2015-05-12 17:35:57 +02:00
|
|
|
#include <chrono>
|
2015-05-11 00:18:22 +02:00
|
|
|
|
|
|
|
|
#include <cstdlib>
|
|
|
|
|
#include <json/json.h>
|
|
|
|
|
|
2015-05-11 20:40:26 +02:00
|
|
|
#define LDAP_DEPRECATED 1
|
|
|
|
|
#include <ldap.h>
|
|
|
|
|
|
2015-05-12 17:35:57 +02:00
|
|
|
#include <errno.h>
|
|
|
|
|
|
2015-05-11 00:18:22 +02:00
|
|
|
#include "util.h"
|
|
|
|
|
#include "logic.h"
|
|
|
|
|
|
|
|
|
|
using namespace std;
|
|
|
|
|
|
2015-05-13 16:40:30 +02:00
|
|
|
Logic::Logic(const chrono::seconds tokenTimeout,
|
|
|
|
|
const string &ldapServer,
|
|
|
|
|
const string &bindDN,
|
|
|
|
|
const string &webPrefix,
|
|
|
|
|
const string &allowedIpPrefix) :
|
2015-05-11 00:18:22 +02:00
|
|
|
_logger(Logger::get()),
|
|
|
|
|
_door(Door::get()),
|
2015-05-12 17:35:57 +02:00
|
|
|
_epaper(Epaper::get()),
|
2015-05-13 16:40:30 +02:00
|
|
|
_tokenTimeout(tokenTimeout),
|
|
|
|
|
_ldapServer(ldapServer),
|
|
|
|
|
_bindDN(bindDN),
|
|
|
|
|
_webPrefix(webPrefix),
|
|
|
|
|
_allowedIpPrefix(allowedIpPrefix)
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
|
|
|
|
srand(time(NULL));
|
2015-05-12 17:35:57 +02:00
|
|
|
_createNewToken(false);
|
|
|
|
|
|
|
|
|
|
_tokenUpdater = thread([this] () {
|
|
|
|
|
while (_run)
|
|
|
|
|
{
|
|
|
|
|
unique_lock<mutex> l(_mutex);
|
|
|
|
|
_c.wait_for(l, _tokenTimeout);
|
|
|
|
|
if (_run == false)
|
|
|
|
|
{
|
|
|
|
|
break;
|
|
|
|
|
} else {
|
|
|
|
|
_createNewToken(true);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
});
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
Logic::~Logic()
|
|
|
|
|
{
|
2015-05-12 17:35:57 +02:00
|
|
|
_run = false;
|
|
|
|
|
_c.notify_one();
|
|
|
|
|
_tokenUpdater.join();
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 15:59:04 +02:00
|
|
|
Logic::Response Logic::parseRequest(const string &str)
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
2015-05-12 17:35:57 +02:00
|
|
|
unique_lock<mutex> l(_mutex);
|
|
|
|
|
|
2015-05-14 15:33:40 +02:00
|
|
|
_logger(LogLevel::info, "Incoming request...");
|
2015-05-11 00:18:22 +02:00
|
|
|
Json::Reader reader;
|
|
|
|
|
Json::Value root;
|
2015-05-12 15:59:04 +02:00
|
|
|
Response retval = Fail;
|
2015-05-12 01:28:02 +02:00
|
|
|
string action, user, password, ip, token;
|
2015-05-11 00:18:22 +02:00
|
|
|
|
|
|
|
|
bool suc = reader.parse(str, root, false);
|
|
|
|
|
if (!suc)
|
|
|
|
|
{
|
2015-05-14 15:33:40 +02:00
|
|
|
_logger(LogLevel::warning, "Request ist not valid JSON!");
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = NotJson;
|
2015-05-12 01:28:02 +02:00
|
|
|
goto out;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
try {
|
|
|
|
|
action = getJsonOrFail<string>(root, "action");
|
2015-05-12 01:28:02 +02:00
|
|
|
ip = getJsonOrFail<string>(root, "ip");
|
2015-05-18 22:22:32 +02:00
|
|
|
user = getJsonOrFail<string>(root, "user");
|
|
|
|
|
password = getJsonOrFail<string>(root, "password");
|
|
|
|
|
token = getJsonOrFail<string>(root, "token");
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
catch (...)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::warning, "Error parsing JSON");
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = JsonError;
|
2015-05-12 01:28:02 +02:00
|
|
|
goto out;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-14 15:33:40 +02:00
|
|
|
_logger(" Action: " + action, LogLevel::notice);
|
|
|
|
|
_logger(" User : " + user, LogLevel::notice);
|
|
|
|
|
_logger(" IP : " + ip, LogLevel::notice);
|
|
|
|
|
_logger(" Token : " + token, LogLevel::notice);
|
2015-05-11 00:18:22 +02:00
|
|
|
|
2015-05-18 22:22:32 +02:00
|
|
|
if (_checkToken(token) == false)
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
2015-05-18 22:22:32 +02:00
|
|
|
_logger(LogLevel::error, "User provided invalid token");
|
|
|
|
|
retval = InvalidToken;
|
|
|
|
|
goto out;
|
|
|
|
|
}
|
2015-05-11 00:18:22 +02:00
|
|
|
|
2015-05-18 22:22:32 +02:00
|
|
|
retval = _checkLDAP(user,password);
|
|
|
|
|
if (retval != Success)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::error, "Ldap error");
|
|
|
|
|
goto out;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (action == "lock")
|
|
|
|
|
{
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = _lock();
|
2015-05-11 00:18:22 +02:00
|
|
|
} else if (action == "unlock") {
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = _unlock();
|
2015-05-11 00:18:22 +02:00
|
|
|
} else {
|
|
|
|
|
_logger(LogLevel::error, "Unknown Action: %s", action.c_str());
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = UnknownAction;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
2015-05-12 01:28:02 +02:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
