Loading plugin/krb5/krb5.cpp +119 −191 Original line number Diff line number Diff line Loading @@ -2633,24 +2633,13 @@ void Krb5KDC::loadRealms() { } /* Iterate the admin backend to find all domains */ AuthBackend::Guard lock(_AdminBackend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = _AdminBackend.end(); Domain domain; std::vector<uuid::uuid> dids; domain.list(_AdminBackend, dids); while (rd < end) { _AdminBackend.setPos(rd); _AdminBackend.read(reinterpret_cast<unsigned char *>(&cur), sizeof(AuthData::Record)); size_t next_rd = _AdminBackend.getPos() + cur.datasize; if (next_rd <= rd || next_rd > end) break; if (cur.type == DataType::DomainData && strcmp(cur.fieldname, "domainname") == 0) { for (auto &did : dids) { try { class DomainData ddat(cur.ruid); class DomainData ddat(did); size_t dpos = sizeof(AuthHeader); domain.info(_AdminBackend, ddat, dpos); Loading @@ -2671,9 +2660,6 @@ void Krb5KDC::loadRealms() { std::cerr << "KDC: failed to load domain: " << e.what() << std::endl; } } rd = next_rd; } } void Krb5KDC::generateCrossRealmKeys() { Loading Loading @@ -3535,33 +3521,18 @@ std::vector<uint8_t> Krb5KDC::buildStandardError(Krb5ErrorCode code, */ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; if (cur.type == DataType::UserData && strcmp(cur.fieldname, "username") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string username(reinterpret_cast<char*>(tmp.data())); if (username == principal.name) { uid = uuid::uuid(cur.ruid); User user; class UserData udat(uid); std::vector<uuid::uuid> uids; user.list(backend, uids); for (auto &u : uids) { class UserData udat(u); size_t upos = sizeof(AuthHeader); user.info(backend, udat, upos); if (udat.getUsername() == principal.name) { uid = u; /* * Prefer stored Kerberos key (computed from raw password * at creation / password-change time). This is the only Loading @@ -3583,10 +3554,6 @@ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, return true; } } } rd = next_rd; } return false; } Loading @@ -3596,37 +3563,23 @@ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, */ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); std::string lookup_name = principal.name; if (!principal.instance.empty()) lookup_name = principal.name + "/" + principal.instance; while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; class Client client_mgr; std::vector<uuid::uuid> clids; client_mgr.list(backend, clids); if (cur.type == DataType::ClientData && strcmp(cur.fieldname, "clientname") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string clientname(reinterpret_cast<char*>(tmp.data())); for (auto &clid : clids) { class authdb::ClientData cdat(clid); size_t cpos = sizeof(AuthHeader); client_mgr.info(backend, cdat, cpos); std::string clientname = cdat.getName(); if (clientname == lookup_name || clientname == principal.name || (!principal.instance.empty() && clientname == principal.instance)) { uid = uuid::uuid(cur.ruid); class Client client_mgr; class authdb::ClientData cdat(uid); size_t cpos = sizeof(AuthHeader); client_mgr.info(backend, cdat, cpos); uid = clid; /* * Prefer stored Kerberos key (computed at client Loading @@ -3647,10 +3600,6 @@ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, return true; } } } rd = next_rd; } return false; } Loading @@ -3660,43 +3609,27 @@ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, */ bool Krb5KDC::lookupService(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; if (cur.type == DataType::ServiceData && strcmp(cur.fieldname, "servicename") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string svcname(reinterpret_cast<char*>(tmp.data())); /* Match service name (e.g. "HTTP") against principal.name */ if (svcname == principal.name) { uid = uuid::uuid(cur.ruid); ServiceManager svc_mgr; class authdb::ServiceData sdat(uid); std::vector<uuid::uuid> sids; svc_mgr.list(backend, sids); for (auto &sid : sids) { class authdb::ServiceData sdat(sid); size_t spos = sizeof(AuthHeader); svc_mgr.info(backend, sdat, spos); const char *svcname = sdat.getServiceName(); if (!svcname || std::string(svcname) != principal.name) continue; uid = sid; /* Check hostname matches instance */ const char *hostname = sdat.getHostName(); if (hostname && !principal.instance.empty()) { if (std::string(hostname) != principal.instance) { /* hostname mismatch, skip */ rd = next_rd; if (std::string(hostname) != principal.instance) continue; } } /* Prefer stored krbkey, fall back to deriving from secret */ std::string krbkeyHex = sdat.getKrbKey(); Loading @@ -3715,11 +3648,6 @@ bool Krb5KDC::lookupService(AuthBackend &backend, const Krb5Principal &principal } return true; } } } rd = next_rd; } return false; } Loading src/api.cpp +31 −58 Original line number Diff line number Diff line Loading @@ -269,8 +269,6 @@ public: sha512 sha; sha.hash(pw, pwsalt); size_t rd = sizeof(authdb::AuthHeader); _SessionData = nullptr; class User user; Loading Loading @@ -301,7 +299,6 @@ public: } } } } return nullptr; } Loading @@ -325,24 +322,10 @@ public: sha512 sha; sha.hash(pw, pwsalt); size_t rd = sizeof(authdb::AuthHeader); size_t end = _Backend.end(); while (rd + sizeof(AuthData::Record) <= end) { std::shared_ptr<authdb::AuthData::Record> cur = std::make_shared<authdb::AuthData::Record>(); _Backend.setPos(rd); _Backend.read(reinterpret_cast<unsigned char*>(cur.get()), sizeof(AuthData::Record)); size_t header_end_pos = _Backend.getPos(); if (!compute_next_rd(rd, end, cur->datasize, header_end_pos)) { break; } if (cur->type == ClientData && strcmp(cur->fieldname, "clientname") == 0) { class ClientData cdat(cur->ruid); std::vector<uuid::uuid> clids; AuthClient.list(_Backend, clids); for (auto &clid : clids) { class ClientData cdat(clid); size_t upos = sizeof(AuthHeader); AuthClient.info(_Backend, cdat, upos); Loading @@ -361,7 +344,6 @@ public: } } } } return nullptr; } Loading Loading @@ -681,31 +663,22 @@ public: json_object* jarr = json_object_new_array(); Group group; size_t rd = sizeof(authdb::AuthHeader), end = _Backend.end(); while (rd + sizeof(AuthData::Record) <= end) { std::shared_ptr<authdb::AuthData::Record> cur = std::make_shared<authdb::AuthData::Record>(); _Backend.setPos(rd); _Backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record)); size_t next = _Backend.getPos() + cur->datasize; if (next < _Backend.getPos() || next > end) break; rd = next; if (cur->type == GroupData && strcmp(cur->fieldname, "groupname") == 0) { class GroupData gdat(cur->ruid); std::vector<uuid::uuid> gids; group.list(_Backend, gids); for (auto &gid : gids) { class GroupData gdat(gid); try { size_t upos = sizeof(authdb::AuthHeader); group.info(_Backend, gdat, upos); json_object *jgrp = json_object_new_object(); json_object_object_add(jgrp, "gid", json_object_new_string(uuid::uuid(cur->ruid).c_str())); json_object_object_add(jgrp, "gid", json_object_new_string(gid.c_str())); json_object_object_add(jgrp, "name", json_object_new_string(gdat.getName().c_str())); json_object_array_add(jarr, jgrp); } catch (AuthBackendError &e) { std::cerr << e.what() << std::endl; } } } json_object_object_add(out, "groups", jarr); json_object_array_add(response, out); Loading src/authdb.cpp +13 −26 Original line number Diff line number Diff line Loading @@ -437,38 +437,25 @@ namespace authdb { ::uuid::uuid uid(cuid); // Always lock the resolved backend AuthBackend::Guard domlock(*backend, AuthBackend::Shared); size_t rd=sizeof(authdb::AuthHeader),end=backend->end(); while(rd+sizeof(AuthData::Record)<=end){ std::shared_ptr <authdb::AuthData::Record> cur=std::make_shared<authdb::AuthData::Record>(); backend->setPos(rd); backend->read((unsigned char*)cur.get(),sizeof(AuthData::Record)); size_t next=backend->getPos()+cur->datasize; if(next<backend->getPos() || next>end) break; rd=next; if(uid==cur->ruid && strcmp(cur->fieldname,"avatar")==0){ cur->data = new char[cur->datasize + 1]; backend->read((unsigned char*)cur->data,cur->datasize); cur->data[cur->datasize] = '\0'; User user; class UserData udat(uid); size_t upos = sizeof(AuthHeader); try { user.info(*backend, udat, upos); std::vector<char> img; udat.getAvatar(img); if (!img.empty()) { char ctype[255]; snprintf(ctype, 255, "image/%s", ext); rep.setContentType(ctype); std::vector<char> img; std::copy(cur->data,cur->data+cur->datasize,std::back_inserter(img)); rep.send(curreq,img,cur->datasize); delete[] cur->data; rep.send(curreq, img, img.size()); return; } } catch (AuthBackendError &) { } if(end!=0){ rep.setState(HTTP404); rep.send(curreq,"",0); } }; Loading Loading
plugin/krb5/krb5.cpp +119 −191 Original line number Diff line number Diff line Loading @@ -2633,24 +2633,13 @@ void Krb5KDC::loadRealms() { } /* Iterate the admin backend to find all domains */ AuthBackend::Guard lock(_AdminBackend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = _AdminBackend.end(); Domain domain; std::vector<uuid::uuid> dids; domain.list(_AdminBackend, dids); while (rd < end) { _AdminBackend.setPos(rd); _AdminBackend.read(reinterpret_cast<unsigned char *>(&cur), sizeof(AuthData::Record)); size_t next_rd = _AdminBackend.getPos() + cur.datasize; if (next_rd <= rd || next_rd > end) break; if (cur.type == DataType::DomainData && strcmp(cur.fieldname, "domainname") == 0) { for (auto &did : dids) { try { class DomainData ddat(cur.ruid); class DomainData ddat(did); size_t dpos = sizeof(AuthHeader); domain.info(_AdminBackend, ddat, dpos); Loading @@ -2671,9 +2660,6 @@ void Krb5KDC::loadRealms() { std::cerr << "KDC: failed to load domain: " << e.what() << std::endl; } } rd = next_rd; } } void Krb5KDC::generateCrossRealmKeys() { Loading Loading @@ -3535,33 +3521,18 @@ std::vector<uint8_t> Krb5KDC::buildStandardError(Krb5ErrorCode code, */ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; if (cur.type == DataType::UserData && strcmp(cur.fieldname, "username") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string username(reinterpret_cast<char*>(tmp.data())); if (username == principal.name) { uid = uuid::uuid(cur.ruid); User user; class UserData udat(uid); std::vector<uuid::uuid> uids; user.list(backend, uids); for (auto &u : uids) { class UserData udat(u); size_t upos = sizeof(AuthHeader); user.info(backend, udat, upos); if (udat.getUsername() == principal.name) { uid = u; /* * Prefer stored Kerberos key (computed from raw password * at creation / password-change time). This is the only Loading @@ -3583,10 +3554,6 @@ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, return true; } } } rd = next_rd; } return false; } Loading @@ -3596,37 +3563,23 @@ bool Krb5KDC::lookupUser(AuthBackend &backend, const Krb5Principal &principal, */ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); std::string lookup_name = principal.name; if (!principal.instance.empty()) lookup_name = principal.name + "/" + principal.instance; while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; class Client client_mgr; std::vector<uuid::uuid> clids; client_mgr.list(backend, clids); if (cur.type == DataType::ClientData && strcmp(cur.fieldname, "clientname") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string clientname(reinterpret_cast<char*>(tmp.data())); for (auto &clid : clids) { class authdb::ClientData cdat(clid); size_t cpos = sizeof(AuthHeader); client_mgr.info(backend, cdat, cpos); std::string clientname = cdat.getName(); if (clientname == lookup_name || clientname == principal.name || (!principal.instance.empty() && clientname == principal.instance)) { uid = uuid::uuid(cur.ruid); class Client client_mgr; class authdb::ClientData cdat(uid); size_t cpos = sizeof(AuthHeader); client_mgr.info(backend, cdat, cpos); uid = clid; /* * Prefer stored Kerberos key (computed at client Loading @@ -3647,10 +3600,6 @@ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, return true; } } } rd = next_rd; } return false; } Loading @@ -3660,43 +3609,27 @@ bool Krb5KDC::lookupClient(AuthBackend &backend, const Krb5Principal &principal, */ bool Krb5KDC::lookupService(AuthBackend &backend, const Krb5Principal &principal, uuid::uuid &uid, std::vector<uint8_t> &key) { AuthBackend::Guard lock(backend); AuthData::Record cur; size_t rd = sizeof(AuthHeader); size_t end = backend.end(); while (rd < end) { backend.setPos(rd); backend.read(reinterpret_cast<unsigned char*>(&cur), sizeof(AuthData::Record)); size_t next_rd = backend.getPos() + cur.datasize; if (next_rd < rd || next_rd > end) break; if (cur.type == DataType::ServiceData && strcmp(cur.fieldname, "servicename") == 0) { if (cur.datasize > 0 && cur.datasize < 1024) { std::vector<unsigned char> tmp(cur.datasize); backend.read(tmp.data(), cur.datasize); std::string svcname(reinterpret_cast<char*>(tmp.data())); /* Match service name (e.g. "HTTP") against principal.name */ if (svcname == principal.name) { uid = uuid::uuid(cur.ruid); ServiceManager svc_mgr; class authdb::ServiceData sdat(uid); std::vector<uuid::uuid> sids; svc_mgr.list(backend, sids); for (auto &sid : sids) { class authdb::ServiceData sdat(sid); size_t spos = sizeof(AuthHeader); svc_mgr.info(backend, sdat, spos); const char *svcname = sdat.getServiceName(); if (!svcname || std::string(svcname) != principal.name) continue; uid = sid; /* Check hostname matches instance */ const char *hostname = sdat.getHostName(); if (hostname && !principal.instance.empty()) { if (std::string(hostname) != principal.instance) { /* hostname mismatch, skip */ rd = next_rd; if (std::string(hostname) != principal.instance) continue; } } /* Prefer stored krbkey, fall back to deriving from secret */ std::string krbkeyHex = sdat.getKrbKey(); Loading @@ -3715,11 +3648,6 @@ bool Krb5KDC::lookupService(AuthBackend &backend, const Krb5Principal &principal } return true; } } } rd = next_rd; } return false; } Loading
