MAJOR: Updates for Authenticated Web UI and CLI #30

Open
coolaj86 wants to merge 77 commits from next into master
1 changed files with 11 additions and 11 deletions
Showing only changes of commit 7f18482566 - Show all commits

View File

@ -28,14 +28,14 @@ function sshAllowsPassword(user) {
stdout = (stdout||'').toString('utf8'); stdout = (stdout||'').toString('utf8');
stderr = (stderr||'').toString('utf8'); stderr = (stderr||'').toString('utf8');
if (/\bpassword\b/.test(stdout) || /\bpassword\b/.test(stderr)) { if (/\bpassword\b/.test(stdout) || /\bpassword\b/.test(stderr)) {
resolve(true); resolve('yes');
return; return;
} }
if (/\bAuthentications\b/.test(stdout) || /\bAuthentications\b/.test(stderr)) { if (/\bAuthentications\b/.test(stdout) || /\bAuthentications\b/.test(stderr)) {
resolve(false); resolve('no');
return; return;
} }
resolve(); resolve('maybe');
}); });
}); });
} }
@ -43,21 +43,21 @@ function sshAllowsPassword(user) {
module.exports.checkSecurity = function () { module.exports.checkSecurity = function () {
var conf = {}; var conf = {};
var sshdConf = '/etc/ssh/sshd_config'; var sshdConf = '/etc/ssh/sshd_config';
var noRootPasswordRe = /(^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i; var noRootPasswordRe = /(?:^|[\r\n]+)\s*PermitRootLogin\s+(prohibit-password|without-password|no)\s*/i;
var noPasswordRe = /(^|[\r\n]+)\s*PasswordAuthentication\s+no\s*/i; var noPasswordRe = /(?:^|[\r\n]+)\s*PasswordAuthentication\s+(no)\s*/i;
return readFile(sshdConf, null).then(function (sshd) { return readFile(sshdConf, null).then(function (sshd) {
sshd = sshd.toString('utf8'); sshd = sshd.toString('utf8');
conf.disallowPasswordRoot = noRootPasswordRe.test(sshd); var match;
conf.disallowPassword = noPasswordRe.test(sshd); match = sshd.match(noRootPasswordRe);
conf.permit_root_login = match ? match[1] : 'yes';
match = sshd.match(noPasswordRe);
conf.password_authentication = match ? match[1] : 'yes';
}).catch(function () { }).catch(function () {
// ignore error as that might not be the correct sshd_config location // ignore error as that might not be the correct sshd_config location
}).then(function () { }).then(function () {
var doesntExist = crypto.randomBytes(16).toString('hex'); var doesntExist = crypto.randomBytes(16).toString('hex');
return sshAllowsPassword(doesntExist).then(function (maybe) { return sshAllowsPassword(doesntExist).then(function (maybe) {
conf.allowsPassword = maybe; conf.requests_password = maybe;
return sshAllowsPassword('root').then(function (maybe) {
conf.allowsRootPassword = maybe;
});
}); });
}).then(function () { }).then(function () {
return conf; return conf;