[pubcookie-dev] WEBISO CVS update: fox;
index.cgi.c,1.112,1.113 keyserver.c,2.40,2.41 pbc_myconfig.c,1.36,1.37
Jim Fox
fox at cac.washington.edu
Thu Jan 15 15:57:18 PST 2004
- Previous message: [pubcookie-dev] multiple login servers
- Next message: [pubcookie-dev] WEBISO CVS update: ryanc;
pbc_config.h,1.84,1.85 pbc_configure.c,2.6,2.7 pbc_configure.h,2.6,2.7
pbc_myconfig.c,1.37,1.38 pbc_myconfig.h,1.15,1.16
security_legacy.c,1.33,1.34
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/local/cvsroot/webiso/pubcookie/src
In directory webiso-cvs.cac.washington.edu:/var/tmp/cvs-serv885/webiso/pubcookie/src
Modified Files:
flavor_basic.c flavor_uwsecurid.c index.cgi.c keyserver.c
pbc_myconfig.c
Log Message:
These are changes to implement the new kiosk configuration.
To summarize:
1) Any integer that represents a time duration may have a
suffix of 'm' to mean minutes or 'h' to mean hours, e.g.
5m means 300, and 1h means 3600.
2) Configuration file lines may be continued by a trailing '\'
3) A new kiosk specification allows both agent string match
and remote ip addresses or address ranges.
syntax: kiosk: time agent|ip [agent|ip] ... [ time agent|ip ... ]
e.g.
kiosk: 20m Safari/85.6 \
15m Safari \
10m 140.142.14.39 140.142.21.* \
1h 140.142.15.10-200
means:
New safari browsers get 20 minutes,
Old safari browsers get 15 minutes,
Address 140.142.14.39 gets 10 minutes
Addresses in the subdomain 140.142.21 get 10 minutes
Addresses in the range 140.142.15.10s-200 get 1 hour
note: only the last field of the ip addrsss may
include the range or wildcard.
Index: webiso/pubcookie/src/flavor_basic.c
diff -c webiso/pubcookie/src/flavor_basic.c:1.44 webiso/pubcookie/src/flavor_basic.c:1.45
*** webiso/pubcookie/src/flavor_basic.c:1.44 Wed Dec 17 14:10:56 2003
--- webiso/pubcookie/src/flavor_basic.c Thu Jan 15 15:57:16 2004
***************
*** 13,19 ****
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.44 2003/12/17 22:10:56 ryanc Exp $
*/
--- 13,19 ----
* will pass l->realm to the verifier and append it to the username when
* 'append_realm' is set
*
! * $Id: flavor_basic.c,v 1.45 2004/01/15 23:57:16 fox Exp $
*/
***************
*** 357,362 ****
--- 357,364 ----
char *user_field = NULL;
char *hidden_user = NULL;
char now[64];
+ int ldur, ldurp;
+ char ldurtxt[64], *ldurtyp;
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "print_login_page: hello reason: %d", reason);
***************
*** 522,527 ****
--- 524,537 ----
/* if the user field should be hidden */
hidden_user = flb_get_hidden_user_field(p, l, c, reason);
+ /* login session lifetime message */
+ if (!(ldur=get_kiosk_duration(p,l)))
+ ldur = libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
+ if (((ldurp=ldur/3600)*3600) == ldur) ldurtyp = "hour";
+ else if (((ldurp=ldur/60)*60) == ldur) ldurtyp = "minute";
+ else ldurp = ldur, ldurtyp = "second";
+ sprintf(ldurtxt, "%d %s%s", ldurp, ldurtyp, ldurp==1?"":"s");
+
/* Display the login form. */
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_login", "login"),
***************
*** 532,537 ****
--- 542,548 ----
"hiddenfields", hidden_fields,
"user_field", user_field != NULL ? user_field : "",
"getcredhidden", getcred_hidden != NULL ? getcred_hidden : "",
+ "durationtext", ldurtxt,
NULL
);
Index: webiso/pubcookie/src/flavor_uwsecurid.c
diff -c webiso/pubcookie/src/flavor_uwsecurid.c:2.1 webiso/pubcookie/src/flavor_uwsecurid.c:2.2
