vos/metaobjects/misc/login.cc

Go to the documentation of this file.

/* $Id: login.cc,v 1.12 2003/07/23 00:17:27 reed Exp $ */


/* This file was generated by otd2cpp.pl

    Copyright (C) 2002 Peter Amstutz <tetron@interreality.org>

    This library is free software; you can redistribute it and/or
    modify it under the terms of the GNU Lesser General Public
    License as published by the Free Software Foundation; either
    version 2 of the License, or (at your option) any later version.

    This library is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    Lesser General Public License for more details.

    You should have received a copy of the GNU Lesser General Public
    License along with this library; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307  USA

*/

/** @file login.cc Code: a MetaObject for Login object types. */

#include <vos/corelibs/vos/vos.hh>
#include <vos/metaobjects/property/property.hh>
#include "login.hh"
#include "md5.hh"

class MD5;

/* Constructors */

LocalLogin::LocalLogin(MetaObject* s) : MetaObject(s) {
    addMessageHandler<LocalLogin>("misc:request-login", this, &LocalLogin::handleRequestLogin);
    addMessageHandler<LocalLogin>("misc:login-challenge-reply", this, &LocalLogin::handleLoginChallengeReply);
}

LocalLogin::~LocalLogin() {
}

RemoteLogin::RemoteLogin(MetaObject* s) : MetaObject(s) {
    addUpdateHandler<RemoteLogin>("misc:request-login-challenge", this, &RemoteLogin::handleRequestLoginChallenge);
    addUpdateHandler<RemoteLogin>("misc:login-result", this, &RemoteLogin::handleLoginResult);
}

RemoteLogin::~RemoteLogin() {
}

const string LocalLogin::getType() {
    return string("misc:login");
}

const string RemoteLogin::getType() {
    return string("misc:login");
}


/* Register extenders with libvos MetaFactory */
void RemoteLogin::registerExtenders() {
    static bool done = false;
    if(! done) {
    RemoteSite::addRemoteObjectExtension(typeid(RemoteLogin).name(), &RemoteLogin::new_RemoteLogin);
    RemoteSite::addRemoteObjectExtension("misc:login", &RemoteLogin::new_RemoteLogin);
    done = true;
    }
}


/* Message Handlers:  */

    /* TODO you might wantto override some of these methods in LocalLogin  and RemoteLogin */

    /* Handle message request-login */

void LocalLogin::handleRequestLogin(Message* m) {
    /* Fields in this message are:
        username (The username to authenticate)
    */

    /* Replies are:
        request-login-challenge (Challenge the requester with a random string.  ) Fields: nonce (  A random string.);
    */
        try {
            pREF(Message*, reply, new Message(),
                LocalVobject::initReply(this, reply, m, "misc:request-login-challenge");
                rREF(Vobject&, from, Vobject::findObjectFromRoot(m->getFrom()),

                     char s[64];
                     snprintf(s, sizeof(s), "%li", rand());
                     nonceMap[m->getSourceSite()].username = m->getField("username").value;
                     nonceMap[m->getSourceSite()].timestamp = time(0);
                     nonceMap[m->getSourceSite()].nonce = s;
                     reply->insertField(-1, "nonce", s);

                     from.sendMessage(reply);
                );
            );
        } catch(Message::NoSuchFieldError e) {
            /* A field wasn't found */
        }

}

    /* Handle message login-challenge-reply */

void LocalLogin::handleLoginChallengeReply(Message* m) {
    /* Fields in this message are:
        hash (The MD5 hash of the the user's password appended to the challenge string.  )
    */

    /* Replies are:
        login-result (The user is informed if they have been authenticated or no.  ) Fields: result (  "success" if the user was accepted, or some other string  describing the error.);
    */

        try {
            pREF(Message*, reply, new Message(),
                LocalVobject::initReply(this, reply, m, "misc:login-result");
                rREF(Vobject&, from, Vobject::findObjectFromRoot(m->getFrom()),

                     if(time(0) - nonceMap[m->getSourceSite()].timestamp > 60) {
                         reply->insertField(-1, "result", "Stale nonce (waited too long to reply).  Try again.");
                     } else {
                         string app = nonceMap[m->getSourceSite()].nonce;
                         try {
                             app += getPassword(nonceMap[m->getSourceSite()].username);
                             _MD5 md5;
                             md5.update((unsigned char*)app.c_str(), app.size());
                             md5.finalize();
                             if(m->getField("hash").value == md5.hex_digest()) {
                                 reply->insertField(-1, "result", "success");
                             } else {
                                 reply->insertField(-1, "result", "Bad username or password ");
                             }
                         } catch(BadUsernameError x) {
                             reply->insertField(-1, "result", string("Bad username or password ") + x.what());
                         }
                     }

                     string username = nonceMap[m->getSourceSite()].username;
                     nonceMap.erase(m->getSourceSite());

                     from.sendMessage(reply);

                     if(reply->getField("result").value == "success")
                         notifyAuthenticated(username, m->getSourceSite());
                );
            );
        } catch(Message::NoSuchFieldError e) {
            /* A field wasn't found */
        }

}

/* Remote Actuators: */

/* Do request-login. */

bool RemoteLogin::doRequestLogin(const string& username, const string& passwd) {
    success = false;
    password = passwd;

    pREF(Message*, m, new Message(),
         rREF(LocalSite&, ls, RemoteVobject::initFields(this, m, "misc:request-login", true),

              m->insertField(-1, "username", username);

              sendMessage(m);
              rREF(RemoteSite&, site, dynamic_cast<RemoteSite&>(getSite()),
                   pREF(Message*, n, ls.waitFor(m->getNonce(), &site), );
                  );
             );
        );
    return success;
}

/* Generators for factory */

MetaObject* RemoteLogin::new_RemoteLogin(MetaObject* s, const string& type) {
    return new RemoteLogin(s);
}

/* Handle request-login-challenge. */

void RemoteLogin::handleRequestLoginChallenge(Message* m) {
    try {
        pREF(Message*, p, new Message(),
             rREF(LocalSite&, ls, RemoteVobject::initFields(this, p, "misc:login-challenge-reply", true),

                  string nonce = m->getField("nonce").value;
                  nonce += password;
                  _MD5 md5;
                  md5.update((unsigned char*)nonce.c_str(), nonce.size());
                  md5.finalize();
                  p->insertField(-1, "hash", md5.hex_digest());

                  sendMessage(p);
                  rREF(RemoteSite&, site, dynamic_cast<RemoteSite&>(getSite()),
                       pREF(Message*, x, ls.waitFor(p->getNonce(), &site), );
                      );
                 );
            );
    } catch(Message::NoSuchFieldError) {}
}

void RemoteLogin::handleLoginResult(Message* m) {
    if(m->getField("result").value == "success") success=true;
}

---