090d4afcaf0482dfa3f5eaec25d915f1d4a9fa9e max Thu Jun 15 13:34:32 2017 -0700 Cleanup of hgSession to make the distinction between the login server and local server clearer in the code. Renaming and moving two functions from wikiLink to hdb, as at least one is not necessarily wikiLink-related and it's good to keep them together. Also adding a warning to hgSession.c (probably useless). refs #19632 and also see related tickets there. diff --git src/hg/lib/wikiLink.c src/hg/lib/wikiLink.c index b2c033d..fd98553 100644 --- src/hg/lib/wikiLink.c +++ src/hg/lib/wikiLink.c @@ -1,562 +1,543 @@ /* wikiLink - originally used to interoperate with a wiki site (share user identities). * With the Wiki Track removed these days, this file contains code related to user * authentication. * */ /* Copyright (C) 2014 The Regents of the University of California * See README in this or parent directory for licensing information. */ #include "common.h" #include "hash.h" #include "htmshell.h" #include "cheapcgi.h" #include "hgConfig.h" #include "hui.h" #include "md5.h" #include "web.h" #include "wikiLink.h" #include "base64.h" // Flag to indicate that loginValidateCookies has been called: static boolean alreadyAuthenticated = FALSE; // Set by loginValidateCookies, used by wikiLinkUserName static boolean authenticated = FALSE; // If we need to change some cookies, store cookie strings here in case loginValidateCookies // is called multiple times (e.g. validate before cookie-writing, then later write cookies) static struct slName *cookieStrings = NULL; char *loginSystemName() /* Return the wiki host specified in hg.conf, or NULL. Allocd here. */ { return cloneString(cfgOption(CFG_LOGIN_SYSTEM_NAME)); } boolean loginSystemEnabled() /* Return TRUE if login.systemName parameter is defined in hg.conf . */ { return (cfgOption(CFG_LOGIN_SYSTEM_NAME) != NULL); } boolean loginUseBasicAuth() /* Return TRUE if login.basicAuth is on in hg.conf . */ { return (cfgOptionBooleanDefault(CFG_LOGIN_BASICAUTH, FALSE)); } boolean wikiLinkEnabled() /* Return TRUE if all wiki.* parameters are defined in hg.conf . */ { return ((cfgOption(CFG_WIKI_HOST) != NULL) && (cfgOption(CFG_WIKI_USER_NAME_COOKIE) != NULL) && (cfgOption(CFG_WIKI_LOGGED_IN_COOKIE) != NULL)); } static char *wikiLinkLoggedInCookie() /* Return the cookie name specified in hg.conf as the wiki logged-in cookie, or a default. * Do not free result. */ { return cfgOptionDefault(CFG_WIKI_LOGGED_IN_COOKIE, "hgLoginIdKey"); } static char *wikiLinkUserNameCookie() /* Return the cookie name specified in hg.conf as the wiki user name cookie, or a default. * Do not free result.. */ { return cfgOptionDefault(CFG_WIKI_USER_NAME_COOKIE, "hgLoginUserName"); } static char *getLoginCookieSalt() /* Return the secret salt that we hash with userName to verify cookie key, NULL if undefined. */ { return cfgOption(CFG_LOGIN_COOKIE_SALT); } static uint getCookieIdxOrKey(char **retKey) /* The LoggedIn cookie value may be NULL, a number <idx>, or a long string <key>. * If value is NULL/empty, return 0 and set *retKey to NULL; * If value is just a number, return the number and set *retKey to NULL. * Otherwise return 0 and set *retKey to the cookie value. */ { uint idx = 0; char *key = NULL; char *cookieIdKeyStr = findCookieData(wikiLinkLoggedInCookie()); if (isNotEmpty(cookieIdKeyStr)) { if (isAllDigits(cookieIdKeyStr)) idx = (uint)atoll(cookieIdKeyStr); else key = cloneString(cookieIdKeyStr); } if (retKey) *retKey = key; return idx; } char *getCookieDomainString() /* Get a string that will look something like " domain=.ucsc.edu;" if central.domain * is defined, otherwise just "". Don't free result. */ { static