chiark / gitweb /
userv-utils.git
6 years agowww-cgi: Introduce `?DEFAULTS' pattern to match the default set.
Mark Wooding [Tue, 19 Feb 2013 20:22:14 +0000 (20:22 +0000)]
www-cgi: Introduce `?DEFAULTS' pattern to match the default set.

6 years agowww-cgi/ucgicommon.c: Split matching out from `filter_environment'.
Mark Wooding [Tue, 19 Feb 2013 20:17:08 +0000 (20:17 +0000)]
www-cgi/ucgicommon.c: Split matching out from `filter_environment'.

Makes the code a bit easier to follow, and prepares the ground for the
next change.

6 years agowww-cgi/: Yet more environment variables to be passed about.
Mark Wooding [Wed, 30 Jan 2013 01:14:36 +0000 (01:14 +0000)]
www-cgi/: Yet more environment variables to be passed about.

The `SSL_*' variables are used to pass information about SSL or TLS,
including the cipher suite in use, and the status of client
authentication.

The `REDIRECT_*' variables are used to pass information about a failed
request to a CGI script run as an Apache `ErrorDocument' or similar.

6 years agowww-cgi/: Allow customization of the environment filters.
Mark Wooding [Wed, 30 Jan 2013 00:35:02 +0000 (00:35 +0000)]
www-cgi/: Allow customization of the environment filters.

Sites can now configure `ucgi's environment filters, and end users can
configure `ucgitarget's filters.

By default, `ucgi' will look in `/etc/userv/ucgi.env-filter', but if
`UCGI_ENV_FILTER' is set in its environment, it will look there
instead.  The filter may contain wildcards and so on.

By default, `ucgitarget' looks in `.userv/ucgitarget.env-filter', or
`/etc/userv/ucgitarget.env-filter', if the former doesn't exist; but if
passed a `-e FILTER' option on its command line, it will look in the
file FILTER instead.  This filter may /not/ contain wildcards.

In both cases, if an explicitly named filter file can't be found then
the program fails; if the default filter files can't be found then they
fall back to built-in lists.

The reason for the asymmetry in interfaces is: it's hard to pass
command-line options to CGI scripts from webservers, but pretty easy to
set environment variables; whereas it's hard to pass environment
variables to a service program in a Userv configuration file, but easy
to pass command-line arguments.

6 years agowww-cgi/: Decentralize the whitelist of environment variables.
Mark Wooding [Wed, 30 Jan 2013 00:23:08 +0000 (00:23 +0000)]
www-cgi/: Decentralize the whitelist of environment variables.

There's no great need for `ucgi' to have a fierce whitelist of
environment variables to be passed to the service.  We'll assume that
the webserver hasn't put any critical secrets in its environment with
unfortunate names; and the service shouldn't put any trust in the
caller's filtering anyway.  If the webserver end takes a more relaxed
approach, we can leave questions of policy regarding environment
filtering largely up to the service -- which is the bit that users
actually have some control over.

To this end, therefore, move the main whitelist to `ucgitarget.c', and
put small list, containing some wildcard patterns, in `ucgi.c'.

6 years agowww-cgi/: Centralize environment variable filtering.
Mark Wooding [Wed, 30 Jan 2013 00:09:47 +0000 (00:09 +0000)]
www-cgi/: Centralize environment variable filtering.

Rather than have a different loop in each program which trundles through
a filter list picking up environment variables and doing things to the
ones that match, invent a new function `filter_environment' which does
the job, with extra steroids.

The new function works the other way around: it iterates over the
environment, comparing each variable to the filter list.  It also
supports some simple prefix-matching (`*' suffix) and blacklisting (`!'
prefix) operations.

Some new limits are introduced, on the maximum length of an environment
variable name, and the total number of variables accepted by `ucgi':
this is because these are no longer limited implicitly by the whitelist,
since it may contain wildcards and suchlike.

6 years agowww-cgi/ucgi.c: A bit more machinery for building the command line.
Mark Wooding [Wed, 30 Jan 2013 00:47:45 +0000 (00:47 +0000)]
www-cgi/ucgi.c: A bit more machinery for building the command line.

