X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=a77a3a454109bf6c03abed9a982f533d2e537e9f;hb=e3e7914fe2f59765e5f92371329652a02518928c;hp=89386f35165c7d9e01cea92a81a8f17ccc4dd4a8;hpb=0e485d94093a09b4095a5b7f9b80afa1ec0fd570;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index 89386f3..a77a3a4 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -9,6 +9,8 @@ #include #include #include +#include +#include #include "common.h" #include "sensor.h" @@ -16,21 +18,13 @@ #include "control.h" #include "options.h" #include "image.h" +#include "pin_test.h" +#include "login.h" /**The time period (in seconds) before the control key expires */ #define CONTROL_TIMEOUT 180 -/**Contextual information related to FCGI requests*/ -struct FCGIContext { - /**The time of last valid user access possessing the control key*/ - time_t control_timestamp; - char control_key[41]; - char control_ip[16]; - /**The name of the current module**/ - const char *current_module; - /**For debugging purposes?**/ - int response_number; -}; + /** * Identifies build information and the current API version to the user. @@ -41,7 +35,7 @@ struct FCGIContext { */ static void IdentifyHandler(FCGIContext *context, char *params) { bool ident_sensors = false, ident_actuators = false; - + bool has_control = FCGI_HasControl(context, getenv("COOKIE_STRING")); int i; FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, @@ -53,27 +47,29 @@ static void IdentifyHandler(FCGIContext *context, char *params) { FCGI_JSONPair("description", "MCTX3420 Server API (2013)"); FCGI_JSONPair("build_date", __DATE__ " " __TIME__); FCGI_JSONLong("api_version", API_VERSION); + FCGI_JSONBool("logged_in", has_control); + FCGI_JSONPair("user_name", has_control ? context->user_name : ""); //Sensor and actuator information if (ident_sensors) { FCGI_JSONKey("sensors"); FCGI_JSONValue("{\n\t\t"); - for (i = 0; i < NUMSENSORS; i++) { + for (i = 0; i < g_num_sensors; i++) { if (i > 0) { FCGI_JSONValue(",\n\t\t"); } - FCGI_JSONValue("\"%d\" : \"%s\"", i, g_sensor_names[i]); + FCGI_JSONValue("\"%d\" : \"%s\"", i, Sensor_GetName(i)); } FCGI_JSONValue("\n\t}"); } if (ident_actuators) { FCGI_JSONKey("actuators"); FCGI_JSONValue("{\n\t\t"); - for (i = 0; i < NUMACTUATORS; i++) { + for (i = 0; i < g_num_actuators; i++) { if (i > 0) { FCGI_JSONValue(",\n\t\t"); } - FCGI_JSONValue("\"%d\" : \"%s\"", i, g_actuator_names[i]); + FCGI_JSONValue("\"%d\" : \"%s\"", i, Actuator_GetName(i)); } FCGI_JSONValue("\n\t}"); } @@ -81,45 +77,61 @@ static void IdentifyHandler(FCGIContext *context, char *params) { } /** - * Gives the user a key that determines who has control over - * the system at any one time. The key can be forcibly generated, revoking - * any previous control keys. To be used in conjunction with HTTP - * basic authentication. - * This function will generate a JSON response that indicates success/failure. + * Given an authorised user, attempt to set the control over the system. + * Modifies members in the context structure appropriately if successful. * @param context The context to work in - * @param force Whether to force key generation or not. - */ -void FCGI_LockControl(FCGIContext *context, bool force) { + * @param user_name - Name of the user + * @param user_type - Type of the user, passed after successful authentication + * @return true on success, false otherwise (eg someone else already in control) + */ +bool FCGI_LockControl(FCGIContext *context, const char * user_name, UserType user_type) +{ + // Get current time time_t now = time(NULL); bool expired = now - context->control_timestamp > CONTROL_TIMEOUT; - - if (force || !*(context->control_key) || expired) { - SHA_CTX sha1ctx; - unsigned char sha1[20]; - int i = rand(); - - SHA1_Init(&sha1ctx); - SHA1_Update(&sha1ctx, &now, sizeof(now)); - SHA1_Update(&sha1ctx, &i, sizeof(i)); - SHA1_Final(sha1, &sha1ctx); - - context->control_timestamp = now; - for (i = 0; i < 20; i++) - sprintf(context->control_key + i * 2, "%02x", sha1[i]); - snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR")); - FCGI_BeginJSON(context, STATUS_OK); - FCGI_JSONPair("key", context->control_key); - FCGI_EndJSON(); - } else { - char buf[128]; - strftime(buf, 128, "%H:%M:%S %d-%m-%Y", - localtime(&(context->control_timestamp))); - FCGI_BeginJSON(context, STATUS_UNAUTHORIZED); - FCGI_JSONPair("description", "Another user already has control"); - FCGI_JSONPair("current_user", context->control_ip); - FCGI_JSONPair("when", buf); - FCGI_EndJSON(); + + // Can't lock control if: User not actually logged in (sanity), or key is still valid and the user is not an admin + if (user_type == USER_UNAUTH || + (user_type != USER_ADMIN && !expired && *(context->control_key) != '\0')) + return false; + + // Release any existing control (if any) + FCGI_ReleaseControl(context); + + // Set timestamp + context->control_timestamp = now; + + // Generate a SHA1 hash