bool IHomeSession:: Auth(Request *req,int sock)
{
TiXmlString user;
TiXmlString pass;
char passwd[33];
if(!TinyXPath::o_xpath_string(root,"/REQUEST/USER/text()",user) || !TinyXPath::o_xpath_string(root,"/REQUEST/PASS/text()",pass))
{
SendResponse(req,ERR_USER_PASS,sock);
return false;
}
const char *ptr = config.GetKeyValue("password");
int len = strlen(ptr);
MD5Encode((void *)ptr,len,passwd);
if(strcmp(user.c_str(),config.GetKeyValue("username")) == 0 && strcmp(pass.c_str(),passwd) == 0)
{
authOK = true;
SendResponse(req,RESPONSE_OK,sock);
log.Log("SES",DEBUG,"User %s login success %d",user.c_str(),sock);
return true;
//发送一个成功的应答
}
//发送一个认证失败
SendResponse(req,1,sock);
log.Log("SES",DEBUG,"User %s login failed",user.c_str());
return true;
}
void load_user()
{
ifstream f;
int tmp, i;
f.open("user.txt");
if (!f)
{
User new_user;
new_user.id = 0;
new_user.username = "******";
char *passwd = "admin";
new_user.password = MD5Encode(passwd);
user.clear();
user.push_back(new_user);
username_id = 0;
save_user();
}
else
{
f >> tmp;
for (i = 0; i < tmp; i++)
{
User new_user;
f >> new_user.id >> new_user.username >> new_user.password;
user.push_back(new_user);
}
}
f.close();
}
//3. 修改配置项
bool SConfig::ModifyKey(const char *key, const char *value)
{
log.Log("SConfig::ModifyKey",COMMON,"修改配置项");
ConfigNode *p = head->next;
char passwd[32];
while(p)
{
if(strncmp(key,p->key,strlen(p->key)) == 0)
{
memset(p->value,0,sizeof(p->value));
if(strcmp(key,"passwd")==0)
{
MD5Encode((void *)value,strlen(value),passwd);
strcpy(p->value,passwd);
}
else
{
strcpy(p->value,value);
}
log.Log("SConfig::ModifyKey",COMMON,"修改配置项成功");
return true;
}
p = p->next;
}
log.Log("SConfig::ModifyKey",WARNING,"修改配置项失败");
return false;
}
/*
* AddPassword: Prompts the user for a password
* and adds the entry in the file
* user:crpytofpassword:md5hash(user:realm:password)
*/
static void AddPassword(char *user, char* realm, FILE *f)
{
char *pw, *crpw, cpw[120], salt[9], *dpw;
int len = 0, i = 0, crpwLen = 0;
char *checkw;
pw = CopyString((char *) getpass("New password:"******"Password cannot be blank, sorry.\n");
delete(checkw);
CleanupAndExit();
}
delete(checkw);
if (strcmp(pw, (char *) getpass("Re-type new password:"******"They don't match, sorry.\n");
CleanupAndExit();
}
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
#ifdef __Win32__
MD5Encode((char *)pw, (char *)salt, cpw, sizeof(cpw));
#else
crpw = (char *)crypt(pw, salt); // cpw is crypt of password
crpwLen = ::strlen(crpw);
strncpy(cpw, crpw, crpwLen);
cpw[crpwLen] = '\0';
#endif
dpw = (char *)Digest(user, pw, realm); // dpw is digest of password
qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw);
free(pw); // Do after cpw and dpw are used.
