Commit Graph

6 Commits

Author SHA1 Message Date
Maurice O'Neal
4fdbfe1c2f Slimmed down and simplified host administering - I decided to remove the entire concept of a root user. Instead, the host initializes as a blank slate and it will be up to the host admin to create a rank 1 user via the new command line option "-add_admin" to do initial setup with. - There is no longer such a concept as a protected user. Meaning even the last rank 1 user in the host database is allowed to delete or modify the rank of their own account. To prevent permanent "admin lock out" in this scenario the "-elevate" command line option was created. - Host settings are no longer stored in the database. Instead, host settings are now stored in a conf.json file in /etc/mrci/conf.json if running on a linux based OS or in %Programdata%\mrci\conf.json if running on Windows. - Email templates are no longer stored in the database. Instead, the templates can be any file formatted in UTF-8 text stored in the host file system. The files they point to can be modified in the conf.json file. - The conf file also replaced all use env variables so MRCI_DB_PATH, MRCI_WORK_DIR, MRCI_PRIV_KEY and MRCI_PUB_KEY are no longer in use. SSL/TLS cert paths can be modified in the conf file. - Removed email template cmds set_email_template and preview_email. - Also removed cmds close_host, host_config and restart_host. The actions these commands could do is best left to the host system command line. - The database class will now explicitly check for write permissions to the database and throw an appropriate error message if the check fails. "DROP TABLE" SQL abilities were added to make this happen. - Removed async cmds exit(3), maxses(5) and restart(11). 2020-11-10 14:45:23 -05:00
Maurice ONeal
80d493ad16 Few Updates to SSL Cert Handling
- SSL certs are no longer stored in the host database. This was
  done not only for security reasons but there is simply no need
  to do such thing anymore.

- The host will longer support multiple SSL certs and will instead
  have just a single cert for all TCP connections. This required a
  change to the client header format that simply replaced the the
  common name with padding. The host will also no longer send the
  HOST_CERT type id during session initialization. HOST_CERT was
  also removed as a type id.

- The cert and privite key are now pointed to files in the local
  file system by the environment variables: MRCI_PRIV_KEY and
  MRCI_PUB_KEY.

- The host will still create a default self-signed cert if a valid
  cert and private key is not defined in the above environmental
  vars. Since the host only support single certs now, the default
  cert needed to be expanded to include subject alternative names.
  The host will try to detect it's WAN ip address using ipify.org
  and then assign SANs for all detected local LAN interfaces.

- Since the cert is now handled by environmental vars and nothing
  related to it stored in the database, all the core commands
  related to cert management were removed.
2020-04-05 15:51:11 -04:00
Maurice ONeal
4c1d13f8f8 Password and account security updates
security updates:

various commands that change or create account passwords now disallow
the user name, display name or email from being contained in it. this
will force users to not use public information inside the password,
hardening password security a little.

the root user name is now changeable and required to be changed on
initial login. this harden security a little by giving host admins the
option to not have a well known user name attached to a high privileged
account.

users can no longer re-use the old password and/or user name when
required to change. however, this does not actually implement full
password history because the user can then later change the password
back to the old password after the required change.

the host can longer block by ip addresses and the auto block threshold
setting has been removed. something like this is best left up to
firewalls, routers, switches or any other networking infrastructure. in
the future i can consider adding event triggering that run certain
admin defined external or internal commands when the host detects
certain event thresholds.

minor changes/bug fixes:

all commands that change or create user names now no longer accept
user names that looks like an mail address. this works out better for
clients when differentiating logging in via user name or email address.

the recover_acct command now also have cancel on blank text options
making it more consistent with all other commands that take text input.

resetting the root user's account password via command line now also
unlocks it if locked.

the -help and -about command line options no longer display the
default password. a new -default_pw option was added for this purpose.

the -status -addr or -stop command line options require super user
privileges to run properly depending on how the host is installed.
an error message like "permission denied" was addded on failure to
make this requirement clear to the end user.

fs_copy and fs_move now does implicit skip on error instead of stop on
error.

the IDLE frame type id now carry an integer return code that can be
interpreted by clients to determine the result of the command that was
sent to the host.

house keeping:

all documentation was updated to reflect the changes made in this commit.
the module tester example is no longer relevant to this project so it
was deleted.
2020-01-29 12:29:01 -05:00
Maurice ONeal
72d57a0b10 Major upgrade and module interface changes
Made some major changes to the project to facilitate a lighter code base and the
must flexible module interface possible.

-the mutli-process architecture now operate at the command object level so each
 command now operate in it's own process instead of a single process handling
 multiple command objects.

-each module is now an independent application that will now tell the session
 object all of the commands it can run via named pipe. during command execution,
 it will run the requested command object also running io with the session object
 via named pipe.

 with this change, it is now possible for modules to be developed in different
 versions or QT or entirely different languages. the only requirement is the need
 to support named pipes. shared memory segments is also a nice to have but not
 needed.

-clients can now run multiple instances of the same command via changes to the
 protocol. mrci frames will now include a branch id along with the command id.
 the branch id can be used by clients to differentiate the io between instances
 of the same command.

-the command states are longer controlled by a single object. it will now be up
 to the command object (internal/exterenal) to send an IDLE frame to the client
 to notify it that the command has finished. the session object will still track
 if the command is in idle state or not but not directly control it.

-must async commands now use binary formatted data instead of TEXT as a way to
 reduce overhead.

-all command objects can now send async commands. it is no longer limited to just
 internal commands, however; the data of these async commands are verified by
 session in some way to prevent host crashing due to malformed data.

-changed up the database structure to rely more on user ids, channel ids and
 removed all foreign keys pointing to user names, channel names and sub-channel
 names. also removed the groups table altogether. instead, the host rank is now
 directly attached to the user data in the users table.

-changed the query object to now support the INNER JOIN SQL clause. this change
 was needed to support the new database structure.

-version negotiation is now one-way via tcp connection or module interface.
 the host will make it's own verion numner known to the client connected via
 tcp or the module connected via named pipe. it will now be entirely up to the
 client or module to decide if they support the host. another change in this
 regard is the removal of the import rev for the modules. compatibility for
 modules shall now use just the host verion.

-removed ls_cmds and cmd_info. the NEW_CMD frame now carries all information
 about the command (cmd_id, cmd_name, summery, io and full_description) so it
 is now possible for the clients to display the command documentation instead
 of the host.

Documentation for the internal commands were updated to reflect the changes but
all other documentation will need to be updated in the near future.
2019-11-08 22:06:09 -05:00
Maurice ONeal
364924c383 Added a new internal command.
Added a new fs_tree command that list all files and directories in a directory
tree. Just like fs_list, it has the option to output human readable text or
FILE_INFO frames. Also added the option to hide hidden files for both commands.

1.1.2 --> 1.1.3
2019-09-26 19:04:04 -04:00
Maurice O'Neal
beb59ec2ab Initial commit for the MRCI project. 2019-09-06 23:43:07 -04:00