From 0621106ef3f1a469377913e31e66ac7b9886dff2 Mon Sep 17 00:00:00 2001 From: allo Date: Sun, 18 Jun 2006 12:15:26 +0000 Subject: [PATCH] git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2214 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/User.java | 3 +++ source/de/anomic/data/userDB.java | 28 ++++++++++++++------- source/de/anomic/http/httpHeader.java | 6 +++++ source/de/anomic/http/httpdFileHandler.java | 19 ++++++++------ source/de/anomic/server/serverObjects.java | 5 +++- 5 files changed, 44 insertions(+), 17 deletions(-) diff --git a/htroot/User.java b/htroot/User.java index e3091b800..46258fc83 100644 --- a/htroot/User.java +++ b/htroot/User.java @@ -162,7 +162,10 @@ public class User{ prop.put("logged-in",0); if(entry != null){ entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie + }else{ + sb.userDB.adminLogout(userDB.getLoginToken(header.getHeaderCookies())); } + //XXX: This should not be needed anymore, because of isLoggedout if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){ prop.put("AUTHENTICATE","admin log-in"); } diff --git a/source/de/anomic/data/userDB.java b/source/de/anomic/data/userDB.java index cd4567f8a..c37d99dd0 100644 --- a/source/de/anomic/data/userDB.java +++ b/source/de/anomic/data/userDB.java @@ -186,7 +186,9 @@ public final class userDB { * @param auth the http-headerline for authorisation */ public boolean hasAdminRight(String auth, String ip, String cookies){ - Entry entry=proxyAuth(auth); + Entry entry=null; + if(auth != null) + entry=proxyAuth(auth); if(entry != null && entry.hasAdminRight()) return true; entry=cookieAuth(cookies); @@ -262,16 +264,18 @@ public final class userDB { return entry; } public Entry cookieAuth(String cookieString){ - if(cookieUsers.containsKey(cookieString)){ - Object entry=cookieUsers.get(cookieString); + String token=getLoginToken(cookieString); + if(cookieUsers.containsKey(token)){ + Object entry=cookieUsers.get(token); if(entry instanceof Entry) //String would mean static Admin return (Entry)entry; } return null; } public boolean cookieAdminAuth(String cookieString){ - if(cookieUsers.containsKey(cookieString)){ - Object entry=cookieUsers.get(cookieString); + String token=getLoginToken(cookieString); + if(cookieUsers.containsKey(token)){ + Object entry=cookieUsers.get(token); if(entry instanceof String && entry.equals("admin")) return true; } @@ -301,6 +305,13 @@ public final class userDB { } return ""; } + public void adminLogout(String logintoken){ + if(cookieUsers.containsKey(logintoken)){ + //XXX: We could check, if its == "admin", but we want to logout anyway. + cookieUsers.remove(logintoken); + } + } + public class Entry { public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd"; @@ -518,10 +529,10 @@ public final class userDB { public boolean isLoggedOut(){ return (this.mem.containsKey(LOGGED_OUT)?((String)this.mem.get(LOGGED_OUT)).equals("true"):false); } - public void logout(String ip, String cookieString){ + public void logout(String ip, String logintoken){ logout(ip); - if(cookieUsers.containsKey(cookieString)){ - cookieUsers.remove(cookieString); + if(cookieUsers.containsKey(logintoken)){ + cookieUsers.remove(logintoken); } } public void logout(String ip){ @@ -535,7 +546,6 @@ public final class userDB { public void logout(){ logout("xxxxxx"); } - public String toString() { StringBuffer str = new StringBuffer(); str.append((this.userName==null)?"null":this.userName) diff --git a/source/de/anomic/http/httpHeader.java b/source/de/anomic/http/httpHeader.java index 708dce8ca..3847814d3 100644 --- a/source/de/anomic/http/httpHeader.java +++ b/source/de/anomic/http/httpHeader.java @@ -899,6 +899,12 @@ public final class httpHeader extends TreeMap implements Map { } return ""; } + public Vector getCookieVector(){ + return cookies; + } + public void setCookieVector(Vector mycookies){ + cookies=mycookies; + } /** * Returns an iterator within all properties can be reached. * Is used mainly by httpd. diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java index c655b47e1..963b529b3 100644 --- a/source/de/anomic/http/httpdFileHandler.java +++ b/source/de/anomic/http/httpdFileHandler.java @@ -316,13 +316,16 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http int pos = path.lastIndexOf("."); if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) { - // authentication required - if(authorization != null){ - //TODO: One (switchboard? httpd?) method to check it all, without too much userDB in the other classes. - if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())|| sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){ - //Authentication successful. remove brute-force flag - serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); - } + //authentication required + //userDB + if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())){ + //Authentication successful. remove brute-force flag + serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); + //static + }else if(authorization != null && sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){ + //Authentication successful. remove brute-force flag + serverCore.bfHost.remove(conProp.getProperty("CLIENTIP")); + //no auth }else if (authorization == null) { // no authorization given in response. Ask for that httpHeader headers = getDefaultHeaders(path); @@ -330,6 +333,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http //httpd.sendRespondHeader(conProp,out,httpVersion,401,headers); serverObjects tp=new serverObjects(); tp.put("returnto", path); + //TODO: separate errorpage Wrong Login / No Login httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, headers); return; } else { @@ -613,6 +617,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http if (location.length() == 0) location = path; httpHeader headers = getDefaultHeaders(path); + headers.setCookieVector(tp.getOutgoingHeader().getCookieVector()); //put the cookies into the new header TODO: can we put all headerlines, without trouble? headers.put(httpHeader.LOCATION,location); httpd.sendRespondHeader(conProp,out,httpVersion,302,headers); return; diff --git a/source/de/anomic/server/serverObjects.java b/source/de/anomic/server/serverObjects.java index 6364eeaf7..46a35a03a 100644 --- a/source/de/anomic/server/serverObjects.java +++ b/source/de/anomic/server/serverObjects.java @@ -79,7 +79,10 @@ public final class serverObjects extends Hashtable implements Cloneable { } public httpHeader getOutgoingHeader() { - return outgoingHeader; + if(outgoingHeader!=null) + return outgoingHeader; + else + return new httpHeader(); }