Skip to content

Commit

Permalink
- added full-String search function: find things that match exactly w…
Browse files Browse the repository at this point in the history 
…hat is quoted in the query

- re-structuring authentification methods to fix a problem with API steering

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@7697 6c8d7289-2bf4-0310-a012-ef5d649a1542
  • Loading branch information
orbiter committed May 5, 2011
1 parent 8e10b82 commit 6e42d4d
Show file tree
Hide file tree
Showing 15 changed files with 160 additions and 100 deletions.
14 changes: 7 additions & 7 deletions htroot/ConfigAccounts_p.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,8 @@

import de.anomic.data.UserDB;
import de.anomic.data.UserDB.AccessRight;
import de.anomic.http.server.HTTPDemon;
import de.anomic.search.Switchboard;
import de.anomic.search.SwitchboardConstants;
import de.anomic.server.serverObjects;
import de.anomic.server.serverSwitch;
import java.util.EnumMap;
Expand All @@ -65,7 +65,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
// may be overwritten if new password is given
if (user.length() > 0 && pw1.length() > 3 && pw1.equals(pw2)) {
// check passed. set account:
env.setConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig("adminAccount", "");
}

Expand All @@ -74,21 +74,21 @@ public static serverObjects respond(final RequestHeader header, final serverObje
sb.setConfig("adminAccountForLocalhost", true);
// if an localhost access is configured, check if a local password is given
// if not, set a random password
if (env.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").length() == 0) {
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() == 0) {
// make a 'random' password
env.setConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "0000" + sb.genRandomPassword());
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + sb.genRandomPassword());
env.setConfig("adminAccount", "");
}
} else {
sb.setConfig("adminAccountForLocalhost", false);
if (env.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000")) {
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000")) {
// make shure that the user can still use the interface after a random password was set
env.setConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "");
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
}
}
}

if (env.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").length() == 0 && !env.getConfigBool("adminAccountForLocalhost", false)) {
if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() == 0 && !env.getConfigBool("adminAccountForLocalhost", false)) {
prop.put("passwordNotSetWarning", 1);
}

Expand Down
3 changes: 1 addition & 2 deletions htroot/ConfigBasic.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,6 @@

import de.anomic.data.WorkTables;
import de.anomic.data.Translator;
import de.anomic.http.server.HTTPDemon;
import de.anomic.http.server.HTTPDFileHandler;
import de.anomic.net.UPnP;
import de.anomic.search.Switchboard;
Expand Down Expand Up @@ -218,7 +217,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
prop.put("setUseCase_repositoryPath", sb.getConfig("repositoryPath", "/DATA/HTROOT/repository"));

// check if values are proper
final boolean properPassword = (sb.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool("adminAccountForLocalhost", false);
final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool("adminAccountForLocalhost", false);
final boolean properName = (sb.peers.mySeed().getName().length() >= 3) && (!(yacySeed.isDefaultPeerName(sb.peers.mySeed().getName())));
final boolean properPort = (sb.peers.mySeed().isSenior()) || (sb.peers.mySeed().isPrincipal());

Expand Down
3 changes: 2 additions & 1 deletion htroot/SettingsAck_p.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
import de.anomic.http.server.HTTPDemon;
import de.anomic.http.server.HTTPDProxyHandler;
import de.anomic.search.Switchboard;
import de.anomic.search.SwitchboardConstants;
import de.anomic.server.serverCore;
import de.anomic.server.serverObjects;
import de.anomic.server.serverSwitch;
Expand Down Expand Up @@ -92,7 +93,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
return prop;
}
// check passed. set account:
env.setConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1)));
env.setConfig("adminAccount", "");
prop.put("info", "5");//admin account changed
prop.putHTML("info_user", user);
Expand Down
3 changes: 1 addition & 2 deletions htroot/Status.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,6 @@
import net.yacy.kelondro.util.OS;
import net.yacy.kelondro.workflow.WorkflowProcessor;

import de.anomic.http.server.HTTPDemon;
import de.anomic.search.Switchboard;
import de.anomic.search.SwitchboardConstants;
import de.anomic.server.serverCore;
Expand Down Expand Up @@ -125,7 +124,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
}

// password protection
if ((sb.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").length() == 0) && (!sb.getConfigBool("adminAccountForLocalhost", false))) {
if ((sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() == 0) && (!sb.getConfigBool("adminAccountForLocalhost", false))) {
prop.put("protection", "0"); // not protected
prop.put("urgentSetPassword", "1");
} else {
Expand Down
4 changes: 2 additions & 2 deletions htroot/User.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,8 @@
import net.yacy.kelondro.order.Digest;

import de.anomic.data.UserDB;
import de.anomic.http.server.HTTPDemon;
import de.anomic.search.Switchboard;
import de.anomic.search.SwitchboardConstants;
import de.anomic.server.serverObjects;
import de.anomic.server.serverSwitch;
import de.anomic.server.servletProperties;
Expand Down Expand Up @@ -95,7 +95,7 @@ public static servletProperties respond(final RequestHeader requestHeader, final
final String password=post.get("password");

