Context Navigation

source: trunk/gsdl/src/recpt/authenaction.cpp@ 7425

Last change on this file since 7425 was 7425, checked in by mdewsnip, 20 years ago
(Human Info) Changed all "" to g_EmptyText.
Property svn:executable set to ``* Property svn:keywords set to `Author Date Id Revision`
File size: 12.0 KB

Rev	Line
[363]	1	/**********************************************************************
	2	*
	3	* authenaction.cpp -- authenticating users
	4	* Copyright (C) 1999 DigiLib Systems Limited, New Zealand
	5	*
[533]	6	* A component of the Greenstone digital library software
	7	* from the New Zealand Digital Library Project at the
	8	* University of Waikato, New Zealand.
[363]	9	*
[533]	10	* This program is free software; you can redistribute it and/or modify
	11	* it under the terms of the GNU General Public License as published by
	12	* the Free Software Foundation; either version 2 of the License, or
	13	* (at your option) any later version.
	14	*
	15	* This program is distributed in the hope that it will be useful,
	16	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	17	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	18	* GNU General Public License for more details.
	19	*
	20	* You should have received a copy of the GNU General Public License
	21	* along with this program; if not, write to the Free Software
	22	* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
	23	*
[363]	24	*********************************************************************/
	25
[7371]	26	#include "gsdl_modules_cfg.h"
	27	#ifdef GSDL_USE_AUTHEN_ACTION
	28
[363]	29	#include "authenaction.h"
	30	#include "fileutil.h"
	31	#include "cfgread.h"
	32	#include "cgiutils.h"
[369]	33	#include "infodbclass.h"
	34	#include "gsdltimes.h"
[374]	35	#include "userdb.h"
[363]	36
	37
	38	///////////////
	39	// authenaction
	40	///////////////
	41
	42	authenaction::authenaction () {
[1402]	43	keydecay = 1800; // 30 minutes
[369]	44	recpt = NULL;
	45
[363]	46	// this action uses cgi variable "a"
	47	cgiarginfo arg_ainfo;
	48	arg_ainfo.shortname = "a";
	49	arg_ainfo.longname = "action";
	50	arg_ainfo.multiplechar = true;
	51	arg_ainfo.defaultstatus = cgiarginfo::weak;
	52	arg_ainfo.argdefault = "a";
	53	arg_ainfo.savedarginfo = cgiarginfo::must;
	54	argsinfo.addarginfo (NULL, arg_ainfo);
	55
	56	// "us"
	57	arg_ainfo.shortname = "us";
	58	arg_ainfo.longname = "user account status";
	59	arg_ainfo.multiplechar = true;
	60	arg_ainfo.defaultstatus = cgiarginfo::weak;
	61	arg_ainfo.argdefault = "invalid";
	62	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	63	argsinfo.addarginfo (NULL, arg_ainfo);
	64
	65	// "ug"
	66	arg_ainfo.shortname = "ug";
	67	arg_ainfo.longname = "user groups"; // comma seperated list
	68	arg_ainfo.multiplechar = true;
	69	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	70	arg_ainfo.argdefault = g_EmptyText;
[363]	71	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	72	argsinfo.addarginfo (NULL, arg_ainfo);
	73
	74	// "un"
	75	arg_ainfo.shortname = "un";
	76	arg_ainfo.longname = "user name";
	77	arg_ainfo.multiplechar = true;
	78	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	79	arg_ainfo.argdefault = g_EmptyText;
[363]	80	arg_ainfo.savedarginfo = cgiarginfo::must;
	81	argsinfo.addarginfo (NULL, arg_ainfo);
	82
	83	// "pw"
	84	arg_ainfo.shortname = "pw";
	85	arg_ainfo.longname = "password";
	86	arg_ainfo.multiplechar = true;
	87	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	88	arg_ainfo.argdefault = g_EmptyText;
