User: Convert to new hashing API
This commit is contained in:
parent
2bda413698
commit
837b32ccff
|
@ -22,17 +22,8 @@
|
||||||
#include "zm_crypt.h"
|
#include "zm_crypt.h"
|
||||||
#include "zm_logger.h"
|
#include "zm_logger.h"
|
||||||
#include "zm_utils.h"
|
#include "zm_utils.h"
|
||||||
#include <cassert>
|
|
||||||
#include <cstring>
|
#include <cstring>
|
||||||
|
|
||||||
#if HAVE_GNUTLS_GNUTLS_H
|
|
||||||
#include <gnutls/gnutls.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if HAVE_LIBCRYPTO
|
|
||||||
#include <openssl/md5.h>
|
|
||||||
#endif // HAVE_LIBCRYPTO
|
|
||||||
|
|
||||||
User::User() {
|
User::User() {
|
||||||
id = 0;
|
id = 0;
|
||||||
username[0] = password[0] = 0;
|
username[0] = password[0] = 0;
|
||||||
|
@ -189,11 +180,10 @@ User *zmLoadTokenUser(const std::string &jwt_token_str, bool use_remote_addr) {
|
||||||
|
|
||||||
// Function to validate an authentication string
|
// Function to validate an authentication string
|
||||||
User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
|
User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
|
||||||
#if HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
|
|
||||||
const char *remote_addr = "";
|
const char *remote_addr = "";
|
||||||
if ( use_remote_addr ) {
|
if (use_remote_addr) {
|
||||||
remote_addr = getenv("REMOTE_ADDR");
|
remote_addr = getenv("REMOTE_ADDR");
|
||||||
if ( !remote_addr ) {
|
if (!remote_addr) {
|
||||||
Warning("Can't determine remote address, using null");
|
Warning("Can't determine remote address, using null");
|
||||||
remote_addr = "";
|
remote_addr = "";
|
||||||
}
|
}
|
||||||
|
@ -209,7 +199,7 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
|
||||||
int n_users = mysql_num_rows(result);
|
int n_users = mysql_num_rows(result);
|
||||||
if ( n_users < 1 ) {
|
if (n_users < 1) {
|
||||||
mysql_free_result(result);
|
mysql_free_result(result);
|
||||||
Warning("Unable to authenticate user");
|
Warning("Unable to authenticate user");
|
||||||
return nullptr;
|
return nullptr;
|
||||||
|
@ -218,58 +208,49 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
|
||||||
// getting the time is expensive, so only do it once.
|
// getting the time is expensive, so only do it once.
|
||||||
time_t now = time(nullptr);
|
time_t now = time(nullptr);
|
||||||
unsigned int hours = config.auth_hash_ttl;
|
unsigned int hours = config.auth_hash_ttl;
|
||||||
if ( !hours ) {
|
if (!hours) {
|
||||||
Warning("No value set for ZM_AUTH_HASH_TTL. Defaulting to 2.");
|
Warning("No value set for ZM_AUTH_HASH_TTL. Defaulting to 2.");
|
||||||
hours = 2;
|
hours = 2;
|
||||||
} else {
|
} else {
|
||||||
Debug(1, "AUTH_HASH_TTL is %d, time is %" PRIi64, hours, static_cast<int64>(now));
|
Debug(1, "AUTH_HASH_TTL is %d, time is %" PRIi64, hours, static_cast<int64>(now));
|
||||||
}
|
}
|
||||||
char auth_key[512] = "";
|
|
||||||
char auth_md5[32+1] = "";
|
|
||||||
constexpr size_t md5len = 16;
|
|
||||||
uint8 md5sum[md5len];
|
|
||||||
|
|
||||||
const char * hex = "0123456789abcdef";
|
char auth_md5[32 + 1] = "";
|
||||||
while ( MYSQL_ROW dbrow = mysql_fetch_row(result) ) {
|
|
||||||
|
const char *hex = "0123456789abcdef";
|
||||||
|
while (MYSQL_ROW dbrow = mysql_fetch_row(result)) {
|
||||||
const char *username = dbrow[1];
|
const char *username = dbrow[1];
