2017-04-03 Fred Gleason <fredg@paravelsystems.com>

* Added a 'USERS.LOCAL_AUTH' field to the database. * Added a 'USERS.PAM_SERVICE' field to the database. * Added an index on 'STATIONS.IPV4_ADDRESS' to the database. * Incremented the database version to 262. * Added 'RDUser::localAuthentication()', 'RDUser::setLocalAuthentication()', 'RDUser::pamService()' and 'RDUser::setPamService()' methods in 'lib/rduser.cpp' and 'lib/rduser.h'. * Added 'PAM Service' and 'Authenticate This User Locally' controls to the Edit User dialog in 'rdadmin/edit_user.cpp' and 'rdadmin/edit_user.h'. * Added a PAM service configuration in 'conf/rivendell.pam'.
2025-04-10 14:58:21 +02:00 · 2017-04-03 18:15:07 -04:00 · 2017-04-03 18:15:07 -04:00 · 275c08b156
commit 275c08b156
parent 9cfcfcb5be
21 changed files with 283 additions and 49 deletions
--- a/13
+++ b/13
@ -15696,3 +15696,16 @@
 2017-04-03 Fred Gleason <fredg@paravelsystems.com>
 	* Changed all instances of authorization failure in the rdxport service
 	to return code 404.
 2017-04-03 Fred Gleason <fredg@paravelsystems.com>
 	* Added a 'USERS.LOCAL_AUTH' field to the database.
 	* Added a 'USERS.PAM_SERVICE' field to the database.
 	* Added an index on 'STATIONS.IPV4_ADDRESS' to the database.
 	* Incremented the database version to 262.
 	* Added 'RDUser::localAuthentication()',
 	'RDUser::setLocalAuthentication()', 'RDUser::pamService()' and
 	'RDUser::setPamService()' methods in 'lib/rduser.cpp' and
 	'lib/rduser.h'.
 	* Added 'PAM Service' and 'Authenticate This User Locally' controls
 	to the Edit User dialog in 'rdadmin/edit_user.cpp' and
 	'rdadmin/edit_user.h'.
 	* Added a PAM service configuration in 'conf/rivendell.pam'.
--- a/conf/Makefile.am
+++ b/conf/Makefile.am
@ -23,9 +23,12 @@
 install-exec-am:	
 	mkdir -p $(DESTDIR)/$(sysconfdir)
 	cp rd-bin.conf $(DESTDIR)/$(sysconfdir)/
 	mkdir -p $(DESTDIR)/etc/pam.d
 	cp rivendell.pam $(DESTDIR)/etc/pam.d/rivendell
 uninstall:	
 	rm -f $(DESTDIR)/$(sysconfdir)/rd-bin.conf
 	rm -f $(DESTDIR)/etc/pam.d/rivendell
 EXTRA_DIST = my.cnf-master\
             my.cnf-standby\
@ -33,6 +36,7 @@ EXTRA_DIST = my.cnf-master\
             rd.conf-sample\
             rd.conf-slax\
             rd-sample.ini\
             rivendell.pam\
             rlm_ando.conf\
             rlm_facebook.conf\
             rlm_filewrite.conf\
--- a/conf/rivendell.pam
+++ b/conf/rivendell.pam
@ -0,0 +1,5 @@
 #%PAM-1.0
 auth       substack     system-auth
 account    required     pam_deny.so
 password   required     pam_deny.so
 session    required     pam_deny.so
--- a/docs/tables/users.txt
+++ b/docs/tables/users.txt
@ -13,6 +13,8 @@ DESCRIPTION          char(255)
 PASSWORD             char(32)         Not-NULL, Hashed
 WEBAPI_AUTH_TIMEOUT  int(11) signed   Seconds
 ENABLE_WEB           enum('N','Y')
 LOCAL_AUTH           enum('N','Y')
 PAM_SERVICE          char(32)
 ADMIN_USERS_PRIV     enum('N','Y')    Retired
 ADMIN_CONFIG_PRIV    enum('N','Y')
 CREATE_CARTS_PRIV    enum('N','Y')
--- a/lib/dbversion.h
+++ b/lib/dbversion.h
@ -24,7 +24,7 @@
 /*
 * Current Database Version
 */
-#define RD_VERSION_DATABASE 261
+#define RD_VERSION_DATABASE 262
 #endif  // DBVERSION_H
--- a/lib/rduser.cpp
+++ b/lib/rduser.cpp
@ -19,6 +19,7 @@
 //
 #include <rdconf.h>
 #include <rdpam.h>
 #include <rduser.h>
 #include <rddb.h>
 #include <rdescape_string.h>
@ -49,19 +50,27 @@ bool RDUser::authenticated(bool webuser) const
  RDSqlQuery *q;
  QString sql;
-  sql=QString().sprintf("select LOGIN_NAME,ENABLE_WEB from USERS \
+  if(localAuthentication()) {
-                         where LOGIN_NAME=\"%s\" \
+    sql=QString().sprintf("select LOGIN_NAME,ENABLE_WEB from USERS \
                         where LOGIN_NAME=\"%s\"		   \
                         && PASSWORD=\"%s\"",
-			(const char *)RDEscapeString(user_name),
+			  (const char *)RDEscapeString(user_name),
-			(const char *)RDEscapeString(user_password));
+			  (const char *)RDEscapeString(user_password));
-  q=new RDSqlQuery(sql);
+    q=new RDSqlQuery(sql);
-  if(q->first()) {
+    if(q->first()) {
-    bool ret=RDBool(q->value(1).toString())||
+      bool ret=RDBool(q->value(1).toString())||
-      ((!RDBool(q->value(1).toString()))&&(!webuser));
+	((!RDBool(q->value(1).toString()))&&(!webuser));
      delete q;
      return ret;
    }
    delete q;
  }
  else {
    RDPam *pam=new RDPam(pamService());
    bool ret=pam->authenticate(user_name,user_password);
    delete pam;
    return ret;
  }
  delete q;
  return false;
 }
@ -100,6 +109,31 @@ void RDUser::setEnableWeb(bool state) const
 }
 bool RDUser::localAuthentication() const
 {
  return RDBool(RDGetSqlValue("USERS","LOGIN_NAME",user_name,"LOCAL_AUTH").
 	       toString());
 }
 void RDUser::setLocalAuthentication(bool state) const
 {
  SetRow("LOCAL_AUTH",RDYesNo(state));
 }
 QString RDUser::pamService() const
 {
  return RDGetSqlValue("USERS","LOGIN_NAME",user_name,"PAM_SERVICE").toString();
 }
 void RDUser::setPamService(const QString &str) const
 {
  SetRow("PAM_SERVICE",str);
 }
 QString RDUser::fullName() const
 {
  return RDGetSqlValue("USERS","LOGIN_NAME",user_name,"FULL_NAME").toString();
--- a/lib/rduser.h
+++ b/lib/rduser.h
@ -35,6 +35,10 @@ class RDUser
  void setPassword(const QString &password);
  bool enableWeb() const;
  void setEnableWeb(bool state) const;
  bool localAuthentication() const;
  void setLocalAuthentication(bool state) const;
  QString pamService() const;
  void setPamService(const QString &str) const;
  QString fullName() const;
  void setFullName(const QString &name) const;
  QString description() const;
--- a/rdadmin/createdb.cpp
+++ b/rdadmin/createdb.cpp
@ -2,7 +2,7 @@
 //
 // Create, Initialize and/or Update a Rivendell Database
 //
-//   (C) Copyright 2002-2016 Fred Gleason <fredg@paravelsystems.com>
+//   (C) Copyright 2002-2017 Fred Gleason <fredg@paravelsystems.com>
 //
 //   This program is free software; you can redistribute it and/or modify
 //   it under the terms of the GNU General Public License version 2 as
@ -578,6 +578,8 @@ bool CreateDb(QString name,QString pwd)
    PASSWORD CHAR(32),\
    WEBAPI_AUTH_TIMEOUT int not null default 3600,\
    ENABLE_WEB enum('N','Y') default 'N',\
    LOCAL_AUTH enum('N','Y') default 'Y',\
    PAM_SERVICE char(32) default \"rivendell\",\
    ADMIN_USERS_PRIV ENUM('N','Y') NOT NULL DEFAULT 'N',\
    ADMIN_CONFIG_PRIV ENUM('N','Y') NOT NULL DEFAULT 'N',\
    CREATE_CARTS_PRIV ENUM('N','Y') NOT NULL DEFAULT 'N',\
@ -679,7 +681,8 @@ bool CreateDb(QString name,QString pwd)
      CARD7_NAME char(64),\
      CARD7_INPUTS int default -1,\
      CARD7_OUTPUTS int default -1,\
-      INDEX DESCRIPTION_IDX (DESCRIPTION))");
+      INDEX DESCRIPTION_IDX (DESCRIPTION),\
      index IPV4_ADDRESS_IDX (IPV4_ADDRESS))");
  if(!RunQuery(sql)) {
    return false;
  }
@ -8360,6 +8363,24 @@ int UpdateDb(int ver)
    }
  }
  if(ver<262) {
    sql=QString("alter table USERS add column ")+
      "LOCAL_AUTH enum('N','Y') default 'Y' after ENABLE_WEB";
    if(!RunQuery(sql)) {
      return false;
    }
    sql=QString("alter table USERS add column ")+
      "PAM_SERVICE char(32) default \"rivendell\" after LOCAL_AUTH";
    if(!RunQuery(sql)) {
      return false;
    }
    sql=QString("create index IPV4_ADDRESS_IDX on STATIONS (IPV4_ADDRESS)");
    if(!RunQuery(sql)) {
      return false;
    }
  }
  //
--- a/rdadmin/edit_user.cpp
+++ b/rdadmin/edit_user.cpp
@ -105,15 +105,49 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  user_description_label->setFont(font);
  user_description_label->setAlignment(AlignRight|AlignVCenter|ShowPrefix);
  //
  // Local Authentication
  //
  user_localauth_check=new QCheckBox(this);
  user_localauth_check->setGeometry(20,75,15,15);
  connect(user_localauth_check,SIGNAL(toggled(bool)),
 	  this,SLOT(localAuthToggledData(bool)));
  user_localauth_label=new QLabel(user_localauth_check,
 				  tr("Authenticate This User Locally"),this);
  user_localauth_label->setGeometry(40,75,180,19);
  user_localauth_label->setFont(font);
  user_localauth_label->setAlignment(AlignLeft|AlignVCenter|ShowPrefix);
  //
  // PAM Service
  //
  user_pamservice_edit=new QLineEdit(this);
  user_pamservice_edit->setGeometry(120,97,150,19);
  user_pamservice_edit->setMaxLength(32);
  user_pamservice_label=
    new QLabel(user_pamservice_edit,tr("PAM Service")+":",this);
  user_pamservice_label->setGeometry(10,97,105,19);
  user_pamservice_label->setFont(font);
  user_pamservice_label->setAlignment(AlignRight|AlignVCenter|ShowPrefix);
  //
  // Change Password Button
  //
  user_password_button=new QPushButton(this);
  user_password_button->setGeometry(sizeHint().width()-90,75,80,50);
  user_password_button->setFont(font);
  user_password_button->setText(tr("Change\n&Password"));
  connect(user_password_button,SIGNAL(clicked()),this,SLOT(passwordData()));
  //
  // User Phone
  //
  user_phone_edit=new QLineEdit(this);
-  user_phone_edit->setGeometry(120,75,120,19);
+  user_phone_edit->setGeometry(120,119,120,19);
  user_phone_edit->setMaxLength(20);
  user_phone_edit->setValidator(validator);
  QLabel *user_phone_label=new QLabel(user_phone_edit,tr("&Phone:"),this);
-  user_phone_label->setGeometry(10,75,105,19);
+  user_phone_label->setGeometry(10,119,105,19);
  user_phone_label->setFont(font);
  user_phone_label->setAlignment(AlignRight|AlignVCenter|ShowPrefix);
@ -121,12 +155,12 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // WebAPI Authorization Timeout
  //
  user_webapi_auth_spin=new QSpinBox(this);
-  user_webapi_auth_spin->setGeometry(120,97,80,19);
+  user_webapi_auth_spin->setGeometry(120,141,80,19);
  user_webapi_auth_spin->setRange(0,86400);
  user_webapi_auth_spin->setSpecialValueText(tr("Disabled"));
  QLabel *user_webapi_auth_label=
    new QLabel(user_webapi_auth_spin,tr("WebAPI Timeout:"),this);
-  user_webapi_auth_label->setGeometry(10,97,105,19);
+  user_webapi_auth_label->setGeometry(10,141,105,19);
  user_webapi_auth_label->setFont(font);
  user_webapi_auth_label->setAlignment(AlignRight|AlignVCenter|ShowPrefix);
@ -134,26 +168,17 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // Enable Web Login
  //
  user_web_box=new QCheckBox(this);
-  user_web_box->setGeometry(20,118,15,15);
+  user_web_box->setGeometry(20,162,15,15);
  user_web_label=new QLabel(user_web_box,tr("Allow Web Logins"),this);
-  user_web_label->setGeometry(40,118,180,19);
+  user_web_label->setGeometry(40,162,180,19);
  user_web_label->setFont(font);
  user_web_label->setAlignment(AlignLeft|AlignVCenter|ShowPrefix);
  //
  // Change Password Button
  //
  QPushButton *password_button=new QPushButton(this);
  password_button->setGeometry(sizeHint().width()-90,75,80,50);
  password_button->setFont(font);
  password_button->setText(tr("Change\n&Password"));
  connect(password_button,SIGNAL(clicked()),this,SLOT(passwordData()));
  //
  // Administrative Group Priviledges
  //
  user_admin_group=new QButtonGroup(tr("Administrative Rights"),this);
-  user_admin_group->setGeometry(10,147,355,45);
+  user_admin_group->setGeometry(10,191,355,45);
  user_admin_group->setFont(font);
  user_admin_config_button=new QCheckBox(user_admin_group);
@ -172,7 +197,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // Production Group Priviledges
  //
  user_prod_group=new QButtonGroup(tr("Production Rights"),this);
-  user_prod_group->setGeometry(10,202,355,85);
+  user_prod_group->setGeometry(10,246,355,85);
  user_prod_group->setFont(font);
  user_create_carts_button=new QCheckBox(user_prod_group);
@ -229,7 +254,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // Traffic Group Priviledges
  //
  user_traffic_group=new QButtonGroup(tr("Traffic Rights"),this);
-  user_traffic_group->setGeometry(10,297,355,66);
+  user_traffic_group->setGeometry(10,341,355,66);
  user_traffic_group->setFont(font);
  user_create_log_button=new QCheckBox(user_traffic_group);
@ -270,7 +295,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // OnAir Group Priviledges
  //
  user_onair_group=new QButtonGroup(tr("OnAir Rights"),this);
-  user_onair_group->setGeometry(10,373,355,85);
+  user_onair_group->setGeometry(10,417,355,85);
  user_onair_group->setFont(font);
  user_playout_log_button=new QCheckBox(user_onair_group);
@ -320,7 +345,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  // Podcast Group Priviledges
  //
  user_podcast_group=new QButtonGroup(tr("Podcasting Rights"),this);
-  user_podcast_group->setGeometry(10,468,355,66);
+  user_podcast_group->setGeometry(10,512,355,66);
  user_podcast_group->setFont(font);
  user_add_podcast_button=new QCheckBox(user_podcast_group);
@ -353,7 +378,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  //  Group Permissions Button
  //
  user_assign_perms_button=new QPushButton(this);
-  user_assign_perms_button->setGeometry(10,538,sizeHint().width()/2-20,50);
+  user_assign_perms_button->setGeometry(10,582,sizeHint().width()/2-20,50);
  user_assign_perms_button->setFont(font);
  user_assign_perms_button->setText(tr("Assign Group\nPermissions"));
  connect(user_assign_perms_button,SIGNAL(clicked()),this,SLOT(groupsData()));
@ -363,7 +388,7 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  //
  user_assign_feeds_button=new QPushButton(this);
  user_assign_feeds_button->
-    setGeometry(sizeHint().width()/2+10,538,sizeHint().width()/2-20,50);
+    setGeometry(sizeHint().width()/2+10,582,sizeHint().width()/2-20,50);
  user_assign_feeds_button->setFont(font);
  user_assign_feeds_button->setText(tr("Assign Podcast Feed\nPermissions"));
  connect(user_assign_feeds_button,SIGNAL(clicked()),this,SLOT(feedsData()));
@ -396,6 +421,9 @@ EditUser::EditUser(const QString &user,QWidget *parent)
  user_full_name_edit->setText(user_user->fullName());
  user_description_edit->setText(user_user->description());
  user_phone_edit->setText(user_user->phone());
  user_localauth_check->setChecked(user_user->localAuthentication());
  user_pamservice_edit->setText(user_user->pamService());
  localAuthToggledData(user_localauth_check->isChecked());
  user_webapi_auth_spin->setValue(user_user->webapiAuthTimeout());
  user_web_box->setChecked(user_user->enableWeb());
  if(user_user->adminConfig()) {
@ -451,7 +479,7 @@ EditUser::~EditUser()
 QSize EditUser::sizeHint() const
 {
-  return QSize(375,658);
+  return QSize(375,702);
 } 
@ -461,6 +489,14 @@ QSizePolicy EditUser::sizePolicy() const
 }
 void EditUser::localAuthToggledData(bool state)
 {
  user_password_button->setEnabled(state);
  user_pamservice_label->setDisabled(state);
  user_pamservice_edit->setDisabled(state);
 }
 void EditUser::passwordData()
 {
  QString password;
@ -539,6 +575,8 @@ void EditUser::okData()
  user_user->setFullName(user_full_name_edit->text());
  user_user->setDescription(user_description_edit->text());
  user_user->setPhone(user_phone_edit->text());
  user_user->setLocalAuthentication(user_localauth_check->isChecked());
  user_user->setPamService(user_pamservice_edit->text());
  user_user->setWebapiAuthTimeout(user_webapi_auth_spin->value());
  user_user->setEnableWeb(user_web_box->isChecked());
  user_user->setAdminConfig(user_admin_config_button->isChecked());
--- a/rdadmin/edit_user.h
+++ b/rdadmin/edit_user.h
@ -44,6 +44,7 @@ class EditUser : public QDialog
  QSizePolicy sizePolicy() const;
 private slots:
  void localAuthToggledData(bool state);
  void passwordData();
  void groupsData();
  void feedsData();
@ -55,6 +56,11 @@ class EditUser : public QDialog
  QLineEdit *user_name_edit;
  QLineEdit *user_full_name_edit;
  QLineEdit *user_description_edit;
  QCheckBox *user_localauth_check;
  QLabel *user_localauth_label;
  QLineEdit *user_pamservice_edit;
  QLabel *user_pamservice_label;
  QPushButton *user_password_button;
  QLineEdit *user_phone_edit;
  QSpinBox *user_webapi_auth_spin;
  QCheckBox *user_web_box;
--- a/rdadmin/rdadmin_cs.ts
+++ b/rdadmin/rdadmin_cs.ts
@ -4135,6 +4135,14 @@ pro přívod pro podcast</translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_de.ts
+++ b/rdadmin/rdadmin_de.ts
@ -4092,6 +4092,14 @@ zuweisen</translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_es.ts
+++ b/rdadmin/rdadmin_es.ts
@ -4080,6 +4080,14 @@ Feeds para Podcasts</translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_fr.ts
+++ b/rdadmin/rdadmin_fr.ts
@ -3710,6 +3710,14 @@ Permissions</source>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_nb.ts
+++ b/rdadmin/rdadmin_nb.ts
@ -4082,6 +4082,14 @@ tilgangsrettar</translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_nn.ts
+++ b/rdadmin/rdadmin_nn.ts
@ -4082,6 +4082,14 @@ tilgangsrettar</translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rdadmin/rdadmin_pt_BR.ts
+++ b/rdadmin/rdadmin_pt_BR.ts
@ -4085,6 +4085,14 @@ Feeds de Podcasts </translation>
        <source>WebAPI Timeout:</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>Authenticate This User Locally</source>
        <translation type="unfinished"></translation>
    </message>
    <message>
        <source>PAM Service</source>
        <translation type="unfinished"></translation>
    </message>
 </context>
 <context>
    <name>EditUserPerms</name>
--- a/rivendell.spec.in
+++ b/rivendell.spec.in
@ -285,6 +285,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(6755,root,root) @libexecdir@/rdxport.cgi
@sysconfdir@/rd-bin.conf
@WIN32_PATH@
 /etc/pam.d/rivendell
 /etc/pam.d/rdalsaconfig-root
 /etc/security/console.apps/rdalsaconfig-root
 %{_mandir}/man1/rdexport.1.gz
--- a/utils/rdrevert/rdrevert.cpp
+++ b/utils/rdrevert/rdrevert.cpp
@ -202,6 +202,10 @@ void MainObject::Revert(int schema) const
  case 261:
    Revert261();
    break;
  case 262:
    Revert262();
    break;
  }
 }
@ -567,6 +571,27 @@ void MainObject::Revert261() const
 }
 void MainObject::Revert262() const
 {
  QString sql;
  QSqlQuery *q;
  sql=QString("alter table USERS drop column LOCAL_AUTH");
  q=new QSqlQuery(sql);
  delete q;
  sql=QString("alter table USERS drop column PAM_SERVICE");
  q=new QSqlQuery(sql);
  delete q;
  sql=QString("drop index IPV4_ADDRESS_IDX on STATIONS");
  q=new QSqlQuery(sql);
  delete q;  
  SetVersion(261);
 }
 int MainObject::GetVersion() const
 {
  QString sql;
@ -609,7 +634,7 @@ int MainObject::MapSchema(const QString &ver)
  version_map["2.13"]=255;
  version_map["2.14"]=258;
  version_map["2.15"]=259;
-  version_map["2.16"]=261;
+  version_map["2.16"]=262;
  //
  // Normalize String
--- a/utils/rdrevert/rdrevert.h
+++ b/utils/rdrevert/rdrevert.h
@ -57,6 +57,7 @@ class MainObject : public QObject
  void Revert259() const;
  void Revert260() const;
  void Revert261() const;
  void Revert262() const;
  int GetVersion() const;
  void SetVersion(int schema) const;
  int MapSchema(const QString &ver);
--- a/web/rdxport/rdxport.cpp
+++ b/web/rdxport/rdxport.cpp
@ -52,19 +52,6 @@ Xport::Xport(QObject *parent)
  xport_config=new RDConfig();
  xport_config->load();
  //
  // Drop Root Perms
  //
  if(setgid(xport_config->gid())<0) {
    XmlExit("Unable to set Rivendell group",500);
  }
  if(setuid(xport_config->uid())<0) {
    XmlExit("Unable to set Rivendell user",500);
  }
  if(getuid()==0) {
    XmlExit("Rivendell user should never be \"root\"!",500);
  }
  //
  // Open Database
  //
@ -139,6 +126,19 @@ Xport::Xport(QObject *parent)
    XmlExit("Invalid User",403);
  }
  //
  // Drop root permissions
  //
  if(setgid(xport_config->gid())<0) {
    XmlExit("Unable to set Rivendell group",500);
  }
  if(setuid(xport_config->uid())<0) {
    XmlExit("Unable to set Rivendell user",500);
  }
  if(getuid()==0) {
    XmlExit("Rivendell user should never be \"root\"!",500);
  }
  //
  // Read Command Variable and Dispatch 
  //
@ -291,6 +291,9 @@ bool Xport::Authenticate()
  unsigned char rawstr[1024];
  unsigned char sha1[SHA_DIGEST_LENGTH];
  //
  // First, attempt ticket authentication
  //
  if(xport_post->getValue("TICKET",&ticket)) {
    sql=QString("select LOGIN_NAME from WEBAPI_AUTHS where ")+
      "(TICKET=\""+RDEscapeString(ticket)+"\")&&"+
@ -305,6 +308,9 @@ bool Xport::Authenticate()
    delete q;
  }
  //
  // Next, check the whitelist
  //
  if(!xport_post->getValue("LOGIN_NAME",&name)) {
    return false;
  }
@ -312,6 +318,24 @@ bool Xport::Authenticate()
    return false;
  }
  xport_user=new RDUser(name);
  if(!xport_user->exists()) {
    return false;
  }
  if((xport_post->clientAddress().toIPv4Address()>>24)==127) {  // Localhost
    return true;
  }
  sql=QString("select NAME from STATIONS where ")+
    "IPV4_ADDRESS=\""+xport_post->clientAddress().toString()+"\"";
  q=new RDSqlQuery(sql);
  if(q->first()) {
    delete q;
    return true;
  }
  delete q;
  //
  // Finally, try password
  //
  if(!xport_user->checkPassword(passwd,false)) {
    return false;
  }