char domainString[256]; char *domain = cloneString(cfgOption(CFG_CENTRAL_DOMAIN)); if (domain != NULL && strchr(domain, '.') != NULL) safef(domainString, sizeof(domainString), " domain=%s;", domain); else domainString[0] = '\0'; return domainString; } #define NO_EXPIRE_COOKIE_DATE "Thu, 31-Dec-2037 23:59:59 GMT" #define EXPIRED_COOKIE_DATE "Thu, 01-Jan-1970 00:00:00 GMT" struct slName *newCookieString(char *name, char *value) /* Return a cookie string that sets cookie to value if non-empty and * deletes/invalidates the cookie if value is empty or NULL. */ { char *domain = getCookieDomainString(); char cookieString[2048]; if (isNotEmpty(value)) // Set the cookie to value safef(cookieString, sizeof(cookieString), "%s=%s;%s path=/; expires="NO_EXPIRE_COOKIE_DATE, name, value, domain); else // Invalidate the cookie safef(cookieString, sizeof(cookieString), "%s=;%s path=/; expires="EXPIRED_COOKIE_DATE, name, domain); return slNameNew(cookieString); } static struct slName *wikiLinkUserNameCookieString(char *userName) /* Return a cookie string that sets userName cookie to userName if non-empty and * deletes/invalidates the cookie if empty/NULL. */ { return newCookieString(wikiLinkUserNameCookie(), cgiEncodeFull(userName)); } static struct slName *wikiLinkLoggedInCookieString(uint idx, char *key) /* Return a cookie string that sets ID cookie to key if key is non-empty, otherwise idx if > 0, * and deletes/invalidates the cookie if key is empty and idx is 0. */ { char newVal[1024]; if (isNotEmpty(key)) safef(newVal, sizeof(newVal), "%s", key); else if (idx > 0) safef(newVal, sizeof(newVal), "%u", idx); else newVal[0] = '\0'; return newCookieString(wikiLinkLoggedInCookie(), isNotEmpty(newVal) ? newVal : NULL); } static char *makeUserKey(char *userName, char *salt) /* Add salt to userName and hash. */ { char *userMd5 = md5HexForString(userName); char saltedBuf[1024]; safef(saltedBuf, sizeof(saltedBuf), "%s-%s", salt, userMd5); char *key = md5HexForString(saltedBuf); freeMem(userMd5); return key; } struct slName *loginLoginUser(char *userName, uint idx) /* Return cookie strings to set for user so we'll recognize that user is logged in. * Call this after validating userName's password. */ { alreadyAuthenticated = TRUE; authenticated = TRUE; cookieStrings = NULL; char *key = NULL; char *cookieSalt = getLoginCookieSalt(); if (isNotEmpty(cookieSalt)) key = makeUserKey(userName, cookieSalt); slAddHead(&cookieStrings, wikiLinkLoggedInCookieString(idx, key)); slAddHead(&cookieStrings, wikiLinkUserNameCookieString(userName)); return cookieStrings; } struct slName *loginLogoutUser() /* Return cookie strings to set (deleting the login cookies). */ { alreadyAuthenticated = TRUE; authenticated = FALSE; cookieStrings = NULL; slAddHead(&cookieStrings, wikiLinkLoggedInCookieString(0, NULL)); slAddHead(&cookieStrings, wikiLinkUserNameCookieString(NULL)); return cookieStrings; } static char *getLoginUserName() /* Get the (CGI-decoded) value of the login userName cookie. */ { char *userName = cloneString(findCookieData(wikiLinkUserNameCookie())); if (isNotEmpty(userName)) cgiDecodeFull(userName, userName, strlen(userName)); return userName; } static boolean loginIsRemoteClient() /* Return TRUE if wikiHost is non-empty and not the same as this host. */ { char *wikiHost = cfgOption(CFG_WIKI_HOST); return (isNotEmpty(wikiHost) && differentString(wikiHost, "HTTPHOST") && differentString(wikiHost, hHttpHost())); } static boolean idxIsValid(char *userName, uint idx) /* If login is local, return TRUE if idx is the same as hgcentral.gbMembers.idx for userName. * If remote, just return TRUE. */ { if (loginIsRemoteClient()) return