Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-09-18 17:20:57 +02:00
Code Issues Projects Releases Wiki Activity

2020-10-29 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Added an 'RDFormPost::authenticate()' method.

Signed-off-by: Fred Gleason <fredg@paravelsystems.com>
This commit is contained in:
Fred Gleason 2020-10-29 16:05:09 -04:00
parent 7daa4fc419
commit 169e0e9baa
4 changed files with 82 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -20512,3 +20512,5 @@
the system shell. the system shell.
2020-10-27 Fred Gleason <fredg@paravelsystems.com> 2020-10-27 Fred Gleason <fredg@paravelsystems.com>
* Removed the runuser(1) dependency. * Removed the runuser(1) dependency.
2020-10-29 Fred Gleason <fredg@paravelsystems.com>
* Added an 'RDFormPost::authenticate()' method.

73
lib/rdformpost.cpp
View File

@ -25,8 +25,10 @@
#include <fcntl.h> #include <fcntl.h>
#include <unistd.h> #include <unistd.h>
#include "rdapplication.h"
#include "rdconf.h" #include "rdconf.h"
#include "rddatetime.h" #include "rddatetime.h"
#include "rdescape_string.h"
#include "rdweb.h" #include "rdweb.h"
#include <rdformpost.h> #include <rdformpost.h>
@ -317,6 +319,77 @@ bool RDFormPost::isFile(const QString &name)
} }
bool RDFormPost::authenticate(bool *used_ticket)
{
QString ticket;
QString sql;
RDSqlQuery *q;
QString name;
QString passwd;
//
// First, attempt ticket authentication
//
if(used_ticket!=NULL) {
*used_ticket=false;
}
if(getValue("TICKET",&ticket)) {
sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
"(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
"(IPV4_ADDRESS=\""+clientAddress().toString()+"\")&&"+
"(EXPIRATION_DATETIME>now())";
q=new RDSqlQuery(sql);
if(q->first()) {
rda->user()->setName(q->value(0).toString());
delete q;
if(used_ticket!=NULL) {
*used_ticket=true;
}
return true;
}
delete q;
}
//
// Next, check the whitelist
//
if(!getValue("LOGIN_NAME",&name)) {
rda->logAuthenticationFailure(clientAddress());
return false;
}
if(!getValue("PASSWORD",&passwd)) {
rda->logAuthenticationFailure(clientAddress(),name);
return false;
}
rda->user()->setName(name);
if(!rda->user()->exists()) {
rda->logAuthenticationFailure(clientAddress(),name);
return false;
}
if((clientAddress().toIPv4Address()>>24)==127) { // Localhost
return true;
}
sql=QString("select NAME from STATIONS where ")+
"IPV4_ADDRESS=\""+clientAddress().toString()+"\"";
q=new RDSqlQuery(sql);
if(q->first()) {
delete q;
return true;
}
delete q;
//
// Finally, try password
//
if(!rda->user()->checkPassword(passwd,false)) {
rda->logAuthenticationFailure(clientAddress(),name);
return false;
}
return true;
}
QString RDFormPost::tempDir() const QString RDFormPost::tempDir() const
{ {
return post_tempdir->path(); return post_tempdir->path();

2
lib/rdformpost.h
View File

@ -28,6 +28,7 @@
#include <QVariant> #include <QVariant>
#include <QHostAddress> #include <QHostAddress>
#include <rdconfig.h>
#include <rdtempdirectory.h> #include <rdtempdirectory.h>
class RDFormPost class RDFormPost
@ -53,6 +54,7 @@ class RDFormPost
bool getValue(const QString &name,QTime *time,bool *ok=NULL); bool getValue(const QString &name,QTime *time,bool *ok=NULL);
bool getValue(const QString &name,bool *state,bool *ok=NULL); bool getValue(const QString &name,bool *state,bool *ok=NULL);
bool isFile(const QString &name); bool isFile(const QString &name);
bool authenticate(bool *used_ticket=NULL);
QString tempDir() const; QString tempDir() const;
unsigned headerContentLength() const; unsigned headerContentLength() const;
QString headerContentType() const; QString headerContentType() const;

65
web/rdxport/rdxport.cpp
View File

@ -389,69 +389,14 @@ void Xport::ripcConnectedData(bool state)
bool Xport::Authenticate() bool Xport::Authenticate()
{ {
QString ticket; bool used_ticket=false;
QString sql; bool ok=xport_post->authenticate(&used_ticket);
RDSqlQuery *q;
QString name;
QString passwd;
// if(ok&&(!used_ticket)) {
// First, attempt ticket authentication TryCreateTicket(rda->user()->name());
//
if(xport_post->getValue("TICKET",&ticket)) {
sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
"(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
"(IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\")&&"+
"(EXPIRATION_DATETIME>now())";
q=new RDSqlQuery(sql);
if(q->first()) {
rda->user()->setName(q->value(0).toString());
delete q;
return true;
}
delete q;
} }
// return ok;
// Next, check the whitelist
//
if(!xport_post->getValue("LOGIN_NAME",&name)) {
rda->logAuthenticationFailure(xport_post->clientAddress());
return false;
}
if(!xport_post->getValue("PASSWORD",&passwd)) {
rda->logAuthenticationFailure(xport_post->clientAddress(),name);
return false;
}
rda->user()->setName(name);
if(!rda->user()->exists()) {
rda->logAuthenticationFailure(xport_post->clientAddress(),name);
return false;
}
if((xport_post->clientAddress().toIPv4Address()>>24)==127) { // Localhost
TryCreateTicket(name);
return true;
}
sql=QString("select NAME from STATIONS where ")+
"IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\"";
q=new RDSqlQuery(sql);
if(q->first()) {
delete q;
TryCreateTicket(name);
return true;
}
delete q;
//
// Finally, try password
//
if(!rda->user()->checkPassword(passwd,false)) {
rda->logAuthenticationFailure(xport_post->clientAddress(),name);
return false;
}
TryCreateTicket(name);
return true;
} }