Move the state for building the command line into a structure, and
introduce a function for adding an argument.  We'll want this later.

6 years agowww-cgi/: Add some trivial tracing.
Mark Wooding [Tue, 29 Jan 2013 23:45:47 +0000 (23:45 +0000)]
www-cgi/: Add some trivial tracing.

The trace goes to standard output, and only happens when debugging is
turned on, both operationally (e.g., though the `ucgi-debug' link or
USERV_U_DEBUG variable) and at compile time (with the DEBUG macro, which
you can set, e.g., with `make DEBUG="-g -DDEBUG"'.

Trace output lines start with `;;'.

I'll be grateful for this when I start shaking things up.

6 years agowww-cgi/: Move `xrealloc' to `ucgicommon'.
Mark Wooding [Tue, 29 Jan 2013 23:53:55 +0000 (23:53 +0000)]
www-cgi/: Move `xrealloc' to `ucgicommon'.

Both programs will want it soon enough.

6 years agowww-cgi/ucgitarget.c: Use `error' to report unusual filesystem object.
Mark Wooding [Tue, 29 Jan 2013 23:49:38 +0000 (23:49 +0000)]
www-cgi/ucgitarget.c: Use `error' to report unusual filesystem object.

There's nothing useful in `errno'.  Let's not end up saying `Success'
here.

6 years agofinalise changelog
Ian Jackson [Sun, 27 Jan 2013 16:39:56 +0000 (16:39 +0000)]
finalise changelog

6 years agocheckpasswd: fix -other service file
Ian Jackson [Sun, 27 Jan 2013 16:39:45 +0000 (16:39 +0000)]
checkpasswd: fix -other service file

6 years agocheckpass: installation arrangements
Ian Jackson [Sun, 27 Jan 2013 16:34:57 +0000 (16:34 +0000)]
checkpass: installation arrangements

6 years agocheckpass: installation arrangements
Ian Jackson [Sun, 27 Jan 2013 16:34:26 +0000 (16:34 +0000)]
checkpass: installation arrangements

6 years agocheckpasswd: initial implementation
Ian Jackson [Sun, 27 Jan 2013 16:21:16 +0000 (16:21 +0000)]
checkpasswd: initial implementation

6 years agobuild improvements
Ian Jackson [Sun, 27 Jan 2013 15:27:16 +0000 (15:27 +0000)]
build improvements

6 years agowww-cgi: whitelist some more HTTP headers
Ian Jackson [Sun, 27 Jan 2013 15:26:39 +0000 (15:26 +0000)]
www-cgi: whitelist some more HTTP headers

6 years agoDocument in changelog changes since 0.4.2
Ian Jackson [Sun, 27 Jan 2013 13:55:17 +0000 (13:55 +0000)]
Document in changelog changes since 0.4.2

6 years agoMerge branch 'master' of login.chiark.greenend.org.uk:/home/ian/public-git/userv...
Ian Jackson [Sun, 27 Jan 2013 13:48:28 +0000 (13:48 +0000)]
Merge branch 'master' of login.chiark.greenend.org.uk:/home/ian/public-git/userv-utils

7 years agofinalise 0.4.2
Ian Jackson [Sun, 15 Jan 2012 01:00:12 +0000 (01:00 +0000)]
finalise 0.4.2

7 years agoallow input same size as buffer
Ian Jackson [Sun, 15 Jan 2012 00:49:01 +0000 (00:49 +0000)]
allow input same size as buffer

7 years agofix assertion to have correct test
Ian Jackson [Sun, 15 Jan 2012 00:42:31 +0000 (00:42 +0000)]
fix assertion to have correct test

7 years agoipif fixes
Ian Jackson [Sat, 14 Jan 2012 15:47:08 +0000 (15:47 +0000)]
ipif fixes

7 years agofix maintainer
Ian Jackson [Sat, 14 Jan 2012 15:27:52 +0000 (15:27 +0000)]
fix maintainer

7 years agofinalise 0.4
Ian Jackson [Sat, 14 Jan 2012 15:25:38 +0000 (15:25 +0000)]
finalise 0.4

7 years agoipif: service.c comment: fix some grammar
Ian Jackson [Sat, 20 Aug 2011 16:28:00 +0000 (17:28 +0100)]
ipif: service.c comment: fix some grammar

