summaryrefslogtreecommitdiffstats
path: root/lib/remote/apiuser.cpp
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 12:34:54 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-28 12:34:54 +0000
commit0915b3ef56dfac3113cce55a59a5765dc94976be (patch)
treea8fea11d50b4f083e1bf0f90025ece7f0824784a /lib/remote/apiuser.cpp
parentInitial commit. (diff)
downloadicinga2-0915b3ef56dfac3113cce55a59a5765dc94976be.tar.xz
icinga2-0915b3ef56dfac3113cce55a59a5765dc94976be.zip
Adding upstream version 2.13.6.upstream/2.13.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'lib/remote/apiuser.cpp')
-rw-r--r--lib/remote/apiuser.cpp55
1 files changed, 55 insertions, 0 deletions
diff --git a/lib/remote/apiuser.cpp b/lib/remote/apiuser.cpp
new file mode 100644
index 0000000..2959d89
--- /dev/null
+++ b/lib/remote/apiuser.cpp
@@ -0,0 +1,55 @@
+/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */
+
+#include "remote/apiuser.hpp"
+#include "remote/apiuser-ti.cpp"
+#include "base/configtype.hpp"
+#include "base/base64.hpp"
+#include "base/tlsutility.hpp"
+#include "base/utility.hpp"
+
+using namespace icinga;
+
+REGISTER_TYPE(ApiUser);
+
+ApiUser::Ptr ApiUser::GetByClientCN(const String& cn)
+{
+ for (const ApiUser::Ptr& user : ConfigType::GetObjectsByType<ApiUser>()) {
+ if (user->GetClientCN() == cn)
+ return user;
+ }
+
+ return nullptr;
+}
+
+ApiUser::Ptr ApiUser::GetByAuthHeader(const String& auth_header)
+{
+ String::SizeType pos = auth_header.FindFirstOf(" ");
+ String username, password;
+
+ if (pos != String::NPos && auth_header.SubStr(0, pos) == "Basic") {
+ String credentials_base64 = auth_header.SubStr(pos + 1);
+ String credentials = Base64::Decode(credentials_base64);
+
+ String::SizeType cpos = credentials.FindFirstOf(":");
+
+ if (cpos != String::NPos) {
+ username = credentials.SubStr(0, cpos);
+ password = credentials.SubStr(cpos + 1);
+ }
+ }
+
+ const ApiUser::Ptr& user = ApiUser::GetByName(username);
+
+ /* Deny authentication if:
+ * 1) user does not exist
+ * 2) given password is empty
+ * 2) configured password does not match.
+ */
+ if (!user || password.IsEmpty())
+ return nullptr;
+ else if (user && !Utility::ComparePasswords(password, user->GetPassword()))
+ return nullptr;
+
+ return user;
+}
+