Clean up feature selection in JavaScript code, and add a new feature that
disables the "SSL" context menu option. Tweaked initial handshake for SSL certificate negotiation when using --cert-fd and --cgi. git-svn-id: https://shellinabox.googlecode.com/svn/trunk@48 0da03de8-d603-11dd-86c2-0f8696b7b6f9
This commit is contained in:
parent
949d763498
commit
646bd6a853
4 changed files with 73 additions and 47 deletions
|
@ -319,7 +319,8 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) {
|
||||||
actions[i++] = oldActions[j++];
|
actions[i++] = oldActions[j++];
|
||||||
if (node.id == "endconfig") {
|
if (node.id == "endconfig") {
|
||||||
node.id = '';
|
node.id = '';
|
||||||
if (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL) {
|
if (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL &&
|
||||||
|
!(typeof disableSSLMenu != 'undefined' && disableSSLMenu)) {
|
||||||
// If the server supports both SSL and plain text connections,
|
// If the server supports both SSL and plain text connections,
|
||||||
// provide a menu entry to switch between the two.
|
// provide a menu entry to switch between the two.
|
||||||
var newNode = document.createElement('li');
|
var newNode = document.createElement('li');
|
||||||
|
|
|
@ -77,6 +77,7 @@ static int portMax;
|
||||||
static int noBeep = 0;
|
static int noBeep = 0;
|
||||||
static int numericHosts = 0;
|
static int numericHosts = 0;
|
||||||
static int enableSSL = 1;
|
static int enableSSL = 1;
|
||||||
|
static int enableSSLMenu = 1;
|
||||||
static char *certificateDir;
|
static char *certificateDir;
|
||||||
static int certificateFd = -1;
|
static int certificateFd = -1;
|
||||||
static HashMap *externalFiles;
|
static HashMap *externalFiles;
|
||||||
|
@ -489,9 +490,11 @@ static int shellInABoxHttpHandler(HttpConnection *http, void *arg,
|
||||||
extern char shellInABoxEnd[];
|
extern char shellInABoxEnd[];
|
||||||
char *stateVars = stringPrintf(NULL,
|
char *stateVars = stringPrintf(NULL,
|
||||||
"serverSupportsSSL = %s;\n"
|
"serverSupportsSSL = %s;\n"
|
||||||
"suppressAllAudio = %d;\n\n",
|
"disableSSLMenu = %s;\n"
|
||||||
|
"suppressAllAudio = %s;\n\n",
|
||||||
enableSSL ? "true" : "false",
|
enableSSL ? "true" : "false",
|
||||||
noBeep);
|
!enableSSLMenu ? "true" : "false",
|
||||||
|
noBeep ? "true" : "false");
|
||||||
int stateVarsLength = strlen(stateVars);
|
int stateVarsLength = strlen(stateVars);
|
||||||
int contentLength = stateVarsLength +
|
int contentLength = stateVarsLength +
|
||||||
(vt100End - vt100Start) +
|
(vt100End - vt100Start) +
|
||||||
|
@ -597,7 +600,8 @@ static void usage(void) {
|
||||||
" --cert-fd=FD set certificate file from fd",
|
" --cert-fd=FD set certificate file from fd",
|
||||||
group, PORTNUM,
|
group, PORTNUM,
|
||||||
!serverSupportsSSL() ? "" :
|
!serverSupportsSSL() ? "" :
|
||||||
" -t, --disable-ssl disable transparent SSL support\n",
|
" -t, --disable-ssl disable transparent SSL support\n"
|
||||||
|
" --disable-ssl-menu disallow changing transport mode\n",
|
||||||
user, supportsPAM() ? "'AUTH' | " : "");
|
user, supportsPAM() ? "'AUTH' | " : "");
|
||||||
free((char *)user);
|
free((char *)user);
|
||||||
free((char *)group);
|
free((char *)group);
|
||||||
|
@ -635,6 +639,7 @@ static void parseArgs(int argc, char * const argv[]) {
|
||||||
{ "port", 1, 0, 'p' },
|
{ "port", 1, 0, 'p' },
|
||||||
{ "service", 1, 0, 's' },
|
{ "service", 1, 0, 's' },
|
||||||
{ "disable-ssl", 0, 0, 't' },
|
{ "disable-ssl", 0, 0, 't' },
|
||||||
|
{ "disable-ssl-menu", 0, 0, 0 },
|
||||||
{ "quiet", 0, 0, 'q' },
|
{ "quiet", 0, 0, 'q' },
|
||||||
{ "user", 1, 0, 'u' },
|
{ "user", 1, 0, 'u' },
|
||||||
{ "verbose", 0, 0, 'v' },
|
{ "verbose", 0, 0, 'v' },
|
||||||
|
@ -772,6 +777,13 @@ static void parseArgs(int argc, char * const argv[]) {
