summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBent Bisballe Nyeng <deva@aasimon.org>2020-07-05 21:28:14 +0200
committerBent Bisballe Nyeng <deva@aasimon.org>2020-07-05 21:28:14 +0200
commit236983125ffb300bb68bd5d56107750118e5fe96 (patch)
tree97f858bf3326f57e5523b035abbe6cc9f06836e2
parentfeeb7602a9b386dfdd61190ce633a3b56a10c68f (diff)
Use password file for authentication.
-rw-r--r--src/Makefile.am8
-rw-r--r--src/acl.cc109
-rw-r--r--src/acl.h48
-rw-r--r--src/connectionhandler.cc9
-rw-r--r--src/connectionhandler.h3
-rw-r--r--src/user.h35
-rw-r--r--src/ws/Makefile.am2
-rw-r--r--test/Makefile.am14
-rw-r--r--test/acltest.cc83
-rw-r--r--test/scopedfile.cc2
10 files changed, 304 insertions, 9 deletions
diff --git a/src/Makefile.am b/src/Makefile.am
index 750fb7c..4b75d05 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -15,13 +15,17 @@ libargon2_la_SOURCES = \
$(top_srcdir)/argon2/src/encoding.c \
$(top_srcdir)/argon2/src/ref.c
-muniad_LDADD = $(LIBWEBSOCKETS_LIBS) $(EXPAT_LIBS)
+muniad_LDADD = $(LIBWEBSOCKETS_LIBS) $(EXPAT_LIBS) libargon2.la
muniad_CXXFLAGS = -std=c++11 $(LIBWEBSOCKETS_CFLAGS) $(EXPAT_CFLAGS) \
- -I$(top_srcdir)/hugin -DWSDATADIR=\"$(datadir)/ws\"
+ -I$(top_srcdir)/hugin -DWSDATADIR=\"$(datadir)/munia/ws\" \
+ -DCONFDIR=\"$(prefix)/etc/munia\" \
+ -I$(top_srcdir)/argon2/include
muniad_SOURCES = \
muniad.cc \
+ acl.cc \
+ hash.cc \
connectionhandler.cc \
http.cc \
messagehandler.cc \
diff --git a/src/acl.cc b/src/acl.cc
new file mode 100644
index 0000000..237fe7a
--- /dev/null
+++ b/src/acl.cc
@@ -0,0 +1,109 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set et sw=2 ts=2: */
+/***************************************************************************
+ * acl.cc
+ *
+ * Sun Jul 5 17:02:31 CEST 2020
+ * Copyright 2020 Bent Bisballe Nyeng
+ * deva@aasimon.org
+ ****************************************************************************/
+
+/*
+ * This file is part of Munia.
+ *
+ * Munia is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Munia is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Munia; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
+#include "acl.h"
+
+#include <fstream>
+#include <sstream>
+#include <algorithm>
+
+#include "hash.h"
+
+namespace
+{
+User parseLine(const std::string& line)
+{
+ User user;
+
+ int pos{0};
+ std::istringstream iss(line);
+ std::string token;
+ while(std::getline(iss, token, ':'))
+ {
+ switch(pos)
+ {
+ case 0: // username
+ user.username = token;
+ break;
+ case 1: // password hash
+ user.passwordHash = token;
+ break;
+ default:
+ throw "Too many tokens.";
+ break;
+ }
+ ++pos;
+ }
+ return user;
+}
+}
+
+ACL::ACL(const std::string& filename)
+ : filename(filename)
+{
+}
+
+ACL::~ACL()
+{
+}
+
+bool ACL::load()
+{
+ std::fstream file;
+ std::map<std::string, User> newUsers;
+
+ file.open(filename, std::ios_base::in);
+ if(!file.is_open())
+ {
+ return false;
+ }
+
+ std::string line;
+ while(std::getline(file, line))
+ {
+ auto user = parseLine(line);
+ newUsers[user.username] = user;
+ }
+
+ file.close();
+
+ std::swap(users, newUsers);
+
+ return true;
+}
+
+bool ACL::checkPassword(const std::string& username, const std::string& password)
+{
+ auto userit = users.find(username);
+ if(userit == users.end())
+ {
+ return false;
+ }
+
+ auto& user = userit->second;
+ return verifyEncoded(user.passwordHash, password);
+}
diff --git a/src/acl.h b/src/acl.h
new file mode 100644
index 0000000..70be924
--- /dev/null
+++ b/src/acl.h
@@ -0,0 +1,48 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set et sw=2 ts=2: */
+/***************************************************************************
+ * acl.h
+ *
+ * Sun Jul 5 17:02:31 CEST 2020
+ * Copyright 2020 Bent Bisballe Nyeng
+ * deva@aasimon.org
+ ****************************************************************************/
+
+/*
+ * This file is part of Munia.
