[Cherokee] Setting a user defined password at cherokee-admin

[Daniel Loureiro]

Hi,

I want to make some changes in cherokee-admin launcher to accept a user-defined password at command line (rather than automatically generate a random password). But I don't known how the sources are structured. Can someone tell me what file (or files) I need to change to do this? Is this https://github.com/cherokee/webserver/blob/master/cherokee/main_admin.c ?

Thanks,

--

Daniel Loureiro
------------------------------

[Stefan de Konink]

On Wed, 17 Apr 2013, Daniel Loureiro wrote:

> random password). But I don't known how the sources are structured. Can
> someone tell me what file (or files) I need to change to do this? Is this
> https://github.com/cherokee/webserver/blob/master/cherokee/main_admin.c ?

<https://github.com/cherokee/webserver/blob/master/cherokee/main_admin.c#L197>

The -u option makes it unsecure, a potential password could be added using
another option. Since that is the place to check for (un)secure, I guess
that place could also be used to assign the defined password instead. I do
want to warn you though, this type of configuration is not "secure" at
all.

ps aux | grep cherokee-admin

...will show it.

Stefan
_______________________________________________
Cherokee mailing list
Cher...@lists.octality.com
http://lists.octality.com/listinfo/cherokee

[Stefan de Konink]

...what you could do, is prompt for a password in that function, and read
it from the commandline.

[Daniel Loureiro]

> I do want to warn you though, this type of configuration is not "secure" at all.

>

> ps aux | grep cherokee-admingood point. 

I hadn't thought about the "ps aux" command and their gossip behaviour ;)

>...what you could do, is prompt for a password in that function, and read
> it from the commandline.

So I think this would be a good option (where -P prompts for a password):

echo "mypassword" | ./cherokee-admin-launcher -P

another option is to use some pam authentication (or even use the passwd file) at http request for authentication, but this would be a little more complicate and, by now, I don't masters the cherokee code.

To do the first idea (the -P one) I believe this should be done:

* we only need to change the https://github.com/cherokee/webserver/blob/master/cherokee/main_admin.c file

* add a help string at "print_help()" function

* at "process_parameters()": add "P" option. At "P" case, set "unsecure" to "1" and "password" to the inputted one (both are globals).

It's right?

Some questions:

1) if "unsecure" is set to 1, then the code won't rewrite the password, but at line 285 it also won't use the user-defined password. So I guess that I have to change this too. It's right?

2) if I launch the cherokee-admin with the unsecure option at command line (with the -u option) so I can define the user and password by adding this lines at config file (cherokee.conf)?

1!auth = authlist

1!auth!methods = digest

1!auth!realm = Cherokee-admin

1!auth!list!1!user = myuser

1!auth!list!1!password = mypassword

3) Where the "cherokee_buffer_t" structure are defined? To set a password I need to use the cherokee_buffer_add_char() and write char by char or there some other option to do this?

PS: my english is awful so if someone don't understand something that I wrote, please tell me so I can reformulate the question ;)