7 years agoipif: service.c comment: remove mention of protocols other than slip
Ian Jackson [Sat, 20 Aug 2011 16:25:46 +0000 (17:25 +0100)]
ipif: service.c comment: remove mention of protocols other than slip

7 years agoMerge branch 'zealot'
Ian Jackson [Sat, 20 Aug 2011 16:24:02 +0000 (17:24 +0100)]
Merge branch 'zealot'

Conflicts:
.gitignore
ipif/Makefile

8 years agoipif: abolish use of slip: fixes from testing
Ian Jackson [Sun, 15 May 2011 18:42:21 +0000 (19:42 +0100)]
ipif: abolish use of slip: fixes from testing

8 years agoipif: use tun, not slip; compiles, untested
Ian Jackson [Sun, 15 May 2011 18:23:01 +0000 (19:23 +0100)]
ipif: use tun, not slip; compiles, untested

8 years agoipif: fix some signed/unsigned pointer warnings
Ian Jackson [Thu, 21 Apr 2011 18:13:25 +0000 (19:13 +0100)]
ipif: fix some signed/unsigned pointer warnings

8 years agoipif: move #include of automech.h down so that it has definition of struct mechanism
Ian Jackson [Thu, 21 Apr 2011 18:13:11 +0000 (19:13 +0100)]
ipif: move #include of automech.h down so that it has definition of struct mechanism

8 years agoadd *.o to .gitignore
Ian Jackson [Thu, 21 Apr 2011 18:08:51 +0000 (19:08 +0100)]
add *.o to .gitignore

8 years ago.cvsignore -> .gitignore
Ian Jackson [Thu, 21 Apr 2011 18:08:15 +0000 (19:08 +0100)]
.cvsignore -> .gitignore

8 years agoipif: fix for make breakage
Ian Jackson [Thu, 21 Apr 2011 18:04:45 +0000 (19:04 +0100)]
ipif: fix for make breakage

9 years agoFix up default comment to not mention tcl
Ian Jackson [Sat, 22 May 2010 19:21:59 +0000 (20:21 +0100)]
Fix up default comment to not mention tcl

9 years agoBetter handling of .git suffixes
Ian Jackson [Sat, 22 May 2010 19:05:51 +0000 (20:05 +0100)]
Better handling of .git suffixes

9 years agoAttempt at a good package
Ian Jackson [Sat, 22 May 2010 18:52:02 +0000 (19:52 +0100)]
Attempt at a good package

9 years agogeneric fixes: more .gitignores
Ian Jackson [Sat, 22 May 2010 18:49:15 +0000 (19:49 +0100)]
generic fixes: more .gitignores

9 years agogeneric fixes: .gitignores
Ian Jackson [Sat, 22 May 2010 18:39:50 +0000 (19:39 +0100)]
generic fixes: .gitignores

9 years agogeneric build fix: makefile multi-line incompatibility fix
Ian Jackson [Sat, 22 May 2010 18:39:30 +0000 (19:39 +0100)]
generic build fix: makefile multi-line incompatibility fix

9 years agogeneric build fixes
Ian Jackson [Sat, 22 May 2010 18:36:07 +0000 (19:36 +0100)]
generic build fixes

9 years agowip releasing
Ian Jackson [Sat, 22 May 2010 18:33:46 +0000 (19:33 +0100)]
wip releasing

9 years agoAdd git-daemon to distclean
Ian Jackson [Sat, 22 May 2010 18:26:59 +0000 (19:26 +0100)]
Add git-daemon to distclean

9 years agoRotate the logfile
Ian Jackson [Sat, 22 May 2010 18:26:06 +0000 (19:26 +0100)]
Rotate the logfile

9 years agoChanges to make it appear to work on chiark
Ian Jackson [Sat, 22 May 2010 18:13:43 +0000 (19:13 +0100)]
Changes to make it appear to work on chiark

9 years agoWIP entirely new git approach with config parsers
Ian Jackson [Sat, 22 May 2010 16:25:07 +0000 (17:25 +0100)]
WIP entirely new git approach with config parsers

9 years agogit-daemon/chiark-urlmap: better security
Tony Finch [Wed, 31 Mar 2010 02:35:10 +0000 (03:35 +0100)]
git-daemon/chiark-urlmap: better security

Check the server IP address corresponds to the server hostname
when exporting VPN-only repositories.

