seasharp
/
anvil
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* Created Log->is_secure() to more cleanly handle conditional logging of strings with passwords or passwords directly. Updated log entries that could benefit from this method to use it.

Browse Source 
* Cleaned up the striker->add_sync_peer() function to more clearly differentiate the ssh port from the pgsql port.
* Improved the HTML form to not have the browser treat host login fields as credentials to autofill or save.

Signed-off-by: Digimer <digimer@alteeve.ca>
main
Digimer 5 years ago
parent b51f87bdcc
commit b8816382b8
16 changed files with 160 additions and 123 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      Anvil/Tools/Account.pm
  2. 10
      Anvil/Tools/DRBD.pm
  3. 22
      Anvil/Tools/Database.pm
  4. 25
      Anvil/Tools/Get.pm
  5. 27
      Anvil/Tools/Log.pm
  6. 6
      Anvil/Tools/Remote.pm
  7. 4
      Anvil/Tools/Server.pm
  8. 26
      Anvil/Tools/Storage.pm
  9. 6
      Anvil/Tools/System.pm
  10. 128
      cgi-bin/striker
  11. 3
      html/skins/alteeve/config.html
  12. 12
      html/skins/alteeve/striker.html
  13. 2
      share/words.xml
  14. 2
      tools/anvil-change-password
  15. 2
      tools/anvil-configure-host
  16. 4
      tools/striker-manage-peers

4
Anvil/Tools/Account.pm
Unescape View File

@ -128,7 +128,7 @@ sub encrypt_password
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
algorithm => $algorithm,
hash_count => $hash_count,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
salt => $salt,
}});
@ -760,7 +760,7 @@ sub validate_password
my $valid = 0;
my $hash = "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
user => $user,
}});

10
Anvil/Tools/DRBD.pm
Unescape View File

@ -123,7 +123,7 @@ sub allow_two_primaries
my $target_node_id = defined $parameter->{target_node_id} ? $parameter->{target_node_id} : "";
my $return_code = 255;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
resource => $resource,
@ -263,7 +263,7 @@ sub get_devices
my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root";
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
target => $target,
@ -534,7 +534,7 @@ sub get_status
my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root";
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
target => $target,
@ -793,7 +793,7 @@ sub manage_resource
my $task = defined $parameter->{task} ? $parameter->{task} : "";
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
resource => $resource,
@ -890,7 +890,7 @@ sub reload_defaults
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
my $return_code = 255;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
resource => $resource,

