From 6fe2fed87e7bee31166682fc2c189b1c9ae369c2 Mon Sep 17 00:00:00 2001
From: allo <allo@6c8d7289-2bf4-0310-a012-ef5d649a1542>
Date: Fri, 16 Jun 2006 08:04:02 +0000
Subject: [PATCH] cookieauth works with static Admin.

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@2208 6c8d7289-2bf4-0310-a012-ef5d649a1542
---
 htroot/User.java                              | 37 +++++++------
 source/de/anomic/data/userDB.java             | 55 +++++++++++++++----
 source/de/anomic/http/httpdFileHandler.java   |  2 +-
 .../de/anomic/plasma/plasmaSwitchboard.java   | 18 ++++--
 4 files changed, 78 insertions(+), 34 deletions(-)

diff --git a/htroot/User.java b/htroot/User.java
index aa354eb5c..e3091b800 100644
--- a/htroot/User.java
+++ b/htroot/User.java
@@ -50,6 +50,7 @@ import java.io.IOException;
 
 import de.anomic.data.userDB;
 import de.anomic.http.httpHeader;
+import de.anomic.kelondro.kelondroBase64Order;
 import de.anomic.plasma.plasmaSwitchboard;
 import de.anomic.server.serverCodings;
 import de.anomic.server.serverObjects;
@@ -57,17 +58,6 @@ import de.anomic.server.serverSwitch;
 
 public class User{
     
-    private static String getLoginToken(String cookies){
-        String[] cookie=cookies.split(";"); //TODO: Mozilla uses 
-        String[] pair;
-        for(int i=0;i<cookie.length;i++){
-            pair=cookie[i].split("=");
-            if(pair[0].trim().equals("login")){
-                return pair[1].trim();
-            }
-        }
-        return "";
-    }
     public static serverObjects respond(httpHeader header, serverObjects post, serverSwitch env) {
         serverObjects prop = new serverObjects();
         plasmaSwitchboard sb = plasmaSwitchboard.getSwitchboard();
@@ -83,7 +73,7 @@ public class User{
         	prop.put("logged-in_identified-by", 1);
         //try via cookie
         }else{
-            entry=sb.userDB.cookieAuth(getLoginToken(header.getHeaderCookies()));
+            entry=sb.userDB.cookieAuth(userDB.getLoginToken(header.getHeaderCookies()));
             prop.put("logged-in_identified-by", 2);
             //try via ip
             if(entry == null){
@@ -117,17 +107,30 @@ public class User{
         //TODO: this does not work for a static admin, yet.
         }else if(post != null && post.containsKey("username") && post.containsKey("password")){
             //entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"), (String)header.get("CLIENTIP", "xxxxxx"));
-            entry=sb.userDB.passwordAuth((String)post.get("username"), (String)post.get("password"));
-            if(entry != null){
+            String username=(String)post.get("username");
+            String password=(String)post.get("password");
+            
+            entry=sb.userDB.passwordAuth(username, password);
+            boolean staticAdmin = sb.getConfig("adminAccountBase64MD5", "").equals(
+                    serverCodings.encodeMD5Hex(
+                            kelondroBase64Order.standardCoder.encodeString(username + ":" + password)
+                    )
+            );
+            String cookie="";
+            if(entry != null)
                 //set a random token in a cookie
-                String cookie=sb.userDB.getCookie(entry);
+                cookie=sb.userDB.getCookie(entry);
+            else if(staticAdmin)
+                cookie=sb.userDB.getAdminCookie();
+                
+            if(entry != null || staticAdmin){
                 httpHeader outgoingHeader=new httpHeader();
                 outgoingHeader.setCookie("login", cookie);
                 prop.setOutgoingHeader(outgoingHeader);
                 
