[PLUG] winscp
I'm thinking about how to address security concerns with mount.cifs from a Pi 3 running Raspbian Stretch. An option is to have the customer run winscp server on their Windows server and give me a login/password to a limited account that can see the relevant shared files on the windows network. Granted, once I'm connecting via a limited account, the security concerns are less for mount.cifs. OpenSSH is the code behind winscp, but from what I can see, the administrator has to install winscp. If I ignore the security concern that the password transmits in the clear with mount.cifs, it is simple for the Windows administrator to set up a share and a limited login that can access that share. As far as active directory, etcetera, I don't understand how that works where I lack the necessary time to learn how that works. PC-NFS has problems similar to mount.cifs, unless of course Kerberos is used for authentication. Again, I don't have time to learn how to setup Kerberos and it would be a lot of work on the windows side. The Raspberry Pi 3 model B is limited on processing power and memory. Push it hard enough and it will overheat. Keep in mind, the only time truss files need to transfer from Windows to the Pi is when there is a request for a new one that isn't already locally available. If scp is used, that should be lighter than keeping a CIFS share or an NFS share mounted between Linux and Windows. ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Sockets and premature exit C.
The scenario is you have a standard C program that opens sockets. The sockets are used in an infinite loop that never exits. How do you close these sockets immediately on premature exit? There is C atexit(), but the problem is that no arguments can be passed to that. I don't have the integers that refer to the open sockets. The process has the sockets, but how do I access them to close them? One thought is to make the integers global that point to the sockets in question, then they are available at exit... but generally speaking, the use of global variables is a very bad practice.___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] Emacs org-mode
I'm learning emacs' org-mode for use with GTD and have two questions about tags for which I've not found answers in the manual/short guide or on web pages. 1.) Tags can be a string such as 'work' or be preceeded by '_' or '@'. I see examples of tags such as '@work'; haven't yet seen one such as '_work'. I've also seen the '@' prefix applied to items within a tag category such as :OFFICE:@coffeebreak. When is each prefix, or no prefix, appropriate? 2.) The same tag names should be used for the same headlines to which they apply, which suggests that a list of tags should be kept. Is there a place within ~/.emacs or an org-mode file for this reference list? Rich ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Sockets and premature exit C.
I"m trying to find out how to close sockets with a signal handler
function in C without having the socket numbers.
...
#include
void sighandler(int);
void socket_closer(void);
void sighandler(int signum)
{
socket_closer(); // Close any open sockets...
}
int main(int argc,char * argv)
{
signal(SIGABRT,sighandler);
signal(SIGFPE,sighandler);
signal(SIGILL,sighandler);
signal(SIGINT,sighandler);
signal(SIGSEGV,sighandler);
signal(SIGTERM,sighandler);
...
`
// Open some UNIX, TCP, RAW, or UDP sockets and enter an infinite
while loop, no closing.
...
// Main never exits normally and this is required.
}
void socket_closer(void)
{
// Need to get the name of socket ???.
close(???);
exit(0);
}
I need to know how to write socket_closer.
Note that the signal handler function does not have any of the socket
numbers and I cannot store them in global variables.
I should close all filehandles too on signal, but sockets first. I'm
trying to use opendir in socket_closer to open
/proc/net/udp, /proc/net/tcp, /proc/net/unix, and /proc/net/raw, but I
can't. Is there a process specific proc directory
that I can open? Specifically, I want the proc entries from the current
process. I need immediate socket cleanup or else
I'd leave the program as-is and wait for the stale sockets to be closed
by Linux. I think it takes between 15 seconds and
three minutes for Linux to clean up the stale sockets. That is a LOT of
time, too long to wait in fact. I'm looking for
a way to catch any signal that the program is exiting and clean up the
sockets even though I don't have the socket numbers.___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
[PLUG] THURSDAY PLUG General Meeting: OAuth 2.0 Simplified
