type session_id = Uuidm.t
-(* user table: user id, (password, optional session id) *)
-type user = string * (string * session_id option)
+type matita_file = MatitaFilesystem.matita_flag * string
+
+(* user table: user id, (salt, encrypted password, optional session id) *)
+type user = string * (string * string * session_id option)
let user_tbl = (ref [] : user list ref)
let session_tbl = (ref [] : session list ref)
exception UsernameCollision of string
+exception InvalidPassword
let lookup_user uid = List.assoc uid !user_tbl
let user_of_session sid = let res,_,_ = List.assoc sid !session_tbl in res
+let get_users () = List.map fst !user_tbl
+
let create_session uid =
let status = new MatitaEngine.status (Some uid) "cic:/matita" in
let history = [status] in
- let pw,sid = List.assoc uid !user_tbl in
+ let salt,pw,sid = List.assoc uid !user_tbl in
let clean_utbl = List.remove_assoc uid !user_tbl in
let new_session = Uuidm.create `V4 in
- user_tbl := (uid,(pw,Some new_session))::clean_utbl;
+ user_tbl := (uid,(salt,pw,Some new_session))::clean_utbl;
let clean_stbl = match sid with
| Some sid' ->
List.remove_assoc sid' !session_tbl
let logout_user sid =
let uid,st,hist = List.assoc sid !session_tbl in
- let pw,_ = List.assoc uid !user_tbl in
- user_tbl := (uid,(pw,None))::List.remove_assoc uid !user_tbl;
+ let salt,pw,_ = List.assoc uid !user_tbl in
+ user_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !user_tbl;
session_tbl := List.remove_assoc sid !session_tbl
;;
;;
let serialize () =
- let clean_utbl = List.map (fun (uid,(pw,_)) -> uid,(pw,None)) !user_tbl in
+ let clean_utbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !user_tbl in
let utbl_ch = open_out (config_path () ^ "/usertable.dump") in
Marshal.to_channel utbl_ch clean_utbl [];
close_out utbl_ch;
;;
let deserialize () =
- let utbl_ch = open_in (config_path () ^ "/usertable.dump") in
- user_tbl := Marshal.from_channel utbl_ch;
- close_in utbl_ch;
+ (try
+ let utbl_ch = open_in (config_path () ^ "/usertable.dump") in
+ user_tbl := Marshal.from_channel utbl_ch;
+ close_in utbl_ch;
+ with
+ | Sys_error _ ->
+ user_tbl := []; serialize());
(* old_sessions are now invalid *)
session_tbl := [];
;;
+let write_ft uid ft =
+ let ft_ch = open_out (config_path () ^ "/ft_" ^ uid ^ ".dump") in
+ Marshal.to_channel ft_ch ft [];
+ close_out ft_ch;
+;;
+
+let read_ft uid =
+ try
+ let ft_ch = open_in (config_path () ^ "/ft_" ^ uid ^ ".dump") in
+ let ft = Marshal.from_channel ft_ch in
+ close_in ft_ch;
+ ft
+ with
+ | Sys_error _ ->
+ (* this is an error, we should rebuild the table by a diff of
+ the directory listing and svn stat *)
+ []
+;;
+
+let set_file_flag uid files_flags =
+ let ft = read_ft uid in
+ let files = List.map fst files_flags in
+ let ft = List.filter (fun (x,_) -> not (List.mem x files)) ft in
+ let ft' = List.fold_left (fun acc (filename,flag) ->
+ let filename = MatitaFilesystem.normalize_qfn filename in
+ try
+ (filename,HExtlib.unopt flag)::acc
+ with Failure _ -> acc) [] files_flags
+ in
+ write_ft uid (ft'@ft)
+;;
+
let add_user uid pw =
try
let _ = lookup_user uid in
raise (UsernameCollision uid)
with Not_found ->
- MatitaFilesystem.checkout uid;
- user_tbl := (uid,(pw,None))::!user_tbl;
+ let ft = MatitaFilesystem.checkout uid in
+ (* use a 8 byte salt *)
+ let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
+ let sha256 = Cryptokit.Hash.sha256 () in
+ sha256#add_string (salt ^ pw);
+ let crypto_pw = sha256#result in
+ user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
+ write_ft uid ft;
+ serialize ()
+;;
+
+let add_user_no_checkout uid pw =
+ try
+ let _ = lookup_user uid in
+ raise (UsernameCollision uid)
+ with Not_found ->
+ (* use a 8 byte salt *)
+ let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
+ let sha256 = Cryptokit.Hash.sha256 () in
+ sha256#add_string (salt ^ pw);
+ let crypto_pw = sha256#result in
+ sha256#wipe;
+ user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
serialize ()
;;
+
+let check_pw uid pw =
+ try
+ let salt,crypto_pw,_ = lookup_user uid in
+ let sha256 = Cryptokit.Hash.sha256 () in
+ sha256#add_string (salt ^ pw);
+ let computed_pw = sha256#result in
+ sha256#wipe;
+ if crypto_pw <> computed_pw
+ then (prerr_endline ("password " ^ pw ^ " incorrect"); raise InvalidPassword)
+ with Not_found _ -> raise InvalidPassword
+;;
+
+let reset () =
+ user_tbl := [];
+ session_tbl := [];
+ MatitaFilesystem.reset_lib ();
+ serialize ();
+;;