diff --git a/htroot/Collage.java b/htroot/Collage.java index 1ac10e9aa..214181b6a 100644 --- a/htroot/Collage.java +++ b/htroot/Collage.java @@ -29,6 +29,7 @@ import net.yacy.cora.protocol.Domains; import net.yacy.cora.protocol.RequestHeader; import net.yacy.crawler.data.ResultImages; import net.yacy.search.Switchboard; +import net.yacy.search.SwitchboardConstants; import net.yacy.server.serverObjects; import net.yacy.server.serverSwitch; @@ -95,7 +96,7 @@ public class Collage { // check if this loads a page from localhost, which must be prevented to protect the server // against attacks to the administration interface when localhost access is granted if ((Domains.isLocal(baseURL.getHost(), null) || Domains.isLocal(imageURL.getHost(), null)) && - sb.getConfigBool("adminAccountForLocalhost", false)) continue; + sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) continue; final long z = imgZIndex[i]; prop.put("imgurl_list_" + c + "_url", diff --git a/htroot/ConfigAccounts_p.java b/htroot/ConfigAccounts_p.java index a80176cbc..b9401f451 100644 --- a/htroot/ConfigAccounts_p.java +++ b/htroot/ConfigAccounts_p.java @@ -55,7 +55,7 @@ public class ConfigAccounts_p { UserDB.Entry entry = null; // admin password - boolean localhostAccess = sb.getConfigBool("adminAccountForLocalhost", false); + boolean localhostAccess = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false); if (post != null && post.containsKey("setAdmin")) { localhostAccess = Domains.isLocalhost(post.get("access", "")); final String user = (post == null) ? "" : post.get("adminuser", ""); @@ -66,22 +66,22 @@ public class ConfigAccounts_p { if (user.length() > 0 && pw1.length() > 3 && pw1.equals(pw2)) { // check passed. set account: env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1))); - env.setConfig("adminAccount", ""); - env.setConfig("adminAccountUserName",user); + env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, ""); + env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME,user); } if (localhostAccess) { - sb.setConfig("adminAccountForLocalhost", true); + sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, true); // if an localhost access is configured, check if a local password is given // if not, set a random password if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty()) { // make a 'random' password env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + sb.genRandomPassword()); - env.setConfig("adminAccount", ""); + env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, ""); } } else { - sb.setConfig("adminAccountForLocalhost", false); + sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false); if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000")) { // make shure that the user can still use the interface after a random password was set env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, ""); @@ -89,14 +89,14 @@ public class ConfigAccounts_p { } } - if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool("adminAccountForLocalhost", false)) { + if (env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() && !env.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) { prop.put("passwordNotSetWarning", 1); } prop.put("localhost.checked", (localhostAccess) ? 1 : 0); prop.put("account.checked", (localhostAccess) ? 0 : 1); prop.put("statusPassword", localhostAccess ? "0" : "1"); - prop.put("defaultUser", env.getConfig("adminAccountUserName", "admin")); + prop.put("defaultUser", env.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin")); //default values prop.put("current_user", "newuser"); diff --git a/htroot/ConfigBasic.java b/htroot/ConfigBasic.java index 7563d9857..10ed80e3e 100644 --- a/htroot/ConfigBasic.java +++ b/htroot/ConfigBasic.java @@ -234,7 +234,7 @@ public class ConfigBasic { prop.put("setUseCase_repositoryPath", sb.getConfig("repositoryPath", "/DATA/HTROOT/repository")); // check if values are proper - final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool("adminAccountForLocalhost", false); + final boolean properPassword = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").length() > 0) || sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false); final boolean properName = (sb.peers.mySeed().getName().length() >= 3) && (!