/* * If requested via GET, serves the login page. * If requested via POST (form submission), checks password and logs user in. */ static void login_handler(struct mg_connection *nc, int ev, void *p) { struct http_message *hm = (struct http_message *) p; if (mg_vcmp(&hm->method, "POST") != 0) { /* Serve login.html */ mg_serve_http(nc, (struct http_message *) p, s_http_server_opts); } else { /* Perform password check. */ char user[50], pass[50]; int ul = mg_get_http_var(&hm->body, "user", user, sizeof(user)); int pl = mg_get_http_var(&hm->body, "pass", pass, sizeof(pass)); if (ul > 0 && pl > 0) { if (check_pass(user, pass)) { struct session *s = create_session(user, hm); mg_printf(nc, "HTTP/1.0 302 Found\r\n"); set_session_cookie(nc, s); mg_printf(nc, "Location: /\r\n"); mg_printf(nc, "\r\nHello, %s!\r\n", s->user); fprintf(stderr, "%s logged in, sid %" INT64_X_FMT "\n", s->user, s->id); } else { mg_printf(nc, "HTTP/1.0 403 Unauthorized\r\n\r\nWrong password.\r\n"); } } else { mg_printf(nc, "HTTP/1.0 400 Bad Request\r\n\r\nuser, pass required.\r\n"); } nc->flags |= MG_F_SEND_AND_CLOSE; } (void) ev; }
void session_interface::update_exposed(bool force) { for(data_type::iterator p=data_.begin();p!=data_.end();++p) { data_type::iterator p2=data_copy_.find(p->first); if(p->second.exposed && (force || p2==data_copy_.end() || !p2->second.exposed || p->second.value!=p2->second.value)){ set_session_cookie(cookie_age(),p->second.value,p->first); } else if(!p->second.exposed && ((p2!=data_copy_.end() && p2->second.exposed) || force)) { set_session_cookie(-1,"",p->first); } } for(data_type::iterator p=data_copy_.begin();p!=data_copy_.end();++p) { if(p->second.exposed && data_.find(p->first)==data_.end()) { set_session_cookie(-1,"",p->first); } } }
void session_interface::save() { if(storage_.get()==NULL || !loaded_ || saved_) return; check(); new_session_ = data_copy_.empty() && !data_.empty(); if(data_.empty()) { if(get_session_cookie()!="") storage_->clear(*this); update_exposed(true); return; } time_t now = time(NULL); bool force_update=false; if(data_==data_copy_) { if(how_==fixed) { return; } if(how_==renew || how_==browser) { int64_t delta=now + timeout_val_ - timeout_in_; if(delta < timeout_val_ * 0.1) {// Less then 10% -- no renew need return; } } force_update=true; } string ar; save_data(data_,ar); temp_cookie_.clear(); storage_->save(*this,ar,session_age(),new_session_,on_server_); set_session_cookie(cookie_age(),temp_cookie_); temp_cookie_.clear(); update_exposed(force_update); saved_=true; }
void session_interface::save() { if(storage.get()==NULL || saved) return; check(); new_session = data_copy.empty() && !data.empty(); if(data.empty()) { if(get_session_cookie()!="") storage->clear(this); update_exposed(); return; } time_t now = time(NULL); if(data==data_copy) { if(how==fixed) { return; } if(how==renew || how==browser) { int64_t delta=now + timeout_val - timeout_in; if(delta < timeout_val * 0.1) {// Less then 10% -- no renew need return; } } } string ar; save_data(data,ar); temp_cookie.clear(); storage->save(this,ar,session_age(),new_session); set_session_cookie(cookie_age(),temp_cookie); temp_cookie.clear(); update_exposed(); saved=true; }
static int validate_authentication_session(request_rec *r, modauthopenid_config *s_cfg, opkele::params_t& params, std::string& return_to) { // make sure nonce is present if(!params.has_param("modauthopenid.nonce")) return show_input(r, s_cfg, modauthopenid::invalid_nonce); modauthopenid::MoidConsumer consumer(std::string(s_cfg->db_location), params.get_param("modauthopenid.nonce"), return_to); try { consumer.id_res(modauthopenid::modauthopenid_message_t(params)); // if no exception raised, check nonce if(!consumer.session_exists()) { consumer.close(); return show_input(r, s_cfg, modauthopenid::invalid_nonce); } // if we should be using a user specified auth program, run it to see if user is authorized if(s_cfg->use_auth_program) { std::string username = consumer.get_claimed_id(); std::string progname = std::string(s_cfg->auth_program); modauthopenid::exec_result_t eresult = modauthopenid::exec_auth(progname, username); if(eresult != modauthopenid::id_accepted) { std::string error = modauthopenid::exec_error_to_string(eresult, progname, username); APERR(r, "Error in authentication: %s", error.c_str()); consumer.close(); return show_input(r, s_cfg, modauthopenid::unauthorized); } else { APDEBUG(r, "Authenticated %s using %s", username.c_str(), progname.c_str()); } } // Make sure that identity is set to the original one given by the user (in case of delegation // this will be different than openid_identifier GET param std::string identity; if (s_cfg->sso_url && s_cfg->sso_user_base) { std::string c_identity = consumer.get_claimed_id(); if (strstr(c_identity.c_str(), s_cfg->sso_user_base) == c_identity.c_str()) { identity = strdup(c_identity.c_str() + strlen(s_cfg->sso_user_base)); } else { std::string error = "SSOUserBase didn't match in the identity"; APERR(r, "Error in authentication: %s", error.c_str()); consumer.close(); return show_input(r, s_cfg, modauthopenid::unauthorized); } } else identity = consumer.get_claimed_id(); consumer.kill_session(); consumer.close(); if(s_cfg->use_cookie) return set_session_cookie(r, s_cfg, params, identity); // if we're not setting cookie - don't redirect, just show page APERR(r, "Setting REMOTE_USER to %s", identity.c_str()); r->user = apr_pstrdup(r->pool, identity.c_str()); return DECLINED; } catch(opkele::exception &e) { APERR(r, "Error in authentication: %s", e.what()); consumer.close(); return show_input(r, s_cfg, modauthopenid::unspecified); } };
void session_interface::clear_session_cookie() { check(); if(get_session_cookie()!="") set_session_cookie(-1,""); }