webpwd for FREESCO 03x

Announcements of packages that are now released.

Postby dingetje » Tue Mar 09, 2004 6:05 pm

webpwd is a web based form that allows normal users to change their FREESCO password via this form.

Code: Select all
[Linux] pkg -i http://dingetje.homeip.net/beta/0.3.x/webpwd_0.2p2_dingetje
Installing... ? ? ? ? ? ? ? ? ? ? ? ? ? webpwd_0.2p2_dingetje
Do you want to view the install/uninstall script (y/n) [n]?

webpwd is a secure (HTTPS) web based form that allows normal users
to change their password

Checking versions... ? ? ? ? ? ? ? ? ? ?Pv0.3.0 0.3.x
Checking required temp space... ? ? ? ? Ok
Checking required disk space... ? ? ? ? Ok
Checking dependencies... ? ? ? ? ? ? ? ?Ok
Checking if package is installed... ? ? Ok
Checking for existing libraries... ? ? ?Ok
 ? ? ? ?***-- This package is officially unapproved at this time --***
 ? ? ? ?***-- loading this program could damage your system --***

Do you want install this package (y/n) [y]?
Do you want to save a copy of this package (y/n) [n]?
http://192.168.0.1/beta/0.3.x/webpwd_0.2p2_dingetje.tgz (313K)
/boot/11019~/webpwd_0.2p ?[########################] ? ? 313K | ?933.69K/s
321423 bytes transferred in 0.34 sec (931.07k/sec)
Unpacking webpwd_0.2p2_dingetje.tgz .. Done

Answer the next questions to create a SSL certificate for the
secure web server that will host the webpwd user form.

You can create a new certificate later with the command:
rc_webpwd certificate

Using configuration from mini_httpd.cnf
Generating a 1024 bit RSA private key
.........................++++++
..........................++++++
writing new private key to 'mini_httpd.pem'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [NL]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [FREESCO Rulez!]:
Organizational Unit Name (eg, section) [FREESCO Web Password Server]:
Common Name (FQDN of your server) [router.inet]:
subject= /C=NL/ST=Some-State/O=FREESCO Rulez!/OU=FREESCO Web Password Server/CN=router.inet
notBefore=Mar ?9 23:45:11 2004 GMT
notAfter=Mar ?9 23:45:11 2005 GMT
MD5 Fingerprint=79:FF:25:31:19:57:3B:2E:6B:04:F9:DC:40:50:BB:F2

succesfully created mini_httpd license key

The mini_httpd web server will now be started

Starting webpwd... ? ? ? ? ? ? ? ? ? ? ?Done

The web password form should now be reachable via https://192.168.0.33:83

Successfully installed... ? ? ? ? ? ? ? webpwd_0.2p2_dingetje


Image

Notice the lock in the lower left corner? Yupz that's right it's a SSL link = SECURE (a big bonus for a password form, don't you think?)

The package contains:
[*]webpwd modified for FREESCO 03x path
[*]<a href='http://www.acme.com/software/mini_httpd/' target='_blank'>mini_httpd</a> a mini web server with SSL support!

Required is the OpenSSL package.

This package is considered <span style='color:red'><span style='font-size:21pt;line-height:100%'>BETA</span></span>
This means I need positive feedback that the package is working 100% from a few brave beta testers that are risking to get locked out of their test box, because the passwd file got corrupted (worst case scenario!).

The webpwd CGI logs in /usr/local/webpwd/logfile.txt
mini_httpd logs in /usr/local/mini_httpd/logs

The default port is 83, which is blocked from the internet in the rc_webpwd script.
To change the port you'll need to edit both this script (firewall rule) and the mini_httpd_conf file. You can use rc_webpwd setup command to edit the latter.
Some account are blocked from using the form, these are stored in /usr/local/webpwd/blocked.cfg
The web form is located in /usr/local/webpwd/www/

Feedback is appreciated!
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby Peer » Wed Mar 10, 2004 5:19 am

Hi Dingetje,
Thanks for making this available.
I have installed it, no problems.