(Seed.isDefaultPeerName(sb.peers.mySeed().getName()))); final boolean properPort = (sb.peers.mySeed().isSenior()) || (sb.peers.mySeed().isPrincipal()); diff --git a/htroot/SettingsAck_p.java b/htroot/SettingsAck_p.java index 2e09234bc..ef256b055 100644 --- a/htroot/SettingsAck_p.java +++ b/htroot/SettingsAck_p.java @@ -93,8 +93,8 @@ public class SettingsAck_p { } // check passed. set account: env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(user + ":" + pw1))); - env.setConfig("adminAccount", ""); - env.setConfig("adminAccountUserName", user); + env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, ""); + env.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, user); prop.put("info", "5");//admin account changed prop.putHTML("info_user", user); return prop; diff --git a/htroot/Status.java b/htroot/Status.java index efe738d2d..7e0c98211 100644 --- a/htroot/Status.java +++ b/htroot/Status.java @@ -131,14 +131,14 @@ public class Status // password protection if ( (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty()) - && (!sb.getConfigBool("adminAccountForLocalhost", false)) ) { + && (!sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false)) ) { prop.put("protection", "0"); // not protected prop.put("urgentSetPassword", "1"); } else { prop.put("protection", "1"); // protected } - if ( sb.getConfigBool("adminAccountForLocalhost", false) ) { + if ( sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) { prop.put("unrestrictedLocalAccess", 1); } diff --git a/source/net/yacy/http/Jetty8YaCySecurityHandler.java b/source/net/yacy/http/Jetty8YaCySecurityHandler.java index 896d259f9..0c8a81e16 100644 --- a/source/net/yacy/http/Jetty8YaCySecurityHandler.java +++ b/source/net/yacy/http/Jetty8YaCySecurityHandler.java @@ -33,6 +33,7 @@ import net.yacy.cora.document.id.MultiProtocolURL; import net.yacy.cora.protocol.Domains; import net.yacy.data.UserDB.AccessRight; import net.yacy.search.Switchboard; +import net.yacy.search.SwitchboardConstants; import org.eclipse.jetty.http.HttpSchemes; import org.eclipse.jetty.security.RoleInfo; @@ -168,7 +169,7 @@ public class Jetty8YaCySecurityHandler extends SecurityHandler { @Override protected RoleInfo prepareConstraintInfo(String pathInContext, Request request) { final Switchboard sb = Switchboard.getSwitchboard(); - final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false); + final boolean adminAccountForLocalhost = sb.getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false); //final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, ""); String refererHost; diff --git a/source/net/yacy/http/YaCyLegacyCredential.java b/source/net/yacy/http/YaCyLegacyCredential.java index e28ebcb6b..7ad216ef7 100644 --- a/source/net/yacy/http/YaCyLegacyCredential.java +++ b/source/net/yacy/http/YaCyLegacyCredential.java @@ -26,6 +26,7 @@ package net.yacy.http; import net.yacy.cora.order.Base64Order; import net.yacy.cora.order.Digest; + import org.eclipse.jetty.util.security.Credential; @@ -39,7 +40,7 @@ public class YaCyLegacyCredential extends Credential { private String hash; private String foruser; // remember the user as YaCy credential is username:pwd (not just pwd) private boolean isBase64enc; // remember hash encoding false = encodeMD5Hex(usr:pwd) ; true = encodeMD5Hex(Base64Order.standardCoder.encodeString(usr:pw)) - + /** * internal hash function * @@ -54,11 +55,9 @@ public class YaCyLegacyCredential extends Credential { public boolean check(Object credentials) { if (credentials instanceof String) { final String pw = (String) credentials; - if (isBase64enc) { // for adminuser - return calcHash(foruser + ":" + pw).equals(this.hash); - } else { // for user - return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash); - } + if (isBase64enc) return calcHash(foruser + ":" + pw).equals(this.hash); // for