+ *
+ * Munia is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Munia is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Munia; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
+#pragma once
+
+#include <string>
+#include <map>
+
+#include "user.h"
+
+class ACL
+{
+public:
+ ACL(const std::string& filename);
+ virtual ~ACL();
+
+ bool load();
+
+ bool checkPassword(const std::string& username, const std::string& password);
+
+protected:
+ std::map<std::string, User> users;
+ std::string filename;
+};
diff --git a/src/connectionhandler.cc b/src/connectionhandler.cc
index 8b48c03..419556e 100644
--- a/src/connectionhandler.cc
+++ b/src/connectionhandler.cc
@@ -30,6 +30,7 @@
#include <stdio.h>
#include "hugin.hpp"
+#include "acl.h"
// Global ConnectionHandler.
ConnectionHandler connection_handler;
@@ -57,9 +58,13 @@ void ConnectionHandler::close(clientid_t clientid)
DEBUG(conn, "Removed connection\n");
}
-void ConnectionHandler::login(clientid_t clientid, std::string user, std::string password)
+void ConnectionHandler::login(clientid_t clientid,
+ const std::string& user,
+ const std::string& password)
{
- authlist[clientid] = (password == "hundemad");
+ ACL acl(CONFDIR"/users");
+ acl.load();
+ authlist[clientid] = acl.checkPassword(user, password);
DEBUG(conn, "Authentication %d\n", authlist[clientid]);
}
diff --git a/src/connectionhandler.h b/src/connectionhandler.h
index 13f5d02..2330ba5 100644
--- a/src/connectionhandler.h
+++ b/src/connectionhandler.h
@@ -49,7 +49,8 @@ public:
void init(clientid_t clientid);
void close(clientid_t clientid);
- void login(clientid_t clientid, std::string user, std::string password);
+ void login(clientid_t clientid, const std::string& user,
+ const std::string& password);
void logout(clientid_t clientid);
bool authenticated(clientid_t clientid);
diff --git a/src/user.h b/src/user.h
new file mode 100644
index 0000000..581fb5f
--- /dev/null
+++ b/src/user.h
@@ -0,0 +1,35 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set et sw=2 ts=2: */
+/***************************************************************************
+ * user.h
+ *
+ * Sun Jul 5 19:34:57 CEST 2020
+ * Copyright 2020 Bent Bisballe Nyeng
+ * deva@aasimon.org
+ ****************************************************************************/
+
+/*
+ * This file is part of Munia.
