add access control and diagnostics

git-svn-id: file:///root/webif/svn/humax/pkg/src/webif/trunk@511 2a923420-c742-0410-a762-8d5b09965624

CONTROL/control

@@ -1,7 +1,7 @@
 Package: webif
 Priority: optional
 Section: web
-Version: 0.8.0-4
+Version: 0.8.1
 Architecture: mipsel
 Maintainer: af123@hummypkg.org.uk
 Depends: mongoose(>=3.0-2),jim(>=0.71-1),jim-sqlite3(>=0.71-1),jim-cgi(>=0.4),jim-oo,jim-pack,service-control,busybox(>=1.18.3-1),lsof,epg(>=1.0.7),hmt(>=1.1.1),ssmtp

var/mongoose/cgi-bin/diag.jim

@@ -0,0 +1,33 @@
+#!/mod/bin/jimsh
+
+package require cgi
+source /mod/var/mongoose/lib/setup
+require system.class chunked
+
+cgi_input
+#cgi_dump
+
+set diag [cgi_get diag general]
+
+start_chunked
+
+if {[system modversion 1] < 113} {
+	chunk ">>> Diagnostics only available with customised firmware 1.13 or above."
+	end_chunked
+	exit
+}
+
+chunk ">>> Beginning diagnostic $diag\r\n"
+
+set bcmd "|/bin/diag $diag"
+set fd [open $bcmd r]
+while {[gets $fd line] >= 0} {
+	chunk "$line\r\n"
+	#chunk_pad
+}
+close $fd
+chunk "\r\n"
+chunk ">>> Ending diagnostic $diag\r\n"
+
+end_chunked
+

var/mongoose/cgi-bin/settings.jim

@@ -58,6 +58,34 @@ if {[dict exists $_cgi pkgdevoff] && ![dict exists $_cgi pkgdev]} {
 }
 handle_int_update pkgdev $pkgdev "Development Package Display"
 
+set acluser [cgi_get acluser "-"]
+set aclpass [cgi_get aclpass "-"]
+set aclpassc [cgi_get aclpassc "-"]
+if {$acluser ne "-" && $aclpass ne "-"} {
+	if {![string length $acluser]} {
+		puts "No username provided."
+		exit
+	}
+	if {$aclpass ne $aclpassc} {
+		puts "Passwords do not match."
+		exit
+	}
+	if {[string length $aclpass] < 4} {
+		puts "Password is too short (< 4 characters)"
+		exit
+	}
+	puts [$settings addacluser $acluser $aclpass]
+	exit
+}
+
+set aclact [cgi_get aclact "-"]
+if {$aclact ne "-" && $acluser ne "-"} {
+	switch $aclact {
+		"del" { puts [$settings delacluser $acluser] }
+	}
+	exit
+}
+
 header
 