I saw in the rc_webpwd the folowing line in the setup section :
edit /usr/local/mini_httpd/etc/mini_httpd_conf

Should this be
edit /usr/local/mini_httpd/etc/mini_httpd_config
(notice the "ig"at the end :rolleyes: )

Further no problems, i changed the password of an user, and it worked (no doubt about that)

I have to tweak the default html a litle bit i hope you don't mind :D

Great work
--------------------------------------------------------------------<br>Gr. Peer<br><a href='http://peer.no-ip.org' target='_blank'>Peer's Freesco Site</a>
User avatar
Peer
Newbie
 
Posts: 19
Joined: Sat Jan 04, 2003 8:31 pm
Location: Mierlo, Netherlands

Postby dingetje » Wed Mar 10, 2004 4:48 pm

:blush1: oops, missed that one.
It's fixed now.
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby kafsar » Wed Mar 17, 2004 3:58 am

Required is the OpenSSL package


from where I can get OpenSSL package..

I have installed exim. is there there any effects on exim after OpenSSl installation.
User avatar
kafsar
Newbie
 
Posts: 6
Joined: Fri Nov 28, 2003 8:59 am

Postby Peer » Wed Mar 17, 2004 5:13 am

OpenSSL can be found here : <a href='http://nl.freescosoft.net/' target='_blank'>freesco soft</a>
I am running webpwd and exim and other stuff, i have got no problems.
(I should say i installed exim after OpenSSL)
--------------------------------------------------------------------<br>Gr. Peer<br><a href='http://peer.no-ip.org' target='_blank'>Peer's Freesco Site</a>
User avatar
Peer
Newbie
 
Posts: 19
Joined: Sat Jan 04, 2003 8:31 pm
Location: Mierlo, Netherlands

Postby kafsar » Wed Mar 17, 2004 5:35 am

OpenSSL can be found here : freesco soft


I did't see OpenSSL package at above mentioned site.
User avatar
kafsar
Newbie
 
Posts: 6
Joined: Fri Nov 28, 2003 8:59 am

Postby Peer » Wed Mar 17, 2004 5:05 pm

Klick the link.
choose a mirror (MAIN SITE USA West Virginia)
Klick "Packages & Files Alphabetically "
Klick the "o"
At the bottom you will find openssl
--------------------------------------------------------------------<br>Gr. Peer<br><a href='http://peer.no-ip.org' target='_blank'>Peer's Freesco Site</a>
User avatar
Peer
Newbie
 
Posts: 19
Joined: Sat Jan 04, 2003 8:31 pm
Location: Mierlo, Netherlands

Postby dingetje » Wed Mar 17, 2004 6:41 pm

OpenSSL has no effect on exim whatsoever.
It's only required to generate the certificate for the HTTPS server that's part of the package.
The HTTPS server itself has been linked statically against openssl libs.

Any feedbacks on whether this package can be released yes or no? Or is a longer test period required?
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby kafsar » Sat Mar 20, 2004 1:41 am

Thanks DINGETJE for grate package,, working fine...

when I open the page <a href='https://192.168.1.1:83' target='_blank'>https://192.168.1.1:83</a> I received the security Alert as follows:

Code: Select all
 Sercurity Alert

Information you exchange with this site cannot be viewd or changed by others. Hower, there is a problem with site's security certificate.

. The security certificate was issued by a company you have not chosen to turst. View the certificate to determine whether you want to trust the certifying authority.

. The security certificate has expired or is not yet valid.

