bool maValidateNativeCredentials(MaConn *conn, cchar *realm, cchar *user, cchar *password, cchar *requiredPassword,
char **msg)
{
MaAuth *auth;
char passbuf[MA_MAX_PASS * 2], *hashedPassword;
int len;
hashedPassword = 0;
auth = conn->request->auth;
if (auth->type == MA_AUTH_BASIC) {
mprSprintf(passbuf, sizeof(passbuf), "%s:%s:%s", user, realm, password);
len = (int) strlen(passbuf);
hashedPassword = mprGetMD5Hash(conn, passbuf, len, NULL);
password = hashedPassword;
}
if (!isUserValid(auth, realm, user)) {
*msg = "Access Denied, Unknown User.";
mprFree(hashedPassword);
return 0;
}
if (strcmp(password, requiredPassword)) {
*msg = "Access Denied, Wrong Password.";
mprFree(hashedPassword);
return 0;
}
mprFree(hashedPassword);
return 1;
}
// Function: createUser
// Input: string newUser
// Description: Takes a string and creates a new user object. This object is then added
// to a vector of valid users. A bool flag is also changed to true to tell
// the program that at least one user exists. currentUser is set to this new
// User object. VALID_USERS_FILENAME is given another string name of new User object.
void Menu::createUser(string newUser) {
userExists = true;
int checkUser = isUserValid(newUser);
ofstream outStream;
// If no user's exist or user hasn't been created
// append to the VALID_USERS_FILENAME file
outStream.open(VALID_USERS_FILENAME, ios::app);
outStream << newUser << endl;
outStream.close();
// adds the user to the valid user vector
User* new_user = new User(newUser);
validUsers.push_back(new_user);
currentUser = new_user;
cout << newUser << " has been added!" << endl;
}
// Function: promptLogin
// Input: stringUser
// Output: Displays a message to user asking them to type their name
// Description: Prompts user to end their name. Checks if this name is amoung
// valid users. If User already exists, logs on to this User. Otherwise,
// it creates a new user and pushes this to valid users.
void Menu::promptLogin() {
printValidUsers();
string stringUser;
cout << "Enter name: ";
cin >> stringUser;
int i = isUserValid(stringUser);
if(i < 0)
{ // If no users have been created = user is invalid
cout << "New user.." << endl;
createUser(stringUser);
return;
}
else if(i >= 0)
{ // If user exists
cout << "Returning user.." << endl;
currentUser = validUsers.at(i);
userExists = true;
}
}
// Function: promptAddFriend
// Input: stringUser
// Output: Displays a message to user asking them to type
// Description: Prompts user to end the name of the friend they wish to add to their
// list of friends. Checks if User is valid. If user isn't valid, will
// ask user to try again. Otherwise, will add to currentUsers friends.
// Also, adds current user to friends friendlist.
void Menu::promptAddFriend()
{
initializeValidUsers();
currentUser->printFriends();
string stringUser;
cout << "\t\nPlease enter user name: ";
cin >> stringUser;
// If user tries to add itself as a friend
if(currentUser->haveSameName(stringUser))
{
cout << "\t\nSadly, you can't add yourself as your own friend. Get a life." << endl;
return;
}
// Check if user is valid
int i = isUserValid(stringUser);
if( i == -1)
{
cout << "\t\nNot a valid user. Please try again." << endl;
return;
}
if( !currentUser->isFriendsWith(stringUser) )
{ // If valid user and not a friend of current user
currentUser->addFriend( (*(validUsers.at(i))).toString() );
// Add current user to stringUser's friend list
validUsers.at(i)->addFriend(currentUser->toString());
cout<<"\n";
cout<<"\t======================================================\n";
cout<<"\t Added "<<stringUser<<" to Friends List \n";
cout<<"\t======================================================\n";
cout<<"\n";
}
else
{
cout<< "\t\nYou are already friends with "<<stringUser<<endl;
}
}
static authn_status authn_check_otp(request_rec *r, const char *user,
const char *password)
{
apr_status_t rv;
apr_dbm_t *userDbm = NULL;
yubiauth_dir_cfg *cfg = ap_get_module_config(r->per_dir_config, &authn_yubikey_module);
apr_datum_t key,dbUserRecord;
key.dptr = NULL;
dbUserRecord.dptr = NULL;
char *lookedUpToken = NULL;
char *lookedUpPassword = NULL; //This is the OTP token
char *dbUserKey = (char *) malloc(sizeof(user));
apr_size_t passwordLength = 0;
apr_time_t lookedUpDate = 0;
/* No username and no password is set */
if (!*user || !*password)
return AUTH_DENIED;
/* Since the password field contains possibly a password and the OTP token, we
* have to break that up here
*/
passwordLength = (apr_size_t) strlen(password) - YUBIKEY_TOKEN_LENGTH;
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "Username is: %s and password is: %s", user, &password[passwordLength]);
/* Now open the User DB and see if the user really is one of us.