[363]	89	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	90	argsinfo.addarginfo (NULL, arg_ainfo);
	91
	92	// "ky" - gives a specific user authentication for a
	93	// limited amount of time
	94	arg_ainfo.shortname = "ky";
	95	arg_ainfo.longname = "user time key";
	96	arg_ainfo.multiplechar = true;
	97	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	98	arg_ainfo.argdefault = g_EmptyText;
[363]	99	arg_ainfo.savedarginfo = cgiarginfo::must;
	100	argsinfo.addarginfo (NULL, arg_ainfo);
	101
	102	// "ua" - ""=no, "1"=yes
	103	arg_ainfo.shortname = "ua";
	104	arg_ainfo.longname = "whether a user has been authenticated";
	105	arg_ainfo.multiplechar = true;
	106	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	107	arg_ainfo.argdefault = g_EmptyText;
[363]	108	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	109	argsinfo.addarginfo (NULL, arg_ainfo);
	110
	111	// "er" - compressed arguments for the referer page
	112	arg_ainfo.shortname = "er";
	113	arg_ainfo.longname = "the compressed args of the refer page";
	114	arg_ainfo.multiplechar = true;
	115	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	116	arg_ainfo.argdefault = g_EmptyText;
[363]	117	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	118	argsinfo.addarginfo (NULL, arg_ainfo);
	119
	120	// "uan" - whether user authentication is needed
	121	arg_ainfo.shortname = "uan";
	122	arg_ainfo.longname = "whether user authentication is needed";
	123	arg_ainfo.multiplechar = true;
	124	arg_ainfo.defaultstatus = cgiarginfo::weak;
[7425]	125	arg_ainfo.argdefault = g_EmptyText;
[363]	126	arg_ainfo.savedarginfo = cgiarginfo::mustnot;
	127	argsinfo.addarginfo (NULL, arg_ainfo);
	128	}
	129
	130	void authenaction::configure (const text_t &key, const text_tarray &cfgline) {
	131	// get the password filename
	132	if (cfgline.size() == 1) {
[374]	133	if (key == "usersfile") usersfile = cfgline[0];
[369]	134	else if (key == "keyfile") keyfile = cfgline[0];
	135	else if (key == "keydecay") keydecay = cfgline[0].getint();
[363]	136	}
	137
	138	action::configure (key, cfgline);
	139	}
	140
	141	bool authenaction::init (ostream &logout) {
[2212]	142
	143	if (gdbmhome.empty()) {
	144	logout << "ERROR (authenaction::init) gdbmhome is not set\n";
	145	return false;
	146	}
	147
	148	if (usersfile.empty()) usersfile = filename_cat (gdbmhome, "etc", "users.db");
	149	if (keyfile.empty()) keyfile = filename_cat (gdbmhome, "etc", "key.db");
	150
[363]	151	return action::init (logout);
	152	}
	153
	154	bool authenaction::check_cgiargs (cgiargsinfoclass &/argsinfo/, cgiargsclass &/args/,
[3546]	155	recptprotolistclass * /protos/, ostream &/logout/) {
[363]	156	return true;
	157	}
	158
	159	// returns false if there is a major problem with the cgi arguments -- not
	160	// if authentication fails. If the authentication fails "un" will be empty
	161	bool authenaction::check_external_cgiargs (cgiargsinfoclass &argsinfo,
	162	cgiargsclass &args,
	163	outconvertclass &outconvert,
[7425]	164	const text_tarray &saveconf,
[363]	165	ostream &logout) {
[1505]	166
	167	// no need to go further unless authentication is
	168	// required by this page
	169	if (args["uan"].empty()) return true;
	170
	171
[363]	172	// failure means we have to redirect to this action to get authentication
	173	// (if we are not already doing this)
	174
	175	userinfo_t thisuser;
	176
[374]	177	text_t &args_uan = args["uan"]; text_t &args_un = args["un"];
	178	text_t &args_pw = args["pw"]; text_t &args_us = args["us"];
	179	text_t &args_ug = args["ug"]; text_t &args_ky = args["ky"];
