X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=cgi-auth-flexible.git;a=blobdiff_plain;f=cgi-auth-flexible.pm;h=3a4ee76be2448649dfade7e9f5baed510f75ae9f;hp=d3d9517afee6469e1c85a3584099db5cb6023c22;hb=412316a7005df29b1adb30835848490210498ecb;hpb=04872c57839c2ff93de2d6c70fe4087043d3e4d1
diff --git a/cgi-auth-flexible.pm b/cgi-auth-flexible.pm
index d3d9517..3a4ee76 100644
--- a/cgi-auth-flexible.pm
+++ b/cgi-auth-flexible.pm
@@ -1,21 +1,26 @@
# -*- perl -*-
# This is part of CGI::Auth::Flexible, a perl CGI authentication module.
-# Copyright (C) 2012 Ian Jackson.
-# Copyright (C) 2012 Citrix.
+#
+# Copyright (C) 2012,2013,2015 Ian Jackson.
+# Copyright (C) 2012,2013,2015 Citrix.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
+# (at your option) any later version, with the "CAF Login Exception"
+# as published by Ian Jackson (version 1, or at your option any
+# later version) as an Additional Permission.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
-# You should have received a copy of the GNU Affero General Public License
-# along with this program. If not, see .
+# You should have received a copy of the GNU Affero General Public
+# License and the CAF Login Exception along with this program, in the
+# file AGPLv3+CAFv1. If not, email Ian Jackson
+# .
use strict;
use warnings FATAL => 'all';
@@ -184,7 +189,8 @@ sub gen_srcdump_link_html ($$$$) {
}
sub gen_plain_licence_link_html ($$) {
my ($c,$r) = @_;
- gen_srcdump_link_html($c,$r, 'GNU Affero GPL', 'licence');
+ gen_srcdump_link_html($c,$r, 'GNU Affero GPL with CAF Login Exception',
+ 'licence');
}
sub gen_plain_source_link_html ($$) {
my ($c,$r) = @_;
@@ -471,7 +477,7 @@ sub new_verifier {
srcdump_dump => \&srcdump_dump,
srcdump_prepare => \&srcdump_dirscan_prepare,
srcdump_licence_path => undef,
- srcdump_licence_files => [qw(AGPLv3 CGI/Auth/Flexible/AGPLv3)],
+ srcdump_licence_files => [qw(AGPLv3+CAFv1 CGI/Auth/Flexible/AGPLv3+CAFv1)],
srcdump_listitems => sub { (@INC, $ENV{'SCRIPT_FILENAME'}, $0); },
srcdump_filter_cwd => 1,
srcdump_system_dir => sub {
@@ -482,7 +488,7 @@ sub new_verifier {
srcdump_vcsscript => {git => "
git ls-files -z
git ls-files -z --others --exclude-from=.gitignore
- find .git -print0
+ find .git ! -name \\*~ -print0
"},
srcdump_byvcs => \&srcdump_byvcs,
srcdump_novcs => \&srcdump_novcs,
@@ -701,7 +707,6 @@ sub construct_cookie ($$$) {
# any - POST nrmuoi bug or attack, fail
# any - GET rmuoi bug or attack, fail
# any any GET muoi bug or attack, fail
- # any t any nrmu bug or attack, fail
#
# - - GET O "just logged out" page
# (any other) O bug or attack, fail
@@ -746,38 +751,38 @@ sub construct_cookie ($$$) {
# revoke y2
# treat as y1 n POST
#
- # y n GET n intra-site link from stale page,
+ # y nt GET n intra-site link from stale page,
# treat as cross-site link, show data
#
- # y n POST n m intra-site form submission from stale page
+ # y nt POST n m intra-site form submission from stale page
# show "session interrupted"
# with link to main data page
#
- # y n GET r intra-site request from stale page
+ # y nt GET r intra-site request from stale page
# fail
#
- # y n POST r u intra-site request from stale page
+ # y nt POST r u intra-site request from stale page
# fail
#
- # -/n y2 GET nr intra-site link from cleared session
+ # -n y2 GET nr intra-site link from cleared session
# do not revoke y2 as not RESTful
# treat as -/n n GET
#
- # -/n y2 POST nrmu request from cleared session
+ # -n y2 POST nrmu request from cleared session
# revoke y2
# treat as -/n n POST
#
- # -/n -/n GET n cross-site link but user not logged in
+ # -nt -nt GET n cross-site link but user not logged in
# show login form with redirect to orig params
# generate fresh cookie
#
- # -/n n GET rmu user not logged in
+ # -nt nt GET rmu user not logged in
# fail
#
- # -/n n POST n m user not logged in
+ # -nt nt POST n m user not logged in
# show login form
#
- # -/n n POST r u user not logged in
+ # -nt nt POST r u user not logged in
# fail
sub _check_divert_core ($) {
@@ -844,7 +849,7 @@ sub _check_divert_core ($) {
" enabled. You must enable cookies".
