Browse Source

minor improvement of README.proxy

moved "ReadOnlyConfig" warning to "partition" plugin
moved "NoSSL" warning to "encrypted_webinterface" plugin
display up to three warnings at once
master
lars 15 years ago
parent
commit
c4d4ea399d
  1. 15
      README.proxy
  2. 17
      plugins/encrypted_webinterface/encrypted_webinterface.py
  3. 9
      plugins/encrypted_webinterface/language.hdf
  4. 12
      plugins/partition/language.hdf
  5. 9
      plugins/partition/partition.py
  6. 13
      src/cryptobox/plugins/base.py
  7. 32
      src/cryptobox/web/sites.py
  8. 13
      templates/header.cs
  9. 16
      templates/language.hdf
  10. 10
      www-data/cryptobox.css

15
README.proxy

@ -1,13 +1,15 @@
Running the CryptoBox behind a proxy
This describes how to setup the CryptoBox webserver behind a apache or lighttpd
as proxy webservers.
This describes how to setup the CryptoBox webserver behind a proxy webserver
(e.g.: apache or lighttpd).
-=-=-=- apache in front of the cryptobox-server (cherrypy) -=-=-=-
The following section describes how to configure an apache2 webserver for
forwarding requests to the cherrypy server of the CryptoBox.
The following section describes how to configure an apache2 webserver to
forward requests to the cherrypy server of the CryptoBox.
1) Required modules
@ -41,12 +43,13 @@ forwarding requests to the cherrypy server of the CryptoBox.
3) Testing
Now you should point your webserver to the proxy host and check if
the CryptoBox layout ist working properly.
the CryptoBox layout ist displayed properly.
-----
-=-=-=- lighttpd in front of the cryptobox-server (cherrypy) -=-=-=-
In this section we do the same as above, but with lighttpd.
Your lighttpd config should contain something like this:

17
plugins/encrypted_webinterface/encrypted_webinterface.py

@ -46,3 +46,20 @@ class encrypted_webinterface(cryptobox.plugins.base.CryptoBoxPlugin):
"""
return "TODO"
def get_warnings(self):
"""check if the connection is encrypted
"""
import cherrypy, os
if cherrypy.request.scheme == "https":
return None
## check an environment setting - this is quite common behind proxies
if os.environ.has_key("HTTPS"):
return None
## this arbitrarily chosen header is documented in README.proxy
if cherrypy.request.headers.has_key("X-SSL-Request") \
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
return None
## plaintext connection -> "heavy security risk" (priority=20..39)
return (25, "Plugins.%s.NoSSL" % self.get_name())

9
plugins/encrypted_webinterface/language.hdf

@ -5,3 +5,12 @@ Title = Create encryption certificate
Button.CreateCertificate = Create certificate
EnvironmentWarning {
NoSSL {
Text = The connection is not encrypted - passwords can be easily intercepted.
Link.Text = Use encrypted connection
Link.Prot = https
}
}

12
plugins/partition/language.hdf

@ -48,6 +48,16 @@ AdviceMessage {
}
}
EnvironmentWarning {
ReadOnlyConfig {
Text = Read-only setup detected - probably you should create a configuration partition.
Link.Text = Initialize partition
Link.Rel = partition
}
}
SuccessMessage {
Partitioned {
Title = Partitioning complete
@ -61,6 +71,7 @@ SuccessMessage {
}
}
WarningMessage {
FormatNotConfirmed {
Title = Confirmation missing
@ -107,3 +118,4 @@ WarningMessage {
Text = The minimum size of a volume is 10 megabytes.
}
}

9
plugins/partition/partition.py

@ -98,6 +98,15 @@ class partition(cryptobox.plugins.base.CryptoBoxPlugin):
self.with_config_partition)
def get_warnings(self):
## this check is done _after_ "reset_dataset" -> if there is
## a config partition, then it was loaded before
if self.cbox.prefs.requires_partition() \
and not self.cbox.prefs.get_active_partition():
return (50, "Plugins.%s.ReadOnlyConfig" % self.get_name())
return None
def __prepare_dataset(self):
"""Set some hdf values.
"""

13
src/cryptobox/plugins/base.py

@ -110,6 +110,19 @@ class CryptoBoxPlugin:
"""
pass
def get_warnings(self):
"""Return a priority and a warning, if the plugin detects a misconfiguration
valid prioritie ranges are:
- 80..99 loss of data is possible
- 60..79 the cryptobox will probably not work at all
- 40..59 important features will propably not work
- 20..39 heavy security risk OR broken recommended features
- 00..19 possible mild security risk OR broken/missing optional features
"""
return None
@cherrypy.expose
def get_icon(self, image=None, **kargs):

