1
0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-22 18:34:25 +01:00
doorlockd-mirror/logic.cpp

246 lines
5.9 KiB
C++
Raw Normal View History

2015-05-12 17:35:57 +02:00
#include <chrono>
2015-05-11 00:18:22 +02:00
#include <cstdlib>
#include <json/json.h>
2015-05-11 20:40:26 +02:00
#define LDAP_DEPRECATED 1
#include <ldap.h>
2015-05-12 17:35:57 +02:00
#include <errno.h>
2015-05-11 00:18:22 +02:00
#include "util.h"
#include "logic.h"
using namespace std;
2015-05-13 16:40:30 +02:00
Logic::Logic(const chrono::seconds tokenTimeout,
const string &ldapServer,
const string &bindDN,
const string &webPrefix,
const string &allowedIpPrefix) :
2015-05-11 00:18:22 +02:00
_logger(Logger::get()),
_door(Door::get()),
2015-05-12 17:35:57 +02:00
_epaper(Epaper::get()),
2015-05-13 16:40:30 +02:00
_tokenTimeout(tokenTimeout),
_ldapServer(ldapServer),
_bindDN(bindDN),
_webPrefix(webPrefix),
_allowedIpPrefix(allowedIpPrefix)
2015-05-11 00:18:22 +02:00
{
srand(time(NULL));
2015-05-12 17:35:57 +02:00
_createNewToken(false);
_tokenUpdater = thread([this] () {
while (_run)
{
unique_lock<mutex> l(_mutex);
_c.wait_for(l, _tokenTimeout);
if (_run == false)
{
break;
} else {
_createNewToken(true);
}
}
});
2015-05-11 00:18:22 +02:00
}
Logic::~Logic()
{
2015-05-12 17:35:57 +02:00
_run = false;
_c.notify_one();
_tokenUpdater.join();
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
Logic::Response Logic::parseRequest(const string &str)
2015-05-11 00:18:22 +02:00
{
2015-05-12 17:35:57 +02:00
unique_lock<mutex> l(_mutex);
2015-05-11 00:18:22 +02:00
_logger("Parsing request...");
Json::Reader reader;
Json::Value root;
2015-05-12 15:59:04 +02:00
Response retval = Fail;
2015-05-12 01:28:02 +02:00
string action, user, password, ip, token;
bool authenticate;
2015-05-11 00:18:22 +02:00
bool suc = reader.parse(str, root, false);
if (!suc)
{
_logger(LogLevel::error, "Request ist not valid JSON!");
2015-05-12 15:59:04 +02:00
retval = NotJson;
2015-05-12 01:28:02 +02:00
goto out;
2015-05-11 00:18:22 +02:00
}
try {
action = getJsonOrFail<string>(root, "action");
2015-05-12 01:28:02 +02:00
ip = getJsonOrFail<string>(root, "ip");
authenticate = getJsonOrFail<bool>(root, "authenticate");
if (authenticate == true)
2015-05-11 00:18:22 +02:00
{
user = getJsonOrFail<string>(root, "user");
password = getJsonOrFail<string>(root, "password");
token = getJsonOrFail<string>(root, "token");
}
}
catch (...)
{
_logger(LogLevel::warning, "Error parsing JSON");
2015-05-12 15:59:04 +02:00
retval = JsonError;
2015-05-12 01:28:02 +02:00
goto out;
2015-05-11 00:18:22 +02:00
}
2015-05-12 01:28:02 +02:00
printf("Action: %s\nAuthenticate: %d\nIP: %s\n",action.c_str(), authenticate, ip.c_str());
printf("User: %s\nPassword: XXXXXXXXXX\nToken: %s\n",user.c_str(), token.c_str());
2015-05-11 00:18:22 +02:00
2015-05-12 01:28:02 +02:00
if (authenticate == true)
2015-05-11 00:18:22 +02:00
{
if (_checkToken(token) == false)
{
_logger(LogLevel::error, "User provided invalid token");
2015-05-12 15:59:04 +02:00
retval = InvalidToken;
2015-05-12 01:28:02 +02:00
goto out;
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
retval = _checkLDAP(user,password);
if (retval != Success)
2015-05-11 00:18:22 +02:00
{
2015-05-12 15:59:04 +02:00
_logger(LogLevel::error, "Ldap error");
2015-05-12 01:28:02 +02:00
goto out;
}
} else {
if (_checkIP(ip) == false)
{
_logger(LogLevel::error, "IP check for non-authentication failed");
2015-05-12 15:59:04 +02:00
retval = InvalidIP;
2015-05-12 01:28:02 +02:00
goto out;
2015-05-11 00:18:22 +02:00
}
}
if (action == "lock")
{
2015-05-12 15:59:04 +02:00
retval = _lock();
2015-05-11 00:18:22 +02:00
} else if (action == "unlock") {
2015-05-12 15:59:04 +02:00
retval = _unlock();
2015-05-11 00:18:22 +02:00
} else {
