userDB Auth

git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@874 6c8d7289-2bf4-0310-a012-ef5d649a1542
20 years ago · f65c939a60
parent 5153ec0f3e
commit f65c939a60
8 changed files with 109 additions and 61 deletions
--- a/htroot/SettingsAck_p.java
+++ b/htroot/SettingsAck_p.java
@ -137,26 +137,30 @@ public class SettingsAck_p {
            
            // read and process data
            String filter = (String) post.get("proxyfilter");
-            String user   = (String) post.get("proxyuser");
-            String pw1    = (String) post.get("proxypw1");
-            String pw2    = (String) post.get("proxypw2");
+			String use_proxyAccounts="";
+			if(post.containsKey("use_proxyaccounts")){
+				//needed? or set to true by default?
+	            use_proxyAccounts = (((String) post.get("use_proxyaccounts")).equals("on") ? "true" : "false" );
+			}else{
+				use_proxyAccounts = "false";
+			}
            // do checks
-            if ((filter == null) || (user == null) || (pw1 == null) || (pw2 == null)) {
+            if ((filter == null) || (use_proxyAccounts == null)) {
                prop.put("info", 1);//error with submitted information
                return prop;
            }
-            if (user.length() == 0) {
+            /*if (user.length() == 0) {
                prop.put("info", 2);//username must be given
                return prop;
-            }
-            if (!(pw1.equals(pw2))) {
+            }*/
+            /*if (!(pw1.equals(pw2))) {
                prop.put("info", 3);//pw check failed
                return prop;
-            }
+            }*/
            if (filter.length() == 0) filter = "*";
            // check passed. set account:
            env.setConfig("proxyClient", filter);
-            if (pw1.length() == 0) {
+            /*if (pw1.length() == 0) {
                // only ip filter setting without account
                env.setConfig("proxyAccountBase64MD5", "");
                env.setConfig("proxyAccount", "");
@ -169,7 +173,16 @@ public class SettingsAck_p {
                prop.put("info", 7);//proxy account has changed
                prop.put("info_user", user);
                prop.put("info_filter", filter);
-            }
+            }*/
+            env.setConfig("use_proxyAccounts", use_proxyAccounts);//"true" or "false"
+			if (use_proxyAccounts.equals("false")){
+                prop.put("info", 6);//proxy account has changed(no pw)
+                prop.put("info_filter", filter);
+			} else {
+                prop.put("info", 7);//proxy account has changed
+                //prop.put("info_user", user);
+                prop.put("info_filter", filter);
+			}
            return prop;
        }
        
--- a/htroot/Settings_p.html
+++ b/htroot/Settings_p.html
@ -121,16 +121,8 @@ All traffic is routed throug one single port, for both proxy and server.<br>
    <td colspan ="2"><input name="proxyfilter" type="text" size="50" maxlength="1000" value="#[proxyfilter]#"></td>
  </tr>
  <tr valign="top">
-    <td>Account Name:</td>
-    <td><input name="proxyuser" type="text" size="16" maxlength="16" value="#[proxyuser]#"></td>
-  </tr>
-  <tr valign="top">
-    <td>Password:</td>
-    <td><input name="proxypw1" type="password" size="16" maxlength="16" value=""></td>
-  </tr>
-  <tr valign="top">
-    <td>Password (repeat same as above):</td>
-    <td><input name="proxypw2" type="password" size="16" maxlength="16" value=""></td>
+    <td>Accounts:</td>
+    <td><input name="use_proxyaccounts" type="checkbox" size="16" maxlength="16" value="on" #(use_proxyAccounts)#::checked#(/use_proxyAccounts)#> Use <a href="User_p.html">Proxy Accounts</a></td>
  </tr>
  <tr valign="top">
    <td colspan="2"><input type="submit" name="proxyaccount" value="Submit"></td>
--- a/htroot/Settings_p.java
+++ b/htroot/Settings_p.java
@ -118,17 +118,18 @@ public final class Settings_p {
        prop.put("proxyfilter", env.getConfig("proxyClient", "*"));
        
        // proxy password
-        if (env.getConfig("proxyAccountBase64", "").length() == 0) {
+        if ( env.getConfig("use_proxyAccounts", "false").equals("false") ) {
            // no password has been specified
-            prop.put("proxyuser","proxy");
+            prop.put("use_proxyAccounts", 0); //unchecked
        } else {
-            s = env.getConfig("proxyAccount", "proxy:void");
+            prop.put("use_proxyAccounts", 1); //checked
+            /*s = env.getConfig("proxyAccount", "proxy:void");
            pos = s.indexOf(":");
            if (pos < 0) {
                prop.put("proxyuser","proxy");
            } else {
                prop.put("proxyuser",s.substring(0, pos));
-            }
+            }*/
        }
        
        // server access filter
--- a/htroot/User_p.html
+++ b/htroot/User_p.html
@ -26,7 +26,7 @@
 </td>

