X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=4b69f89bb00eebb4bc3f1cc3b13f658a91afc1b0;hb=289794ba2dcbe6234e25e5d00531b26baee342b7;hp=f6bea43749c6f78294459c748fce4468845d2727;hpb=a304c5e3c9ef6f145b7e30ebc618e03e749cba95;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index f6bea43..4b69f89 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -33,7 +33,7 @@ */ static void IdentifyHandler(FCGIContext *context, char *params) { bool ident_sensors = false, ident_actuators = false; - + bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING")); int i; FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, @@ -45,18 +45,18 @@ static void IdentifyHandler(FCGIContext *context, char *params) { FCGI_JSONPair("description", "MCTX3420 Server API (2013)"); FCGI_JSONPair("build_date", __DATE__ " " __TIME__); FCGI_JSONLong("api_version", API_VERSION); - FCGI_JSONBool("logged_in", FCGI_HasControl(context, getenv("COOKIE_STRING"))); - FCGI_JSONPair("friendly_name", ""); + FCGI_JSONBool("logged_in", has_control); + FCGI_JSONPair("friendly_name", has_control ? context->friendly_name : ""); //Sensor and actuator information if (ident_sensors) { FCGI_JSONKey("sensors"); FCGI_JSONValue("{\n\t\t"); - for (i = 0; i < NUMSENSORS; i++) { + for (i = 0; i < g_num_sensors; i++) { if (i > 0) { FCGI_JSONValue(",\n\t\t"); } - FCGI_JSONValue("\"%d\" : \"%s\"", i, g_sensor_names[i]); + FCGI_JSONValue("\"%d\" : \"%s\"", i, Sensor_GetName(i)); } FCGI_JSONValue("\n\t}"); } @@ -79,14 +79,14 @@ static void IdentifyHandler(FCGIContext *context, char *params) { * the system at any one time. The key can be forcibly generated, revoking * any previous control keys. To be used in conjunction with HTTP * basic authentication. - * This function will generate a JSON response that indicates success/failure. * @param context The context to work in * @param force Whether to force key generation or not. - */ -void FCGI_LockControl(FCGIContext *context, bool force) { + * @return true on success, false otherwise (eg someone else already in control) + */ +bool FCGI_LockControl(FCGIContext *context, bool force) { time_t now = time(NULL); bool expired = now - context->control_timestamp > CONTROL_TIMEOUT; - + if (force || !*(context->control_key) || expired) { SHA_CTX sha1ctx; @@ -102,7 +102,9 @@ void FCGI_LockControl(FCGIContext *context, bool force) { for (i = 0; i < 20; i++) sprintf(context->control_key + i * 2, "%02x", sha1[i]); snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR")); + return true; } + return false; } /** @@ -131,8 +133,6 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) { */ void FCGI_ReleaseControl(FCGIContext *context) { *(context->control_key) = 0; - FCGI_BeginJSON(context, STATUS_OK); - FCGI_EndJSON(); return; } @@ -384,7 +384,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des FCGI_BeginJSON(context, status); FCGI_JSONPair("description", description); FCGI_JSONLong("responsenumber", context->response_number); - //FCGI_JSONPair("params", getenv("QUERY_STRING")); + //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff FCGI_JSONPair("host", getenv("SERVER_HOSTNAME")); FCGI_JSONPair("user", getenv("REMOTE_USER")); FCGI_JSONPair("ip", getenv("REMOTE_ADDR")); @@ -480,9 +480,6 @@ void * FCGI_RequestLoop (void *data) if (lastchar > 0 && module[lastchar] == '/') module[lastchar] = 0; - //Escape all special characters - FCGI_EscapeText(params); - //Default to the 'identify' module if none specified if (!*module) strcpy(module, "identify"); @@ -514,14 +511,19 @@ void * FCGI_RequestLoop (void *data) { if (cookie[0] == '\0') { - FCGI_RejectJSON(&context, "Please login."); + FCGI_RejectJSONEx(&context, STATUS_UNAUTHORIZED, "Please login."); continue; } + if (!FCGI_HasControl(&context, cookie)) { FCGI_RejectJSON(&context, "Invalid control key."); continue; } + + //Escape all special characters. + //Don't escape for login (password may have special chars?) + FCGI_EscapeText(params); } module_handler(&context, params);