 puts {
@@ -194,6 +222,100 @@ puts "
 puts "
 	</table>
 	</fieldset>
+"
+
+puts "
+	<br><br>
+	<fieldset style=\"display: inline\">
+	<legend> Web Interface User Access Control </legend>
+	<table>
+"
+
+set aclusers [$settings aclusers]
+if {[llength $aclusers]} {
+	puts "<tr><th colspan=5 class=odd>Existing Users</th></tr>"
+	foreach user [$settings aclusers] {
+		lassign $user user
+		puts "<tr><td align=center style=\"font-weight: bold\">
+		    $user</td>"
+		puts "<th class=key>New password:
+	        <input
+		  class=\"aclpass text ui-widget-content ui-corner-all\"
+		  type=password size=20 maxlength=50><br>"
+		puts "Again:
+	        <input
+		  class=\"aclpassc text ui-widget-content ui-corner-all\"
+		  type=password size=20 maxlength=50></td>"
+		puts "<th class=key><button class=pwchange>
+		    Change</button></td>"
+		puts "<th class=key><button class=userdel>
+		    Delete User</button></td>"
+		puts "</tr>"
+	}
+	puts "<tr><td colspan=5 id=aclusermod_output>&nbsp;</td></tr>"
+	puts "<tr><td colspan=5>&nbsp;</td></tr>"
+} else {
+	puts "<tr><td colspan=5 class=blood><b>
+	    Add a user to enable authentication.</b></td></tr>"
+}
+
+puts "<tr><th colspan=5 class=odd>Add New User</th></tr>"
+puts "
+	<form id=aclnewuser method=get action=$env(REQUEST_URI)>
+	<tr><th class=key>New User:</th><td>
+	    <input
+		class=\"text ui-widget-content ui-corner-all\"
+		id=acluser name=acluser size=20 maxlength=50></td></tr>
+	<tr><th class=key>Password:</th><td>
+	    <input type=password
+		class=\"text ui-widget-content ui-corner-all\"
+		id=aclpass name=aclpass size=20 maxlength=50></td></tr>
+	<tr><th class=key>Password (confirm):</th><td>
+	    <input type=password
+		class=\"text ui-widget-content ui-corner-all\"
+		id=aclpassc name=aclpassc size=20 maxlength=50></td></tr>
+	<tr><td><input id=aclnewuser_submit value=\"Add User\" type=submit>
+	    </td></tr>
+	</form>
+	</table>
+	<div id=aclnewuser_output></div>
+	</fieldset>
+"
+
+puts {
+<script type=text/javascript>
+$('#aclnewuser').ajaxForm({
+	target: '#aclnewuser_output',
+	success: function(txt) {
+		if (txt.indexOf('Success') >= 0)
+			window.location.reload(true);
+	}
+});
+
+$('button.userdel').click(function(el) {
+	var user = $('td:first', $(this).parents('tr')).text().trim();
+	$('#aclusermod_output').load(
+	    '/cgi-bin/settings.jim?aclact=del&acluser=' +
+	    encodeURIComponent(user), function(txt) {
+		if (txt.indexOf('Success') >= 0)
+			window.location.reload(true);
+	});
+});
+
+$('button.pwchange').click(function(el) {
+	var tr = $(this).parents('tr');
+	var user = $('td:first', $(tr)).text().trim();
+	var pass = $(tr).find('input.aclpass').val();
+	var passc = $(tr).find('input.aclpassc').val();
+	$('#aclusermod_output').load('/cgi-bin/settings.jim?' +
+	    'acluser=' + encodeURIComponent(user) + '&' +
+	    'aclpass=' + encodeURIComponent(pass) + '&' +
+	    'aclpassc=' + encodeURIComponent(passc));
+});
+</script>
+}
+
+puts "
 	<br><br>
 	<fieldset style=\"display: inline\">
 	<legend> Advanced Settings </legend>

var/mongoose/html/css/style.css

@@ -285,3 +285,14 @@ div.cut
 	color: black;
 }
 
+.ui-button-text
+{
+	font-size: inherit !important;
+}
+
+.ui-button, .ui-button-text
+{
+	padding: 0;
+	font-size: 12px;
+}
+

var/mongoose/html/diag.shtml

@@ -0,0 +1,25 @@
+<!--#include virtual="/lib/header.shtml" -->
+
+<fieldset style="display: inline">
+<legend>Diagnostics</legend>
+Diagnostic:
+<input name=seq id=seq value=general size=30 maxlength=50
+    class="text ui-widget-content ui-corner-all">
+<button id=rundiag>Run Diagnostic</button>
+</fieldset>
+
+<div style="margin-top: 2em; display: none" class=pre id=results>
+<br><br>
+<i>Running diagnostic, please wait...</i>
+<br><br>
+</div>
+
+<script type=text/javascript>
+$('#rundiag').button().click(function() {
+	$('#results').slideDown().load('/cgi-bin/diag.jim?diag=' +
+	    encodeURIComponent($('#seq').val()));
+});
+</script>
+
+<!--#include virtual="/lib/footer.shtml" -->
+

var/mongoose/html/index.shtml

@@ -111,6 +111,8 @@ $(document).ready(function() {
 <div class=footer>
 <ul>
 <li>
+<a href=/diag.shtml>Diagnostics</a>
+</li><li>
 <a href=/cgi-bin/channel.jim>Channel Information</a>
 </li><li>
 <a href=/cgi-bin/db.jim target=_blank>SQLite3 Database Dump</a>

