Begin with your repository and state of work from Checkpoint 2
Daemonize your code using the provided code, and the passed in lock file commandline parameter. You may wish to disable daemonizing when debugging/developing.
Create a DNS hostname for yourself with a free account at No-IP (or use a domain name you already have...)
Obtain your own private key and public certificate from the 15-441 CMU CA.
Implement SSL server-side.
Use the OpenSSL library, here is a link to their documentation.
Refer to provided Python SSL code for a high-level idea of what to do.
Create a second server socket in addition to the first one, use the passed in SSL port from the commandline arguments.
Add this socket to the select() loop just like your normal HTTP server socket.
Whenever you accept connections, wrap them with the SSL wrapping functions.
Use the special read() and write() SSL functions to read and write to these special connected clients
In the select() loop, you need to know if a socket you are dealing with is SSL wrapped or not
Use appropriate IO depending on the 'type' of socket---although use select() for all fd's
Use your private key and certificate file that you obtained earlier
If you setup your browser, you may now verify that connections to your webserver use TLSv1.0; inspect the ciphers, message authentication hash scheme, and key exchange methods used by your server.
Implement the Common Gateway Interface (CGI RFC, URI RFC)
CGI URI's may accept GETs, POSTs, and HEADs; your job is not to decide this, just pass along information to the program being called
You must now parse inbound URI's to look for a special root folder, and in addition chop off arguments passed via URI according to specifications.
Any URI starting with '/cgi/' will be handled by a single command-line specified executable via a CGI interface coded by you
You need to pipe stdin, pipe stdout, fork(), setup environment variables per the CGI specification, and execve() the executable (it should be executable)
Note: Watch the piped fd's in the parent process using your select() loop. Just add them to the appropriate select() sets and treat them like sockets, except you have to pipe them further to specific sockets.
Pass any message body (especially for POSTs) via stdin to the CGI executable
Receive any response over stdout until the process dies (monitor process status), or there is nothing more to read or broken pipe encountered
If the CGI program fails in any way, return a 500 response to the client, otherwise
Send all bytes from the stdout of the spawned process to the requesting client.
The CGI application will produce headers and message body as it sees fit, you do not need to modify or inspect these bytes at all; you are a proxy...things have come full circle!
Use a virtualenv if you do not have root (you may make a relocatable one locally and upload it to servers to work with there) and can't install necessary packages.
Submit all of the Flask blog files with your final project submission.
DO NOT submit database files, only submit the templates and Python code.
Instead of doing app.run() in the '__main__', you should use the WSGI wrapper function as demonstrated.
Verify that CGI works with this blog. See what it does with your web server serving it, and what its own internal web server does.
Submission is the same as Checkpoint 1. Tag and upload your repo in a tarball to the corresponding lab on autolab by 10/7 (cut off is midnight).
Make your main Python script include this virtualenv in its path like in this
The ordering of these is from easiest to hardest moving from Checkpoint 2 forward. It should be relatively
straightforward to get HTTPS working. You just need to have a notion of a 'type' of socket and keep that straight
within your select() loops. CGI is a bit more difficult. You need to learn how to set environment variables according
to the CGI RFC 3875, and how to properly parse URIs according to RFC 2396 with passed in arguments. In addition, you need to handle multiple processes at once.
Thus, a lot of work will need to be devoted to CGI. You will test your CGI with your Python blog. You are encouraged to add
whatever features you'd like to your Python blog, just document them in your readme.txt.
Files we expect to see in your final submission:
Makefile - make sure nothing is hard coded specific to your user; should build a 'lisod' file which runs the HTTP 1.1 server
All of your source code - all .c and .h files
readme.txt - file containing a brief description of your current implementation of lisod
tests.txt - file containing a brief description of your testing methods for lisod
vulnerabilities.txt - identify at least one vulnerability in your current implementation
sslkey.key - your private key you are using for SSL development
sslcrt.crt - your public certificate you are using for SSL development
flaskr/ - folder containing your implemented blog from the Flask tutorial
schema.sql - your database schema
flaskr.py - your dynamic Flask blog
static/
style.css - tutorial/blog CSS stylesheet
templates/ - folder containing templated HTML with Jinja2 markup
layout.html - the header/setup for other pages/views
show_entries.html - show the entries of the blog from the database
login.html - display a form to POST and login a user
Last updated: 2016-10-07 13:45:29 -0400
[validate xhtml]