" as we use them for login."),
_CookieRaw => $r->_fresh_secret(),
- Params => $r->_chain_params() })
+ Params => $r->chain_params() })
}
if (!$cookt || $cookt eq 'n' || $cookh ne $parmh) {
$r->_db_revoke($cookh);
@@ -862,18 +867,17 @@ sub _check_divert_core ($) {
return ({ Kind => 'LOGIN-BAD',
Message => $login_errormessage,
_CookieRaw => $cooks,
- Params => $r->_chain_params() })
+ Params => $r->chain_params() })
}
$r->_db_record_login_ok($parmh,$username);
return ({ Kind => 'REDIRECT-LOGGEDIN',
Message => $r->_gt("Logging in..."),
_CookieRaw => $cooks,
- Params => $r->_chain_params() });
+ Params => $r->chain_params() });
}
if ($cookt eq 't') {
$cookt = '';
}
- die if $parmt eq 't';
if ($cookt eq 'y' && $parmt eq 'y' && $cookh ne $parmh) {
$r->_db_revoke($parmh) if $meth eq 'POST';
@@ -882,13 +886,13 @@ sub _check_divert_core ($) {
if ($cookt ne 'y') {
die unless !$cookt || $cookt eq 'n';
- die unless !$parmt || $parmt eq 'n' || $parmt eq 'y';
+ die unless !$parmt || $parmt eq 't' || $parmt eq 'n' || $parmt eq 'y';
my $news = $r->_fresh_secret();
if ($meth eq 'GET') {
return ({ Kind => 'LOGIN-INCOMINGLINK',
Message => $r->_gt("You need to log in."),
_CookieRaw => $news,
- Params => $r->_chain_params() });
+ Params => $r->chain_params() });
} else {
$r->_db_revoke($parmh);
return ({ Kind => 'LOGIN-FRESH',
@@ -912,9 +916,17 @@ sub _check_divert_core ($) {
die unless $cookt eq 'y';
unless ($r->{S}{promise_check_mutate} && $meth eq 'GET') {
+ if ($parmt eq 't' || $parmt eq 'n') {
+ return ({ Kind => 'STALE',
+ Message => $r->_gt("Login session interrupted."),
+ _CookieRaw => $cooks,
+ Params => { } });
+ }
die unless $parmt eq 'y';
die unless $cookh eq $parmh;
}
+ $r->_db_update_last($cooku,$parmh);
+
$r->{ParmT} = $parmt;
$r->{AssocRaw} = $cooks;
$r->{UserOK} = $cooku;
@@ -922,14 +934,7 @@ sub _check_divert_core ($) {
return undef;
}
-sub _chain_params ($) {
-# =item C<< $authreq->_chain_params() >>
-#
-# Returns a hash of the "relevant" parameters to this request, in a form
-# used by C. This is all of the query parameters
-# which are not related to CGI::Auth::Flexible. The PATH_INFO from the
-# request is returned as the parameter C<< '' >>.
-
+sub chain_params ($) {
my ($r) = @_;
my %p = %{ $r->_ch('get_params') };
foreach my $pncn (keys %{ $r->{S} }) {
@@ -1027,6 +1032,16 @@ sub _db_record_login_ok ($$$) {
$h, $user, time);
}
+sub _db_update_last ($$) {
+ # revokes $h if it's valid; no-op if it's not
+ my ($r,$user,$h) = @_;
+ my $dbh = $r->{Dbh};
+ $dbh->do("UPDATE $r->{S}{db_prefix}_assocs".
+ " SET last = ?".
+ " WHERE username = ? AND assochash = ?", {},
+ time, $user, $h);
+}
+
sub check_divert ($) {
my ($r) = @_;
if (exists $r->{Divert}) {
@@ -1036,16 +1051,17 @@ sub check_divert ($) {
$r->{Divert} = $r->_db_transaction(sub { $r->_check_divert_core(); });
$dbh->commit();
- my $cookraw = $r->{_CookieRaw};
- $r->{CookieSecret} = $r->_blind($cookraw);
+ my $divert = $r->{Divert};
+ my $cookraw = $divert && $divert->{_CookieRaw};
if ($cookraw) {
- $r->{Params}{$r->{S}{assoc_param_name}} = [
+ $divert->{CookieSecret} = $r->_blind($cookraw);
+ $divert->{Params}{$r->{S}{assoc_param_name}} = [
$r->_blind($r->hash($cookraw))
];
}
- $r->_debug(Data::Dumper->Dump([$r->{Divert}],[qw(divert)]));
- return $r->{Divert};
+ $r->_debug(Data::Dumper->Dump([$divert],[qw(divert)]));
+ return $divert;
}
sub get_divert ($) {
@@ -1129,6 +1145,10 @@ sub check_ok ($) {
$title = $r->_gt('Not logged in');
push @body, $divert->{Message};
push @body, $r->_ch('gen_login_link', $params);
+ } elsif ($kind =~ m/^STALE/) {
+ $title = $r->_gt('Re-entering secure site.');
+ push @body, $divert->{Message};
+ push @body, $r->_ch('gen_postmainpage_form', $params);
} elsif ($kind =~ m/^MAINPAGEONLY$/) {
$title = $r->_gt('Entering secure site.');
push @body, $divert->{Message};
@@ -1184,13 +1204,13 @@ sub _blind ($$) {
my $mask = $r->_random(($l+1)>>1);
$mask = substr $mask, 0, $l;
my $blound = $r->_blind_combine($in, $mask);
- return "$blound/$mask";
+ return "$blound.$mask";
}
sub _unblind ($$) {
my ($r, $in) = @_;
return $in unless $in;
- my ($blound,$mask) = ($in =~ m#^(.*)/([0-9a-f]+)$#) or die "$in ?";
+ my ($blound,$mask) = ($in =~ m#^(.*)\.([0-9a-f]+)$#) or die "$in ?";
my $l = $r->_blind_len($blound);
$l == length($mask) or die "$in ?";
return $r->_blind_combine($blound, $mask);
@@ -1368,7 +1388,7 @@ sub check_nonpage ($$) {
my ($r, $reqtype) = @_;
$r->_assert_checked();
return unless $r->resource_get_needs_secret_hidden($reqtype);
- return if $r->{ParmT};
+ return if $r->{ParmT} eq 'y';
die "missing hidden secret parameter on nonpage request $reqtype";
}