entry=sb.userDB.passwordAuth(username, password);
final boolean staticAdmin = sb.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "").equals(
final boolean staticAdmin = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").equals(
Digest.encodeMD5Hex(
Base64Order.standardCoder.encodeString(username + ":" + password)
)
Expand Down
6 changes: 5 additions & 1 deletion htroot/yacy/search.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import java.util.Map;
import java.util.TreeMap;
import java.util.TreeSet;
import java.util.regex.Pattern;

import net.yacy.cora.document.RSSMessage;
import net.yacy.cora.document.UTF8;
Expand Down Expand Up @@ -102,6 +103,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
final String prefer = post.get("prefer", "");
final String contentdom = post.get("contentdom", "text");
final String filter = post.get("filter", ".*");
final Pattern snippetPattern = Pattern.compile(post.get("snippet", ".*"));
String sitehash = post.get("sitehash", ""); if (sitehash.length() == 0) sitehash = null;
String authorhash = post.get("authorhash", ""); if (authorhash.length() == 0) authorhash = null;
String language = post.get("language", "");
Expand Down Expand Up @@ -214,6 +216,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
abstractSet,
new HandleSet(WordReferenceRow.urlEntryRow.primaryKeyLength, WordReferenceRow.urlEntryRow.objectOrder, 0),
null,
snippetPattern,
null,
maxdist,
prefer,
Expand Down Expand Up @@ -272,7 +275,8 @@ public static serverObjects respond(final RequestHeader header, final serverObje
null,
queryhashes,
excludehashes,
null,
null,
snippetPattern,
null,
maxdist,
prefer,
Expand Down
4 changes: 3 additions & 1 deletion htroot/yacysearch.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -531,7 +531,8 @@ public static serverObjects respond(final RequestHeader header, final serverObje

// do the search
final HandleSet queryHashes = Word.words2hashesHandles(query[0]);

final Pattern snippetPattern = QueryParams.stringSearchPattern(originalquerystring);

// check filters
try {
Pattern.compile(urlmask);
Expand All @@ -556,6 +557,7 @@ public static serverObjects respond(final RequestHeader header, final serverObje
queryHashes,
Word.words2hashesHandles(query[1]),
Word.words2hashesHandles(query[2]),
snippetPattern,
tenant,
maxDistance,
prefermask,
Expand Down
106 changes: 59 additions & 47 deletions source/de/anomic/http/server/HTTPDFileHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,7 @@ public static java.util.Hashtable respond(java.util.HashMap, serverSwitch)
import net.yacy.document.parser.html.ScraperInputStream;
import net.yacy.kelondro.data.meta.DigestURI;
import net.yacy.kelondro.logging.Log;
import net.yacy.kelondro.order.Digest;
import net.yacy.kelondro.util.ByteBuffer;
import net.yacy.kelondro.util.FileUtils;
import net.yacy.kelondro.util.MemoryControl;
Expand Down Expand Up @@ -276,10 +277,6 @@ public static void doResponse(final Properties conProp, final RequestHeader requ
return;
}

// check permission/granted access
String authorization = requestHeader.get(RequestHeader.AUTHORIZATION);
if (authorization != null && authorization.length() == 0) authorization = null;
final String adminAccountBase64MD5 = switchboard.getConfig(HTTPDemon.ADMIN_ACCOUNT_B64MD5, "");

// cache settings
boolean nocache = path.contains("?") || body != null;
Expand All @@ -297,47 +294,62 @@ public static void doResponse(final Properties conProp, final RequestHeader requ
path = "/api/bookmarks/" + path.substring(11);
}

final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false);
final String refererHost = requestHeader.refererHost();
boolean accessFromLocalhost = Domains.isLocalhost(clientIP) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost;
// these are the 5 cases where an access granted:
// (the alternative is that we deliver a 401 to request authorization)

// -1- the page is not protected; or
final boolean protectedPage = path.indexOf("_p.") > 0;
final boolean accountEmpty = adminAccountBase64MD5.length() == 0;
final boolean softauth = accessFromLocalhost && authorization != null && authorization.length() > 6 && (adminAccountBase64MD5.equals(authorization.substring(6)));

if (protectedPage && !softauth && ((!grantedForLocalhost && !accountEmpty) || requestHeader.userAgent().startsWith("yacybot"))) {
// authentication required
if (authorization == null) {
// no authorization given in response. Ask for that
final ResponseHeader responseHeader = getDefaultHeaders(path);
responseHeader.put(RequestHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
//httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
final servletProperties tp=new servletProperties();
tp.put("returnto", path);
//TODO: separate error page Wrong Login / No Login
HTTPDemon.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, responseHeader);
return;
} else if (
(HTTPDemon.staticAdminAuthenticated(authorization.trim().substring(6), switchboard) == 4) ||
(sb.userDB.hasAdminRight(authorization, requestHeader.getHeaderCookies()))) {
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty(HeaderFramework.CONNECTION_PROP_CLIENTIP));
} else {
// a wrong authentication was given or the userDB user does not have admin access. Ask again
Log.logInfo("HTTPD", "Wrong log-in for account 'admin' in http file handler for path '" + path + "' from host '" + clientIP + "'");
final Integer attempts = serverCore.bfHost.get(clientIP);
if (attempts == null)
serverCore.bfHost.put(clientIP, Integer.valueOf(1));
else
serverCore.bfHost.put(clientIP, Integer.valueOf(attempts.intValue() + 1));

final ResponseHeader headers = getDefaultHeaders(path);
headers.put(RequestHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
HTTPDemon.sendRespondHeader(conProp,out,httpVersion,401,headers);
return;
}
boolean accessGranted = !protectedPage;

