/*
* /logout/
*
* HTML is in templates/logout.tmpl
*
* Clean up a users session. Remove their entry from the sessions db and
* set the session_id browser cookie to expired.
*/
static void logout(void)
{
TCTDB *tdb;
TDBQRY *qry;
TCLIST *res;
int rsize;
const char *rbuf;
tdb = tctdbnew();
tctdbopen(tdb, SESSION_DB, TDBOWRITER);
qry = tctdbqrynew(tdb);
tctdbqryaddcond(qry, "session_id", TDBQCSTREQ,
user_session.session_id);
res = tctdbqrysearch(qry);
rbuf = tclistval(res, 0, &rsize);
tctdbout(tdb, rbuf, strlen(rbuf));
tclistdel(res);
tctdbqrydel(qry);
tctdbclose(tdb);
tctdbdel(tdb);
/* Immediately expire the session cookies */
printf("Set-Cookie: session_id=deleted; "
"expires=Thu, 01 Jan 1970 00:00:01 GMT; "
"path=/; httponly\r\n");
send_template("templates/logout.tmpl", NULL, NULL);
}
/* perform out command */
static int procout(const char *path, const char *pkbuf, int pksiz, int omode){
TCTDB *tdb = tctdbnew();
if(g_dbgfd != INVALID_HANDLE_VALUE) tctdbsetdbgfd(tdb, g_dbgfd);
if(!tctdbsetcodecfunc(tdb, _tc_recencode, NULL, _tc_recdecode, NULL)) printerr(tdb);
if(!tctdbopen(tdb, path, TDBOWRITER | omode)){
printerr(tdb);
tctdbdel(tdb);
return 1;
}
bool err = false;
if(!tctdbout(tdb, pkbuf, pksiz)){
printerr(tdb);
err = true;
}
if(!tctdbclose(tdb)){
if(!err) printerr(tdb);
err = true;
}
tctdbdel(tdb);
return err ? 1 : 0;
}
/*
* Sets up the user_session structure. This contains various bits of
* information pertaining to the users session.
*/
void set_user_session(void)
{
TCTDB *tdb;
TDBQRY *qry;
TCLIST *res;
TCMAP *cols;
int rsize;
int primary_key_size;
char pkbuf[256];
char session_id[SID_LEN + 1];
char login_at[21];
char last_seen[21];
char uid[11];
char sid[21];
char restrict_ip[2];
char capabilities[4];
char user_hdr[1025];
char *xss_string;
const char *rbuf;
/*
* Don't assume the order we get the cookies back is the
* same order as we sent them.
*/
if (strncmp(env_vars.http_cookie, "session_id", 10) == 0)
snprintf(session_id, sizeof(session_id), "%s",
env_vars.http_cookie + 11);
else
snprintf(session_id, sizeof(session_id), "%s",
env_vars.http_cookie + 88);
tdb = tctdbnew();
tctdbopen(tdb, SESSION_DB, TDBOREADER | TDBOWRITER);
/* Get the users stored session */
qry = tctdbqrynew(tdb);
tctdbqryaddcond(qry, "session_id", TDBQCSTREQ, session_id);
res = tctdbqrysearch(qry);
rbuf = tclistval(res, 0, &rsize);
cols = tctdbget(tdb, rbuf, rsize);
tcmapiterinit(cols);
memset(&user_session, 0, sizeof(user_session));
snprintf(user_session.tenant, sizeof(user_session.tenant), "%s",
tcmapget2(cols, "tenant"));
user_session.sid = strtoull(tcmapget2(cols, "sid"), NULL, 10);
user_session.uid = atoi(tcmapget2(cols, "uid"));
user_session.username = strdup(tcmapget2(cols, "username"));
user_session.name = strdup(tcmapget2(cols, "name"));
user_session.login_at = atol(tcmapget2(cols, "login_at"));
user_session.last_seen = time(NULL);
snprintf(user_session.origin_ip, sizeof(user_session.origin_ip), "%s",
tcmapget2(cols, "origin_ip"));
user_session.client_id = strdup(tcmapget2(cols, "client_id"));
snprintf(user_session.session_id, sizeof(user_session.session_id),
"%s", tcmapget2(cols, "session_id"));
snprintf(user_session.csrf_token, sizeof(user_session.csrf_token),
"%s", tcmapget2(cols, "csrf_token"));
user_session.restrict_ip = atoi(tcmapget2(cols, "restrict_ip"));
user_session.capabilities = atoi(tcmapget2(cols, "capabilities"));
tcmapdel(cols);
tclistdel(res);
tctdbqrydel(qry);
/*
* Set the user header banner, which displays the users name, uid and
* whether they are an Approver and or Admin.
*/
xss_string = xss_safe_string(user_session.name);
snprintf(user_hdr, sizeof(user_hdr), "<big><big> %s</big></big><small>"
"<span class = \"lighter\"> (%d) </span>"
"</small>", xss_string, user_session.uid);
free(xss_string);
if (IS_APPROVER() && IS_ADMIN())
strncat(user_hdr, "<span class = \"t_red\">(Approver / Admin)"
"</span>", 1024 - strlen(user_hdr));
else if (IS_APPROVER())
strncat(user_hdr, "<span class = \"t_red\">(Approver)"
"</span>", 1024 - strlen(user_hdr));
else if (IS_ADMIN())
strncat(user_hdr, "<span class = \"t_red\">(Admin)"
"</span>", 1024 - strlen(user_hdr));
strncat(user_hdr, " ", 1024 - strlen(user_hdr));
user_session.user_hdr = strdup(user_hdr);
/*
* We want to update the last_seen timestamp in the users session.
* This entails removing the old session first then storing the new
* updated session.
*/
qry = tctdbqrynew(tdb);
tctdbqryaddcond(qry, "session_id", TDBQCSTREQ, session_id);
res = tctdbqrysearch(qry);
rbuf = tclistval(res, 0, &rsize);
tctdbout(tdb, rbuf, strlen(rbuf));
tclistdel(res);
tctdbqrydel(qry);
primary_key_size = sprintf(pkbuf, "%ld", (long)tctdbgenuid(tdb));
snprintf(login_at, sizeof(login_at), "%ld", user_session.login_at);
snprintf(last_seen, sizeof(last_seen), "%ld",
user_session.last_seen);
snprintf(uid, sizeof(uid), "%u", user_session.uid);
snprintf(sid, sizeof(sid), "%llu", user_session.sid);
snprintf(restrict_ip, sizeof(restrict_ip), "%d",
user_session.restrict_ip);
snprintf(capabilities, sizeof(capabilities), "%d",
user_session.capabilities);
cols = tcmapnew3("tenant", user_session.tenant,
"sid", sid,
"uid", uid,
"username", user_session.username,
"name", user_session.name,
"login_at", login_at,
"last_seen", last_seen,
"origin_ip", user_session.origin_ip,
"client_id", user_session.client_id,
"session_id", user_session.session_id,
"csrf_token", user_session.csrf_token,
"restrict_ip", restrict_ip,
"capabilities", capabilities,
NULL);
tctdbput(tdb, pkbuf, primary_key_size, cols);
tcmapdel(cols);
tctdbclose(tdb);
tctdbdel(tdb);
}
