Added plugin invokers for authentication code.
This commit is contained in:
parent
c6cf03614f
commit
350791cdf8
@ -53,30 +53,30 @@ static int check_cmd_user(const char* cmd, int status, struct linked_list* list,
|
||||
{
|
||||
char* data;
|
||||
char* data_extra;
|
||||
struct hub_user_access_info* info = 0;
|
||||
|
||||
struct auth_info* info = 0;
|
||||
|
||||
if (!strncmp(line, cmd, strlen(cmd)))
|
||||
{
|
||||
data = &line[strlen(cmd)];
|
||||
data_extra = 0;
|
||||
data[0] = '\0';
|
||||
data++;
|
||||
|
||||
|
||||
data = strip_white_space(data);
|
||||
if (!*data)
|
||||
{
|
||||
LOG_FATAL("ACL parse error on line %d", line_count);
|
||||
return -1;
|
||||
}
|
||||
|
||||
info = hub_malloc_zero(sizeof(struct hub_user_access_info));
|
||||
|
||||
|
||||
info = hub_malloc_zero(sizeof(struct auth_info));
|
||||
|
||||
if (!info)
|
||||
{
|
||||
LOG_ERROR("ACL parse error. Out of memory!");
|
||||
return -1;
|
||||
}
|
||||
|
||||
|
||||
if (strncmp(cmd, "user_", 5) == 0)
|
||||
{
|
||||
data_extra = strrchr(data, ':');
|
||||
@ -86,12 +86,12 @@ static int check_cmd_user(const char* cmd, int status, struct linked_list* list,
|
||||
data_extra++;
|
||||
}
|
||||
}
|
||||
|
||||
info->username = hub_strdup(data);
|
||||
info->password = data_extra ? hub_strdup(data_extra) : 0;
|
||||
info->status = status;
|
||||
|
||||
strncpy(info->nickname, data, MAX_NICK_LEN);
|
||||
strncpy(info->password, data_extra, MAX_PASS_LEN);
|
||||
info->credentials = status;
|
||||
list_append(list, info);
|
||||
LOG_DEBUG("ACL: Added user '%s' (%s)", info->username, auth_cred_to_string(info->status));
|
||||
LOG_DEBUG("ACL: Added user '%s' (%s)", info->nickname, auth_cred_to_string(info->credentials));
|
||||
return 1;
|
||||
}
|
||||
return 0;
|
||||
@ -226,11 +226,9 @@ int acl_initialize(struct hub_config* config, struct acl_handle* handle)
|
||||
|
||||
static void acl_free_access_info(void* ptr)
|
||||
{
|
||||
struct hub_user_access_info* info = (struct hub_user_access_info*) ptr;
|
||||
struct auth_info* info = (struct auth_info*) ptr;
|
||||
if (info)
|
||||
{
|
||||
hub_free(info->username);
|
||||
hub_free(info->password);
|
||||
hub_free(info);
|
||||
}
|
||||
}
|
||||
@ -290,16 +288,16 @@ int acl_shutdown(struct acl_handle* handle)
|
||||
}
|
||||
|
||||
|
||||
struct hub_user_access_info* acl_get_access_info(struct acl_handle* handle, const char* name)
|
||||
struct auth_info* acl_get_access_info(struct acl_handle* handle, const char* name)
|
||||
{
|
||||
struct hub_user_access_info* info = (struct hub_user_access_info*) list_get_first(handle->users);
|
||||
struct auth_info* info = (struct auth_info*) list_get_first(handle->users);
|
||||
while (info)
|
||||
{
|
||||
if (strcasecmp(info->username, name) == 0)
|
||||
if (strcasecmp((char*)info->nickname, name) == 0)
|
||||
{
|
||||
return info;
|
||||
}
|
||||
info = (struct hub_user_access_info*) list_get_next(handle->users);
|
||||
info = (struct auth_info*) list_get_next(handle->users);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
@ -432,33 +430,43 @@ const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_u
|
||||
int acl_password_verify(struct acl_handle* acl, struct hub_user* user, const char* password)
|
||||
{
|
||||
char buf[1024];
|
||||
struct hub_user_access_info* access;
|
||||
struct auth_info* access;
|
||||
const char* challenge;
|
||||
char raw_challenge[64];
|
||||
char password_calc[64];
|
||||
uint64_t tiger_res[3];
|
||||
|
||||
size_t password_len;
|
||||
|
||||
if (!password || !user || strlen(password) != MAX_CID_LEN)
|
||||
return 0;
|
||||
|
||||
access = acl_get_access_info(acl, user->id.nick);
|
||||
if (!access || !access->password)
|
||||
#ifdef PLUGIN_SUPPORT
|
||||
access = (struct auth_info*) hub_malloc(sizeof(struct auth_info));
|
||||
if (!plugin_auth_get_user(user->hub, user->id.nick, access))
|
||||
return 0;
|
||||
|
||||
if (TIGERSIZE+strlen(access->password) >= 1024)
|
||||
#else
|
||||
access = acl_get_access_info(acl, user->id.nick);
|
||||
#endif
|
||||
if (!access || !access->password)
|
||||
return 0;
|
||||
|
||||
challenge = acl_password_generate_challenge(acl, user);
|
||||
|
||||
base32_decode(challenge, (unsigned char*) raw_challenge, MAX_CID_LEN);
|
||||
|
||||
memcpy(&buf[0], (char*) access->password, strlen(access->password));
|
||||
memcpy(&buf[strlen(access->password)], raw_challenge, TIGERSIZE);
|
||||
password_len = strlen(access->password);
|
||||
|
||||
tiger((uint64_t*) buf, TIGERSIZE+strlen(access->password), (uint64_t*) tiger_res);