// -2- a password is not configured; or
final String adminAccountBase64MD5 = switchboard.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "");
if (!accessGranted) {
accessGranted = adminAccountBase64MD5.length() == 0;
}


// -3- access from localhost is granted and access comes from localhost; or
final String refererHost = requestHeader.refererHost();
if (!accessGranted) {
final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false);
boolean accessFromLocalhost = Domains.isLocalhost(clientIP) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
accessGranted = adminAccountForLocalhost && accessFromLocalhost;
}

// -4- a password is configured and access comes from localhost
// and the realm-value of a http-authentify String is equal to the stored base64MD5; or
String realmProp = requestHeader.get(RequestHeader.AUTHORIZATION);
if (realmProp != null && realmProp.length() == 0) realmProp = null;
String realmValue = realmProp == null ? null : realmProp.substring(6);
if (!accessGranted) {
boolean accessFromLocalhost = Domains.isLocalhost(clientIP) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
accessGranted = accessFromLocalhost && realmValue != null && realmProp.length() > 6 && (adminAccountBase64MD5.equals(realmValue));
}

// -5- a password is configured and access comes with matching http-authentify
if (!accessGranted) {
accessGranted = realmProp != null && realmValue != null && (sb.userDB.hasAdminRight(realmProp, requestHeader.getHeaderCookies()) || adminAccountBase64MD5.equals(Digest.encodeMD5Hex(realmValue)));
}

// in case that we are still not granted we ask for a password
if (!accessGranted) {
Log.logInfo("HTTPD", "Wrong log-in for path '" + path + "' from host '" + clientIP + "'");
final Integer attempts = serverCore.bfHost.get(clientIP);
if (attempts == null)
serverCore.bfHost.put(clientIP, Integer.valueOf(1));
else
serverCore.bfHost.put(clientIP, Integer.valueOf(attempts.intValue() + 1));

final ResponseHeader responseHeader = getDefaultHeaders(path);
responseHeader.put(RequestHeader.WWW_AUTHENTICATE,"Basic realm=\"admin log-in\"");
final servletProperties tp=new servletProperties();
tp.put("returnto", path);
HTTPDemon.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, responseHeader);
return;
}

// Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty(HeaderFramework.CONNECTION_PROP_CLIENTIP));

// parse arguments
serverObjects args = new serverObjects();
int argc = 0;
Expand Down Expand Up @@ -818,7 +830,7 @@ public static void doResponse(final Properties conProp, final RequestHeader requ
// check if the servlets requests authentication
if (templatePatterns.containsKey(servletProperties.ACTION_AUTHENTICATE)) {
// handle brute-force protection
if (authorization != null) {
if (realmProp != null) {
Log.logInfo("HTTPD", "dynamic log-in for account 'admin' in http file handler for path '" + path + "' from host '" + clientIP + "'");
final Integer attempts = serverCore.bfHost.get(clientIP);
if (attempts == null)
Expand Down Expand Up @@ -948,7 +960,7 @@ public static void doResponse(final Properties conProp, final RequestHeader requ
null, "chunked", nocache);
// send the content in chunked parts, see RFC 2616 section 3.6.1
final ChunkedOutputStream chos = new ChunkedOutputStream(out);
ServerSideIncludes.writeSSI(o, chos, authorization, clientIP);
ServerSideIncludes.writeSSI(o, chos, realmProp, clientIP);
//chos.write(result);
chos.finish();
} else {
Expand All @@ -962,14 +974,14 @@ public static void doResponse(final Properties conProp, final RequestHeader requ

if (zipContent) {
GZIPOutputStream zippedOut = new GZIPOutputStream(o);
ServerSideIncludes.writeSSI(o1, zippedOut, authorization, clientIP);
ServerSideIncludes.writeSSI(o1, zippedOut, realmProp, clientIP);
//httpTemplate.writeTemplate(fis, zippedOut, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
zippedOut.finish();
zippedOut.flush();
zippedOut.close();
zippedOut = null;
} else {
ServerSideIncludes.writeSSI(o1, o, authorization, clientIP);
ServerSideIncludes.writeSSI(o1, o, realmProp, clientIP);
//httpTemplate.writeTemplate(fis, o, tp, "-UNRESOLVED_PATTERN-".getBytes("UTF-8"));
}
if (method.equals(HeaderFramework.METHOD_HEAD)) {
Expand Down
Loading

0 comments on commit 6e42d4d

Please sign in to comment.