Use symlinks under ~/.userv so that public-git directories
are not exported by default, as in the www-cgi configuration.

9 years agogit-urlmap: clarify comments
Tony Finch [Wed, 31 Mar 2010 02:30:52 +0000 (03:30 +0100)]
git-urlmap: clarify comments

9 years agogit-daemon: add Makefile and documentation.
Tony Finch [Wed, 31 Mar 2010 02:24:20 +0000 (03:24 +0100)]
git-daemon: add Makefile and documentation.

9 years agogit-daemon: invoke 'git upload-pack' instead of 'git-upload-pack'
Tony Finch [Wed, 31 Mar 2010 01:04:32 +0000 (02:04 +0100)]
git-daemon: invoke 'git upload-pack' instead of 'git-upload-pack'

9 years agogit-daemon: update TODO
Tony Finch [Wed, 31 Mar 2010 00:50:56 +0000 (01:50 +0100)]
git-daemon: update TODO

9 years agogit-daemon: include an example inetd.conf line.
Tony Finch [Wed, 31 Mar 2010 00:49:35 +0000 (01:49 +0100)]
git-daemon: include an example inetd.conf line.

9 years agogit-daemon: Simplify the filenames
Tony Finch [Wed, 31 Mar 2010 00:43:28 +0000 (01:43 +0100)]
git-daemon: Simplify the filenames

9 years agogit-daemon: fix and de-obfuscate the pkt-line parser.
Tony Finch [Wed, 31 Mar 2010 00:39:19 +0000 (01:39 +0100)]
git-daemon: fix and de-obfuscate the pkt-line parser.

9 years agogit-daemon: tidy up a bit
Tony Finch [Tue, 30 Mar 2010 23:52:01 +0000 (00:52 +0100)]
git-daemon: tidy up a bit

9 years agolog repository location
Tony Finch [Tue, 30 Mar 2010 20:58:52 +0000 (20:58 +0000)]
log repository location

9 years agogit-daemon: no need for a special configuration variable namespace
Tony Finch [Tue, 30 Mar 2010 20:56:41 +0000 (20:56 +0000)]
git-daemon: no need for a special configuration variable namespace

9 years agogit-daemon: overhaul configuration and add the userv service script
Tony Finch [Tue, 30 Mar 2010 20:14:55 +0000 (20:14 +0000)]
git-daemon: overhaul configuration and add the userv service script

Use a perl namespace to hold the userv variables that are set
by the git-daemon-urlmap script(s).

9 years agogit-daemon: config improvements
Tony Finch [Tue, 30 Mar 2010 17:45:36 +0000 (17:45 +0000)]
git-daemon: config improvements

Get configuration file(s) from the command line. Reverse order of
return values so user configs can just return the repo pathname.

9 years agogit-daemon: tweak comments
Tony Finch [Tue, 30 Mar 2010 15:09:49 +0000 (15:09 +0000)]
git-daemon: tweak comments

9 years agogit-daemon: allow userv to decide which services to allow.
Tony Finch [Tue, 30 Mar 2010 14:58:15 +0000 (14:58 +0000)]
git-daemon: allow userv to decide which services to allow.

9 years agogit-daemon: move checking to more appropriate place.
Tony Finch [Mon, 29 Mar 2010 16:17:45 +0000 (16:17 +0000)]
git-daemon: move checking to more appropriate place.

Less checking in the daemon itself; instead check in the
configuration which can be shared across the security boundary.

9 years agoNote what the git-upload-pack userv service needs to do
Tony Finch [Fri, 26 Mar 2010 19:07:01 +0000 (19:07 +0000)]
Note what the git-upload-pack userv service needs to do

9 years agogit-daemon: allow virtual hosts to forbit tilde parts in URLs
Tony Finch [Fri, 26 Mar 2010 18:56:43 +0000 (18:56 +0000)]
git-daemon: allow virtual hosts to forbit tilde parts in URLs

9 years agogit-daemon: suppress warnings
Tony Finch [Fri, 26 Mar 2010 18:28:22 +0000 (18:28 +0000)]
git-daemon: suppress warnings

9 years agogit-daemon: Log timeout errors and polish code a bit.
Tony Finch [Fri, 26 Mar 2010 18:23:24 +0000 (18:23 +0000)]
git-daemon: Log timeout errors and polish code a bit.

