From f65c939a609b1dda7fac264e1cd395d38380bfd4 Mon Sep 17 00:00:00 2001 From: allo Date: Fri, 7 Oct 2005 13:49:07 +0000 Subject: [PATCH] userDB Auth git-svn-id: https://svn.berlios.de/svnroot/repos/yacy/trunk@874 6c8d7289-2bf4-0310-a012-ef5d649a1542 --- htroot/SettingsAck_p.java | 33 +++++++--- htroot/Settings_p.html | 12 +--- htroot/Settings_p.java | 9 +-- htroot/User_p.html | 12 ++-- htroot/User_p.java | 21 +++--- source/de/anomic/http/httpd.java | 66 +++++++++++++------ .../de/anomic/plasma/plasmaSwitchboard.java | 1 + yacy.init | 16 +++-- 8 files changed, 109 insertions(+), 61 deletions(-) diff --git a/htroot/SettingsAck_p.java b/htroot/SettingsAck_p.java index f69e0dc33..ebaf4f13f 100644 --- a/htroot/SettingsAck_p.java +++ b/htroot/SettingsAck_p.java @@ -137,26 +137,30 @@ public class SettingsAck_p { // read and process data String filter = (String) post.get("proxyfilter"); - String user = (String) post.get("proxyuser"); - String pw1 = (String) post.get("proxypw1"); - String pw2 = (String) post.get("proxypw2"); + String use_proxyAccounts=""; + if(post.containsKey("use_proxyaccounts")){ + //needed? or set to true by default? + use_proxyAccounts = (((String) post.get("use_proxyaccounts")).equals("on") ? "true" : "false" ); + }else{ + use_proxyAccounts = "false"; + } // do checks - if ((filter == null) || (user == null) || (pw1 == null) || (pw2 == null)) { + if ((filter == null) || (use_proxyAccounts == null)) { prop.put("info", 1);//error with submitted information return prop; } - if (user.length() == 0) { + /*if (user.length() == 0) { prop.put("info", 2);//username must be given return prop; - } - if (!(pw1.equals(pw2))) { + }*/ + /*if (!(pw1.equals(pw2))) { prop.put("info", 3);//pw check failed return prop; - } + }*/ if (filter.length() == 0) filter = "*"; // check passed. set account: env.setConfig("proxyClient", filter); - if (pw1.length() == 0) { + /*if (pw1.length() == 0) { // only ip filter setting without account env.setConfig("proxyAccountBase64MD5", ""); env.setConfig("proxyAccount", ""); @@ -169,7 +173,16 @@ public class SettingsAck_p { prop.put("info", 7);//proxy account has changed prop.put("info_user", user); prop.put("info_filter", filter); - } + }*/ + env.setConfig("use_proxyAccounts", use_proxyAccounts);//"true" or "false" + if (use_proxyAccounts.equals("false")){ + prop.put("info", 6);//proxy account has changed(no pw) + prop.put("info_filter", filter); + } else { + prop.put("info", 7);//proxy account has changed + //prop.put("info_user", user); + prop.put("info_filter", filter); + } return prop; } diff --git a/htroot/Settings_p.html b/htroot/Settings_p.html index 35e15c153..e2263d835 100644 --- a/htroot/Settings_p.html +++ b/htroot/Settings_p.html @@ -121,16 +121,8 @@ All traffic is routed throug one single port, for both proxy and server.