Portland Linux/Unix Group General Meeting Announcement Who: Aaron Parecki What: OAuth 2.0 Simplified Where: PSU, 1930 SW 4th Ave. Room FAB 86-01 (Lower Level) When: Thursday, December 8th, 2017 at 7pm Why: The pursuit of technology freedom Stream: http://pdxlinux.org/live The OAuth 2.0 authorization framework has become the industry standard in providing secure access to web APIs. OAuth allows users to grant external applications access to their data, such as profile data, photos, and email, without compromising security. However, OAuth can be intimidating when first starting out. In this talk, Aaron Parecki will break down the various OAuth workflows and provide a simplified overview of the framework, highlighting a few typical use cases. About Aaron Aaron Parecki is the editor of the W3C Webmention and Micropub specifications, and maintains oauth.net. He is the co-founder of IndieWebCamp, a yearly worldwide conference on data ownership and online identity. He has spoken at conferences around the world about OAuth, data ownership, quantified self, and even explained why R is a vowel. You can find more about his work at aaronpk.com. Calagator Page: http://calagator.org/events/1250472936 Many will head to the Lucky Lab at 1945 NW Quimby St. after the meeting. Rideshares to the Lucky Lab available PLUG is open to everyone and does not tolerate abusive behavior on its mailing lists or at its meetings. PLUG Page with information about all PLUG events: http://pdxlinux.org/ Follow PLUG on Twitter: http://twitter.com/pdxlinux Michael Dexter PLUG Volunteer ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] winscp
I would like to reiterate that mount.cifs does not transmitted password in plain text over the network. Unless you use ancient version, which I do not think is possible without extra effort on your side. On Dec 5, 2017 7:26 AM, "michael" wrote: > I'm thinking about how to address security concerns with mount.cifs from a > Pi 3 running Raspbian Stretch. > > An option is to have the customer run winscp server on their Windows > server and give me a login/password to a limited account that can see the > relevant shared files on the windows network. > > Granted, once I'm connecting via a limited account, the security concerns > are less for mount.cifs. OpenSSH is the code behind winscp, but from what > I can see, the administrator has to install winscp. > > If I ignore the security concern that the password transmits in the clear > with mount.cifs, it is simple for the Windows administrator to set up a > share and a limited login that can access that share. > > As far as active directory, etcetera, I don't understand how that works > where I lack the necessary time to learn how that works. PC-NFS has > problems similar to mount.cifs, unless of course Kerberos is used for > authentication. Again, I don't have time to learn how to setup Kerberos > and it would be a lot of work on the windows side. > > The Raspberry Pi 3 model B is limited on processing power and memory. > Push it hard enough and it will overheat. Keep in mind, the only time > truss files need to transfer from Windows to the Pi is when there is a > request for a new one that isn't already locally available. If scp is > used, that should be lighter than keeping a CIFS share or an NFS share > mounted between Linux and Windows. > ___ > PLUG mailing list > PLUG@pdxlinux.org > http://lists.pdxlinux.org/mailman/listinfo/plug > ___ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug
Re: [PLUG] Sockets and premature exit C.
...
void sighandler(int signum)
{
fprintf(stderr,"Caught signal %d\n",signum);
socket_closer();
exit(0);
}
...
void socket_closer()
{
pid_t process_id = getpid();
struct dirent * pDirent;
DIR * pDir;
char command_string[255];
char buffer[256];
FILE * curr_file = NULL;
fprintf(stderr,"%ld\n\n",process_id);
sprintf(command_string,"/proc/%ld/net",(long)process_id);
pDir = opendir (command_string);
if (pDir == NULL)
{
fprintf (stderr,"Cannot open directory '%s'\n", command_string);
}
else
{
while ( NULL != ( pDirent = readdir(pDir)) )
{
if (!strcmp(pDirent->d_name,"."))
{ continue; }
if (!strcmp(pDirent->d_name,".."))
{ continue; }
fprintf(stderr,"[%s]\n",pDirent->d_name);
curr_file=fopen(pDirent->d_name,"r");
if ( curr_file == NULL )
{
fprintf(stderr,"Could not open in read mode!\n"); // curr_file is
always NULL :-(
continue;
}
fprintf(stderr,"Address of curr_file:%ld\n",(long)curr_file);
// I need to find the socket number and close it...
// Just dump the contents of the currently open file for now.
while ( fgets(buffer, 255, curr_file) != NULL )
{ fprintf(stderr,"%s\n",buffer); }
fclose(curr_file);
}
closedir(pDir);
}
}
...
This is an excerpt from a study program where I'm trying to learn how to
close all open sockets in an arbitrary C program from a signal handler.
When a signal is caught and you aren't using global variables to store
the socket numbers, you have to get those numbers in order to explicitly
close the sockets. I'm concerned about opened files as well, but that
will be another function I call from sighandler. I know I can extract
the critical socket number information from proc, but how? Just to be
clear, Linux will clean up if the function exit is called, but it's too
slow taking between 15 seconds to 3 minutes.
___
PLUG mailing list
PLUG@pdxlinux.org
http://lists.pdxlinux.org/mailman/listinfo/plug
