21:44 -!- jtanx [
[email protected]] has quit ["ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]"]
+--- Day changed Tue Oct 01 2013
+13:40 < sam_moore> Another option for the login system (a really terrible option that I don't condone on any real world system, but it might just get us marks)
+13:40 < sam_moore> Is to provide some cgi scripts that wrap around "useradd" "userdel" and "usermod"
+13:40 < sam_moore> And have our "Login" function check /etc/shadow
+13:41 < sam_moore> I emailed UWA IT help desk about Pheme anyway
+13:41 < sam_moore> I wonder what they'll make of it...
+13:51 < jtanx> hehe
+13:52 < sam_moore> The more I think about it, the more I think LDAP is the way you'd do this properly though
+13:52 < sam_moore> It basically is a text file
+13:53 < jtanx> yeah
+13:53 < sam_moore> If you started with a text file, you'd quickly find yourself reinventing the wheel and probably converging with what LDAP already does
+13:53 < jtanx> I guess the real problem is that rolling our own solution is not really feasible in the time left, especially if you want to ensure it's at least ok in terms of security
+13:57 < sam_moore> Yes
+14:08 < sam_moore> For reference: http://www.debuntu.org/how-to-set-up-a-ldap-server-and-its-clients/
+14:09 < sam_moore> And http://mindref.blogspot.com.au/2010/12/openldap-create-user.html
+14:09 < sam_moore> (How to set up our own LDAP server)
+14:11 < jtanx> slapd
+14:12 < jtanx> what a weird choice of a name
+14:12 < sam_moore> Haha
+14:15 < jtanx> oh
+14:15 < jtanx> if you set up an ldap server
+14:15 < jtanx> http://phpldapadmin.sourceforge.net/wiki/index.php/Main_Page
+14:15 < jtanx> get them to manage the ldap database themselves
+14:15 < jtanx> :P
+14:15 < jtanx> to add or remove users
+14:22 < sam_moore> Yeah, that's kind of how ldap was designed
+14:22 < sam_moore> Technically I can probably modify my UWA "pheme" password from a command line using ldappasswd
+14:22 < sam_moore> Unless they use kerberos
+14:23 < sam_moore> (We don't want to start going into kerberos...)
+14:54 < sam_moore> Welp, I've put an LDAP server on my laptop for testing purposes
+14:54 < sam_moore> With an account "snoopy"
+14:55 < sam_moore> Seems to work... now to test it with our software
+14:55 < sam_moore> Hey, maybe we could just put an LDAP server on the BeagleBone and get a GUI LDAP editor
+14:56 < sam_moore> Oh right, you suggested that at 14:15
+14:56 < sam_moore> I like it though
+14:58 < jtanx> yah not too bad
+14:58 < jtanx> say we had an ldap server on the bbb
+14:59 < jtanx> we could even write the password manager in a different language
+14:59 < jtanx> if we wanted to make one
+14:59 < sam_moore> Yeah, exactly
+14:59 < jtanx> because it only has to interact with the ldap database
+14:59 < sam_moore> We shouldn't do that in the FastCGI program
+14:59 < jtanx> yup
+15:00 < sam_moore> I sent an email about it to everyone, suggesting PHP or python CGI to wrap around LDAP
+15:01 < sam_moore> I wonder when this system is going to start being put together though
+15:02 < sam_moore> We'll end up with a server and no hardware to control
+15:02 < jtanx> Looks like it
+15:02 < sam_moore> Those images Justin sent us look nice
+15:02 < jtanx> Yeah they look quite good
+15:07 < sam_moore> With the FastCGI program
+15:07 < sam_moore> Do you think it's better to pass options through the command line
+15:07 < sam_moore> Or have a bunch of #defines that need to get configured?
+15:08 < sam_moore> eg: To specify the LDAP server
+15:08 < sam_moore> (At the moment it's just a #define)
+15:08 < jtanx> hmm
+15:08 < jtanx> It's probably better to pass as a command line
+15:09 < sam_moore> Ok
+15:09 < jtanx> unless we're absolutely sure that the ldap address is fixed
+15:10 < sam_moore> What we can do is write a bash script that sets a bunch of variables
+15:10 < sam_moore> Then run.sh sources that and passes them all as arguments
+15:10 < jtanx> sounds good
+15:35 < sam_moore> What about things like the path to the GPIO and ADC? I figure they should stay as #defines
+15:35 < sam_moore> Since they probably won't be changing
+15:36 < sam_moore> At least not until the next BeagleBone kernel comes out
+15:36 < jtanx> hehe
+15:36 < jtanx> yeah that should stay as defins
+15:36 < jtanx> if the path does change
+15:36 < jtanx> then that probably warrants a recompile anyway since stuff may have changed with how you access it
+15:36 < sam_moore> Ok, should I put all the defines that you might want to adjust on a recompile in the same place?
