simono41/shellinabox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Clean up feature selection in JavaScript code, and add a new feature that

Browse source 
disables the "SSL" context menu option.
Tweaked initial handshake for SSL certificate negotiation when using --cert-fd
and --cgi.


git-svn-id: https://shellinabox.googlecode.com/svn/trunk@48 0da03de8-d603-11dd-86c2-0f8696b7b6f9
This commit is contained in:
zodiac 2009-01-21 23:38:25 +00:00
parent 949d763498
commit 646bd6a853
4 changed files with 73 additions and 47 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
shellinabox/shell_in_a_box.js
View file

@ -319,7 +319,8 @@ ShellInABox.prototype.extendContextMenu = function(entries, actions) {
actions[i++] = oldActions[j++]; actions[i++] = oldActions[j++];
if (node.id == "endconfig") { if (node.id == "endconfig") {
node.id = ''; node.id = '';
if (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL) { if (typeof serverSupportsSSL != 'undefined' && serverSupportsSSL &&
!(typeof disableSSLMenu != 'undefined' && disableSSLMenu)) {
// If the server supports both SSL and plain text connections, // If the server supports both SSL and plain text connections,
// provide a menu entry to switch between the two. // provide a menu entry to switch between the two.
var newNode = document.createElement('li'); var newNode = document.createElement('li');

