// checks whether the combination // of the username and password is correct void paswd(char **params, short *abor, int fd, struct state *cstate, struct config *configuration) { if (cstate->logged) { respond(fd, 5, 0, 3, "User already logged in."); return; } // wrong order if (cstate->user == NULL) { respond(fd, 5, 0, 3, "Need username before password."); return; } char correct_passwd[USER_LENGTH]; // error occured... if (lookupUser(configuration->user_db, cstate->user, correct_passwd, USER_LENGTH) == -1) { respond(fd, 4, 5, 1, "Internal server error."); return; } // password is OK if (strcmp(params[0], correct_passwd) == 0) { respond(fd, 2, 3, 0, "User logged in."); cstate->logged = 1; return; } // wrong password char str[USER_LENGTH]; snprintf(str, USER_LENGTH, "User %s failed to login: Wrong password.", cstate->user); respond(fd, 4, 0, 0, "Wrong password."); }
bool AuthorizationSession::isAuthorizedToChangeOwnCustomDataAsUser(const UserName& userName) { User* user = lookupUser(userName); if (!user) { return false; } ResourcePattern resourceSearchList[resourceSearchListCapacity]; const int resourceSearchListLength = buildResourceSearchList(ResourcePattern::forClusterResource(), resourceSearchList); ActionSet actions; for (int i = 0; i < resourceSearchListLength; ++i) { actions.addAllActionsFromSet(user->getActionsForResource(resourceSearchList[i])); } return actions.contains(ActionType::changeOwnCustomData); }
// interprets the user command; // try to find the username in the database, // forces the next command to be PASS void user(char **params, short *abor, int fd, struct state *cstate, struct config *configuration) { if (params[0] == NULL) { respond(fd, 5, 0, 4, "Require username."); return; } switch (lookupUser(configuration->user_db, params[0], NULL, 0)) { // some error occured while reading the database case -1: respond(fd, 4, 5, 1, "Internal server error."); return; break; // user exists case 0: respond(fd, 3, 3, 1, "OK, awaiting password."); break; // user does not exist case 1: respond(fd, 4, 3, 0, "Unknown user."); return; break; } // waits for the next command and check if it is PASS struct cmd psswd; readCmd(fd, &psswd); if (strcasecmp(psswd.name, "PASS") != 0) { respond(fd, 5, 0, 3, "Bad command sequence."); return; } // sets the username and initial path strcpy(cstate->user, params[0]); (*cstate->path) = '/'; (*(cstate->path + 1)) = 0; cstate->logged = 0; executeCmd(&psswd, NULL, fd, cstate, configuration); }