From: Ian Jackson Date: Tue, 25 Apr 2017 13:50:01 +0000 (+0100) Subject: rename "password" to "secret" everywhere X-Git-Tag: hippotat/1.0.0~55^2~16 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=hippotat.git;a=commitdiff_plain;h=dce21e00c38132b17ec973923f4f7d0cbf47049f;hp=a2b48abfb3e429655bbc13992bd2dd12d05679e7 rename "password" to "secret" everywhere Signed-off-by: Ian Jackson --- diff --git a/PROTOCOL b/PROTOCOL index cf6eacf..4e07db1 100644 --- a/PROTOCOL +++ b/PROTOCOL @@ -8,7 +8,7 @@ from the queue and returns them as the POST response body payload Each incoming request contains up to max_batch_up bytes of payload. It's a multipart/form-data. -Authentication: for now, plaintext password +Authentication: for now, plaintext secret Routing assistance: none in hippotat; can be requested on client from userv-ipif via `vroutes' parameter. Use with secnet polypath diff --git a/README.config b/README.config index 2b58512..a9d36d7 100644 --- a/README.config +++ b/README.config @@ -21,7 +21,7 @@ Exceptional settings: Used by server to select the appropriate parts of the rest of the configuration. Ignored by the client. - password + secret Looked up in the usual way, but used by client and server to determine which possible peerings to try to set up, and which to ignore. @@ -32,11 +32,11 @@ Exceptional settings: (LIMIT sections do not count.) The server queue packets for, and accept requests from, each - putative client for which the config search yields a password. + putative client for which the config search yields a secret. Each client will create a local interface, and try to communicate with the server, for each possible pair (putative server, - putative client) for which the config search yields a password. + putative client) for which the config search yields a secret. ipif Command to run to create and communicate with local network diff --git a/debian/hippotat.postinst b/debian/hippotat.postinst index 7954152..9419eea 100644 --- a/debian/hippotat.postinst +++ b/debian/hippotat.postinst @@ -6,7 +6,7 @@ adduser --system --group --force-badname --shell=/bin/bash \ umask 077 -pd=/etc/hippotat/passwords.d +pd=/etc/hippotat/secrets.d test -d $pd || \ install -m 750 -o root -g Debian-hippotat -d $pd diff --git a/hippotat b/hippotat index 248538e..56e3e45 100755 --- a/hippotat +++ b/hippotat @@ -191,7 +191,7 @@ class Client(): b'Content-Type: text/plain; charset="utf-8"' + crlf + b'Content-Disposition: form-data; name="m"' + crlf + crlf + str(cl.c.client) .encode('ascii') + crlf + - cl.c.password + crlf + + cl.c.secret + crlf + str(cl.c.target_requests_outstanding) .encode('ascii') + crlf + str(cl.c.http_timeout) .encode('ascii') + crlf + diff --git a/hippotatd b/hippotatd index 8fb0e0c..bbc8666 100755 --- a/hippotatd +++ b/hippotatd @@ -182,7 +182,7 @@ def process_request(request, desca): ci = ipaddr(ci_s) desca['ci'] = ci cl = clients[ci] - if pw != cl.cc.password: raise ValueError('bad password') + if pw != cl.cc.secret: raise ValueError('bad secret') desca['pwok']=True if tro != cl.cc.target_requests_outstanding: diff --git a/hippotatlib/__init__.py b/hippotatlib/__init__.py index 9b2c33d..282266c 100644 --- a/hippotatlib/__init__.py +++ b/hippotatlib/__init__.py @@ -157,7 +157,7 @@ vvnetwork = 172.24.230.192 # [] -# password = # used by both, must match +# secret = # used by both, must match [LIMIT] max_batch_down = 262144 @@ -521,7 +521,7 @@ def cfg_process_client_limited(cc,ss,sections,key): cc.__dict__[key] = min(val,lim) def cfg_process_client_common(cc,ss,cs,ci): - # returns sections to search in, iff password is defined, otherwise None + # returns sections to search in, iff secret is defined, otherwise None cc.ci = ci sections = ['%s %s' % (ss,cs), @@ -529,11 +529,11 @@ def cfg_process_client_common(cc,ss,cs,ci): ss, 'COMMON'] - try: pwsection = cfg_search_section('password', sections) + try: pwsection = cfg_search_section('secret', sections) except NoOptionError: return None - pw = cfg1get(pwsection, 'password') - cc.password = pw.encode('utf-8') + pw = cfg1get(pwsection, 'secret') + cc.secret = pw.encode('utf-8') cfg_process_client_limited(cc,ss,sections,'target_requests_outstanding') cfg_process_client_limited(cc,ss,sections,'http_timeout') @@ -607,7 +607,7 @@ def common_startup(process_cfg): def read_defconfig(): readconfig('/etc/hippotat/config.d', False) - readconfig('/etc/hippotat/passwords.d', False) + readconfig('/etc/hippotat/secrets.d', False) readconfig('/etc/hippotat/master.cfg', False) def oc_defconfig(od,os, value, op): diff --git a/sgo-demo.cfg b/sgo-demo.cfg index 7dca241..381f004 100644 --- a/sgo-demo.cfg +++ b/sgo-demo.cfg @@ -33,9 +33,9 @@ max_batch_down = 32768 [SERVER] server = chiark -# -- in passwords.d/chiark-zealot (on zealot and chiark) +# -- in secrets.d/chiark-zealot (on zealot and chiark) [chiark 192.0.2.4] -password = sesame +secret = sesame # zealot knows it's 192.0.2.4 because that's the only client -# for which it has a password +# for which it has a secret diff --git a/simple.cfg b/simple.cfg index 3348e8e..5406f5d 100644 --- a/simple.cfg +++ b/simple.cfg @@ -2,6 +2,6 @@ [SERVER] addrs = 203.0.113.46 -# -- in passwords.d/password (on both client and server) +# -- in secrets.d/secret (on both client and server) [172.24.230.195] -password = sesame +secret = sesame diff --git a/test.cfg b/test.cfg index d44a090..9cc92d9 100644 --- a/test.cfg +++ b/test.cfg @@ -11,7 +11,7 @@ vnetwork = 192.0.2.0/24 # nc -n -v -l -p 8100 -c 'dd of=/dev/null' [192.0.2.3] -password = sesame +secret = sesame [192.0.2.3] ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really ./fake-userv /home/ian/things/Userv/userv-utils.git/ipif/service \* -- %(local)s,%(peer)s,%(mtu)s,slip '%(rnets)s' @@ -19,6 +19,6 @@ ipif = PATH=/usr/local/sbin:/sbin:/usr/sbin:$PATH really ./fake-userv /home/ian/ # ./hippotat -D -c test.cfg [192.0.2.4] -#password = zorkmids +#secret = zorkmids # dd if=/dev/urandom bs=1024 count=16384 | nc -q 0 -n -v 192.0.2.1 8100