102
shellinabox/shellinaboxd.c
View file

@ -77,6 +77,7 @@ static int portMax;
static int noBeep = 0; static int noBeep = 0;
static int numericHosts = 0; static int numericHosts = 0;
static int enableSSL = 1; static int enableSSL = 1;
static int enableSSLMenu = 1;
static char *certificateDir; static char *certificateDir;
static int certificateFd = -1; static int certificateFd = -1;
static HashMap *externalFiles; static HashMap *externalFiles;
@ -489,9 +490,11 @@ static int shellInABoxHttpHandler(HttpConnection *http, void *arg,
extern char shellInABoxEnd[]; extern char shellInABoxEnd[];
char *stateVars = stringPrintf(NULL, char *stateVars = stringPrintf(NULL,
"serverSupportsSSL = %s;\n" "serverSupportsSSL = %s;\n"
"suppressAllAudio = %d;\n\n", "disableSSLMenu = %s;\n"
enableSSL ? "true" : "false", "suppressAllAudio = %s;\n\n",
noBeep); enableSSL ? "true" : "false",
!enableSSLMenu ? "true" : "false",
noBeep ? "true" : "false");
int stateVarsLength = strlen(stateVars); int stateVarsLength = strlen(stateVars);
int contentLength = stateVarsLength + int contentLength = stateVarsLength +
(vt100End - vt100Start) + (vt100End - vt100Start) +
@ -597,7 +600,8 @@ static void usage(void) {
" --cert-fd=FD set certificate file from fd", " --cert-fd=FD set certificate file from fd",
group, PORTNUM, group, PORTNUM,
!serverSupportsSSL() ? "" : !serverSupportsSSL() ? "" :
" -t, --disable-ssl disable transparent SSL support\n", " -t, --disable-ssl disable transparent SSL support\n"
" --disable-ssl-menu disallow changing transport mode\n",
user, supportsPAM() ? "'AUTH' | " : ""); user, supportsPAM() ? "'AUTH' | " : "");
free((char *)user); free((char *)user);
free((char *)group); free((char *)group);
@ -622,24 +626,25 @@ static void parseArgs(int argc, char * const argv[]) {
for (;;) { for (;;) {
static const char optstring[] = "+hb::c:df:g:np:s:tqu:v"; static const char optstring[] = "+hb::c:df:g:np:s:tqu:v";
static struct option options[] = { static struct option options[] = {
{ "help", 0, 0, 'h' }, { "help", 0, 0, 'h' },
{ "background", 2, 0, 'b' }, { "background", 2, 0, 'b' },
{ "cert", 1, 0, 'c' }, { "cert", 1, 0, 'c' },
{ "cert-fd", 1, 0, 0 }, { "cert-fd", 1, 0, 0 },
{ "cgi", 2, 0, 0 }, { "cgi", 2, 0, 0 },
{ "debug", 0, 0, 'd' }, { "debug", 0, 0, 'd' },
{ "static-file", 1, 0, 'f' }, { "static-file", 1, 0, 'f' },
{ "group", 1, 0, 'g' }, { "group", 1, 0, 'g' },
{ "no-beep", 0, 0, 0 }, { "no-beep", 0, 0, 0 },
{ "numeric", 0, 0, 'n' }, { "numeric", 0, 0, 'n' },
{ "port", 1, 0, 'p' }, { "port", 1, 0, 'p' },
{ "service", 1, 0, 's' }, { "service", 1, 0, 's' },
{ "disable-ssl", 0, 0, 't' }, { "disable-ssl", 0, 0, 't' },
{ "quiet", 0, 0, 'q' }, { "disable-ssl-menu", 0, 0, 0 },
{ "user", 1, 0, 'u' }, { "quiet", 0, 0, 'q' },
{ "verbose", 0, 0, 'v' }, { "user", 1, 0, 'u' },
{ "version", 0, 0, 0 }, { "verbose", 0, 0, 'v' },
{ 0, 0, 0, 0 } }; { "version", 0, 0, 0 },
{ 0, 0, 0, 0 } };
int idx = -1; int idx = -1;
int c = getopt_long(argc, argv, optstring, options, &idx); int c = getopt_long(argc, argv, optstring, options, &idx);
if (c > 0) { if (c > 0) {
@ -772,6 +777,13 @@ static void parseArgs(int argc, char * const argv[]) {
warn("Ignoring disable-ssl option, as SSL support is unavailable"); warn("Ignoring disable-ssl option, as SSL support is unavailable");
} }
enableSSL = 0; enableSSL = 0;
} else if (!idx--) {
// Disable SSL Menu
if (!hasSSL) {
warn("Ignoring disable-ssl-menu option, as SSL support is "
"unavailable");
}
enableSSLMenu = 0;
} else if (!idx--) { } else if (!idx--) {
// Quiet // Quiet
if (!logIsDefault() && !logIsQuiet()) { if (!logIsDefault() && !logIsQuiet()) {
@ -870,6 +882,28 @@ static void removeLimits() {
} }
} }
static void setUpSSL(Server *server) {
serverEnableSSL(server, enableSSL);
// Enable SSL support (if available)
if (enableSSL) {
check(serverSupportsSSL());
if (certificateFd >= 0) {
serverSetCertificateFd(server, certificateFd);
} else if (certificateDir) {
char *tmp;
if (strchr(certificateDir, '%')) {
fatal("Invalid certificate directory name \"%s\".", certificateDir);
}
check(tmp = stringPrintf(NULL, "%s/certificate%%s.pem", certificateDir));
serverSetCertificate(server, tmp, 1);
free(tmp);
} else {
serverSetCertificate(server, "certificate%s.pem", 1);
}
}
}
int main(int argc, char * const argv[]) { int main(int argc, char * const argv[]) {
// Disable core files // Disable core files
prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); prctl(PR_SET_DUMPABLE, 0, 0, 0, 0);
@ -890,6 +924,7 @@ int main(int argc, char * const argv[]) {
Server *server; Server *server;
if (port) { if (port) {
check(server = newServer(port)); check(server = newServer(port));
setUpSSL(server);
} else { } else {
// For CGI operation we fork the new server, so that it runs in the // For CGI operation we fork the new server, so that it runs in the
// background. // background.
@ -908,6 +943,7 @@ int main(int argc, char * const argv[]) {
check(!NOINTR(close(fds[0]))); check(!NOINTR(close(fds[0])));
check(server = newCGIServer(portMin, portMax, AJAX_TIMEOUT)); check(server = newCGIServer(portMin, portMax, AJAX_TIMEOUT));
cgiServer = server; cgiServer = server;
setUpSSL(server);
// Output a <frameset> that includes our root page // Output a <frameset> that includes our root page
check(port = serverGetListeningPort(server)); check(port = serverGetListeningPort(server));
@ -925,29 +961,9 @@ int main(int argc, char * const argv[]) {
fflush(stdout); fflush(stdout);
free(cgiRoot); free(cgiRoot);
check(!NOINTR(close(fds[1]))); check(!NOINTR(close(fds[1])));
closeAllFds((int []){ launcherFd, serverGetFd(server), closeAllFds((int []){ launcherFd, serverGetFd(server) }, 2);
certificateFd }, certificateFd >= 0 ? 3 : 2);
logSetLogLevel(MSG_QUIET); logSetLogLevel(MSG_QUIET);
} }
serverEnableSSL(server, enableSSL);
// Enable SSL support (if available)
if (enableSSL) {
check(serverSupportsSSL());
if (certificateFd >= 0) {
serverSetCertificateFd(server, certificateFd);
} else if (certificateDir) {
char *tmp;
if (strchr(certificateDir, '%')) {
fatal("Invalid certificate directory name \"%s\".", certificateDir);
}
check(tmp = stringPrintf(NULL, "%s/certificate%%s.pem", certificateDir));
serverSetCertificate(server, tmp, 1);
free(tmp);
} else {
serverSetCertificate(server, "certificate%s.pem", 1);
}
}
// Set log file format // Set log file format
serverSetNumericHosts(server, numericHosts); serverSetNumericHosts(server, numericHosts);