22
Anvil/Tools/Database.pm
Unescape View File

@ -746,7 +746,7 @@ sub connect
port => $port,
name => $name,
user => $user,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
}});
# Some places will want to pull up the database user, so in case it isn't set (which is
@ -790,7 +790,7 @@ sub connect
port => $port,
name => $name,
user => $user,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
}});
### TODO: Can we do a telnet port ping with a short timeout instead of a shell ping call?
@ -1076,7 +1076,7 @@ sub connect
"database::${uuid}::port" => $anvil->data->{database}{$uuid}{port},
"database::${uuid}::name" => $database_name,
"database::${uuid}::user" => $database_user,
"database::${uuid}::password" => $anvil->Log->secure ? $anvil->data->{database}{$uuid}{password} : $anvil->Words->string({key => "log_0186"}),
"database::${uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$uuid}{password}),
}});
# Copy my alert hash before I delete the uuid.
@ -1137,7 +1137,7 @@ sub connect
"database::${uuid}::port" => $anvil->data->{database}{$uuid}{port},
"database::${uuid}::name" => $database_name,
"database::${uuid}::user" => $database_user,
"database::${uuid}::password" => $anvil->Log->secure ? $anvil->data->{database}{$uuid}{password} : $anvil->Words->string({key => "log_0186"}),
"database::${uuid}::password" => $anvil->Log->is_secure($anvil->data->{database}{$uuid}{password}),
}});
### TODO: Is this still an issue? If so, then we either need to require that the DB host
@ -4621,7 +4621,7 @@ sub insert_or_update_users
line => $line,
user_uuid => $user_uuid,
user_name => $user_name,
user_password_hash => (($anvil->Log->secure) or ($user_salt)) ? $user_password_hash : $anvil->Words->string({key => "log_0186"}) ,
user_password_hash => $user_salt ? $user_password_hash : $anvil->Log->is_secure($user_password_hash),
user_salt => $user_salt,
user_algorithm => $user_algorithm,
user_hash_count => $user_hash_count,
@ -4671,7 +4671,7 @@ sub insert_or_update_users
$user_algorithm = $answer->{user_algorithm};
$user_hash_count = $answer->{user_hash_count};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
user_password_hash => (($anvil->Log->secure) or ($user_salt)) ? $user_password_hash : $anvil->Words->string({key => "log_0186"}) ,
user_password_hash => $user_salt ? $user_password_hash : $anvil->Log->is_secure($user_password_hash) ,
user_salt => $user_salt,
user_algorithm => $user_algorithm,
user_hash_count => $user_hash_count,
@ -5619,7 +5619,7 @@ sub query
uuid => $uuid,
"cache::database_handle::${uuid}" => $anvil->data->{cache}{database_handle}{$uuid},
line => $line,
query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}),
query => (not $secure) ? $query : $anvil->Log->is_secure($query),
secure => $secure,
source => $source,
}});
@ -5669,7 +5669,7 @@ sub query
# Do the query.
my $DBreq = $anvil->data->{cache}{database_handle}{$uuid}->prepare($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0075", variables => {
query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}),
query => (not $secure) ? $query : $anvil->Log->is_secure($query),
server => $say_server,
db_error => $DBI::errstr,
}});
@ -5677,7 +5677,7 @@ sub query
# Execute on the query
$DBreq->execute() or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0076", variables => {
query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}),
query => (not $secure) ? $query : $anvil->Log->is_secure($query),
server => $say_server,
db_error => $DBI::errstr,
}});
@ -6316,7 +6316,7 @@ sub write
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
uuid => $uuid,
line => $line,
query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}),
query => (not $secure) ? $query : $anvil->Log->is_secure($query),
secure => $secure,
source => $source,
reenter => $reenter,
@ -6487,7 +6487,7 @@ sub write
# Do the do.
$anvil->data->{cache}{database_handle}{$uuid}->do($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0090", variables => {
query => ((not $secure) or (($secure) && (not $anvil->Log->secure))) ? $query : $anvil->Words->string({key => "log_0186"}),
query => (not $secure) ? $query : $anvil->Log->is_secure($query),
server => $say_server,
db_error => $DBI::errstr,
}});

25
Anvil/Tools/Get.pm
Unescape View File

@ -129,7 +129,7 @@ sub anvil_version
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
my $version = 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
target => $target,
@ -188,9 +188,7 @@ fi;
This reads in the CGI variables passed in by a form or URL.
This will read the 'cgi_list' CGI variable for a comma-separated list of CGI variables to read in. So your form must set this in order for this method to work.
If the variable 'file' is passed, it will be treated as a binary stream containing an uploaded file.
This method takes no parameters.
=cut
sub cgi
@ -218,19 +216,6 @@ sub cgi
push @{$cgis}, $variable;
}
}
elsif (defined $cgi->param("cgi_list"))
{
### TODO: Get rid of this
# This is a fall-back list we really shouldn't need.
my $cgi_list = $cgi->param("cgi_list");
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { cgi_list => $cgi_list }});
foreach my $variable (split/,/, $cgi_list)
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { variable => $variable }});
push @{$cgis}, $variable;
}
}
$cgi_count = @{$cgis};
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { cgi_count => $cgi_count }});
@ -245,7 +230,7 @@ sub cgi
# Now read in the variables.
foreach my $variable (sort {$a cmp $b} @{$cgis})
{
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { variable => $variable }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => { variable => $variable }});
$anvil->data->{cgi}{$variable}{value} = "";
$anvil->data->{cgi}{$variable}{mime_type} = "string";
@ -316,7 +301,7 @@ sub cgi
}
}
# Now loop again in the order that the variables were passed is 'cgi_list'.
# Now loop again.
foreach my $variable (@{$cgis})
{
next if $anvil->data->{cgi}{$variable} eq "";
@ -351,7 +336,7 @@ sub cgi
# This is a password and we're not logging sensitive data, obfuscate it.
$censored_value = $anvil->Words->string({key => "log_0186"});
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 1, list => {
"cgi::${variable}::$say_value" => $censored_value,
}});
}

27
Anvil/Tools/Log.pm
Unescape View File

@ -442,6 +442,33 @@ sub entry
return(0);
}
=head2 is_secure
This method takes a password string. If C<< Log->secure >> is C<< 1 >>, the same string is returned. If not, C<< #!string!log_0186!# >> is returned.
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
user => $user,
host => $host,
password => $anvil->Log->is_secure($password),
}});
B<< NOTE >>: Unlike most methods, this one does not take a hash reference for the parameters. It takes the string directly.
=cut
sub is_secure
{
my $self = shift;
my $password = shift;
my $anvil = $self->parent;
if (not $anvil->Log->secure)
{
$password = "#!string!log_0186!#";
}
return($password);
}
=head2 language
This sets or returns the log language ISO code.

