X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=af92efdeae0cf67a468f2c91ec1166be4f4c09c4;hb=2c380e71b15c2fc7fd5a4d3d5e1bbbfc46ba58f9;hp=0a6783ff8d8eb2f6c9a002c4b443ff2cb4f2b280;hpb=544b54c409f3731b8e1581af95072a64ff393a28;p=matches%2FMCTX3420.git diff --git a/server/fastcgi.c b/server/fastcgi.c index 0a6783f..af92efd 100644 --- a/server/fastcgi.c +++ b/server/fastcgi.c @@ -33,15 +33,11 @@ * @param context The context to work in * @param params User specified paramters: [actuators, sensors] */ -static void IdentifyHandler(FCGIContext *context, char *params) { +static void IdentifyHandler(FCGIContext *context, char *params) +{ bool ident_sensors = false, ident_actuators = false; - char control_key[CONTROL_KEY_BUFSIZ]; - bool has_control; int i; - snprintf(control_key, CONTROL_KEY_BUFSIZ, "%s", getenv("COOKIE_STRING")); - has_control = FCGI_HasControl(context, control_key); - FCGIValue values[2] = {{"sensors", &ident_sensors, FCGI_BOOL_T}, {"actuators", &ident_actuators, FCGI_BOOL_T}}; if (!FCGI_ParseRequest(context, params, values, 2)) @@ -55,6 +51,8 @@ static void IdentifyHandler(FCGIContext *context, char *params) { clock_getres(CLOCK_MONOTONIC, &t); FCGI_JSONDouble("clock_getres", TIMEVAL_TO_DOUBLE(t)); FCGI_JSONLong("api_version", API_VERSION); + + bool has_control = FCGI_HasControl(context); FCGI_JSONBool("logged_in", has_control); FCGI_JSONPair("user_name", has_control ? context->user_name : ""); @@ -165,11 +163,12 @@ bool FCGI_LockControl(FCGIContext *context, const char * user_name, UserType use * @param key The control key to be validated. * @return TRUE if authorized, FALSE if not. */ -bool FCGI_HasControl(FCGIContext *context, const char *key) { +bool FCGI_HasControl(FCGIContext *context) +{ time_t now = time(NULL); int result = (now - context->control_timestamp) <= CONTROL_TIMEOUT && - key != NULL && context->control_key[0] != '\0' && - !strcmp(context->control_key, key); + context->control_key[0] != '\0' && + !strcmp(context->control_key, context->received_key); if (result) { context->control_timestamp = now; //Update the control_timestamp } @@ -181,12 +180,50 @@ bool FCGI_HasControl(FCGIContext *context, const char *key) { * Revokes the current control key, if present. * @param context The context to work in */ -void FCGI_ReleaseControl(FCGIContext *context) { +void FCGI_ReleaseControl(FCGIContext *context) +{ *(context->control_key) = 0; // Note: context->user_name should *not* be cleared return; } +/** + * Gets the control cookie + * @param buffer A storage buffer of exactly CONTROL_KEY_BUFSIZ length to + store the control key + */ +void FCGI_GetControlCookie(char buffer[CONTROL_KEY_BUFSIZ]) +{ + const char *cookies = getenv("COOKIE_STRING"); + const char *start = strstr(cookies, "mctxkey="); + + *buffer = 0; //Clear the buffer + if (start != NULL) { + int i; + start += 8; //length of mctxkey= + for (i = 0; i < CONTROL_KEY_BUFSIZ; i++) { + if (*start == 0 || *start == ';') { + break; + } + buffer[i] = *start++; + } + buffer[i] = 0; + } +} + +/** + * Sends the control key to the user as a cookie. + * @param context the context to work in + * @param set Whether to set or unset the control cookie + */ +void FCGI_SendControlCookie(FCGIContext *context, bool set) { + if (set) { + printf("Set-Cookie: mctxkey=%s\r\n", context->control_key); + } else { + printf("Set-Cookie: mctxkey=\r\n"); + } +} + /** * Extracts a key/value pair from a request string. * Note that the input is modified by this function. @@ -347,12 +384,9 @@ void FCGI_BeginJSON(FCGIContext *context, StatusCodes status_code) * @param description A short description. * @param cookie Optional. If given, the cookie field is set to that value. */ -void FCGI_AcceptJSON(FCGIContext *context, const char *description, const char *cookie) +void FCGI_AcceptJSON(FCGIContext *context, const char *description) { printf("Content-type: application/json; charset=utf-8\r\n"); - if (cookie) { - printf("Set-Cookie: %s\r\n", cookie); - } printf("\r\n{\r\n"); printf("\t\"module\" : \"%s\"", context->current_module); FCGI_JSONLong("status", STATUS_OK); @@ -514,17 +548,15 @@ void * FCGI_RequestLoop (void *data) while (FCGI_Accept() >= 0) { ModuleHandler module_handler = NULL; - char module[BUFSIZ], params[BUFSIZ], control_key[CONTROL_KEY_BUFSIZ]; + char module[BUFSIZ], params[BUFSIZ]; //strncpy doesn't zero-truncate properly snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL")); snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING")); - //Hack to get the nameless cookie only - snprintf(control_key, CONTROL_KEY_BUFSIZ, "%s", getenv("COOKIE_STRING")); - + FCGI_GetControlCookie(context.received_key); Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params); - Log(LOGDEBUG, "Control key: %s", control_key); + Log(LOGDEBUG, "Control key: %s", context.received_key); //Remove trailing slashes (if present) from module query @@ -559,10 +591,10 @@ void * FCGI_RequestLoop (void *data) if (module_handler) { - //if (module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler) - if (false) // Testing + if (g_options.auth_method != AUTH_NONE && module_handler != Login_Handler && module_handler != IdentifyHandler && module_handler) + //if (false) // Testing { - if (!FCGI_HasControl(&context, control_key)) + if (!FCGI_HasControl(&context)) { FCGI_RejectJSON(&context, "Please login. Invalid control key."); continue;