Changeset 369
- Timestamp:
- 1999-07-11T22:47:32+12:00 (25 years ago)
- Location:
- trunk/gsdl/src/recpt
- Files:
-
- 2 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/gsdl/src/recpt/authenaction.cpp
r363 r369 12 12 /* 13 13 $Log$ 14 Revision 1.2 1999/07/11 10:47:32 rjmcnab 15 Got something basic working. 16 14 17 Revision 1.1 1999/07/10 22:19:29 rjmcnab 15 18 Initial revision. … … 23 26 #include "cfgread.h" 24 27 #include "cgiutils.h" 28 #include "infodbclass.h" 29 #include "gsdltimes.h" 25 30 26 31 … … 89 94 } 90 95 91 static text_t generate_key (const text_t &/*username*/) { 92 return "key"; 96 // returns true if the key is still valid for this user, 97 // and false otherwise 98 static bool check_key (const text_t &keyfile, const userinfo_t &thisuser, 99 const text_t &key, const text_t &group, int keydecay, 100 ostream &logout) { 101 outconvertclass text_t2ascii; 102 103 if (keyfile.empty() || thisuser.username.empty() || 104 key.empty()) return false; 105 106 // the keydecay is set to 1/2 minute for things requiring the 107 // administrator 108 if (group == "administrator") keydecay = 30; 109 110 // open the key database 111 gdbmclass keydb; 112 if (!keydb.opendatabase (keyfile, GDBM_WRCREAT, 1000)) { 113 logout << text_t2ascii << "Error: write open failed for key database \"" 114 << keyfile << "\"\n"; 115 return false; // failed 116 } 117 118 // success if there is a key in the key database that is owned by this 119 // user whose creation time is less that keydecay 120 infodbclass info; 121 bool success = false; 122 if (keydb.getinfo (key, info)) { 123 if (info["user"] == thisuser.username) { 124 time_t keycreation = text2time (info["time"]); 125 if (keycreation == (time_t)-1) { 126 logout << text_t2ascii << "Error: failed to convert an authentication " 127 "key into its equivalent time_t. Time text was \"" << info["time"] 128 << "\" for key \"" << key << "\"\n"; 129 130 } else if (difftime (time(NULL), keycreation) <= keydecay) { 131 // succeeded, update the key's time 132 success = true; 133 info["time"] = time2text(time(NULL)); 134 if (!keydb.setinfo (key, info)) { 135 logout << text_t2ascii << "Error: setinfo failed for key database \"" 136 << keyfile << "\"\n"; 137 } 138 } 139 } 140 } 141 142 // close the database 143 keydb.closedatabase(); 144 145 return success; 146 } 147 148 149 static text_t generate_key (const text_t &keyfile, const text_t &username, 150 ostream &logout) { 151 static const char *numconvert = "0123456789abcdefghijklmnopqrstuvwxyz" 152 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"; 153 outconvertclass text_t2ascii; 154 155 // open the key database 156 gdbmclass keydb; 157 if (!keydb.opendatabase (keyfile, GDBM_WRCREAT, 1000)) { 158 logout << text_t2ascii << "Error: write open failed for key database \"" 159 << keyfile << "\"\n"; 160 return ""; // failed 161 } 162 163 // loop looking for a suitable new key 164 text_t userkey; 165 do { 166 int userkey_int = rand (); 167 while (userkey_int > 0) { 168 userkey.push_back (numconvert[userkey_int%62]); 169 userkey_int /= 62; 170 } 171 172 // make sure this key is not in the database 173 if (keydb.exists (userkey)) userkey.clear(); 174 } while (userkey.empty()); 175 176 // enter the key into the database 177 infodbclass keydata; 178 keydata["user"] = username; 179 keydata["time"] = time2text(time(NULL)); 180 181 if (!keydb.setinfo (userkey, keydata)) { 182 logout << text_t2ascii << "Error: setinfo failed for key database \"" 183 << keyfile << "\"\n"; 184 userkey.clear(); // failed 185 } 186 187 // close the database 188 keydb.closedatabase(); 189 190 return userkey; 93 191 } 94 192 … … 113 211 114 212 authenaction::authenaction () { 213 keydecay = 600; // 10 minutes 214 recpt = NULL; 215 115 216 // this action uses cgi variable "a" 116 217 cgiarginfo arg_ainfo; … … 201 302 if (cfgline.size() == 1) { 202 303 if (key == "passwdfile") passwdfile = cfgline[0]; 203 else if (key == "gsdlhome" && passwdfile.empty()) { 204 passwdfile = filename_cat (cfgline[0], "etc", "passwd"); 304 else if (key == "keyfile") keyfile = cfgline[0]; 305 else if (key == "keydecay") keydecay = cfgline[0].getint(); 306 else if (key == "gsdlhome") { 307 if (passwdfile.empty()) 308 passwdfile = filename_cat (cfgline[0], "etc", "passwd"); 309 if (keyfile.empty()) 310 keyfile = filename_cat (cfgline[0], "etc", "key.db"); 205 311 } 206 312 } … … 256 362 if (!args_pw.empty()) { 257 363 // we are authenticating using a password 258 if (check_passwd (thisuser, args_pw)) 364 if (check_passwd (thisuser, args_pw)) { 259 365 args_ua = "1"; // succeeded 366 } 260 367 261 368 } else if (!args_ky.empty()) { 262 369 // we are authenticating using a key 263 args_ua = "1"; // succeeded !!!!!!!!!!!!!!!!!!! 