X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Flogin.c;h=a2a11e9a903cb4de91b5508b819c4ed6efc8595b;hb=6f7034fea05d88dcf5a6b06c028b283922575b2a;hp=a616af2c0a4ab627987a2edbb2bc9e91be47c60a;hpb=f858232d7c564f14e6d2fb9d616f8e12a1ec9171;p=matches%2FMCTX3420.git diff --git a/server/login.c b/server/login.c index a616af2..a2a11e9 100644 --- a/server/login.c +++ b/server/login.c @@ -149,8 +149,9 @@ int Login_LDAP_Bind(const char * uri, const char * dn, const char * pass) * @param params - Parameter string, UNUSED */ void Logout_Handler(FCGIContext * context, char * params) -{ +{ FCGI_ReleaseControl(context); + FCGI_AcceptJSON(context, "Logged out", "0"); } @@ -161,16 +162,8 @@ void Logout_Handler(FCGIContext * context, char * params) */ void Login_Handler(FCGIContext * context, char * params) { - - if (context->control_key[0] != '\0') - { - FCGI_RejectJSON(context, "Already logged in."); - return; - } - - char * user = ""; // The username supplied through CGI - char * pass = ""; // The password supplied through CGI - //TODO: Make sure these are passed through HTTPS, *not* HTTP .... otherwise people can eavesdrop on the passwords + char * user; // The username supplied through CGI + char * pass; // The password supplied through CGI FCGIValue values[] = { {"user", &user, FCGI_REQUIRED(FCGI_STRING_T)}, @@ -191,17 +184,14 @@ void Login_Handler(FCGIContext * context, char * params) return; } - - // Trim leading whitespace (the BUFSIZ check is to make sure incorrectly terminated strings don't cause an infinite loop) + // Trim leading whitespace int i = 0; - for (i = 0; i < BUFSIZ && isspace(user[0]) && user[0] != '\0'; ++i,++user); + for (i = 0; isspace(user[0]) && user[0] != '\0'; ++i, ++user); // Truncate string at first non alphanumeric character - for (i = 0; i < BUFSIZ && isalnum(user[i]) && user[i] != '\0'; ++i); + for (i = 0; isalnum(user[i]) && user[i] != '\0'; ++i); user[i] = '\0'; - - bool authenticated = true; @@ -220,16 +210,19 @@ void Login_Handler(FCGIContext * context, char * params) char dn[BUFSIZ]; // On a simple LDAP server: - int len = sprintf(dn, "uid=%s,%s", user, g_options.ldap_base_dn); + //int len = sprintf(dn, "uid=%s,%s", user, g_options.ldap_base_dn); // At UWA (hooray) - //char * user_type = (user[0] != '0') : "Students" ? "Staff"; - //int len = sprintf(dn, "cn=%s,ou=%s", user, user_type, g_options.ldap_dn_base); + char * user_type = "Students"; + if (user[0] == '0') + user_type = "Staff"; + int len = sprintf(dn, "cn=%s,ou=%s,%s", user, user_type, g_options.ldap_base_dn); if (len >= BUFSIZ) { FCGI_RejectJSON(context, "DN too long! Recompile with increased BUFSIZ"); + return; } authenticated = (Login_LDAP_Bind(g_options.auth_uri, dn, pass) == LDAP_SUCCESS); @@ -251,14 +244,22 @@ void Login_Handler(FCGIContext * context, char * params) if (!authenticated) { - FCGI_RejectJSON(context, "Authentication failure."); - return; + FCGI_RejectJSONEx(context, STATUS_UNAUTHORIZED, "Authentication failure."); } + else + { + if (FCGI_LockControl(context, false)) + { + //Todo: change this to something better than the username if using LDAP. + snprintf(context->friendly_name, 31, "%s", user); + FCGI_EscapeText(context->friendly_name); //Don't break javascript pls - FCGI_LockControl(context, false); - - // Give the user a cookie - FCGI_PrintRaw("Content-type: text\r\n"); - FCGI_PrintRaw("Set-Cookie: %s\r\n\r\n", context->control_key); - + // Give the user a cookie + FCGI_AcceptJSON(context, "Logged in", context->control_key); + } + else + { + FCGI_RejectJSON(context, "Someone else is already logged in"); + } + } }