/*
* This file is part of rasdaman community.
*
* Rasdaman community is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Rasdaman community is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with rasdaman community. If not, see .
*
* Copyright 2003, 2004, 2005, 2006, 2007, 2008, 2009 Peter Baumann /
rasdaman GmbH.
*
* For more information please see
* or contact Peter Baumann via .
/
/**
* SOURCE: rasmgr_users.cc
*
* MODULE: rasmgr
* CLASS: User, UserManager, Authorization
*
* PURPOSE:
* User management
*
* COMMENTS:
* None
*
*/
using namespace std;
#include "rasmgr_users.hh"
#include "ras_crypto.hh"
#include "rasmgr_host.hh"
#include
#include "debug.hh"
extern bool hostCmp( const char *h1, const char *h2);
User::User()
{ userID=-1;
userName[0]=0;
passWord[0]=0;
valid=false;
adminRight=authorization.getGlobalInitAdminRights();
databRight=authorization.getGlobalInitDatabRights();;
}
void User::init(long userID, const char *name)
{ strcpy(userName,name);
this->userID=userID;
changePTPassword(name);
valid=true;
}
void User::changeName(const char *name)
{ strcpy(userName,name);
}
void User::changePassword(const char *encrPass)
{ strcpy(passWord,encrPass);
}
void User::changePTPassword(const char *plainTextPass)
{
messageDigest(plainTextPass,passWord,"MD5");
//std::cout<<"passwd="<ptrDatabase->getName(),databName)==0)
{
dbRList.erase(iter);
return true;
}
iter++;
}
return false;
}
void User::loadToRec(AuthUserRec &rec)
{
rec.userID=userID;
strcpy(rec.userName,userName);
strcpy(rec.passWord,passWord);
rec.adminRight=adminRight;
rec.databRight=databRight;
rec.countRights=dbRList.size();
}
void User::loadFromRec(AuthUserRec &rec)
{
userID=rec.userID;
strcpy(userName,rec.userName);
strcpy(passWord,rec.passWord);
adminRight =rec.adminRight;
databRight =rec.databRight;
valid=true;
}
long User::countRights()
{ return dbRList.size();
}
bool User::loadRightToRec(int x,AuthDbRRec &rec)
{
if(x>=dbRList.size()) return false;
list::iterator iter=dbRList.begin();
for(int i=0;iptrDatabase->getName());
rec.right=iter->databRight;
return true;
}
bool User::loadRightFromRec(AuthDbRRec &rec)
{ return setDatabaseRights(rec.dbName,rec.right);
}
bool User::isValid()
{ return valid;
}
//------------------------------------------------------------------
UserManager::UserManager()
{
lastUserID=0;
}
UserManager::~UserManager()
{
}
void UserManager::loadDefaults()
{
insertNewUser("rasadmin");
userList.back().changePTPassword("rasadmin");
userList.back().setAdminRights(admR_full);
userList.back().setDefaultDBRights(dbR_read+dbR_write);
// if there is a license for one user only, we don't have a rasguest
if(userManager.insertNewUser("rasguest"))
{ userList.back().changePTPassword("rasguest");
userList.back().setAdminRights(admR_none);
userList.back().setDefaultDBRights(dbR_read);
}
}
bool UserManager::insertNewUser(const char *userName)
{
if(testUniqueness(userName)==false) return false;
User tempUser;
userList.push_back(tempUser);
User &refUser=userList.back();
refUser.init(lastUserID++,userName);
return true;
}
bool UserManager::removeUser(const char *userName)
{
list::iterator iter=userList.begin();
for(int i=0;igetName(),userName)==0)
{
userList.erase(iter);
return true;
}
iter++;
}
return false;
}
int UserManager::countUsers()
{ return userList.size();
}
User& UserManager::operator[](int x)
{ list::iterator iter=userList.begin();
for(int i=0;i::iterator iter=userList.begin();
//std::cout<<"Size="<getName()<<" "<isValid()<getName(),userName)==0) return *iter;
iter++;
}
return protElem;
}
void UserManager::removeDatabaseRights(const char *databName)
{
list::iterator iter=userList.begin();
for(int i=0;iremoveDatabaseRights(databName);
iter++;
}
}
bool UserManager::testUniqueness(const char* userName)
{
list::iterator iter=userList.begin();
for(int i=0;igetName(),userName)==0) return false;
iter++;
}
return true;
}
User& UserManager::loadUser(AuthUserRec &rec)
{ removeUser(rec.userName);
User tempUser;
userList.push_back(tempUser);
User &refUser=userList.back();
refUser.loadFromRec(rec);
return refUser;
}
long UserManager::getLastUserID()
{ return lastUserID;
}
void UserManager::setLastUserID(long lastUserID)
{ this->lastUserID=lastUserID;
}
User* UserManager::acceptEntry(const char *name,const char *encrPass)
{
list::iterator iter=userList.begin();
for(int i=0;iisThisMe(name,encrPass)) return &(*iter);
iter++;
}
return NULL;
}
bool UserManager::reset()
{
if(config.isTestModus()==false) return false;
while(userList.size())
{
userList.pop_front();
}
return true;
}
bool UserManager::acceptChangeName(const char *oldName,const char *newName)
{
