* authentication complete (using old credentials from config file)

14 years ago · f25cc4407d
parent 7cfd3762d9
commit f25cc4407d
3 changed files with 112 additions and 4 deletions
--- a/source/net/yacy/http/YaCyLegacyCredential.java
+++ b/source/net/yacy/http/YaCyLegacyCredential.java
@ -0,0 +1,90 @@
+//
+//  YaCyLegacyCredentials
+//  Copyright 2011 by Florian Richter
+//  First released 16.04.2011 at http://yacy.net
+//  
+//  $LastChangedDate$
+//  $LastChangedRevision$
+//  $LastChangedBy$
+//
+//  This library is free software; you can redistribute it and/or
+//  modify it under the terms of the GNU Lesser General Public
+//  License as published by the Free Software Foundation; either
+//  version 2.1 of the License, or (at your option) any later version.
+//  
+//  This library is distributed in the hope that it will be useful,
+//  but WITHOUT ANY WARRANTY; without even the implied warranty of
+//  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+//  Lesser General Public License for more details.
+//  
+//  You should have received a copy of the GNU Lesser General Public License
+//  along with this program in the file lgpl21.txt
+//  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package net.yacy.http;
+
+import net.yacy.kelondro.order.Base64Order;
+import net.yacy.kelondro.order.Digest;
+import net.yacy.kelondro.util.MapTools;
+
+import org.eclipse.jetty.http.security.Credential;
+
+
+/**
+ * implementation of YaCy's old admin password as jetty Credential
+ */
+public class YaCyLegacyCredential extends Credential {
+	
+	private static final long serialVersionUID = -3527894085562480001L;
+	private String hash;
+	
+    /**
+     * <p><code>public static final String <strong>ADMIN_ACCOUNT_B64MD5</strong> = "adminAccountBase64MD5"</code></p>
+     * <p>Name of the setting holding the authentication hash for the static <code>admin</code>-account. It is calculated
+     * by first encoding <code>username:password</code> as Base64 and hashing it using {@link MapTools#encodeMD5Hex(String)}.</p>
+     */
+    public static final String ADMIN_ACCOUNT_B64MD5 = "adminAccountBase64MD5";
+
+	/**
+	 * internal hash function
+	 * @param clear password
+	 * @return hash string
+	 */
+	private static String calcHash(String pw) {
+		return Digest.encodeMD5Hex(Base64Order.standardCoder.encodeString("admin:" + pw));
+	}
+
+	@Override
+	public boolean check(Object credentials) {
+		if(credentials instanceof String) {
+			final String pw = (String) credentials;
+			return calcHash(pw).equals(this.hash);
+		} else {
+			throw new UnsupportedOperationException();
+		}
+	}
+	
+	/**
+	 * create Credential object from config file hash
+	 * @param configHash hash as in config file
+	 * @return
+	 */
+	public static Credential getCredentialsFromConfig(String configHash) {
+		YaCyLegacyCredential c = new YaCyLegacyCredential();
+		c.hash = configHash;
+		return c;
+	}
+	
+	/**
+	 * create Credential object from password
+	 * @param password
+	 * @return
+	 */
+	public static Credential getCredentials(String password) {
+		YaCyLegacyCredential c = new YaCyLegacyCredential();
+		c.hash = calcHash(password);
+		return c;
+	}
+
+}
--- a/source/net/yacy/http/YaCyLoginService.java
+++ b/source/net/yacy/http/YaCyLoginService.java
@ -34,6 +34,8 @@ import org.eclipse.jetty.security.IdentityService;
 import org.eclipse.jetty.security.MappedLoginService;
 import org.eclipse.jetty.server.UserIdentity;

+import de.anomic.search.Switchboard;
+

 /**
 * jetty login service, provides one admin user
@ -44,7 +46,9 @@ public class YaCyLoginService extends MappedLoginService {
 	protected UserIdentity loadUser(String username) {
 		if(username.equals("admin")) {
 			// TODO: implement legacy credentials
-			Credential credential = Credential.getCredential("admin");
+			final Switchboard sb = Switchboard.getSwitchboard();
+			final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
+			Credential credential = YaCyLegacyCredential.getCredentialsFromConfig(adminAccountBase64MD5);
 			Principal userPrincipal = new MappedLoginService.KnownUser("admin", credential); 
 			Subject subject = new Subject();
 			subject.getPrincipals().add(userPrincipal);
--- a/source/net/yacy/http/YaCySecurityHandler.java
+++ b/source/net/yacy/http/YaCySecurityHandler.java
@ -26,11 +26,15 @@ package net.yacy.http;

 import java.io.IOException;

+import net.yacy.cora.protocol.Domains;
+
 import org.eclipse.jetty.security.SecurityHandler;
 import org.eclipse.jetty.server.Request;
 import org.eclipse.jetty.server.Response;
 import org.eclipse.jetty.server.UserIdentity;

+import de.anomic.search.Switchboard;
+
 /**
 * jetty security handler
 * demands authentication for pages with _p. inside
@ -60,8 +64,18 @@ public class YaCySecurityHandler extends SecurityHandler {

 	@Override
 	protected Object prepareConstraintInfo(String pathInContext, Request request) {
-		// authentication mandatory as simple constraint info
-		return pathInContext.contains("_p.");
+		final Switchboard sb = Switchboard.getSwitchboard();
+        final boolean adminAccountForLocalhost = sb.getConfigBool("adminAccountForLocalhost", false);
+        final String adminAccountBase64MD5 = sb.getConfig(YaCyLegacyCredential.ADMIN_ACCOUNT_B64MD5, "");
+
+        final String refererHost = request.getHeader("Referer");
+        final boolean accessFromLocalhost = Domains.isLocalhost(request.getRemoteHost()) && (refererHost == null || refererHost.length() == 0 || Domains.isLocalhost(refererHost));
+        final boolean grantedForLocalhost = adminAccountForLocalhost && accessFromLocalhost;
+        final boolean protectedPage = pathInContext.indexOf("_p.") > 0;
+        final boolean accountEmpty = adminAccountBase64MD5.length() == 0;
+        final boolean yacyBot = request.getHeader("User-Agent").startsWith("yacybot");
+        
+		return protectedPage && ((!grantedForLocalhost && !accountEmpty) || yacyBot);
 	}

 }