winix/winixd/core/sessionmanager.cpp

/*
 * This file is a part of Winix
 * and is distributed under the 2-Clause BSD licence.
 * Author: Tomasz Sowa <t.sowa@ttmath.org>
 */

/* 
 * Copyright (c) 2008-2019, Tomasz Sowa
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 
 * 1. Redistributions of source code must retain the above copyright notice,
 * this list of conditions and the following disclaimer.
 * 
 * 2. Redistributions in binary form must reproduce the above copyright
 * notice, this list of conditions and the following disclaimer in the
 * documentation and/or other materials provided with the distribution.
 * 
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 * 
 */
 
#include <sys/stat.h>
#include <limits>
#include "sessionmanager.h"
#include "request.h"
#include "log.h"
#include "session.h"
#include "sessionparser.h"
#include "functions/functionbase.h"



namespace Winix
{




SessionManager::SessionManager()
{
	config = nullptr;
	cur = nullptr;
	system = nullptr;
	last_container = nullptr;

	current_ip_ban = nullptr;

	temporary_session.id = 0;
	session = &temporary_session;
	session_tab.SetTmpSession(&temporary_session);

	// thread work mode
	work_mode = 1;

	// for another thread
	deleted = 0;
}


void SessionManager::SetCur(Cur * pcur)
{
	cur = pcur;
	session_tab.SetCur(pcur);
}


void SessionManager::SetSystem(System * psystem)
{
	system = psystem;
}


void SessionManager::SetLastContainer(LastContainer * plast_container)
{
	last_container = plast_container;
}


void SessionManager::set_dependency(WinixModelDeprecated * winix_model)
{
	WinixModelDeprecated::set_dependency(winix_model);
	session_tab.set_dependency(winix_model);
	session_id_manager.set_dependency(winix_model);
}



void SessionManager::InitBanList()
{
	ban_tab.SetMaxSize(config->ban_list_soft_max_size, config->ban_list_max_size);
}


void SessionManager::InitCookieEncoding()
{
	if( config->session_cookie_encode && !config->session_keys_file.empty() )
		session_id_manager.Init(config->session_keys_file);

	session_id_manager.SetKeyRenewTime(config->session_key_renew_time);
}






size_t SessionManager::Size()
{
	return session_tab.Size();
}


bool SessionManager::IsSession(long id)
{
	if( session_tab.FindById(id) == session_tab.End() )
		return false;

return true;
}


bool SessionManager::EncodeSessionId(long id, unsigned int index, std::wstring & str)
{
	return session_id_manager.EncodeToken((size_t)id, index, cur->request->start_time, str);
}


/*
 * IMPROVE ME we need a better algorithm
 */
long SessionManager::CreateSessionId()
{
long id;
	
	// make sure to call std::srand() somewhere at the beginning
	// id must be != 0 (0 is reserved)
	do
	{
		if( sizeof(long) == 8 )
		{
			id = (((unsigned long)std::rand()) << 32) + std::rand();
		}
		else
		{
			id = std::rand();
		}
		
		id += std::time(0);
		
		if( id < 0 )
			id = -id;
		
	}
	while( id == 0 ); // 0 reserved for a temporary session

	
return id;
}




void SessionManager::CreateSession()
{
int attempts = 100;
SessionContainer::Iterator i = session_tab.End();

	if( config->session_max == 0 || session_tab.Size() < config->session_max )
	{
		for( ; i == session_tab.End() && attempts > 0 ; --attempts )
		{
			long id = CreateSessionId();
			i = session_tab.AddSession(id);	
		}
	}
	else
	{
		main_log << log2 << "SM: sessions limit exceeded (" << config->session_max << ")" << logend;
	}

	if( i != session_tab.End() )
	{
		session = &(*i);
		session->new_session = true;
		session->SetTimesTo(cur->request->start_time);
		session->id_index = (unsigned int)session->id;
		session->id_index += std::rand();

		main_log << log2 << "SM: created a new session: " << session->id << logend;
	}
	else
	{
		// there is a problem with generating a new session id
		main_log << log1 << "SM: cannot create a session id" << logend;
	}
}