admin user + // normal users + return Digest.encodeMD5Hex(foruser + ":" + pw).equals(this.hash); } throw new UnsupportedOperationException(); } @@ -70,8 +69,8 @@ public class YaCyLegacyCredential extends Credential { */ public static Credential getCredentialsFromConfig(String username, String configHash) { YaCyLegacyCredential c = new YaCyLegacyCredential(); - c.foruser=username; - c.isBase64enc=true; + c.foruser = username; + c.isBase64enc = true; c.hash = configHash; return c; } @@ -84,9 +83,9 @@ public class YaCyLegacyCredential extends Credential { */ public static Credential getCredentials(String username, String configHash) { YaCyLegacyCredential c = new YaCyLegacyCredential(); - c.foruser=username; - c.isBase64enc = false; - c.hash = configHash; + c.foruser = username; + c.isBase64enc = false; + c.hash = configHash; //c.hash = calcHash(user + ":" + password); return c; } diff --git a/source/net/yacy/http/YaCyLoginService.java b/source/net/yacy/http/YaCyLoginService.java index bc0d798ae..af0f15785 100644 --- a/source/net/yacy/http/YaCyLoginService.java +++ b/source/net/yacy/http/YaCyLoginService.java @@ -49,7 +49,7 @@ public class YaCyLoginService extends MappedLoginService { // TODO: implement legacy credentials final Switchboard sb = Switchboard.getSwitchboard(); - String adminuser = sb.getConfig("adminAccountUserName", "admin"); + String adminuser = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_USER_NAME, "admin"); if (username.equals(adminuser)) { final String adminAccountBase64MD5 = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, ""); // in YaCy the credential hash is composed of username:pwd so the username is needed to create valid credential @@ -66,23 +66,22 @@ public class YaCyLoginService extends MappedLoginService { subject.setReadOnly(); IdentityService is = getIdentityService(); return is.newUserIdentity(subject, userPrincipal, new String[]{AccessRight.ADMIN_RIGHT.toString()}); - } else { // get user data from UserDB - Entry user = sb.userDB.getEntry(username); - if (user != null) { - if (user.hasRight(AccessRight.ADMIN_RIGHT)) { - String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()}; + } + Entry user = sb.userDB.getEntry(username); + if (user != null) { + if (user.hasRight(AccessRight.ADMIN_RIGHT)) { + String[] role = new String[]{AccessRight.ADMIN_RIGHT.toString()}; - Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd()); - Principal userPrincipal = new MappedLoginService.KnownUser(username, credential); - Subject subject = new Subject(); - subject.getPrincipals().add(userPrincipal); - subject.getPrivateCredentials().add(credential); - subject.setReadOnly(); - IdentityService is = getIdentityService(); + Credential credential = YaCyLegacyCredential.getCredentials(username, user.getMD5EncodedUserPwd()); + Principal userPrincipal = new MappedLoginService.KnownUser(username, credential); + Subject subject = new Subject(); + subject.getPrincipals().add(userPrincipal); + subject.getPrivateCredentials().add(credential); + subject.setReadOnly(); + IdentityService is = getIdentityService(); - return is.newUserIdentity(subject, userPrincipal, role); - } - } + return is.newUserIdentity(subject, userPrincipal, role); + } } return null; } diff --git a/source/net/yacy/migration.java b/source/net/yacy/migration.java index e8968e8ba..4ea302dca 100644 --- a/source/net/yacy/migration.java +++ b/source/net/yacy/migration.java @@ -234,9 +234,9 @@ public class migration { public static void presetPasswords(final Switchboard sb) { // set preset accounts/passwords String acc; - if ((acc = sb.getConfig("adminAccount", "")).length() > 0) { + if ((acc = sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "")).length() > 0) { sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString(acc))); - sb.setConfig("adminAccount", ""); + sb.setConfig(SwitchboardConstants.ADMIN_ACCOUNT, ""); } // fix unsafe old passwords diff --git a/source/net/yacy/search/Switchboard.java b/source/net/yacy/search/Switchboard.java index 32d07a6f7..a055dbf81 