* for that we save the 12char token:username combo.
* Ideally we can fill that with the htpasswd utility
* NOTE: enter full password here
*/
if (!isUserValid(user, password, cfg, r)) {
return AUTH_DENIED;
}
openDb(&userDbm, cfg->tmpAuthDbFilename, r);
dbUserKey = strcpy(dbUserKey, user);
dbUserKey = getDbKey(dbUserKey, cfg, r);
key = string2datum(dbUserKey, r);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Fetching token (pw:time) for user %s from db ...", user);
rv = apr_dbm_fetch(userDbm, key, &dbUserRecord);
if (rv != APR_SUCCESS) {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, LOG_PREFIX "unable to fetch the user (%s) from the"
"Database, better abort here.", user);
closeDb(userDbm, r);
return HTTP_INTERNAL_SERVER_ERROR;
}
if (dbUserRecord.dptr != NULL) {
/* it's separated pw:time here */
const char *sep = ":";
char *time;
lookedUpToken = apr_pstrmemdup(r->pool, dbUserRecord.dptr, dbUserRecord.dsize);
/* Break down the token into it's pw:time components */
lookedUpPassword = apr_strtok(lookedUpToken, sep, &time);
lookedUpDate = (apr_time_t) apr_atoi64(time);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "We could extrace these values from the token:");
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "The looked up token for the user: %s",
user);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "The looked up password: %s",
lookedUpPassword);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "The looked up time: %" APR_TIME_T_FMT,
lookedUpDate);
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "The looked up token: %s",
lookedUpToken);
}
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r, LOG_PREFIX "Fetched token (%s) ...", lookedUpToken);
/* password has to be set, if the pw content is NULL or empty, we have
* catched that earlier ...
*/
if (lookedUpPassword != NULL && !strcmp(lookedUpPassword, &password[passwordLength])) {
/* The date expired */
if (passwordExpired(user, lookedUpDate, cfg->timeoutSeconds, r)) {
/* Delete user record */
ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_DEBUG, 0, r,
LOG_PREFIX "Remove expired entry for user : %s",
user);
deleteKeyFromDb(userDbm, user, cfg, r);
closeDb(userDbm, r);
return AUTH_DENIED;
}
else {
closeDb(userDbm, r);
return AUTH_GRANTED;
}
}
else {
int authenticationSuccessful = 0;
int ret = YUBIKEY_CLIENT_BAD_OTP;
/* We could not lookup the password, verify the sent password */
ret = yubikey_client_simple_request(&password[passwordLength], 1, 0, NULL, r);
if (ret == YUBIKEY_CLIENT_OK) {
authenticationSuccessful = 1;
} else {
ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
LOG_PREFIX "Authentication failed, reason: %s",
yubikey_client_strerror(ret));
return AUTH_DENIED;
}
/* We could successfully authenticate the user */
if (authenticationSuccessful) {
/* Try to write the user into the db */
if (setUserInDb(userDbm, user, &password[passwordLength], cfg, r)
!= APR_SUCCESS) {
/* Abort, we could not write the user into the db after
* authenticating him ...
*/
closeDb(userDbm, r);
return HTTP_INTERNAL_SERVER_ERROR;
}
/* User could be written to the db*/
closeDb(userDbm, r);
return AUTH_GRANTED;
}
/* Could not authenticate successful */
closeDb(userDbm, r);
return AUTH_DENIED;
}
/* Something went wrong or we did not think about it, better deny */
closeDb(userDbm, r);
return AUTH_DENIED;
}