6
Anvil/Tools/Remote.pm
Unescape View File

@ -300,9 +300,9 @@ sub call
# NOTE: The shell call might contain sensitive data, so we show '--' if 'secure' is set and $anvil->Log->secure is not.
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
'close' => $close,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
secure => $secure,
shell_call => ((not $anvil->Log->secure) && ($secure)) ? $anvil->Words->string({key => "log_0186"}) : $shell_call,
shell_call => (not $secure) ? $shell_call : $anvil->Log->is_secure($shell_call),
ssh_fh => $ssh_fh,
start_time => $start_time,
port => $port,
@ -676,7 +676,7 @@ sub test_access
my $user = defined $parameter->{user} ? $parameter->{user} : getpwuid($<);
my $access = 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
target => $target,
user => $user,

4
Anvil/Tools/Server.pm
Unescape View File

@ -212,7 +212,7 @@ sub find
my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root";
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
refresh => $refresh,
remote_user => $remote_user,
@ -328,7 +328,7 @@ sub get_status
my $server = defined $parameter->{server} ? $parameter->{server} : "";
my $target = defined $parameter->{target} ? $parameter->{target} : "local";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
remote_user => $remote_user,
target => $target,

26
Anvil/Tools/Storage.pm
Unescape View File

@ -150,7 +150,7 @@ sub backup
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
fatal => $fatal,
port => $port,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
target => $target,
remote_user => $remote_user,
source_file => $source_file,
@ -642,7 +642,7 @@ sub copy_file
my $target = defined $parameter->{target} ? $parameter->{target} : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
overwrite => $overwrite,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
remote_user => $remote_user,
source_file => $source_file,
target_file => $target_file,
@ -958,7 +958,7 @@ sub make_directory
group => $group,
mode => $mode,
port => $port,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
remote_user => $remote_user,
target => $target,
user => $user,
@ -1157,7 +1157,7 @@ sub move_file
my $target = defined $parameter->{target} ? $parameter->{target} : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
overwrite => $overwrite,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
remote_user => $remote_user,
source_file => $source_file,
target_file => $target_file,
@ -1548,7 +1548,7 @@ sub read_file
file => $file,
force_read => $force_read,
port => $port,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
remote_user => $remote_user,
secure => $secure,
target => $target,
@ -1861,7 +1861,7 @@ sub rsync
my $failed = 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
destination => $destination,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
source => $source,
switches => $switches,
@ -2319,11 +2319,11 @@ sub update_config
my $update = 0;
my $new_file = "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
secure => $secure,
target => $target,
value => ((not $secure) or ($anvil->Log->secure)) ? $value : $anvil->Words->string({key => "log_0186"}),
value => (not $secure) ? $value : $anvil->Log->is_secure($value),
variable => $variable,
remote_user => $remote_user,
}});
@ -2360,7 +2360,7 @@ sub update_config
my $is_secure = $this_variable =~ /passw/i ? 1 : 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
this_variable => $this_variable,
this_value => ((not $is_secure) or ($anvil->Log->secure)) ? $this_value : $anvil->Words->string({key => "log_0186"}),
this_value => not $is_secure ? $this_value : $anvil->Log->is_secure($this_value),
}});
if ($this_variable eq $variable)
{
@ -2481,9 +2481,9 @@ sub update_file
my $remote_user = defined $parameter->{remote_user} ? $parameter->{remote_user} : "root";
my $update = 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, secure => 0, list => {
body => ((not $body) or ($anvil->Log->secure)) ? $body : $anvil->Words->string({key => "log_0186"}),
body => (not $body) ? $body : $anvil->Log->is_secure($body),
file => $file,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
port => $port,
secure => $secure,
target => $target,
@ -2676,7 +2676,7 @@ sub write_file
mode => $mode,
overwrite => $overwrite,
port => $port,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
secure => $secure,
target => $target,
user => $user,
@ -2948,7 +2948,7 @@ sub _create_rsync_wrapper
my $target = defined $parameter->{target} ? $parameter->{target} : "";
my $password = defined $parameter->{password} ? $parameter->{password} : "";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => $debug, list => {
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
target => $target,
}});

