[BACK]Return to user_controller.c CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / medsrv / controller
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / strongswan / src / medsrv / controller / user_controller.c
Revision 1.1.1.1 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Jun 3 09:46:43 2020 UTC (4 years, 10 months ago) by misho
Branches: strongswan, MAIN
CVS tags: v5_9_2p0, v5_8_4p7, HEAD
Strongswan

/*
 * Copyright (C) 2008 Martin Willi
 * Copyright (C) 2008 Philip Boetschi, Adrian Doerig
 * HSR Hochschule fuer Technik Rapperswil
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the
 * Free Software Foundation; either version 2 of the License, or (at your
 * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
 * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * for more details.
 */

#define _GNU_SOURCE
#include <string.h>

#include "user_controller.h"

#include <library.h>

typedef struct private_user_controller_t private_user_controller_t;

/**
 * private data of the user_controller
 */
struct private_user_controller_t {

	/**
	 * public functions
	 */
	user_controller_t public;

	/**
	 * database connection
	 */
	database_t *db;

	/**
	 * user session
	 */
	user_t *user;

	/**
	 * minimum required password length
	 */
	u_int password_length;
};

/**
 * hash the password for database storage
 */
static chunk_t hash_password(char *login, char *password)
{
	hasher_t *hasher;
	chunk_t hash, data;

	hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1);
	if (!hasher)
	{
		return chunk_empty;
	}
	data = chunk_cata("cc",	chunk_create(login, strlen(login)),
							chunk_create(password, strlen(password)));
	if (!hasher->allocate_hash(hasher, data, &hash))
	{
		hasher->destroy(hasher);
		return chunk_empty;
	}
	hasher->destroy(hasher);
	return hash;
}

/**
 * Login a user.
 */
static void login(private_user_controller_t *this, fast_request_t *request)
{
	if (request->get_query_data(request, "submit"))
	{
		char *login, *password;

		login = request->get_query_data(request, "login");
		password = request->get_query_data(request, "password");

		if (login && password)
		{
			enumerator_t *query;
			u_int id = 0;
			chunk_t hash;

			hash = hash_password(login, password);
			query = this->db->query(this->db,
						"SELECT id FROM user WHERE login = ? AND password = ?",
						DB_TEXT, login, DB_BLOB, hash, DB_UINT);
			if (query)
			{
				query->enumerate(query, &id);
				query->destroy(query);
			}
			free(hash.ptr);
			if (id)
			{
				this->user->set_user(this->user, id);
				return request->redirect(request, "peer/list");
			}
		}
		request->setf(request, "error=Invalid username or password.");
	}
	request->render(request, "templates/user/login.cs");
}

/**
 * Logout a user.
 */
static void logout(private_user_controller_t *this, fast_request_t *request)
{
	request->redirect(request, "user/login");
	request->close_session(request);
}

/**
 * verify a user entered username for validity
 */
static bool verify_login(private_user_controller_t *this,
						 fast_request_t *request, char *login)
{
	if (!login || *login == '\0')
	{
		request->setf(request, "error=Username is missing.");
		return FALSE;
	}
	while (*login != '\0')
	{
		switch (*login)
		{
			case 'a' ... 'z':
			case 'A' ... 'Z':
			case '0' ... '9':
			case '-':
			case '_':
			case '@':
			case '.':
				login++;
				continue;
			default:
				request->setf(request, "error=Username invalid, "
							  "valid characters: A-Z a-z 0-9 - _ @ .");
		}
	}
	return TRUE;
}

/**
 * verify a user entered password for validity
 */
static bool verify_password(private_user_controller_t *this,
							fast_request_t *request,
							char *password, char *confirm)
{
	if (!password || *password == '\0')
	{
		request->setf(request, "error=Password is missing.");
		return FALSE;
	}
	if (strlen(password) < this->password_length)
	{
		request->setf(request, "error=Password requires at least %d characters.",
					  this->password_length);
		return FALSE;
	}
	if (!confirm || !streq(password, confirm))
	{
		request->setf(request, "error=Password not confirmed.");
		return FALSE;
	}
	return TRUE;
}

