From 169e0e9baadd9823db97c18c8825d917a40a22e9 Mon Sep 17 00:00:00 2001 From: Fred Gleason Date: Thu, 29 Oct 2020 16:05:09 -0400 Subject: [PATCH] 2020-10-29 Fred Gleason * Added an 'RDFormPost::authenticate()' method. Signed-off-by: Fred Gleason --- ChangeLog | 2 ++ lib/rdformpost.cpp | 73 +++++++++++++++++++++++++++++++++++++++++ lib/rdformpost.h | 2 ++ web/rdxport/rdxport.cpp | 65 +++--------------------------------- 4 files changed, 82 insertions(+), 60 deletions(-) diff --git a/ChangeLog b/ChangeLog index f8be6894..0cd3291b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -20512,3 +20512,5 @@ the system shell. 2020-10-27 Fred Gleason * Removed the runuser(1) dependency. +2020-10-29 Fred Gleason + * Added an 'RDFormPost::authenticate()' method. diff --git a/lib/rdformpost.cpp b/lib/rdformpost.cpp index d1369e6a..098c99f9 100644 --- a/lib/rdformpost.cpp +++ b/lib/rdformpost.cpp @@ -25,8 +25,10 @@ #include #include +#include "rdapplication.h" #include "rdconf.h" #include "rddatetime.h" +#include "rdescape_string.h" #include "rdweb.h" #include @@ -317,6 +319,77 @@ bool RDFormPost::isFile(const QString &name) } +bool RDFormPost::authenticate(bool *used_ticket) +{ + QString ticket; + QString sql; + RDSqlQuery *q; + QString name; + QString passwd; + + // + // First, attempt ticket authentication + // + if(used_ticket!=NULL) { + *used_ticket=false; + } + if(getValue("TICKET",&ticket)) { + sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+ + "(TICKET=\""+RDEscapeString(ticket)+"\")&&"+ + "(IPV4_ADDRESS=\""+clientAddress().toString()+"\")&&"+ + "(EXPIRATION_DATETIME>now())"; + q=new RDSqlQuery(sql); + if(q->first()) { + rda->user()->setName(q->value(0).toString()); + delete q; + if(used_ticket!=NULL) { + *used_ticket=true; + } + return true; + } + delete q; + } + + // + // Next, check the whitelist + // + if(!getValue("LOGIN_NAME",&name)) { + rda->logAuthenticationFailure(clientAddress()); + return false; + } + if(!getValue("PASSWORD",&passwd)) { + rda->logAuthenticationFailure(clientAddress(),name); + return false; + } + rda->user()->setName(name); + if(!rda->user()->exists()) { + rda->logAuthenticationFailure(clientAddress(),name); + return false; + } + if((clientAddress().toIPv4Address()>>24)==127) { // Localhost + return true; + } + sql=QString("select NAME from STATIONS where ")+ + "IPV4_ADDRESS=\""+clientAddress().toString()+"\""; + q=new RDSqlQuery(sql); + if(q->first()) { + delete q; + return true; + } + delete q; + + // + // Finally, try password + // + if(!rda->user()->checkPassword(passwd,false)) { + rda->logAuthenticationFailure(clientAddress(),name); + return false; + } + + return true; +} + + QString RDFormPost::tempDir() const { return post_tempdir->path(); diff --git a/lib/rdformpost.h b/lib/rdformpost.h index 8e650118..b8ffcd68 100644 --- a/lib/rdformpost.h +++ b/lib/rdformpost.h @@ -28,6 +28,7 @@ #include #include +#include #include class RDFormPost @@ -53,6 +54,7 @@ class RDFormPost bool getValue(const QString &name,QTime *time,bool *ok=NULL); bool getValue(const QString &name,bool *state,bool *ok=NULL); bool isFile(const QString &name); + bool authenticate(bool *used_ticket=NULL); QString tempDir() const; unsigned headerContentLength() const; QString headerContentType() const; diff --git a/web/rdxport/rdxport.cpp b/web/rdxport/rdxport.cpp index e1a4df46..e4b35cab 100644 --- a/web/rdxport/rdxport.cpp +++ b/web/rdxport/rdxport.cpp @@ -389,69 +389,14 @@ void Xport::ripcConnectedData(bool state) bool Xport::Authenticate() { - QString ticket; - QString sql; - RDSqlQuery *q; - QString name; - QString passwd; + bool used_ticket=false; + bool ok=xport_post->authenticate(&used_ticket); - // - // First, attempt ticket authentication - // - if(xport_post->getValue("TICKET",&ticket)) { - sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+ - "(TICKET=\""+RDEscapeString(ticket)+"\")&&"+ - "(IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\")&&"+ - "(EXPIRATION_DATETIME>now())"; - q=new RDSqlQuery(sql); - if(q->first()) { - rda->user()->setName(q->value(0).toString()); - delete q; - return true; - } - delete q; + if(ok&&(!used_ticket)) { + TryCreateTicket(rda->user()->name()); } - // - // Next, check the whitelist - // - if(!xport_post->getValue("LOGIN_NAME",&name)) { - rda->logAuthenticationFailure(xport_post->clientAddress()); - return false; - } - if(!xport_post->getValue("PASSWORD",&passwd)) { - rda->logAuthenticationFailure(xport_post->clientAddress(),name); - return false; - } - rda->user()->setName(name); - if(!rda->user()->exists()) { - rda->logAuthenticationFailure(xport_post->clientAddress(),name); - return false; - } - if((xport_post->clientAddress().toIPv4Address()>>24)==127) { // Localhost - TryCreateTicket(name); - return true; - } - sql=QString("select NAME from STATIONS where ")+ - "IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\""; - q=new RDSqlQuery(sql); - if(q->first()) { - delete q; - TryCreateTicket(name); - return true; - } - delete q; - - // - // Finally, try password - // - if(!rda->user()->checkPassword(passwd,false)) { - rda->logAuthenticationFailure(xport_post->clientAddress(),name); - return false; - } - TryCreateTicket(name); - - return true; + return ok; }