6
Anvil/Tools/System.pm
Unescape View File

@ -410,8 +410,8 @@ sub change_shell_user_password
target => $target,
port => $port,
remote_user => $remote_user,
new_password => $anvil->Log->secure ? $new_password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
new_password => $anvil->Log->is_secure($new_password),
password => $anvil->Log->is_secure($password),
}});
# Do I have a user?
@ -2319,7 +2319,7 @@ sub ping
count => $count,
fragment => $fragment,
payload => $payload,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
ping => $ping,
port => $port,
remote_user => $remote_user,

128
cgi-bin/striker
Unescape View File

@ -38,7 +38,7 @@ $anvil->data->{form}{back_link} = "";
$anvil->data->{form}{refresh_link} = "";
# Read in any CGI variables, if needed.
$anvil->Get->cgi({debug => 2});
$anvil->Get->cgi();
# If we're being asked to get a file, do so now.
if ($anvil->data->{cgi}{upload_file}{file_handle})
@ -850,7 +850,7 @@ sub process_sync_page
name => $name,
user => $user,
ping => $ping,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
}});
# Store it by name.
@ -865,7 +865,7 @@ sub process_sync_page
"peers::${host}::name" => $anvil->data->{peers}{$host}{name},
"peers::${host}::ping" => $anvil->data->{peers}{$host}{ping},
"peers::${host}::uuid" => $anvil->data->{peers}{$host}{uuid},
"peers::${host}::password" => $anvil->Log->secure ? $anvil->data->{peers}{$host}{password} : $anvil->Words->string({key => "log_0186"}),
"peers::${host}::password" => $anvil->Log->is_secure($anvil->data->{peers}{$host}{password}),
}});
}
@ -885,7 +885,7 @@ sub process_sync_page
user => $user,
ping => $ping,
uuid => $uuid,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
}});
$anvil->data->{cgi}{new_peer_password}{value} = "" if not defined $anvil->data->{cgi}{new_peer_password}{value};
@ -974,34 +974,42 @@ sub add_sync_peer
my ($anvil) = @_;
# Break up the user, host and port. If anything goes wrong, we'll set an error and send it back.
my $user = $anvil->data->{sys}{database}{user};
my $host = $anvil->data->{cgi}{new_peer_access}{value};
my $password = $anvil->data->{cgi}{new_peer_password}{value};
my $name = $anvil->data->{sys}{database}{name};
my $ping = $anvil->data->{cgi}{new_peer_ping}{value} eq "on" ? 1 : 0;
my $port = 5432;
my $ssh_tcp = 22;
my $peer_uuid = "";
my $peer_host = "";
my $use_ip = ""; # This will contain the local IP to use for the peer to setup comms with us
my $user = $anvil->data->{sys}{database}{user};
my $host = $anvil->data->{cgi}{new_peer_access}{value};
my $password = $anvil->data->{cgi}{new_peer_password}{value};
my $name = $anvil->data->{sys}{database}{name};
my $ping = $anvil->data->{cgi}{new_peer_ping}{value} eq "on" ? 1 : 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
user => $user,
host => $host,
password => $anvil->Log->is_secure($password),
name => $name,
ping => $ping,
}});
my $pgsql_port = 5432;
my $ssh_port = 22;
my $peer_uuid = "";
my $peer_host = "";
my $use_ip = ""; # This will contain the local IP to use for the peer to setup comms with us
if ($host =~ /,ssh=(\d+)$/)
{
$ssh_tcp = $1;
$host =~ s/,ssh=\d+$//;
$ssh_port = $1;
$host =~ s/,ssh=\d+$//;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
ssh_tcp => $ssh_tcp,
host => $host,
ssh_port => $ssh_port,
host => $host,
}});
}
if ($host =~ /^(.*?)\@(.*?):(\d+)$/)
{
$user = $1;
$host = $2;
$port = $3;
$pgsql_port = $3;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
host => $host,
port => $port,
user => $user,
host => $host,
pgsql_port => $pgsql_port,
user => $user,
}});
}
