From 236983125ffb300bb68bd5d56107750118e5fe96 Mon Sep 17 00:00:00 2001 From: Bent Bisballe Nyeng Date: Sun, 5 Jul 2020 21:28:14 +0200 Subject: Use password file for authentication. --- src/Makefile.am | 8 +++- src/acl.cc | 109 +++++++++++++++++++++++++++++++++++++++++++++++ src/acl.h | 48 +++++++++++++++++++++ src/connectionhandler.cc | 9 +++- src/connectionhandler.h | 3 +- src/user.h | 35 +++++++++++++++ src/ws/Makefile.am | 2 +- test/Makefile.am | 14 +++++- test/acltest.cc | 83 ++++++++++++++++++++++++++++++++++++ test/scopedfile.cc | 2 - 10 files changed, 304 insertions(+), 9 deletions(-) create mode 100644 src/acl.cc create mode 100644 src/acl.h create mode 100644 src/user.h create mode 100644 test/acltest.cc diff --git a/src/Makefile.am b/src/Makefile.am index 750fb7c..4b75d05 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -15,13 +15,17 @@ libargon2_la_SOURCES = \ $(top_srcdir)/argon2/src/encoding.c \ $(top_srcdir)/argon2/src/ref.c -muniad_LDADD = $(LIBWEBSOCKETS_LIBS) $(EXPAT_LIBS) +muniad_LDADD = $(LIBWEBSOCKETS_LIBS) $(EXPAT_LIBS) libargon2.la muniad_CXXFLAGS = -std=c++11 $(LIBWEBSOCKETS_CFLAGS) $(EXPAT_CFLAGS) \ - -I$(top_srcdir)/hugin -DWSDATADIR=\"$(datadir)/ws\" + -I$(top_srcdir)/hugin -DWSDATADIR=\"$(datadir)/munia/ws\" \ + -DCONFDIR=\"$(prefix)/etc/munia\" \ + -I$(top_srcdir)/argon2/include muniad_SOURCES = \ muniad.cc \ + acl.cc \ + hash.cc \ connectionhandler.cc \ http.cc \ messagehandler.cc \ diff --git a/src/acl.cc b/src/acl.cc new file mode 100644 index 0000000..237fe7a --- /dev/null +++ b/src/acl.cc @@ -0,0 +1,109 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set et sw=2 ts=2: */ +/*************************************************************************** + * acl.cc + * + * Sun Jul 5 17:02:31 CEST 2020 + * Copyright 2020 Bent Bisballe Nyeng + * deva@aasimon.org + ****************************************************************************/ + +/* + * This file is part of Munia. + * + * Munia is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Munia is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Munia; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + */ +#include "acl.h" + +#include +#include +#include + +#include "hash.h" + +namespace +{ +User parseLine(const std::string& line) +{ + User user; + + int pos{0}; + std::istringstream iss(line); + std::string token; + while(std::getline(iss, token, ':')) + { + switch(pos) + { + case 0: // username + user.username = token; + break; + case 1: // password hash + user.passwordHash = token; + break; + default: + throw "Too many tokens."; + break; + } + ++pos; + } + return user; +} +} + +ACL::ACL(const std::string& filename) + : filename(filename) +{ +} + +ACL::~ACL() +{ +} + +bool ACL::load() +{ + std::fstream file; + std::map newUsers; + + file.open(filename, std::ios_base::in); + if(!file.is_open()) + { + return false; + } + + std::string line; + while(std::getline(file, line)) + { + auto user = parseLine(line); + newUsers[user.username] = user; + } + + file.close(); + + std::swap(users, newUsers); + + return true; +} + +bool ACL::checkPassword(const std::string& username, const std::string& password) +{ + auto userit = users.find(username); + if(userit == users.end()) + { + return false; + } + + auto& user = userit->second; + return verifyEncoded(user.passwordHash, password); +} diff --git a/src/acl.h b/src/acl.h new file mode 100644 index 0000000..70be924 --- /dev/null +++ b/src/acl.h @@ -0,0 +1,48 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set et sw=2 ts=2: */ +/*************************************************************************** + * acl.h + * + * Sun Jul 5 17:02:31 CEST 2020 + * Copyright 2020 Bent Bisballe Nyeng + * deva@aasimon.org + ****************************************************************************/ + +/* + * This file is part of Munia. + * + * Munia is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Munia is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Munia; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + */ +#pragma once + +#include +#include + +#include "user.h" + +class ACL +{ +public: + ACL(const std::string& filename); + virtual ~ACL(); + + bool load(); + + bool checkPassword(const std::string& username, const std::string& password); + +protected: + std::map users; + std::string filename; +}; diff --git a/src/connectionhandler.cc b/src/connectionhandler.cc index 8b48c03..419556e 100644 --- a/src/connectionhandler.cc +++ b/src/connectionhandler.cc @@ -30,6 +30,7 @@ #include #include "hugin.hpp" +#include "acl.h" // Global ConnectionHandler. ConnectionHandler connection_handler; @@ -57,9 +58,13 @@ void ConnectionHandler::close(clientid_t clientid) DEBUG(conn, "Removed connection\n"); } -void ConnectionHandler::login(clientid_t clientid, std::string user, std::string password) +void ConnectionHandler::login(clientid_t clientid, + const std::string& user, + const