void SessionManager::SetTemporarySession()
{
	session = &temporary_session;
	session->Clear(false);
	session->SetTimesTo(cur->request->start_time);
	session->new_session = false; // temporary session was initialized at the beginning

	main_log << log2 << "SM: using temporary session" << logend;
}


unsigned int SessionManager::CalculateIndexDifference(Session & ses, unsigned int index)
{
unsigned int difference;

	if( index > ses.id_index )
		difference = std::numeric_limits<unsigned int>::max() - index + ses.id_index + 1;
	else
		difference = ses.id_index - index;

return difference;
}


void SessionManager::SetSessionPutLogInfo(Session & ses, bool has_index, unsigned int difference)
{
	main_log << log2 << "SM: session: " << ses.id;

	if( has_index )
		main_log << ", index difference: " << (size_t)difference;

	if( ses.puser )
		main_log << log2 << ", user: " << ses.puser->login << ", id: " << ses.puser->id;

	main_log << log2 << logend;
}



void SessionManager::IncrementBanLevel(IPBan * ip_ban)
{
	ip_ban->SetFlag(WINIX_IPBAN_FLAG_ACTIVE);

	ip_ban->IncrementBanLevel(cur->request->start_time + (time_t)config->ban_level_1_delay,
							  cur->request->start_time + (time_t)config->ban_level_2_delay,
							  cur->request->start_time + (time_t)config->ban_level_3_delay);

	pt::Date date(ip_ban->expires);
	main_log << log2 << "SM: this IP address has been banned to: " << date << " UTC" << logend;
}


void SessionManager::SetFirstExpirationTime(IPBan * ip_ban)
{
	time_t expiry = cur->request->start_time + (time_t)config->ban_level_1_delay;

	if( ip_ban->expires < expiry )
		ip_ban->expires = expiry;
}



void SessionManager::BrokenCookieCheckBan()
{
	if( !current_ip_ban )
		current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);

	if( current_ip_ban->broken_encoded_cookie_events < config->broken_encoded_cookie_treshold )
	{
		current_ip_ban->broken_encoded_cookie_events += 1;
		SetFirstExpirationTime(current_ip_ban);
	}
	else
	{
		main_log << log2 << "SM: too many incorrect encoded cookies were sent from this IP" << logend;
		IncrementBanLevel(current_ip_ban);
	}
}


void SessionManager::IncorrectSessionCheckBan()
{
	if( !current_ip_ban )
		current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);

	if( current_ip_ban->session_hijacking_events < config->session_hijacking_treshold )
	{
		current_ip_ban->session_hijacking_events += 1;
		SetFirstExpirationTime(current_ip_ban);
	}
	else
	{
		main_log << log2 << "SM: too many incorrect sessions identifiers were sent from this IP" << logend;
		IncrementBanLevel(current_ip_ban);
	}
}



void SessionManager::NoSessionCookieWasSent()
{
	if( !current_ip_ban )
		current_ip_ban = &AddIPToBanList(cur->request->ip, cur->request->start_time);

	if( current_ip_ban->no_session_cookie_events < config->no_session_cookie_treshold )
	{
		current_ip_ban->no_session_cookie_events += 1;
		SetFirstExpirationTime(current_ip_ban);
	}
	else
	{
		main_log << log2 << "SM: too many times you have not sent a session cookie" << logend;

		if( config->no_session_cookie_ban_mode == 1 )
			IncrementBanLevel(current_ip_ban);
	}
}



bool SessionManager::IsSessionCorrect(long id, bool has_index, unsigned int index,
									  const SessionContainer::Iterator & s, unsigned int & difference)
{
	difference = 0;

	if( id == 0 )
	{
		main_log << log3 << "SM: id 0 is reserved for the temporary session" << logend;
		IncorrectSessionCheckBan();
		return false;
	}

	if( s == session_tab.End() )
	{
		main_log << log3 << "SM: there is no a session with id: " << id << logend;
		IncorrectSessionCheckBan();
		return false;
	}

	if( s->remove_me )
	{
		main_log << log3 << "SM: session: " << id << " is marked for removing" << logend;
		return false;
	}
	
	if( has_index )
	{
		difference = CalculateIndexDifference(*s, index);

		if( (size_t)difference > config->session_allow_index_difference )
		{
			main_log << log2 << "SM: an incorrect session index for session: " << id
				<< ", index difference: " << (size_t)difference << logend;