[507]	180	text_t &args_ua = args["ua"]; text_t &args_a = args["a"];
[374]	181
	182	// we must have a username and a password or a key to
	183	// do any authentication
[363]	184	args_ua.clear(); // default = false;
	185	if (args_un.empty() \|\| args_pw.empty()) args_us = "invalid";
	186	else args_us = "failed";
	187
	188	// make sure we have a username
[374]	189	if (!args_un.empty() && get_user_info (usersfile, args_un, thisuser)) {
[363]	190	if (!args_pw.empty()) {
	191	// we are authenticating using a password
[374]	192	if (check_passwd (thisuser, args_pw)) args_ua = "1"; // succeeded
[363]	193
	194	} else if (!args_ky.empty()) {
	195	// we are authenticating using a key
[374]	196	if (check_key (keyfile, thisuser, args_ky, args_ug, keydecay)) args_ua = "1";
[369]	197	else args_us = "stalekey";
[363]	198	}
	199	}
	200
	201	args_pw.clear(); // password goes no further
	202	if (!args_ua.empty()) {
[374]	203	if (thisuser.enabled) {
	204	bool haspermission = true;
[4974]	205
[369]	206	// check to make sure the user is in the required group
[4974]	207	// one group is available only at the moment.
	208	// this is what we are changing !
	209
[369]	210	if (!args_ug.empty()) {
[4974]	211
	212	// Since we recieve a comma seperated list
	213	// of groups like mygroup,yourgroup,ourgroup
	214	// we want to split them into individual groups
	215	// and examine them. This is what is done here.
	216
	217	text_tset splitgrps;
	218	text_t::const_iterator split_here = args_ug.begin();
	219	text_t::const_iterator split_end = args_ug.end();
	220
	221	splitchar(split_here,split_end,',',splitgrps);
	222
	223	haspermission = false;
	224
	225	// This examines the current user to be authenticated and
	226	// tries to see if he or she is in the group that we have in
	227	// thisuser structure. We compare args_ua contents with that
	228	// of the user database.
	229
	230	text_t::const_iterator group_here = thisuser.groups.begin();
	231	text_t::const_iterator group_end = thisuser.groups.end();
	232	text_t thisgroup;
[369]	233	while (group_here != group_end) {
[4974]	234	group_here = getdelimitstr (group_here, group_end, ',', thisgroup);
	235	if (splitgrps.find(thisgroup) != splitgrps.end() )
	236	{
	237	haspermission = true;
	238	break;
	239	}
[369]	240	}
	241	}
[4974]	242
[374]	243	if (haspermission) {
[4974]	244	// succeeded, get info about this user
	245	// note: we don't need to set "ug" as it is already set to what it needs to be
	246	args_us = "enabled";
[374]	247	args_ky = generate_key (keyfile, args_un); // new key
[4974]	248
[374]	249	// delete old keys around every 50 accesses
	250	if (rand()%50 == 1) remove_old_keys (keyfile, keydecay);
[369]	251
	252	} else {
	253	// succeeded, however, the user is not in the correct group
[4974]	254	args_ua.clear();
	255	args_us = "permissiondenied";
	256	args_ky.clear();
[369]	257	}
[4974]	258
[363]	259	} else {
[4974]	260	// succeeded, however, the account is disabled
[363]	261	args_ua.clear();
	262	args_us = "disabled";
	263	args_ky.clear();
	264	}
	265
	266	} else {
	267	// failure, reset info about the user
	268	args_ky.clear();
	269	}
	270
	271	// we will have to redirect the user if authentication is needed,
	272	// it failed, and we weren't on our way to be authenticated anyway
[507]	273	if ((!args_uan.empty()) && (args_ua.empty()) && (args_a != "a")) {
[363]	274	// need to save the current arguments in "er"
	275	text_t &arg_er = args["er"];
	276	if (!compress_save_args(argsinfo, saveconf, args, arg_er, outconvert, logout))