 <td width="100%">
-<form action="User_p.html">
+<form action="User_p.html" method="POST">
 Hidden(text for debugging): <input type="text" name="current_user" value="#[current_user]#" readonly>
 Current User: #[username]#
 <p />
@ -73,18 +73,22 @@ Current User: #[username]#
 </tr>
 </table>
 ::
-Result:
+<!-- Page 1: Results -->
 #(text)#
-leer
 ::
 User created: #[username]#
+::
+User changed: #[username]#
 #(/text)#
 <p />
 #(error)#
-no error
+::
+generic error.
 ::
 Passwords do not match.
 #(/error)#
+<p />
+If you want to manage more Users, return to the <a href="User_p.html?change_user=true&user=#[username]#">user</a> page.

 #(/page)#

--- a/htroot/User_p.java
+++ b/htroot/User_p.java
@ -103,7 +103,7 @@ public class User_p {
 			}else if( post.containsKey("delete_user") && !((String)post.get("user")).equals("newuser") ){
 				sb.userDB.removeEntry((String)post.get("user"));
 			}
-        } else if(post.containsKey("change")) { //Data submitted
+        } else if(post.containsKey("change")) { //New User
            prop.put("page", 1); //results
            prop.put("page_text", 0);
            prop.put("page_error", 0);
@ -123,14 +123,14 @@ public class User_p {
                pw=(String)post.get("password");
                pw2=(String)post.get("password2");
                if(! pw.equals(pw2)){
-                    prop.put("page_error", 1); //PW does not match
+                    prop.put("page_error", 2); //PW does not match
                    return prop;
                }
                firstName=(String)post.get("firstname");
                lastName=(String)post.get("lastname");
                address=(String)post.get("address");
                timeLimit=(String)post.get("timelimit");
-                timeUsed=(String)post.get("timelimit");
+                timeUsed=(String)post.get("timeused");
                
 				if(!pw.equals("")){ //change only if set
 	                mem.put(userDB.Entry.MD5ENCODED_USERPWD_STRING, serverCodings.encodeMD5Hex(username+":"+pw));
@ -143,6 +143,8 @@ public class User_p {

                entry=sb.userDB.createEntry(username, mem);
                sb.userDB.addEntry(entry);
+				prop.put("page_text_username", username);
+				prop.put("page_text", 1);
                
            } else { //edit user
                username=(String)post.get("username");
@ -156,7 +158,7 @@ public class User_p {
                lastName=(String)post.get("lastname");
                address=(String)post.get("address");
                timeLimit=(String)post.get("timelimit");
-                timeUsed=(String)post.get("timelimit");
+                timeUsed=(String)post.get("timeused");

                entry = sb.userDB.getEntry(username);
 				if(entry != null){
@ -169,10 +171,13 @@ public class User_p {
 	                    entry.setProperty(userDB.Entry.TIME_USED, timeUsed);
 		            }catch (IOException e){
 					}
-                }//TODO? else error
-                
-
-            }
+                }else{
+					prop.put("page_error", 1);
+				}
+				prop.put("page_text_username", username);
+				prop.put("page_text", 2);
+            }//edit user
+			prop.put("page_username", username);
        }
 		
 		//Generate Userlist
--- a/source/de/anomic/http/httpd.java
+++ b/source/de/anomic/http/httpd.java
@ -61,6 +61,7 @@ import java.util.HashSet;
 import java.util.Iterator;
 import java.util.Properties;
 import java.util.StringTokenizer;
+import java.lang.StringIndexOutOfBoundsException;

 import de.anomic.server.serverByteBuffer;
 import de.anomic.server.serverCodings;
@ -71,6 +72,8 @@ import de.anomic.server.serverObjects;
 import de.anomic.server.serverSwitch;
 import de.anomic.server.logging.serverLog;
 import de.anomic.yacy.yacyCore;
+import de.anomic.plasma.plasmaSwitchboard;
+import de.anomic.data.userDB;


 /**
@ -100,7 +103,7 @@ public final class httpd implements serverHandler {
    private httpdHandler proxyHandler = null;   // a servlet that holds the proxy functions
    private httpdHandler fileHandler = null;    // a servlet that holds the file serving functions
    private httpdHandler soapHandler = null;
-    private static serverSwitch switchboard = null;
+    private static plasmaSwitchboard switchboard = null;
    private static String virtualHost = null;
    
    public static boolean keepAliveSupport = false;
@ -112,7 +115,8 @@ public final class httpd implements serverHandler {
    private boolean allowServer;
    
    // for authentication
-    private String proxyAccountBase64MD5;
+    private boolean use_proxyAccounts = false;
+	private boolean proxyAccounts_init = false; // is use_proxyAccounts set?
    private String serverAccountBase64MD5;
    private String clientIP;
    