_logger(LogLevel::error, "Unknown Action: %s", action.c_str());
2015-05-12 15:59:04 +02:00
retval = UnknownAction;
2015-05-11 00:18:22 +02:00
}
2015-05-12 01:28:02 +02:00
out:
return retval;
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
Logic::Response Logic::_lock()
2015-05-11 00:18:22 +02:00
{
if (_state == LOCKED)
{
2015-05-12 15:59:04 +02:00
_logger(LogLevel::warning, "Unable to lock: already closed");
return AlreadyLocked;
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
2015-05-11 00:18:22 +02:00
_door.lock();
_state = LOCKED;
2015-05-12 17:35:57 +02:00
_createNewToken(false);
2015-05-12 15:59:04 +02:00
return Success;
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
Logic::Response Logic::_unlock()
2015-05-11 00:18:22 +02:00
{
if (_state == UNLOCKED)
{
_logger(LogLevel::warning, "Unable to unlock: already unlocked");
2015-05-12 15:59:04 +02:00
return AlreadyUnlocked;
2015-05-11 00:18:22 +02:00
}
2015-05-12 15:59:04 +02:00
2015-05-11 00:18:22 +02:00
_door.unlock();
_state = UNLOCKED;
2015-05-12 17:35:57 +02:00
_createNewToken(false);
2015-05-12 15:59:04 +02:00
return Success;
2015-05-11 00:18:22 +02:00
}
2015-05-12 01:28:02 +02:00
bool Logic::_checkIP(const string &ip)
{
return true;
}
2015-05-11 00:18:22 +02:00
bool Logic::_checkToken(const string &strToken)
{
try {
uint64_t token = toUint64(strToken);
if (token == _curToken || (_prevValid == true && token == _prevToken))
{
_logger(LogLevel::info, "Token check successful");
return true;
}
}
catch (const char* const &ex)
{
_logger(LogLevel::error, "Check Token failed for token \"%s\" (expected %s): %s", strToken.c_str(), toHexString(_curToken).c_str(), ex);
}
return false;
}
2015-05-12 15:59:04 +02:00
Logic::Response Logic::_checkLDAP(const string &user, const string &password)
2015-05-11 00:18:22 +02:00
{
2015-05-11 20:40:26 +02:00
constexpr int BUFFERSIZE = 1024;
char buffer[BUFFERSIZE];
2015-05-12 15:59:04 +02:00
Response retval = Fail;
2015-05-11 20:40:26 +02:00
int rc = -1;
LDAP* ld = nullptr;
unsigned long version = LDAP_VERSION3;
_logger(LogLevel::notice, "Trying to authenticate as user \"%s\"", user.c_str());
snprintf(buffer, BUFFERSIZE, _bindDN.c_str(), user.c_str());
rc = ldap_initialize(&ld, _ldapServer.c_str());
if(rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "LDAP initialize error: %s", ldap_err2string(rc));
2015-05-12 15:59:04 +02:00
retval = LDAPInit;
2015-05-11 20:40:26 +02:00
goto out2;
}
rc = ldap_set_option(ld,
LDAP_OPT_PROTOCOL_VERSION,
(void*)&version);
if (rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "LDAP set version failed");
2015-05-12 15:59:04 +02:00
retval = LDAPInit;
2015-05-11 20:40:26 +02:00
goto out;
}
rc = ldap_simple_bind_s(ld, buffer, password.c_str());
if (rc != LDAP_SUCCESS)
{
_logger(LogLevel::error, "Credential check for user \"%s\" failed: %s", user.c_str(), ldap_err2string(rc));
2015-05-12 15:59:04 +02:00
retval = InvalidCredentials;
2015-05-11 20:40:26 +02:00
goto out;
}
_logger(LogLevel::notice, "user \"%s\" successfully authenticated", user.c_str());
2015-05-12 15:59:04 +02:00
retval = Success;
2015-05-11 20:40:26 +02:00
out:
ldap_unbind(ld);
ld = nullptr;
out2:
return retval;
2015-05-11 00:18:22 +02:00
}
2015-05-12 17:35:57 +02:00
void Logic::_createNewToken(const bool stillValid)
2015-05-11 00:18:22 +02:00
{
_prevToken = _curToken;
_prevValid = stillValid;
_curToken = (((uint64_t)rand())<<32) | ((uint64_t)rand());
2015-05-13 16:40:30 +02:00
_epaper.draw(_webPrefix + toHexString(_curToken));
2015-05-11 00:18:22 +02:00
ostringstream message;
message << "New Token generated: " << toHexString(_curToken) << " old Token: " << toHexString(_prevToken) << " is " << (_prevValid?"still":"not") << " valid";
_logger(message, LogLevel::info);
}