- Account Name: - - - - Password: - - - - Password (repeat same as above): - + Accounts: + Use Proxy Accounts diff --git a/htroot/Settings_p.java b/htroot/Settings_p.java index abe4702b5..6dc76bbfd 100644 --- a/htroot/Settings_p.java +++ b/htroot/Settings_p.java @@ -118,17 +118,18 @@ public final class Settings_p { prop.put("proxyfilter", env.getConfig("proxyClient", "*")); // proxy password - if (env.getConfig("proxyAccountBase64", "").length() == 0) { + if ( env.getConfig("use_proxyAccounts", "false").equals("false") ) { // no password has been specified - prop.put("proxyuser","proxy"); + prop.put("use_proxyAccounts", 0); //unchecked } else { - s = env.getConfig("proxyAccount", "proxy:void"); + prop.put("use_proxyAccounts", 1); //checked + /*s = env.getConfig("proxyAccount", "proxy:void"); pos = s.indexOf(":"); if (pos < 0) { prop.put("proxyuser","proxy"); } else { prop.put("proxyuser",s.substring(0, pos)); - } + }*/ } // server access filter diff --git a/htroot/User_p.html b/htroot/User_p.html index aadc72444..ac4e673e3 100644 --- a/htroot/User_p.html +++ b/htroot/User_p.html @@ -26,7 +26,7 @@ -
+ Hidden(text for debugging): Current User: #[username]#

@@ -73,18 +73,22 @@ Current User: #[username]# :: -Result: + #(text)# -leer :: User created: #[username]# +:: +User changed: #[username]# #(/text)#

#(error)# -no error +:: +generic error. :: Passwords do not match. #(/error)# +

+If you want to manage more Users, return to the user page. #(/page)# diff --git a/htroot/User_p.java b/htroot/User_p.java index 6f704f6db..d6a0b4e5c 100644 --- a/htroot/User_p.java +++ b/htroot/User_p.java @@ -103,7 +103,7 @@ public class User_p { }else if( post.containsKey("delete_user") && !((String)post.get("user")).equals("newuser") ){ sb.userDB.removeEntry((String)post.get("user")); } - } else if(post.containsKey("change")) { //Data submitted + } else if(post.containsKey("change")) { //New User prop.put("page", 1); //results prop.put("page_text", 0); prop.put("page_error", 0); @@ -123,14 +123,14 @@ public class User_p { pw=(String)post.get("password"); pw2=(String)post.get("password2"); if(! pw.equals(pw2)){ - prop.put("page_error", 1); //PW does not match + prop.put("page_error", 2); //PW does not match return prop; } firstName=(String)post.get("firstname"); lastName=(String)post.get("lastname"); address=(String)post.get("address"); timeLimit=(String)post.get("timelimit"); - timeUsed=(String)post.get("timelimit"); + timeUsed=(String)post.get("timeused"); if(!pw.equals("")){ //change only if set mem.put(userDB.Entry.MD5ENCODED_USERPWD_STRING, serverCodings.encodeMD5Hex(username+":"+pw)); @@ -143,6 +143,8 @@ public class User_p { entry=sb.userDB.createEntry(username, mem); sb.userDB.addEntry(entry); + prop.put("page_text_username", username); + prop.put("page_text", 1); } else { //edit user username=(String)post.get("username"); @@ -156,7 +158,7 @@ public class User_p { lastName=(String)post.get("lastname"); address=(String)post.get("address"); timeLimit=(String)post.get("timelimit"); - timeUsed=(String)post.get("timelimit"); + timeUsed=(String)post.get("timeused"); entry = sb.userDB.getEntry(username); if(entry != null){ @@ -169,10 +171,13 @@ public class User_p { entry.setProperty(userDB.Entry.TIME_USED, timeUsed); }catch (IOException e){ } - }//TODO? else error - - - } + }else{ + prop.put("page_error", 1); + } + prop.put("page_text_username", username); + prop.put("page_text", 2); + }//edit user + prop.put("page_username", username); } //Generate Userlist diff --git a/source/de/anomic/http/httpd.java b/source/de/anomic/http/httpd.java index ebb9a85f5..e8e576cf3 100644 --- a/source/de/anomic/http/httpd.java +++ b/source/de/anomic/http/httpd.java @@ -61,6 +61,7 @@ import java.util.HashSet; import java.util.Iterator; import java.util.Properties; import java.util.StringTokenizer; +import java.lang.StringIndexOutOfBoundsException; import de.anomic.server.serverByteBuffer; import de.anomic.server.serverCodings; @@ -71,6 +72,8 @@ import de.anomic.server.serverObjects; import de.anomic.server.serverSwitch; import de.anomic.server.logging.serverLog; import de.anomic.yacy.yacyCore; +import de.anomic.plasma.plasmaSwitchboard; +import de.anomic.data.userDB; /** @@ -100,7 +103,7 @@ public final class httpd implements serverHandler { private httpdHandler proxyHandler = null; // a servlet that holds the proxy functions private httpdHandler fileHandler = null; // a servlet that holds the file serving functions private httpdHandler soapHandler = null; - private static serverSwitch switchboard = null; + private static plasmaSwitchboard switchboard = null; private static String virtualHost = null; public static boolean keepAliveSupport = false; @@ -112,7 +115,8 @@ public final class httpd implements serverHandler { private boolean allowServer; // for authentication - private String proxyAccountBase64MD5; + private boolean use_proxyAccounts = false; + private boolean proxyAccounts_init = false; // is use_proxyAccounts set? private String