	277	arg_er.clear();
	278
[1432]	279	// needs to be decoded for use within forms
	280	decode_cgi_arg (arg_er);
	281
[363]	282	// redirect to this action
[507]	283	args_a = "a";
[363]	284	}
	285
	286	return true;
	287	}
	288
[755]	289	void authenaction::get_cgihead_info (cgiargsclass &/args/, recptprotolistclass * /protos/,
	290	response_t &response, text_t &response_data,
	291	ostream &/logout/) {
[363]	292	response = content;
	293	response_data = "text/html";
	294	}
	295
[755]	296	void authenaction::define_internal_macros (displayclass &disp, cgiargsclass &args,
	297	recptprotolistclass * /protos/, ostream &/logout/) {
[363]	298	// sets _authen:messageextra_ based on the value of args["us"]
[369]	299	// _authen:hiddenargs_ to contain all the arguments that were
	300	// explicitly set
[363]	301	disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"]
[369]	302	+ "_"));
[722]	303	// change style of header and footer if page is a frame
[1796]	304	if ((args["p"].empty()) \|\| (args["p"] == "frameset")) {
[722]	305	disp.setmacro ("header", "authen", "_status:infoheader_(Log in)");
	306	disp.setmacro ("header", "authenok", "_status:infoheader_(Log in)");
	307	disp.setmacro ("footer", "authen", "_status:infofooter_(Log in)");
	308	disp.setmacro ("footer", "authenok", "_status:infofooter_(Log in)");
	309	}
[369]	310
	311	// get a list of saved configuration arguments (if possible)
	312	text_tset saveconfset;
	313	if (recpt != NULL) {
[7425]	314	text_tarray::const_iterator thisSaveConf = recpt->get_configinfo().saveconf.begin();
	315	text_tarray::const_iterator endSaveConf = recpt->get_configinfo().saveconf.end();
	316	while (thisSaveConf != endSaveConf) {
	317	saveconfset.insert(*thisSaveConf);
	318	++thisSaveConf;
	319	}
[369]	320	}
	321
	322	text_t hiddenargs;
	323	cgiargsclass::const_iterator args_here = args.begin();
	324	cgiargsclass::const_iterator args_end = args.end();
	325	while (args_here != args_end) {
	326	// set this as a hidden argument if it came from the cgi arguments,
	327	// its not the compressed arguments, the query string, a user name or
[3423]	328	// password, or collect.cfg, and if it is not in the compressed arguments
[369]	329	if ((*args_here).second.source == cgiarg_t::cgi_arg &&
	330	(args_here).first != "e" && (args_here).first != "q" &&
	331	(args_here).first != "un" && (args_here).first != "pw" &&
[3423]	332	(*args_here).first != "cfgfile" &&
[369]	333	saveconfset.find((*args_here).first) == saveconfset.end()) {
	334	hiddenargs += "<input type=hidden name=\"" + (*args_here).first +
	335	"\" value=\"_cgiarg" + (*args_here).first + "_\">\n";
	336	}
	337	args_here++;
	338	}
	339
	340	disp.setmacro ("hiddenargs", "authen", hiddenargs);
[363]	341	}
	342
[755]	343	bool authenaction::do_action (cgiargsclass &args, recptprotolistclass * /protos/,
	344	browsermapclass * /browsers/, displayclass &disp,
[421]	345	outconvertclass &outconvert, ostream &textout,
	346	ostream &/logout/) {
[363]	347	if (args["us"] == "enabled") {
	348	// have been authenticated
	349	textout << outconvert << disp
	350	<< "_authenok:header_\n_authenok:content_\n_authenok:footer_\n";
	351	return true;
	352	}
[755]	353
[363]	354	// need to be authenticated
	355	textout << outconvert << disp
	356	<< "_authen:header_\n_authen:content_\n_authen:footer_\n";
	357
	358	return true;
	359	}
[7371]	360
	361	#endif //GSDL_USE_AUTHEN_ACTION

Note: See TracBrowser for help on using the repository browser.

Download in other formats: