Browse code
add authid cookie to complement the session in QUERY_STRING
Dario Rodriguez authored on 13/07/2014 21:41:07
Showing 6 changed files
- src/kakumei.c
- src/kakumei.h
- src/kakumei_config.c
- src/kakumei_config.h
- src/kakumei_session.c
- src/kakumei_session.h
| ... | ... |
@@ -26,7 +26,7 @@ |
| 26 | 26 |
#include "kakumei_config.h" |
| 27 | 27 |
|
| 28 | 28 |
#define CONFIGFILE "kakumei.conf" |
| 29 |
-#define CFCOOKIEPREFIX "kakumei_" |
|
| 29 |
+#define CFCOOKIENAME "kakumeiauthid" |
|
| 30 | 30 |
#define CFCOOKIEDOMAIN "localhost" |
| 31 | 31 |
#define CFBANNERPATH "default.png" |
| 32 | 32 |
|
| ... | ... |
@@ -60,7 +60,7 @@ main(int argc, char *argv[]) |
| 60 | 60 |
port=atoi(argv[1]); |
| 61 | 61 |
if(kaconfig_exists(CONFIGFILE)!=0) {
|
| 62 | 62 |
log_write("INIT","Config file not found, writing default file %s",CONFIGFILE);
|
| 63 |
- kaconfig_write(CONFIGFILE,CFCOOKIEPREFIX,CFCOOKIEDOMAIN,CFBANNERPATH); |
|
| 63 |
+ kaconfig_write(CONFIGFILE,CFCOOKIENAME,CFCOOKIEDOMAIN,CFBANNERPATH); |
|
| 64 | 64 |
} |
| 65 | 65 |
if((ka->config=kaconfig_init(CONFIGFILE))==NULL) {
|
| 66 | 66 |
log_write("INIT","ERROR: insufficient memory or config file error");
|
| ... | ... |
@@ -164,8 +164,9 @@ callback_http(wk *web, int connid, wk_uri *uri, void *userptr) |
| 164 | 164 |
int ishtml; |
| 165 | 165 |
int whitelisted; |
| 166 | 166 |
int validsession; |
| 167 |
- char session[SESSIONSIZE]; |
|
| 167 |
+ char session[SESSIONSIZE+1]; |
|
| 168 | 168 |
char user[MAXUSERSIZE+1]; |
| 169 |
+ char authid[AUTHIDSIZE+1]; |
|
| 169 | 170 |
int i; |
| 170 | 171 |
if(ka==NULL) |
| 171 | 172 |
return(wkact_finished); |
| ... | ... |
@@ -200,7 +201,9 @@ callback_http(wk *web, int connid, wk_uri *uri, void *userptr) |
| 200 | 201 |
if(wk_uri_copyvar(uri,"s",session,sizeof(session))==NULL) |
| 201 | 202 |
session[0]='\0'; |
| 202 | 203 |
user[0]='\0'; |
| 203 |
- validsession=(session_check(ka,session,user,sizeof(user))!=NULL)?1:0; |
|
| 204 |
+ if(wk_uri_copycookie(uri,ka->config->cookiename,authid,sizeof(authid))==NULL) |
|
| 205 |
+ authid[0]='\0'; |
|
| 206 |
+ validsession=(session_check(ka,session,authid,user,sizeof(user))!=NULL)?1:0; |
|
| 204 | 207 |
/* serve the page */ |
| 205 | 208 |
if(partialpath[0]=='/' && (res=res_find(resindexdata,partialpath+1))!=NULL) {
|
| 206 | 209 |
if(whitelisted || validsession) {
|
| ... | ... |
@@ -269,7 +272,8 @@ http_login(wk *web, int connid, wk_uri *uri, void *userptr) |
| 269 | 272 |
{
|
| 270 | 273 |
char u[MAXUSERSIZE+1],p[MAXPASSWDSIZE+1]; |
| 271 | 274 |
char reply[1024]; |
| 272 |
- char session[SESSIONSIZE]; |
|
| 275 |
+ char session[SESSIONSIZE+1]; |
|
| 276 |
+ char authid[AUTHIDSIZE+1]; |
|
| 273 | 277 |
kakumei *ka=(kakumei *)userptr; |
| 274 | 278 |
if(web==NULL || connid<0 || uri==NULL || ka==NULL) {
|
| 275 | 279 |
log_write("EINT","%s:%i",__FILE__,__LINE__);
|
| ... | ... |
@@ -290,10 +294,11 @@ http_login(wk *web, int connid, wk_uri *uri, void *userptr) |
| 290 | 294 |
log_write("LGIN","Reply: %s",reply);
|
| 291 | 295 |
return(wkact_finished); |
| 292 | 296 |
} else if(pass_check(ka,u,p)==0 && |
| 293 |
- session_new(ka,u,session,sizeof(session))!=NULL) {
|
|
| 297 |
+ session_new(ka,u,session,sizeof(session),authid,sizeof(authid))!=NULL) {
|
|
| 294 | 298 |
/* valid login */ |
| 295 | 299 |
snprintf(reply,sizeof(reply),"/posts.html?s=%s",session); |
| 296 | 300 |
reply[sizeof(reply)-1]='\0'; |
| 301 |
+ wk_serve_cookieadd(web,connid,ka->config->cookiename,authid,ka->config->cookiedomain,21600 /* 6h */,"secure"); |
|
| 297 | 302 |
wk_serve_buffer_as_file(web,connid,reply,strlen(reply),"text/plain"); |
| 298 | 303 |
log_write("LGIN","Reply: %s",reply);
|
| 299 | 304 |
return(wkact_finished); |
| ... | ... |
@@ -308,7 +313,8 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr) |
| 308 | 313 |
{
|
| 309 | 314 |
char u[MAXUSERSIZE+1],p[MAXPASSWDSIZE+1],i[MAXPASSWDSIZE+1]; |
| 310 | 315 |
char reply[1024]; |
| 311 |
- char session[SESSIONSIZE]; |
|
| 316 |
+ char session[SESSIONSIZE+1]; |
|
| 317 |
+ char authid[AUTHIDSIZE+1]; |
|
| 312 | 318 |
kakumei *ka=(kakumei *)userptr; |
| 313 | 319 |
if(web==NULL || connid<0 || uri==NULL || ka==NULL) {
|
| 314 | 320 |
log_write("EINT","%s:%i",__FILE__,__LINE__);
|
| ... | ... |
@@ -339,7 +345,7 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr) |
| 339 | 345 |
/* delete invitation */ |
| 340 | 346 |
kakumei_invitedel(ka,i); |
| 341 | 347 |
/* create session and go to "posts" page */ |
| 342 |
- if(session_new(ka,u,session,sizeof(session))==NULL) {
|
|
| 348 |
+ if(session_new(ka,u,session,sizeof(session),authid,sizeof(authid))==NULL) {
|
|
| 343 | 349 |
/* "autologin" didn't work, ask for login */ |
| 344 | 350 |
log_write("NEWU","couldn't generate new session, redirecting to login");
|
| 345 | 351 |
wk_serve_buffer_as_file(web,connid,"/",1,"text/plain"); |
| ... | ... |
@@ -348,6 +354,7 @@ http_newuser(wk *web, int connid, wk_uri *uri, void *userptr) |
| 348 | 354 |
/* valid login */ |
| 349 | 355 |
snprintf(reply,sizeof(reply),"/posts.html?s=%s",session); |
| 350 | 356 |
reply[sizeof(reply)-1]='\0'; |
| 357 |
+ wk_serve_cookieadd(web,connid,ka->config->cookiename,authid,ka->config->cookiedomain,21600 /* 6h */,"secure"); |
|
| 351 | 358 |
wk_serve_buffer_as_file(web,connid,reply,strlen(reply),"text/plain"); |
| 352 | 359 |
log_write("NEWU","Reply: %s",reply);
|
| 353 | 360 |