}
int check_user(string username, string password)
{
for (auto tmp : user)
{
char *passwd = new char[255];
int i;
for (i = 0; i <= password.length(); i++)
passwd[i] = password[i];
passwd[i] = '\0';
if (tmp.username == username && tmp.password == MD5Encode(passwd))
{
username_id = tmp.id;
return 1;
}
}
return 0;
}
/*
* AddPasswordWithoutPrompt: Adds the entry in the file
* user:crpytofpassword:md5hash(user:realm:password)
*/
static void AddPasswordWithoutPrompt(char *user, char* password, char* realm, FILE *f)
{
char salt[9];
(void) srand((int) time((time_t *) NULL));
to64(&salt[0], rand(), 8);
salt[8] = '\0';
char cpw[120], *dpw;
int crpwLen = 0;
#ifdef __Win32__
MD5Encode((char *)password, (char *)salt, cpw, sizeof(cpw));
#else
char *crpw = (char *)crypt(password, salt); // cpw is crypt of password
crpwLen = ::strlen(crpw);
strncpy(cpw, crpw, crpwLen);
cpw[crpwLen] = '\0';
#endif
dpw = (char *)Digest(user, password, realm); // dpw is digest of password
qtss_fprintf(f, "%s:%s:%s\n", user, cpw, dpw);
}
//----------------------------------------------------------------------------------------------------------------//
//-------------------------------------------------处理特定字符---------------------------------------------------//
//----------------------------------------------------------------------------------------------------------------//
std::string SM::HandleSecret()
{
ZBase64 ecode;
int OutPut = 0;
std::string Secret = "d3d3LjEwMDByZS5jb20=";
Secret = ecode.Decode(Secret.c_str(), Secret.length(), OutPut);
Secret = MD5Encode((char*)Secret.c_str());
/*int len = Secret.length();
char* p = (char*)Secret.c_str();
std::string res("");
for(int idx = 0; idx < len; ++idx)
{
if(*p == '\')
{
res += "\\";
}
else
{
res += *p;
}
}*/
return Secret;
}
Bool16 Authenticate(QTSS_RTSPRequestObject request, StrPtrLen* namePtr, StrPtrLen* passwordPtr)
{
Bool16 authenticated = true;
char* authName = namePtr->GetAsCString();
OSCharArrayDeleter authNameDeleter(authName);
QTSS_ActionFlags authAction = qtssActionFlagsAdmin;
// authenticate callback to retrieve the password
QTSS_Error err = QTSS_Authenticate(authName, sAuthResourceLocalPath, sAuthResourceLocalPath, authAction, qtssAuthBasic, request);
if (err != QTSS_NoErr) {
return false; // Couldn't even call QTSS_Authenticate...abandon!
}
// Get the user profile object from the request object that was created in the authenticate callback
QTSS_UserProfileObject theUserProfile = NULL;
UInt32 len = sizeof(QTSS_UserProfileObject);
err = QTSS_GetValue(request, qtssRTSPReqUserProfile, 0, (void*)&theUserProfile, &len);
Assert(len == sizeof(QTSS_UserProfileObject));
if (err != QTSS_NoErr)
authenticated = false;
if(err == QTSS_NoErr) {
char* reqPassword = passwordPtr->GetAsCString();
OSCharArrayDeleter reqPasswordDeleter(reqPassword);
char* userPassword = NULL;
(void) QTSS_GetValueAsString(theUserProfile, qtssUserPassword, 0, &userPassword);
OSCharArrayDeleter userPasswordDeleter(userPassword);
if(userPassword == NULL) {
authenticated = false;
}
else {
#ifdef __Win32__
// The password is md5 encoded for win32
char md5EncodeResult[120];
MD5Encode(reqPassword, userPassword, md5EncodeResult, sizeof(md5EncodeResult));
if(::strcmp(userPassword, md5EncodeResult) != 0)
authenticated = false;
#else
if(::strcmp(userPassword, (char*)crypt(reqPassword, userPassword)) != 0)
authenticated = false;
#endif
}
}
char* realm = NULL;
Bool16 allowed = true;
//authorize callback to check authorization
// allocates memory for realm
err = QTSS_Authorize(request, &realm, &allowed);
// QTSS_Authorize allocates memory for the realm string
// we don't use the realm returned by the callback, but instead
// use our own.
// delete the memory allocated for realm because we don't need it!
OSCharArrayDeleter realmDeleter(realm);
if(err != QTSS_NoErr) {
qtss_printf("QTSSAdminModule::Authenticate: QTSS_Authorize failed\n");
return false; // Couldn't even call QTSS_Authorize...abandon!
