Changeset 369 for trunk/gsdl/src/recpt/authenaction.cpp

Timestamp:

1999-07-11T22:47:32+12:00 (25 years ago)

Author:

rjmcnab

Message:

Got something basic working.

File:

• trunk/gsdl/src/recpt/authenaction.cpp (modified) (8 diffs)

trunk/gsdl/src/recpt/authenaction.cpp

@@ -12 +12 @@
 /*
    $Log$
+   Revision 1.2  1999/07/11 10:47:32  rjmcnab
+   Got something basic working.
+
    Revision 1.1  1999/07/10 22:19:29  rjmcnab
    Initial revision.
@@ -23 +26 @@
 #include "cfgread.h"
 #include "cgiutils.h"
+#include "infodbclass.h"
+#include "gsdltimes.h"
 
 
@@ -89 +94 @@
 }
 
-static text_t generate_key (const text_t &/*username*/) {
-  return "key";
+// returns true if the key is still valid for this user,
+// and false otherwise
+static bool check_key (const text_t &keyfile, const userinfo_t &thisuser,
+               const text_t &key, const text_t &group, int keydecay,
+               ostream &logout) {
+  outconvertclass text_t2ascii;
+
+  if (keyfile.empty() || thisuser.username.empty() ||
+      key.empty()) return false;
+
+  // the keydecay is set to 1/2 minute for things requiring the
+  // administrator
+  if (group == "administrator") keydecay = 30;
+  
+  // open the key database
+  gdbmclass keydb;
+  if (!keydb.opendatabase (keyfile, GDBM_WRCREAT, 1000)) {
+    logout << text_t2ascii << "Error: write open failed for key database \""
+       << keyfile << "\"\n";
+    return false; // failed
+  }
+
+  // success if there is a key in the key database that is owned by this
+  // user whose creation time is less that keydecay
+  infodbclass info;
+  bool success = false;
+  if (keydb.getinfo (key, info))  {
+    if (info["user"] == thisuser.username) {
+      time_t keycreation = text2time (info["time"]);
+      if (keycreation == (time_t)-1) {
+    logout << text_t2ascii << "Error: failed to convert an authentication "
+      "key into its equivalent time_t. Time text was \"" << info["time"]
+           << "\" for key \"" << key << "\"\n";
+
+      } else if (difftime (time(NULL), keycreation) <= keydecay) {
+    // succeeded, update the key's time
+    success = true;
+    info["time"] = time2text(time(NULL));
+    if (!keydb.setinfo (key, info)) {
+      logout << text_t2ascii << "Error: setinfo failed for key database \""
+         << keyfile << "\"\n";
+    }
+      }
+    }
+  }
+
+  // close the database
+  keydb.closedatabase();
+
+  return success;
+}
+
+
+static text_t generate_key (const text_t &keyfile, const text_t &username,
+                ostream &logout) {
+  static const char *numconvert = "0123456789abcdefghijklmnopqrstuvwxyz"
+    "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
+  outconvertclass text_t2ascii;
+  
+  // open the key database
+  gdbmclass keydb;
+  if (!keydb.opendatabase (keyfile, GDBM_WRCREAT, 1000)) {
+    logout << text_t2ascii << "Error: write open failed for key database \""
+       << keyfile << "\"\n";
+    return ""; // failed
+  }
+
+  // loop looking for a suitable new key
+  text_t userkey;
+  do {
+    int userkey_int = rand ();
+    while (userkey_int > 0) {
+      userkey.push_back (numconvert[userkey_int%62]);
+      userkey_int /= 62;
+    }
+
+    // make sure this key is not in the database
+    if (keydb.exists (userkey)) userkey.clear();
+  } while (userkey.empty());
+
+  // enter the key into the database
+  infodbclass keydata;
+  keydata["user"] = username;
+  keydata["time"] = time2text(time(NULL));
+  
+  if (!keydb.setinfo (userkey, keydata)) {
+    logout << text_t2ascii << "Error: setinfo failed for key database \""
+       << keyfile << "\"\n";
+    userkey.clear(); // failed
+  }
+  
+  // close the database
+  keydb.closedatabase();
+  
+  return userkey;
 }
 
