From 2189e30ec216a381832117ce377f3f5be723af16 Mon Sep 17 00:00:00 2001 From: konrad Date: Fri, 29 Feb 2008 15:43:40 +0000 Subject: [PATCH] move machine interface stuff to special dir git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@92 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- www/inc/cauth_hash.php | 35 ---- www/inc/cauth_mhash.php | 35 ---- www/inc/cauth_string.php | 31 ---- www/inc/loader_nonadmin.php | 2 +- www/inc/machine/cauth_hash.php | 35 ++++ www/inc/machine/cauth_mhash.php | 35 ++++ www/inc/machine/cauth_string.php | 31 ++++ www/inc/machine/session.php | 328 ++++++++++++++++++++++++++++++++++++++ www/inc/session.php | 328 -------------------------------------- www/machine.php | 2 +- 10 files changed, 431 insertions(+), 431 deletions(-) delete mode 100644 www/inc/cauth_hash.php delete mode 100644 www/inc/cauth_mhash.php delete mode 100644 www/inc/cauth_string.php create mode 100644 www/inc/machine/cauth_hash.php create mode 100644 www/inc/machine/cauth_mhash.php create mode 100644 www/inc/machine/cauth_string.php create mode 100644 www/inc/machine/session.php delete mode 100644 www/inc/session.php diff --git a/www/inc/cauth_hash.php b/www/inc/cauth_hash.php deleted file mode 100644 index c3d6ef2..0000000 --- a/www/inc/cauth_hash.php +++ /dev/null @@ -1,35 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using hash module*/ -function calcAuth($cha,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5": - case "sha1": - case "sha256":return hash($ClientAuthAlgo,$cha.$tok); - case "hmac-md5":return hash_hmac("md5",$cha,$tok); - case "hmac-sha1":return hash_hmac("sha1",$cha,$tok); - case "hmac-sha256":return hash_hmac("sha256",$cha,$tok); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".hash("sha1",$salt.$pass); -} - -?> \ No newline at end of file diff --git a/www/inc/cauth_mhash.php b/www/inc/cauth_mhash.php deleted file mode 100644 index 9813969..0000000 --- a/www/inc/cauth_mhash.php +++ /dev/null @@ -1,35 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using mhash module*/ -function calcAuth($cha,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5":return bin2hex(mhash(MHASH_MD5,$cha.$tok)); - case "sha1":return bin2hex(mhash(MHASH_SHA1,$cha.$tok)); - case "sha256":return bin2hex(mhash(MHASH_SHA256,$cha.$tok)); - case "hmac-md5":return bin2hex(mhash(MHASH_MD5,$cha,$tok)); - case "hmac-sha1":return bin2hex(mhash(MHASH_SHA1,$cha,$tok)); - case "hmac-sha256":return bin2hex(mhash(MHASH_SHA256,$cha,$tok)); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".bin2hex(mhash(MHASH_SHA1,$salt.$pass)); -} - -?> \ No newline at end of file diff --git a/www/inc/cauth_string.php b/www/inc/cauth_string.php deleted file mode 100644 index 546a8f9..0000000 --- a/www/inc/cauth_string.php +++ /dev/null @@ -1,31 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -/**helper for Session::authenticate, using string module*/ -function calcAuth($key,$tok) -{ - global $ClientAuthAlgo; - switch($ClientAuthAlgo){ - case "md5":return strtolower(md5($key.$tok)); - case "sha1":return strtolower(sha1($key.$tok)); - default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); - } -} - -/**helper for Customer::authenticate and Customer::setPassword*/ -function calcPasswd($pass,$salt) -{ - return $salt.":".strtolower(sha1($salt.$pass)); -} - -?> \ No newline at end of file diff --git a/www/inc/loader_nonadmin.php b/www/inc/loader_nonadmin.php index 664579b..52d6d57 100644 --- a/www/inc/loader_nonadmin.php +++ b/www/inc/loader_nonadmin.php @@ -15,6 +15,6 @@ include('./inc/classes/parser.php'); include('./inc/classes/config_manager.php'); include('./inc/classes/customer.php'); //load hash lib -include("./inc/cauth_".$HashLib.".php"); +include("./inc/machine/cauth_".$HashLib.".php"); ?> \ No newline at end of file diff --git a/www/inc/machine/cauth_hash.php b/www/inc/machine/cauth_hash.php new file mode 100644 index 0000000..c3d6ef2 --- /dev/null +++ b/www/inc/machine/cauth_hash.php @@ -0,0 +1,35 @@ +, (C) 2007 +// +// Copyright: See README/COPYING files that come with this distribution +// +// + +/**helper for Session::authenticate, using hash module*/ +function calcAuth($cha,$tok) +{ + global $ClientAuthAlgo; + switch($ClientAuthAlgo){ + case "md5": + case "sha1": + case "sha256":return hash($ClientAuthAlgo,$cha.