elsif ($host =~ /^(.*?)\@(.*?)$/)
@ -1016,41 +1024,49 @@ sub add_sync_peer
elsif ($host =~ /^(.*?):(\d+)$/)
{
$host = $1;
$port = $2;
$pgsql_port = $2;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
host => $host,
port => $port,
host => $host,
pgsql_port => $pgsql_port,
}});
}
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
ssh_port => $ssh_port,
host => $host,
pgsql_port => $pgsql_port,
user => $user,
}});
# Is the host a domain or IP?
# If so, and 'bi-directional' is set, verify we can ssh into the peer.
my $is_domain = $anvil->Validate->is_domain_name({name => $host});
my $is_ipv4 = $anvil->Validate->is_ipv4({ip => $host});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
is_domain => $is_domain,
is_ipv4 => $is_ipv4,
port => $port,
is_domain => $is_domain,
is_ipv4 => $is_ipv4,
pgsql_port => $pgsql_port,
}});
if (((not $is_domain) && (not $is_ipv4)) or ($port < 1) or ($port > 65536))
if (((not $is_domain) && (not $is_ipv4)) or ($pgsql_port < 1) or ($pgsql_port > 65536))
{
# Bad host.
$anvil->data->{form}{error_massage} = $anvil->Template->get({file => "main.html", name => "error_message", variables => { error_message => $anvil->Words->string({key => "striker_warning_0002"}) }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"form::error_massage" => $anvil->data->{form}{error_massage},
}});
}
else
{
# Can we connect to the peer?
my $shell_call = $anvil->data->{path}{exe}{dmidecode}." --string system-uuid";
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { shell_call => $shell_call }});
my ($output, $error, $return_code) = $anvil->Remote->call({
password => $password,
target => $ssh_tcp != 22 ? $host.":".$ssh_tcp : $host,
shell_call => $shell_call,
debug => 2,
shell_call => $anvil->data->{path}{exe}{dmidecode}." --string system-uuid",
password => $password,
target => $host,
port => $ssh_port,
});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
output => $output,
error => $error,
output => $output,
error => $error,
return_code => $return_code,
}});
if ($error)
@ -1071,8 +1087,10 @@ sub add_sync_peer
else
{
my ($error, $output, $return_code) = $anvil->Remote->call({
debug => 2,
password => $password,
target => $ssh_tcp != 22 ? $host.":".$ssh_tcp : $host,
target => $host,
port => $ssh_port,
shell_call => $anvil->data->{path}{exe}{hostnamectl}." --static",
return_code => $return_code,
});
@ -1096,6 +1114,9 @@ sub add_sync_peer
{
# Can't do bi-directional
$anvil->data->{form}{error_massage} = $anvil->Template->get({file => "main.html", name => "error_message", variables => { error_message => $anvil->Words->string({key => "striker_warning_0008", variables => { host => $host }}) }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
"form::error_massage" => $anvil->data->{form}{error_massage},
}});
}
}
}
@ -1108,7 +1129,10 @@ sub add_sync_peer
{
my $pgpass_file = "/tmp/.pgpass";
$password =~ s/:/\:/g;
my $body = $host.":".$port.":".$name.":".$user.":".$password;
my $body = $host.":".$pgsql_port.":".$name.":".$user.":".$password;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => {
body => $body,
}});
$anvil->Storage->write_file({
file => $pgpass_file,
body => $body,
@ -1118,7 +1142,7 @@ sub add_sync_peer
});
# This will return '1' only, if it works.
my ($db_access, $return_code) = $anvil->System->call({shell_call => "PGPASSFILE=\"".$pgpass_file."\" ".$anvil->data->{path}{exe}{psql}." --host ".$host." --port ".$port." --dbname ".$name." --username ".$user." --no-password --tuples-only --no-align --command \"SELECT 1\""});
