cpp/src/Glacier2CryptPermissionsVerifier/CryptPermissionsVerifierI.cpp


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184

// **********************************************************************
//
// Copyright (c) 2003-2015 ZeroC, Inc. All rights reserved.
//
// This copy of Ice is licensed to you under the terms described in the
// ICE_LICENSE file included in this distribution.
//
// **********************************************************************

#include <Glacier2/PermissionsVerifier.h>
#include <IceUtil/IceUtil.h>
#include <Ice/Ice.h>

#include <IceUtil/FileUtil.h>
#include <IceUtil/StringUtil.h>

#ifndef __APPLE__
#   include <openssl/des.h>
#endif

using namespace std;
using namespace Ice;
using namespace Glacier2;

namespace
{

class CryptPermissionsVerifierI : public PermissionsVerifier, public IceUtil::Mutex
{
public:

    CryptPermissionsVerifierI(const map<string, string>&);

    virtual bool checkPermissions(const string&, const string&, string&, const Ice::Current&) const;

private:

    const map<string, string> _passwords;
};

class CryptPermissionsVerifierPlugin : public Ice::Plugin
{
public:

    CryptPermissionsVerifierPlugin(const CommunicatorPtr&);
    
    virtual void initialize();
    virtual void destroy();

private:
    
    CommunicatorPtr _communicator;
};


map<string, string>
retrievePasswordMap(const string& file)
{
    IceUtilInternal::ifstream passwordFile(file);
    if(!passwordFile)
    {
        string err = IceUtilInternal::lastErrorToString();
        throw Ice::InitializationException(__FILE__, __LINE__, "cannot open `" + file + "' for reading: " + err);
    }
    map<string, string> passwords;

    while(true)
    {
        string userId;
        passwordFile >> userId;
        if(!passwordFile)
        {
            break;
        }

        string password;
        passwordFile >> password;
        if(!passwordFile)
        {
            break;
        }

        assert(!userId.empty());
        assert(!password.empty());
        passwords.insert(make_pair(userId, password));
    }
    return passwords;
}

CryptPermissionsVerifierI::CryptPermissionsVerifierI(const map<string, string>& passwords) :
    _passwords(passwords)
{
}

bool
CryptPermissionsVerifierI::checkPermissions(const string& userId, const string& password, string&, const Current&) const
{
    IceUtil::Mutex::Lock sync(*this);

    map<string, string>::const_iterator p = _passwords.find(userId);

    if(p == _passwords.end())
    {
        return false;
    }

    if(p->second.size() != 13) // Crypt passwords are 13 characters long.
    {
        return false;
    }

    char buff[14];
    string salt = p->second.substr(0, 2);
#if defined(__APPLE__)
    return p->second == crypt(password.c_str(), salt.c_str());
#else
#   if OPENSSL_VERSION_NUMBER >= 0x0090700fL
    DES_fcrypt(password.c_str(), salt.c_str(), buff);
#   else
    des_fcrypt(password.c_str(), salt.c_str(), buff);
#   endif
#endif
    return p->second == buff;
}


CryptPermissionsVerifierPlugin::CryptPermissionsVerifierPlugin(const CommunicatorPtr& communicator) :
    _communicator(communicator)
{
}

void
CryptPermissionsVerifierPlugin::initialize()
{
    const string prefix = "Glacier2CryptPermissionsVerifier.";
    const PropertyDict props = _communicator->getProperties()->getPropertiesForPrefix(prefix);
  
    if(!props.empty())
    {
        ObjectAdapterPtr adapter = _communicator->createObjectAdapter(""); // colloc-only adapter
        
        // Each prop represents a property to set + the associated password file
        
        for(PropertyDict::const_iterator p = props.begin(); p != props.end(); ++p)
        {
            string name = p->first.substr(prefix.size());
            Identity id;
            id.name = IceUtil::generateUUID();
            id.category = "Glacier2CryptPermissionsVerifier";
            ObjectPrx prx = adapter->add(new CryptPermissionsVerifierI(retrievePasswordMap(p->second)), id);
            _communicator->getProperties()->setProperty(name, _communicator->proxyToString(prx));  
        }
        
        adapter->activate();
    }
}

void
CryptPermissionsVerifierPlugin::destroy()
{
}

}

//
// Plug-in factory function.
//
extern "C"
{

ICE_DECLSPEC_EXPORT Ice::Plugin*
createCryptPermissionsVerifier(const CommunicatorPtr& communicator, const string& name, const StringSeq& args)
{
    if(args.size() > 0)
    {
        Error out(communicator->getLogger());
        out << "Plugin " << name << ": too many arguments";
        return 0;
    }
    
    return new CryptPermissionsVerifierPlugin(communicator);
}

}