*** webiso/pubcookie/src/flavor_uwsecurid.c:2.1 Thu Dec 11 13:48:44 2003
--- webiso/pubcookie/src/flavor_uwsecurid.c Thu Jan 15 15:57:16 2004
***************
*** 11,17 ****
*/
/*
! $Id: flavor_uwsecurid.c,v 2.1 2003/12/11 21:48:44 willey Exp $
*/
#ifdef HAVE_CONFIG_H
--- 11,17 ----
*/
/*
! $Id: flavor_uwsecurid.c,v 2.2 2004/01/15 23:57:16 fox Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 450,455 ****
--- 450,459 ----
char *pass_field = NULL;
char *hidden_user = NULL;
char func[] = "print_login_page";
+
+ int ldur, ldurp;
+ char ldurtxt[64], *ldurtyp;
+
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "%s: hello, reason: %d", func, reason);
***************
*** 600,605 ****
--- 604,617 ----
/* if the user field should be hidden */
hidden_user = flus_get_hidden_user_field(p, l, c, reason);
+ /* login session lifetime message */
+ if (!(ldur=get_kiosk_duration(p,l)))
+ ldur = libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
+ if (((ldurp=ldur/3600)*3600) == ldur) ldurtyp = "hour";
+ else if (((ldurp=ldur/60)*60) == ldur) ldurtyp = "minute";
+ else ldurp = ldur, ldurtyp = "second";
+ sprintf(ldurtxt, "%d %s%s", ldurp, ldurtyp, ldurp==1?"":"s");
+
/* Display the login form. */
ntmpl_print_html(p, TMPL_FNAME,
libpbc_config_getstring(p, "tmpl_login_uwsecurid", "login_uwsecurid"),
***************
*** 610,615 ****
--- 622,628 ----
"hiddenfields", hidden_fields,
"user_field", user_field != NULL ? user_field : "",
"pass_field", pass_field != NULL ? pass_field : "",
+ "durationtext", ldurtxt,
NULL
);
Index: webiso/pubcookie/src/index.cgi.c
diff -c webiso/pubcookie/src/index.cgi.c:1.112 webiso/pubcookie/src/index.cgi.c:1.113
*** webiso/pubcookie/src/index.cgi.c:1.112 Wed Dec 17 14:10:56 2003
--- webiso/pubcookie/src/index.cgi.c Thu Jan 15 15:57:16 2004
***************
*** 6,12 ****
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.112 2003/12/17 22:10:56 ryanc Exp $
*/
#ifdef HAVE_CONFIG_H
--- 6,12 ----
/** @file index.cgi.c
* Login server CGI
*
! * $Id: index.cgi.c,v 1.113 2004/01/15 23:57:16 fox Exp $
*/
#ifdef HAVE_CONFIG_H
***************
*** 1074,1106 ****
}
/**
! * gets lifetime of a login cookie for a kiosk
* @param *l from login session
* @returns duration
*/
int get_kiosk_duration(pool *p, login_rec *l)
{
int i;
! char **keys;
! char **values;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
! "get_kiosk_duration: agent: %s", user_agent(p));
! keys = libpbc_config_getlist(p, "kiosk_keys");
! values = libpbc_config_getlist(p, "kiosk_values");
! if(keys != NULL) {
! for(i=0; keys[i] != NULL && values[i] != NULL; i++) {
! if( strstr(user_agent(p), keys[i]) != NULL ) {
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW,"is kiosk: %s duration: %s\n",
! user_agent(p), values[i]);
! return(atoi(values[i]));
! }
! }
}
! /* not a kiosk */
! return(PBC_FALSE); /* xxx false isn't a duration -leg */
}
--- 1074,1252 ----
}
/**
! * Kiosk lifetimes from the config files.
! * See the documentation for syntax.
! */
!
! #define KIOSK_VOID 0
! #define KIOSK_AGENT 1
! #define KIOSK_IP 2
! #define KIOSK_STAR 3
! #define KIOSK_RANGE 4
!
! typedef struct KioskDef__ {
! struct KioskDef__ *next;
! int type;
! int time;
! char *str;
! int lo;
! int hi;
! } KioskDef_, *KioskDef;
!
! KioskDef kiosks = NULL;
!
! static void get_kiosk_parameters(pool *p)
! {
! int i, t;
! char **keys;
! char **vals;
! KioskDef *K = &kiosks;
! KioskDef N;
! int ktime = 0;
! char *v, *w;
! int dc;
! int dr;
!