my ($db_access, $return_code) = $anvil->System->call({shell_call => "PGPASSFILE=\"".$pgpass_file."\" ".$anvil->data->{path}{exe}{psql}." --host ".$host." --port ".$pgsql_port." --dbname ".$name." --username ".$user." --no-password --tuples-only --no-align --command \"SELECT 1\""});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => { db_access => $db_access, return_code => $return_code }});
if ($db_access ne "1")
{
@ -1147,10 +1171,10 @@ sub add_sync_peer
if ($anvil->data->{cgi}{confirm}{value})
{
# OK, save the job!
my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$peer_uuid." --host ".$host." --port ".$port." --ping ".$ping;
my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$peer_uuid." --host ".$host." --port ".$pgsql_port." --ping ".$ping;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
job_command => $job_command,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
}});
# The job data will always contain the password for the peer, but also contain the
@ -1165,12 +1189,14 @@ sub add_sync_peer
if ($use_ip)
{
# See which of our IPs match theirs. If the peer is a hostname, first
my $host_uuid = $anvil->Get->host_uuid;
my $sql_port = $anvil->data->{database}{$host_uuid}{port};
my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$host_uuid." --host ".$use_ip." --port ".$sql_port." --ping ".$ping;
$job_data .= "\npeer_job_command=".$job_command;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 0, list => { job_command => $job_command }});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, secure => 1, list => { job_data => $job_data }});
my $host_uuid = $anvil->Get->host_uuid;
my $sql_port = $anvil->data->{database}{$host_uuid}{port};
my $job_command = $anvil->data->{path}{exe}{'striker-manage-peers'}." --add --host-uuid ".$host_uuid." --host ".$use_ip." --port ".$sql_port." --ping ".$ping;
$job_data .= "\npeer_job_command=".$job_command;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
job_command => $job_command,
job_data => $anvil->Log->is_secure($job_data),
}});
}
# Store the job
@ -1202,10 +1228,11 @@ sub add_sync_peer
{
# Show the screen the confirm the addition.
$anvil->data->{form}{body} = $anvil->Template->get({file => "striker.html", name => "confirm-new-peer", variables => {
access => $user."@".$host.":".$port,
access => $user."@".$host.":".$pgsql_port,
ping => $anvil->data->{cgi}{new_peer_ping}{value} ? "#!string!unit_0001!#" : "#!string!unit_0002!#",
bidirectional => $anvil->data->{cgi}{new_peer_bidirection}{value} ? "#!string!unit_0001!#" : "#!string!unit_0002!#",
}});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { "form::body" => $anvil->data->{form}{body} }});
}
}
@ -1516,7 +1543,6 @@ ORDER BY
striker_user => $anvil->data->{cgi}{striker_user}{value},
striker_password => $anvil->data->{cgi}{striker_password}{value},
networks => $networks,
cgi_list => $cgi."step",
show_name => 1,
}});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step3_body => $step3_body }});
@ -1893,7 +1919,6 @@ ORDER BY
gateway_form => $say_gateway,
dns_form => $say_dns,
hostname_form => $say_hostname,
cgi_list => $cgi."organization,prefix,domain,sequence,bcn_count,ifn_count,gateway,hostname,dns,striker_user,striker_password",
}});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step2_body => $step2_body }});
@ -2620,7 +2645,6 @@ sub config_step1
domain_form => $say_domain,
sequence_form => $say_sequence,
ifn_count_form => $say_ifn_count,
cgi_list => "organization,prefix,domain,sequence,ifn_count",
}});
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => { step1_body => $step1_body }});

