Skip to content

Commit

Permalink
cookieauth works with static Admin.
Browse files Browse the repository at this point in the history 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2208 6c8d7289-2bf4-0310-a012-ef5d649a1542
  • Loading branch information
allo committed Jun 16, 2006
1 parent 45b39ee commit 6fe2fed
Show file tree
Hide file tree
Showing 4 changed files with 78 additions and 34 deletions.
37 changes: 20 additions & 17 deletions htroot/User.java
View file
Expand Up @@ -50,24 +50,14 @@

import de.anomic.data.userDB;
import de.anomic.http.httpHeader;
import de.anomic.kelondro.kelondroBase64Order;
import de.anomic.plasma.plasmaSwitchboard;
import de.anomic.server.serverCodings;
import de.anomic.server.serverObjects;
import de.anomic.server.serverSwitch;

public class User{

private static String getLoginToken(String cookies){
String[] cookie=cookies.split(";"); //TODO: Mozilla uses
String[] pair;
for(int i=0;i<cookie.length;i++){
pair=cookie[i].split("=");
if(pair[0].trim().equals("login")){
return pair[1].trim();
}
}
return "";
}
public static serverObjects respond(httpHeader header, serverObjects post, serverSwitch env) {
serverObjects prop = new serverObjects();
plasmaSwitchboard sb = plasmaSwitchboard.getSwitchboard();
Expand All @@ -83,7 +73,7 @@ public static serverObjects respond(httpHeader header, serverObjects post, serve
prop.put("logged-in_identified-by", 1);
//try via cookie
}else{
entry=sb.userDB.cookieAuth(getLoginToken(header.getHeaderCookies()));
entry=sb.userDB.cookieAuth(userDB.getLoginToken(header.getHeaderCookies()));
prop.put("logged-in_identified-by", 2);
//try via ip
if(entry == null){
Expand Down Expand Up @@ -117,17 +107,30 @@ public static serverObjects respond(httpHeader header, serverObjects post, serve
//TODO: this does not work for a static admin, yet.
}else if(post != null && post.containsKey("username") && post.containsKey("password")){
//entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx"));
entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"));
if(entry != null){
String username=(String)post.get("username");
String password=(String)post.get("password");

entry=sb.userDB.passwordAuth(username, password);
boolean staticAdmin = sb.getConfig("adminAccountBase64MD5", "").equals(
serverCodings.encodeMD5Hex(
kelondroBase64Order.standardCoder.encodeString(username + ":" + password)
)
);
String cookie="";
if(entry != null)
//set a random token in a cookie
String cookie=sb.userDB.getCookie(entry);
cookie=sb.userDB.getCookie(entry);
else if(staticAdmin)
cookie=sb.userDB.getAdminCookie();

if(entry != null || staticAdmin){
httpHeader outgoingHeader=new httpHeader();
outgoingHeader.setCookie("login", cookie);
prop.setOutgoingHeader(outgoingHeader);

prop.put("logged-in", 1);
prop.put("logged-in_identified-by", 1);
prop.put("logged-in_username", entry.getUserName());
prop.put("logged-in_username", username);
if(post.containsKey("returnto")){
prop.put("LOCATION", (String)post.get("returnto"));
}
Expand Down Expand Up @@ -158,7 +161,7 @@ public static serverObjects respond(httpHeader header, serverObjects post, serve
if(post!=null && post.containsKey("logout")){
prop.put("logged-in",0);
if(entry != null){
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), getLoginToken(header.getHeaderCookies())); //todo: logout cookie
entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie
}
if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
prop.put("AUTHENTICATE","admin log-in");
Expand Down
55 changes: 43 additions & 12 deletions source/de/anomic/data/userDB.java
View file
Expand Up @@ -158,8 +158,11 @@ public String addEntry(Entry entry) {
* @param auth a base64 Encoded String, which contains "username:pw".
*/
public Entry proxyAuth(String auth) {
if(auth==null)
return null;
Entry entry=null;
auth=auth.trim().substring(6);

