boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

fix: to allow unix scripts (bin/*.sh) to allways submit http admin apicalls

Browse Source 
using auth via config hash (legacy requirement)
pull/1/head
reger 11 years ago
parent ea3aa30593
commit 516f8c2489
1 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File

17
source/net/yacy/http/YaCyLegacyCredential.java
Unescape View File

@ -70,7 +70,7 @@ public class YaCyLegacyCredential extends Credential {
} }
if (credentials instanceof String) { // for BASIC auth if (credentials instanceof String) { // for BASIC auth
final String pw = (String) credentials; final String pw = (String) credentials;
if (isBase64enc) { if (isBase64enc) { // for old B64MD5 admin hashes
if (serverAccessTracker.timeSinceAccessFromLocalhost() < 100) { if (serverAccessTracker.timeSinceAccessFromLocalhost() < 100) {
// we allow localhost accesses also to submit the hash as password // we allow localhost accesses also to submit the hash as password
// this is very important since that method is used by the scripts in bin/ which are based on bin/apicall.sh // this is very important since that method is used by the scripts in bin/ which are based on bin/apicall.sh
@ -83,11 +83,20 @@ public class YaCyLegacyCredential extends Credential {
return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user
} }
// normal users (and new admin pwd) // normal users (and new admin pwd) for BASIC auth
if (hash.startsWith(MD5.__TYPE) && hash != null) { if (hash.startsWith(MD5.__TYPE) && hash != null) {
return (Digest.encodeMD5Hex(foruser + ":" + Switchboard.getSwitchboard().getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy")+":" + pw).equals(hash.substring(4))); boolean success = (Digest.encodeMD5Hex(foruser + ":" + Switchboard.getSwitchboard().getConfig(SwitchboardConstants.ADMIN_REALM,"YaCy")+":" + pw).equals(hash.substring(4)));
// exception: allow the hash as pwd (used in bin/apicall.sh)
if (!success && foruser.equals(Switchboard.getSwitchboard().getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"))) {
if (pw.equals(hash)) {
if (serverAccessTracker.timeSinceAccessFromLocalhost() < 100) {
return true;
}
}
}
return success;
} }
return Digest.encodeMD5Hex(foruser + ":" + pw).equals(hash); return Digest.encodeMD5Hex(foruser + ":" + pw).equals(hash); // for old userdb hashes
} }
throw new UnsupportedOperationException(); throw new UnsupportedOperationException();
} }

Write Preview
Loading…
Cancel
Save