$tok); + case "hmac-md5":return hash_hmac("md5",$cha,$tok); + case "hmac-sha1":return hash_hmac("sha1",$cha,$tok); + case "hmac-sha256":return hash_hmac("sha256",$cha,$tok); + default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); + } +} + +/**helper for Customer::authenticate and Customer::setPassword*/ +function calcPasswd($pass,$salt) +{ + return $salt.":".hash("sha1",$salt.$pass); +} + +?> \ No newline at end of file diff --git a/www/inc/machine/cauth_mhash.php b/www/inc/machine/cauth_mhash.php new file mode 100644 index 0000000..9813969 --- /dev/null +++ b/www/inc/machine/cauth_mhash.php @@ -0,0 +1,35 @@ +, (C) 2007 +// +// Copyright: See README/COPYING files that come with this distribution +// +// + +/**helper for Session::authenticate, using mhash module*/ +function calcAuth($cha,$tok) +{ + global $ClientAuthAlgo; + switch($ClientAuthAlgo){ + case "md5":return bin2hex(mhash(MHASH_MD5,$cha.$tok)); + case "sha1":return bin2hex(mhash(MHASH_SHA1,$cha.$tok)); + case "sha256":return bin2hex(mhash(MHASH_SHA256,$cha.$tok)); + case "hmac-md5":return bin2hex(mhash(MHASH_MD5,$cha,$tok)); + case "hmac-sha1":return bin2hex(mhash(MHASH_SHA1,$cha,$tok)); + case "hmac-sha256":return bin2hex(mhash(MHASH_SHA256,$cha,$tok)); + default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); + } +} + +/**helper for Customer::authenticate and Customer::setPassword*/ +function calcPasswd($pass,$salt) +{ + return $salt.":".bin2hex(mhash(MHASH_SHA1,$salt.$pass)); +} + +?> \ No newline at end of file diff --git a/www/inc/machine/cauth_string.php b/www/inc/machine/cauth_string.php new file mode 100644 index 0000000..546a8f9 --- /dev/null +++ b/www/inc/machine/cauth_string.php @@ -0,0 +1,31 @@ +, (C) 2007 +// +// Copyright: See README/COPYING files that come with this distribution +// +// + +/**helper for Session::authenticate, using string module*/ +function calcAuth($key,$tok) +{ + global $ClientAuthAlgo; + switch($ClientAuthAlgo){ + case "md5":return strtolower(md5($key.$tok)); + case "sha1":return strtolower(sha1($key.$tok)); + default:trigger_error("Internal error: unknown hash algorithm",E_USER_ERROR); + } +} + +/**helper for Customer::authenticate and Customer::setPassword*/ +function calcPasswd($pass,$salt) +{ + return $salt.":".strtolower(sha1($salt.$pass)); +} + +?> \ No newline at end of file diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php new file mode 100644 index 0000000..2f3a2d4 --- /dev/null +++ b/www/inc/machine/session.php @@ -0,0 +1,328 @@ +, (C) 2007 +// +// Copyright: See README/COPYING files that come with this distribution +// +// + +//prune session cache +$db->deleteRows("session","timeout<=".time()); + +/**initiate new session - $rand should contain some food for the random number generator (from the host request)*/ +function newSession($rand) +{ + global $db,$ClientAuthTimeout; + //get random bits + randseed($rand); + $sid=getRandom(128); + $ucha=getRandom(128); + $hcha=getRandom(128); + //try to create entry + $db->beginTransaction(); + while(1){ + //check for existence + $res=$db->select("session","sessionid","sessionid='".$sid."'"); + if(count($res)==0)break; + //create new SID and repeat + $sid=getRandom(128); + } + $ret=array("sessionid"=>$sid,"uchallenge"=>$ucha,"hchallenge"=>$hcha,"user"=>"","timeout"=>time()+$ClientAuthTimeout); + $db->insert("session",$ret); + $db->commitTransaction(); + return $ret; +} + +/**delete current session*/ +function deleteSession() +{ + global $_SERVER,$db; + if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])) + $db->deleteRows("session","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); +} + +/**The session class*/ +class Session +{ + private $sessid=""; + private $user=""; + + /**construct the session object, check validity*/ + public function __construct() + { + global $_SERVER,$db; + if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])){ + $res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); + if(count($res)>0){ + $this->sessid=$_SERVER["HTTP_X_MAGICSMOKE_SESSION"]; + $this->user=$res[0]["user"]; + } + } + } + + /**returns true if the session exists, it may still be temporary and unauthenticated*/ + public function isValid() + { + return $this->sessid!