|
||||||
const char *password = dbrow[2];
|
const char *password = dbrow[2];
|
||||||
|
|
||||||
time_t our_now = now;
|
time_t our_now = now;
|
||||||
tm now_tm = {};
|
tm now_tm = {};
|
||||||
for ( unsigned int i = 0; i < hours; i++, our_now -= 3600 ) {
|
for (unsigned int i = 0; i < hours; i++, our_now -= 3600) {
|
||||||
localtime_r(&our_now, &now_tm);
|
localtime_r(&our_now, &now_tm);
|
||||||
|
|
||||||
snprintf(auth_key, sizeof(auth_key)-1, "%s%s%s%s%d%d%d%d",
|
std::string auth_key = stringtf("%s%s%s%s%d%d%d%d",
|
||||||
config.auth_hash_secret,
|
config.auth_hash_secret,
|
||||||
username,
|
username,
|
||||||
password,
|
password,
|
||||||
remote_addr,
|
remote_addr,
|
||||||
now_tm.tm_hour,
|
now_tm.tm_hour,
|
||||||
now_tm.tm_mday,
|
now_tm.tm_mday,
|
||||||
now_tm.tm_mon,
|
now_tm.tm_mon,
|
||||||
now_tm.tm_year);
|
now_tm.tm_year);
|
||||||
|
|
||||||
#if HAVE_DECL_MD5
|
zm::crypto::MD5::Digest md5_digest = zm::crypto::MD5::GetDigestOf(auth_key);
|
||||||
MD5((unsigned char *)auth_key, strlen(auth_key), md5sum);
|
|
||||||
#elif HAVE_DECL_GNUTLS_FINGERPRINT
|
unsigned char *md5sum_ptr = md5_digest.data();
|
||||||
gnutls_datum_t md5data = {(unsigned char *) auth_key, (unsigned int) strlen(auth_key)};
|
|
||||||
size_t md5_len_tmp = md5len;
|
|
||||||
gnutls_fingerprint(GNUTLS_DIG_MD5, &md5data, md5sum, &md5_len_tmp);
|
|
||||||
assert(md5_len_tmp == md5len);
|
|
||||||
#endif
|
|
||||||
unsigned char *md5sum_ptr = md5sum;
|
|
||||||
char *auth_md5_ptr = auth_md5;
|
char *auth_md5_ptr = auth_md5;
|
||||||
|
|
||||||
for ( unsigned int j = 0; j < md5len; j++ ) {
|
for (size_t j = 0; j < md5_digest.size(); j++) {
|
||||||
*auth_md5_ptr++ = hex[(*md5sum_ptr>>4)&0xf];
|
*auth_md5_ptr++ = hex[(*md5sum_ptr >> 4) & 0xf];
|
||||||
*auth_md5_ptr++ = hex[(*md5sum_ptr++)&0xf];
|
*auth_md5_ptr++ = hex[(*md5sum_ptr++) & 0xf];
|
||||||
}
|
}
|
||||||
*auth_md5_ptr = 0;
|
*auth_md5_ptr = 0;
|
||||||
|
|
||||||
Debug(1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'",
|
Debug(1, "Checking auth_key '%s' -> auth_md5 '%s' == '%s'", auth_key.c_str(), auth_md5, auth);
|
||||||
auth_key, auth_md5, auth);
|
|
||||||
|
|
||||||
if ( !strcmp(auth, auth_md5) ) {
|
if (!strcmp(auth, auth_md5)) {
|
||||||
// We have a match
|
// We have a match
|
||||||
User *user = new User(dbrow);
|
User *user = new User(dbrow);
|
||||||
Debug(1, "Authenticated user '%s'", user->getUsername());
|
Debug(1, "Authenticated user '%s'", user->getUsername());
|
||||||
|
@ -281,9 +262,7 @@ User *zmLoadAuthUser(const char *auth, bool use_remote_addr) {
|
||||||
} // end foreach hour
|
} // end foreach hour
|
||||||
} // end foreach user
|
} // end foreach user
|
||||||
mysql_free_result(result);
|
mysql_free_result(result);
|
||||||
#else // HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
|
|
||||||
Error("You need to build with gnutls or openssl to use hash based auth");
|
|
||||||
#endif // HAVE_DECL_MD5 || HAVE_DECL_GNUTLS_FINGERPRINT
|
|
||||||
Debug(1, "No user found for auth_key %s", auth);
|
Debug(1, "No user found for auth_key %s", auth);
|
||||||
return nullptr;
|
return nullptr;
|
||||||
} // end User *zmLoadAuthUser( const char *auth, bool use_remote_addr )
|
} // end User *zmLoadAuthUser( const char *auth, bool use_remote_addr )
|
||||||
|
|
Loading…
Reference in New Issue