Fix crash when using auth_relay=none
This commit is contained in:
parent
64d024b0c0
commit
5f0080ef92
|
@ -27,6 +27,18 @@
|
|||
#include <string.h>
|
||||
#include <time.h>
|
||||
|
||||
#if HAVE_GNUTLS_OPENSSL_H
|
||||
#include <gnutls/openssl.h>
|
||||
#endif
|
||||
#if HAVE_GNUTLS_GNUTLS_H
|
||||
#include <gnutls/gnutls.h>
|
||||
#endif
|
||||
|
||||
#if HAVE_GCRYPT_H
|
||||
#include <gcrypt.h>
|
||||
#elif HAVE_LIBCRYPTO
|
||||
#include <openssl/md5.h>
|
||||
#endif // HAVE_L || HAVE_LIBCRYPTO
|
||||
|
||||
#include "zm_utils.h"
|
||||
#include "zm_crypt.h"
|
||||
|
@ -38,22 +50,22 @@ User::User() {
|
|||
stream = events = control = monitors = system = PERM_NONE;
|
||||
}
|
||||
|
||||
User::User( MYSQL_ROW &dbrow ) {
|
||||
User::User(const MYSQL_ROW &dbrow) {
|
||||
int index = 0;
|
||||
id = atoi( dbrow[index++] );
|
||||
strncpy( username, dbrow[index++], sizeof(username)-1 );
|
||||
strncpy( password, dbrow[index++], sizeof(password)-1 );
|
||||
enabled = (bool)atoi( dbrow[index++] );
|
||||
stream = (Permission)atoi( dbrow[index++] );
|
||||
events = (Permission)atoi( dbrow[index++] );
|
||||
control = (Permission)atoi( dbrow[index++] );
|
||||
monitors = (Permission)atoi( dbrow[index++] );
|
||||
system = (Permission)atoi( dbrow[index++] );
|
||||
id = atoi(dbrow[index++]);
|
||||
strncpy(username, dbrow[index++], sizeof(username)-1);
|
||||
strncpy(password, dbrow[index++], sizeof(password)-1);
|
||||
enabled = (bool)atoi(dbrow[index++]);
|
||||
stream = (Permission)atoi(dbrow[index++]);
|
||||
events = (Permission)atoi(dbrow[index++]);
|
||||
control = (Permission)atoi(dbrow[index++]);
|
||||
monitors = (Permission)atoi(dbrow[index++]);
|
||||
system = (Permission)atoi(dbrow[index++]);
|
||||
char *monitor_ids_str = dbrow[index++];
|
||||
if ( monitor_ids_str && *monitor_ids_str ) {
|
||||
StringVector ids = split(monitor_ids_str, ",");
|
||||
for( StringVector::iterator i = ids.begin(); i < ids.end(); ++i ) {
|
||||
monitor_ids.push_back( atoi( (*i).c_str()) );
|
||||
monitor_ids.push_back(atoi((*i).c_str()));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -62,10 +74,10 @@ User::~User() {
|
|||
monitor_ids.clear();
|
||||
}
|
||||
|
||||
void User::Copy( const User &u ) {
|
||||
void User::Copy(const User &u) {
|
||||
id=u.id;
|
||||
strncpy( username, u.username, sizeof(username)-1 );
|
||||
strncpy( password, u.password, sizeof(password)-1 );
|
||||
strncpy(username, u.username, sizeof(username)-1);
|
||||
strncpy(password, u.password, sizeof(password)-1);
|
||||
enabled = u.enabled;
|
||||
stream = u.stream;
|
||||
events = u.events;
|
||||
|
@ -75,7 +87,7 @@ void User::Copy( const User &u ) {
|
|||
monitor_ids = u.monitor_ids;
|
||||
}
|
||||
|
||||
bool User::canAccess( int monitor_id ) {
|
||||
bool User::canAccess(int monitor_id) {
|
||||
if ( monitor_ids.empty() )
|
||||
return true;
|
||||
|
||||
|
@ -89,54 +101,52 @@ bool User::canAccess( int monitor_id ) {
|
|||
|
||||
// Function to load a user from username and password
|
||||
// Please note that in auth relay mode = none, password is NULL
|
||||
User *zmLoadUser( const char *username, const char *password ) {
|
||||
User *zmLoadUser(const char *username, const char *password) {
|
||||
char sql[ZM_SQL_MED_BUFSIZ] = "";
|
||||
int username_length = strlen(username);
|
||||
char *safer_username = new char[(username_length * 2) + 1];
|
||||
|
||||
// According to docs, size of safer_whatever must be 2*length+1 due to unicode conversions + null terminator.