9 years agogit-daemon: simplify xread()
Tony Finch [Fri, 26 Mar 2010 18:15:26 +0000 (18:15 +0000)]
git-daemon: simplify xread()

9 years agogit-daemon.pl: second iteration based on feedback from Ian.
Tony Finch [Fri, 26 Mar 2010 18:00:46 +0000 (18:00 +0000)]
git-daemon.pl: second iteration based on feedback from Ian.

Instead of invoking the standard git-daemon via userv, do what
the standard git-daemon does and invoke git-upload-pack.

Log errors to syslog. Obtain the client IP address and port.

Use a configuration file to work out the user from the
virtual host name and tilde part of the URL.
Put the syntax check regexes in the configuration file.

Pass parameters to userv git-upload-pack service with
user-defined variables instead of command line arguments.

9 years agogit-daemon-vhosts.pl: A sample virtual host configuration file.
Tony Finch [Fri, 26 Mar 2010 17:16:34 +0000 (17:16 +0000)]
git-daemon-vhosts.pl: A sample virtual host configuration file.

9 years agoInitial pass at a git daemon for userv.
Tony Finch [Fri, 26 Mar 2010 16:43:09 +0000 (16:43 +0000)]
Initial pass at a git daemon for userv.

13 years agoAdd a few missing #include's of <string.h>. cvs debian_version_0_3
ian [Tue, 6 Jun 2006 21:02:20 +0000 (21:02 +0000)]
Add a few missing #include's of <string.h>.

13 years agomoved changelog
ian [Tue, 6 Jun 2006 20:59:26 +0000 (20:59 +0000)]
moved changelog

13 years agorationalise changelog
ian [Tue, 6 Jun 2006 20:56:26 +0000 (20:56 +0000)]
rationalise changelog

13 years ago@@ -12,6 +12,7 @@
ian [Thu, 11 Aug 2005 18:52:07 +0000 (18:52 +0000)]
@@ -12,6 +12,7 @@
+  * Use slip, not cslip, for udptunnel (!)

13 years ago*** empty log message ***
ian [Thu, 11 Aug 2005 18:50:18 +0000 (18:50 +0000)]
*** empty log message ***

14 years ago*** empty log message ***
ian [Sun, 5 Sep 2004 16:10:30 +0000 (16:10 +0000)]
*** empty log message ***

15 years ago*** empty log message ***
ian [Tue, 2 Mar 2004 23:09:55 +0000 (23:09 +0000)]
*** empty log message ***

15 years ago*** empty log message ***
ian [Sun, 13 Jul 2003 22:58:51 +0000 (22:58 +0000)]
*** empty log message ***

15 years ago*** empty log message ***
ian [Sun, 13 Jul 2003 22:57:25 +0000 (22:57 +0000)]
*** empty log message ***

15 years agocopyright notices
ian [Sun, 6 Jul 2003 21:25:01 +0000 (21:25 +0000)]
copyright notices

15 years ago*** empty log message ***
ian [Sun, 6 Jul 2003 20:47:12 +0000 (20:47 +0000)]
*** empty log message ***

15 years ago*** empty log message ***
ian [Sun, 6 Jul 2003 20:32:27 +0000 (20:32 +0000)]
*** empty log message ***

15 years ago0.2.99.0.1
ian [Sun, 6 Jul 2003 16:57:23 +0000 (16:57 +0000)]
0.2.99.0.1

15 years agochangelog
ian [Thu, 3 Jul 2003 11:55:19 +0000 (11:55 +0000)]
changelog

15 years agoremove binaries and ~-files
ian [Wed, 2 Jul 2003 18:55:22 +0000 (18:55 +0000)]
remove binaries and ~-files