|
||||||
warn("Ignoring disable-ssl option, as SSL support is unavailable");
|
warn("Ignoring disable-ssl option, as SSL support is unavailable");
|
||||||
}
|
}
|
||||||
enableSSL = 0;
|
enableSSL = 0;
|
||||||
|
} else if (!idx--) {
|
||||||
|
// Disable SSL Menu
|
||||||
|
if (!hasSSL) {
|
||||||
|
warn("Ignoring disable-ssl-menu option, as SSL support is "
|
||||||
|
"unavailable");
|
||||||
|
}
|
||||||
|
enableSSLMenu = 0;
|
||||||
} else if (!idx--) {
|
} else if (!idx--) {
|
||||||
// Quiet
|
// Quiet
|
||||||
if (!logIsDefault() && !logIsQuiet()) {
|
if (!logIsDefault() && !logIsQuiet()) {
|
||||||
|
@ -870,6 +882,28 @@ static void removeLimits() {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void setUpSSL(Server *server) {
|
||||||
|
serverEnableSSL(server, enableSSL);
|
||||||
|
|
||||||
|
// Enable SSL support (if available)
|
||||||
|
if (enableSSL) {
|
||||||
|
check(serverSupportsSSL());
|
||||||
|
if (certificateFd >= 0) {
|
||||||
|
serverSetCertificateFd(server, certificateFd);
|
||||||
|
} else if (certificateDir) {
|
||||||
|
char *tmp;
|
||||||
|
if (strchr(certificateDir, '%')) {
|
||||||
|
fatal("Invalid certificate directory name \"%s\".", certificateDir);
|
||||||
|
}
|
||||||
|
check(tmp = stringPrintf(NULL, "%s/certificate%%s.pem", certificateDir));
|
||||||
|
serverSetCertificate(server, tmp, 1);
|
||||||
|
free(tmp);
|
||||||
|
} else {
|
||||||
|
serverSetCertificate(server, "certificate%s.pem", 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char * const argv[]) {
|
int main(int argc, char * const argv[]) {
|
||||||
// Disable core files
|
// Disable core files
|
||||||
prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
|
prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
|
||||||
|
@ -890,6 +924,7 @@ int main(int argc, char * const argv[]) {
|
||||||
Server *server;
|
Server *server;
|
||||||
if (port) {
|
if (port) {
|
||||||
check(server = newServer(port));
|
check(server = newServer(port));
|
||||||
|
setUpSSL(server);
|
||||||
} else {
|
} else {
|
||||||
// For CGI operation we fork the new server, so that it runs in the
|
// For CGI operation we fork the new server, so that it runs in the
|
||||||
// background.
|
// background.
|
||||||
|
@ -908,6 +943,7 @@ int main(int argc, char * const argv[]) {
|
||||||
check(!NOINTR(close(fds[0])));
|
check(!NOINTR(close(fds[0])));
|
||||||
check(server = newCGIServer(portMin, portMax, AJAX_TIMEOUT));
|
check(server = newCGIServer(portMin, portMax, AJAX_TIMEOUT));
|
||||||
cgiServer = server;
|
cgiServer = server;
|
||||||
|
setUpSSL(server);
|
||||||
|
|
||||||
// Output a <frameset> that includes our root page
|
// Output a <frameset> that includes our root page
|
||||||
check(port = serverGetListeningPort(server));
|
check(port = serverGetListeningPort(server));
|
||||||
|
@ -925,29 +961,9 @@ int main(int argc, char * const argv[]) {
|
||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
free(cgiRoot);
|
free(cgiRoot);
|
||||||
check(!NOINTR(close(fds[1])));
|
check(!NOINTR(close(fds[1])));
|
||||||
closeAllFds((int []){ launcherFd, serverGetFd(server),
|
closeAllFds((int []){ launcherFd, serverGetFd(server) }, 2);
|
||||||
certificateFd }, certificateFd >= 0 ? 3 : 2);
|
|
||||||
logSetLogLevel(MSG_QUIET);
|
logSetLogLevel(MSG_QUIET);
|
||||||
}
|
}
|
||||||
serverEnableSSL(server, enableSSL);
|
|
||||||
|
|
||||||
// Enable SSL support (if available)
|
|
||||||
if (enableSSL) {
|
|
||||||
check(serverSupportsSSL());
|
|
||||||
if (certificateFd >= 0) {
|
|
||||||
serverSetCertificateFd(server, certificateFd);
|
|
||||||
} else if (certificateDir) {
|
|
||||||
char *tmp;
|
|
||||||
if (strchr(certificateDir, '%')) {
|
|
||||||
fatal("Invalid certificate directory name \"%s\".", certificateDir);
|
|
||||||
}
|
|
||||||