32
src/cryptobox/web/sites.py

@ -419,30 +419,14 @@ class WebInterfaceSites:
examples are: non-https, readonly-config, ...
"""
## this check is done _after_ "reset_dataset" -> if there is
## a config partition, then it was loaded before
if self.cbox.prefs.requires_partition() \
and not self.cbox.prefs.get_active_partition():
self.__dataset["Data.EnvironmentWarning"] = "ReadOnlyConfig"
#TODO: turn this on soon (add "not") - for now it is annoying
if not self.__check_https():
self.__dataset["Data.EnvironmentWarning"] = "NoSSL"
def __check_https(self):
"""check the request scheme
"""
if cherrypy.request.scheme == "https":
return True
## check an environment setting - this is quite common behind proxies
if os.environ.has_key("HTTPS"):
return True
## this arbitrarily chosen header is documented in README.proxy
if cherrypy.request.headers.has_key("X-SSL-Request") \
and (cherrypy.request.headers["X-SSL-Request"] == "1"):
return True
## plaintext connection
return False
warnings = []
for pl in self.__plugin_manager.get_plugins():
warnings.append(pl.get_warnings())
## remove empty warnings
warnings = [ e for e in warnings if e ]
warnings.sort(reverse=True)
for (index, (warn_prio, warn_text)) in enumerate(warnings):
self.__dataset["Data.EnvironmentWarning.%d" % index] = warn_text
def __set_web_lang(self, value):

13
templates/header.cs

@ -88,10 +88,15 @@ if:subcount(Data.StylesheetFiles) > 0
</td></tr></table>
</div></td></tr>
<?cs if:?Data.EnvironmentWarning ?>
<tr><td colspan="3"><div id="EnvironmentWarning"><?cs
call:environment_warning(Data.EnvironmentWarning) ?></div></td></tr>
<?cs /if ?>
<?cs if:subcount(Data.EnvironmentWarning) > 0
?><?cs # display up to 3 warnings (sorted by priority)
?><?cs set:warn_count = min(#3, subcount(Data.EnvironmentWarning))
?><?cs loop: x = #0, warn_count-#1, #1 ?>
<tr><td colspan="3"><div class="EnvironmentWarning">
<?cs call:environment_warning(Data.EnvironmentWarning[x]) ?>
</div></td></tr>
<?cs /loop ?><?cs
/if ?>
<tr><td id="pane_left_top" /><td id="pane_top" /><td id="pane_right_top" /></tr>

16
templates/language.hdf

@ -91,19 +91,3 @@ WarningMessage {
}
}
EnvironmentWarning {
ReadOnlyConfig {
Text = Read-only setup detected - probably you should create a configuration partition.
Link.Text = Initialize partition
Link.Rel = partition
}
NoSSL {
Text = The connection is not encrypted - passwords can be easily intercepted.
Link.Text = Use encrypted connection
Link.Prot = https
}
}
}

10
www-data/cryptobox.css

@ -156,7 +156,7 @@ fieldset.message td {
/* -------=-=-=- environmental messages -=-=-=-------- */
#EnvironmentWarning fieldset.message {
div.EnvironmentWarning fieldset.message {
text-align: left;
margin: 0 2px 8px 2px;
padding: 5px;
@ -167,7 +167,7 @@ fieldset.message td {
background-image: url(environment_warning_background.png);
}
#EnvironmentWarning fieldset.message td.message_symbol img {
div.EnvironmentWarning fieldset.message td.message_symbol img {
width: 16px;
height: 16px;
padding: 2px;
@ -175,17 +175,17 @@ fieldset.message td {
vertical-align: middle;
}
#EnvironmentWarning fieldset.message td.link {
div.EnvironmentWarning fieldset.message td.link {
text-align: right;
}
#EnvironmentWarning fieldset.message td.link a {
div.EnvironmentWarning fieldset.message td.link a {
color: #55b;
font-style: italic;
text-decoration: none;
}
#EnvironmentWarning fieldset.message td.link a:hover {
div.EnvironmentWarning fieldset.message td.link a:hover {
text-decoration: underline;
}

Loading…
Cancel
Save