if(strcmp(oldName,newName)==0) return true; // if someone really wants to change a name with the same,
return testUniqueness(newName);
}
//##################################################################
Authorization::Authorization()
{ inConfigFile=false;
authFileName[0]=0;
#ifdef HIGHLANDER
char *rasHome=CONFDIR;
if(rasHome!=0) sprintf(authFileName,"%s/",rasHome);
#endif
strcat(authFileName,"rasmgr_auth.dat");
globalInitAdminRight=admR_none;
globalInitDatabRight=dbR_none;
}
bool Authorization::acceptEntry(const char *header)
{
char myheader[500]; strncpy(myheader,header,299); myheader[299]=0;
char *auth=strstr(myheader,"Authorization:");
if(!auth) return false;
//TALK("auth="<tm_mday,b->tm_mon+1,b->tm_year+1900,b->tm_hour,b->tm_min,b->tm_sec);
return buffer;
}
void Authorization::setGlobalInitAdminRights(int rights)
{ globalInitAdminRight=rights;
}
void Authorization::setGlobalInitDatabRights(int rights)
{ globalInitDatabRight=rights;
}
int Authorization::getGlobalInitAdminRights()
{ return globalInitAdminRight;
}
int Authorization::getGlobalInitDatabRights()
{ return globalInitDatabRight;
}
const char * Authorization::convertAdminRights(int r)
{ static char buffer[20];
char C= (r & admR_config) ? 'C':'.';
char A= (r & admR_acctrl) ? 'A':'.';
char S= (r & admR_sysup ) ? 'S':'.';
char I= (r & admR_info ) ? 'I':'.';
sprintf(buffer,"%c%c%c%c",C,A,S,I);
return buffer;
}
const char * Authorization::convertDatabRights(int r)
{ static char buffer[20];
char R= (r & dbR_read) ? 'R':'.';
char W= (r & dbR_write) ? 'W':'.';
sprintf(buffer,"%c%c",R,W);
return buffer;
}
const char * Authorization::convertGlobalInitAdminRights()
{ return convertAdminRights(globalInitAdminRight);
}
const char * Authorization::convertGlobalInitDatabRights()
{ return convertDatabRights(globalInitDatabRight);
}
int Authorization::convertAdminRights(const char *rString)
{
int rights=admR_none;
for(int i=0;rString[i];i++)
{
switch(rString[i])
{ case 'C': rights|=admR_config;break;
case 'A': rights|=admR_acctrl;break;
case 'S': rights|=admR_sysup; break;
case 'I': rights|=admR_info; break;
case 'R':
case 'W':
case '[':
case ']':
case '-':
case '.': break;
default : return -1; // error!!!
}
}
return rights;
}
int Authorization::convertDatabRights(const char *rString)
{
int rights=dbR_none;
for(int i=0;rString[i];i++)
{
switch(rString[i])
{
case 'C':
case 'A':
case 'S':
case 'I': break;
case 'R': rights|=dbR_read; break;
case 'W': rights|=dbR_write;break;
case '[':
case ']':
case '-':
case '.': break;
default : return -1; // error!!!
}
}
return rights;
}
bool Authorization::hasAdminRights(int right)
{
return inConfigFile ? true : curUser->hasAdminRights(right);
}
// return name of alternate config file;
// takes value from preceding saveAltAuthFile() call.
const char *Authorization::getAltAuthFileName()
{
return altAuthFileName;
}
// save auth file at original place, i.e., under the name of authFile
bool Authorization::saveOrigAuthFile()
{
ENTER( "Authorization::saveOrigAuthFile: enter." );
bool result = saveAuthFile();
LEAVE( "Authorization::saveOrigAltAuthFile: leave. result=" << result );
return result;
}
// save authorization file in another file, same dir as auth file
bool Authorization::saveAltAuthFile()
{
bool result = true;
char origFileName[ sizeof(authFileName) ]; // temp copy of origFileName
ENTER( "Authorization::saveAltAuthFile: enter." );
// save original file name
(void) strcpy( origFileName, authFileName );
// build temp file by appending a unique string
(void) strcpy( altAuthFileName, authFileName );
(void) strcat( altAuthFileName, ".XXXXXX" ); // 6 * 'X', see man mkstemp()
int altFile = mkstemp( altAuthFileName ); // replaces the Xs by unique string
if (altFile < 0) // error in creating file name
{
int tempError = errno;
TALK( "Authorization::saveAltAuthFile: error creating alternate file name: " << strerror(tempError) );
result = false;
}
if (result == true)
{
// now we have a valid + open file, but we can't use it like that, because we open down below.
// so close it again, being happy that we have a valid file name. bad hack, though.
int closeResult = close( altFile );
if (closeResult != 0)
TALK( "Authorization::saveAltAuthFile: error in temporary closing file, ignoring that." );
}
if (result == true)
{
(void) strcpy( authFileName, altAuthFileName ); // set file to be written to alternate name
result = saveAuthFile(); // save file, name has been substituted successfully
TALK( "Authorization::saveAltAuthFile: save to " << authFileName << " done, result=" << result );
(void) strcpy( authFileName, origFileName ); // restore original auth file name
}
LEAVE( "Authorization::saveAltAuthFile: leave. result=" << result );
return result;
}