mirrors/urbackup_backend
2
0
Fork 0
mirror of https://github.com/uroni/urbackup_backend.git synced 2025-10-26 11:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
2.3.x
urbackup_backend/urbackupserver/serverinterface/helper.cpp
Martin Raiber d8814ca3d7 Fix session locking 
(cherry picked from commit df52d79b7aae07a54fdfc7add6d9b56accf01cd8)
2018-10-12 14:12:51 +02:00

614 lines
13 KiB
C++
Raw Permalink Blame History

/*************************************************************************
* UrBackup - Client/Server backup system
* Copyright (C) 2011-2016 Martin Raiber
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
**************************************************************************/
#include "helper.h"
#include "../../stringtools.h"
#include "../database.h"
#include <stdlib.h>
#include <algorithm>
#include "../server_settings.h"
#include "../../urlplugin/IUrlFactory.h"
#include "../../urbackupcommon/glob.h"
#include "../../cryptoplugin/ICryptoFactory.h"
extern std::string server_identity;
extern IUrlFactory *url_fak;
extern ICryptoFactory *crypto_fak;
Helper::Helper(THREAD_ID pTID, str_map *pPOST, str_map *pPARAMS)
{
prioritized = os_enable_prioritize(prio_info, Prio_SlightPrioritize);
session=NULL;
update(pTID,pPOST,pPARAMS);
Server->addHeader(pTID, "X-Frame-Options: DENY");
}
void Helper::update(THREAD_ID pTID, str_map *pPOST, str_map *pPARAMS)
{
tid=pTID;
POST=pPOST;
PARAMS=pPARAMS;
if(POST==NULL)
{
return;
}
if( session==NULL )
{
session=Server->getSessionMgr()->getUser( (*POST)["ses"], getIdentData() );
if(session!=NULL)
{
str_map::iterator it = session->mStr.find("ldap_rights");
if(it!=session->mStr.end())
{
ldap_rights = parseRightsString(it->second);
}
}
}
//Get language from ACCEPT_LANGUAGE
str_map::iterator lit=POST->find("lang");
if(lit!=POST->end() && lit->second!="-")
{
language=lit->second;
}
else
{
std::string langs=(*POST)["langs"];
std::vector<std::string> clangs;
Tokenize(langs, clangs, ",");
for(size_t j=0;j<clangs.size();++j)
{
clangs[j]=strlower(clangs[j]);
}
str_map::iterator al=PARAMS->find("ACCEPT_LANGUAGE");
if(al==PARAMS->end())
al=PARAMS->find("HTTP_ACCEPT_LANGUAGE");
if(al!=PARAMS->end())
{
std::vector<std::string> toks;
Tokenize(al->second, toks, ",");
for(size_t i=0;i<toks.size();++i)
{
std::string lstr=getuntil(";", toks[i]);
if(lstr.empty())
lstr=toks[i];
std::string prefix=getuntil("-", lstr);
if(prefix.empty())
prefix=lstr;
std::string sub=getafter("-", lstr);
if(language.empty())
{
if(std::find(clangs.begin(), clangs.end(), strlower(prefix+"_"+sub))!=clangs.end())
{
language=strlower(prefix+"_"+sub);
break;
}
if(std::find(clangs.begin(), clangs.end(), strlower(prefix))!=clangs.end())
{
language=strlower(prefix);
break;
}
}
}
if(language.empty())
{
language="en";
}
}
else
{
language="en";
}
}
if( session==NULL)
invalid_session=true;
else
invalid_session=false;
}
SUser *Helper::getSession(void)
{
return session;
}
void Helper::OverwriteLanguage( std::string pLanguage)
{
language=pLanguage;
}
ITemplate *Helper::createTemplate(std::string name)
{
IDatabase* db=NULL;//Server->getDatabase(tid, TRANSLATIONDB);
ITemplate *tmpl=Server->createTemplate("urbackup/templates/"+name);
/*if( db!=NULL )
{
tmpl->addValueTable(db, "translation_"+language );
}*/
if( invalid_session==true )
tmpl->setValue("INVALID_SESSION","true");
else if(session!=NULL)
tmpl->setValue("SESSION", session->session);
if( session!=NULL && session->id==SESSION_ID_INVALID )
tmpl->setValue("INVALID_ID","true");
templates.push_back( tmpl );
return tmpl;
}
Helper::~Helper(void)
{
if( session!=NULL )
Server->getSessionMgr()->releaseUser(session);
for(size_t i=0;i<templates.size();++i)
{
Server->destroy( templates[i] );
}
if (prioritized)
{
os_disable_prioritize(prio_info);
}
}
void Helper::Write(std::string str, bool content_type_json)
{
if (content_type_json)
{
Server->setContentType(tid, "application/json");
}
Server->Write( tid, str );
}
void Helper::WriteTemplate(ITemplate *tmpl)
{
Server->Write( tid, tmpl->getData() );
}
IDatabase *Helper::getDatabase(void)
{
return Server->getDatabase(tid, URBACKUPDB_SERVER);
}
std::string Helper::generateSession(std::string username)
{