|
||||
mysql_real_escape_string(&dbconn, safer_username, username, username_length );
|
||||
|
||||
mysql_real_escape_string(&dbconn, safer_username, username, username_length);
|
||||
|
||||
snprintf(sql, sizeof(sql),
|
||||
"SELECT `Id`, `Username`, `Password`, `Enabled`, `Stream`+0, `Events`+0, `Control`+0, `Monitors`+0, `System`+0, `MonitorIds`"
|
||||
" FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username );
|
||||
|
||||
" FROM `Users` WHERE `Username` = '%s' AND `Enabled` = 1", safer_username);
|
||||
|
||||
if ( mysql_query(&dbconn, sql) ) {
|
||||
Error("Can't run query: %s", mysql_error(&dbconn));
|
||||
exit(mysql_errno(&dbconn));
|
||||
}
|
||||
delete safer_username;
|
||||
|
||||
MYSQL_RES *result = mysql_store_result(&dbconn);
|
||||
if ( !result ) {
|
||||
Error("Can't use query result: %s", mysql_error(&dbconn));
|
||||
exit(mysql_errno(&dbconn));
|
||||
}
|
||||
int n_users = mysql_num_rows(result);
|
||||
|
||||
if ( n_users != 1 ) {
|
||||
if ( mysql_num_rows(result) != 1 ) {
|
||||
mysql_free_result(result);
|
||||
Warning("Unable to authenticate user %s", username);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
MYSQL_ROW dbrow = mysql_fetch_row(result);
|
||||
|
||||
User *user = new User(dbrow);
|
||||
|
||||
if (verifyPassword(username, password, user->getPassword())) {
|
||||
Info("Authenticated user '%s'", user->getUsername());
|
||||
mysql_free_result(result);
|
||||
delete safer_username;
|
||||
|
||||
if ( !password ) {
|
||||
// relay type must be none
|
||||
return user;
|
||||
}
|
||||
else {
|
||||
Warning("Unable to authenticate user %s", username);
|
||||
mysql_free_result(result);
|
||||
return NULL;
|
||||
|
||||
if ( verifyPassword(username, password, user->getPassword()) ) {
|
||||
Info("Authenticated user '%s'", user->getUsername());
|
||||
return user;
|
||||
}
|
||||
|
||||
Warning("Unable to authenticate user %s", username);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
User *zmLoadTokenUser (std::string jwt_token_str, bool use_remote_addr ) {
|
||||
|
|
|
@ -23,25 +23,14 @@
|
|||
#ifndef ZM_USER_H
|
||||
#define ZM_USER_H
|
||||
|
||||
#if HAVE_GNUTLS_OPENSSL_H
|
||||
#include <gnutls/openssl.h>
|
||||
#endif
|
||||
#if HAVE_GNUTLS_GNUTLS_H
|
||||
#include <gnutls/gnutls.h>
|
||||
#endif
|
||||
|
||||
#if HAVE_GCRYPT_H
|
||||
#include <gcrypt.h>
|
||||
#elif HAVE_LIBCRYPTO
|
||||
#include <openssl/md5.h>
|
||||
#endif // HAVE_L || HAVE_LIBCRYPTO
|
||||
|
||||
#include <string>
|
||||
#include <vector>
|
||||
class User {
|
||||
public:
|
||||
typedef enum { PERM_NONE=1, PERM_VIEW, PERM_EDIT } Permission;
|
||||
|
||||
protected:
|
||||
class User {
|
||||
public:
|
||||
typedef enum { PERM_NONE = 1, PERM_VIEW, PERM_EDIT } Permission;
|
||||
|
||||
protected:
|
||||
int id;
|
||||
char username[32+1];
|
||||
char password[64+1];
|
||||
|
@ -53,32 +42,32 @@ protected:
|
|||
Permission system;
|
||||
std::vector<int> monitor_ids;
|
||||
|
||||
public:
|
||||
public:
|
||||
User();
|
||||
explicit User( MYSQL_ROW &dbrow );
|
||||
explicit User(const MYSQL_ROW &dbrow);
|
||||
~User();
|
||||
User( User &u ) { Copy(u); }
|
||||
void Copy( const User &u );
|
||||
User(User &u) { Copy(u); }
|
||||
void Copy(const User &u);
|
||||
User& operator=(const User &u) {
|
||||
Copy(u); return *this;
|
||||
}
|
||||
|
||||
const int Id() const { return id; }
|
||||
const char *getUsername() const { return( username ); }
|
||||
const char *getPassword() const { return( password ); }
|
||||
bool isEnabled() const { return( enabled ); }
|
||||
Permission getStream() const { return( stream ); }
|
||||
Permission getEvents() const { return( events ); }
|
||||
Permission getControl() const { return( control ); }
|
||||
Permission getMonitors() const { return( monitors ); }
|
||||
Permission getSystem() const { return( system ); }
|
||||
bool canAccess( int monitor_id );
|
||||
const char *getUsername() const { return username; }
|
||||
const char *getPassword() const { return password; }
|
||||
bool isEnabled() const { return enabled; }
|
||||
Permission getStream() const { return stream; }
|
||||
Permission getEvents() const { return events; }
|
||||
Permission getControl() const { return control; }
|
||||
Permission getMonitors() const { return monitors; }
|
||||
Permission getSystem() const { return system; }
|
||||
bool canAccess(int monitor_id);
|
||||
};
|
||||
|
||||
User *zmLoadUser( const char *username, const char *password=0 );
|
||||
User *zmLoadAuthUser( const char *auth, bool use_remote_addr );
|
||||
User *zmLoadTokenUser( std::string jwt, bool use_remote_addr);
|
||||
bool checkUser ( const char *username);
|
||||
bool checkPass (const char *password);
|
||||
User *zmLoadUser(const char *username, const char *password=0);
|
||||
User *zmLoadAuthUser(const char *auth, bool use_remote_addr);
|
||||
User *zmLoadTokenUser(std::string jwt, bool use_remote_addr);
|
||||
bool checkUser(const char *username);
|
||||
bool checkPass(const char *password);
|
||||
|
||||
#endif // ZM_USER_H
|
||||
|
|
Loading…
Reference in New Issue