From 272891470cb62802004a017e8b04b2f19517b46e Mon Sep 17 00:00:00 2001 From: Florian Mounier Date: Mon, 15 May 2017 15:32:39 +0200 Subject: [PATCH] Add --i-hereby-declare-i-dont-want-any-security-whatsoever option. Fix #143 --- CHANGELOG.md | 10 ++++++++++ Makefile | 3 ++- butterfly.server.py | 17 +++++++++++++++-- butterfly/templates/motd | 2 +- butterfly/terminal.py | 22 +++++++++++----------- 5 files changed, 39 insertions(+), 15 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ab02e1..6bb31d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,13 @@ +3.1.4 +===== + +* Add --i-hereby-declare-i-dont-want-any-security-whatsoever option (#143) + +3.1.3 +===== + +* Fix lsof parsing crash on python 2 + 3.1.0 ===== diff --git a/Makefile b/Makefile index f435008..e3078fe 100644 --- a/Makefile +++ b/Makefile @@ -20,9 +20,10 @@ lint: check-outdated: $(PIP) list --outdated --format=columns +ARGS ?= --port=1212 --unsecure --debug run-debug: sleep 0.5 && $(BROWSER) http://localhost:1212& - $(PYTHON) ./butterfly.server.py --port=1212 --unsecure --debug + $(PYTHON) ./butterfly.server.py $(ARGS) build-coffee: $(NODE_MODULES)/.bin/grunt diff --git a/butterfly.server.py b/butterfly.server.py index 99054e7..ca781f9 100755 --- a/butterfly.server.py +++ b/butterfly.server.py @@ -45,7 +45,8 @@ tornado.options.define("unminified", default=False, tornado.options.define("host", default='localhost', help="Server host") tornado.options.define("port", default=57575, type=int, help="Server port") tornado.options.define("keepalive_interval", default=30, type=int, - help="Interval between ping packets sent from server to client (in seconds)") + help="Interval between ping packets sent from server " + "to client (in seconds)") tornado.options.define("one_shot", default=False, help="Run a one-shot instance. Quit at term close") tornado.options.define("shell", help="Shell to execute at login") @@ -54,10 +55,18 @@ tornado.options.define("cmd", help="Command to run instead of shell, f.i.: 'ls -l'") tornado.options.define("unsecure", default=False, help="Don't use ssl not recommended") +tornado.options.define("i-hereby-declare-i-dont-want-any-security-whatsoever", + default=False, + help="Remove all security and warnings. There are some " + "use cases for that. Use this if you really know what " + "you are doing.") tornado.options.define("login", default=False, help="Use login screen at start") tornado.options.define("pam_profile", default="", type=str, - help="When --login=True provided and running as ROOT, use PAM with the specified PAM profile for authentication and then execute the user's default shell. Will override --shell.") + help="When --login=True provided and running as ROOT, " + "use PAM with the specified PAM profile for " + "authentication and then execute the user's default " + "shell. Will override --shell.") tornado.options.define("force_unicode_width", default=False, help="Force all unicode characters to the same width." @@ -76,6 +85,7 @@ tornado.options.define("uri_root_path", default='', help="Sets the servier root path: " "example.com//static/") + if os.getuid() == 0: ev = os.getenv('XDG_CONFIG_DIRS', '/etc') else: @@ -131,6 +141,9 @@ log = logging.getLogger('butterfly') host = options.host port = options.port +if options.i_hereby_declare_i_dont_want_any_security_whatsoever: + options.unsecure = True + if not os.path.exists(options.ssl_dir): os.makedirs(options.ssl_dir) diff --git a/butterfly/templates/motd b/butterfly/templates/motd index e84b184..16da77b 100644 --- a/butterfly/templates/motd +++ b/butterfly/templates/motd @@ -19,7 +19,7 @@ ! ! {{ colors.red if opts.unsecure else colors.green }}{{ butterfly.socket.remote_addr }}:{{ butterfly.socket.remote_port }}{{ colors.reset }} For more information type: {{ colors.white }}$ {{ colors.green }}butterfly help{{ colors.reset }} -{% if opts.unsecure %}{{ colors.light_red + '\x1b[5m' }}/!\{{ colors.reset }} {{ colors.red }}This session is UNSECURE everyone can access you terminal at: +{% if opts.unsecure and not opts.i_hereby_declare_i_dont_want_any_security_whatsoever %}{{ colors.light_red + '\x1b[5m' }}/!\{{ colors.reset }} {{ colors.red }}This session is UNSECURE everyone can access you terminal at: {{ uri }} {% else %}You can share your session with the following uri: {{ uri }} diff --git a/butterfly/terminal.py b/butterfly/terminal.py index f6ed9b9..1f0a133 100644 --- a/butterfly/terminal.py +++ b/butterfly/terminal.py @@ -196,19 +196,19 @@ class Terminal(object): tty, os.getpid(), self.callee.name, self.uri) - if not tornado.options.options.unsecure or ( - self.socket.local and - self.caller == self.callee and - server == self.callee - ) and not tornado.options.options.login: + local_login = ( + self.socket.local and self.caller == self.callee and + server == self.callee) + secure = not tornado.options.options.unsecure + force_login = tornado.options.options.login + ignore_security = ( + tornado.options.options. + i_hereby_declare_i_dont_want_any_security_whatsoever) + + if not force_login and (ignore_security or secure or local_login): # User has been auth with ssl or is the same user as server # or login is explicitly turned off - if ( - not tornado.options.options.unsecure and not ( - self.socket.local and - self.caller == self.callee and - server == self.callee - )): + if secure and not local_login: # User is authed by ssl, setting groups try: os.initgroups(self.callee.name, self.callee.gid)