diff options
Diffstat (limited to 'database/sqlite/edb-sqlite.c')
| -rw-r--r-- | database/sqlite/edb-sqlite.c | 132 |
1 files changed, 48 insertions, 84 deletions
diff --git a/database/sqlite/edb-sqlite.c b/database/sqlite/edb-sqlite.c index c7729e5..58e69cd 100644 --- a/database/sqlite/edb-sqlite.c +++ b/database/sqlite/edb-sqlite.c @@ -35,7 +35,6 @@ #include <eurephiadb_session_common.h> #include <eurephiadb_session_struct.h> #include <passwd.h> -#include <sha512.h> #include "sqlite.h" #ifdef MEMWATCH @@ -657,7 +656,7 @@ char *eDBget_sessionkey_macaddr(eurephiaCTX *ctx, const char *macaddr) { // Function returns true(1) if session key is unique -int _local_eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { +int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { dbresult *res; int uniq = 0; @@ -698,10 +697,6 @@ int _local_eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) return uniq; } -inline int eDBcheck_sessionkey_uniqueness(eurephiaCTX *ctx, const char *seskey) { - return _local_eDBcheck_sessionkey_uniqueness(ctx, seskey); -} - // register a link between a short-term session seed and a long-term session key @@ -937,20 +932,23 @@ eurephiaVALUES *eDBget_blacklisted_ip(eurephiaCTX *ctx) { */ // Authenticate admin user against user database -eurephiaSESSION *eDBadminAuth(eurephiaCTX *ctx, const char interface, const char *uname, const char *pwd) { - eurephiaSESSION *new_sess = NULL; +int eDBadminAuth(eurephiaCTX *ctx, const char *uname, const char *pwd) { dbresult *res = NULL; - char *crpwd = NULL, *randdata = NULL; + char *crpwd = NULL; char *activated = NULL, *deactivated = NULL, *blid = NULL; - int uid = -1, admacc = 0, pwok = 0, loop = 0, uniqchk = 0; - SHA512Context sha; - uint8_t sha_res[SHA512_HASH_SIZE]; + int uid = -1, admacc = 0, pwok = 0; assert(ctx != NULL); + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) + && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); + return 0; + } + if( (strlen_nullsafe(uname) < 4) || (strlen_nullsafe(pwd) < 4) ) { eurephia_log(ctx, LOG_WARNING, 0, "User name and/or password is either null or less than 4 bytes"); - return NULL; + return 0; } // @@ -970,7 +968,7 @@ eurephiaSESSION *eDBadminAuth(eurephiaCTX *ctx, const char interface, const char if( !res ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not authenticate user against the database"); - return NULL; + return 0; } if( sqlite_get_numtuples(res) == 1 ) { @@ -985,119 +983,85 @@ eurephiaSESSION *eDBadminAuth(eurephiaCTX *ctx, const char interface, const char eurephia_log(ctx, LOG_WARNING, 0, "Your user account is BLACKLISTED. You have no access."); sqlite_free_results(res); - return NULL; + return 0; } if( activated == NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is not yet activated."); sqlite_free_results(res); - return NULL; + return 0; } if( deactivated != NULL ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is deactivated."); sqlite_free_results(res); - return NULL; + return 0; } if( admacc != 1 ) { eurephia_log(ctx, LOG_WARNING, 0, "Your user account is lacking privileges"); sqlite_free_results(res); - return NULL; + return 0; } if( pwok != 1 ) { eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed,"); sqlite_free_results(res); - return NULL; + return 0; } } else { eurephia_log(ctx, LOG_WARNING, 0, "Authentication failed. Too many records found."); sqlite_free_results(res); - return NULL; + return 