return(wkact_finished); |
| ... | ... |
@@ -85,8 +85,8 @@ kaconfig_init(char *configfile) |
| 85 | 85 |
continue; |
| 86 | 86 |
} |
| 87 | 87 |
/* identify key-value pair */ |
| 88 |
- if(strcmp(ptr,"cookieprefix")==0) {
|
|
| 89 |
- configvalue=&(config->cookieprefix); |
|
| 88 |
+ if(strcmp(ptr,"cookiename")==0) {
|
|
| 89 |
+ configvalue=&(config->cookiename); |
|
| 90 | 90 |
} else if(strcmp(ptr,"cookiedomain")==0) {
|
| 91 | 91 |
configvalue=&(config->cookiedomain); |
| 92 | 92 |
} else if(strcmp(ptr,"bannerpath")==0) {
|
| ... | ... |
@@ -121,8 +121,8 @@ kaconfig_free(kaconfig *config) |
| 121 | 121 |
{
|
| 122 | 122 |
if(config==NULL) |
| 123 | 123 |
return; |
| 124 |
- if(config->cookieprefix!=NULL) |
|
| 125 |
- free(config->cookieprefix),config->cookieprefix=NULL; |
|
| 124 |
+ if(config->cookiename!=NULL) |
|
| 125 |
+ free(config->cookiename),config->cookiename=NULL; |
|
| 126 | 126 |
if(config->cookiedomain!=NULL) |
| 127 | 127 |
free(config->cookiedomain),config->cookiedomain=NULL; |
| 128 | 128 |
if(config->bannerpath!=NULL) |
| ... | ... |
@@ -141,14 +141,14 @@ kaconfig_exists(char *configfile) |
| 141 | 141 |
} |
| 142 | 142 |
|
| 143 | 143 |
int |
| 144 |
-kaconfig_write(char *configfile,char *cookieprefix,char *cookiedomain, char *bannerpath) |
|
| 144 |
+kaconfig_write(char *configfile,char *cookiename,char *cookiedomain, char *bannerpath) |
|
| 145 | 145 |
{
|
| 146 | 146 |
FILE *f; |
| 147 | 147 |
if((f=fopen(configfile,"w"))==NULL) |
| 148 | 148 |
return(-1); |
| 149 | 149 |
fprintf(f,"; kakumei config file\n"); |
| 150 | 150 |
fprintf(f,"[general]\n"); |
| 151 |
- fprintf(f,"cookieprefix=%s\n",(cookieprefix!=NULL)?cookieprefix:"kakumei_"); |
|
| 151 |
+ fprintf(f,"cookiename=%s\n",(cookiename!=NULL)?cookiename:"kakumeiauthid"); |
|
| 152 | 152 |
fprintf(f,"cookiedomain=%s\n",(cookiedomain!=NULL)?cookiedomain:"localhost"); |
| 153 | 153 |
fprintf(f,"bannerpath=%s\n",(bannerpath!=NULL)?bannerpath:"default.png"); |
| 154 | 154 |
return(0); |
| ... | ... |
@@ -12,7 +12,7 @@ |
| 12 | 12 |
#ifndef KAKUMEI_CONFIG_H |
| 13 | 13 |
#define KAKUMEI_CONFIG_H |
| 14 | 14 |
typedef struct kaconfig {
|
| 15 |
- char *cookieprefix; |
|
| 15 |
+ char *cookiename; |
|
| 16 | 16 |
char *cookiedomain; |
| 17 | 17 |
char *bannerpath; |
| 18 | 18 |
} kaconfig; |
| ... | ... |
@@ -21,5 +21,5 @@ kaconfig *kaconfig_init(char *configfile); |
| 21 | 21 |
void kaconfig_free(kaconfig *config); |
| 22 | 22 |
|
| 23 | 23 |
int kaconfig_exists(char *configfile); |
| 24 |
-int kaconfig_write(char *configfile,char *cookieprefix,char *cookiedomain, char *bannerpath); |
|
| 24 |
+int kaconfig_write(char *configfile,char *cookiename,char *cookiedomain, char *bannerpath); |
