From 56ae875861ab260b80a030f50c4aff9f9dc8fff0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 13 Apr 2024 13:32:39 +0200 Subject: Adding upstream version 2.14.2. Signed-off-by: Daniel Baumann --- lib/remote/apiuser.cpp | 55 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 lib/remote/apiuser.cpp (limited to 'lib/remote/apiuser.cpp') diff --git a/lib/remote/apiuser.cpp b/lib/remote/apiuser.cpp new file mode 100644 index 0000000..2959d89 --- /dev/null +++ b/lib/remote/apiuser.cpp @@ -0,0 +1,55 @@ +/* Icinga 2 | (c) 2012 Icinga GmbH | GPLv2+ */ + +#include "remote/apiuser.hpp" +#include "remote/apiuser-ti.cpp" +#include "base/configtype.hpp" +#include "base/base64.hpp" +#include "base/tlsutility.hpp" +#include "base/utility.hpp" + +using namespace icinga; + +REGISTER_TYPE(ApiUser); + +ApiUser::Ptr ApiUser::GetByClientCN(const String& cn) +{ + for (const ApiUser::Ptr& user : ConfigType::GetObjectsByType()) { + if (user->GetClientCN() == cn) + return user; + } + + return nullptr; +} + +ApiUser::Ptr ApiUser::GetByAuthHeader(const String& auth_header) +{ + String::SizeType pos = auth_header.FindFirstOf(" "); + String username, password; + + if (pos != String::NPos && auth_header.SubStr(0, pos) == "Basic") { + String credentials_base64 = auth_header.SubStr(pos + 1); + String credentials = Base64::Decode(credentials_base64); + + String::SizeType cpos = credentials.FindFirstOf(":"); + + if (cpos != String::NPos) { + username = credentials.SubStr(0, cpos); + password = credentials.SubStr(cpos + 1); + } + } + + const ApiUser::Ptr& user = ApiUser::GetByName(username); + + /* Deny authentication if: + * 1) user does not exist + * 2) given password is empty + * 2) configured password does not match. + */ + if (!user || password.IsEmpty()) + return nullptr; + else if (user && !Utility::ComparePasswords(password, user->GetPassword())) + return nullptr; + + return user; +} + -- cgit v1.2.3