/* * /logout/ * * HTML is in templates/logout.tmpl * * Clean up a users session. Remove their entry from the sessions db and * set the session_id browser cookie to expired. */ static void logout(void) { TCTDB *tdb; TDBQRY *qry; TCLIST *res; int rsize; const char *rbuf; tdb = tctdbnew(); tctdbopen(tdb, SESSION_DB, TDBOWRITER); qry = tctdbqrynew(tdb); tctdbqryaddcond(qry, "session_id", TDBQCSTREQ, user_session.session_id); res = tctdbqrysearch(qry); rbuf = tclistval(res, 0, &rsize); tctdbout(tdb, rbuf, strlen(rbuf)); tclistdel(res); tctdbqrydel(qry); tctdbclose(tdb); tctdbdel(tdb); /* Immediately expire the session cookies */ printf("Set-Cookie: session_id=deleted; " "expires=Thu, 01 Jan 1970 00:00:01 GMT; " "path=/; httponly\r\n"); send_template("templates/logout.tmpl", NULL, NULL); }
/* perform out command */ static int procout(const char *path, const char *pkbuf, int pksiz, int omode){ TCTDB *tdb = tctdbnew(); if(g_dbgfd != INVALID_HANDLE_VALUE) tctdbsetdbgfd(tdb, g_dbgfd); if(!tctdbsetcodecfunc(tdb, _tc_recencode, NULL, _tc_recdecode, NULL)) printerr(tdb); if(!tctdbopen(tdb, path, TDBOWRITER | omode)){ printerr(tdb); tctdbdel(tdb); return 1; } bool err = false; if(!tctdbout(tdb, pkbuf, pksiz)){ printerr(tdb); err = true; } if(!tctdbclose(tdb)){ if(!err) printerr(tdb); err = true; } tctdbdel(tdb); return err ? 1 : 0; }
/* * Sets up the user_session structure. This contains various bits of * information pertaining to the users session. */ void set_user_session(void) { TCTDB *tdb; TDBQRY *qry; TCLIST *res; TCMAP *cols; int rsize; int primary_key_size; char pkbuf[256]; char session_id[SID_LEN + 1]; char login_at[21]; char last_seen[21]; char uid[11]; char sid[21]; char restrict_ip[2]; char capabilities[4]; char user_hdr[1025]; char *xss_string; const char *rbuf; /* * Don't assume the order we get the cookies back is the * same order as we sent them. */ if (strncmp(env_vars.http_cookie, "session_id", 10) == 0) snprintf(session_id, sizeof(session_id), "%s", env_vars.http_cookie + 11); else snprintf(session_id, sizeof(session_id), "%s", env_vars.http_cookie + 88); tdb = tctdbnew(); tctdbopen(tdb, SESSION_DB, TDBOREADER | TDBOWRITER); /* Get the users stored session */ qry = tctdbqrynew(tdb); tctdbqryaddcond(qry, "session_id", TDBQCSTREQ, session_id); res = tctdbqrysearch(qry); rbuf = tclistval(res, 0, &rsize); cols = tctdbget(tdb, rbuf, rsize); tcmapiterinit(cols); memset(&user_session, 0, sizeof(user_session)); snprintf(user_session.tenant, sizeof(user_session.tenant), "%s", tcmapget2(cols, "tenant")); user_session.sid = strtoull(tcmapget2(cols, "sid"), NULL, 10); user_session.uid = atoi(tcmapget2(cols, "uid")); user_session.username = strdup(tcmapget2(cols, "username")); user_session.name = strdup(tcmapget2(cols, "name")); user_session.login_at = atol(tcmapget2(cols, "login_at")); user_session.last_seen = time(NULL); snprintf(user_session.origin_ip, sizeof(user_session.origin_ip), "%s", tcmapget2(cols, "origin_ip")); user_session.client_id = strdup(tcmapget2(cols, "client_id")); snprintf(user_session.session_id, sizeof(user_session.session_id), "%s", tcmapget2(cols, "session_id")); snprintf(user_session.csrf_token, sizeof(user_session.csrf_token), "%s", tcmapget2(cols, "csrf_token")); user_session.restrict_ip = atoi(tcmapget2(cols, "restrict_ip")); user_session.capabilities = atoi(tcmapget2(cols, "capabilities")); tcmapdel(cols); tclistdel(res); tctdbqrydel(qry); /* * Set the user header banner, which displays the users name, uid and * whether they are an Approver and or Admin. */ xss_string = xss_safe_string(user_session.name); snprintf(user_hdr, sizeof(user_hdr), "<big><big> %s</big></big><small>" "<span class = \"lighter\"> (%d) </span>" "</small>", xss_string, user_session.uid); free(xss_string); if (IS_APPROVER() && IS_ADMIN()) strncat(user_hdr, "<span class = \"t_red\">(Approver / Admin)" "</span>", 1024 - strlen(user_hdr)); else if (IS_APPROVER()) strncat(user_hdr, "<span class = \"t_red\">(Approver)" "</span>", 1024 - strlen(user_hdr)); else if (IS_ADMIN()) strncat(user_hdr, "<span class = \"t_red\">(Admin)" "</span>", 1024 - strlen(user_hdr)); strncat(user_hdr, " ", 1024 - strlen(user_hdr)); user_session.user_hdr = strdup(user_hdr); /* * We want to update the last_seen timestamp in the users session. * This entails removing the old session first then storing the new * updated session. */ qry = tctdbqrynew(tdb); tctdbqryaddcond(qry, "session_id", TDBQCSTREQ, session_id); res = tctdbqrysearch(qry); rbuf = tclistval(res, 0, &rsize); tctdbout(tdb, rbuf, strlen(rbuf)); tclistdel(res); tctdbqrydel(qry); primary_key_size = sprintf(pkbuf, "%ld", (long)tctdbgenuid(tdb)); snprintf(login_at, sizeof(login_at), "%ld", user_session.login_at); snprintf(last_seen, sizeof(last_seen), "%ld", user_session.last_seen); snprintf(uid, sizeof(uid), "%u", user_session.uid); snprintf(sid, sizeof(sid), "%llu", user_session.sid); snprintf(restrict_ip, sizeof(restrict_ip), "%d", user_session.restrict_ip); snprintf(capabilities, sizeof(capabilities), "%d", user_session.capabilities); cols = tcmapnew3("tenant", user_session.tenant, "sid", sid, "uid", uid, "username", user_session.username, "name", user_session.name, "login_at", login_at, "last_seen", last_seen, "origin_ip", user_session.origin_ip, "client_id", user_session.client_id, "session_id", user_session.session_id, "csrf_token", user_session.csrf_token, "restrict_ip", restrict_ip, "capabilities", capabilities, NULL); tctdbput(tdb, pkbuf, primary_key_size, cols); tcmapdel(cols); tctdbclose(tdb); tctdbdel(tdb); }