tom/doorlockd-mirror
1
0
Fork 0
mirror of https://github.com/binary-kitchen/doorlockd synced 2024-12-22 18:34:25 +01:00
Code Issues Releases Wiki Activity

Improved Logic.cpp

Browse Source
This commit is contained in:
Ralf Ramsauer 2015-05-11 23:28:02 +00:00
parent 3216294134
commit 0d7f56e647
3 changed files with 48 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
config.h.in
View File

@ -9,11 +9,13 @@
#define DEFAULT_LOG_LEVEL LogLevel::info #define DEFAULT_LOG_LEVEL LogLevel::info
#endif #endif
#define TOKEN_TIMEOUT 15 #define TOKEN_TIMEOUT 60
#define LOCKPAGE_PREFIX "https://lock.binary.kitchen/" #define LOCKPAGE_PREFIX "https://lock.binary.kitchen/"
#define FIFO_LOCATION "/tmp/fifo" #define FIFO_LOCATION "/var/run/doorlockd/doorlockd"
#define LDAP_SERVER "ldaps://ldap.binary.kitchen" #define LDAP_SERVER "ldaps://ldap.binary.kitchen"
#define BINDDN "cn=%s,ou=Users,dc=binary-kitchen,dc=de" #define BINDDN "cn=%s,ou=Users,dc=binary-kitchen,dc=de"
#define ALLOWEDIPPREFIX "172.23.3."
#endif #endif

56
logic.cpp
View File

@ -22,6 +22,7 @@ const string Logic::_fifoLocation = FIFO_LOCATION;
const string Logic::_ldapServer = LDAP_SERVER; const string Logic::_ldapServer = LDAP_SERVER;
const string Logic::_bindDN = BINDDN; const string Logic::_bindDN = BINDDN;
const string Logic::_allowedIpPrefix = ALLOWEDIPPREFIX;
Logic &Logic::get() Logic &Logic::get()
{ {
@ -45,17 +46,26 @@ Logic::Logic() :
throw("Unable to delete Fifo file"); throw("Unable to delete Fifo file");
} }
} }
if (mkfifo(_fifoLocation.c_str(), 0660) != 0)
umask(0);
if (mkfifo(_fifoLocation.c_str(), 0770) != 0)
{ {
throw("Unable to create Fifo"); throw("Unable to create Fifo");
} }
_fifoHandle = open(_fifoLocation.c_str(), O_RDWR | O_NONBLOCK); _fifoHandle = open(_fifoLocation.c_str(), O_RDWR | O_NONBLOCK);
if (_fifoHandle == -1) if (_fifoHandle == -1)
{ {
throw("Unable to open Fifo"); throw("Unable to open Fifo");
} }
if (fchown(_fifoHandle, 0, 1001) != 0)
{
throw("Fifo chown failed");
}
_createNewToken(false); _createNewToken(false);
} }
@ -73,26 +83,27 @@ Logic::~Logic()
} }
} }
void Logic::_parseRequest(const string &str) int Logic::_parseRequest(const string &str)
{ {
_logger("Parsing request..."); _logger("Parsing request...");
Json::Reader reader; Json::Reader reader;
Json::Value root; Json::Value root;
int retval = 0;
string action, user, password, ip, token;
bool authenticate;
bool suc = reader.parse(str, root, false); bool suc = reader.parse(str, root, false);
if (!suc) if (!suc)
{ {
_logger(LogLevel::error, "Request ist not valid JSON!"); _logger(LogLevel::error, "Request ist not valid JSON!");
return; goto out;
} }
string action, user, password, host, token;
bool authenticated;
try { try {
action = getJsonOrFail<string>(root, "action"); action = getJsonOrFail<string>(root, "action");
host = getJsonOrFail<string>(root, "host"); ip = getJsonOrFail<string>(root, "ip");
authenticated = getJsonOrFail<bool>(root, "authenticated"); authenticate = getJsonOrFail<bool>(root, "authenticate");
if (authenticated == true) if (authenticate == true)
{ {
user = getJsonOrFail<string>(root, "user"); user = getJsonOrFail<string>(root, "user");
password = getJsonOrFail<string>(root, "password"); password = getJsonOrFail<string>(root, "password");
@ -102,24 +113,30 @@ void Logic::_parseRequest(const string &str)
catch (...) catch (...)
{ {
_logger(LogLevel::warning, "Error parsing JSON"); _logger(LogLevel::warning, "Error parsing JSON");
return; goto out;
} }
printf("Action: %s\nAuthenticated: %d\nHost: %s\n",action.c_str(), authenticated, host.c_str()); printf("Action: %s\nAuthenticate: %d\nIP: %s\n",action.c_str(), authenticate, ip.c_str());
printf("User: %s\nPassword: %s\nToken: %s\n",user.c_str(), password.c_str(), token.c_str()); printf("User: %s\nPassword: XXXXXXXXXX\nToken: %s\n",user.c_str(), token.c_str());
if (authenticated == true) if (authenticate == true)
{ {
if (_checkToken(token) == false) if (_checkToken(token) == false)
{ {
_logger(LogLevel::error, "User provided invalid token"); _logger(LogLevel::error, "User provided invalid token");
return; goto out;
} }
if (_checkLDAP(user, password) == false) if (_checkLDAP(user, password) == false)
{ {
_logger(LogLevel::error, "invalid LDAP credentials"); _logger(LogLevel::error, "invalid LDAP credentials");
return; goto out;
}
} else {
if (_checkIP(ip) == false)
{
_logger(LogLevel::error, "IP check for non-authentication failed");
goto out;
} }
} }
@ -131,6 +148,9 @@ void Logic::_parseRequest(const string &str)
} else { } else {
_logger(LogLevel::error, "Unknown Action: %s", action.c_str()); _logger(LogLevel::error, "Unknown Action: %s", action.c_str());
} }
out:
return retval;
} }
void Logic::_lock() void Logic::_lock()
@ -200,10 +220,16 @@ void Logic::run()
throw "read() fifo failed"; throw "read() fifo failed";
} }
} }
_parseRequest(payload);
int rc = _parseRequest(payload);
} }
} }
bool Logic::_checkIP(const string &ip)
{
return true;
}
bool Logic::_checkToken(const string &strToken) bool Logic::_checkToken(const string &strToken)
{ {
try { try {

4
logic.h
View File

@ -22,13 +22,14 @@ public:
private: private:
Logic(); Logic();
void _parseRequest(const std::string &str); int _parseRequest(const std::string &str);
void _lock(); void _lock();
void _unlock(); void _unlock();
bool _checkToken(const std::string &token); bool _checkToken(const std::string &token);
bool _checkLDAP(const std::string &user, const std::string &password); bool _checkLDAP(const std::string &user, const std::string &password);
bool _checkIP(const std::string &ip);
void _createNewToken(const bool stillValid); void _createNewToken(const bool stillValid);
@ -47,6 +48,7 @@ private:
const static std::string _fifoLocation; const static std::string _fifoLocation;
const static std::string _bindDN; const static std::string _bindDN;
const static std::string _ldapServer; const static std::string _ldapServer;
const static std::string _allowedIpPrefix;
int _fifoHandle = {-1}; int _fifoHandle = {-1};