6
shellinabox/shellinaboxd.man.in
View file

@ -63,6 +63,7 @@ shellinaboxd \- publish command line shell through AJAX interface
[\ \fB-p\fP\ | \fB--port=\fP\fIport\fP\ ] [\ \fB-p\fP\ | \fB--port=\fP\fIport\fP\ ]
[\ \fB-s\fP\ | \fB--service=\fP\fIservice\fP\ ] [\ \fB-s\fP\ | \fB--service=\fP\fIservice\fP\ ]
[\ \fB-t\fP\ | \fB--disable-ssl\fP\ ] [\ \fB-t\fP\ | \fB--disable-ssl\fP\ ]
[\ \fB--disable-ssl-menu\fP\ ]
[\ \fB-q\fP\ | \fB--quiet\fP\ ] [\ \fB-q\fP\ | \fB--quiet\fP\ ]
[\ \fB-u\fP\ | \fB--user=\fP\fIuid\fP\ ] [\ \fB-u\fP\ | \fB--user=\fP\fIuid\fP\ ]
[\ \fB-v\fP\ | \fB--verbose\fP\ ] [\ \fB-v\fP\ | \fB--verbose\fP\ ]
@ -380,6 +381,11 @@ undesired, this behavior can be disabled.
This option is also useful during testing or for deployment in trusted This option is also useful during testing or for deployment in trusted
intranets, if SSL certificates are unavailable. intranets, if SSL certificates are unavailable.
.TP .TP
\fB--disable-ssl-menu\fP
If the user should not be able to switch between HTTP and HTTPS modes, this
choice can be removed from the context menu. The user can still make this
choice by directly going to the appropriate URL.
.TP
\fB-q\fP\ |\ \fB--quiet\fP \fB-q\fP\ |\ \fB--quiet\fP
Surpresses all messages to Surpresses all messages to
.IR stderr . .IR stderr .

9
shellinabox/vt100.js
View file

@ -128,7 +128,8 @@ VT100.prototype.reset = function(clearHistory) {
this.offsetMode = false; this.offsetMode = false;
this.mouseReporting = false; this.mouseReporting = false;
this.utfEnabled = true; this.utfEnabled = true;
this.visualBell = suppressAllAudio != 'undefined' && this.visualBell = typeof suppressAllAudio !=
'undefined' &&
suppressAllAudio; suppressAllAudio;
this.utfCount = 0; this.utfCount = 0;
this.utfChar = 0; this.utfChar = 0;
@ -210,7 +211,8 @@ VT100.prototype.initializeElements = function(container) {
try { try {
if (typeof navigator.mimeTypes["audio/x-wav"].enabledPlugin.name != if (typeof navigator.mimeTypes["audio/x-wav"].enabledPlugin.name !=
'undefined') { 'undefined') {
embed = suppressAllAudio ? "" : embed = typeof suppressAllAudio != 'undefined' &&
suppressAllAudio ? "" :
'<embed classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ' + '<embed classid="clsid:02BF25D5-8C17-4B23-BC80-D3488ABDDC6B" ' +
'id="beep_embed" ' + 'id="beep_embed" ' +
'src="beep.wav" ' + 'src="beep.wav" ' +
@ -241,7 +243,8 @@ VT100.prototype.initializeElements = function(container) {
'<input type="textfield" id="input" />' + '<input type="textfield" id="input" />' +
'<input type="textfield" id="cliphelper" />' + '<input type="textfield" id="cliphelper" />' +
'<span id="attrib">&nbsp;</span>' + '<span id="attrib">&nbsp;</span>' +
(suppressAllAudio ? "" : (typeof suppressAllAudio != 'undefined' &&
suppressAllAudio ? "" :
embed + '<bgsound id="beep_bgsound" loop=1 />') + embed + '<bgsound id="beep_bgsound" loop=1 />') +
'</div>'; '</div>';
} }