/**
 * Register a user.
 */
static void add(private_user_controller_t *this, fast_request_t *request)
{
	char *login = "";

	while (request->get_query_data(request, "register"))
	{
		char *password, *confirm;
		chunk_t hash;
		u_int id;

		login = request->get_query_data(request, "new_login");
		password = request->get_query_data(request, "new_password");
		confirm = request->get_query_data(request, "confirm_password");

		if (!verify_login(this, request, login) ||
			!verify_password(this, request, password, confirm))
		{
			break;
		}

		hash = hash_password(login, password);
		if (!hash.ptr || this->db->execute(this->db, &id,
							"INSERT INTO user (login, password) VALUES (?, ?)",
							DB_TEXT, login, DB_BLOB, hash) < 0)
		{
			request->setf(request, "error=Username already exists.");
			free(hash.ptr);
			break;
		}
		free(hash.ptr);
		this->user->set_user(this->user, id);
		return request->redirect(request, "peer/list");
	}
	request->set(request, "new_login", login);
	request->setf(request, "password_length=%d", this->password_length);
	request->render(request, "templates/user/add.cs");
}

/**
 * Edit the logged in user
 */
static void edit(private_user_controller_t *this, fast_request_t *request)
{
	enumerator_t *query;
	char *old_login;

	/* lookup old login */
	query = this->db->query(this->db, "SELECT login FROM user WHERE id = ?",
							DB_INT, this->user->get_user(this->user),
							DB_TEXT);
	if (!query || !query->enumerate(query, &old_login))
	{
		DESTROY_IF(query);
		request->close_session(request);
		return request->redirect(request, "user/login");
	}
	old_login = strdupa(old_login);
	query->destroy(query);

	/* back pressed */
	if (request->get_query_data(request, "back"))
	{
		return request->redirect(request, "peer/list");
	}
	/* delete pressed */
	if (request->get_query_data(request, "delete"))
	{
		this->db->execute(this->db, NULL, "DELETE FROM user WHERE id = ?",
						  DB_UINT, this->user->get_user(this->user));
		this->db->execute(this->db, NULL,
						  "DELETE FROM peer WHERE user = ?",
						  DB_UINT, this->user->get_user(this->user));
		return logout(this, request);
	}
	/* save pressed */
	while (request->get_query_data(request, "save"))
	{
		char *new_login, *old_pass, *new_pass, *confirm;
		chunk_t old_hash, new_hash;

		new_login = request->get_query_data(request, "old_login");
		old_pass = request->get_query_data(request, "old_password");
		new_pass = request->get_query_data(request, "new_password");
		confirm = request->get_query_data(request, "confirm_password");

		if (!verify_login(this, request, new_login) ||
			!verify_password(this, request, new_pass, confirm))
		{
			old_login = new_login;
			break;
		}
		old_hash = hash_password(old_login, old_pass);
		new_hash = hash_password(new_login, new_pass);

		if (this->db->execute(this->db, NULL,
			"UPDATE user SET login = ?, password = ? "
			"WHERE id = ? AND password = ?",
			DB_TEXT, new_login, DB_BLOB, new_hash,
			DB_UINT, this->user->get_user(this->user), DB_BLOB, old_hash) <= 0)
		{
			free(new_hash.ptr);
			free(old_hash.ptr);
			old_login = new_login;
			request->setf(request, "error=Password verification failed.");
			break;
		}
		free(new_hash.ptr);
		free(old_hash.ptr);
		return request->redirect(request, "peer/list");
	}
	/* on error/template rendering */
	request->set(request, "old_login", old_login);
	request->setf(request, "password_length=%d", this->password_length);
	request->render(request, "templates/user/edit.cs");
}

METHOD(fast_controller_t, get_name, char*,
	private_user_controller_t *this)
{
	return "user";
}

METHOD(fast_controller_t, handle, void,
	private_user_controller_t *this, fast_request_t *request, char *action,
	char *p2, char *p3, char *p4, char *p5)
{
	if (action)
	{
		if (streq(action, "add"))
		{
			return add(this, request);
		}
		if (streq(action, "login"))
		{
			return login(this, request);
		}
		else if (streq(action, "logout"))
		{
			return logout(this, request);
		}
		else if (streq(action, "edit"))
		{
			return edit(this, request);
		}
		else if (streq(action, "help"))
		{
			return request->render(request, "templates/user/help.cs");
		}
	}
	request->redirect(request, "user/login");
}

METHOD(fast_controller_t, destroy, void,
	private_user_controller_t *this)
{
	free(this);
}

/*
 * see header file
 */
fast_controller_t *user_controller_create(user_t *user, database_t *db)
{
	private_user_controller_t *this;

	INIT(this,
		.public = {
			.controller = {
				.get_name = _get_name,
				.handle = _handle,
				.destroy = _destroy,
			},
		},
		.user = user,
		.db = db,
		.password_length = lib->settings->get_int(lib->settings,
												  "medsrv.password_length", 6),
	);

	return &this->public.controller;
}
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>