git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2214 6c8d7289-2bf4-0310-a012-ef5d649a1542

19 years ago · 0621106ef3
parent 11951aed41
commit 0621106ef3
5 changed files with 44 additions and 17 deletions
--- a/htroot/User.java
+++ b/htroot/User.java
@ -162,7 +162,10 @@ public class User{
            prop.put("logged-in",0);
            if(entry != null){
                entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie
            }else{
                sb.userDB.adminLogout(userDB.getLoginToken(header.getHeaderCookies()));
            }
            //XXX: This should not be needed anymore, because of isLoggedout
            if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
                prop.put("AUTHENTICATE","admin log-in");
            }
--- a/source/de/anomic/data/userDB.java
+++ b/source/de/anomic/data/userDB.java
@ -186,7 +186,9 @@ public final class userDB {
     * @param auth the http-headerline for authorisation
     */
    public boolean hasAdminRight(String auth, String ip, String cookies){
-        Entry entry=proxyAuth(auth);
+        Entry entry=null;
        if(auth != null)
            entry=proxyAuth(auth);
        if(entry != null && entry.hasAdminRight())
            return true;
        entry=cookieAuth(cookies);
@ -262,16 +264,18 @@ public final class userDB {
        return entry;
    }
    public Entry cookieAuth(String cookieString){
-        if(cookieUsers.containsKey(cookieString)){
+        String token=getLoginToken(cookieString);
-            Object entry=cookieUsers.get(cookieString);
+        if(cookieUsers.containsKey(token)){
            Object entry=cookieUsers.get(token);
            if(entry instanceof Entry) //String would mean static Admin
                return (Entry)entry;
        }
        return null;
    }
    public boolean cookieAdminAuth(String cookieString){
-        if(cookieUsers.containsKey(cookieString)){
+        String token=getLoginToken(cookieString);
-            Object entry=cookieUsers.get(cookieString);
+        if(cookieUsers.containsKey(token)){
            Object entry=cookieUsers.get(token);
            if(entry instanceof String && entry.equals("admin"))
                return true;
        }
@ -301,6 +305,13 @@ public final class userDB {
        }
        return "";
    }
    public void adminLogout(String logintoken){
        if(cookieUsers.containsKey(logintoken)){
            //XXX: We could check, if its == "admin", but we want to logout anyway.
            cookieUsers.remove(logintoken);
        }
    }
    public class Entry {
        public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd";
@ -518,10 +529,10 @@ public final class userDB {
        public boolean isLoggedOut(){
        	   return (this.mem.containsKey(LOGGED_OUT)?((String)this.mem.get(LOGGED_OUT)).equals("true"):false);
        }
-        public void logout(String ip, String cookieString){
+        public void logout(String ip, String logintoken){
            logout(ip);
-            if(cookieUsers.containsKey(cookieString)){
+            if(cookieUsers.containsKey(logintoken)){
-                cookieUsers.remove(cookieString);
+                cookieUsers.remove(logintoken);
            }
        }
        public void logout(String ip){
@ -535,7 +546,6 @@ public final class userDB {
        public void logout(){
        		logout("xxxxxx");
        }
        public String toString() {
            StringBuffer str = new StringBuffer();
            str.append((this.userName==null)?"null":this.userName)
--- a/source/de/anomic/http/httpHeader.java
+++ b/source/de/anomic/http/httpHeader.java
@ -899,6 +899,12 @@ public final class httpHeader extends TreeMap implements Map {
        }
        return "";
    }
    public Vector getCookieVector(){
        return cookies;
    }
    public void setCookieVector(Vector mycookies){
        cookies=mycookies;
    }
    /**
     * Returns an iterator within all properties can be reached.
     * Is used mainly by httpd.
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@ -316,13 +316,16 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
        int pos = path.lastIndexOf(".");
        if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
-            // authentication required
+            //authentication required
-            if(authorization != null){
+            //userDB
-                //TODO: One (switchboard? httpd?) method to check it all, without too much userDB in the other classes.
+            if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())){
-                if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())|| sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
+                //Authentication successful. remove brute-force flag
-                    //Authentication successful. remove brute-force flag
+                serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
-                    serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
+            //static
-                }
+            }else if(authorization != null && sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
                //Authentication successful. remove brute-force flag
                serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
            //no auth
            }else if (authorization == null) {
                // no authorization given in response. Ask for that
                httpHeader headers = getDefaultHeaders(path);
@ -330,6 +333,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
                //httpd.sendRespondHeader(conProp,out,httpVersion,401,headers);
                serverObjects tp=new serverObjects();
                tp.put("returnto", path);
                //TODO: separate errorpage Wrong Login / No Login
                httpd.sendRespondError(conProp, out, 5, 401, "Wrong Authentication", "", new File("proxymsg/authfail.inc"), tp, null, headers);
                return;
            } else {
@ -613,6 +617,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
                                if (location.length() == 0) location = path;
                                httpHeader headers = getDefaultHeaders(path);
                                headers.setCookieVector(tp.getOutgoingHeader().getCookieVector()); //put the cookies into the new header TODO: can we put all headerlines, without trouble?
                                headers.put(httpHeader.LOCATION,location);
                                httpd.sendRespondHeader(conProp,out,httpVersion,302,headers);
                                return;
--- a/source/de/anomic/server/serverObjects.java
+++ b/source/de/anomic/server/serverObjects.java
@ -79,7 +79,10 @@ public final class serverObjects extends Hashtable implements Cloneable {
    }
    public httpHeader getOutgoingHeader()
    {
-    	return outgoingHeader;
+        if(outgoingHeader!=null)
            return outgoingHeader;
        else
            return new httpHeader();
    }