. The name on the security certificate dose not match the name of the site

do you want proceed:


Is this is normal ??
User avatar
kafsar
Newbie
 
Posts: 6
Joined: Fri Nov 28, 2003 8:59 am

Postby dingetje » Sun Mar 21, 2004 9:58 am

The last 2 can be avoided by answering the questions correctly when the certificate is created during install. Make sure to use the FQDN (Fully Qualified Domain Name) of your FREESCO and then use that domain to access the page.
Depending on the time zone if may take a day or so before the expiration or not yet valid message disappears.
The first warning is harder to get rid of, because the certificate is now a so called "self signed" certificate. For a true secure certificate you'll need to BUY one from one of the online certificate providers (i.e. VeriSign).
Some more trusted SSL certificate providers are listed <a href='http://www.ourshop.com/resources/ssl-recommendation.html' target='_blank'>here</a>
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby TeCuMSeH » Sun Mar 21, 2004 5:23 pm

Just curious, is this the announcement section or the support section???

<span style='font-size:8pt;line-height:100%'>actually not curious, think support should be given somewhere else to keep things clean</span>
<img src='http://members.home.nl/mgdijkerman/freesco/gmail3.png' border='0' alt='user posted image'>
TeCuMSeH
Member
 
Posts: 51
Joined: Mon Jan 28, 2002 6:57 pm
Location: Netherlands

Postby dingetje » Mon Mar 22, 2004 4:51 am

A word of warning (as reported by snow, thanks!):

After installing the package will start automatically, but the firewall isn't restarted in the installation script. This means that the default port (83) will be wide open to the internet!
The next command typed after a succesfull installation will fix this:

Code: Select all
rc_masq restart


I will correct this in the installation script ASAP.
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Postby Thasaidon » Thu Mar 25, 2004 2:44 am

Well, I installed the package, and created a test user to test the package

First I tried the tool in a normal way:
"Password Change Successful"
(and verified through testing the account :D)

Then I changed to password to a blank password
"New password too short. Please try a longer one. "

Then I mistyped the old password
"Old Password Wrong!"

Finally I tried a non-existant username
"The username you entered is not allowed to use this form. "

So everything seems to work ok.

Just one question though...
The default port is 83, which is blocked from the internet in the rc_webpwd script.

I did find the line with the port setting,
but where is this firewall line located ?

Thanx for another great package, Dingetje ! :D :D :D
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby Thasaidon » Thu Mar 25, 2004 3:28 am

Just a quick note,
and it may be just me...
but I changed the default port...
and changed my firewall accordingly,
but I can not log in from the internet...

From the lan is no problem,
and telnetting to the port also works
(at least I get an open connection)
Code: Select all
router#telnet [my ip] [port]
Trying x.x.x.x, xx ... Open

[Connection to x.x.x.x closed by foreign host]
router#


but I can not view the page in my browser...
When I try with the https, I get this
Code: Select all
While trying to retrieve the URL: my.domain.name:port

The following error was encountered:
Access Denied.

Access control configuration prevents your request from being allowed at this time. Please contact your service provider if you feel this is incorrect.


So I tried without the https, using plain http
Code: Select all
While trying to retrieve the URL: http://my.domain.name:port/

The following error was encountered:
Zero Sized Reply

Squid did not receive any data for this request.


I'm 100% sure my firewall isn't blocking the port
(since it opens when I do a telnet to it),
but for some reason, it's not working from the Internet...

Am I the only one with this problem ?

BTW...
Sorry for making this thread into a "support" section...
Experience shared, is experience gained.

Thasaidon's Freesco Page




Image
User avatar
Thasaidon
Advanced Member
 
Posts: 411
Joined: Tue Feb 05, 2002 9:38 am
Location: The Netherlands

Postby dingetje » Thu Mar 25, 2004 3:51 am

Let's start a new thread in support section, okay?
Go <a href='http://forums.freesco.org/support/index.php?act=ST&f=21&t=10722' target='_blank'>here</a>
GreetZ
http://dingetje.hopto.org

"Software is like sex: it's better when it's free." - LINUS TORVALDS
User avatar
dingetje
FREESCO GURU !!
 
Posts: 1010
Joined: Wed Nov 14, 2001 12:13 pm
Location: The Netherlands

Next

Return to 3rd Party Package Release Announcements

Who is online

Users browsing this forum: No registered users and 2 guests

cron