=""; + } + + /**returns true if the session is actually authenticated*/ + public function isAuthenticated() + { + return $this->user!=""; + } + + /**helper function for authenticate*/ + protected function xdie($str) + { + //debug version: +// print($str); + //all versions + exit(); + } + + /**runs authentication against the user request*/ + public function authenticate() + { + global $db,$REQUESTDATA; + //already authenticated? + if($this->isAuthenticated()){ + header("X-MagicSmoke-Status: Error"); + die("Protocol violation: already authenticated."); + } + //get DB record:session + $sres=$db->select("session","*","sessionid=".$db->escapeString($this->sessid)); + if(count($sres)<1){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + die("No such session"); + } + //parse request + $auth=new DOMDocument; + if(!$auth->loadXML($REQUESTDATA)){ + header("X-MagicSmoke-Status: SyntaxError"); + deleteSession(); + die("unable to parse XML data"); + } + $hostname="";$hostauth="";$username="";$userauth=""; + foreach($auth->getElementsByTagName("HostName") as $el) + foreach($el->childNodes as $cn) + if($cn->nodeType==XML_TEXT_NODE) + $hostname=$cn->wholeText; + foreach($auth->getElementsByTagName("HostAuth") as $el) + foreach($el->childNodes as $cn) + if($cn->nodeType==XML_TEXT_NODE) + $hostauth=$cn->wholeText; + foreach($auth->getElementsByTagName("UserName") as $el) + foreach($el->childNodes as $cn) + if($cn->nodeType==XML_TEXT_NODE) + $username=$cn->wholeText; + foreach($auth->getElementsByTagName("UserAuth") as $el) + foreach($el->childNodes as $cn) + if($cn->nodeType==XML_TEXT_NODE) + $userauth=$cn->wholeText; + if($hostname=="" || $hostauth=="" || $username=="" || $userauth==""){ + header("X-MagicSmoke-Status: SyntaxError"); + deleteSession(); + die("missing some authentication data"); + } + //get user data + $ures=$db->select("users","*","uname=".$db->escapeString($username)); + if(count($ures)<1){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("No such user"); + } + //get allowed hosts + $uhres=$db->select("userhosts","host","uname=".$db->escapeString($username)); + $hres=$db->select("host","*","hostname=".$db->escapeString($hostname)); + $hosts=array(); + foreach($uhres as $hst) + $hosts[]=$hst["host"]; + //check that host is allowed + $needhostauth=true; + if(in_array("_anon",$hosts)){ + //anonymous hosts allowed, ignore host auth + $needhostauth=false; + }else + if(in_array("_any",$hosts)){ + //any host allowed, check it exists + if(count($hres)<1){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("unknown host"); + } + }else{ + //check whether allowed + if(!in_array($hostname,$hosts)){ + //host name not in allowed list + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("host not allowed"); + } + //check whether exists + if(count($hres)<1){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("No such host"); + } + } + //compare + $ua=calcAuth($sres[0]["uchallenge"],$ures[0]["passwd"]); + if($ua!=$userauth){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("user challenge failed"); + } + if($needhostauth){ + $ha=calcAuth($sres[0]["hchallenge"],$hres[0]["hostkey"]); + if($ha!=$hostauth){ + header("X-MagicSmoke-Status: Unauthenticated"); + deleteSession(); + $this->xdie("host challenge failed"); + } + } + //success + header("X-MagicSmoke-Status: Ok"); + global $ClientSessionTimeout; + $tout=(time()+$ClientSessionTimeout)."\n".time(); + $db->update("session",array("user"=>$username,"timeout"=>$tout),"sessionid=".