serverAccountBase64MD5; private String clientIP; @@ -124,17 +128,19 @@ public final class httpd implements serverHandler { // needed for logging private final serverLog log = new serverLog("HTTPD"); + + private final serverCodings codings = new serverCodings(true); // class methods public httpd(serverSwitch s, httpdHandler fileHandler, httpdHandler proxyHandler) { // handler info - httpd.switchboard = s; + httpd.switchboard = (plasmaSwitchboard)s; this.fileHandler = fileHandler; this.proxyHandler = proxyHandler; httpd.virtualHost = switchboard.getConfig("fileHost","localhost"); // authentication: by default none - this.proxyAccountBase64MD5 = null; + this.proxyAccounts_init = false; this.serverAccountBase64MD5 = null; this.clientIP = null; @@ -152,7 +158,7 @@ public final class httpd implements serverHandler { this.userAddress = null; this.allowProxy = false; this.allowServer = false; - this.proxyAccountBase64MD5 = null; + this.proxyAccounts_init = false; this.serverAccountBase64MD5 = null; this.clientIP = null; this.prop.clear(); @@ -186,7 +192,7 @@ public final class httpd implements serverHandler { throw new IOException(errorMsg); } - this.proxyAccountBase64MD5 = null; + this.proxyAccounts_init = false; this.serverAccountBase64MD5 = null; } @@ -301,21 +307,43 @@ public final class httpd implements serverHandler { String httpVersion = this.prop.getProperty("HTTP", "HTTP/0.9"); // reading the authentication settings from switchboard - if (this.proxyAccountBase64MD5 == null) - this.proxyAccountBase64MD5 = switchboard.getConfig("proxyAccountBase64MD5", ""); + if (this.proxyAccounts_init == false) { + this.use_proxyAccounts = (switchboard.getConfig("use_proxyAccounts", "false").equals("true") ? true : false); + this.proxyAccounts_init = true; // is initialised + } - if (this.proxyAccountBase64MD5.length() > 0) { + if (this.use_proxyAccounts) { String auth = (String) header.get(httpHeader.PROXY_AUTHORIZATION,"xxxxxx"); - if (!this.proxyAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) { - // ask for authenticate - this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString + - httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes()); - this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes()); - this.session.out.write("\r\n".getBytes()); - return false; - } - } - return true; + auth=auth.trim().substring(6); + try{ + auth=codings.decodeBase64String(auth); + }catch(StringIndexOutOfBoundsException e){} //no valid Base64 + String[] tmp=auth.split(":"); + if(tmp.length == 2){ + userDB.Entry entry=switchboard.userDB.getEntry(tmp[0]); + if( entry != null && entry.getMD5EncodedUserPwd().equals(serverCodings.encodeMD5Hex(auth)) ){ + //TODO: Check Timelimits + return true; + } + } + // ask for authenticate + this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString + + httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes()); + this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes()); + this.session.out.write("\r\n".getBytes()); + return false; +// if (!this.proxyAccountBase64MD5.equals(serverCodings.encodeMD5Hex(auth.trim().substring(6)))) { +// // ask for authenticate +// this.session.out.write((httpVersion + " 407 Proxy Authentication Required" + serverCore.crlfString + +// httpHeader.PROXY_AUTHENTICATE + ": Basic realm=\"log-in\"" + serverCore.crlfString).getBytes()); +// this.session.out.write((httpHeader.CONTENT_LENGTH + ": 0\r\n").getBytes()); +// this.session.out.write("\r\n".getBytes()); +// return false; +// } + }else{ + return true; + } + //return false; //UNREACHABLE } public Boolean UNKNOWN(String requestLine) throws IOException { diff --git a/source/de/anomic/plasma/plasmaSwitchboard.java b/source/de/anomic/plasma/plasmaSwitchboard.java index 5ad85ead6..9c3a38e92 100644 --- a/source/de/anomic/plasma/plasmaSwitchboard.java +++ b/source/de/anomic/plasma/plasmaSwitchboard.java @@ -627,6 +627,7 @@ public final class plasmaSwitchboard extends serverAbstractSwitch implements ser indexDistribution.close(); cacheLoader.close(); wikiDB.close(); + userDB.close(); messageDB.close(); if (facilityDB != null) facilityDB.close(); urlPool.close(); diff --git a/yacy.init b/yacy.init index 28ddc9b73..6344519b9 100644 --- a/yacy.init +++ b/yacy.init @@ -174,12 +174,16 @@ proxyClient=localhost,127.0.0.1,192.168.*,10.* # search services. serverClient=* -# proxyAccount: a user:password - pair for proxy authentification -# leave empty for no authenication -# example: -#proxyAccount=jim:knopf -proxyAccount= -proxyAccountBase64MD5= +### proxyAccount: a user:password - pair for proxy authentification +### leave empty for no authenication +### example: +##proxyAccount=jim:knopf +##proxyAccount= +##proxyAccountBase64MD5= + +# use_proxyAccounts: set to true to restrict proxy-access to some identified users. +#use User_p.html to create some Users. +use_proxyAccounts=false # serverAccount: a user:password - pair for web server access # this is the access to the 'public' pages on the server