@@ -113 +211 @@
 
 authenaction::authenaction () {
+  keydecay = 600; // 10 minutes
+  recpt = NULL;
+
   // this action uses cgi variable "a"
   cgiarginfo arg_ainfo;
@@ -201 +302 @@
   if (cfgline.size() == 1) {
     if (key == "passwdfile") passwdfile = cfgline[0];
-    else if (key == "gsdlhome" && passwdfile.empty()) {
-      passwdfile = filename_cat (cfgline[0], "etc", "passwd");
+    else if (key == "keyfile") keyfile = cfgline[0];
+    else if (key == "keydecay") keydecay = cfgline[0].getint();
+    else if (key == "gsdlhome") {
+      if (passwdfile.empty())
+    passwdfile = filename_cat (cfgline[0], "etc", "passwd");
+      if (keyfile.empty())
+    keyfile = filename_cat (cfgline[0], "etc", "key.db");
     }
   }
@@ -256 +362 @@
     if (!args_pw.empty()) {
       // we are authenticating using a password
-      if (check_passwd (thisuser, args_pw))
+      if (check_passwd (thisuser, args_pw)) {
     args_ua = "1"; // succeeded
+      }
       
     } else if (!args_ky.empty()) {
       // we are authenticating using a key
-      args_ua = "1"; // succeeded !!!!!!!!!!!!!!!!!!!
+      if (check_key (keyfile, thisuser, args_ky, args_ug, keydecay, logout))
+    args_ua = "1";
+      else args_us = "stalekey";
     }
   }
@@ -269 +378 @@
   if (!args_ua.empty()) {
     if (thisuser.status==userinfo_t::enabled) {
-      // succeeded, get info about this user
-      args_us = "enabled";
-      args_ug = thisuser.groups;
-      args_ky = generate_key (args_un); // new key
+      // check to make sure the user is in the required group
+      if (!args_ug.empty()) {
+    thisuser.status = userinfo_t::permissiondenied;
+    text_t::const_iterator group_here = thisuser.groups.begin();
+    text_t::const_iterator group_end = thisuser.groups.end();
+    text_t thisgroup;
+    while (group_here != group_end) {
+      group_here = getdelimitstr (group_here, group_end, ',', thisgroup);
+      if (thisgroup == args_ug) {
+        thisuser.status = userinfo_t::enabled;
+        break;
+      }
+    }
+      }
+
+      if (thisuser.status==userinfo_t::enabled) {
+    // succeeded, get info about this user
+    // note: we don't need to set "ug" as it is already set to
+    // what it needs to be
+    args_us = "enabled";
+    args_ky = generate_key (keyfile, args_un, logout); // new key
+    
+      } else {
+    // succeeded, however, the user is not in the correct group
+    args_ua.clear();
+    args_us = "permissiondenied";
+    args_ug.clear();
+    args_ky.clear();
+    
+      }
     } else {
       // succeeded, however, the account is disabled
@@ -311 +446 @@
                       recptproto */*collectproto*/, ostream &/*logout*/) {
   // sets _authen:messageextra_ based on the value of args["us"]
+  //      _authen:hiddenargs_   to contain all the arguments that were
+  //                            explicitly set
   disp.setmacro ("messagestatus", "authen", ("_authen:message" + args["us"]
-                         + "_")); 
+                         + "_"));
+
+  // get a list of saved configuration arguments (if possible)
+  text_t saveconf;
+  text_tset saveconfset;
+  if (recpt != NULL) {
+    saveconf = recpt->get_configinfo().saveconf;
+    splitchar (saveconf.begin(), saveconf.end(), '-', saveconfset);
+  }
+  
+  text_t hiddenargs;
+  cgiargsclass::const_iterator args_here = args.begin();
+  cgiargsclass::const_iterator args_end = args.end();
+  while (args_here != args_end) {
+    // set this as a hidden argument if it came from the cgi arguments,
+    // its not the compressed arguments, the query string, a user name or
+    // password, and if it is not in the compressed arguments
+    if ((*args_here).second.source == cgiarg_t::cgi_arg &&
+    (*args_here).first != "e" && (*args_here).first != "q" &&
+    (*args_here).first != "un" && (*args_here).first != "pw" &&
+    saveconfset.find((*args_here).first) == saveconfset.end()) {
+      hiddenargs += "<input type=hidden name=\"" + (*args_here).first +
+    "\" value=\"_cgiarg" + (*args_here).first + "_\">\n";
+    }
+    
+    args_here++;
+  }
+
+  disp.setmacro ("hiddenargs", "authen", hiddenargs);
 }