return retval;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 15:59:04 +02:00
|
|
|
Logic::Response Logic::_lock()
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
|
|
|
|
if (_state == LOCKED)
|
|
|
|
|
{
|
2015-05-12 15:59:04 +02:00
|
|
|
_logger(LogLevel::warning, "Unable to lock: already closed");
|
|
|
|
|
return AlreadyLocked;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
2015-05-12 15:59:04 +02:00
|
|
|
|
2015-05-11 00:18:22 +02:00
|
|
|
_door.lock();
|
|
|
|
|
_state = LOCKED;
|
2015-05-12 17:35:57 +02:00
|
|
|
_createNewToken(false);
|
2015-05-12 15:59:04 +02:00
|
|
|
|
|
|
|
|
return Success;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 15:59:04 +02:00
|
|
|
Logic::Response Logic::_unlock()
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
|
|
|
|
_door.unlock();
|
2015-05-12 17:35:57 +02:00
|
|
|
_createNewToken(false);
|
2015-05-12 15:59:04 +02:00
|
|
|
|
2015-05-14 19:36:49 +02:00
|
|
|
if (_state == UNLOCKED)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::warning, "Unable to unlock: already unlocked");
|
|
|
|
|
return AlreadyUnlocked;
|
2015-05-14 22:12:32 +02:00
|
|
|
} else {
|
|
|
|
|
_state = UNLOCKED;
|
2015-05-14 19:36:49 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 15:59:04 +02:00
|
|
|
return Success;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool Logic::_checkToken(const string &strToken)
|
|
|
|
|
{
|
|
|
|
|
try {
|
|
|
|
|
uint64_t token = toUint64(strToken);
|
|
|
|
|
if (token == _curToken || (_prevValid == true && token == _prevToken))
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::info, "Token check successful");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch (const char* const &ex)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::error, "Check Token failed for token \"%s\" (expected %s): %s", strToken.c_str(), toHexString(_curToken).c_str(), ex);
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
2015-05-12 15:59:04 +02:00
|
|
|
Logic::Response Logic::_checkLDAP(const string &user, const string &password)
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
2015-05-11 20:40:26 +02:00
|
|
|
constexpr int BUFFERSIZE = 1024;
|
|
|
|
|
char buffer[BUFFERSIZE];
|
2015-05-12 15:59:04 +02:00
|
|
|
Response retval = Fail;
|
2015-05-11 20:40:26 +02:00
|
|
|
int rc = -1;
|
|
|
|
|
LDAP* ld = nullptr;
|
|
|
|
|
unsigned long version = LDAP_VERSION3;
|
|
|
|
|
|
|
|
|
|
_logger(LogLevel::notice, "Trying to authenticate as user \"%s\"", user.c_str());
|
|
|
|
|
snprintf(buffer, BUFFERSIZE, _bindDN.c_str(), user.c_str());
|
|
|
|
|
|
|
|
|
|
rc = ldap_initialize(&ld, _ldapServer.c_str());
|
|
|
|
|
if(rc != LDAP_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::error, "LDAP initialize error: %s", ldap_err2string(rc));
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = LDAPInit;
|
2015-05-11 20:40:26 +02:00
|
|
|
goto out2;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = ldap_set_option(ld,
|
|
|
|
|
LDAP_OPT_PROTOCOL_VERSION,
|
|
|
|
|
(void*)&version);
|
|
|
|
|
if (rc != LDAP_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::error, "LDAP set version failed");
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = LDAPInit;
|
2015-05-11 20:40:26 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
rc = ldap_simple_bind_s(ld, buffer, password.c_str());
|
|
|
|
|
if (rc != LDAP_SUCCESS)
|
|
|
|
|
{
|
|
|
|
|
_logger(LogLevel::error, "Credential check for user \"%s\" failed: %s", user.c_str(), ldap_err2string(rc));
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = InvalidCredentials;
|
2015-05-11 20:40:26 +02:00
|
|
|
goto out;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
_logger(LogLevel::notice, "user \"%s\" successfully authenticated", user.c_str());
|
2015-05-12 15:59:04 +02:00
|
|
|
retval = Success;
|
2015-05-11 20:40:26 +02:00
|
|
|
|
|
|
|
|
out:
|
|
|
|
|
ldap_unbind(ld);
|
|
|
|
|
ld = nullptr;
|
|
|
|
|
out2:
|
|
|
|
|
return retval;
|
2015-05-11 00:18:22 +02:00
|
|
|
}
|
|
|
|
|
|
2015-05-12 17:35:57 +02:00
|
|
|
void Logic::_createNewToken(const bool stillValid)
|
2015-05-11 00:18:22 +02:00
|
|
|
{
|
|
|
|
|
_prevToken = _curToken;
|
|
|
|
|
_prevValid = stillValid;
|
|
|
|
|
|
|
|
|
|
_curToken = (((uint64_t)rand())<<32) | ((uint64_t)rand());
|
|
|
|
|
|
2015-05-13 16:40:30 +02:00
|
|
|
_epaper.draw(_webPrefix + toHexString(_curToken));
|
2015-05-11 00:18:22 +02:00
|
|
|
|
|
|
|
|
ostringstream message;
|
|
|
|
|
message << "New Token generated: " << toHexString(_curToken) << " old Token: " << toHexString(_prevToken) << " is " << (_prevValid?"still":"not") << " valid";
|
|
|
|
|
_logger(message, LogLevel::info);
|
|
|
|
|
}
|