0; } sqlite_free_results(res); + // If we reach this place, authentication was successful. Return users uid + return uid; +} - // - // If we reach this place, authentication was successful ... create session - // - - // Get a unique session key - randdata = (char *) malloc(514); - assert(randdata != NULL); - - new_sess = (eurephiaSESSION *) malloc(sizeof(eurephiaSESSION) + 2); - assert(new_sess != NULL); - memset(new_sess, 0, sizeof(eurephiaSESSION) + 2); - - do { - char *ptr = NULL; - int i = 0; - - memset(randdata, 0, 514); - if( !eDBsessionGetRandString(ctx, randdata, 512) ) { - eurephia_log(ctx, LOG_FATAL, 0, "Could not generate enough random data for session"); - free_nullsafe(randdata); - free_nullsafe(new_sess); - return NULL; - } - - memset(&sha, 0, sizeof(SHA512Context)); - memset(&sha_res, 0, sizeof(sha_res)); +int eDBadminValidateSession(eurephiaCTX *ctx, char *sesskey) { - free_nullsafe(new_sess->sessionkey); - new_sess->sessionkey = (char *) malloc((SHA512_HASH_SIZE*2) + 3); - assert(new_sess->sessionkey != NULL); - memset(new_sess->sessionkey, 0, (SHA512_HASH_SIZE*2) + 3); + assert( (ctx != NULL) && (sesskey != NULL) ); - SHA512Init(&sha); - SHA512Update(&sha, randdata, 512); - SHA512Final(&sha, sha_res); + if( (ctx->context_type != ECTX_ADMIN_CONSOLE) + && (ctx->context_type != ECTX_ADMIN_WEB) ) { + eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); + return 0; + } + return 0; +} - ptr = new_sess->sessionkey; - for( i = 0; i < SHA512_HASH_SIZE; i++ ) { - sprintf(ptr, "%02x", sha_res[i]); - ptr++; - } - memset(&sha, 0, sizeof(SHA512Context)); - memset(&sha_res, 0, sizeof(sha_res)); - free_nullsafe(randdata); +int eDBadminRegisterLogin(eurephiaCTX *ctx, eurephiaSESSION *session) { + dbresult *res = NULL; + char interface; + int uid; - loop++; - fprintf(stderr, "---> %s\n", new_sess->sessionkey); - uniqchk = _local_eDBcheck_sessionkey_uniqueness(ctx, new_sess->sessionkey); - } while( (uniqchk == 0) && (loop < 11) ); - free_nullsafe(randdata); + assert((ctx != NULL) && (session != NULL)); - if( uniqchk == 0 ) { - eurephia_log(ctx, LOG_FATAL, 0, - "Did not manage to create a unique session key after %i attemtps. Aborting.", - loop-1); - free_nullsafe(new_sess->sessionkey); - free_nullsafe(new_sess); - return NULL; + switch( ctx->context_type ) { + case ECTX_ADMIN_CONSOLE: + interface = 'C'; break; + case ECTX_ADMIN_WEB: + interface = 'W'; break; + default: + eurephia_log(ctx, LOG_ERROR, 0, "Wrong eurephia context type (0x%04x)", ctx->context_type); + return 0; } // Register login into eurephia_adminlog ... uid, login, interface, sessionkey + uid = atoi_nullsafe(eGet_value(session->sessvals, "uid")); res = sqlite_query(ctx, "INSERT INTO eurephia_adminlog " " (uid, interface, status, login, last_action, sessionkey) " "VALUES ('%i','%c',1,CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '%q')", - uid, interface, new_sess->sessionkey); + uid, interface, session->sessionkey); if( !res ) { eurephia_log(ctx, LOG_FATAL, 0, "Could not manage to register the session in the database"); - free_nullsafe(new_sess->sessionkey); - free_nullsafe(new_sess); - return NULL; + return 0; } - - // 3. Return new session - return new_sess; -} - -eurephiaSESSION *eDBadminLoadSession(eurephiaCTX *ctx, char *sesskey) { - return NULL; + sqlite_free_results(res); + return 1; } eurephiaUSERLIST *eDBgetUserList(eurephiaCTX *ctx, const int sortkey) { |