security updates:
various commands that change or create account passwords now disallow
the user name, display name or email from being contained in it. this
will force users to not use public information inside the password,
hardening password security a little.
the root user name is now changeable and required to be changed on
initial login. this harden security a little by giving host admins the
option to not have a well known user name attached to a high privileged
account.
users can no longer re-use the old password and/or user name when
required to change. however, this does not actually implement full
password history because the user can then later change the password
back to the old password after the required change.
the host can longer block by ip addresses and the auto block threshold
setting has been removed. something like this is best left up to
firewalls, routers, switches or any other networking infrastructure. in
the future i can consider adding event triggering that run certain
admin defined external or internal commands when the host detects
certain event thresholds.
minor changes/bug fixes:
all commands that change or create user names now no longer accept
user names that looks like an mail address. this works out better for
clients when differentiating logging in via user name or email address.
the recover_acct command now also have cancel on blank text options
making it more consistent with all other commands that take text input.
resetting the root user's account password via command line now also
unlocks it if locked.
the -help and -about command line options no longer display the
default password. a new -default_pw option was added for this purpose.
the -status -addr or -stop command line options require super user
privileges to run properly depending on how the host is installed.
an error message like "permission denied" was addded on failure to
make this requirement clear to the end user.
fs_copy and fs_move now does implicit skip on error instead of stop on
error.
the IDLE frame type id now carry an integer return code that can be
interpreted by clients to determine the result of the command that was
sent to the host.
house keeping:
all documentation was updated to reflect the changes made in this commit.
the module tester example is no longer relevant to this project so it
was deleted.
changed the default installattion used in the linux_build.sh
script to create an installer that deauly installs the
application data files in the /var fold folder instead of
the user specific folder in /home.
also made it so it will now create a system user named after
the name of the application and use that user to run the
systemd service instead of the currently logged in user.
doing this harded system security by having the application
run as an under privileged user. this also opens up the
possibility to lock down direct writing access to the host
database to just the internal module (in a future update).
removed the -start command line argument and have just the
-host option to start new host instances. the -start option
would start the host as the current user so i decided to
remove it as a way to encourage end users to start/stop the
host via systemd.
genfile commands would not terminate properly or
would end up de-synced with the host in one way or
another.
to fix this, i updated the GEN_FILE data type and
sub-protocol to now define the commands as download
or upload on the NEW_CMD frame so clients can now
define the direction of the GEN_FILE data of the
various GEN_FILE commands at the very start instead
of trying to determine that at run time.
also fixed this by creating the onTerminate() virtual
function in CmdObject and have it call this function
when term() is called. this makes it possible to
properly put the command object in a reset state if
using parameters outside of the base class when
term() is called.
updated all documentation related to the GEN_FILE
sub-protocol to reflect these changes.
fixed ASYNC_DEBUG_TEXT to self correct the ipc type
to PRIV_IPC so no debug messages can accidentally be
sent to peers.
Moved away from QPluginLoader to C/C++ style QLibrary files for the
module interface. It's less limiting this way because the host can
be built statically and still beable to load non-statically built
modules. It's not tested but the i think it should now beable to
load modules built on a different version of Qt than the host but
the module would must likely need to be build statically.
Another change to the module interface makes it so the module can
can now also see the host version in CommandLoader::hostRevOk()
and decide if the host can continue loading it.
The host 'host_info' internal command now displays the version of
Qt it was built on.
All documentation related to the module interface has been
updated. No attempt will be made at the host side to support rev
2 modules so the new minimum rev is now 3.
1.0.2 --> 1.1.2
$qt_dir in the build script will now default to the hard coded standard
directory for Qt binaries '/usr/lib/x86_64-linux-gnu/qt5/bin' if a valid
path is not provided by the user. End users that have customized setups
of Qt might need to modify this script to make sure $qt_dir points to the
correct directory at all times.
Moved the LICENSE.md file to the root directory so github can read it.
Fixed a bug that caused the host to not respond to any commands when a
module is present. CmdExecutor::loadMods() had a malformed 'for' loop
that caused the command executor to infinite loop.
Also re-formed the way the external command loaders (modules) are
constructed. Instead, the modules are also intialized at the same time
as the internal command loader.
The CmdExecutor::loadModFile() and CmdExecutor::unloadModFile()
functions now load and unload modules via the module name instead of the
path to the module main file. The documentation for ASYNC_ENABLE_MOD and
ASYNC_DISABLE_MOD updated to reflect this change.
Also part of the module contruction re-form, it fixed a bug that caused
the command loaders to operate in a thread different from the command
executor. CmdExecutor::loadMods() was refactored into
cmdExecutor::buildCmdLoaders(), added the internal command loader to it
and have it so this function gets called only when the command executor
successfully moves to it's own thread.
Fixed a bug that caused the session to crash only when a module is
present. It turns out the qobject_cast() function used in
CmdExecutor::loadModFile() only pulled the surface class
ModCommandLoader so any attempt to access the base class functions from
CommandLoader caused the session to crash so to fix this,
ModCommandLoader was merged into CommandLoader. The Command loader
documentation and test module were updated to reflect this change.
Fixed a bug that auto removed any modules that were installed when the
host is restarted. The issue was in TCPServer::syncModPath() that used
the modules's main file without a suffix when the file did indeed have
a suffix, causing the function to think the module no longer exists and
remove all of it's files from the host file system. The original intent
for this function was to keep the module database table in sync with
what was actually in the host file system. It was decided that this is
not necessary so the function was removed altogether.
Also changed up the way the module files are deleted. The TCPSever class
will now use the module name instead of the path to the module's main
library file and will use a single use ModDeleteTimer for each module
that was requested to be deleted instead of a single continuous timer
constantly checking for modules to delete.
The ls_cmds command will now list the commands in alphabetical order of
the command names and fixed a bug with the -find option that would
display nothing if an exact match to any text in the table could not be
found.
Fixed a bug found in the deployed application that would segmentation
fault on startup due to certain library files being included in the
deployed installation directory. Updated the linux_build.sh script to
include only libsqlite, libQT5, libssl and libicu files. It will no
longer blindly copy all library files from the dev machine and then
remove files the setup script thinks the application might or might not
need.
Any module built on import rev1 will simply not work and no attempt will
be made to make it work so the host new minimum import rev is now rev2.
this update is mustly just bug fixes; nothing that would require any
client behaviour changes so just the host patch is bumped.
1.0.0 --> 1.0.1