From 13fdebc50dedf05ea4a9b9d37b055c9258791f0f Mon Sep 17 00:00:00 2001 From: orbiter Date: Wed, 7 Dec 2005 00:36:05 +0000 Subject: [PATCH] added authentication for link deletion in search result git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@1177 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/Steering.java | 16 +++------------- htroot/index.java | 9 +++++++-- source/de/anomic/plasma/plasmaSwitchboard.java | 18 ++++++++++++++++++ 3 files changed, 28 insertions(+), 15 deletions(-) diff --git a/htroot/Steering.java b/htroot/Steering.java index 0d11f337e..9a95f338f 100644 --- a/htroot/Steering.java +++ b/htroot/Steering.java @@ -62,19 +62,9 @@ public class Steering { if (prop == null) { return prop; } // handle access rights - switch (sb.adminAuthenticated(header)) { - case 0: // wrong password given - try {Thread.sleep(3000);} catch (InterruptedException e) {} // prevent brute-force - prop.put("AUTHENTICATE", "admin log-in"); // force log-in - return prop; - case 1: // no password given - prop.put("AUTHENTICATE", "admin log-in"); // force log-in - return prop; - case 2: // no password stored - //prop.put("info", 1); // actions only with password - //return prop; - case 3: // soft-authenticated for localhost only - case 4: // hard-authenticated, all ok + if (!sb.verifyAuthentication(header, false)) { + prop.put("AUTHENTICATE", "admin log-in"); // force log-in + return prop; } if (post.containsKey("shutdown")) { diff --git a/htroot/index.java b/htroot/index.java index 93547b3c7..f6cafa7e9 100644 --- a/htroot/index.java +++ b/htroot/index.java @@ -137,8 +137,13 @@ public class index { // if a minus-button was hit, remove a special reference first if (post.containsKey("deleteref")) { - final String delHash = post.get("deleteref", ""); - sb.removeReferences(delHash, query); + if (!sb.verifyAuthentication(header, true)) { + final serverObjects prop = new serverObjects(); + prop.put("AUTHENTICATE", "admin log-in"); // force log-in + return prop; + } + final String delHash = post.get("deleteref", ""); + sb.removeReferences(delHash, query); } // prepare search order diff --git a/source/de/anomic/plasma/plasmaSwitchboard.java b/source/de/anomic/plasma/plasmaSwitchboard.java index fff7f89c6..9e33c6638 100644 --- a/source/de/anomic/plasma/plasmaSwitchboard.java +++ b/source/de/anomic/plasma/plasmaSwitchboard.java @@ -1848,6 +1848,24 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser return 0; // wrong password } + public boolean verifyAuthentication(httpHeader header, boolean strict) { + // handle access rights + switch (adminAuthenticated(header)) { + case 0: // wrong password given + try { Thread.sleep(3000); } catch (InterruptedException e) { } // prevent brute-force + return false; + case 1: // no password given + return false; + case 2: // no password stored + return !strict; + case 3: // soft-authenticated for localhost only + return true; + case 4: // hard-authenticated, all ok + return true; + } + return false; + } + public void terminate() { this.terminate = true; this.shutdownSync.V();