std::string& password) { - authlist[clientid] = (password == "hundemad"); + ACL acl(CONFDIR"/users"); + acl.load(); + authlist[clientid] = acl.checkPassword(user, password); DEBUG(conn, "Authentication %d\n", authlist[clientid]); } diff --git a/src/connectionhandler.h b/src/connectionhandler.h index 13f5d02..2330ba5 100644 --- a/src/connectionhandler.h +++ b/src/connectionhandler.h @@ -49,7 +49,8 @@ public: void init(clientid_t clientid); void close(clientid_t clientid); - void login(clientid_t clientid, std::string user, std::string password); + void login(clientid_t clientid, const std::string& user, + const std::string& password); void logout(clientid_t clientid); bool authenticated(clientid_t clientid); diff --git a/src/user.h b/src/user.h new file mode 100644 index 0000000..581fb5f --- /dev/null +++ b/src/user.h @@ -0,0 +1,35 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set et sw=2 ts=2: */ +/*************************************************************************** + * user.h + * + * Sun Jul 5 19:34:57 CEST 2020 + * Copyright 2020 Bent Bisballe Nyeng + * deva@aasimon.org + ****************************************************************************/ + +/* + * This file is part of Munia. + * + * Munia is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Munia is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Munia; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + */ +#pragma once + +struct User +{ + std::string username; + std::string passwordHash; + // TODO: Add other stuff here +}; diff --git a/src/ws/Makefile.am b/src/ws/Makefile.am index c7252e5..17df58d 100644 --- a/src/ws/Makefile.am +++ b/src/ws/Makefile.am @@ -2,7 +2,7 @@ SUBDIRS = EXTRA_DIST = -wsdir = $(datadir)/ws +wsdir = $(datadir)/munia/ws ws_DATA = \ favicon.ico \ diff --git a/test/Makefile.am b/test/Makefile.am index 3e962ee..b2fe011 100644 --- a/test/Makefile.am +++ b/test/Makefile.am @@ -1,7 +1,7 @@ # Rules for the test code (use `make check` to execute) if ENABLE_TESTS -TESTS = logintest xmlencodetest connectionhandlertest nodetreetest +TESTS = logintest xmlencodetest connectionhandlertest nodetreetest acltest EXTRA_DIST = \ dgunit.h \ @@ -52,4 +52,16 @@ nodetreetest_SOURCES = \ nodetreetest.cc \ dgtest.cc +acltest_CXXFLAGS = -DOUTPUT=\"acltest\" \ + $(DEBUG_FLAGS) \ + -I$(top_srcdir)/src \ + -I$(top_srcdir)/argon2/include +acltest_LDFLAGS = $(top_builddir)/src/libargon2.la +acltest_SOURCES = \ + $(top_srcdir)/src/acl.cc \ + $(top_srcdir)/src/hash.cc \ + scopedfile.cc \ + acltest.cc \ + dgtest.cc + endif diff --git a/test/acltest.cc b/test/acltest.cc new file mode 100644 index 0000000..6e603c4 --- /dev/null +++ b/test/acltest.cc @@ -0,0 +1,83 @@ +/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set et sw=2 ts=2: */ +/*************************************************************************** + * acltest.cc + * + * Sun Jul 5 19:45:18 CEST 2020 + * Copyright 2020 Bent Bisballe Nyeng + * deva@aasimon.org + ****************************************************************************/ + +/* + * This file is part of Munia. + * + * Munia is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * Munia is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with Munia; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA. + */ +#include "dgunit.h" + +#include + +#include "scopedfile.h" + +class TestACL + : public ACL +{ +public: + TestACL(ScopedFile& file) + : ACL(file.filename()) + { + } + + const std::map& getUsers() + { + return users; + } +}; + +class ACLTest + : public DGUnit +{ +public: + ACLTest() + { + DGUNIT_TEST(ACLTest::test); + } + + void test() + { + ScopedFile file( + "testuser:$argon2i$v=19$m=65536,t=10,p=1$I9CYkvXqK0WyAl/dsJsRNw$STVDgS6Uc3NaPTyfUAq1mFqvsIEkKp3UF3qZZjgN4JY\n" + "anotherone:$argon2i$v=19$m=65536,t=10,p=1$/+YjcFJerRkmPgIiRq1Hxg$m+Fy+XA8qhcz6lO6INkcRxeSq8ottCHTt8AtqUECI/w\n" +); + TestACL acl(file); + DGUNIT_ASSERT(acl.load()); + const auto& users = acl.getUsers(); + DGUNIT_ASSERT_EQUAL(2u, users.size()); + DGUNIT_ASSERT(users.find("testuser") != users.end()); + DGUNIT_ASSERT(users.find("anotherone") != users.end()); + DGUNIT_ASSERT_EQUAL(std::string("testuser"), users.at("testuser").username); + DGUNIT_ASSERT_EQUAL(std::string("anotherone"), users.at("anotherone").username); + DGUNIT_ASSERT(acl.checkPassword("testuser", "1234") == true); + DGUNIT_ASSERT(acl.checkPassword("testuser", "12345") == false); + + DGUNIT_ASSERT(acl.checkPassword("anotherone", "asdf") == true); + DGUNIT_ASSERT(acl.checkPassword("anotherone", "asdfg") == false); + + DGUNIT_ASSERT(acl.checkPassword("noone", "asdfg") == false); + } +}; + +// Registers the fixture into the 'registry' +static ACLTest test; diff --git a/test/scopedfile.cc b/test/scopedfile.cc index b03a2bc..396eb51 100644 --- a/test/scopedfile.cc +++ b/test/scopedfile.cc @@ -29,8 +29,6 @@ #include #include -#include - #ifdef _WIN32 #define WIN32_LEAN_AND_MEAN #include -- cgit v1.2.3