Autres/Rivendellaudio
1
0
Fork 0
mirror of https://github.com/ElvishArtisan/rivendell.git synced 2025-11-26 23:30:20 +01:00
Code Issues Projects Releases Wiki Activity

2017-04-03 Fred Gleason <fredg@paravelsystems.com>

Browse Source 
* Added a 'USERS.LOCAL_AUTH' field to the database.
	* Added a 'USERS.PAM_SERVICE' field to the database.
	* Added an index on 'STATIONS.IPV4_ADDRESS' to the database.
	* Incremented the database version to 262.
	* Added 'RDUser::localAuthentication()',
	'RDUser::setLocalAuthentication()', 'RDUser::pamService()' and
	'RDUser::setPamService()' methods in 'lib/rduser.cpp' and
	'lib/rduser.h'.
	* Added 'PAM Service' and 'Authenticate This User Locally' controls
	to the Edit User dialog in 'rdadmin/edit_user.cpp' and
	'rdadmin/edit_user.h'.
	* Added a PAM service configuration in 'conf/rivendell.pam'.
This commit is contained in:
Fred Gleason
2017-04-03 18:15:07 -04:00
parent 9cfcfcb5be
commit 275c08b156
21 changed files with 283 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
web/rdxport/rdxport.cpp
View File

@@ -52,19 +52,6 @@ Xport::Xport(QObject *parent)
xport_config=new RDConfig();
xport_config->load();
//
// Drop Root Perms
//
if(setgid(xport_config->gid())<0) {
XmlExit("Unable to set Rivendell group",500);
}
if(setuid(xport_config->uid())<0) {
XmlExit("Unable to set Rivendell user",500);
}
if(getuid()==0) {
XmlExit("Rivendell user should never be \"root\"!",500);
}
//
// Open Database
//
@@ -139,6 +126,19 @@ Xport::Xport(QObject *parent)
XmlExit("Invalid User",403);
}
//
// Drop root permissions
//
if(setgid(xport_config->gid())<0) {
XmlExit("Unable to set Rivendell group",500);
}
if(setuid(xport_config->uid())<0) {
XmlExit("Unable to set Rivendell user",500);
}
if(getuid()==0) {
XmlExit("Rivendell user should never be \"root\"!",500);
}
//
// Read Command Variable and Dispatch
//
@@ -291,6 +291,9 @@ bool Xport::Authenticate()
unsigned char rawstr[1024];
unsigned char sha1[SHA_DIGEST_LENGTH];
//
// First, attempt ticket authentication
//
if(xport_post->getValue("TICKET",&ticket)) {
sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
"(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
@@ -305,6 +308,9 @@ bool Xport::Authenticate()
delete q;
}
//
// Next, check the whitelist
//
if(!xport_post->getValue("LOGIN_NAME",&name)) {
return false;
}
@@ -312,6 +318,24 @@ bool Xport::Authenticate()
return false;
}
xport_user=new RDUser(name);
if(!xport_user->exists()) {
return false;
}
if((xport_post->clientAddress().toIPv4Address()>>24)==127) { // Localhost
return true;
}
sql=QString("select NAME from STATIONS where ")+
"IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\"";
q=new RDSqlQuery(sql);
if(q->first()) {
delete q;
return true;
}
delete q;
//
// Finally, try password
//
if(!xport_user->checkPassword(passwd,false)) {
return false;
}