! /* Process the time-and-value list */
!
! vals = libpbc_config_getlist(p, "kiosk");
!
! for (i=0; vals && vals[i]; i++) {
! if (t=libpbc_myconfig_str2int(vals[i],0)) {
! ktime = t;
! continue;
! }
!
! if (ktime <= 0) {
! pbc_log_activity(p, PBC_LOG_ERROR,
! "kiosk: invalid kiosk time specification");
! abort();
! }
!
! N = (KioskDef) malloc(sizeof(KioskDef_));
! N->next = NULL;
! *K = N;
! K = &N->next;
! N->time = ktime;
! N->lo = N->hi = 0;
!
! /* See if ip or agent string */
!
! for (dc=0,dr=0,v=vals[i]; *v; v++) {
! if (isdigit(*v)) continue;
! if (dr) break;
! if (*v=='.') {
! if (++dc>3) break;
! } else if (*v=='*') {
! if (*(v+1)) break;
! } else if (*v=='-') {
! if (++dr>1) break;
! if (dc!=3) break;
! }
! }
!
! if (*v || (dc<2)) { /* agent */
! N->type = KIOSK_AGENT;
! N->str = strdup(vals[i]);
! } else {
! if (v=strchr(vals[i],'*')) { /* ip star format */
! N->type = KIOSK_STAR;
! *v = '\0';
! N->str = strdup(vals[i]);
! } else if (dr) { /* ip range format */
! N->type = KIOSK_RANGE;
! /* have to split the range part */
! v = strchr(vals[i],'-');
! *v++ = '\0';
! w = strrchr(vals[i],'.');
! *w++ = '\0';
! N->str = strdup(vals[i]);
! N->lo = atoi(w);
! N->hi = atoi(v);
! } else { /* simple ip format */
! N->type = KIOSK_IP;
! N->str = strdup(vals[i]);
! }
! }
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
! "kiosk: type=%d, time=%d, str=%s, lo=%d, hi=%d\n",
! N->type, N->time, N->str, N->lo, N->hi);
! }
! if (vals) free(vals);
!
! /* Add any old-style agent strings */
!
! keys = libpbc_config_getlist(p, "kiosk_keys");
! vals = libpbc_config_getlist(p, "kiosk_values");
!
! if(keys) {
! for(i=0; keys[i] && vals[i]; i++) {
! if (ktime=libpbc_myconfig_str2int(vals[i],0)) {
! N = (KioskDef) malloc(sizeof(KioskDef_));
! N->next = NULL;
! *K = N;
! K = &N->next;
! N->type = KIOSK_AGENT;
! N->time = ktime;;
! N->str = strdup(keys[i]);
! N->lo = N->hi = 0;
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
! "kiosk: type=%d, time=%d, lo=%d, hi=%d\n",
! N->type, N->time, N->lo, N->hi);
! }
! }
! }
! if (vals) free(vals);
! if (keys) free(keys);
! }
!
! /**
! * gets lifetime of a login cookie if browser is a kiosk
* @param *l from login session
* @returns duration
*/
+
int get_kiosk_duration(pool *p, login_rec *l)
{
int i;
! KioskDef K;
pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
! "get_kiosk_duration: agent=%s, ip=%s",
! user_agent(p), cgiRemoteAddr);
! for (K=kiosks; K; K=K->next) {
! if ((K->type==KIOSK_AGENT) &&
! strstr(user_agent(p),K->str)) break;
!
! if (!cgiRemoteAddr) continue;
!
! if ((K->type==KIOSK_IP) &&
! !strcmp(K->str, cgiRemoteAddr)) break;
!
! if ((K->type==KIOSK_STAR) &&
! !strncmp(K->str, cgiRemoteAddr, strlen(K->str))) break;
!
! if ((K->type==KIOSK_RANGE) &&
! !strncmp(K->str, cgiRemoteAddr, strlen(K->str))) {
! char *v = strrchr(cgiRemoteAddr,'.');
! if (v) {
! int a = atoi(v+1);
! if ((a>=K->lo) && (a<=K->hi)) break;
! }
! }
! }
!