TRUE; // Look up idx for userName in gbMembers and compare to idx struct sqlConnection *conn = hConnectCentral(); char query[512]; sqlSafef(query, sizeof(query), "select idx from gbMembers where userName='%s'", userName); uint memberIdx = (uint)sqlQuickLongLong(conn, query); hDisconnectCentral(&conn); return (idx == memberIdx); } static void sendNewCookies(char *userName, char *cookieSalt) /* Compute key from userName and cookieSalt, and add a cookie string with the new key. */ { char *newKey = makeUserKey(userName, cookieSalt); slAddHead(&cookieStrings, wikiLinkLoggedInCookieString(0, newKey)); slAddHead(&cookieStrings, wikiLinkUserNameCookieString(userName)); } struct slName *loginValidateCookies() /* Return possibly empty list of cookie strings for the caller to set. * If login cookies are obsolete but (formerly) valid, the results sets updated cookies. * If login cookies are present but invalid, the result deletes/expires the cookies. * Otherwise returns NULL (no change to cookies). */ { alreadyAuthenticated = TRUE; authenticated = FALSE; char *userName = getLoginUserName(); char *cookieKey = NULL; uint cookieIdx = getCookieIdxOrKey(&cookieKey); char *cookieSalt = getLoginCookieSalt(); if (userName && (cookieIdx > 0 || isNotEmpty(cookieKey))) { if (isNotEmpty(cookieSalt)) { if (cookieKey && sameString(makeUserKey(userName, cookieSalt), cookieKey)) { authenticated = TRUE; } else if (cfgOptionBooleanDefault(CFG_LOGIN_ACCEPT_ANY_ID, FALSE)) { // Don't perform any checks on the incoming cookie. authenticated = TRUE; // Replace with improved cookie, in preparation for when better security is enabled. sendNewCookies(userName, cookieSalt); } // TODO: change default to FALSE in v344 Jan 2017: else if (cfgOptionBooleanDefault(CFG_LOGIN_ACCEPT_IDX, TRUE) && idxIsValid(userName, cookieIdx)) { // Compare cookieIdx vs. gbMembers.idx (if login is local) -- a little more secure // than before, but might cause some trouble if a userName has different idx values // on different systems (e.g. RR vs genome-preview/genome-text). authenticated = TRUE; // Replace with improved cookie, in preparation for when better security is enabled. sendNewCookies(userName, cookieSalt); } } else { // hg.conf doesn't specify login.cookieSalt -- no checking. authenticated = TRUE; } if (!authenticated) { // Invalid key; delete cookies slAddHead(&cookieStrings, wikiLinkLoggedInCookieString(0, NULL)); slAddHead(&cookieStrings, wikiLinkUserNameCookieString(NULL)); } } return cookieStrings; } char *wikiLinkHost() /* Return the wiki host specified in hg.conf, or NULL. Allocd here. * Returns hostname from http request if hg.conf entry is HTTPHOST. * */ { char *wikiHost = cfgOption(CFG_WIKI_HOST); if (isEmpty(wikiHost) || sameString(wikiHost, "HTTPHOST")) wikiHost = hHttpHost(); return cloneString(wikiHost); } boolean loginUseHttps() /* Return TRUE unless https is disabled in hg.conf. */ { return cfgOptionBooleanDefault(CFG_LOGIN_USE_HTTPS, TRUE); } static char *loginUrl() /* Return the URL for the login host. */ { char buf[2048]; -safef(buf, sizeof(buf), "http%s://%s/cgi-bin/hgLogin", - loginUseHttps() ? "s" : "", wikiLinkHost()); +safef(buf, sizeof(buf), "%s/hgLogin", hLoginHostCgiBinUrl()); return cloneString(buf); } char* getHttpBasicToken() /* Return HTTP Basic Auth Token or NULL. Result has to be freed. */ { char *auth = getenv("HTTP_AUTHORIZATION"); // e.g. "Basic bwF4OmQxUglhanM=" if (auth==NULL) return NULL; char *token = cloneNotFirstWord(auth); if (isEmpty(token)) { fprintf(stderr, "wikiLinkc.: Illegal format of HTTP Authorization Header?"); return NULL; } return token; } void printTokenErrorAndExit() /* output an error message if http basic token is missing */ { printf("Internal error: this server has HTTP Basic Authentication enabled in cgi-bin/hg.conf:%s.