			IncorrectSessionCheckBan();
			return false;
		}
	}

return true;
}


bool SessionManager::SetSessionFromCookie(long id, bool has_index, unsigned int index)
{
unsigned int difference;
bool is_session_correct;

	SessionContainer::Iterator s = session_tab.FindById(id);
	is_session_correct = IsSessionCorrect(id, has_index, index, s, difference);

	if( is_session_correct )
	{
		session              = &(*s);
		session->new_session = false;
		session->last_time   = cur->request->start_time;
		session->last_date   = cur->request->start_date;

		if( session->id_index_changed + config->session_index_time_increment < cur->request->start_time )
		{
			session->id_index += 1;
			session->id_index_changed = cur->request->start_time;
		}

		if( cur->request->method == Request::get )
			session->last_time_get = cur->request->start_time;

		SetSessionPutLogInfo(*session, has_index, difference);
	}

return is_session_correct;
}



bool SessionManager::SetSessionFromCookie(const std::wstring & cookie)
{
	if( config->session_cookie_encode )
	{
		size_t id;
		unsigned int index;

		if( !session_id_manager.DecodeToken(cookie, id, index) )
		{
			main_log << log2 << "SM: an incorrect cookie string was sent" << logend;
			BrokenCookieCheckBan();
			return false;
		}

		return SetSessionFromCookie((long)id, true, index);
	}
	else
	{
		long id = Tol(cookie.c_str());
		return SetSessionFromCookie(id, false, 0);
	}
}


bool SessionManager::IsIPBanned()
{
	current_ip_ban = ban_tab.FindIP(cur->request->ip);

	if( current_ip_ban  )
	{
		current_ip_ban->last_used = cur->request->start_time;

		if( current_ip_ban->expires != 0 && cur->request->start_time >= current_ip_ban->expires )
		{
			main_log << log2 << "SM: resetting events counters for this IP" << logend;
			current_ip_ban->ResetEventsCounters();
		}
		else
		if( current_ip_ban->IsIPBanned() )
		{
			pt::Date date = current_ip_ban->expires;
			main_log << log2 << "SM: this ip is bannned to: " << date << " UTC" << logend;
			return true;
		}
	}

return false;
}


/*
 * preparing a new session
 *
 * algorithm:
 * - if the IP is banned or there is no a winix function then we set a temporary session
 * - else
 *   if there is a session's cookie sent by the client then:
 *   - if the cookie is a correct session's cookie then we set the session from the cookie
 *   - or if the cookie is not a correct session's cookie (e.g. session expired) and the winix function
 *     requires a cookie then we set a new session
 *   - or if there is no cookie sent then if a winix function requires a session we create a new session
 *
 * if there was an error creating a new session or event counters reach a ban limit then a temporary session will be used
 * so we always have a session
 *
 */
Session * SessionManager::PrepareSession()
{
	session = nullptr;

	if( !IsIPBanned() )
	{
		CookieTab::iterator i = cur->request->cookie_tab.find(config->http_session_id_name);

		if( i != cur->request->cookie_tab.end() )
		{
			if( !SetSessionFromCookie(i->second) )
			{
				cur->request->cookie_tab.erase(i);
			}
		}
		else
		{
			if( cur->request->function && cur->request->function->need_session )
			{
				NoSessionCookieWasSent();
			}
		}
	}

	if( !session && cur->request->function && cur->request->function->need_session )
	{
		if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
		{
			CreateSession();
		}
	}

	if( !session )
	{
		SetTemporarySession();
	}

	session->ip_ban = current_ip_ban;
	return session;
}



Session * SessionManager::CheckIfFunctionRequireSession()
{
	if( cur->request->function && cur->request->function->need_session )
	{
		if( session == &temporary_session )
		{
			if( !current_ip_ban || !current_ip_ban->IsIPBanned() )
			{
				CreateSession();
				session->ip_ban = current_ip_ban;
			}
		}
	}

	return session;
}


Session * SessionManager::FindSession(long id)
{
	SessionContainer::Iterator i = session_tab.FindById(id);

	if( i != session_tab.End() )
		return &*i;

return 0;
}


SessionContainer::Iterator SessionManager::SessionBegin()
{
	return session_tab.Begin();
}