+15:37 < sam_moore> common.h?
+15:37 < jtanx> what defines do we have right now
+15:37 < jtanx> that may change
+15:39 < sam_moore> Nothing major, I just want it to be flexible
+15:39 < jtanx> hmm
+15:39 < jtanx> even if you did that
+15:39 < jtanx> if you needed to change the define
+15:39 < jtanx> you'd probably be looking at changing hte code anyway
+15:40 < sam_moore> Sure, but that doesn't mean you can't put the defines in an easy to find place
+15:40 < sam_moore> For example, say someone wants to recompile this for a RPi
+15:40 < jtanx> But for stuff like 'where's the pwm path'
+15:40 < sam_moore> Given the trouble we had with pwm path confusion
+15:41 < jtanx> I'd look in the header relevant to pin control
+15:41 < sam_moore> I think it's helpful to make it easy for someone to see what we're doing
+15:41 < sam_moore> I suppose
+15:42 < jtanx> ok I guess it doesn't matter if it goes in common.h or not
+15:42 < sam_moore> Yeah, but I think I agree with you now :P
+15:42 < jtanx> ( I guess this is what ./configure and configure.h are for :P )
+15:51 < sam_moore> Sigh...
+15:51 < sam_moore> I put in a #warning to generate a warning if you tried to compile the software on something that isn't the BeagleBone
+15:51 < sam_moore> ...
+15:51 < sam_moore> And the use of #warning caused a warning
+15:52 < sam_moore> warning: #warning is a GCC extension [enabled by default]
+16:05 < jtanx> :p
+16:08 < jtanx> because of the -pedantic flag
+21:13 -!- jtanx [
[email protected]] has quit ["ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]"]
+--- Day changed Wed Oct 02 2013
+--- Day changed Thu Oct 03 2013
+09:30 -!- jtanx [
[email protected]] has quit ["ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]"]
+10:26 -!- MctxBot_ is now known as MctxBot
+10:45 < jtanx> finally
+12:09 < MctxBot> guh
+12:09 < MctxBot> crappy laptop keeps crashing
+12:20 -!- jtanx_ is now known as jtanx
+12:28 < jtanx> about login_handler
+12:28 < jtanx> The result from FCGI_ParseRequest
+12:28 < jtanx> for string types
+12:28 < jtanx> should be treated as const char*
+12:29 < jtanx> I guess it really doesn't matter, unless it returns an empty string
+12:29 < jtanx> it's also not true that user/pass would be of max length BUFSIZ
+12:30 < jtanx> because of how it was defined, params has a max length of BUFSIZ
+12:30 < jtanx> but user/pass may be anywhere in that string
+12:30 < jtanx> so their max length < BUFSIZ
+12:30 < jtanx> so the bounds check makes no sense
+12:31 < jtanx> (sure, it prevents an infinite loop, but by that stage, you could be writing to locations where you don't want to anyway)
+12:31 < jtanx> besides, FCGI_ParseRequest should guarantee that they're null terminated
+12:38 < jtanx> also, whitespace (>.< :P)
+12:38 < sam_moore> True, but this is the whole "defensive" programming thing where you assume that some future unspecified developer is going to do something stupid and you attempt to minimise the damage they can cause :P
+12:38 < jtanx> while (*user && isspace(*user)) user++;
+12:38 < jtanx> char *ptr = user;
+12:38 < jtanx> while (*ptr && isalnum(*ptr)) ptr++;
+12:38 < jtanx> *ptr = 0;
+12:39 < jtanx> well
+12:39 < jtanx> by that stage you're screwed anyway
+12:39 < jtanx> not much point doing something that doesn't make sense too
+12:39 < sam_moore> You're more screwed if your program is writing to undefined locations in an infinite loop than if it's writing to a finite number of undefined locations
+12:39 < jtanx> still
+12:39 < jtanx> at least if it's infinite
+12:39 < jtanx> you'll know it crashes
+12:40 < jtanx> actually that's hardly the case
+12:40 < jtanx> because it will come across a zero at some point
+12:40 < jtanx> more often than not
+12:40 < jtanx> but anyway...