<br>", CFG_LOGIN_BASICAUTH); puts("The Genome Browser cannot find an 'Authorization' header to the Genome Browser.<br>"); puts("This website should only be reachable through a https connection that requires username and password.<p>"); puts("If you have reached this website in a way that does not require a password, please contact your adminstrator.<p><p>"); puts("If this was the case, for the administrator: "); puts("Make sure that HTTP Basic Authentication is activated for the cgi-bin directory in the Apache Configuration. <p>"); puts("If it is and you are logged in, check that the CGI-BIN directory in Apache has these settings activated:<br>"); puts("<li>CGIPassAuth on' (Apache 2.4) <br>"); puts("<li>'SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0' (Apache 2.2).<br>"); puts("These settings tell Apache to forward credentials to CGIs. Do not forget to restart Apache after the changes.<p>"); exit(0); } boolean isValidUsername(char *s) /* Return TRUE if s is a valid username: only contains alpha chars, @, _ or - */ { char c = *s; while ((c = *s++) != 0) { if (!(isalnum(c) || (c == '_') || (c=='@') || (c=='-'))) return FALSE; } return TRUE; } char *basicAuthUser(char *token) /* get the HTTP Header 'Authorization', which is just the b64 encoded username:password, * and return the username. Result has to be freed. */ { // username:password is b64 encrypted char *tokenPlain = base64Decode(token, 0); // plain text is in format username:password char *words[2]; int wordCount = chopString(tokenPlain, ":", words, ArraySize(words)); if (wordCount!=2) errAbort("wikiLink/basicAuthUser: got illegal basic auth token"); char *user = words[0]; return user; } char *wikiLinkUserName() /* Return the user name specified in cookies from the browser, or NULL if * the user doesn't appear to be logged in. */ { if (loginUseBasicAuth()) { char *token = getHttpBasicToken(); //XX The following should be uncommented for security reasons //if (!token) //printTokenErrorAndExit(); // May 2017: Allowing normal login even when HTTP Basic is enabled. This may be insecure. // Keeping it insecure pending Jim's/Clay's approval, for backwards compatibility. if (token) return basicAuthUser(token); } if (loginSystemEnabled()) { if (! alreadyAuthenticated) loginValidateCookies(); if (authenticated) return cloneString(getLoginUserName()); } else if (wikiLinkEnabled()) { char *wikiUserName = findCookieData(wikiLinkUserNameCookie()); char *wikiLoggedIn = findCookieData(wikiLinkLoggedInCookie()); if (isNotEmpty(wikiLoggedIn) && isNotEmpty(wikiUserName)) return cloneString(wikiUserName); } else errAbort("wikiLinkUserName called when wiki is not enabled (specified " "in hg.conf)."); return NULL; } static char *encodedHgSessionReturnUrl(char *hgsid) /* Return a CGI-encoded hgSession URL with hgsid. Free when done. */ { char retBuf[1024]; -char *cgiDir = cgiScriptDirUrl(); -safef(retBuf, sizeof(retBuf), "http%s://%s%shgSession?hgsid=%s", - cgiAppendSForHttps(), cgiServerNamePort(), cgiDir, hgsid); +safef(retBuf, sizeof(retBuf), "%shgSession?hgsid=%s", + hLocalHostCgiBinUrl(), hgsid); return cgiEncode(retBuf); } //#*** TODO: replace all of the non-mediawiki "returnto"s here and in hgLogin.c with a #define char *wikiLinkUserLoginUrlReturning(char *hgsid, char *returnUrl) /* Return the URL for the wiki user login page. */ { char buf[2048]; if (loginSystemEnabled()) { safef(buf, sizeof(buf), "%s?hgLogin.do.displayLoginPage=1&returnto=%s", loginUrl(), returnUrl); } else { if (! wikiLinkEnabled()) errAbort("wikiLinkUserLoginUrl