From 5e6c6edbaa44534057a80d5d456d1415155f916a Mon Sep 17 00:00:00 2001 From: Rob van Son Date: Fri, 25 May 2012 15:41:59 +0200 Subject: [PATCH] Work on Login and session tickets --- CGIscriptor.pl | 122 ++++++++++++++++++++++++++++++++--------------------- Private/Login.html | 9 ++-- 2 files changed, 76 insertions(+), 55 deletions(-) diff --git a/CGIscriptor.pl b/CGIscriptor.pl index c297271..be6ffb2 100755 --- a/CGIscriptor.pl +++ b/CGIscriptor.pl @@ -337,6 +337,11 @@ $FilePattern = ".shtml|.htm|.html|.xml|.xmr|.txt"; # File pattern post-processing $FilePattern =~ s/([@.])/\\$1/g; # Convert . and @ to \. and \@ # +# SHAsum command needed for Authorization and Login +# (note, these have to be accessible in the HTML pages, ie, the CGIexecute environment) +$CGIexecute::SHASUMcmd = "shasum-5.12 -b"; +$CGIexecute::RANDOMHASHcmd = 'dd count=1 if=/dev/urandom 2>/dev/null |'.$CGIexecute::SHASUMcmd.' |cut -f 1 -d" "'; +# # File patterns of files which require a login. %LoginRequiredPatterns = ( '^/Private/' => "Private/.Sessions\tPrivate/.Passwords\t/Private/Login.html" @@ -2753,36 +2758,23 @@ sub check_ticket_validity # ($type, $ticket, $address, $path) # Is there a session ticket of this name? return 0 unless -s "$ticket"; - # Get SessionTicket file stats - my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) - = stat("$ticket"); # There is a session ticket, is it linked to this IP address? - open(SESSION, "<$ticket") || die "$ticket: $!\n"; - my @sessionlines = ; - close(SESSION); + my $ticket = read_ticket($ticket); # Is this the right type of ticket - return unless grep(/^\s*Type:\s+$type\s*$/isg, @sessionlines); + return unless $ticket->{"Type"}->[0] eq $type; # Does the IP address match? - my $IPmatches = 0; - my @IPlines = grep(/^\s*IPaddress:\s+/isg,@sessionlines); - foreach my $IPline (@IPlines) + $IPmatches = 0; + for my $IPpattern (@{$ticket->{"IPaddress"}}) { - chomp($IPline); - if($IPline =~ /^\s*IPaddress:\s+(.*)$/) - { - $IPpattern = $1; - $IPpattern =~ s/\./\\./g; - ++$IPmatches if $address =~ m#^$IPpattern$#ig; - }; + ++$IPmatches if $address =~ m#^$IPpattern#ig; }; - return 0 unless !@IPlines || $IPmatches; + return 0 unless !$ticket->{"IPaddress"} || $IPmatches; # Is the path allowed my $Pathmatches = 0; - my @AllowedLines = grep(/^\s*AllowedPaths:\s+/,@sessionlines); - foreach my $Allowedline (@AllowedLines) + foreach my $Allowedline (@{$ticket->{"AllowedPaths"}}) { chomp($Allowedline); if($Allowedline =~ /^\s*AllowedPaths:\s+(.*)$/) @@ -2791,44 +2783,76 @@ sub check_ticket_validity # ($type, $ticket, $address, $path) ++$Pathmatches if $path =~ m#$Pathpattern#ig; }; }; - return 0 unless !@AllowedLines || $Pathmatches; + return 0 unless !@{$ticket->{"AllowedPaths"}} || $Pathmatches; # Is the ticket expired? my $Expired = 0; - my @ExpireLines = grep(/^\s*Expires:\s+/,@sessionlines); - foreach my $Expireline (@ExpireLines) + if($ticket->{"Expires"} && @{$ticket->{"Expires"}}) { - chomp($Expireline); - if($Expireline =~ /^\s*Expires:\s+(.*)\s*$/) - { - $ExpireTime = $1; + my $CurrentTime = time(); + ++$Expired if($CurrentTime > $ticket->{"Expires"}->[0]); + }; + return 0 if $Expired; + + return 1; - if($ExpireTime =~ /\s*d(ays)?\s*$/) - { - $ExpireTime = 24*3600*$`; - } - elsif($ExpireTime =~ /\s*m(inutes)?\s*$/) - { - $ExpireTime = 60*$`; - } - elsif($ExpireTime =~ /\s*h(ours)?\s*$/) - { - $ExpireTime = 3600*$`; - } - elsif($ExpireTime =~ /\s*s(econds)?\s*$/) +}; + +sub read_ticket # ($ticketfile) -> &%ticket +{ + my $ticketfile = shift || ""; + my $ticket = {}; + if($ticketfile && -s $ticketfile) + { + open(TICKETFILE, "<$ticketfile") || die "$ticketfile: $!\n"; + my @alllines = ; + close(TICKETFILE); + foreach my $currentline (@alllines) + { + if($currentline =~ /^\s*(\S[^\:]+)\:\s+(.*)\s*$/) { - $ExpireTime = $`; + my $Label = $1; + my $Value = $2; + # Recalculate expire date from relative time + if($Label =~ /^Expires$/ig && $Value =~ /^\+/) + { + # Get SessionTicket file stats + my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size,$atime,$mtime,$ctime,$blksize,$blocks) + = stat("$ticket"); + if($Value =~ /^\+(\d+)\s*d(ays)?\s*$/) + { + $ExpireTime = 24*3600*$1; + } + elsif($Value =~ /^\+(\d+)\s*m(inutes)?\s*$/) + { + $ExpireTime = 60*$1; + } + elsif($Value =~ /^\+(\d+)\s*h(ours)?\s*$/) + { + $ExpireTime = 3600*$1; + } + elsif($Value =~ /^\+(\d+)\s*s(econds)?\s*$/) + { + $ExpireTime = $1; + } + elsif($Value =~ /^\+(\d+)\s*$/) + { + $ExpireTime = $1; + }; + + my $ActualExpireTime = $ExpireTime + $ctime; + $Value = $ActualExpireTime; + }; + $ticket->{$Label} = () unless exists($ticket->{$Label}); + push(@{$ticket->{$Label}}, $Value); }; - - my $ActualExpireTime = $ExpireTime + $ctime; - my $CurrentTime = time(); - ++$Expired if($CurrentTime > $ActualExpireTime); }; }; - return 0 if @ExpireLines && $Expired; - - return 1; - + if(exists($ticket->{Expires})) + { + @{$ticket->{Expires}} = sort(@{$ticket->{Expires}}); + }; + return $ticket; }; # End of Handle login access diff --git a/Private/Login.html b/Private/Login.html index 88a45cf..1b629a8 100644 --- a/Private/Login.html +++ b/Private/Login.html @@ -3,22 +3,19 @@ Login