! if (K) {
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW,
! "kiosk: type=%d, time=%d, str=%s, lo=%d, hi=%d\n",
! K->type, K->time, K->str, K->lo, K->hi);
! return (K->time);
}
!
! pbc_log_activity(p, PBC_LOG_DEBUG_LOW, "Not a kiosk");
! return(0);
}
***************
*** 1115,1121 ****
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"compute_l_expire: hello");
! if((l->duration==0) && (l->duration=get_kiosk_duration(p, l))==PBC_FALSE)
l->duration =
libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
--- 1261,1267 ----
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE,"compute_l_expire: hello");
! if((l->duration==0) && (l->duration=get_kiosk_duration(p, l))==0)
l->duration =
libpbc_config_getint(p, "default_l_expire",DEFAULT_LOGIN_EXPIRE);
***************
*** 1547,1552 ****
--- 1693,1699 ----
libpbc_config_init(p, NULL, "logincgi");
debug = libpbc_config_getint(p, "debug", 0);
pbc_log_init(p, "pubcookie login server", NULL, NULL, NULL);
+ get_kiosk_parameters(p);
pbc_log_activity(p, PBC_LOG_DEBUG_VERBOSE, "cgiMain() hello...\n");
Index: webiso/pubcookie/src/keyserver.c
diff -c webiso/pubcookie/src/keyserver.c:2.40 webiso/pubcookie/src/keyserver.c:2.41
*** webiso/pubcookie/src/keyserver.c:2.40 Thu Dec 11 13:48:44 2003
--- webiso/pubcookie/src/keyserver.c Thu Jan 15 15:57:16 2004
***************
*** 6,12 ****
/** @file keyserver.c
* Server side of key management structure
*
! * $Id: keyserver.c,v 2.40 2003/12/11 21:48:44 willey Exp $
*/
--- 6,12 ----
/** @file keyserver.c
* Server side of key management structure
*
! * $Id: keyserver.c,v 2.41 2004/01/15 23:57:16 fox Exp $
*/
***************
*** 307,319 ****
/* no HTML headers for me */
myprintf("\r\n");
-
- /* check access list for client operations */
- if( op != SETKEY && check_access_list(peer) == PBC_FAIL ) {
- myprintf("you (%s) are not in keyserver client list\r\n", peer);
- pbc_log_activity(p, PBC_LOG_ERROR, "operation not allowed: %s", peer);
- return(1);
- }
switch (op) {
case PERMIT:
--- 307,312 ----
Index: webiso/pubcookie/src/pbc_myconfig.c
diff -c webiso/pubcookie/src/pbc_myconfig.c:1.36 webiso/pubcookie/src/pbc_myconfig.c:1.37
*** webiso/pubcookie/src/pbc_myconfig.c:1.36 Thu Dec 11 13:48:44 2003
--- webiso/pubcookie/src/pbc_myconfig.c Thu Jan 15 15:57:16 2004
***************
*** 6,12 ****
/** @file pbc_myconfig.c
* Runtime configuration
*
! * $Id: pbc_myconfig.c,v 1.36 2003/12/11 21:48:44 willey Exp $
*/
--- 6,12 ----
/** @file pbc_myconfig.c
* Runtime configuration
*
! * $Id: pbc_myconfig.c,v 1.37 2004/01/15 23:57:16 fox Exp $
*/
***************
*** 217,230 ****
return ret;
}
int libpbc_myconfig_getint(pool *p, const char *key, int def)
{
const char *val = libpbc_myconfig_getstring(p, key, (char *)0);
! if (!val) return def;
! if (!isdigit((int) *val) && (*val != '-' || !isdigit((int) val[1])))
! return def;
! return atoi(val);
}
int libpbc_myconfig_getswitch(pool *p, const char *key, int def)
--- 217,248 ----
return ret;
}
+ /* int=dddS, dddM, dddH */
+ int libpbc_myconfig_str2int(char *val, int def)
+ {
+ int v = 0;
+ int m = 1;
+ int n = 1;
+
+ if (!val) return (def);
+ if (*val=='-') val++, n=(-1);
+
+ for (; *val; val++) {
+ if (isdigit(*val)) v = v*10 + *val - '0';
+ else if (m>1) return (def); /* Not a valid time spec */
+ else if (*val=='S' || *val=='s') m = 1;
+ else if (*val=='M' || *val=='m') m = 60;
+ else if (*val=='H' || *val=='h') m = 3600;
+ else return (def);
+ }
+ return (v * n * m);
+ }
+
int libpbc_myconfig_getint(pool *p, const char *key, int def)
{
const char *val = libpbc_myconfig_getstring(p, key, (char *)0);
! return (libpbc_myconfig_str2int(val, def));
}
int libpbc_myconfig_getswitch(pool *p, const char *key, int def)
***************
*** 251,259 ****
--- 269,279 ----
FILE *infile;
const char *filename;
int lineno = 0;
+ int plineno = 0;
int alloced = 0;
char buf[8192];
char *ptr, *q, *key;
+ char *bp = buf;
filename = alt_config ? alt_config : PBC_CONFIG;
infile = pbc_fopen(p, filename, "r");
***************
*** 267,279 ****
fatal(p, buf, EX_CONFIG);
}
! while (fgets(buf, sizeof(buf), infile)) {
lineno++;
!
