source: trunk/gsdl/src/recpt/authenaction.cpp@ 368

/**********************************************************************
 *
 * authenaction.cpp -- authenticating users
 * Copyright (C) 1999  DigiLib Systems Limited, New Zealand
 *
 * PUT COPYRIGHT NOTICE HERE
 *
 * $Id: authenaction.cpp 363 1999-07-10 22:19:29Z rjmcnab $
 *
 *********************************************************************/

/*
   $Log$
   Revision 1.1  1999/07/10 22:19:29  rjmcnab
   Initial revision.


 */


#include "authenaction.h"
#include "fileutil.h"
#include "cfgread.h"
#include "cgiutils.h"


/////////////////////////
// a few useful functions
/////////////////////////


// reads in the password file. It returns true if successful
// format is: username password status [groups]
static bool read_passwd (const text_t &passwd_filename, userinfo_tmap &userinfo) {
  text_tarray passwdline;
  userinfo_t thisuserinfo;

  userinfo.erase(userinfo.begin(), userinfo.end());
  
  char *cstr = passwd_filename.getcstr();
  ifstream passwdin (cstr);
  delete cstr;

  if (passwdin) {
    while (read_cfg_line(passwdin, passwdline) >= 0) {
      if (passwdline.size () >= 3) {
    // get the information about the user
    thisuserinfo.clear();
    thisuserinfo.username = passwdline[0];
    thisuserinfo.password = passwdline[1];
    if (passwdline[2] == "enabled") thisuserinfo.status = userinfo_t::enabled;
    else thisuserinfo.status = userinfo_t::disabled;
    if (passwdline.size() >= 4) thisuserinfo.groups = passwdline[3];

    // insert the user information into the map
    if (!thisuserinfo.username.empty()) {
      userinfo[thisuserinfo.username] = thisuserinfo;
    }
      }
    }
    
    passwdin.close ();
    return true;
  }

  return false;
}

// returns true if the user was found, false otherwise
static bool get_user_info (const userinfo_tmap &userinfo, const text_t &username,
               userinfo_t &thisuser) {
  thisuser.clear();

  userinfo_tmap::const_iterator thisuser_here = userinfo.find (username);
  if (thisuser_here != userinfo.end()) {
    thisuser = (*thisuser_here).second;
    return true;
  }
  
  return false;
}

// return true if the password matches, false if it doesn't
static bool check_passwd (const userinfo_t &thisuser, const text_t &password) {
  if (!thisuser.username.empty() && !thisuser.password.empty() &&
      !password.empty() && thisuser.password == password) return true;

  return false;
}

static text_t generate_key (const text_t &/*username*/) {
  return "key";
}


/////////////
// userinfo_t
/////////////


void userinfo_t::clear () {
  username.clear();
  password.clear();
  status = invalid;
  groups.clear();
}



///////////////
// authenaction
///////////////

authenaction::authenaction () {
  // this action uses cgi variable "a"
  cgiarginfo arg_ainfo;
  arg_ainfo.shortname = "a";
  arg_ainfo.longname = "action";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "a";
  arg_ainfo.savedarginfo = cgiarginfo::must;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "us"
  arg_ainfo.shortname = "us";
  arg_ainfo.longname = "user account status";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "invalid";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "ug"
  arg_ainfo.shortname = "ug";
  arg_ainfo.longname = "user groups"; // comma seperated list
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "un"
  arg_ainfo.shortname = "un";
  arg_ainfo.longname = "user name";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::must;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "pw"
  arg_ainfo.shortname = "pw";
  arg_ainfo.longname = "password";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "ky" - gives a specific user authentication for a
  // limited amount of time
  arg_ainfo.shortname = "ky";
  arg_ainfo.longname = "user time key";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::must;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "ua" - ""=no, "1"=yes 
  arg_ainfo.shortname = "ua";
  arg_ainfo.longname = "whether a user has been authenticated";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "er" - compressed arguments for the referer page
  arg_ainfo.shortname = "er";
  arg_ainfo.longname = "the compressed args of the refer page";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);

  // "uan" - whether user authentication is needed
  arg_ainfo.shortname = "uan";
  arg_ainfo.longname = "whether user authentication is needed";
  arg_ainfo.multiplechar = true;
  arg_ainfo.defaultstatus = cgiarginfo::weak;
  arg_ainfo.argdefault = "";
  arg_ainfo.savedarginfo = cgiarginfo::mustnot;
  argsinfo.addarginfo (NULL, arg_ainfo);
}

void authenaction::configure (const text_t &key, const text_tarray &cfgline) {
  // get the password filename
  if (cfgline.size() == 1) {
    if (key == "passwdfile") passwdfile = cfgline[0];
    else if (key == "gsdlhome" && passwdfile.empty()) {
      passwdfile = filename_cat (cfgline[0], "etc", "passwd");
    }
  }

  action::configure (key, cfgline);
}

bool authenaction::init (ostream &logout) {
  outconvertclass text_t2ascii;
    