                 prop.put("logged-in", 1);
                 prop.put("logged-in_identified-by", 1);
-                prop.put("logged-in_username", entry.getUserName());
+                prop.put("logged-in_username", username);
                 if(post.containsKey("returnto")){
                     prop.put("LOCATION", (String)post.get("returnto"));
                 }
@@ -158,7 +161,7 @@ public class User{
         if(post!=null && post.containsKey("logout")){
             prop.put("logged-in",0);
             if(entry != null){
-                entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), getLoginToken(header.getHeaderCookies())); //todo: logout cookie
+                entry.logout(((String)header.get("CLIENTIP", "xxxxxx")), userDB.getLoginToken(header.getHeaderCookies())); //todo: logout cookie
             }
             if(! ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).equals("xxxxxx")){
                 prop.put("AUTHENTICATE","admin log-in");
diff --git a/source/de/anomic/data/userDB.java b/source/de/anomic/data/userDB.java
index ddf5bd071..603064cd4 100644
--- a/source/de/anomic/data/userDB.java
+++ b/source/de/anomic/data/userDB.java
@@ -158,8 +158,11 @@ public final class userDB {
 	 * @param auth a base64 Encoded String, which contains "username:pw".
 	 */
 	public Entry proxyAuth(String auth) {
+        if(auth==null)
+            return null;
 		Entry entry=null;
 		auth=auth.trim().substring(6);
+        
         try{
             auth=kelondroBase64Order.standardCoder.decodeString(auth);
         }catch(RuntimeException e){} //no valid Base64
@@ -184,19 +187,17 @@ public final class userDB {
      * @param auth the http-headerline for authorisation
      */
     public boolean hasAdminRight(String auth, String ip, String cookies){
-        return hasAdminRight(auth);
-    }
-    public boolean hasAdminRight(String auth){
-        plasmaSwitchboard sb=plasmaSwitchboard.getSwitchboard();
-        String adminAccountBase64MD5 = sb.getConfig("adminAccountBase64MD5", "");
-        userDB.Entry entry = sb.userDB.proxyAuth(auth);
-        if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) {
+        Entry entry=proxyAuth(auth);
+        if(entry != null && entry.hasAdminRight())
             return true;
-        } else if(entry != null && entry.hasAdminRight()){
+        entry=cookieAuth(cookies);
+        if(entry != null && entry.hasAdminRight())
+            return true;
+        if(cookieAdminAuth(cookies))
             return true;
-        }
         return false;
     }
+
 	/*
 	 * use a ProxyAuth String to authenticate a user and save the ip/username for ipAuth
 	 * @param auth a base64 Encoded String, which contains "username:pw".
@@ -262,16 +263,45 @@ public final class userDB {
         return entry;
     }
     public Entry cookieAuth(String cookieString){
-        if(cookieUsers.containsKey(cookieString))
-            return (Entry) cookieUsers.get(cookieString);
+        if(cookieUsers.containsKey(cookieString)){
+            Object entry=cookieUsers.get(cookieString);
+            if(entry instanceof Entry) //String would mean static Admin
+                return (Entry)entry;
+        }
         return null;
     }
+    public boolean cookieAdminAuth(String cookieString){
+        if(cookieUsers.containsKey(cookieString)){
+            Object entry=cookieUsers.get(cookieString);
+            if(entry instanceof String && entry.equals("admin"))
+                return true;
+        }
+        return false;
+    }
     public String getCookie(Entry entry){
         Random r = new Random();
         String token = Long.toString(Math.abs(r.nextLong()), 36);
         cookieUsers.put(token, entry);
         return token;
     }
+    public String getAdminCookie(){
+        Random r = new Random();
+        String token = Long.toString(Math.abs(r.nextLong()), 36);
+        cookieUsers.put(token, "admin");
+        return token;
+    }
+    
+    public static String getLoginToken(String cookies){
+        String[] cookie=cookies.split(";"); //TODO: Mozilla uses "; "
+        String[] pair;
+        for(int i=0;i<cookie.length;i++){
+            pair=cookie[i].split("=");
+            if(pair[0].trim().equals("login")){
+                return pair[1].trim();
+            }
+        }
+        return "";
+    }
     
     public class Entry {
         public static final String MD5ENCODED_USERPWD_STRING = "MD5_user:pwd";
@@ -529,7 +559,8 @@ public final class userDB {
             return new HashSet().iterator();
         }
     }
-    
+
+
     public class userIterator implements Iterator {
         // the iterator iterates all userNames
         kelondroDyn.dynKeyIterator userIter;
diff --git a/source/de/anomic/http/httpdFileHandler.java b/source/de/anomic/http/httpdFileHandler.java
index b640e631b..44c9494dd 100644
--- a/source/de/anomic/http/httpdFileHandler.java
+++ b/source/de/anomic/http/httpdFileHandler.java
@@ -318,7 +318,7 @@ public final class httpdFileHandler extends httpdAbstractHandler implements http
         
         if ((path.substring(0,(pos==-1)?path.length():pos)).endsWith("_p") && (adminAccountBase64MD5.length() != 0)) {
             // authentication required
-            if( (authorization != null && sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))){
+            if( (authorization != null && (sb.userDB.hasAdminRight(authorization, conProp.getProperty("CLIENTIP"), requestHeader.getHeaderCookies()))|| sb.staticAdminAuthenticated(authorization)==4)){
                 //Authentication successful. remove brute-force flag
                 serverCore.bfHost.remove(conProp.getProperty("CLIENTIP"));
             }else if (authorization == null) {
diff --git a/source/de/anomic/plasma/plasmaSwitchboard.java b/source/de/anomic/plasma/plasmaSwitchboard.java
index 942d9766a..f77368f8b 100644
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@@ -2021,14 +2021,24 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
     }
 
     public int adminAuthenticated(httpHeader header) {
+        
         String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
-        if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
         String authorization = ((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx")).trim().substring(6);
+        int result=0; //wrong pw
+        int tmp=0;
+        if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) result = 3; // soft-authenticated for localhost
+        if (userDB.hasAdminRight((String) header.get(httpHeader.AUTHORIZATION, "xxxxxx"), ((String) header.get("CLIENTIP", "")), header.getHeaderCookies())) return 4; //return, because 4=max
+        tmp=staticAdminAuthenticated(authorization);
+        if(tmp>result) result=tmp;
+        return result;
+    }
+    public int staticAdminAuthenticated(String authorization){
+        if(authorization==null) return 1;
         if (authorization.length() == 0) return 1; // no authentication information given
-        if ((((String) header.get("CLIENTIP", "")).equals("localhost")) && (adminAccountBase64MD5.equals(authorization))) return 3; // soft-authenticated for localhost
+        String adminAccountBase64MD5 = getConfig("adminAccountBase64MD5", "");
+        if (adminAccountBase64MD5.length() == 0) return 2; // no passwrd stored
         if (adminAccountBase64MD5.equals(serverCodings.encodeMD5Hex(authorization))) return 4; // hard-authenticated, all ok
-        if (userDB.hasAdminRight((String)header.get(httpHeader.AUTHORIZATION, "xxxxxx"))) return 4;
-        return 0; // wrong password
+        return 0;
     }
     
     public boolean verifyAuthentication(httpHeader header, boolean strict) {