try{
auth=kelondroBase64Order.standardCoder.decodeString(auth);
}catch(RuntimeException e){} //no valid Base64
Expand All @@ -184,19 +187,17 @@ public Entry proxyAuth(String auth) {
* @param auth the http-headerline for authorisation
*/
public boolean hasAdminRight(String auth, String ip, String cookies){
return hasAdminRight(auth);
}
public boolean hasAdminRight(String auth){
plasmaSwitchboard sb=plasmaSwitchboard.getSwitchboard();
String adminAccountBase64MD5 = sb.getConfig("adminAccountBase64MD5", "");
userDB.Entry entry = sb.userDB.proxyAuth(auth);
if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) {
Entry entry=proxyAuth(auth);
if(entry != null && entry.hasAdminRight())
return true;
} else if(entry != null && entry.hasAdminRight()){
entry=cookieAuth(cookies);
if(entry != null && entry.hasAdminRight())
return true;
if(cookieAdminAuth(cookies))
return true;
}
return false;
}

/*
* use a ProxyAuth String to authenticate a user and save the ip/username for ipAuth
* @param auth a base64 Encoded String, which contains "username:pw".
Expand Down Expand Up @@ -262,16 +263,45 @@ public Entry md5Auth(String user, String md5){
return entry;
}
public Entry cookieAuth(String cookieString){
if(cookieUsers.containsKey(cookieString))
return (Entry) cookieUsers.get(cookieString);
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
if(entry instanceof Entry) //String would mean static Admin
return (Entry)entry;
}
return null;
}
public boolean cookieAdminAuth(String cookieString){
if(cookieUsers.containsKey(cookieString)){
Object entry=cookieUsers.get(cookieString);
if(entry instanceof String && entry.equals("admin"))
return true;
}
return false;
}
public String getCookie(Entry entry){
Random r = new Random();
String token = Long.toString(Math.abs(r.nextLong()), 36);
cookieUsers.put(token, entry);
return token;
}
public String getAdminCookie(){
Random r = new Random();
String token = Long.toString(Math.abs(r.nextLong()), 36);
cookieUsers.put(token, "admin");
return token;
}

public static String getLoginToken(String cookies){
String[] cookie=cookies.split(";"); //TODO: Mozilla uses "; "
String[] pair;
for(int i=0;i<cookie.length;i++){
pair=cookie[i].split("=");
if(pair[0].trim().equals("login")){
return pair[1].trim();
}
}
return "";
}

public class Entry {
public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd";
Expand Down Expand Up @@ -529,7 +559,8 @@ public Iterator iterator(boolean up) {
return new HashSet().iterator();
}
}



public class userIterator implements Iterator {
// the iterator iterates all userNames
kelondroDyn.dynKeyIterator userIter;
Expand Down
2 changes: 1 addition & 1 deletion source/de/anomic/http/httpdFileHandler.java
View file
Expand Up @@ -318,7 +318,7 @@ public void doResponse(Properties conProp, httpHeader requestHeader, OutputStrea

if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
if( (authorization != null && sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))){
if( (authorization != null && (sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))|| sb.staticAdminAuthenticated(authorization)==4)){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
}else if (authorization == null) {
Expand Down
18 changes: 14 additions & 4 deletions source/de/anomic/plasma/plasmaSwitchboard.java
View file
Expand Up @@ -2021,14 +2021,24 @@ public int removeReferences(final String urlhash, final Iterator wordStatPropIte
}

public int adminAuthenticated(httpHeader header) {

String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
String authorization = ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).trim().substring(6);
int result=0; //wrong pw
int tmp=0;
if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) result = 3; // soft-authenticated for localhost
if (userDB.hasAdminRight((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx"), ((String) header.get("CLIENTIP", "")), header.getHeaderCookies())) return 4; //return, because 4=max
tmp=staticAdminAuthenticated(authorization);
if(tmp>result) result=tmp;
return result;
}
public int staticAdminAuthenticated(String authorization){
if(authorization==null) return 1;
if (authorization.length() == 0) return 1; // no authentication information given
if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) return 3; // soft-authenticated for localhost
String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok
if (userDB.hasAdminRight((String)header.get(httpHeader.AUTHORIZATION, "xxxxxx"))) return 4;
return 0; // wrong password
return 0;
}

public boolean verifyAuthentication(httpHeader header, boolean strict) {
Expand Down

0 comments on commit 6fe2fed

Please sign in to comment.