Convert username and password to std::string. Fix crash in zmu because we can't convert null to std::string.
Isaac Connor
parent
001787d194
commit
edfaaf71ce
|
|
@ -129,7 +129,7 @@ bool User::canAccess(int monitor_id) {
|
|||
|
||||
// Function to load a user from username and password
|
||||
// Please note that in auth relay mode = none, password is NULL
|
||||
User *zmLoadUser(const char *username, const char *password) {
|
||||
User *zmLoadUser(const std::string &username, const std::string &password) {
|
||||
std::string escaped_username = zmDbEscapeString(username);
|
||||
|
||||
std::string sql = stringtf("SELECT `Id`, `Username`, `Password`, `Enabled`,"
|
||||
|
|
@ -146,9 +146,9 @@ User *zmLoadUser(const char *username, const char *password) {
|
|||
User *user = new User(dbrow);
|
||||
|
||||
if (
|
||||
(! password ) // relay type must be none
|
||||
(password.empty()) // relay type must be none
|
||||
||
|
||||
verifyPassword(username, password, user->getPassword()) ) {
|
||||
verifyPassword(username.c_str(), password.c_str(), user->getPassword()) ) {
|
||||
mysql_free_result(result);
|
||||
Info("Authenticated user '%s'", user->getUsername());
|
||||
return user;
|
||||
|
|
@ -156,7 +156,7 @@ User *zmLoadUser(const char *username, const char *password) {
|
|||
} // end if 1 result from db
|
||||
mysql_free_result(result);
|
||||
|
||||
Warning("Unable to authenticate user %s", username);
|
||||
Warning("Unable to authenticate user %s", username.c_str());
|
||||
return nullptr;
|
||||
} // end User *zmLoadUser(const char *username, const char *password)
|
||||
|
||||
|
|
@ -300,20 +300,20 @@ User *zmLoadAuthUser(const std::string &auth, const std::string &username, bool
|
|||
} // end User *zmLoadAuthUser( const std::string &auth, const std::string &username, bool use_remote_addr )
|
||||
|
||||
// Function to check Username length
|
||||
bool checkUser(const char *username) {
|
||||
if ( !username )
|
||||
bool checkUser(const std::string &username) {
|
||||
if (username.empty())
|
||||
return false;
|
||||
if ( strlen(username) > 32 )
|
||||
if (username.length() > 32)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
// Function to check password length
|
||||
bool checkPass(const char *password) {
|
||||
if ( !password )
|
||||
bool checkPass(const std::string &password) {
|
||||
if (password.empty())
|
||||
return false;
|
||||
if ( strlen(password) > 64 )
|
||||
if (password.length() > 64)
|
||||
return false;
|
||||
|
||||
return true;
|
||||
|
|
|
|||
|
|
@ -76,10 +76,10 @@ class User {
|
|||
void loadGroupPermissions();
|
||||
};
|
||||
|
||||
User *zmLoadUser(const char *username, const char *password=0);
|
||||
User *zmLoadUser(const std::string&username, const std::string &password="");
|
||||
User *zmLoadAuthUser(const std::string &auth, const std::string &user, bool use_remote_addr);
|
||||
User *zmLoadTokenUser(const std::string &jwt, bool use_remote_addr);
|
||||
bool checkUser(const char *username);
|
||||
bool checkPass(const char *password);
|
||||
bool checkUser(const std::string &username);
|
||||
bool checkPass(const std::string &password);
|
||||
|
||||
#endif // ZM_USER_H
|
||||
|
|
|
|||
14
src/zmu.cpp
14
src/zmu.cpp
|
|
@ -275,8 +275,8 @@ int main(int argc, char *argv[]) {
|
|||
bool have_colour = false;
|
||||
|
||||
char *zoneString = nullptr;
|
||||
char *username = nullptr;
|
||||
char *password = nullptr;
|
||||
std::string username;
|
||||
std::string password;
|
||||
char *auth = nullptr;
|
||||
std::string jwt_token_str = "";
|
||||
#if ZM_HAS_V4L2
|
||||
|
|
@ -458,12 +458,12 @@ int main(int argc, char *argv[]) {
|
|||
if ( jwt_token_str != "" ) {
|
||||
user = zmLoadTokenUser(jwt_token_str, false);
|
||||
} else if ( strcmp(config.auth_relay, "none") == 0 ) {
|
||||
if ( !username ) {
|
||||
if (username.empty()) {
|
||||
Error("Username must be supplied");
|
||||
exit_zmu(-1);
|
||||
}
|
||||
|
||||
if ( !checkUser(username)) {
|
||||
if (!checkUser(username)) {
|
||||
Error("Username greater than allowed 32 characters");
|
||||
exit_zmu(-1);
|
||||
}
|
||||
|
|
@ -471,14 +471,14 @@ int main(int argc, char *argv[]) {
|
|||
user = zmLoadUser(username);
|
||||
} else {
|
||||
|
||||
if ( !(username && password) && !auth ) {
|
||||
if ( !(!username.empty() && !password.empty()) && !auth ) {
|
||||
Error("Username and password or auth/token string must be supplied");
|
||||
exit_zmu(-1);
|
||||
}
|
||||
if ( auth ) {
|
||||
user = zmLoadAuthUser(auth, username, false);
|
||||
}
|
||||
if ( username && password ) {
|
||||
if ( !username.empty() && !password.empty() ) {
|
||||
if ( !checkUser(username)) {
|
||||
Error("username greater than allowed 32 characters");
|
||||
exit_zmu(-1);
|
||||
|
|
@ -495,7 +495,7 @@ int main(int argc, char *argv[]) {
|
|||
exit_zmu(-1);
|
||||
}
|
||||
if ( !ValidateAccess(user, mon_id, function) ) {
|
||||
Error("Insufficient privileges for user %s for requested function %x", username, function);
|
||||
Error("Insufficient privileges for user %s for requested function %x", username.c_str(), function);
|
||||
exit_zmu(-1);
|
||||
}
|
||||
} // end if auth
|
||||
|
|
|
|||
Loading…
Reference in New Issue