! if (buf[strlen(buf)-1] == '\n') buf[strlen(buf)-1] = '\0';
! for (ptr = buf; *ptr && isspace((int) *ptr); ptr++);
if (!*ptr || *ptr == '#') continue;
key = ptr;
while (*ptr && (isalnum((int) *ptr) || *ptr == '-' || *ptr == '_' || *ptr == '.')) {
if (isupper((unsigned char) *ptr)) *ptr = tolower((unsigned char) *ptr);
--- 287,310 ----
fatal(p, buf, EX_CONFIG);
}
! while (fgets(bp, sizeof(buf) + buf - bp, infile)) {
lineno++;
! if (bp!=buf) plineno++;
! /* remove trailing and leading spaces */
! for (ptr=bp+strlen(bp)-1;
! ptr>=bp&&(*ptr=='\n'||isspace(*ptr));
! *ptr--='\0');
! for (ptr = bp; *ptr && isspace(*ptr); ptr++);
if (!*ptr || *ptr == '#') continue;
+ if (ptr>bp) memmove(bp, ptr, strlen(ptr)+1);
+ if (bp[strlen(bp)-1]=='\\') {
+ bp += strlen(bp)-1;
+ *bp = '\0';
+ continue;
+ }
+ /* OK, got a complete line */
+ ptr = buf;
key = ptr;
while (*ptr && (isalnum((int) *ptr) || *ptr == '-' || *ptr == '_' || *ptr == '.')) {
if (isupper((unsigned char) *ptr)) *ptr = tolower((unsigned char) *ptr);
***************
*** 282,299 ****
if (*ptr != ':') {
snprintf(buf, sizeof(buf),
"invalid option name on line %d of configuration file %s",
! lineno, filename);
fatal(p, buf, EX_CONFIG);
}
*ptr++ = '\0';
while (*ptr && isspace((int) *ptr)) ptr++;
- /* remove trailing whitespace */
- for (q = ptr + strlen(ptr) - 1; q > ptr && isspace((int) *q); q--) {
- *q = '\0';
- }
-
if (!*ptr) {
snprintf(buf, sizeof(buf),
"empty option value on line %d of configuration file %s",
--- 313,325 ----
if (*ptr != ':') {
snprintf(buf, sizeof(buf),
"invalid option name on line %d of configuration file %s",
! plineno, filename);
fatal(p, buf, EX_CONFIG);
}
*ptr++ = '\0';
while (*ptr && isspace((int) *ptr)) ptr++;
if (!*ptr) {
snprintf(buf, sizeof(buf),
"empty option value on line %d of configuration file %s",
***************
*** 325,330 ****
--- 351,359 ----
fatal(p, "out of memory", EX_OSERR);
}
nconfiglist++;
+
+ bp = buf;
+ plineno = lineno;
}
pbc_fclose(p, infile);
}
end of message
- Previous message: [pubcookie-dev] multiple login servers
- Next message: [pubcookie-dev] WEBISO CVS update: ryanc;
pbc_config.h,1.84,1.85 pbc_configure.c,2.6,2.7 pbc_configure.h,2.6,2.7
pbc_myconfig.c,1.37,1.38 pbc_myconfig.h,1.15,1.16
security_legacy.c,1.33,1.34
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the pubcookie-dev
mailing list