SessionContainer::Iterator SessionManager::SessionEnd()
{
	return session_tab.End();
}






void SessionManager::DeleteSessions()
{
	SessionContainer::Iterator i;

	for(i=session_tab.Begin() ; i!=session_tab.End() ; ++i)
	{
		if( i->puser && !i->remember_me )
		{
			plugin->Call(&(*i), WINIX_PREPARE_USER_TO_LOGOUT, i->puser);
			last_container->UserLogout(i->puser->id, i->id);
		}
	}

	session_tab.Clear();
}




/*
	don't change a session's id when a user is logged
	the session id is in last_container and the user would not be 
	correctly removed from the container
*/
bool SessionManager::ChangeSessionId(long old_id)
{
int attempts = 100;
bool changed = false;
long new_id;
SessionContainer::Iterator i = session_tab.FindById(old_id);

	if( i != session_tab.End() )
	{
		for( ; !changed && attempts > 0 ; --attempts )
		{
			new_id  = CreateSessionId();
			changed = session_tab.ChangeSessionId(i, new_id);
		}

		if( changed )
			plugin->Call(&(*i), WINIX_SESSION_CHANGED_ID, old_id, new_id);
		else
			main_log << log1 << "SM: I cannot create a new session id (still uses old one)" << logend;
	}
	else
	{
		main_log << log2 << "SM: there is no a session with id: " << old_id << logend;
	}

return changed;
}


void SessionManager::InitTmpSession()
{
	Session * old_session = cur->session;

	main_log << log4 << "SM: initializing temporary session" << logend;
	cur->session = &temporary_session;
	plugin->Call(WINIX_SESSION_CREATED);

	cur->session = old_session;
}



void SessionManager::UninitTmpSession()
{
	Session * old_session = cur->session;

	main_log << log4 << "SM: uninitializing temporary session" << logend;
	cur->session = &temporary_session;


	if( cur->session->plugin_data.HasAllocatedData() )
	{
		plugin->Call(cur->session, WINIX_PLUGIN_SESSION_DATA_REMOVE);
	}

	//cur->session->plugin_data.DeleteAll(); // this will call plugin.Call(WINIX_PLUGIN_SESSION_DATA_REMOVE);

	cur->session->plugin_data.Resize(0);

	cur->session = old_session;
}



void SessionManager::LoadSessions()
{
SessionParser sp;
SessionContainer::Iterator i;

	sp.set_dependency(this);

	// sessions will be overwritten (pointers are invalidated)
	cur->session = &temporary_session;

	sp.SetUsers(&system->users);
	sp.Parse(config->session_file, session_tab);

	for(i=session_tab.Begin() ; i != session_tab.End() ; ++i)
	{
		i->plugin_data.Resize(plugin->Size());
		plugin->Call(&(*i), WINIX_SESSION_CREATED);

		/*
			!! IMPROVE ME
			we do not add it to the last_container (we don't have IP address stored yet)
		*/

		if( i->puser )
			plugin->Call(&(*i), WINIX_USER_LOGGED);
	}

	cur->session = &temporary_session;
}





void SessionManager::SaveSessions()
{
char file_path[WINIX_OS_PATH_SIZE];

	if( config->session_file.empty() )
		return;

	if( !wide_to_utf8(config->session_file, file_path, WINIX_OS_PATH_SIZE) )
		return;

	std::ofstream file(file_path);

	if( !file )
	{
		main_log << log1 << "SM: cannot open the session file for writing - sessions lost" << logend;
		return;
	}

	main_log << log2 << "SM: saving sessions" << logend;
	long len = 0;

	SessionContainer::Iterator i = session_tab.Begin();

	for( ; i!=session_tab.End() ; ++i )
	{
		if( i->id != 0 && i->puser && !i->remove_me )
		{
			file << i->id << ' ' << i->puser->id << ' ' << i->remember_me << ' ';
			file << (long)i->start_time << ' ' << (long)i->last_time << ' ';
			file << i->id_index	<< std::endl;