+ *
+ * Munia is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Munia is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Munia; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
+#pragma once
+
+struct User
+{
+ std::string username;
+ std::string passwordHash;
+ // TODO: Add other stuff here
+};
diff --git a/src/ws/Makefile.am b/src/ws/Makefile.am
index c7252e5..17df58d 100644
--- a/src/ws/Makefile.am
+++ b/src/ws/Makefile.am
@@ -2,7 +2,7 @@ SUBDIRS =
EXTRA_DIST =
-wsdir = $(datadir)/ws
+wsdir = $(datadir)/munia/ws
ws_DATA = \
favicon.ico \
diff --git a/test/Makefile.am b/test/Makefile.am
index 3e962ee..b2fe011 100644
--- a/test/Makefile.am
+++ b/test/Makefile.am
@@ -1,7 +1,7 @@
# Rules for the test code (use `make check` to execute)
if ENABLE_TESTS
-TESTS = logintest xmlencodetest connectionhandlertest nodetreetest
+TESTS = logintest xmlencodetest connectionhandlertest nodetreetest acltest
EXTRA_DIST = \
dgunit.h \
@@ -52,4 +52,16 @@ nodetreetest_SOURCES = \
nodetreetest.cc \
dgtest.cc
+acltest_CXXFLAGS = -DOUTPUT=\"acltest\" \
+ $(DEBUG_FLAGS) \
+ -I$(top_srcdir)/src \
+ -I$(top_srcdir)/argon2/include
+acltest_LDFLAGS = $(top_builddir)/src/libargon2.la
+acltest_SOURCES = \
+ $(top_srcdir)/src/acl.cc \
+ $(top_srcdir)/src/hash.cc \
+ scopedfile.cc \
+ acltest.cc \
+ dgtest.cc
+
endif
diff --git a/test/acltest.cc b/test/acltest.cc
new file mode 100644
index 0000000..6e603c4
--- /dev/null
+++ b/test/acltest.cc
@@ -0,0 +1,83 @@
+/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set et sw=2 ts=2: */
+/***************************************************************************
+ * acltest.cc
+ *
+ * Sun Jul 5 19:45:18 CEST 2020
+ * Copyright 2020 Bent Bisballe Nyeng
+ * deva@aasimon.org
+ ****************************************************************************/
+
+/*
+ * This file is part of Munia.
+ *
+ * Munia is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * Munia is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with Munia; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA.
+ */
+#include "dgunit.h"
+
+#include <acl.h>
+
+#include "scopedfile.h"
+
+class TestACL
+ : public ACL
+{
+public:
+ TestACL(ScopedFile& file)
+ : ACL(file.filename())
+ {
+ }
+
+ const std::map<std::string, User>& getUsers()
+ {
+ return users;
+ }
+};
+
+class ACLTest
+ : public DGUnit
+{
+public:
+ ACLTest()
+ {
+ DGUNIT_TEST(ACLTest::test);
+ }
+
+ void test()
+ {
+ ScopedFile file(
+ "testuser:$argon2i$v=19$m=65536,t=10,p=1$I9CYkvXqK0WyAl/dsJsRNw$STVDgS6Uc3NaPTyfUAq1mFqvsIEkKp3UF3qZZjgN4JY\n"
+ "anotherone:$argon2i$v=19$m=65536,t=10,p=1$/+YjcFJerRkmPgIiRq1Hxg$m+Fy+XA8qhcz6lO6INkcRxeSq8ottCHTt8AtqUECI/w\n"
+);
+ TestACL acl(file);
+ DGUNIT_ASSERT(acl.load());
+ const auto& users = acl.getUsers();
+ DGUNIT_ASSERT_EQUAL(2u, users.size());
+ DGUNIT_ASSERT(users.find("testuser") != users.end());
+ DGUNIT_ASSERT(users.find("anotherone") != users.end());
+ DGUNIT_ASSERT_EQUAL(std::string("testuser"), users.at("testuser").username);
+ DGUNIT_ASSERT_EQUAL(std::string("anotherone"), users.at("anotherone").username);
+ DGUNIT_ASSERT(acl.checkPassword("testuser", "1234") == true);
+ DGUNIT_ASSERT(acl.checkPassword("testuser", "12345") == false);
+
+ DGUNIT_ASSERT(acl.checkPassword("anotherone", "asdf") == true);
+ DGUNIT_ASSERT(acl.checkPassword("anotherone", "asdfg") == false);
+
+ DGUNIT_ASSERT(acl.checkPassword("noone", "asdfg") == false);
+ }
+};
+
+// Registers the fixture into the 'registry'
+static ACLTest test;
diff --git a/test/scopedfile.cc b/test/scopedfile.cc
index b03a2bc..396eb51 100644
--- a/test/scopedfile.cc
+++ b/test/scopedfile.cc
@@ -29,8 +29,6 @@
#include <cstdlib>
#include <unistd.h>
-#include <cpp11fix.h>
-
#ifdef _WIN32
#define WIN32_LEAN_AND_MEAN
#include <windows.h>