/*
* If requested via GET, serves the login page.
* If requested via POST (form submission), checks password and logs user in.
*/
static void login_handler(struct mg_connection *nc, int ev, void *p) {
struct http_message *hm = (struct http_message *) p;
if (mg_vcmp(&hm->method, "POST") != 0) {
/* Serve login.html */
mg_serve_http(nc, (struct http_message *) p, s_http_server_opts);
} else {
/* Perform password check. */
char user[50], pass[50];
int ul = mg_get_http_var(&hm->body, "user", user, sizeof(user));
int pl = mg_get_http_var(&hm->body, "pass", pass, sizeof(pass));
if (ul > 0 && pl > 0) {
if (check_pass(user, pass)) {
struct session *s = create_session(user, hm);
mg_printf(nc, "HTTP/1.0 302 Found\r\n");
set_session_cookie(nc, s);
mg_printf(nc, "Location: /\r\n");
mg_printf(nc, "\r\nHello, %s!\r\n", s->user);
fprintf(stderr, "%s logged in, sid %" INT64_X_FMT "\n", s->user, s->id);
} else {
mg_printf(nc, "HTTP/1.0 403 Unauthorized\r\n\r\nWrong password.\r\n");
}
} else {
mg_printf(nc, "HTTP/1.0 400 Bad Request\r\n\r\nuser, pass required.\r\n");
}
nc->flags |= MG_F_SEND_AND_CLOSE;
}
(void) ev;
}
void session_interface::update_exposed(bool force)
{
for(data_type::iterator p=data_.begin();p!=data_.end();++p) {
data_type::iterator p2=data_copy_.find(p->first);
if(p->second.exposed && (force || p2==data_copy_.end() || !p2->second.exposed || p->second.value!=p2->second.value)){
set_session_cookie(cookie_age(),p->second.value,p->first);
}
else if(!p->second.exposed && ((p2!=data_copy_.end() && p2->second.exposed) || force)) {
set_session_cookie(-1,"",p->first);
}
}
for(data_type::iterator p=data_copy_.begin();p!=data_copy_.end();++p) {
if(p->second.exposed && data_.find(p->first)==data_.end()) {
set_session_cookie(-1,"",p->first);
}
}
}
void session_interface::save()
{
if(storage_.get()==NULL || !loaded_ || saved_)
return;
check();
new_session_ = data_copy_.empty() && !data_.empty();
if(data_.empty()) {
if(get_session_cookie()!="")
storage_->clear(*this);
update_exposed(true);
return;
}
time_t now = time(NULL);
bool force_update=false;
if(data_==data_copy_) {
if(how_==fixed) {
return;
}
if(how_==renew || how_==browser) {
int64_t delta=now + timeout_val_ - timeout_in_;
if(delta < timeout_val_ * 0.1) {// Less then 10% -- no renew need
return;
}
}
force_update=true;
}
string ar;
save_data(data_,ar);
temp_cookie_.clear();
storage_->save(*this,ar,session_age(),new_session_,on_server_);
set_session_cookie(cookie_age(),temp_cookie_);
temp_cookie_.clear();
update_exposed(force_update);
saved_=true;
}
void session_interface::save()
{
if(storage.get()==NULL || saved)
return;
check();
new_session = data_copy.empty() && !data.empty();
if(data.empty()) {
if(get_session_cookie()!="")
storage->clear(this);
update_exposed();
return;
}
time_t now = time(NULL);
if(data==data_copy) {
if(how==fixed) {
return;
}
if(how==renew || how==browser) {
int64_t delta=now + timeout_val - timeout_in;
if(delta < timeout_val * 0.1) {// Less then 10% -- no renew need
return;
}
}
}
string ar;
save_data(data,ar);
temp_cookie.clear();
storage->save(this,ar,session_age(),new_session);
set_session_cookie(cookie_age(),temp_cookie);
temp_cookie.clear();
update_exposed();
saved=true;
}
static int validate_authentication_session(request_rec *r, modauthopenid_config *s_cfg, opkele::params_t& params, std::string& return_to) {
// make sure nonce is present
if(!params.has_param("modauthopenid.nonce"))
return show_input(r, s_cfg, modauthopenid::invalid_nonce);
modauthopenid::MoidConsumer consumer(std::string(s_cfg->db_location), params.get_param("modauthopenid.nonce"), return_to);
try {
consumer.id_res(modauthopenid::modauthopenid_message_t(params));
// if no exception raised, check nonce
if(!consumer.session_exists()) {
consumer.close();
return show_input(r, s_cfg, modauthopenid::invalid_nonce);
}
// if we should be using a user specified auth program, run it to see if user is authorized
if(s_cfg->use_auth_program) {
std::string username = consumer.get_claimed_id();
std::string progname = std::string(s_cfg->auth_program);
modauthopenid::exec_result_t eresult = modauthopenid::exec_auth(progname, username);
if(eresult != modauthopenid::id_accepted) {
std::string error = modauthopenid::exec_error_to_string(eresult, progname, username);
APERR(r, "Error in authentication: %s", error.c_str());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unauthorized);
} else {
APDEBUG(r, "Authenticated %s using %s", username.c_str(), progname.c_str());
}
}
// Make sure that identity is set to the original one given by the user (in case of delegation
// this will be different than openid_identifier GET param
std::string identity;
if (s_cfg->sso_url && s_cfg->sso_user_base) {
std::string c_identity = consumer.get_claimed_id();
if (strstr(c_identity.c_str(), s_cfg->sso_user_base) == c_identity.c_str()) {
identity = strdup(c_identity.c_str() + strlen(s_cfg->sso_user_base));
} else {
std::string error = "SSOUserBase didn't match in the identity";
APERR(r, "Error in authentication: %s", error.c_str());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unauthorized);
}
} else
identity = consumer.get_claimed_id();
consumer.kill_session();
consumer.close();
if(s_cfg->use_cookie)
return set_session_cookie(r, s_cfg, params, identity);
// if we're not setting cookie - don't redirect, just show page
APERR(r, "Setting REMOTE_USER to %s", identity.c_str());
r->user = apr_pstrdup(r->pool, identity.c_str());
return DECLINED;
} catch(opkele::exception &e) {
APERR(r, "Error in authentication: %s", e.what());
consumer.close();
return show_input(r, s_cfg, modauthopenid::unspecified);
}
};
void session_interface::clear_session_cookie()
{
check();
if(get_session_cookie()!="")
set_session_cookie(-1,"");
}