100644 --- a/source/net/yacy/search/Switchboard.java +++ b/source/net/yacy/search/Switchboard.java @@ -208,6 +208,7 @@ import net.yacy.utils.UPnP; import net.yacy.utils.crypt; import com.google.common.io.Files; + import net.yacy.http.YaCyHttpServer; @@ -886,7 +887,7 @@ public final class Switchboard extends serverSwitch { // that an automatic authorization of localhost is done, because in this case crawls from local // addresses are blocked to prevent attack szenarios where remote pages contain links to localhost // addresses that can steer a YaCy peer - if ( !getConfigBool("adminAccountForLocalhost", false) ) { + if ( !getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) ) { if ( getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").startsWith("0000") ) { // the password was set automatically with a random value. // We must remove that here to prevent that a user cannot log in any more @@ -2056,11 +2057,11 @@ public final class Switchboard extends serverSwitch { } // set a random password if no password is configured - if ( getConfigBool("adminAccountForLocalhost", false) + if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) && getConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "").isEmpty() ) { // make a 'random' password setConfig(SwitchboardConstants.ADMIN_ACCOUNT_B64MD5, "0000" + this.genRandomPassword()); - setConfig("adminAccount", ""); + setConfig(SwitchboardConstants.ADMIN_ACCOUNT, ""); } // stop greedylearning if limit is reached @@ -3242,7 +3243,7 @@ public final class Switchboard extends serverSwitch { // authorization for localhost, only if flag is set to grant localhost access as admin final boolean accessFromLocalhost = requestHeader.accessFromLocalhost(); - if ( getConfigBool("adminAccountForLocalhost", false) && accessFromLocalhost ) { + if ( getConfigBool(SwitchboardConstants.ADMIN_ACCOUNT_FOR_LOCALHOST, false) && accessFromLocalhost ) { adminAuthenticationLastAccess = System.currentTimeMillis(); return 3; // soft-authenticated for localhost } diff --git a/source/net/yacy/search/SwitchboardConstants.java b/source/net/yacy/search/SwitchboardConstants.java index 10d203109..9e574a80f 100644 --- a/source/net/yacy/search/SwitchboardConstants.java +++ b/source/net/yacy/search/SwitchboardConstants.java @@ -41,8 +41,11 @@ public final class SwitchboardConstants { *

Name of the setting holding the authentication hash for the static admin-account. It is calculated * by first encoding username:password as Base64 and hashing it using {@link MapTools#encodeMD5Hex(String)}.

*/ - public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5"; - + public static final String ADMIN_ACCOUNT = "adminAccount"; + public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5"; + public static final String ADMIN_ACCOUNT_USER_NAME = "adminAccountUserName"; // by default 'admin' + public static final String ADMIN_ACCOUNT_FOR_LOCALHOST = "adminAccountForLocalhost"; + public static final int CRAWLJOB_SYNC = 0; public static final int CRAWLJOB_STATUS = 1; // 20_dhtdistribution diff --git a/source/net/yacy/yacy.java b/source/net/yacy/yacy.java index 2a0a96700..c490f1aa1 100644 --- a/source/net/yacy/yacy.java +++ b/source/net/yacy/yacy.java @@ -355,7 +355,7 @@ public final class yacy { final boolean browserPopUpTrigger = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_TRIGGER, "true").equals("true"); if (browserPopUpTrigger) try { final String browserPopUpPage = sb.getConfig(SwitchboardConstants.BROWSER_POP_UP_PAGE, "ConfigBasic.html"); - //boolean properPW = (sb.getConfig("adminAccount", "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0); + //boolean properPW = (sb.getConfig(SwitchboardConstants.ADMIN_ACCOUNT, "").isEmpty()) && (sb.getConfig(httpd.ADMIN_ACCOUNT_B64MD5, "").length() > 0); //if (!properPW) browserPopUpPage = "ConfigBasic.html"; Browser.openBrowser(("http://localhost:"+port) + "/" + browserPopUpPage); // Browser.openBrowser((server.withSSL()?"https":"http") + "://localhost:" + serverCore.getPortNr(port) + "/" + browserPopUpPage);