftover from the split into separate modules.
Mark Wooding [Tue, 12 Mar 2013 04:23:29 +0000 (04:23 +0000)]
.gitignore: Ignore the `.pyo' files left by `python -O'.
Mark Wooding [Tue, 12 Mar 2013 04:17:59 +0000 (04:17 +0000)]
chpwd: Set default config file from environment variable `CHPWD_CONFIG'.
This is more convenient to set from webserver CGI configurations and SSH
`authorized_keys' files.
Mark Wooding [Mon, 11 Mar 2013 22:43:45 +0000 (22:43 +0000)]
cmd-cgi.py: Typo in help message for the CGI `source' command.
Mark Wooding [Sat, 9 Mar 2013 05:50:44 +0000 (05:50 +0000)]
cmd-admin.py: Add `source' command to remote command context.
Now remote-control clients can fetch our source code too. Question:
should the master instance fetch source code for all of its satellites?
Mark Wooding [Sat, 9 Mar 2013 05:31:13 +0000 (05:31 +0000)]
Put the user's name in post-authentication requests.
In GET requests, it goes in the path; for POST requests, it can go in
`%user'. This is to prevent caches from returning the wrong pages. I
feel a bit stupid about not fixing this earlier.
Mark Wooding [Sat, 9 Mar 2013 05:29:10 +0000 (05:29 +0000)]
Keep track of whether a CGI request is carried over SSL.
If it is, then tie the cookie so that it's only returned to us over
SSL-encrypted links.
Mark Wooding [Sat, 9 Mar 2013 05:27:29 +0000 (05:27 +0000)]
cgi.py (cookie): Exclude attribute keys whose value is false.
Mark Wooding [Sat, 9 Mar 2013 05:34:26 +0000 (05:34 +0000)]
cgi.py: Fix stupid typo so that HTTP status codes are returned properly.
Mark Wooding [Fri, 8 Mar 2013 07:23:16 +0000 (07:23 +0000)]
*.fhtml: Use double quotes for HTML attributes.
Makes them highlight better in Emacs.
Mark Wooding [Fri, 8 Mar 2013 07:20:04 +0000 (07:20 +0000)]
*.fhtml: Use proper apostrophes instead of the awful ASCII one.
Mark Wooding [Fri, 8 Mar 2013 07:13:36 +0000 (07:13 +0000)]
cookies.fhtml: Use correct link for the source code archive.
Mark Wooding [Fri, 8 Mar 2013 07:12:25 +0000 (07:12 +0000)]
cgi.py: Remove defunct `html' function.
Mark Wooding [Fri, 8 Mar 2013 07:11:26 +0000 (07:11 +0000)]
cgi.py: Remove the old error reporting machinery.
It's all in templates now.
Mark Wooding [Fri, 8 Mar 2013 02:53:11 +0000 (02:53 +0000)]
Makefile: Update the `auto.py' symlink correctly.