|
| 25 | 25 |
#endif |
| ... | ... |
@@ -18,21 +18,22 @@ |
| 18 | 18 |
#include "kakumei_session.h" |
| 19 | 19 |
|
| 20 | 20 |
char * |
| 21 |
-session_new(kakumei *ka, char *user, char *session, int sessionsize) |
|
| 21 |
+session_new(kakumei *ka, char *user, char *session, int sessionsize, char *authid, int authidsize) |
|
| 22 | 22 |
{
|
| 23 | 23 |
static int init=0; |
| 24 | 24 |
MHASH td; |
| 25 | 25 |
struct timeval tv; |
| 26 | 26 |
struct timezone tz; |
| 27 |
- int i; |
|
| 27 |
+ int i,k; |
|
| 28 | 28 |
long n; |
| 29 | 29 |
char c; |
| 30 | 30 |
char binhash[32]; |
| 31 | 31 |
char filename[1024]; |
| 32 | 32 |
int len; |
| 33 | 33 |
int fd; |
| 34 |
- char oldsession[SESSIONSIZE]; |
|
| 35 |
- if(ka==NULL || user==NULL || session==NULL || sessionsize<SESSIONSIZE || kakumei_uservalid(ka,user)!=0) |
|
| 34 |
+ int authidlen; |
|
| 35 |
+ char oldsession[SESSIONSIZE+1]; |
|
| 36 |
+ if(ka==NULL || user==NULL || session==NULL || sessionsize<(SESSIONSIZE+1) || authidsize<(AUTHIDSIZE+1)|| kakumei_uservalid(ka,user)!=0) |
|
| 36 | 37 |
return(NULL); |
| 37 | 38 |
if(init==0) {
|
| 38 | 39 |
gettimeofday(&tv,&tz); |
| ... | ... |
@@ -50,7 +51,7 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize) |
| 50 | 51 |
mhash(td,&n,sizeof(n)); |
| 51 | 52 |
} |
| 52 | 53 |
mhash_deinit(td,&binhash); |
| 53 |
- for(i=0;i<sizeof(binhash) && i<SESSIONSIZE;i++) {
|
|
| 54 |
+ for(i=0;i<sizeof(binhash) && i<(SESSIONSIZE/2);i++) {
|
|
| 54 | 55 |
c=(((unsigned char *)binhash)[i]>>4); |
| 55 | 56 |
c=(c>=10)?(c-10+'a'):c+'0'; |
| 56 | 57 |
session[i<<1]=c; |
| ... | ... |
@@ -58,7 +59,16 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize) |
| 58 | 59 |
c=(c>=10)?(c-10+'a'):c+'0'; |
| 59 | 60 |
session[(i<<1)+1]=c; |
| 60 | 61 |
} |
| 61 |
- session[SESSIONSIZE-1]='\0'; |
|
| 62 |
+ session[SESSIONSIZE]='\0'; |
|
| 63 |
+ for(k=0;i<sizeof(binhash) && k<(AUTHIDSIZE/2);i++,k++) {
|
|
| 64 |
+ c=(((unsigned char *)binhash)[i]>>4); |
|
| 65 |
+ c=(c>=10)?(c-10+'a'):c+'0'; |
|
| 66 |
+ authid[k<<1]=c; |
|
| 67 |
+ c=(((unsigned char *)binhash)[i]&0xf); |
|
| 68 |
+ c=(c>=10)?(c-10+'a'):c+'0'; |
|
| 69 |
+ authid[(k<<1)+1]=c; |
|
| 70 |
+ } |
|
| 71 |
+ authid[AUTHIDSIZE]='\0'; |
|
| 62 | 72 |
/* save the hash */ |
| 63 | 73 |
mkdir(DATADIR,0700); |
| 64 | 74 |
mkdir(SESSIONSDIR,0700); |
| ... | ... |
@@ -67,7 +77,8 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize) |
| 67 | 77 |
if((fd=open(filename,O_WRONLY|O_TRUNC|O_CREAT,0600))==-1) |
| 68 | 78 |
return(NULL); |
| 69 | 79 |
len=strlen(user); |
| 70 |
- if(write(fd,user,len)!=len) {
|
|
| 80 |
+ authidlen=strlen(authid); |
|
| 81 |
