1 /* 2 * libwebsockets - small server side websockets and web server implementation 3 * 4 * Copyright (C) 2010 - 2019 Andy Green <andy@warmcat.com> 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining a copy 7 * of this software and associated documentation files (the "Software"), to 8 * deal in the Software without restriction, including without limitation the 9 * rights to use, copy, modify, merge, publish, distribute, sublicense, and/or 10 * sell copies of the Software, and to permit persons to whom the Software is 11 * furnished to do so, subject to the following conditions: 12 * 13 * The above copyright notice and this permission notice shall be included in 14 * all copies or substantial portions of the Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS 22 * IN THE SOFTWARE. 23 */ 24 25 #define LWS_DLL 26 #define LWS_INTERNAL 27 #include <libwebsockets.h> 28 29 #include <sqlite3.h> 30 #include <string.h> 31 32 #define LWSGS_VERIFIED_ACCEPTED 100 33 34 enum { 35 FGS_USERNAME, 36 FGS_PASSWORD, 37 FGS_PASSWORD2, 38 FGS_EMAIL, 39 FGS_REGISTER, 40 FGS_GOOD, 41 FGS_BAD, 42 FGS_REG_GOOD, 43 FGS_REG_BAD, 44 FGS_ADMIN, 45 FGS_FORGOT, 46 FGS_FORGOT_GOOD, 47 FGS_FORGOT_BAD, 48 FGS_FORGOT_POST_GOOD, 49 FGS_FORGOT_POST_BAD, 50 FGS_CHANGE, 51 FGS_CURPW, 52 FGS_DELETE, 53 }; 54 55 struct lwsgs_user { 56 char username[32]; 57 char ip[16]; 58 lwsgw_hash pwhash; 59 lwsgw_hash pwsalt; 60 lwsgw_hash token; 61 time_t created; 62 time_t last_forgot_validated; 63 char email[100]; 64 int verified; 65 }; 66 67 struct per_vhost_data__gs { 68 lws_abs_t *smtp_client; 69 struct lwsgs_user u; 70 lws_token_map_t transport_tokens[3]; 71 lws_token_map_t protocol_tokens[2]; 72 char helo[64], ip[64]; 73 struct lws_context *context; 74 char session_db[256]; 75 char admin_user[32]; 76 char urlroot[48]; 77 char confounder[32]; 78 char email_contact_person[128]; 79 char email_title[128]; 80 char email_template[128]; 81 char email_confirm_url[128]; 82 char email_from[128]; 83 lwsgw_hash admin_password_sha256; 84 sqlite3 *pdb; 85 int timeout_idle_secs; 86 int timeout_absolute_secs; 87 int timeout_anon_absolute_secs; 88 int timeout_email_secs; 89 time_t last_session_expire; 90 }; 91 92 struct per_session_data__gs { 93 struct lws_spa *spa; 94 lwsgw_hash login_session; 95 lwsgw_hash delete_session; 96 unsigned int login_expires; 97 char onward[256]; 98 char result[500 + LWS_PRE]; 99 char urldec[500 + LWS_PRE]; 100 int result_len; 101 char ip[46]; 102 struct lws_process_html_state phs; 103 int spos; 104 char check_response_value; 105 106 unsigned int logging_out:1; 107 unsigned int check_response:1; 108 }; 109 110 /* utils.c */ 111 112 int 113 lwsgs_lookup_callback_user(void *priv, int cols, char **col_val, 114 char **col_name); 115 void 116 lwsgw_cookie_from_session(lwsgw_hash *sid, time_t expires, char **p, char *end); 117 int 118 lwsgs_get_sid_from_wsi(struct lws *wsi, lwsgw_hash *sid); 119 int 120 lwsgs_lookup_session(struct per_vhost_data__gs *vhd, 121 const lwsgw_hash *sid, char *username, int len); 122 int 123 lwsgs_get_auth_level(struct per_vhost_data__gs *vhd, 124 const char *username); 125 int 126 lwsgs_check_credentials(struct per_vhost_data__gs *vhd, 127 const char *username, const char *password); 128 void 129 sha256_to_lwsgw_hash(unsigned char *hash, lwsgw_hash *shash); 130 unsigned int 131 lwsgs_now_secs(void); 132 int 133 lwsgw_check_admin(struct per_vhost_data__gs *vhd, 134 const char *username, const char *password); 135 int 136 lwsgs_hash_password(struct per_vhost_data__gs *vhd, 137 const char *password, struct lwsgs_user *u); 138 int 139 lwsgs_new_session_id(struct per_vhost_data__gs *vhd, 140 lwsgw_hash *sid, const char *username, int exp); 141 int 142 lwsgs_lookup_user(struct per_vhost_data__gs *vhd, 143 const char *username, struct lwsgs_user *u); 144 int 145 lwsgw_update_session(struct per_vhost_data__gs *vhd, 146 lwsgw_hash *hash, const char *user); 147 int 148 lwsgw_expire_old_sessions(struct per_vhost_data__gs *vhd); 149 150 151 /* handlers.c */ 152 153 int 154 lwsgs_handler_confirm(struct per_vhost_data__gs *vhd, struct lws *wsi, 155 struct per_session_data__gs *pss); 156 int 157 lwsgs_handler_forgot(struct per_vhost_data__gs *vhd, struct lws *wsi, 158 struct per_session_data__gs *pss); 159 int 160 lwsgs_handler_check(struct per_vhost_data__gs *vhd, struct lws *wsi, 161 struct per_session_data__gs *pss, const char *in); 162 int 163 lwsgs_handler_change_password(struct per_vhost_data__gs *vhd, struct lws *wsi, 164 struct per_session_data__gs *pss); 165 int 166 lwsgs_handler_forgot_pw_form(struct per_vhost_data__gs *vhd, struct lws *wsi, 167 struct per_session_data__gs *pss); 168 int 169 lwsgs_handler_register_form(struct per_vhost_data__gs *vhd, struct lws *wsi, 170 struct per_session_data__gs *pss); 171 172