}
if(authenticated && allowed)
return true;
return false;
}
//----------------------------------------------------------------------------------------------------------------//
//------------------------------------------------获取MAC地址-----------------------------------------------------//
//----------------------------------------------------------------------------------------------------------------//
std::string SM::GetMacCode()
{
/*IP_ADAPTER_INFO adapter[5]; //Maximum 5 adapters
DWORD buflen=sizeof(adapter);
DWORD status=GetAdaptersInfo(adapter,&buflen);
BYTE s[8];
if(status==ERROR_SUCCESS)
{
PIP_ADAPTER_INFO painfo=adapter;
memcpy(s,painfo->Address,6);
}
char mac_addr[18];
sprintf(mac_addr,"%02X-%02X-%02X-%02X-%02X-%02X",s[0],s[1],s[2],s[3],s[4],s[5]);
return mac_addr; */
std::string Temp;
//PIP_ADAPTER_INFO结构体指针存储本机网卡信息
PIP_ADAPTER_INFO pIpAdapterInfo = new IP_ADAPTER_INFO();
//得到结构体大小,用于GetAdaptersInfo参数
unsigned long stSize = sizeof(IP_ADAPTER_INFO);
//调用GetAdaptersInfo函数,填充pIpAdapterInfo指针变量;其中stSize参数既是一个输入量也是一个输出量
int nRel = GetAdaptersInfo(pIpAdapterInfo,&stSize);
//记录网卡数量
int netCardNum = 0;
//记录每张网卡上的IP地址数量
int IPnumPerNetCard = 0;
if (ERROR_BUFFER_OVERFLOW == nRel)
{
//如果函数返回的是ERROR_BUFFER_OVERFLOW
//则说明GetAdaptersInfo参数传递的内存空间不够,同时其传出stSize,表示需要的空间大小
//这也是说明为什么stSize既是一个输入量也是一个输出量
//释放原来的内存空间
delete pIpAdapterInfo;
//重新申请内存空间用来存储所有网卡信息
pIpAdapterInfo = (PIP_ADAPTER_INFO)new BYTE[stSize];
//再次调用GetAdaptersInfo函数,填充pIpAdapterInfo指针变量
nRel=GetAdaptersInfo(pIpAdapterInfo,&stSize);
}
if (ERROR_SUCCESS == nRel)
{
//输出网卡信息
//可能有多网卡,因此通过循环去判断
while (pIpAdapterInfo)
{
/* std::cout<<"网卡数量:"<<++netCardNum<<std::endl;
std::cout<<"网卡名称:"<<pIpAdapterInfo->AdapterName<<std::endl;
std::cout<<"网卡描述:"<<pIpAdapterInfo->Description<<std::endl;
switch(pIpAdapterInfo->Type)
{
case MIB_IF_TYPE_OTHER:
std::cout<<"网卡类型:"<<"OTHER"<<std::endl;
break;
case MIB_IF_TYPE_ETHERNET:
std::cout<<"网卡类型:"<<"ETHERNET"<<std::endl;
break;
case MIB_IF_TYPE_TOKENRING:
std::cout<<"网卡类型:"<<"TOKENRING"<<std::endl;
break;
case MIB_IF_TYPE_FDDI:
std::cout<<"网卡类型:"<<"FDDI"<<std::endl;
break;
case MIB_IF_TYPE_PPP:
printf("PP\n");
std::cout<<"网卡类型:"<<"PPP"<<std::endl;
break;
case MIB_IF_TYPE_LOOPBACK:
std::cout<<"网卡类型:"<<"LOOPBACK"<<std::endl;
break;
case MIB_IF_TYPE_SLIP:
std::cout<<"网卡类型:"<<"SLIP"<<std::endl;
break;
default:
break;
}*/
//std::cout<<"网卡MAC地址:";
//for (DWORD i = 0; i < pIpAdapterInfo->AddressLength; i++)
/*if (i < pIpAdapterInfo->AddressLength-1)
{
printf("%02X-", pIpAdapterInfo->Address[i]);
}
else
{
printf("%02X\n", pIpAdapterInfo->Address[i]);
}*/
char mac_addr[18];
sprintf(mac_addr,"%02X%02X%02X%02X%02X%02X",pIpAdapterInfo->Address[0],pIpAdapterInfo->Address[1],pIpAdapterInfo->Address[2],pIpAdapterInfo->Address[3],pIpAdapterInfo->Address[4],pIpAdapterInfo->Address[5]);
Temp = Temp + (mac_addr);
//std::count<<ss<<std::endl;
//std::cout<<"网卡IP地址如下:"<<std::endl;
//可能网卡有多IP,因此通过循环去判断
//IP_ADDR_STRING *pIpAddrString =&(pIpAdapterInfo->IpAddressList);
/* do
{
std::cout<<"该网卡上的IP数量:"<<++IPnumPerNetCard<<std::endl;
std::cout<<"IP 地址:"<<pIpAddrString->IpAddress.String<<std::endl;
std::cout<<"子网地址:"<<pIpAddrString->IpMask.String<<std::endl;
std::cout<<"网关地址:"<<pIpAdapterInfo->GatewayList.IpAddress.String<<std::endl;
pIpAddrString=pIpAddrString->Next;
} while (pIpAddrString);*/