3
html/skins/alteeve/config.html
Unescape View File

@ -100,7 +100,6 @@
<!-- NOTE: For now, we support only one BCN in the web UI, but the system will be ready for N-number later. -->
<input type="hidden" name="bcn_count" id="bcn_count" value="1">
<input type="hidden" name="step" id="step" value="step1">
<input type="hidden" name="cgi_list" id="cgi_list" value="next,bcn_count,step,#!variable!cgi_list!#">
</form>
</div>
</table>
@ -233,7 +232,6 @@
</tr>
<input type="hidden" name="bcn_count" id="bcn_count" value="#!variable!bcn_count!#">
<input type="hidden" name="step" id="step" value="step2">
<input type="hidden" name="cgi_list" id="cgi_list" value="organization,prefix,domain,sequence,next,step,#!variable!cgi_list!#">
</form>
</div>
</table>
@ -324,7 +322,6 @@
</tr>
<!-- NOTE: For now, we support only one BCN in the web UI, but the system will be ready for N-number later. -->
<input type="hidden" name="step" id="step" value="step3">
<input type="hidden" name="cgi_list" id="cgi_list" value="next,step">
</form>
</div>

12
html/skins/alteeve/striker.html
Unescape View File

@ -198,7 +198,10 @@
&nbsp;
</td>
<td>
<input type="password" name="password" id="password" value="#!variable!password!#" placeholder="#!string!striker_0051!#" />
<!--
This combination of input type text, disk characters and autocomplete=off prevents browsers from pre-filling password and offering to save passwords.
-->
<input type="text" name="password" id="password" value="#!variable!password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!striker_0051!#" />
</td>
<td>
&nbsp;
@ -213,7 +216,6 @@
</td>
</tr>
</div>
<input type="hidden" name="cgi_list" id="cgi_list" value="username,password,login">
</form>
</table>
<!-- end striker-login -->
@ -456,8 +458,10 @@
<input type="text" id="new_peer_access" name="new_peer_access" placeholder="#!string!striker_0069!#" value="#!variable!new_peer_access!#" readonly onfocus="this.removeAttribute('readonly');" />
</td>
<td class="padded_cell">
<!-- To prevent browsers from offering to save the user/password, we'll set the password to a text field and use css to obfuscate echoing back what the user typed -->
<input type="text" id="new_peer_password" name="new_peer_password" placeholder="#!string!striker_0051!#" value="#!variable!new_peer_password!#" readonly onfocus="this.removeAttribute('readonly');" style="-webkit-text-security: disc;" />
<!--
This combination of input type text, disk characters and autocomplete=off prevents browsers from pre-filling password and offering to save passwords.
-->
<input type="text" id="new_peer_password" name="new_peer_password" value="#!variable!new_peer_password!#" style="text-security:disc; -webkit-text-security:disc;" autocomplete="off" placeholder="#!string!striker_0051!#" />
</td>
<td class="padded_cell">
#!string!striker_0071!#: <input type="checkbox" id="new_peer_ping" name="new_peer_ping" checked />

2
share/words.xml
Unescape View File

@ -864,7 +864,7 @@ Here we will inject 't_0006', which injects 't_0001' which has a variable: [#!st
<key name="striker_0066">Access to this machine via: [#!variable!network!#].</key>
<key name="striker_0067">Save</key>
<key name="striker_0068">Delete</key>
<key name="striker_0069">[db_user@]hostname_or_ip[:tcp_port]</key>
<key name="striker_0069">[db_user@]hostname_or_ip[:pgsql_port][,ssh=ssh_port]</key>
<key name="striker_0070">Add</key>
<key name="striker_0071">Ping</key>
<key name="striker_0072">Bi-directional</key>

2
tools/anvil-change-password
Unescape View File

@ -215,7 +215,7 @@ sub update_local_passwords
print $anvil->Words->string({key => "message_0026", variables => { user => $user }});
my $query = "ALTER ROLE ".$user." WITH PASSWORD ".$dbh->quote($anvil->data->{switches}{'new-password'});
$dbh->do($query) or $anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 0, priority => "err", key => "log_0090", variables => {
query => $anvil->Log->secure ? $query : $anvil->Words->string({key => "log_0186"}),
query => $anvil->Log->is_secure($query),
server => "localhost",
db_error => $DBI::errstr,
}});

2
tools/anvil-configure-host
Unescape View File

@ -831,7 +831,7 @@ AND
my $secure = $this_variable =~ /passw/ ? 1 : 0;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 3, list => {
this_variable => $this_variable,
this_value => (($anvil->Log->secure) or (not $secure)) ? $this_value : $anvil->Words->string({key => "log_0186"}),
this_value => not $secure ? $this_value : $anvil->Log->is_secure($this_value),
}});
$anvil->_make_hash_reference($anvil->data->{variables}, $this_variable, $this_value);

4
tools/striker-manage-peers
Unescape View File

@ -100,7 +100,7 @@ foreach my $host (sort {$a cmp $b} keys %{$anvil->data->{sorted}{db}})
$anvil->Log->entry({source => $THIS_FILE, line => __LINE__, level => 1, secure => 0, key => "log_0190", variables => {
peer => $user."\@".$host.":".$port,
name => $name,
password => $anvil->Log->secure ? $password : $anvil->Words->string({key => "log_0186"}),
password => $anvil->Log->is_secure($password),
uuid => $uuid,
}});
}
@ -453,7 +453,7 @@ sub process_entry
$line = $variable.$left_space."=".$right_space.$password;
$anvil->data->{config}{rewrite} = 1;
$anvil->Log->variables({source => $THIS_FILE, line => __LINE__, level => 2, list => {
line => $anvil->Log->secure ? $line : $anvil->Words->string({key => "log_0186"}),
line => $anvil->Log->is_secure($line),
"config::rewrite" => $anvil->data->{config}{rewrite},
}});
update_progress($anvil, 50, "message_0071") if not $update_reported;

Write Preview
Loading…
Cancel
Save