called when wiki is not enabled (specified " "in hg.conf)."); + // The following line of code is not used at UCSC anymore since 2014 safef(buf, sizeof(buf), "http://%s/index.php?title=Special:UserloginUCSC&returnto=%s", wikiLinkHost(), returnUrl); } return(cloneString(buf)); } char *wikiLinkUserLoginUrl(char *hgsid) /* Return the URL for the wiki user login page with return going to hgSessions. */ { char *retUrl = encodedHgSessionReturnUrl(hgsid); char *result = wikiLinkUserLoginUrlReturning(hgsid, retUrl); freez(&retUrl); return result; } char *wikiLinkUserLogoutUrlReturning(char *hgsid, char *returnUrl) /* Return the URL for the wiki user logout page. */ { char buf[2048]; if (loginSystemEnabled()) { safef(buf, sizeof(buf), "%s?hgLogin.do.displayLogout=1&returnto=%s", loginUrl(), returnUrl); } else { if (! wikiLinkEnabled()) errAbort("wikiLinkUserLogoutUrl called when wiki is not enable (specified " "in hg.conf)."); safef(buf, sizeof(buf), "http://%s/index.php?title=Special:UserlogoutUCSC&returnto=%s", wikiLinkHost(), returnUrl); } return(cloneString(buf)); } char *wikiLinkUserLogoutUrl(char *hgsid) /* Return the URL for the wiki user logout page that returns to hgSessions. */ { char *retEnc = encodedHgSessionReturnUrl(hgsid); char *result = wikiLinkUserLogoutUrlReturning(hgsid, retEnc); freez(&retEnc); return result; } char *wikiLinkUserSignupUrl(char *hgsid) /* Return the URL for the user signup page. */ { char buf[2048]; char *retEnc = encodedHgSessionReturnUrl(hgsid); if (loginSystemEnabled()) { safef(buf, sizeof(buf), "%s?hgLogin.do.signupPage=1&returnto=%s", loginUrl(), retEnc); } else { if (! wikiLinkEnabled()) errAbort("wikiLinkUserLogoutUrl called when wiki is not enable (specified " "in hg.conf)."); safef(buf, sizeof(buf), "http://%s/index.php?title=Special:UserlogoutUCSC&returnto=%s", wikiLinkHost(), retEnc); } freez(&retEnc); return(cloneString(buf)); } char *wikiLinkChangePasswordUrl(char *hgsid) /* Return the URL for the user change password page. */ { char buf[2048]; char *retEnc = encodedHgSessionReturnUrl(hgsid); if (loginSystemEnabled()) { safef(buf, sizeof(buf), "%s?hgLogin.do.changePasswordPage=1&returnto=%s", loginUrl(), retEnc); } else { if (! wikiLinkEnabled()) errAbort("wikiLinkUserLogoutUrl called when wiki is not enable (specified " "in hg.conf)."); safef(buf, sizeof(buf), "http://%s/index.php?title=Special:UserlogoutUCSC&returnto=%s", wikiLinkHost(), retEnc); } freez(&retEnc); return(cloneString(buf)); } -char *wikiServerAndCgiDir() -/* return the current full absolute URL up to the CGI name, like - * http://genome.ucsc.edu/cgi-bin/. If login.relativeLink=on is - * set, return only the empty string. Takes care of of non-root location of cgi-bin - * and https. Result has to be free'd. */ -{ -boolean relativeLink = cfgOptionBooleanDefault(CFG_LOGIN_RELATIVE, FALSE); -if (relativeLink) - return cloneString(""); - -char *cgiDir = cgiScriptDirUrl(); -char buf[2048]; -char *hgLoginHost = cgiServerNamePort(); -safef(buf, sizeof(buf), "http%s://%s%s", cgiAppendSForHttps(), hgLoginHost, cgiDir); - -return cloneString(buf); -} - void wikiFixLogoutLinkWithJs() /* HTTP Basic Auth requires a strange hack to logout. This code prints a script * that fixes an html link with id=logoutLink */ { struct dyString *dy = dyStringNew(4096); // logoutJs.h is a stringified .js file #include "logoutJs.h" dyStringAppend(dy, cdwLogoutJs); dyStringPrintf(dy, "$('#logoutLink').click( function() { logout('/', 'http://cirm.ucsc.edu'); return false; });\n"); jsInline(dy->string); dyStringFree(&dy); printf("<script src='//cdnjs.cloudflare.com/ajax/libs/bowser/1.6.1/bowser.min.js'></script>"); }