+12:40 < jtanx> does valgrind pick that up?
+12:41 < sam_moore> Hah
+12:41 < jtanx> and to be honest, by adding the BUFSIZ check, that's implying their max length when it's actually not
+12:41 < jtanx> which may be confusing in itself
+12:41 < sam_moore> The operating system should pick up a segfault on the first invalid write anyway
+12:41 < jtanx> unless
+12:41 < jtanx> the following region is writeable too
+12:42 < jtanx> eg you have a struct, members follow each other
+12:43 < sam_moore> If you really want to remove the bounds check go ahead
+12:43 < sam_moore> Either way that code does what it's meant to
+12:43 < jtanx> ok, well yeah
+12:44 < jtanx> hmm
+12:44 < jtanx> problem
+12:44 < jtanx> anyone can logout the currently logged in user
+12:44 < jtanx> oh wait
+12:45 < jtanx> sorry
+12:48 < sam_moore> My network is being terrible so I can't say much
+12:48 < sam_moore> One last argument in favour of the BUFSIZ check... if someone modifies the function that "should" be guaranteed to null terminate the string and doesn't... then you fall into an infinite loop
+12:49 < jtanx> well that's a case of too bad
+12:49 < jtanx> if it infinite loops
+12:49 < jtanx> then it shows you've done something wrong, so it'd be a good case to check what you've done
+12:50 < jtanx> if you hide that with a BUFSIZ check, you may not know there's a problem until later down the track
+12:50 < sam_moore> If you port the code to run in a kernel module or something, it's a case of instead of getting a seg fault, you suddenly wipe out all your memory
+12:50 < jtanx> with a kernel module, you'd be testing it pretty rigorously in a vm, i would think :P
+12:51 < sam_moore> Yeah, but it pays not to assume things about the sanity of other programmers
+12:51 < sam_moore> That's why all that extremely irritating "public, private" stuff is used
+12:52 < jtanx> to be honest, I'd rather have it fail fast than come up with weird issues that may/may not happen all the time
+12:52 < sam_moore> Anyway, just remove the bounds check, this is getting ridiciluos
+13:31 < jtanx> hmmm
+13:31 < jtanx> if ($http_cookie ~* "id=([^;] +)(?:;|$)" ) {
+13:31 < jtanx> set $id $1;
+13:31 < jtanx> }
+13:32 < jtanx> right now, only the control key can be sent as the one and only cookie
+13:38 < jtanx> we could get nginx to extract the desired cookie
+14:33 < jtanx> actually nah
+21:17 < jtanx> herp derp
+21:17 < jtanx> was idling in mctxuwa
+21:17 < jtanx> not mctxuwa_softdev
+21:40 < jtanx> anyway...
+21:40 < jtanx> a (the) login/logout functionality is almost done for the gui
+21:40 < jtanx> to make it work, I need to add the identify module to the modules that doesn't need login
+21:41 < jtanx> also, maybe fields to indicate if logged in or not when ident is called + if logged in, a 'human friendly' name to display for the user
+22:34 < jtanx> ok
+22:34 < jtanx> it's just about done. It auto redirects you (via javascript) to the login page if you're logged out (and vice versa)
+22:34 < jtanx> this can be disabled for debugging purposes by changing mctx.debug=true in mctx.gui.js
+22:34 < jtanx> it works quite well, I think
+22:35 < jtanx> I still haven't implemented the whole 'friendly name' thing though
+22:35 < jtanx> (e.g the 'Welcome Joe Bloggs' with the actual user name or something)
+22:40 < jtanx> test at: https://mctx.us.to:8043/test/
+22:42 < jtanx> except now there's a logout bug grr...
+22:46 < jtanx> fixed
+23:32 -!- jtanx [
[email protected]] has quit ["ChatZilla 0.9.90.1 [Firefox 24.0/20130910160258]"]
git.ucc.asn.au / matches / MCTX3420.git / blobdiff
UCC git Repository :: git.ucc.asn.au