boxtec
/
yacy_search_server
mirror of https://github.com/yacy/yacy_search_server
4
1
Fork 0
Code Issues Projects Releases Wiki Activity

Fix for dynamic login with static password.

Browse Source 
git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2210 6c8d7289-2bf4-0310-a012-ef5d649a1542
pull/1/head
allo 19 years ago
parent ef9eb50c3c
commit 67a8c74be3
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File

9
source/de/anomic/http/httpdFileHandler.java
Unescape View File

@ -318,9 +318,12 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
// authentication required
if( (authorization != null && (sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))|| sb.staticAdminAuthenticated(authorization)==4)){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
if(authorization != null){
//TODO: One (switchboard? httpd?) method to check it all, without too much userDB in the other classes.
if(sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies())|| sb.staticAdminAuthenticated(authorization.trim().substring(6))==4){
//Authentication successful. remove brute-force flag
serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
}
}else if (authorization == null) {
// no authorization given in response. Ask for that
httpHeader headers = getDefaultHeaders(path);

4
source/de/anomic/plasma/plasmaSwitchboard.java
Unescape View File

@ -2034,8 +2034,8 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
}
public int staticAdminAuthenticated(String authorization){
if(authorization==null) return 1;
if (authorization.length() < 6) return 1; // no authentication information given
authorization = authorization.trim().substring(6);
//if (authorization.length() < 6) return 1; // no authentication information given
//authorization = authorization.trim().substring(6);
String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok

Write Preview
Loading…
Cancel
Save