  // read in the password file
  if (!read_passwd (passwdfile, userinfo)) {
    logout << text_t2ascii << "Error: could not read in the password file "
       << passwdfile << "\n";
    return false;
  }
    
  return action::init (logout);
}

bool authenaction::check_cgiargs (cgiargsinfoclass &/*argsinfo*/, cgiargsclass &/*args*/, 
                  ostream &/*logout*/) {
  return true;
}

// returns false if there is a major problem with the cgi arguments -- not
// if authentication fails. If the authentication fails "un" will be empty
bool authenaction::check_external_cgiargs (cgiargsinfoclass &argsinfo,
                       cgiargsclass &args,
                       outconvertclass &outconvert,
                       const text_t &saveconf,
                       ostream &logout) {
  // success will be dealt with using a redirect in get_cgihead_info if neede
  // failure means we have to redirect to this action to get authentication
  // (if we are not already doing this)

  userinfo_t thisuser;

  text_t &args_uan = args["uan"];
  text_t &args_un = args["un"];
  text_t &args_pw = args["pw"];
  text_t &args_us = args["us"];
  text_t &args_ug = args["ug"];
  text_t &args_ky = args["ky"];
  text_t &args_ua = args["ua"];
  
  args_ua.clear(); // default = false;
  if (args_un.empty() || args_pw.empty()) args_us = "invalid";
  else args_us = "failed";

  // make sure we have a username
  if (!args_un.empty() && get_user_info (userinfo, args_un, thisuser)) {
    if (!args_pw.empty()) {
      // we are authenticating using a password
      if (check_passwd (thisuser, args_pw))
    args_ua = "1"; // succeeded
      
    } else if (!args_ky.empty()) {
      // we are authenticating using a key
      args_ua = "1"; // succeeded !!!!!!!!!!!!!!!!!!!
    }
  }

  args_pw.clear(); // password goes no further
  
  if (!args_ua.empty()) {
    if (thisuser.status==userinfo_t::enabled) {
      // succeeded, get info about this user
      args_us = "enabled";
      args_ug = thisuser.groups;
      args_ky = generate_key (args_un); // new key
    } else {
      // succeeded, however, the account is disabled
      args_ua.clear();
      args_us = "disabled";
      args_ug.clear();
      args_ky.clear();
    }

  } else {
    // failure, reset info about the user
    args_ug.clear();
    args_ky.clear();
  }

  // we will have to redirect the user if authentication is needed,
  // it failed, and we weren't on our way to be authenticated anyway
  if (!args_uan.empty() && args_ua.empty() && args["a"] != "a") {
    // need to save the current arguments in "er"
    text_t &arg_er = args["er"];
    if (!compress_save_args(argsinfo, saveconf, args, arg_er, outconvert, logout))
      arg_er.clear();
    
    // redirect to this action
    args["a"] = "a";
  }
  
  return true;
}

void authenaction::get_cgihead_info (cgiargsclass &/*args*/, response_t &response,
                     text_t &response_data, ostream &/*logout*/) {
  response = content;
  response_data = "text/html";
}

void authenaction::define_internal_macros (displayclass &disp, cgiargsclass &args, 
                      recptproto */*collectproto*/, ostream &/*logout*/) {
  // sets _authen:messageextra_ based on the value of args["us"]
  disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"]
                         + "_")); 
}

void authenaction::define_external_macros (displayclass &/*disp*/, cgiargsclass &/*args*/, 
                       recptproto */*collectproto*/, ostream &/*logout*/) {
}

bool authenaction::do_action (cgiargsclass &args, recptproto */*collectproto*/,
                  displayclass &disp, outconvertclass &outconvert, 
                  ostream &textout, ostream &/*logout*/) {
  if (args["us"] == "enabled") {
    // have been authenticated
    textout << outconvert << disp
        << "_authenok:header_\n_authenok:content_\n_authenok:footer_\n";
    return true;
  }

  // need to be authenticated
  textout << outconvert << disp
      << "_authen:header_\n_authen:content_\n_authen:footer_\n";

  return true;
}