#62 2.5 cli (w/ patch): allow >1 NIC, allow CLIKey passphrase

[Chapman Flack]

I e-mailed this patch to Christopher Miller a while back; just adding it here so there's a tracker record.

This patch is against the 2.5 (svn rev 528) version of cliFilelocker.py and also works against
a Filelocker 2.4.5 backend (the version deployed at my institution).

TL;DR version:

1. allows cliFilelocker.py to be used on a client machine that has more than one
   network interface/IP address.

2. allows CLIKey in conf file to be protected by a passphrase (so someone gaining
   access to the conf file isn't immediately able to impersonate user in Filelocker).

3. minimum Python version extended from 2.6 back to 2.4.3 (since that's the
   version still used in Red Hat EL 5 which is not EOL yet).

Longer version below.

---

Hi,

As promised, here are some patches to cliFilelocker.py that
I made for us in Math. This is a diff against cliFilelocker.py
at revision 528 in your sourceforge repository.

I'm sending one diff set reflecting everything I changed. If
you need it separated out by functional change I can go back
and do that, but this is easier.

Here's what we changed:

• Runs in Python 2.4.3. That's the version you have in
  Red Hat Enterprise Linux 5, which isn't end-of-life yet,
  so it seemed worth supporting.

My aim was that under 2.6 it should still work exactly as
before. You probably want to check.

• Added '-a list' (without it there didn't seem to be
  any way to see the file IDs of your files without running
  interactively and choosing one of the options that gives you
  a list). It might be nice if the plain "upload" action spat
  out the resulting file ID, but I did not add that.

• Now works on a client that has more than one network card.
  A CLIKey is bound to one specific IP address, so if the
  client machine has more than one, things break if the OS
  happens to connect from an address other than the one that
  goes with the key. So, adds a cli_key_ip option in the
  configuration file. If it is present, the local socket will
  be bound explicitly to that address before contacting the
  server.

• Now allows the CLIKey in the configuration file to be
  protected with a passphrase. This is not required; the
  key can still be stored clear as before, and then no
  passphrase will be prompted for. So unattended scripts
  running on very secure servers and accounts can still
  work that way. But in general--since if anybody could
  get read access to the config file with a clear CLI Key
  in it, they could impersonate that user on Filelocker--
  we wanted also to have the option of requiring a passphrase,
  so the config file doesn't give away the store.

• Added '-a setup' to create a configuration file.
  Prompts for the server URL, the IP address that the CLI Key
  is for, the CLI Key, and a passphrase, and writes the
  configuration file.

Those are the changes. Below are the instructions we put
on our own wiki for how to use it, and I'll attach the
patch itself.

Cheers,
Chapman Flack

---

Before it can be used, a user must use Filelocker's web interface
to generate a CLIKey, and save that in a configuration file.
By default, cliFilelocker.py looks for filelocker_cli.conf
in the current directory whenever it is run, not in the
home directory. A configuration file can be explicitly specified
with the -c option. A user might want an alias that uses -c
to specify a home-directory configuration file, so the command
doesn't depend so much on what the current directory is when it is run.

A Filelocker CLIKey allows access only from one IP address, so it must
be generated for the IP address of the client where cliFilelocker.py
will be used. If the client has more than one address, it doesn't matter
which one the CLIKey is generated for, but that address must be
specified in the configuration file to make sure the client always binds
the right address when contacting the server.

So, to set up command-line access:

1. Log in to the [Filelocker][] web interface.
2. Click Account at the top right.
3. Click the Filelocker CLI tab. A list of keys you have created will be
   shown (empty, if you haven't created any).
4. The IP address entry field will default to where your browser is
   running. You can generate a key for any other address by entering it
   here.
5. Click Generate CLI Key. The newly-generated key appears in the list.
6. On the client machine you will use, run cliFilelocker.py -a setup
7. Enter the server URL when prompted (https://filelocker.purdue.edu)
8. Enter the IP address the key was generated for. (It must be a valid
   address of the client machine.)
9. Copy and paste the CLI Key (32 hex digits) when prompted.
10. Enter a passphrase to protect the key (twice to confirm, as usual).

The settings will be saved in filelocker_cli.conf in the current
directory (unless you specified otherwise with the -c option).

Now you can use the cliFilelocker.py command as in the following
examples. The -u option specifies your PurdueCareerAccount ("mypca"
below). When sharing a file, use -t for the PurdueCareerAccount of the
person ("target") you wish to share with. The -f option gives the name
of a file to upload; -i gives the file ID (a number) of a file
already uploaded, in order to share, unshare, download, or delete it.

cliFilelocker.py -u mypca -a upload_and_share_user -f myfile -t target
cliFilelocker.py -u mypca -a list
cliFilelocker.py -u mypca -a delete -i 12345

and so on.

Multiple clients

The configuration file syntax only allows it to contain one
CLI Key generated for one IP address. Multiple clients need
their own configuration files. If you have a home directory
shared across different clients, you may have to create
configuration files with distinct names, and use the -c
option to specify which to use. An alias could be used to
supply the right -c option based on the host name.

Use without a passphrase

It is possible to create a configuration file that contains an
unencrypted copy of the CLI Key, and then cliFilelocker.py can
be used without giving any passphrase. In fact, this was originally
the only way to use it. That might be handy for something
that runs unattended, like a cron job, but it means that anyone
who gains read access to that config file can do anything in
Filelocker as you! That had better be done for very special
purposes only, on very secure machines and accounts.

Revoking a CLI key

A CLI Key that is no longer needed, or may have fallen into
the wrong hands, can be revoked through the web interface by
again clicking Account, then the Filelocker CLI tab, then the
red X next to the key in question. That key will no longer
be usable for Filelocker access.

[Chapman Flack]

Patch to svn rev 528 of cliFilelocker.py