$db->escapeString($this->sessid)); + echo $tout; + } + + /**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/ + public function canExecute($transaction) + { + global $db; + $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); + foreach($res as $rl) + if($rl["role"]==$transaction || $rl["role"]=="_admin") + return true; + return false; + } + + /**called for GetMyRoles transaction*/ + public function getMyRoles() + { + global $db; + header("X-MagicSmoke-Status: Ok"); + $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); + foreach($res as $rl) + print($rl["role"]."\n"); + } +}; + +//return all users to client +function getAllUsersXml() +{ + global $db; + header("X-MagicSmoke-Status: Ok"); + $res=$db->select("users","uname,description",""); + $dom=new DomDocument; + $root=$dom->createElement("Users"); + for($i=0;$icreateElement("User",$res[$i]["description"]); + $usr->setAttributeNode(new DOMAttr("name",$res[$i]["uname"])); + $root->appendChild($usr); + } + $dom->appendChild($root); + print($dom->saveXML()); +} + +//return the roles of a specific user +function getUserAclXml($user) +{ + //sanity check + $user=trim($user); + if(ereg("^[A-Za-z0-9_]+$",$user)===false){ + header("X-MagicSmoke-Status: SyntaxError"); + die("invalid user name"); + } + //go on... + global $db,$ALLOWEDREQUESTS; + header("X-MagicSmoke-Status: Ok"); + //create list of roles + $roles=$ALLOWEDREQUESTS; + $roles[]="_admin"; + //get roles from DB + $res=$db->select("userrole","role","uname=".$user); + $acl=array(); + foreach($res as $rl)$acl[]=$rl["role"]; + $dom=new DOMDocument; + $root=$dom->createElement("ACL"); + $root->setAttributeNode(new DOMAttr("user",$user)); + foreach($roles as $rl){ + $re=$dom->createElement("Role"); + $re->setAttributeNode(new DOMAttr("name",$rl)); + if(array_search($rl,$acl)===false)$re->setAttributeNode(new DOMAttr("set","0")); + else $re->setAttributeNode(new DOMAttr("set","0")); + $root->appendChild($re); + } + $dom->appendChild($root); + print($dom->saveXML()); +} + +//helper function: parse User-XML-structure +function parseUserXml($txt) +{ + $xml=new DOMDocument; + if(!$xml->loadXML($txt)){ + header("X-MagicSmoke-Status: SyntaxError"); + die("unable to parse XML data"); + } + $ret=array(); + foreach($xml->getElementsByTagName("User") as $el){ + $usr["name"]=$el->getAttribute("name"); + $usr["descr"]=""; + foreach($el->childNodes as $cn) + if($cn->nodeType==XML_TEXT_NODE) + $usr["descr"]=$cn->wholeText; + $ret[]=$usr; + } + return $ret; +} + +//set new description for user +function setUserDescrXml($txt) +{ + global $db; + $usr=parseUserXml($txt); + for($i=0;$iupdate("users",array("description"=>$usr[$i]["descr"]),"uname=".$db->escapeString($usr[$i]["name"])); + } + header("X-MagicSmoke-Status: Ok"); +} + +//add a new user +function addUserXml($txt) +{ + global $db; + $usr=parseUserXml($txt); + $dom=new DOMDocument; + $root=$dom->createElement("Users"); + for($i=0;$ibeginTransaction(); + $res=$db->select("users","uname","uname='".$usr[$i]["name"]."'"); + if(count($res)==0){ + //create new + $db->insert("users",array("uname"=>$usr[$i]["name"],"description"=>$usr[$i]["descr"])); + //print data + $usr=$dom->createElement("User",$usr[$i]["descr"]); + $usr->setAttributeNode(new DOMAttr("name",$usr[$i]["name"])); + $root->appendChild($usr); + } + $db->commitTransaction(); + } + $dom->appendChild($root); + print($dom->saveXML()); +} + +?> \ No newline at end of file diff --git a/www/inc/session.php b/www/inc/session.php deleted file mode 100644 index 2f3a2d4..0000000 --- a/www/inc/session.php +++ /dev/null @@ -1,328 +0,0 @@ -, (C) 2007 -// -// Copyright: See README/COPYING files that come with this distribution -// -// - -//prune session cache -$db->deleteRows("session","timeout<=".time()); - -/**initiate new session - $rand should contain some food for the random number generator (from the host request)*/ -function newSession($rand) -{ - global $db,$ClientAuthTimeout; - //get random bits - randseed($rand); - $sid=getRandom(128); - $ucha=getRandom(128); - $hcha=getRandom(128); - //try to create entry - $db->beginTransaction(); - while(1){ - //check for existence - $res=$db->select("session","sessionid","sessionid='".