Fawkes API  Fawkes Development Version
user_verifier.cpp
00001 
00002 /***************************************************************************
00003  *  user_verifier.cpp - Webview user verifier
00004  *
00005  *  Created: Mon Jan 24 18:43:47 2011
00006  *  Copyright  2006-2011  Tim Niemueller [www.niemueller.de]
00007  *
00008  ****************************************************************************/
00009 
00010 /*  This program is free software; you can redistribute it and/or modify
00011  *  it under the terms of the GNU General Public License as published by
00012  *  the Free Software Foundation; either version 2 of the License, or
00013  *  (at your option) any later version.
00014  *
00015  *  This program is distributed in the hope that it will be useful,
00016  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
00017  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00018  *  GNU Library General Public License for more details.
00019  *
00020  *  Read the full text in the LICENSE.GPL file in the doc directory.
00021  */
00022 
00023 #include "user_verifier.h"
00024 
00025 #include <core/exception.h>
00026 #include <config/config.h>
00027 #include <logging/logger.h>
00028 
00029 #include <string>
00030 #ifdef __USE_GNU
00031 #  include <crypt.h>
00032 #else
00033 #  include <unistd.h>
00034 #endif
00035 
00036 #define HASH_REGEX "^(\\$([[:alnum:]]+)\\$([a-zA-Z0-9/.]+)\\$)[a-zA-Z0-9/.]+$"
00037 
00038 using namespace fawkes;
00039 
00040 /** @class WebviewUserVerifier "user_verifier.h"
00041  * Webview user verification.
00042  * Verifies users against entries in the configuration database.
00043  * @author Tim Niemueller
00044  */
00045 
00046 /** Constructor.
00047  * @param config configuration to read users from
00048  * @param logger logger for log output
00049  */
00050 WebviewUserVerifier::WebviewUserVerifier(Configuration *config, Logger *logger)
00051   : config(config), logger(logger)
00052 {
00053   int regerr;
00054   if ((regerr = regcomp(&__hash_regex, HASH_REGEX, REG_EXTENDED)) != 0) {
00055     char errtmp[1024];
00056     regerror(regerr, &__hash_regex, errtmp, sizeof(errtmp));
00057     regfree(&__hash_regex);
00058     throw Exception("Failed to compile hash regex: %s", errtmp);
00059   }
00060 }
00061 
00062 
00063 /** Destructor. */
00064 WebviewUserVerifier::~WebviewUserVerifier()
00065 {
00066   regfree(&__hash_regex);
00067 }
00068 
00069 
00070 bool
00071 WebviewUserVerifier::verify_user(const char *user, const char *password) throw()
00072 {
00073   try {
00074     std::string userpath = std::string("/webview/users/") + user;
00075     std::string confpass = config->get_string(userpath.c_str());
00076 
00077     regmatch_t m[4];
00078     if (regexec(&__hash_regex, confpass.c_str(), 4, m, 0) == REG_NOMATCH) {
00079       // assume clear text
00080       //logger->log_warn("WebviewUserVerifier", "Access denied for user %s, "
00081       //                       "invalid clear text password", user);
00082       return (confpass == password);
00083     }
00084 
00085 #ifdef __USE_GNU
00086     struct crypt_data cd;
00087     cd.initialized = 0;
00088 
00089     char *crypted = crypt_r(password, confpass.c_str(), &cd);
00090 #else
00091     char *crypted = crypt(password, confpass.c_str());
00092 #endif
00093 
00094     if (confpass == crypted) {
00095       return true;
00096     } else {
00097       //logger->log_warn("WebviewUserVerifier", "Access denied for user %s, "
00098       //                       "invalid clear hashed password", user);
00099       return false;
00100     }
00101 
00102   } catch (Exception &e) {
00103     //logger->log_warn("WebviewUserVerifier", "Access denied for unknown user %s",
00104     //               user);
00105     return false;
00106   }
00107 
00108   // should not actually happen, just in case...
00109   return false;
00110 }