+ if(write(fd,user,len)!=len || write(fd,"\n",1)!=1 || write(fd,authid,authidlen)!=authidlen) {
|
|
| 71 | 82 |
close(fd),fd=-1; |
| 72 | 83 |
return(NULL); |
| 73 | 84 |
} |
| ... | ... |
@@ -93,11 +104,14 @@ session_new(kakumei *ka, char *user, char *session, int sessionsize) |
| 93 | 104 |
} |
| 94 | 105 |
|
| 95 | 106 |
char * |
| 96 |
-session_check(kakumei *ka, char *session, char *user, int usersize) |
|
| 107 |
+session_check(kakumei *ka, char *session, char *authid, char *user, int usersize) |
|
| 97 | 108 |
{
|
| 98 | 109 |
int i; |
| 99 | 110 |
int fd; |
| 100 | 111 |
char filename[1024]; |
| 112 |
+ char sesbuf[MAXUSERSIZE+AUTHIDSIZE+2]; |
|
| 113 |
+ char *sep; |
|
| 114 |
+ int len; |
|
| 101 | 115 |
if(ka==NULL || session==NULL || session[0]=='\0' || user==NULL || usersize<(MAXUSERSIZE+1)) |
| 102 | 116 |
return(NULL); |
| 103 | 117 |
for(i=0;session[i]!='\0';i++) {
|
| ... | ... |
@@ -110,11 +124,25 @@ session_check(kakumei *ka, char *session, char *user, int usersize) |
| 110 | 124 |
filename[sizeof(filename)-1]='\0'; |
| 111 | 125 |
if((fd=open(filename,O_RDONLY))==-1) |
| 112 | 126 |
return(NULL); |
| 113 |
- memset(user,0,usersize); |
|
| 114 |
- read(fd,user,usersize-1); |
|
| 127 |
+ memset(sesbuf,0,sizeof(sesbuf)); |
|
| 128 |
+ read(fd,sesbuf,sizeof(sesbuf)); |
|
| 129 |
+ sesbuf[sizeof(sesbuf)-1]='\0'; |
|
| 115 | 130 |
close(fd),fd=-1; |
| 131 |
+ if((sep=strchr(sesbuf,'\n'))==NULL) |
|
| 132 |
+ return(NULL); /* invalid format */ |
|
| 133 |
+ *sep='\0'; |
|
| 134 |
+ memset(user,0,usersize); |
|
| 135 |
+ strncpy(user,sesbuf,usersize); |
|
| 136 |
+ user[usersize-1]='\0'; |
|
| 137 |
+ /* position sep to authid and trim the last '\n' if it exists */ |
|
| 138 |
+ sep++; |
|
| 139 |
+ if((len=strlen(sep))>0 && sep[len-1]=='\n') |
|
| 140 |
+ sep[len-1]='\0'; |
|
| 141 |
+ /* check validity */ |
|
| 142 |
+ if(strcmp(authid,sep)!=0) |
|
| 143 |
+ return(NULL); /* authid doesn't match */ |
|
| 116 | 144 |
if(kakumei_uservalid(ka,user)!=0) |
| 117 |
- return(NULL); |
|
| 145 |
+ return(NULL); /* invalid user */ |
|
| 118 | 146 |
return(user); |
| 119 | 147 |
} |
| 120 | 148 |
|
| ... | ... |
@@ -11,7 +11,7 @@ |
| 11 | 11 |
|
| 12 | 12 |
#include "kakumei.h" |
| 13 | 13 |
|
| 14 |
-char *session_new(kakumei *ka, char *user, char *session, int sessionsize); |
|
| 15 |
-char *session_check(kakumei *ka, char *session, char *user, int usersize); |
|
| 14 |
+char *session_new(kakumei *ka, char *user, char *session, int sessionsize, char *authid, int authidsize); |
|
| 15 |
+char *session_check(kakumei *ka, char *session, char *authid, char *user, int usersize); |
|
| 16 | 16 |
int session_del(kakumei *ka, char *session); |
| 17 | 17 |
|