			++len;
		}
	}

	file.close();
	chmod(file_path, 0600);

	main_log << log2 << "SM: saved " << len << " session(s)" << logend;
}




Session * SessionManager::GetTmpSession()
{
	return &temporary_session;
}


Session * SessionManager::GetCurSession()
{
	return session;
}


// returns how many sessions was marked to remove
size_t SessionManager::MarkAllSessionsToRemove(long user_id)
{
	size_t how_many = 0;
	SessionContainer::Iterator i;

	for(i=session_tab.Begin() ; i!=session_tab.End() ; ++i)
	{
		if( i->puser && i->puser->id == user_id )
		{
			plugin->Call(&(*i), WINIX_PREPARE_USER_TO_LOGOUT, i->puser);
			last_container->UserLogout(i->puser->id, i->id);
			i->remove_me = true;
			i->puser     = 0;
			how_many    += 1;
		}
	}

return how_many;
}


IPBan & SessionManager::AddIPToBanList(int ip)
{
	return ban_tab.AddIP(ip);
}


IPBan & SessionManager::AddIPToBanList(int ip, time_t last_used)
{
	IPBan & ban = ban_tab.AddIP(ip);
	ban.last_used = last_used;

return ban;
}


size_t SessionManager::BanListSize()
{
	return ban_tab.Size();
}


IPBan & SessionManager::GetIPBan(size_t index)
{
	return ban_tab.GetIPBan(index);
}


void SessionManager::RemoveIPBan(int ip)
{
	ban_tab.RemoveIP(ip);
}


void SessionManager::ClearIPBanList()
{
	ban_tab.Clear();
}


/*
 *
 *
 *  sessions gc (second thread)
 *  sessions are only removed here
 *  SessionContainer::IndexId can be removed from the other thread 
 *  (when ChangeSessionId() method is called)
 *
 */
void SessionManager::Work()
{
bool exit = false;
SessionContainer::Iterator i;

	deleted = 0;

	Lock();
	i = session_tab.Begin();
	Unlock();

	while( !exit )
	{
		Lock();

		CheckWheterIPListIsSorted();
		CheckSession(i);
		exit = synchro->was_stop_signal;

		Unlock();
	}
}


// objects locked
void SessionManager::CheckWheterIPListIsSorted()
{
	if( !ban_tab.IsSorted() )
	{
		log << log4 << "SM: sorting the ban list" << logend;
		ban_tab.Sort();
	}
}


// it's called from the other thread (with Lock and Unlock)
void SessionManager::CheckSession(SessionContainer::Iterator & i)
{
const int deleted_max_at_once = 10;

	if( i == session_tab.End() )
	{
		if( deleted > 0 )
		{
			deleted = 0;
			log << logsave;
		}

		i = session_tab.Begin();
		WaitForSignalSleep(10);
	}
	else
	{
		if( i->remove_me || IsSessionOutdated(*i) )
		{
			Session * ses = &(*i);
			++i;
			DeleteSession(ses);
			++deleted;
		}
		else
		{
			++i;
		}

		if( deleted >= deleted_max_at_once )
		{
			log << logsave;
			WaitForSignalSleep(1);
			deleted = 0;
		}
	}
}


// it's called from the other thread (with Lock and Unlock)
bool SessionManager::IsSessionOutdated(const Session & s) const
{
bool outdated;

	if( s.remember_me )
	{
		outdated = s.last_time < std::time(0) - config->session_remember_max_idle;
	}
	else
	{
		outdated = s.last_time < std::time(0) - config->session_max_idle;
	}

return outdated;
}



// it's called from the other thread (with Lock and Unlock)
void SessionManager::DeleteSession(Session * del_session)
{
	if( del_session->puser )
	{
		plugin->Call(del_session, WINIX_PREPARE_USER_TO_LOGOUT, del_session->puser);
		last_container->UserLogout(del_session->puser->id, del_session->id);
		del_session->puser = 0;
	}

	long id = del_session->id;

	plugin->Call(del_session, WINIX_PREPARE_SESSION_TO_REMOVE);
	session_tab.EraseById(del_session->id);
	plugin->Call((Session*)0, WINIX_SESSION_REMOVED, id);
}


/*
 *
 *
 *  end of sessions gc
 *
 *
 */




} // namespace Winix