var/mongoose/html/lib/header.jim

@@ -8,8 +8,8 @@ source /mod/var/mongoose/include/model.jim
 puts {
 </title>
 <link rel="shortcut icon" href=/img/favicon.ico />
-<link href=/css/style.css rel=stylesheet type=text/css />
 <link type="text/css" href="/css/jquery-ui.css" rel="Stylesheet" />     
+<link href=/css/style.css rel=stylesheet type=text/css />
 <script type="text/javascript" src="/js/jquery.js"></script>
 <script type="text/javascript" src="/js/jquery-ui.js"></script>
 </head>

var/mongoose/html/lib/header.shtml

@@ -5,8 +5,8 @@
 <meta http-equiv="expires" value="Thu, 01 Jan 1970 00:00:00 GMT" />
 <meta http-equiv="pragma" content="no-cache" />
 <link rel="shortcut icon" href=/img/favicon.ico />
-<link href=/css/style.css rel=stylesheet type=text/css />
 <link type="text/css" href="/css/jquery-ui.css" rel="Stylesheet" />     
+<link href=/css/style.css rel=stylesheet type=text/css />
 <script type="text/javascript" src="/js/jquery.js"></script>
 <script type="text/javascript" src="/js/jquery-ui.js"></script>
 </head>

var/mongoose/lib/settings.class

@@ -135,3 +135,76 @@ settings method channel_groups {} {
 	return $ret
 }
 
+settings method aclusers {} {
+	if {![file exists "/mod/etc/htpasswd"]} { return {} }
+	set fd [open "/mod/etc/htpasswd" r]
+	set users {}
+	foreach line [string trim [split [read $fd] "\n"]] {
+		set info [split $line ":"]
+		if {[llength $info] != 3} { continue }
+		lappend users $info
+	}
+	$fd close
+	return $users
+}
+
+settings method mongooseauth {{mode 1}} {
+	set fd [open "/mod/etc/mongoose.conf" r]
+	set fdnew [open "/mod/etc/mongoose.conf.new" w]
+	foreach line [string trim [split [read $fd] "\n"]] {
+		if {[string match -nocase {authentication_domain*} $line]} {
+			continue
+		}
+		if {[string match -nocase {global_passwords_file*} $line]} {
+			continue
+		}
+		if {$line ne ""} { puts $fdnew $line }
+	}
+	$fd close
+	if {$mode} {
+		puts $fdnew "authentication_domain webif"
+		puts $fdnew "global_passwords_file /mod/etc/htpasswd"
+	}
+	$fdnew close
+	file delete "/mod/etc/mongoose.conf"
+	file rename "/mod/etc/mongoose.conf.new" "/mod/etc/mongoose.conf"
+}
+
+settings method addacluser {user pass} {
+	set msg ""
+	if {![llength [$self aclusers]]} {
+		$self mongooseauth 1
+		append msg "Enabled web server authentication<br>"
+	}
+	set cmd "/mod/sbin/mongoose -A /mod/etc/htpasswd webif $user $pass"
+	exec {*}$cmd
+	append msg "Successfully updated user $user"
+	return $msg
+}
+
+settings method delacluser {user} {
+	if {![file exists "/mod/etc/htpasswd"]} { return }
+	set fd [open "/mod/etc/htpasswd" r]
+	set fdnew [open "/mod/etc/htpasswd.new" w]
+	set num 0
+	foreach line [string trim [split [read $fd] "\n"]] {
+		lassign [split $line ":"] xuser
+		if {$xuser eq $user} { continue }
+		if {$line ne ""} {
+			puts $fdnew $line
+			incr num
+		}
+	}
+	$fd close
+	$fdnew close
+	file delete "/mod/etc/htpasswd"
+	file rename "/mod/etc/htpasswd.new" "/mod/etc/htpasswd"
+	set msg "Successfully removed user $user"
+
+	if {$num == 0} {
+		$self mongooseauth 0
+		append msg "<br>Disabled web server authentication<br>"
+	}
+	return $msg
+}
+

var/mongoose/lib/system.class

@@ -21,13 +21,14 @@ proc {system hostname} {} {
 	return $hostname
 }
 
-proc {system modversion} {} {
+proc {system modversion} {{short 0}} {
 	if {[catch {set fp [open /etc/modversion r]}]} {
-		set modver "1.02"
+		set modver "102"
 	} else {
 		set modver [string trim [read $fp]]
 		close $fp
 	}
+	if {$short} { return $modver }
 	lassign [split $modver ""] a b c
 	return [format "%d.%d%d" $a $b $c]
 }