$sid."'"); - if(count($res)==0)break; - //create new SID and repeat - $sid=getRandom(128); - } - $ret=array("sessionid"=>$sid,"uchallenge"=>$ucha,"hchallenge"=>$hcha,"user"=>"","timeout"=>time()+$ClientAuthTimeout); - $db->insert("session",$ret); - $db->commitTransaction(); - return $ret; -} - -/**delete current session*/ -function deleteSession() -{ - global $_SERVER,$db; - if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])) - $db->deleteRows("session","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); -} - -/**The session class*/ -class Session -{ - private $sessid=""; - private $user=""; - - /**construct the session object, check validity*/ - public function __construct() - { - global $_SERVER,$db; - if(isset($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])){ - $res=$db->select("session","sessionid,user","sessionid=".$db->escapeString($_SERVER["HTTP_X_MAGICSMOKE_SESSION"])); - if(count($res)>0){ - $this->sessid=$_SERVER["HTTP_X_MAGICSMOKE_SESSION"]; - $this->user=$res[0]["user"]; - } - } - } - - /**returns true if the session exists, it may still be temporary and unauthenticated*/ - public function isValid() - { - return $this->sessid!=""; - } - - /**returns true if the session is actually authenticated*/ - public function isAuthenticated() - { - return $this->user!=""; - } - - /**helper function for authenticate*/ - protected function xdie($str) - { - //debug version: -// print($str); - //all versions - exit(); - } - - /**runs authentication against the user request*/ - public function authenticate() - { - global $db,$REQUESTDATA; - //already authenticated? - if($this->isAuthenticated()){ - header("X-MagicSmoke-Status: Error"); - die("Protocol violation: already authenticated."); - } - //get DB record:session - $sres=$db->select("session","*","sessionid=".$db->escapeString($this->sessid)); - if(count($sres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - die("No such session"); - } - //parse request - $auth=new DOMDocument; - if(!$auth->loadXML($REQUESTDATA)){ - header("X-MagicSmoke-Status: SyntaxError"); - deleteSession(); - die("unable to parse XML data"); - } - $hostname="";$hostauth="";$username="";$userauth=""; - foreach($auth->getElementsByTagName("HostName") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $hostname=$cn->wholeText; - foreach($auth->getElementsByTagName("HostAuth") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $hostauth=$cn->wholeText; - foreach($auth->getElementsByTagName("UserName") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $username=$cn->wholeText; - foreach($auth->getElementsByTagName("UserAuth") as $el) - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $userauth=$cn->wholeText; - if($hostname=="" || $hostauth=="" || $username=="" || $userauth==""){ - header("X-MagicSmoke-Status: SyntaxError"); - deleteSession(); - die("missing some authentication data"); - } - //get user data - $ures=$db->select("users","*","uname=".$db->escapeString($username)); - if(count($ures)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("No such user"); - } - //get allowed hosts - $uhres=$db->select("userhosts","host","uname=".$db->escapeString($username)); - $hres=$db->select("host","*","hostname=".$db->escapeString($hostname)); - $hosts=array(); - foreach($uhres as $hst) - $hosts[]=$hst["host"]; - //check that host is allowed - $needhostauth=true; - if(in_array("_anon",$hosts)){ - //anonymous hosts allowed, ignore host auth - $needhostauth=false; - }else - if(in_array("_any",$hosts)){ - //any host allowed, check it exists - if(count($hres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("unknown host"); - } - }else{ - //check whether allowed - if(!in_array($hostname,$hosts)){ - //host name not in allowed list - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("host not allowed"); - } - //check whether exists - if(count($hres)<1){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("No such host"); - } - } - //compare - $ua=calcAuth($sres[0]["uchallenge"],$ures[0]["passwd"]); - if($ua!=$userauth){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("user challenge failed"); - } - if($needhostauth){ - $ha=calcAuth($sres[0]["hchallenge"],$hres[0]["hostkey"]); - if($ha!