for the user + SHA_CTX sha1ctx; + unsigned char sha1[20]; + int i = rand(); + SHA1_Init(&sha1ctx); + SHA1_Update(&sha1ctx, &now, sizeof(now)); + SHA1_Update(&sha1ctx, &i, sizeof(i)); + SHA1_Final(sha1, &sha1ctx); + for (i = 0; i < sizeof(sha1); i++) + sprintf(context->control_key + i * 2, "%02x", sha1[i]); + + // Set the IP address + snprintf(context->control_ip, 16, "%s", getenv("REMOTE_ADDR")); + // Set the user name + int uname_len = strlen(user_name); + if (snprintf(context->user_name, sizeof(context->user_name), "%s", user_name) < uname_len) + { + Log(LOGERR, "Username at %d characters too long (limit %d)", uname_len, sizeof(context->user_name)); + return false; // :-( } + // Set the user type + context->user_type = user_type; + // Create directory + if (mkdir(user_name, 0777) != 0 && errno != EEXIST) + { + Log(LOGERR, "Couldn't create user directory %s/%s - %s", g_options.root_dir, user_name, strerror(errno)); + return false; // :-( + } + + + return true; // :-) } /** @@ -133,7 +145,8 @@ void FCGI_LockControl(FCGIContext *context, bool force) { bool FCGI_HasControl(FCGIContext *context, const char *key) { time_t now = time(NULL); int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT && - key != NULL && !strcmp(context->control_key, key); + key != NULL && context->control_key[0] != '\0' && + !strcmp(context->control_key, key); if (result) { context->control_timestamp = now; //Update the control_timestamp } @@ -147,8 +160,7 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) { */ void FCGI_ReleaseControl(FCGIContext *context) { *(context->control_key) = 0; - FCGI_BeginJSON(context, STATUS_OK); - FCGI_EndJSON(); + // Note: context->user_name should *not* be cleared return; } @@ -306,6 +318,25 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code) FCGI_JSONPair("control_state", Control_GetModeName()); } +/** + * Generic accept response in JSON format. + * @param context The context to work in + * @param description A short description. + * @param cookie Optional. If given, the cookie field is set to that value. + */ +void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie) +{ + printf("Content-type: application/json; charset=utf-8\r\n"); + if (cookie) { + printf("Set-Cookie: %s\r\n", cookie); + } + printf("\r\n{\r\n"); + printf("\t\"module\" : \"%s\"", context->current_module); + FCGI_JSONLong("status", STATUS_OK); + FCGI_JSONPair("description", description); + FCGI_EndJSON(); +} + /** * Adds a key/value pair to a JSON response. The response must have already * been initiated by FCGI_BeginJSON. Special characters are not escaped. @@ -381,7 +412,7 @@ void FCGI_RejectJSONEx(FCGIContext *context, StatusCodes status, const char *des FCGI_BeginJSON(context, status); FCGI_JSONPair("description", description); FCGI_JSONLong("responsenumber", context->response_number); - //FCGI_JSONPair("params", getenv("QUERY_STRING")); + //FCGI_JSONPair("params", getenv("QUERY_STRING")); //A bad idea if contains password but also if contains unescaped stuff FCGI_JSONPair("host", getenv("SERVER_HOSTNAME")); FCGI_JSONPair("user", getenv("REMOTE_USER")); FCGI_JSONPair("ip", getenv("REMOTE_ADDR")); @@ -461,21 +492,22 @@ void * FCGI_RequestLoop (void *data) ModuleHandler module_handler = NULL; char module[BUFSIZ], params[BUFSIZ]; + //Don't need to copy if we're not modifying string contents + const char *cookie = getenv("COOKIE_STRING"); //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params); + Log(LOGDEBUG, "Cookie: %s", cookie); + //Remove trailing slashes (if present) from module query size_t lastchar = strlen(module) - 1; if (lastchar > 0 && module[lastchar] == '/') module[lastchar] = 0; - //Escape all special characters - FCGI_EscapeText(params); - //Default to the 'identify' module if none specified if (!*module) strcpy(module, "identify"); @@ -490,17 +522,39 @@ void * FCGI_RequestLoop (void *data) module_handler = Actuator_Handler; } else if (!strcmp("image", module)) { module_handler = Image_Handler; + } else if (!strcmp("pin", module)) { + module_handler = Pin_Handler; // *Debug only* pin test module + } else if (!strcmp("bind", module)) { + module_handler = Login_Handler; + } else if (!strcmp("unbind", module)) { + module_handler = Logout_Handler; } context.current_module = module; - if (module_handler) { + context.response_number++; + + if (module_handler) + { + if (module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler) + //if (false) // Testing + { + if (!FCGI_HasControl(&context, cookie)) + { + FCGI_RejectJSON(&context, "Please login. Invalid control key."); + continue; + } + + //Escape all special characters. + //Don't escape for login (password may have special chars?) + FCGI_EscapeText(params); + } + module_handler(&context, params); - } else { + } + else + { FCGI_RejectJSON(&context, "Unhandled module"); } - context.response_number++; - - } Log(LOGDEBUG, "Thread exiting.");