pIpAdapterInfo = pIpAdapterInfo->Next;
//std::cout<<"--------------------------------------------------------------------"<<std::endl;
}
}
//释放内存空间
if (pIpAdapterInfo)
{
delete pIpAdapterInfo;
}
//取数处理
Temp = MD5Encode((char*)Temp.c_str());
Temp = Temp.assign(Temp, 0 ,8);
return Temp;
}
void add_user(string command)
{
stringstream command_stream(command);
string subcommand, username, password, c_password;
command_stream >> subcommand;
command_stream >> username;
int i = 0;
if (username_id != 0)
{
cout << "You don't have permission to create a user" << endl;
return;
}
if (user.size() == 8)
{
cout << "User full" << endl;
return;
}
while (i < 3)
{
cout << "password:"******"retype password:"******"Sorry, passwords do not match." << endl;
i++;
}
else
break;
}
if (i == 3)
{
cout << "Have exhausted maximum number of retries for service." << endl;
return;
}
User new_user;
new_user.id = user.size();
new_user.username = username;
char *passwd = new char[255];
for (i = 0; i <= password.length(); i++)
passwd[i] = password[i];
passwd[i] = '\0';
new_user.password = MD5Encode(passwd);
user.push_back(new_user);
cout << "user " << username << " add successfully" << endl;
save_user();
}
void change_password(string command)
{
stringstream command_stream(command);
string subcommand, username, password, c_password;
command_stream >> subcommand;
command_stream >> username;
int j = 0;
int num;
for (num = 0; num < user.size(); num++)
{
if (user[num].username == username)
break;
}
if (num == user.size())
{
cout << "Username no fount" << endl;
return;
}
if (username_id != 0 && username_id != num)
{
cout << "You can't change other's password" << endl;
return;
}
int i = 0;
while (i < 3)
{
cout << "password:"******"retype password:"******"Sorry, passwords do not match." << endl;
i++;
}
else
break;
}
if (i == 3)
{
cout << "Have exhausted maximum number of retries for service." << endl;
return;
}
char *passwd = new char[255];
for (i = 0; i <= password.length(); i++)
passwd[i] = password[i];
passwd[i] = '\0';
user[num].password = MD5Encode(passwd);
save_user();
cout << "password changed successfully" << endl;
}
void delete_user(string command)
{
if (username_id != 0)
{
cout << "You don't have permission to delete user" << endl;
return;
}
stringstream command_stream(command);
string subcommand, username, password;
command_stream >> subcommand;
command_stream >> username;
int j = 0;
if (username == "admin")
{
cout << "You can't delete admin user" << endl;
return;
}
int num;
for (num = 0; num < user.size(); num++)
{
if (user[num].username == username)
break;
}
if (num == user.size())
{
cout << "Username no fount" << endl;
return;
}
while (j < 3)
{
cout << "Please enter admin password to confirm:";
char t;
while ((t = _getch()) != '\r')
{
if (t == '\b')
{
password = password.substr(0, password.length() - 1);
}
else
password += t;
}
cout << endl;
char *passwd = new char[255];
int i;
for (i = 0; i <= password.length(); i++)
passwd[i] = password[i];
passwd[i] = '\0';
if (user[username_id].password == MD5Encode(passwd))
break;
cout << "Password error. ";
j++;
}
if (j == 3)
{
cout << "Have exhausted maximum number of retries for service." << endl;
return;
}
vector<User>::iterator it;
it = user.begin() + num;
user.erase(it);
save_user();
cout << "User " << username << " delete successfully" << endl;
}
