Added plugin invokers for authentication code.

This commit is contained in:
Jan Vidar Krey 2010-07-23 01:23:13 +02:00
parent c6cf03614f
commit 350791cdf8
6 changed files with 64 additions and 39 deletions

View File

@ -53,30 +53,30 @@ static int check_cmd_user(const char* cmd, int status, struct linked_list* list,
{
char* data;
char* data_extra;
struct hub_user_access_info* info = 0;
struct auth_info* info = 0;
if (!strncmp(line, cmd, strlen(cmd)))
{
data = &line[strlen(cmd)];
data_extra = 0;
data[0] = '\0';
data++;
data = strip_white_space(data);
if (!*data)
{
LOG_FATAL("ACL parse error on line %d", line_count);
return -1;
}
info = hub_malloc_zero(sizeof(struct hub_user_access_info));
info = hub_malloc_zero(sizeof(struct auth_info));
if (!info)
{
LOG_ERROR("ACL parse error. Out of memory!");
return -1;
}
if (strncmp(cmd, "user_", 5) == 0)
{
data_extra = strrchr(data, ':');
@ -86,12 +86,12 @@ static int check_cmd_user(const char* cmd, int status, struct linked_list* list,
data_extra++;
}
}
info->username = hub_strdup(data);
info->password = data_extra ? hub_strdup(data_extra) : 0;
info->status = status;
strncpy(info->nickname, data, MAX_NICK_LEN);
strncpy(info->password, data_extra, MAX_PASS_LEN);
info->credentials = status;
list_append(list, info);
LOG_DEBUG("ACL: Added user '%s' (%s)", info->username, auth_cred_to_string(info->status));
LOG_DEBUG("ACL: Added user '%s' (%s)", info->nickname, auth_cred_to_string(info->credentials));
return 1;
}
return 0;
@ -226,11 +226,9 @@ int acl_initialize(struct hub_config* config, struct acl_handle* handle)
static void acl_free_access_info(void* ptr)
{
struct hub_user_access_info* info = (struct hub_user_access_info*) ptr;
struct auth_info* info = (struct auth_info*) ptr;
if (info)
{
hub_free(info->username);
hub_free(info->password);
hub_free(info);
}
}
@ -290,16 +288,16 @@ int acl_shutdown(struct acl_handle* handle)
}
struct hub_user_access_info* acl_get_access_info(struct acl_handle* handle, const char* name)
struct auth_info* acl_get_access_info(struct acl_handle* handle, const char* name)
{
struct hub_user_access_info* info = (struct hub_user_access_info*) list_get_first(handle->users);
struct auth_info* info = (struct auth_info*) list_get_first(handle->users);
while (info)
{
if (strcasecmp(info->username, name) == 0)
if (strcasecmp((char*)info->nickname, name) == 0)
{
return info;
}
info = (struct hub_user_access_info*) list_get_next(handle->users);
info = (struct auth_info*) list_get_next(handle->users);
}
return NULL;
}
@ -432,33 +430,43 @@ const char* acl_password_generate_challenge(struct acl_handle* acl, struct hub_u
int acl_password_verify(struct acl_handle* acl, struct hub_user* user, const char* password)
{
char buf[1024];
struct hub_user_access_info* access;
struct auth_info* access;
const char* challenge;
char raw_challenge[64];
char password_calc[64];
uint64_t tiger_res[3];
size_t password_len;
if (!password || !user || strlen(password) != MAX_CID_LEN)
return 0;
access = acl_get_access_info(acl, user->id.nick);
if (!access || !access->password)
#ifdef PLUGIN_SUPPORT
access = (struct auth_info*) hub_malloc(sizeof(struct auth_info));
if (!plugin_auth_get_user(user->hub, user->id.nick, access))
return 0;
if (TIGERSIZE+strlen(access->password) >= 1024)
#else
access = acl_get_access_info(acl, user->id.nick);
#endif
if (!access || !access->password)
return 0;
challenge = acl_password_generate_challenge(acl, user);
base32_decode(challenge, (unsigned char*) raw_challenge, MAX_CID_LEN);
memcpy(&buf[0], (char*) access->password, strlen(access->password));
memcpy(&buf[strlen(access->password)], raw_challenge, TIGERSIZE);
password_len = strlen(access->password);
tiger((uint64_t*) buf, TIGERSIZE+strlen(access->password), (uint64_t*) tiger_res);
memcpy(&buf[0], access->password, password_len);
memcpy(&buf[password_len], raw_challenge, TIGERSIZE);
tiger((uint64_t*) buf, TIGERSIZE+password_len, (uint64_t*) tiger_res);
base32_encode((unsigned char*) tiger_res, TIGERSIZE, password_calc);
password_calc[MAX_CID_LEN] = 0;
#ifdef PLUGIN_SUPPORT
hub_free(access);
#endif
if (strcasecmp(password, password_calc) == 0)
{
return 1;