src/api.cpp +31 −58 Original line number Diff line number Diff line Loading @@ -269,8 +269,6 @@ public: sha512 sha; sha.hash(pw, pwsalt); size_t rd = sizeof(authdb::AuthHeader); _SessionData = nullptr; class User user; Loading Loading @@ -301,7 +299,6 @@ public: } } } } return nullptr; } Loading @@ -325,24 +322,10 @@ public: sha512 sha; sha.hash(pw, pwsalt); size_t rd = sizeof(authdb::AuthHeader); size_t end = _Backend.end(); while (rd + sizeof(AuthData::Record) <= end) { std::shared_ptr<authdb::AuthData::Record> cur = std::make_shared<authdb::AuthData::Record>(); _Backend.setPos(rd); _Backend.read(reinterpret_cast<unsigned char*>(cur.get()), sizeof(AuthData::Record)); size_t header_end_pos = _Backend.getPos(); if (!compute_next_rd(rd, end, cur->datasize, header_end_pos)) { break; } if (cur->type == ClientData && strcmp(cur->fieldname, "clientname") == 0) { class ClientData cdat(cur->ruid); std::vector<uuid::uuid> clids; AuthClient.list(_Backend, clids); for (auto &clid : clids) { class ClientData cdat(clid); size_t upos = sizeof(AuthHeader); AuthClient.info(_Backend, cdat, upos); Loading @@ -361,7 +344,6 @@ public: } } } } return nullptr; } Loading Loading @@ -681,31 +663,22 @@ public: json_object* jarr = json_object_new_array(); Group group; size_t rd = sizeof(authdb::AuthHeader), end = _Backend.end(); while (rd + sizeof(AuthData::Record) <= end) { std::shared_ptr<authdb::AuthData::Record> cur = std::make_shared<authdb::AuthData::Record>(); _Backend.setPos(rd); _Backend.read((unsigned char*)cur.get(), sizeof(AuthData::Record)); size_t next = _Backend.getPos() + cur->datasize; if (next < _Backend.getPos() || next > end) break; rd = next; if (cur->type == GroupData && strcmp(cur->fieldname, "groupname") == 0) { class GroupData gdat(cur->ruid); std::vector<uuid::uuid> gids; group.list(_Backend, gids); for (auto &gid : gids) { class GroupData gdat(gid); try { size_t upos = sizeof(authdb::AuthHeader); group.info(_Backend, gdat, upos); json_object *jgrp = json_object_new_object(); json_object_object_add(jgrp, "gid", json_object_new_string(uuid::uuid(cur->ruid).c_str())); json_object_object_add(jgrp, "gid", json_object_new_string(gid.c_str())); json_object_object_add(jgrp, "name", json_object_new_string(gdat.getName().c_str())); json_object_array_add(jarr, jgrp); } catch (AuthBackendError &e) { std::cerr << e.what() << std::endl; } } } json_object_object_add(out, "groups", jarr); json_object_array_add(response, out); Loading
src/authdb.cpp +13 −26 Original line number Diff line number Diff line Loading @@ -437,38 +437,25 @@ namespace authdb { ::uuid::uuid uid(cuid); // Always lock the resolved backend AuthBackend::Guard domlock(*backend, AuthBackend::Shared); size_t rd=sizeof(authdb::AuthHeader),end=backend->end(); while(rd+sizeof(AuthData::Record)<=end){ std::shared_ptr <authdb::AuthData::Record> cur=std::make_shared<authdb::AuthData::Record>(); backend->setPos(rd); backend->read((unsigned char*)cur.get(),sizeof(AuthData::Record)); size_t next=backend->getPos()+cur->datasize; if(next<backend->getPos() || next>end) break; rd=next; if(uid==cur->ruid && strcmp(cur->fieldname,"avatar")==0){ cur->data = new char[cur->datasize + 1]; backend->read((unsigned char*)cur->data,cur->datasize); cur->data[cur->datasize] = '\0'; User user; class UserData udat(uid); size_t upos = sizeof(AuthHeader); try { user.info(*backend, udat, upos); std::vector<char> img; udat.getAvatar(img); if (!img.empty()) { char ctype[255]; snprintf(ctype, 255, "image/%s", ext); rep.setContentType(ctype); std::vector<char> img; std::copy(cur->data,cur->data+cur->datasize,std::back_inserter(img)); rep.send(curreq,img,cur->datasize); delete[] cur->data; rep.send(curreq, img, img.size()); return; } } catch (AuthBackendError &) { } if(end!=0){ rep.setState(HTTP404); rep.send(curreq,"",0); } }; Loading