return Server->getSessionMgr()->GenerateSessionIDWithUser( username, getIdentData());
}
std::string Helper::getRights(const std::string &domain)
{
if(session==NULL) return "none";
if(session->id==SESSION_ID_ADMIN) return "all";
if(session->id==SESSION_ID_TOKEN_AUTH && ldap_rights.empty()) return "none";
if(getRightsInt("all")=="all")
return "all";
return getRightsInt(domain);
}
std::string Helper::getIdentData()
{
std::string user_agent = (*PARAMS)["HTTP_USER_AGENT"];
str_map::iterator it_remote = PARAMS->find("HTTP_X_FORWARDED_FOR");
if (it_remote != PARAMS->end())
{
if (it_remote->second.find(",") != std::string::npos)
{
return trim(getuntil(",", it_remote->second)) + user_agent;
}
return it_remote->second + user_agent;
}
return (*PARAMS)["REMOTE_ADDR"] + user_agent;
}
std::string Helper::getRightsInt(const std::string &domain)
{
if(session==NULL) return "none";
std::map<std::string, std::string>::iterator it=ldap_rights.find(domain);
if(it!=ldap_rights.end())
{
return it->second;
}
IQuery *q=getDatabase()->Prepare("SELECT t_right FROM settings_db.si_permissions WHERE clientid=? AND t_domain=?");
q->Bind(session->id);
q->Bind(domain);
db_results res=q->Read();
q->Reset();
if(!res.empty())
{
return res[0]["t_right"];
}
else
{
return "none";
}
}
void Helper::releaseAll(void)
{
if(session!=NULL)
{
Server->getSessionMgr()->releaseUser(session);
session=NULL;
}
}
std::string Helper::getTimeFormatString(void)
{
return "%s";
}
std::string Helper::getLanguage(void)
{
return language;
}
std::vector<int> Helper::getRightIDs(std::string rights)
{
std::vector<int> clientid;
if(rights!="all" && rights!="none" )
{
std::vector<std::string> s_clientid;
Tokenize(rights, s_clientid, ",");
for(size_t i=0;i<s_clientid.size();++i)
{
clientid.push_back(atoi(s_clientid[i].c_str()));
}
}
return clientid;
}
bool Helper::hasRights(int clientid, std::string rights, std::vector<int> right_ids)
{
bool r_ok=false;
if(rights!="all")
{
for(size_t i=0;i<right_ids.size();++i)
{
if(right_ids[i]==clientid)
{
r_ok=true;
break;
}
}
}
else
{
r_ok=true;
}
return r_ok;
}
bool Helper::checkPassword(const std::string &username, const std::string &password, int *user_id, bool plainpw)
{
IDatabase *db=getDatabase();
IQuery *q=db->Prepare("SELECT id, name, password_md5, salt, pbkdf2_rounds FROM settings_db.si_users WHERE name=?");
q->Bind(username);
db_results res=q->Read();
if(!res.empty())
{
std::string password_md5=res[0]["password_md5"];
if(!plainpw)
{
std::string r_password=Server->GenerateHexMD5((session->mStr["rnd"]+password_md5));
if(r_password!=password)
{
return false;
}
else
{
if(user_id!=NULL)
{
*user_id=watoi(res[0]["id"]);
}
return true;
}
}
else
{
std::string db_password = Server->GenerateHexMD5((res[0]["salt"]+password));
size_t pbkdf2_rounds = watoi(res[0]["pbkdf2_rounds"]);
if(pbkdf2_rounds>0)
{
db_password = strlower(crypto_fak->generatePasswordHash(hexToBytes(db_password),
(res[0]["salt"]), pbkdf2_rounds));
}
if(db_password!=password_md5)
{
return false;
}
else
{
if(user_id!=NULL)
{
*user_id=watoi(res[0]["id"]);
}
return true;
}
}
}
return false;
}
std::vector<int> Helper::clientRights(const std::string& right_name, bool& all_client_rights)
{
std::string rights=getRights(right_name);
std::vector<int> clientid;
if(rights!="all" && rights!="none" )
{
std::vector<std::string> s_clientid;
Tokenize(rights, s_clientid, ",");
for(size_t i=0;i<s_clientid.size();++i)
{
clientid.push_back(atoi(s_clientid[i].c_str()));
}
}
if(rights=="all")
{
all_client_rights=true;
}
else
{
all_client_rights=false;
}
return clientid;
}
std::string Helper::getStrippedServerIdentity(void)
{
std::string ret=server_identity;
if(ret.size()>3)
{
if(next(ret, 0, "#I"))
{
ret=ret.substr(2);
}
if(ret[ret.size()-1]=='#')
{
ret=ret.substr(0, ret.size()-1);
}
}
return ret;
}
void Helper::sleep(unsigned int ms)
{
if(session!=NULL)
{
Server->getSessionMgr()->unlockUser(session);
}
Server->wait(ms);
if(session!=NULL)
{
Server->getSessionMgr()->lockUser(session);
}
}
bool Helper::ldapEnabled()
{
IDatabase *db=getDatabase();
IQuery *q=db->Prepare("SELECT value FROM settings_db.settings WHERE clientid=0 AND key='ldap_login_enabled'");
if(q!=NULL)
{
db_results res = q->Read();