=$hostauth){ - header("X-MagicSmoke-Status: Unauthenticated"); - deleteSession(); - $this->xdie("host challenge failed"); - } - } - //success - header("X-MagicSmoke-Status: Ok"); - global $ClientSessionTimeout; - $tout=(time()+$ClientSessionTimeout)."\n".time(); - $db->update("session",array("user"=>$username,"timeout"=>$tout),"sessionid=".$db->escapeString($this->sessid)); - echo $tout; - } - - /**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/ - public function canExecute($transaction) - { - global $db; - $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); - foreach($res as $rl) - if($rl["role"]==$transaction || $rl["role"]=="_admin") - return true; - return false; - } - - /**called for GetMyRoles transaction*/ - public function getMyRoles() - { - global $db; - header("X-MagicSmoke-Status: Ok"); - $res=$db->select("userrole","role","uname=".$db->escapeString($this->user)); - foreach($res as $rl) - print($rl["role"]."\n"); - } -}; - -//return all users to client -function getAllUsersXml() -{ - global $db; - header("X-MagicSmoke-Status: Ok"); - $res=$db->select("users","uname,description",""); - $dom=new DomDocument; - $root=$dom->createElement("Users"); - for($i=0;$icreateElement("User",$res[$i]["description"]); - $usr->setAttributeNode(new DOMAttr("name",$res[$i]["uname"])); - $root->appendChild($usr); - } - $dom->appendChild($root); - print($dom->saveXML()); -} - -//return the roles of a specific user -function getUserAclXml($user) -{ - //sanity check - $user=trim($user); - if(ereg("^[A-Za-z0-9_]+$",$user)===false){ - header("X-MagicSmoke-Status: SyntaxError"); - die("invalid user name"); - } - //go on... - global $db,$ALLOWEDREQUESTS; - header("X-MagicSmoke-Status: Ok"); - //create list of roles - $roles=$ALLOWEDREQUESTS; - $roles[]="_admin"; - //get roles from DB - $res=$db->select("userrole","role","uname=".$user); - $acl=array(); - foreach($res as $rl)$acl[]=$rl["role"]; - $dom=new DOMDocument; - $root=$dom->createElement("ACL"); - $root->setAttributeNode(new DOMAttr("user",$user)); - foreach($roles as $rl){ - $re=$dom->createElement("Role"); - $re->setAttributeNode(new DOMAttr("name",$rl)); - if(array_search($rl,$acl)===false)$re->setAttributeNode(new DOMAttr("set","0")); - else $re->setAttributeNode(new DOMAttr("set","0")); - $root->appendChild($re); - } - $dom->appendChild($root); - print($dom->saveXML()); -} - -//helper function: parse User-XML-structure -function parseUserXml($txt) -{ - $xml=new DOMDocument; - if(!$xml->loadXML($txt)){ - header("X-MagicSmoke-Status: SyntaxError"); - die("unable to parse XML data"); - } - $ret=array(); - foreach($xml->getElementsByTagName("User") as $el){ - $usr["name"]=$el->getAttribute("name"); - $usr["descr"]=""; - foreach($el->childNodes as $cn) - if($cn->nodeType==XML_TEXT_NODE) - $usr["descr"]=$cn->wholeText; - $ret[]=$usr; - } - return $ret; -} - -//set new description for user -function setUserDescrXml($txt) -{ - global $db; - $usr=parseUserXml($txt); - for($i=0;$iupdate("users",array("description"=>$usr[$i]["descr"]),"uname=".$db->escapeString($usr[$i]["name"])); - } - header("X-MagicSmoke-Status: Ok"); -} - -//add a new user -function addUserXml($txt) -{ - global $db; - $usr=parseUserXml($txt); - $dom=new DOMDocument; - $root=$dom->createElement("Users"); - for($i=0;$ibeginTransaction(); - $res=$db->select("users","uname","uname='".$usr[$i]["name"]."'"); - if(count($res)==0){ - //create new - $db->insert("users",array("uname"=>$usr[$i]["name"],"description"=>$usr[$i]["descr"])); - //print data - $usr=$dom->createElement("User",$usr[$i]["descr"]); - $usr->setAttributeNode(new DOMAttr("name",$usr[$i]["name"])); - $root->appendChild($usr); - } - $db->commitTransaction(); - } - $dom->appendChild($root); - print($dom->saveXML()); -} - -?> \ No newline at end of file diff --git a/www/machine.php b/www/machine.php index f6eeb2e..eed8d0e 100644 --- a/www/machine.php +++ b/www/machine.php @@ -48,7 +48,7 @@ if($SMOKEREQUEST=="serverinfo"){ include("inc/loader_nonadmin.php"); //load machine interface -include("inc/session.php"); +include("inc/machine/session.php"); // request to start a session if($SMOKEREQUEST=="startsession"){ -- 1.7.2.5