@ -124,17 +128,19 @@ public final class httpd implements serverHandler {
    
    // needed for logging
    private final serverLog log = new serverLog("HTTPD");
+
+    private final serverCodings codings = new serverCodings(true);
    
    // class methods
    public httpd(serverSwitch s, httpdHandler fileHandler, httpdHandler proxyHandler) {
        // handler info
-        httpd.switchboard = s;
+        httpd.switchboard = (plasmaSwitchboard)s;
        this.fileHandler = fileHandler;
        this.proxyHandler = proxyHandler;
        httpd.virtualHost = switchboard.getConfig("fileHost","localhost");
        
        // authentication: by default none
-        this.proxyAccountBase64MD5 = null;
+        this.proxyAccounts_init = false;
        this.serverAccountBase64MD5 = null;
        this.clientIP = null;
        
@ -152,7 +158,7 @@ public final class httpd implements serverHandler {
        this.userAddress = null;
        this.allowProxy = false;
        this.allowServer = false;
-        this.proxyAccountBase64MD5 = null;
+        this.proxyAccounts_init = false;
        this.serverAccountBase64MD5 = null;
        this.clientIP = null;
        this.prop.clear();
@ -186,7 +192,7 @@ public final class httpd implements serverHandler {
            throw new IOException(errorMsg);
        }
        
-        this.proxyAccountBase64MD5 = null;
+        this.proxyAccounts_init = false;
        this.serverAccountBase64MD5 = null;
    }
    
@ -301,21 +307,43 @@ public final class httpd implements serverHandler {
        String httpVersion = this.prop.getProperty("HTTP", "HTTP/0.9");            
        
        // reading the authentication settings from switchboard
-        if (this.proxyAccountBase64MD5 == null) 
-            this.proxyAccountBase64MD5 = switchboard.getConfig("proxyAccountBase64MD5", "");
+        if (this.proxyAccounts_init == false) {
+            this.use_proxyAccounts = (switchboard.getConfig("use_proxyAccounts", "false").equals("true") ? true : false);
+			this.proxyAccounts_init = true; // is initialised
+		}
        
-        if (this.proxyAccountBase64MD5.length() > 0) {
+        if (this.use_proxyAccounts) {
            String auth = (String) header.get(httpHeader.PROXY_AUTHORIZATION,"xxxxxx");    
-            if (!this.proxyAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) {
-                // ask for authenticate
-                this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString +
-                        httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes());
-                this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes());
-                this.session.out.write("\r\n".getBytes());                   
-                return false;
-            }
-        }
-        return true;
+			auth=auth.trim().substring(6);
+            try{
+                auth=codings.decodeBase64String(auth);
+            }catch(StringIndexOutOfBoundsException e){} //no valid Base64
+            String[] tmp=auth.split(":");
+            if(tmp.length == 2){
+                userDB.Entry entry=switchboard.userDB.getEntry(tmp[0]);
+                if( entry != null && entry.getMD5EncodedUserPwd().equals(serverCodings.encodeMD5Hex(auth)) ){
+					//TODO: Check Timelimits
+                    return true;
+                }
+			}
+            // ask for authenticate
+            this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString +
+				httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes());
+            this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes());
+            this.session.out.write("\r\n".getBytes());                   
+            return false;
+//            if (!this.proxyAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) {
+//                // ask for authenticate
+//                this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString +
+//                        httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes());
+//                this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes());
+//                this.session.out.write("\r\n".getBytes());                   
+//                return false;
+//            }
+        }else{
+			return true;
+		}
+        //return false; //UNREACHABLE
    }
    
    public Boolean UNKNOWN(String requestLine) throws IOException {
--- a/source/de/anomic/plasma/plasmaSwitchboard.java
+++ b/source/de/anomic/plasma/plasmaSwitchboard.java
@ -627,6 +627,7 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser
            indexDistribution.close();
            cacheLoader.close();
            wikiDB.close();
+			userDB.close();
            messageDB.close();
            if (facilityDB != null) facilityDB.close();
            urlPool.close();
--- a/yacy.init
+++ b/yacy.init
@ -174,12 +174,16 @@ proxyClient=localhost,127.0.0.1,192.168.*,10.*
 # search services.
 serverClient=*

-# proxyAccount: a user:password - pair for proxy authentification
-# leave empty for no authenication
-# example:
-#proxyAccount=jim:knopf
-proxyAccount=
-proxyAccountBase64MD5=
+### proxyAccount: a user:password - pair for proxy authentification
+### leave empty for no authenication
+### example:
+##proxyAccount=jim:knopf
+##proxyAccount=
+##proxyAccountBase64MD5=
+
+# use_proxyAccounts: set to true to restrict proxy-access to some identified users.
+#use User_p.html to create some Users.
+use_proxyAccounts=false

 # serverAccount: a user:password - pair for web server access
 # this is the access to the 'public' pages on the server