Index: openacs.org-dev/packages/acs-tcl/tcl/security-procs.tcl =================================================================== RCS file: /usr/local/cvsroot/openacs.org-dev/packages/acs-tcl/tcl/security-procs.tcl,v diff -u -r1.1.1.1 -r1.1.1.2 --- openacs.org-dev/packages/acs-tcl/tcl/security-procs.tcl 9 Jul 2002 17:34:59 -0000 1.1.1.1 +++ openacs.org-dev/packages/acs-tcl/tcl/security-procs.tcl 8 Oct 2002 15:46:50 -0000 1.1.1.2 @@ -67,9 +67,14 @@ Reads the security cookies, setting fields in ad_conn accordingly. } { + + # ns_log notice "OACS= sec_handler: enter" if { [catch { set cookie_list [ad_get_signed_cookie_with_expr "ad_session_id"] } errmsg ] } { + + # ns_log notice "OACS= sec_handler:ad_get_signed_cookie failed $errmsg" + # cookie is invalid because either: # -> it was never set # -> it failed the cryptographic check @@ -81,14 +86,16 @@ catch { set new_user_id [ad_get_signed_cookie "ad_user_login"] } + # ns_log notice "OACS= sec_handler:http, ad_user_login cookie user_id $new_user_id" } else { catch { set new_user_id [lindex [split [ad_get_signed_cookie "ad_user_login_secure"] {,}] 0] } + # ns_log notice "OACS= sec_handler:https, ad_user_login_secure cookie user_id $new_user_id" } - # ns_log Notice "OACS= setting up session" + # ns_log Notice "OACS= sec_handler:setting up session" sec_setup_session $new_user_id - # ns_log Notice "OACS= done setting up session" + # ns_log Notice "OACS= sec_handler:done setting up session" } else { # The session already exists and is valid. set cookie_data [split [lindex $cookie_list 0] {,}] @@ -97,19 +104,42 @@ set session_id [lindex $cookie_data 0] set user_id [lindex $cookie_data 1] + # ns_log notice "OACS= sec_handler:sess exists & is valid" + # ns_log notice "OACS= sec_handler:cookie: $cookie_list, exp: $session_expr" + # ns_log notice "OACS= sec_handler:sess_id: $session_id, user_id: $user_id" + # If it's a secure page and not a login page, we check # secure token (can't check login page because they aren't # issued their secure tokens until after they pass through) # It is important to note that the entire secure login # system depends on these two functions if { [ad_secure_conn_p] && ![ad_login_page] } { - if { [catch { set sec_token [split [ad_get_signed_cookie "ad_secure_token"] {,}] }] } { + + # ns_log notice "OACS= sec_handler:secure but not login page" + + if { [catch { set sec_token [split [ad_get_signed_cookie "ad_secure_token"] {,}] } errmsg] } { # token is incorrect or nonexistent, so we force relogin. - ad_returnredirect "/register/index?return_url=[ns_urlencode [ad_conn url]?[ad_conn query]]" - return filter_break + + # cro@ncacasi.org 2002-08-01 + # but wait--does user have an ad_user_login_secure cookie? + # If so, just generate a secure token because he + # can't have that cookie unless he had logged in securely + # at some time in the past. + # So just call sec_setup_session to generate a new token. + # Otherwise, force a trip to /register + if { [catch { + set new_user_id [lindex [split [ad_get_signed_cookie "ad_user_login_secure"] {,}] 0] }] } { +# ns_log notice "OACS= sec_handler:token invalid $errmsg" + + ad_returnredirect "/register/index?return_url=[ns_urlencode [ad_conn url]?[ad_conn query]]" + return filter_break + } else { + sec_setup_session $new_user_id + } } else { # need to check only one of the user_id and session_id # if the cookie had been tampered. +# ns_log notice "OACS= sec_handler:token ok, $sec_token $session_id" if { ![string match [lindex $sec_token 0] $session_id] } { ad_returnredirect "/register/index?return_url=[ns_urlencode [ad_conn url]?[ad_conn query]]" return filter_break @@ -259,7 +289,7 @@ # ns_log Notice "OACS= done generating session id cookie" - if { [ad_secure_conn_p] } { + if { [ad_secure_conn_p] && $new_user_id != 0 } { # this is a secure session, so the browser needs # a cookie marking it as such sec_generate_secure_token_cookie @@ -446,21 +476,33 @@ } ad_proc -public -deprecated ad_get_user_id {} { - Gets the user ID. 0 indicates the user is not logged in + Gets the user ID. 0 indicates the user is not logged in. + + Deprecated since user_id now provided via ad_conn user_id + + @see ad_conn } { return [ad_conn user_id] } ad_proc -public -deprecated ad_verify_and_get_user_id { { -secure f } } { Returns the current user's ID. 0 indicates user is not logged in + + Deprecated since user_id now provided via ad_conn user_id + + @see ad_conn } { return [ad_conn user_id] } ad_proc -public -deprecated ad_verify_and_get_session_id { { -secure f } } { Returns the current session's ID. + Deprecated since session_id now provided via ad_conn session_id + @param secure is ignored + + @see ad_conn } { return [ad_conn session_id] } @@ -471,6 +513,8 @@ Pages that are consider whether to display a user's name or email address should test to make sure that a user's priv_ from the database is less than or equal to what ad_privacy_threshold returns. + + Now deprecated. } { set session_user_id [ad_get_user_id] if {$session_user_id == 0} { @@ -534,6 +578,9 @@ ad_script_abort } +# JCD 20020915 I think this probably should not be deprecated since it is +# far more reliable than permissioning esp for a development server + ad_proc -public -deprecated ad_restrict_entire_server_to_registered_users {conn args why} { A preauth filter that will halt service of any page if the user is unregistered, except the site index page and stuff underneath @@ -572,9 +619,10 @@ ad_proc -public -deprecated ad_block_sql_urls {conn args why} { A filter that detect attempts to smuggle in SQL code through form data - variables. The use of bind variables to prevent SQL smuggling is - preferred. + variables. The use of bind variables and ad_page_contract input + validation to prevent SQL smuggling is preferred. + @see ad_page_contract } { set form [ns_getform] if [empty_string_p $form] { return filter_ok } @@ -712,6 +760,7 @@ ad_page_contract is the preferred mechanism to do automated validation of form variables. + @see ad_page_contract } { ad_register_filter postauth GET $url_pattern ad_set_typed_form_variables $args ad_register_filter postauth POST $url_pattern ad_set_typed_form_variables $args