diff options
Diffstat (limited to 'README.md')
-rw-r--r-- | README.md | 20 |
1 files changed, 6 insertions, 14 deletions
@@ -14,9 +14,7 @@ To build Levitating, you'll need: * GNU Fortran or another compiler that supports a handful of extensions used * libssl -* json-fortran (version 7 series, should work with 8) -* uuidgen (part of Debian's uuid-runtime package) -* mkpasswd (part of Debian's whois package) if your system is having trouble with creating users (see below) +* json-fortran (version 7 series, untested with 8) ## Instructions @@ -36,27 +34,21 @@ It should be noted that _players_ have absolutely no restrictions on functions l The _player_ processes will communicate with the _captain_ via the [Gemini protocol](https://gemini.circumlunar.space/), a quasi-standard that is meant as a simpler alternative to HTTP. The _players_ will upload files to the server via the [Titan protocol](https://communitywiki.org/wiki/Titan), a system for uploading files meant to pair with the Gemini protocol. -Currently, the only way to access the portal for starting _jobs_, adding _players_, or viewing results is also via the Gemini protocol. You'll need to keep port 1965 open for the _captain_, which must be run via xinetd or inetd. +Users can access the portal for starting _jobs_, adding _players_, or viewing results is also via the Gemini protocol. You'll need to keep port 1965 open for the _captain_, which must be run via xinetd or inetd. -A CGI gateway (that's not a typo) for a compatible HTTP server is planned but non-existent. +Levitating can also be accessed through a CGI gateway (that's not a typo) via a compatible HTTP server. Apache and Lighttpd both have (optional) support for CGI. The default theme is quite acceptable. ## Security -The system currently implements a simple user model. Access levels are defined as 0 through 10, and are listed in the file pointed to by *permissions_file* in the main configuration. An example (and quite reasonable) access model is included in the example folder. Certain access levels, including the public (0), can be restricted from accessing all sorts of features relatively easily. +The current configuration has literally no security features. Anyone who can connect to the _captain's_ interface can start jobs, download releases (the products of what the _players_ build, ostensibly), or manage _players_. Additionally, _players_ are also not authenticated, so any process claiming to be an approved _player_ can just proceed with downloading/uploading files. -Currently, the system provides a command line method of creating an administrator using the *--new-admin* command line option when you execute the captain's executable from the command line. This action will create a user with access level set to 10. At this time, there is no way to create other users through the web or Gemini interfaces, though that would make sense if an administrator is indeed logged in. - -The Gemini login process will pass the user's password as a query. Consider this fact when setting up logins. - -Despite this software being written in Fortran (albeit a modern variant), the password hashing and storage is robust be default. Passwords are hashed via blowfish and stored in the database, and a system-wide salt, appearing in the configuration file, is used prior to blowfish encryption. - -Some older distros that have not included standard blowfish utilities in their runtimes or are just using older Fortran compilers may actually fail to create users. In this case, Levitating includes an alternate *m_crypt* module in the *captain/cryptcl.f90* file that uses the *mkpasswd* command and relies on SHA-512 hashing of passwords instead. Users should really only use this solution if all else fails. +The plan is to change this complete lack of authentication at some point. It's probably not a great idea to leave an instance of Levitating up in a public-facing manner. ## License Levitating is subject to the following license: -Copyright (c) 2021, 2022 Approximatrix, LLC <support@approximatrix.com> +Copyright (c) 2021 Approximatrix, LLC <support@approximatrix.com> Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: |