1 /*
2 ** Zabbix
3 ** Copyright (C) 2001-2021 Zabbix SIA
4 **
5 ** This program is free software; you can redistribute it and/or modify
6 ** it under the terms of the GNU General Public License as published by
7 ** the Free Software Foundation; either version 2 of the License, or
8 ** (at your option) any later version.
9 **
10 ** This program is distributed in the hope that it will be useful,
11 ** but WITHOUT ANY WARRANTY; without even the implied warranty of
12 ** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 ** GNU General Public License for more details.
14 **
15 ** You should have received a copy of the GNU General Public License
16 ** along with this program; if not, write to the Free Software
17 ** Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA.
18 **/
19 
20 #include <string.h>
21 #include "common.h"
22 #include "db.h"
23 #include "log.h"
24 #include "sha512crypt.h"
25 #include "zbxjson.h"
26 
27 #include "trapper_auth.h"
28 
29 /******************************************************************************
30  *                                                                            *
31  * Function: format_auth_token_hash                                           *
32  *                                                                            *
33  * Purpose: takes a string token, hashes it with sha-512 and then formats the *
34  *          resulting binary into the printable hex string                    *
35  *                                                                            *
36  * Parameters: auth_token               - [IN] string auth token              *
37  *             hash_res_stringhexes     - [OUT] hashed and formatted auth     *
38  *                                        token                               *
39  *                                                                            *
40  ******************************************************************************/
format_auth_token_hash(const char * auth_token,char * hash_res_stringhexes)41 static void	format_auth_token_hash(const char *auth_token, char *hash_res_stringhexes)
42 {
43 	char	hash_res[ZBX_SID_AUTH_TOKEN_LENGTH];
44 	int	i;
45 
46 	zbx_sha512_hash(auth_token, hash_res);
47 
48 	for (i = 0 ; i < ZBX_SID_AUTH_TOKEN_LENGTH; i++)
49 	{
50 		char z[3];
51 
52 		zbx_snprintf(z, 3, "%02x", (unsigned char)hash_res[i]);
53 		hash_res_stringhexes[i * 2] = z[0];
54 		hash_res_stringhexes[i * 2 + 1] = z[1];
55 	}
56 
57 	hash_res_stringhexes[ZBX_SID_AUTH_TOKEN_LENGTH * 2] = '\0';
58 }
59 
60 /******************************************************************************
61  *                                                                            *
62  * Function: zbx_get_user_from_json                                           *
63  *                                                                            *
64  * Purpose: authenticate and initialize user data from the supplied json      *
65  *                                                                            *
66  * Parameters: jp         - [IN] the request                                  *
67  *             user       - [OUT] the user data                               *
68  *             result     - [OUT] error logging                               *
69  *                                                                            *
70  * Return value: SUCCEED - managed to find and authenticate user              *
71  *               FAIL    - otherwise                                          *
72  *                                                                            *
73  ******************************************************************************/
zbx_get_user_from_json(const struct zbx_json_parse * jp,zbx_user_t * user,char ** result)74 int	zbx_get_user_from_json(const struct zbx_json_parse *jp, zbx_user_t *user, char **result)
75 {
76 	char	buffer[MAX_STRING_LEN];
77 	int	ret;
78 
79 	zabbix_log(LOG_LEVEL_DEBUG, "In %s()", __func__);
80 
81 	if (SUCCEED == zbx_json_value_by_name(jp, ZBX_PROTO_TAG_SID, buffer, sizeof(buffer), NULL))
82 	{
83 		size_t	buf_len = strlen(buffer);
84 
85 		if (ZBX_SID_SESSION_LENGTH == buf_len)
86 		{
87 			ret = DBget_user_by_active_session(buffer, user);
88 		}
89 		else if (ZBX_SID_AUTH_TOKEN_LENGTH == buf_len)
90 		{
91 			char	hash_res_stringhexes[ZBX_SID_AUTH_TOKEN_LENGTH * 2 + 1];
92 
93 			format_auth_token_hash(buffer, hash_res_stringhexes);
94 			ret = DBget_user_by_auth_token(hash_res_stringhexes, user);
95 		}
96 		else
97 		{
98 			zabbix_log(LOG_LEVEL_DEBUG, "Failed to parse %s token, invalid length: %lu",
99 					ZBX_PROTO_TAG_SID, (unsigned long) buf_len);
100 			ret = FAIL;
101 		}
102 	}
103 	else
104 	{
105 		zabbix_log(LOG_LEVEL_DEBUG, "Failed to parse %s tag", ZBX_PROTO_TAG_SID);
106 
107 		if (NULL != result)
108 			*result = zbx_dsprintf(*result, "Failed to parse %s tag", ZBX_PROTO_TAG_SID);
109 
110 		ret = FAIL;
111 		goto out;
112 	}
113 
114 	if (FAIL == ret && NULL != result)
115 		*result = zbx_dsprintf(*result, "Permission denied.");
116 out:
117 	if (FAIL == ret)
118 		zabbix_log(LOG_LEVEL_DEBUG, "Permission denied");
119 	else
120 		zabbix_log(LOG_LEVEL_DEBUG, "Permission granted");
121 
122 	zabbix_log(LOG_LEVEL_DEBUG, "End of %s():%s", __func__, zbx_result_string(ret));
123 
124 	return ret;
125 }
126