15 years agofound in chiark:/usr/local/src/davenant
ian [Wed, 2 Jul 2003 18:55:01 +0000 (18:55 +0000)]
found in chiark:/usr/local/src/davenant

15 years agofound in davenant:/usr/local/src/misc
ian [Wed, 2 Jul 2003 18:53:26 +0000 (18:53 +0000)]
found in davenant:/usr/local/src/misc

16 years agodocument changes
ian [Sun, 15 Jun 2003 17:59:10 +0000 (17:59 +0000)]
document changes

16 years agoreject some of the uxsup changes
ian [Sun, 15 Jun 2003 17:57:17 +0000 (17:57 +0000)]
reject some of the uxsup changes

16 years agochanges from Cambridge University (Ben Harris) unedited; will edit shortly
ian [Sun, 15 Jun 2003 17:46:49 +0000 (17:46 +0000)]
changes from Cambridge University (Ben Harris) unedited; will edit shortly

16 years agoIPv6 support - minor change courtesy of Ben Harris
ian [Sun, 15 Jun 2003 17:34:23 +0000 (17:34 +0000)]
IPv6 support - minor change courtesy of Ben Harris

16 years ago@@ -1,8 +1,9 @@
ian [Sun, 15 Jun 2003 17:33:54 +0000 (17:33 +0000)]
@@ -1,8 +1,9 @@
-userv-utils (0.2.4) unstable; urgency=low
+userv-utils (0.3.0) unstable; urgency=low

-  * Minor fixes to INSTALL.
-  * Report nonzero death of m4 better.
-  * ipif service MAXEXROUTES increased from 5 to 50.
+  * New dyndns service.
+  * ipif: Minor fixes to INSTALL.
+  * ipif: Report nonzero death of m4 better.
+  * ipif: service MAXEXROUTES increased from 5 to 50.

  --

16 years ago@@ -2,6 +2,7 @@
ian [Sun, 15 Sep 2002 12:37:59 +0000 (12:37 +0000)]
@@ -2,6 +2,7 @@
+  * ipif service MAXEXROUTES increased from 5 to 50.

16 years ago@@ -1,6 +1,7 @@
ian [Sun, 23 Jun 2002 22:32:06 +0000 (22:32 +0000)]
@@ -1,6 +1,7 @@
+  * Report nonzero death of m4 better.

16 years ago@@ -1,3 +1,9 @@
ian [Sun, 23 Jun 2002 22:30:29 +0000 (22:30 +0000)]
@@ -1,3 +1,9 @@
+userv-utils (0.2.4) unstable; urgency=low
+
+  * Minor fixes to INSTALL.
+
+ --
+
 userv-utils (0.2.3) unstable; urgency=low

   * udptunnel-reconf can write a known_hosts file for you.

17 years ago0.2.3 rel-uservutils-0-2-3
ian [Mon, 11 Feb 2002 21:47:16 +0000 (21:47 +0000)]
0.2.3

17 years ago@@ -1,3 +1,9 @@
ian [Mon, 11 Feb 2002 21:46:58 +0000 (21:46 +0000)]
@@ -1,3 +1,9 @@
+userv-utils (0.2.3) unstable; urgency=low
+
+  * udptunnel-reconf can write a known_hosts file for you.
+
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Mon, 11 Feb 2002 21:46:48 +0000
+
 userv-utils (0.2.2) unstable; urgency=low

   * udptunnel-reconf default script pauses for 10s between restarts.

17 years agoVersion rel-uservutils-0-2-2
ian [Sat, 15 Dec 2001 17:56:01 +0000 (17:56 +0000)]
Version

17 years ago@@ -7,8 +7,9 @@
ian [Sat, 15 Dec 2001 17:55:07 +0000 (17:55 +0000)]
@@ -7,8 +7,9 @@
   * udptunnel-vpn-config.m4 allows global file to override as intended.
   * www-cgi passes HTTP_COOKIE header.
   * indirect ssh via V_sshinvoke.
+  * userv-ipif config file allows exclusions in network permissions.

- --
+ -- Ian Jackson <ian@davenant.greenend.org.uk>  Sat, 15 Dec 2001 17:55:06 +0000

 userv-utils (0.2.1) unstable; urgency=low