View File

@ -24,13 +24,6 @@ struct hub_config;
struct hub_user;
struct ip_addr_encap;
struct hub_user_access_info
{
char* username; /* name of user, cid or IP range */
char* password; /* password */
enum auth_credentials status;
};
struct acl_handle
{
struct linked_list* users; /* Known users. See enum user_status */
@ -45,7 +38,7 @@ struct acl_handle
extern int acl_initialize(struct hub_config* config, struct acl_handle* handle);
extern int acl_shutdown(struct acl_handle* handle);
extern struct hub_user_access_info* acl_get_access_info(struct acl_handle* handle, const char* name);
extern struct auth_info* acl_get_access_info(struct acl_handle* handle, const char* name);
extern int acl_is_cid_banned(struct acl_handle* handle, const char* cid);
extern int acl_is_ip_banned(struct acl_handle* handle, const char* ip_address);
extern int acl_is_ip_nat_override(struct acl_handle* handle, const char* ip_address);

View File

@ -535,11 +535,11 @@ static int check_limits(struct hub_info* hub, struct hub_user* user, struct adc_
static int set_credentials(struct hub_info* hub, struct hub_user* user, struct adc_message* cmd)
{
int ret = 0;
struct hub_user_access_info* info = acl_get_access_info(hub->acl, user->id.nick);
struct auth_info* info = acl_get_access_info(hub->acl, user->id.nick);
if (info)
{
user->credentials = info->status;
user->credentials = info->credentials;
ret = 1;
}
else

View File

@ -153,4 +153,22 @@ plugin_st plugin_handle_revconnect(struct hub_info* hub, struct hub_user* from,
PLUGIN_INVOKE_STATUS(hub, on_p2p_revconnect, (&user1, &user2));
}
plugin_st plugin_auth_get_user(struct hub_info* hub, const char* nickname, struct auth_info* info)
{
PLUGIN_INVOKE_STATUS(hub, auth_get_user, (nickname, info));
}
plugin_st plugin_auth_register_user(struct hub_info* hub, struct auth_info* info)
{
PLUGIN_INVOKE_STATUS(hub, auth_register_user, (info));
}
plugin_st plugin_auth_update_user(struct hub_info* hub, struct auth_info* info)
{
PLUGIN_INVOKE_STATUS(hub, auth_update_user, (info));
}
plugin_st plugin_auth_delete_user(struct hub_info* hub, struct auth_info* info)
{
PLUGIN_INVOKE_STATUS(hub, auth_delete_user, (info));
}

View File

@ -53,6 +53,12 @@ plugin_st plugin_handle_search(struct hub_info* hub, struct hub_user* user, cons
plugin_st plugin_handle_connect(struct hub_info* hub, struct hub_user* from, struct hub_user* to);
plugin_st plugin_handle_revconnect(struct hub_info* hub, struct hub_user* from, struct hub_user* to);
/* Authentication related */
int plugin_auth_get_user(struct hub_info* hub, const char* nickname, struct auth_info* info);
plugin_st plugin_auth_register_user(struct hub_info* hub, struct auth_info* user);
plugin_st plugin_auth_update_user(struct hub_info* hub, struct auth_info* user);
plugin_st plugin_auth_delete_user(struct hub_info* hub, struct auth_info* user);
#endif
#endif // HAVE_UHUB_PLUGIN_INVOKE_H

View File

@ -79,7 +79,7 @@ typedef plugin_st (*on_check_ip_late_t)(struct ip_addr_encap*);
typedef plugin_st (*on_validate_nick_t)(const char* nick);
typedef plugin_st (*on_validate_cid_t)(const char* cid);
typedef int (*auth_get_user_t)(const char* nickname, struct auth_info* info);
typedef plugin_st (*auth_get_user_t)(const char* nickname, struct auth_info* info);
typedef plugin_st (*auth_register_user_t)(struct auth_info* user);
typedef plugin_st (*auth_update_user_t)(struct auth_info* user);
typedef plugin_st (*auth_delete_user_t)(struct auth_info* user);