changed: when winix demonizes it creates a three new descriptors (0, 1 and 3)

pointing to /dev/null added: DbBase::AssertValueBin(PGresult * r, int row, int col, std::string & result) it reads binary (bytea) data added: DbTextStream can handle 'bool' types now (is puts 'true' of 'false' to the stream) changed: now passwords can be stored either as plain text, a hash or can be encrypted with RSA currently we have following hashes: md4, md5, sha1, sha224, sha256, sha384, sha512 we are using openssl to manage them (look at config options for more info) changed: winix version to 0.4.7 added: class Run - you can run any program from os and send a buffer to its standard input and read what the program put on its standard output added: class Crypt (in System) - calculating hashes, and crypting/decrypting git-svn-id: svn://ttmath.org/publicrep/winix/trunk@734 e52654a7-88a9-db11-a3e9-0013d4bc506e
2011-06-09 21:22:08 +00:00
parent af8fbdae72
commit 18ecd46a01
33 changed files with 2022 additions and 583 deletions
--- a/db/db.cpp
+++ b/db/db.cpp
@@ -2,7 +2,7 @@
 * This file is a part of Winix
 * and is not publicly distributed
 * 
- * Copyright (c) 2008-2010, Tomasz Sowa
+ * Copyright (c) 2008-2011, Tomasz Sowa
 * All rights reserved.
 * 
 */
@@ -15,18 +15,17 @@



-bool Db::CheckUser(const std::wstring & login, const std::wstring & password, long & user_id)
+bool Db::GetUserPass(const std::wstring & login, long & user_id, UserPass & up)
 {
 	PGresult * r = 0;
 	bool user_ok = false;
+	user_id = -1;

 	try
 	{
 		query.Clear();
-		query << R("select id from core.user where login=")
+		query << R("select id, password, pass_encrypted, pass_type, pass_hash_salted from core.user where login=")
 			  << login
-			  << R(" and password=")
-			  << password
 			  << R(";");
 		
 		r = AssertQuery(query);
@@ -39,13 +38,22 @@ bool Db::CheckUser(const std::wstring & login, const std::wstring & password, lo
 		
 		if( rows > 1 )
 		{
-			log << log1 << "Db: there is more than one user: " << login << " (with the same password)" << logend;
+			log << log1 << "Db: there is more than one user: " << login << logend;
 			throw Error(WINIX_ERR_DB_MORE_THAN_ONE_LOGIN);
 		}

-		int cuser_id = AssertColumn(r, "id");		
-		user_id = AssertValueLong(r, 0, cuser_id);
+		int cuser_id        = AssertColumn(r, "id");
+		int cpass_type      = AssertColumn(r, "pass_type");
+		int csalted         = AssertColumn(r, "pass_hash_salted");
+		int cpassword       = AssertColumn(r, "password");
+		int cpass_encrypted = AssertColumn(r, "pass_encrypted");
+
 		user_ok = true;
+		user_id             = AssertValueLong(r, 0, cuser_id);
+		up.pass_type        = AssertValueInt(r, 0, cpass_type);
+		up.pass_hash_salted = AssertValueBool(r, 0, csalted);
+		AssertValueWide(r, 0, cpassword, up.pass);
+		AssertValueBin(r, 0, cpass_encrypted, up.pass_encrypted);
 	}
 	catch(const Error &)
 	{
@@ -60,7 +68,8 @@ return user_ok;



-Error Db::AddUser(User & user, const std::wstring & password)
+Error Db::AddUser(User & user, const std::wstring & password, const std::string & password_encrypted,
+				  int pass_type, bool pass_hash_salted)
 {
 	PGresult * r = 0;
 	Error status = WINIX_ERR_OK;
@@ -68,12 +77,23 @@ Error Db::AddUser(User & user, const std::wstring & password)
 	try
 	{
 		query.Clear();
-		query << R("insert into core.user (login, password, super_user, email, notify) values (")
-			  << user.name
-			  << password
-			  << static_cast<int>(user.super_user)
+		query << R("insert into core.user (login, password, pass_encrypted, super_user, email,"
+				   "notify, pass_type, pass_hash_salted) values (")
+			  << user.name;
+
+		// for safety
+		if( password_encrypted.empty() )
+			query << password;
+		else
+			query << "";
+
+		query.EPutBin(password_encrypted);
+
+		query << user.super_user
 			  << user.email
 			  << user.notify
+			  << pass_type
+			  << pass_hash_salted
 			  << R(");");
 		
 		r = AssertQuery(query);