if(!res.empty())
{
return res[0]["value"]=="true";
}
}
return false;
}
bool Helper::ldapLogin( const std::string &username, const std::string &password,
std::string* ret_errmsg, std::string* rights, bool dry_login)
{
if(url_fak==NULL)
{
return false;
}
ServerSettings settings(getDatabase());
SLDAPSettings ldap_settings = settings.getLDAPSettings();
if (!ldap_settings.login_enabled)
{
return false;
}
std::string sanitized_username = username;
std::string to_sanitize = "\"[]:;|=+*?<>/\\,";
for(size_t i=0;i<sanitized_username.size();++i)
{
if(std::find(to_sanitize.begin(), to_sanitize.end(), sanitized_username[i])!=to_sanitize.end())
{
sanitized_username[i]='_';
}
}
std::string group_class_query = greplace("{USERNAME}", sanitized_username, (ldap_settings.group_class_query));
std::string ldap_query = "ldap://" + ldap_settings.server_name +
(ldap_settings.server_port>0?(":" + convert(ldap_settings.server_port)):"") +
"/" + (group_class_query);
std::string errmsg;
std::vector<std::multimap<std::string, std::string> > data = url_fak->queryLDAP(ldap_query, ldap_settings.username_prefix+(username)+ldap_settings.username_suffix,
(password), &errmsg);
if(data.empty())
{
if(!errmsg.empty())
{
Server->Log("Login via LDAP failed: "+errmsg, LL_ERROR);
if(ret_errmsg)
{
*ret_errmsg = errmsg;
}
}
return false;
}
else
{
if(data.size()!=1)
{
Server->Log("LDAP query returned "+convert(data.size())+" items, but should return only one. Login failed.", LL_ERROR);
if(ret_errmsg)
{
*ret_errmsg="LDAP query returned more than one result";
}
return false;
}
IQuery* q = getDatabase()->Prepare("SELECT clientid FROM users_on_client WHERE username=?");
q->Bind(strlower(ldap_settings.username_prefix + username + ldap_settings.username_suffix));
db_results db_res = q->Read();
q->Reset();
std::string autoclients;
for(size_t i=0;i<db_res.size();++i)
{
if(!autoclients.empty()) autoclients+=",";
autoclients+=db_res[i]["clientid"];
}
std::multimap<std::string, std::string> sdata = data[0];
std::string str_ldap_rights;
std::multimap<std::string, std::string>::iterator it = sdata.find(ldap_settings.group_key_name);
while(it!=sdata.end() && it->first == ldap_settings.group_key_name)
{
for(std::map<std::string, std::string>::iterator it_rights=
ldap_settings.group_rights_map.begin();it_rights!=ldap_settings.group_rights_map.end();
++it_rights)
{
if(amatch((it->second).c_str(),
it_rights->first.c_str()))
{
str_ldap_rights = greplace("{AUTOCLIENTS}", autoclients, (it_rights->second));
break;
}
}
++it;
}
if(str_ldap_rights.empty())
{
std::multimap<std::string, std::string>::iterator it = sdata.find(ldap_settings.class_key_name);
while(it!=sdata.end() && it->first == ldap_settings.class_key_name)
{
for(std::map<std::string, std::string>::iterator it_rights=
ldap_settings.class_rights_map.begin();it_rights!=ldap_settings.class_rights_map.end();
++it_rights)
{
if(amatch((it->second).c_str(),
it_rights->first.c_str()))
{
str_ldap_rights = greplace("{AUTOCLIENTS}", autoclients, (it_rights->second));
break;
}
}
++it;
}
}
if(!str_ldap_rights.empty() && !dry_login)
{
ldap_rights = parseRightsString(str_ldap_rights);
}
if(!str_ldap_rights.empty() && session!=NULL && !dry_login)
{
session->mStr["ldap_rights"] = str_ldap_rights;
}
q= getDatabase()->Prepare("SELECT token FROM user_tokens WHERE username = ?");
q->Bind(strlower(ldap_settings.username_prefix + username + ldap_settings.username_suffix));
db_res = q->Read();
q->Reset();
std::string fileaccesstokens;
for(size_t i=0;i<db_res.size();++i)
{
if(!fileaccesstokens.empty()) fileaccesstokens+=";";
fileaccesstokens+=db_res[i]["token"];
}
if(!fileaccesstokens.empty() && !dry_login)
{
session->mStr["fileaccesstokens"]=fileaccesstokens;
}
if(rights)
{
*rights = str_ldap_rights;
}
return !str_ldap_rights.empty();
}
}
std::map<std::string, std::string> Helper::parseRightsString( const std::string& rights )
{
std::vector<std::string> toks;
Tokenize(rights, toks, ",");
std::map<std::string, std::string> ret;
for(size_t i=0;i<toks.size();++i)
{
std::string domain = getuntil("=", toks[i]);
std::string right = getafter("=", toks[i]);
ret[domain]=right;
}
return ret;
}
Reference in New Issue View Git Blame Copy Permalink