|
||||
memcpy(&buf[0], access->password, password_len);
|
||||
memcpy(&buf[password_len], raw_challenge, TIGERSIZE);
|
||||
|
||||
tiger((uint64_t*) buf, TIGERSIZE+password_len, (uint64_t*) tiger_res);
|
||||
base32_encode((unsigned char*) tiger_res, TIGERSIZE, password_calc);
|
||||
password_calc[MAX_CID_LEN] = 0;
|
||||
|
||||
#ifdef PLUGIN_SUPPORT
|
||||
hub_free(access);
|
||||
#endif
|
||||
|
||||
if (strcasecmp(password, password_calc) == 0)
|
||||
{
|
||||
return 1;
|
||||
|
@ -24,13 +24,6 @@ struct hub_config;
|
||||
struct hub_user;
|
||||
struct ip_addr_encap;
|
||||
|
||||
struct hub_user_access_info
|
||||
{
|
||||
char* username; /* name of user, cid or IP range */
|
||||
char* password; /* password */
|
||||
enum auth_credentials status;
|
||||
};
|
||||
|
||||
struct acl_handle
|
||||
{
|
||||
struct linked_list* users; /* Known users. See enum user_status */
|
||||
@ -45,7 +38,7 @@ struct acl_handle
|
||||
extern int acl_initialize(struct hub_config* config, struct acl_handle* handle);
|
||||
extern int acl_shutdown(struct acl_handle* handle);
|
||||
|
||||
extern struct hub_user_access_info* acl_get_access_info(struct acl_handle* handle, const char* name);
|
||||
extern struct auth_info* acl_get_access_info(struct acl_handle* handle, const char* name);
|
||||
extern int acl_is_cid_banned(struct acl_handle* handle, const char* cid);
|
||||
extern int acl_is_ip_banned(struct acl_handle* handle, const char* ip_address);
|
||||
extern int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address);
|
||||
|
@ -535,11 +535,11 @@ static int check_limits(struct hub_info* hub, struct hub_user* user, struct adc_
|
||||
static int set_credentials(struct hub_info* hub, struct hub_user* user, struct adc_message* cmd)
|
||||
{
|
||||
int ret = 0;
|
||||
struct hub_user_access_info* info = acl_get_access_info(hub->acl, user->id.nick);
|
||||
struct auth_info* info = acl_get_access_info(hub->acl, user->id.nick);
|
||||
|
||||
if (info)
|
||||
{
|
||||
user->credentials = info->status;
|
||||
user->credentials = info->credentials;
|
||||
ret = 1;
|
||||
}
|
||||
else
|
||||
|
@ -153,4 +153,22 @@ plugin_st plugin_handle_revconnect(struct hub_info* hub, struct hub_user* from,
|
||||
PLUGIN_INVOKE_STATUS(hub, on_p2p_revconnect, (&user1, &user2));
|
||||
}
|
||||
|
||||
plugin_st plugin_auth_get_user(struct hub_info* hub, const char* nickname, struct auth_info* info)
|
||||
{
|
||||
PLUGIN_INVOKE_STATUS(hub, auth_get_user, (nickname, info));
|
||||
}
|
||||
|
||||
plugin_st plugin_auth_register_user(struct hub_info* hub, struct auth_info* info)
|
||||
{
|
||||
PLUGIN_INVOKE_STATUS(hub, auth_register_user, (info));
|
||||
}
|
||||
|
||||
plugin_st plugin_auth_update_user(struct hub_info* hub, struct auth_info* info)
|
||||
{
|
||||
PLUGIN_INVOKE_STATUS(hub, auth_update_user, (info));
|
||||
}
|
||||
|
||||
plugin_st plugin_auth_delete_user(struct hub_info* hub, struct auth_info* info)
|
||||
{
|
||||
PLUGIN_INVOKE_STATUS(hub, auth_delete_user, (info));
|
||||
}
|
||||
|
@ -53,6 +53,12 @@ plugin_st plugin_handle_search(struct hub_info* hub, struct hub_user* user, cons
|
||||
plugin_st plugin_handle_connect(struct hub_info* hub, struct hub_user* from, struct hub_user* to);
|
||||
plugin_st plugin_handle_revconnect(struct hub_info* hub, struct hub_user* from, struct hub_user* to);
|
||||
|
||||
/* Authentication related */
|
||||
int plugin_auth_get_user(struct hub_info* hub, const char* nickname, struct auth_info* info);
|
||||
plugin_st plugin_auth_register_user(struct hub_info* hub, struct auth_info* user);
|
||||
plugin_st plugin_auth_update_user(struct hub_info* hub, struct auth_info* user);
|
||||
plugin_st plugin_auth_delete_user(struct hub_info* hub, struct auth_info* user);
|
||||
|
||||
#endif
|
||||
|
||||
#endif // HAVE_UHUB_PLUGIN_INVOKE_H
|
||||
|
@ -79,7 +79,7 @@ typedef plugin_st (*on_check_ip_late_t)(struct ip_addr_encap*);
|
||||
typedef plugin_st (*on_validate_nick_t)(const char* nick);
|
||||
typedef plugin_st (*on_validate_cid_t)(const char* cid);
|
||||
|
||||
typedef int (*auth_get_user_t)(const char* nickname, struct auth_info* info);
|
||||
typedef plugin_st (*auth_get_user_t)(const char* nickname, struct auth_info* info);
|
||||
typedef plugin_st (*auth_register_user_t)(struct auth_info* user);
|
||||
typedef plugin_st (*auth_update_user_t)(struct auth_info* user);
|
||||
typedef plugin_st (*auth_delete_user_t)(struct auth_info* user);
|
||||
|
Loading…
Reference in New Issue
Block a user