370 if (check_key (keyfile, thisuser, args_ky, args_ug, keydecay, logout)) 371 args_ua = "1"; 372 else args_us = "stalekey"; 264 373 } 265 374 } … … 269 378 if (!args_ua.empty()) { 270 379 if (thisuser.status==userinfo_t::enabled) { 271 // succeeded, get info about this user 272 args_us = "enabled"; 273 args_ug = thisuser.groups; 274 args_ky = generate_key (args_un); // new key 380 // check to make sure the user is in the required group 381 if (!args_ug.empty()) { 382 thisuser.status = userinfo_t::permissiondenied; 383 text_t::const_iterator group_here = thisuser.groups.begin(); 384 text_t::const_iterator group_end = thisuser.groups.end(); 385 text_t thisgroup; 386 while (group_here != group_end) { 387 group_here = getdelimitstr (group_here, group_end, ',', thisgroup); 388 if (thisgroup == args_ug) { 389 thisuser.status = userinfo_t::enabled; 390 break; 391 } 392 } 393 } 394 395 if (thisuser.status==userinfo_t::enabled) { 396 // succeeded, get info about this user 397 // note: we don't need to set "ug" as it is already set to 398 // what it needs to be 399 args_us = "enabled"; 400 args_ky = generate_key (keyfile, args_un, logout); // new key 401 402 } else { 403 // succeeded, however, the user is not in the correct group 404 args_ua.clear(); 405 args_us = "permissiondenied"; 406 args_ug.clear(); 407 args_ky.clear(); 408 409 } 275 410 } else { 276 411 // succeeded, however, the account is disabled … … 311 446 recptproto */*collectproto*/, ostream &/*logout*/) { 312 447 // sets _authen:messageextra_ based on the value of args["us"] 448 // _authen:hiddenargs_ to contain all the arguments that were 449 // explicitly set 313 450 disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"] 314 + "_")); 451 + "_")); 452 453 // get a list of saved configuration arguments (if possible) 454 text_t saveconf; 455 text_tset saveconfset; 456 if (recpt != NULL) { 457 saveconf = recpt->get_configinfo().saveconf; 458 splitchar (saveconf.begin(), saveconf.end(), '-', saveconfset); 459 } 460 461 text_t hiddenargs; 462 cgiargsclass::const_iterator args_here = args.begin(); 463 cgiargsclass::const_iterator args_end = args.end(); 464 while (args_here != args_end) { 465 // set this as a hidden argument if it came from the cgi arguments, 466 // its not the compressed arguments, the query string, a user name or 467 // password, and if it is not in the compressed arguments 468 if ((*args_here).second.source == cgiarg_t::cgi_arg && 469 (*args_here).first != "e" && (*args_here).first != "q" && 470 (*args_here).first != "un" && (*args_here).first != "pw" && 471 saveconfset.find((*args_here).first) == saveconfset.end()) { 472 hiddenargs += "<input type=hidden name=\"" + (*args_here).first + 473 "\" value=\"_cgiarg" + (*args_here).first + "_\">\n"; 474 } 475 476 args_here++; 477 } 478 479 disp.setmacro ("hiddenargs", "authen", hiddenargs); 315 480 } 316 481 -
trunk/gsdl/src/recpt/authenaction.h
r363 r369 17 17 #include "action.h" 18 18 #include "text_t.h" 19 19 #include "receptionist.h" 20 20 21 21 // information about a single user … … 24 24 userinfo_t () {clear();} 25 25 26 enum status_t {enabled, disabled, invalid };26 enum status_t {enabled, disabled, invalid, failed, permissiondenied}; 27 27 28 28 text_t username; … … 37 37 38 38 39 // note: you need to tell this action about the receptionist 40 // using set_receptionist 41 39 42 class authenaction : public action { 40 43 protected: 41 44 text_t passwdfile; 45 text_t keyfile; 46 int keydecay; 47 42 48 userinfo_tmap userinfo; 49 50 receptionist *recpt; 43 51 44 52 public: 45 53 authenaction (); 46 54 virtual ~authenaction () {} 55 56 void set_receptionist (receptionist *therecpt) {recpt=therecpt;} 47 57 48 58 void configure (const text_t &key, const text_tarray &cfgline);
Note:
See TracChangeset
for help on using the changeset viewer.