1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
import os
import cherrypy
import simplejson as json
from gettext import gettext as _
from filedict import FileDict
from modules.auth import require
from plugin_mount import PagePlugin, FormPlugin
import cfg
from forms import Form
from model import User
from util import *
class wan(FormPlugin, PagePlugin):
url = ["/sys/config"]
order = 20
def help(self, *args, **kwargs):
if not cfg.users.expert():
return ''
return _(#"""<h4>Admin from WAN</h4>
"""<p>If you check this box, this front
end will be reachable from the WAN. If your %(box)s
connects you to the internet, that means you'll be able to log
in to the front end from the internet. This might be
convenient, but it is also <strong>dangerous</strong>, since it can
enable attackers to gain access to your %(box)s from the
outside world. All they'll need is your username and
passphrase, which they might guess or they might simply try
every posible combination of letters and numbers until they
get in. If you enable the WAN administration option, you
<strong>must</strong> use long and complex passphrases.</p>
<p>For security reasons, neither WAN Administration nor WAN
SSH is available to the `admin` user account.</p>
<p>TODO: in expert mode, tell user they can ssh in to enable
admin from WAN, do their business, then disable it. It would
be good to enable the option and autodisable it when the ssh
connection dies.</p>
""" % {'product':cfg.product_name, 'box':cfg.box_name})
def main(self, message='', **kwargs):
store = filedict_con(cfg.store_file, 'sys')
defaults = {'wan_admin': "''",
'wan_ssh': "''",
'lan_ssh': "''",
}
for k,c in defaults.items():
if not k in kwargs:
try:
kwargs[k] = store[k]
except KeyError:
exec("if not '%(k)s' in kwargs: store['%(k)s'] = kwargs['%(k)s'] = %(c)s" % {'k':k, 'c':c})
form = Form(title=_("Accessing the %s" % cfg.box_name),
action="/sys/config/wan",
name="admin_wan_form",
message=message )
form.html(self.help())
if cfg.users.expert():
form.checkbox(_("Allow access to Plinth from WAN"), name="wan_admin", checked=kwargs['wan_admin'])
form.checkbox(_("Allow SSH access from LAN"), name="lan_ssh", checked=kwargs['lan_ssh'])
form.checkbox(_("Allow SSH access from WAN"), name="wan_ssh", checked=kwargs['wan_ssh'])
form.submit(_("Submit"))
return form.render()
def process_form(self, wan_admin='', wan_ssh='', lan_ssh='', *args, **kwargs):
store = filedict_con(cfg.store_file, 'sys')
for field in ['wan_admin', 'wan_ssh', 'lan_ssh']:
exec("store['%s'] = %s" % (field, field))
return "Settings updated."
|