check(tmp = stringPrintf(NULL, "%s/certificate%%s.pem", certificateDir));
|
|
||||||
serverSetCertificate(server, tmp, 1);
|
|
||||||
free(tmp);
|
|
||||||
} else {
|
|
||||||
serverSetCertificate(server, "certificate%s.pem", 1);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Set log file format
|
// Set log file format
|
||||||
serverSetNumericHosts(server, numericHosts);
|
serverSetNumericHosts(server, numericHosts);
|
||||||
|
|
|
@ -63,6 +63,7 @@ shellinaboxd \- publish command line shell through AJAX interface
|
||||||
[\ \fB-p\fP\ | \fB--port=\fP\fIport\fP\ ]
|
[\ \fB-p\fP\ | \fB--port=\fP\fIport\fP\ ]
|
||||||
[\ \fB-s\fP\ | \fB--service=\fP\fIservice\fP\ ]
|
[\ \fB-s\fP\ | \fB--service=\fP\fIservice\fP\ ]
|
||||||
[\ \fB-t\fP\ | \fB--disable-ssl\fP\ ]
|
[\ \fB-t\fP\ | \fB--disable-ssl\fP\ ]
|
||||||
|
[\ \fB--disable-ssl-menu\fP\ ]
|
||||||
[\ \fB-q\fP\ | \fB--quiet\fP\ ]
|
[\ \fB-q\fP\ | \fB--quiet\fP\ ]
|
||||||
[\ \fB-u\fP\ | \fB--user=\fP\fIuid\fP\ ]
|
[\ \fB-u\fP\ | \fB--user=\fP\fIuid\fP\ ]
|
||||||
[\ \fB-v\fP\ | \fB--verbose\fP\ ]
|
[\ \fB-v\fP\ | \fB--verbose\fP\ ]
|
||||||
|
@ -380,6 +381,11 @@ undesired, this behavior can be disabled.
|
||||||
This option is also useful during testing or for deployment in trusted
|
This option is also useful during testing or for deployment in trusted
|
||||||
intranets, if SSL certificates are unavailable.
|
intranets, if SSL certificates are unavailable.
|
||||||
.TP
|
.TP
|
||||||
|
\fB--disable-ssl-menu\fP
|
||||||
|
If the user should not be able to switch between HTTP and HTTPS modes, this
|
||||||
|
choice can be removed from the context menu. The user can still make this
|
||||||
|
choice by directly going to the appropriate URL.
|
||||||
|
.TP
|
||||||
\fB-q\fP\ |\ \fB--quiet\fP
|
\fB-q\fP\ |\ \fB--quiet\fP
|
||||||
Surpresses all messages to
|
Surpresses all messages to
|
||||||
.IR stderr .
|
.IR stderr .
|
||||||
|
|
|
@ -128,7 +128,8 @@ VT100.prototype.reset = function(clearHistory) {
|
||||||
this.offsetMode = false;
|
this.offsetMode = false;
|
||||||
this.mouseReporting = false;
|
this.mouseReporting = false;
|
||||||
this.utfEnabled = true;
|
this.utfEnabled = true;
|
||||||
this.visualBell = suppressAllAudio != 'undefined' &&
|
this.visualBell = typeof suppressAllAudio !=
|
||||||
|
'undefined' &&
|
||||||
suppressAllAudio;
|
suppressAllAudio;
|
||||||
this.utfCount = 0;
|
this.utfCount = 0;
|
||||||
this.utfChar = 0;
|
this.utfChar = 0;
|
||||||
|
@ -210,7 +211,8 @@ VT100.prototype.initializeElements = function(container) {
|
||||||
try {
|
try {
|
||||||
if (typeof navigator.mimeTypes["audio/x-wav"].enabledPlugin.name !=
|
if (typeof navigator.mimeTypes["audio/x-wav"].enabledPlugin.name !=
|
||||||
'undefined') {
|
'undefined') {
|
||||||
embed = suppressAllAudio ? "" :
|
embed = typeof suppressAllAudio != 'undefined' &&
|
||||||
|
suppressAllAudio ? "" :
|
||||||
'<embed classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ' +
|
'<embed classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ' +
|
||||||
'id="beep_embed" ' +
|
'id="beep_embed" ' +
|
||||||
'src="beep.wav" ' +
|
'src="beep.wav" ' +
|
||||||
|
@ -241,7 +243,8 @@ VT100.prototype.initializeElements = function(container) {
|
||||||
'<input type="textfield" id="input" />' +
|
'<input type="textfield" id="input" />' +
|
||||||
'<input type="textfield" id="cliphelper" />' +
|
'<input type="textfield" id="cliphelper" />' +
|
||||||
'<span id="attrib"> </span>' +
|
'<span id="attrib"> </span>' +
|
||||||
(suppressAllAudio ? "" :
|
(typeof suppressAllAudio != 'undefined' &&
|
||||||
|
suppressAllAudio ? "" :
|
||||||
embed + '<bgsound id="beep_bgsound" loop=1 />') +
|
embed + '<bgsound id="beep_bgsound" loop=1 />') +
|
||||||
'</div>';
|
'</div>';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue