X-Git-Url: http://matita.cs.unibo.it/gitweb/?a=blobdiff_plain;f=matitaB%2Fmatita%2FmatitaAuthentication.ml;h=a3704ee4eb3056b16287f74f2d16847842afafc5;hb=111e641bb0772a542293b796c9d4a18fc9d58a00;hp=5669658513a13f1d0e03748abbca6157585c9b1c;hpb=54f0752c831479f87d61afcdfdafd2a35edb4053;p=helm.git

diff --git a/matitaB/matita/matitaAuthentication.ml b/matitaB/matita/matitaAuthentication.ml
index 566965851..a3704ee4e 100644
--- a/matitaB/matita/matitaAuthentication.ml
+++ b/matitaB/matita/matitaAuthentication.ml
@@ -27,8 +27,8 @@ type session_id = Uuidm.t
 
 type matita_file = MatitaFilesystem.matita_flag * string
 
-(* user table: user id, (password, optional session id) *)
-type user = string * (string * session_id option)
+(* user table: user id, (salt, encrypted password, optional session id) *)
+type user = string * (string * string * session_id option)
 
 let user_tbl = (ref [] : user list ref)
 
@@ -38,18 +38,21 @@ type session = session_id * (string * MatitaEngine.status * MatitaEngine.status
 let session_tbl = (ref [] : session list ref)
 
 exception UsernameCollision of string
+exception InvalidPassword
 
 let lookup_user uid = List.assoc uid !user_tbl
 
 let user_of_session sid = let res,_,_ = List.assoc sid !session_tbl in res
 
+let get_users () = List.map fst !user_tbl
+
 let create_session uid =
   let status = new MatitaEngine.status (Some uid) "cic:/matita" in
   let history = [status] in
-  let pw,sid = List.assoc uid !user_tbl in
+  let salt,pw,sid = List.assoc uid !user_tbl in
   let clean_utbl = List.remove_assoc uid !user_tbl in
   let new_session = Uuidm.create `V4 in
-  user_tbl := (uid,(pw,Some new_session))::clean_utbl;
+  user_tbl := (uid,(salt,pw,Some new_session))::clean_utbl;
   let clean_stbl = match sid with
     | Some sid' -> 
        List.remove_assoc sid' !session_tbl
@@ -81,8 +84,8 @@ let set_history sid hist =
 
 let logout_user sid =
   let uid,st,hist = List.assoc sid !session_tbl in
-  let pw,_ = List.assoc uid !user_tbl in
-  user_tbl := (uid,(pw,None))::List.remove_assoc uid !user_tbl;
+  let salt,pw,_ = List.assoc uid !user_tbl in
+  user_tbl := (uid,(salt,pw,None))::List.remove_assoc uid !user_tbl;
   session_tbl := List.remove_assoc sid !session_tbl
 ;;
 
@@ -99,7 +102,7 @@ let config_path () =
 ;;
 
 let serialize () =
-  let clean_utbl = List.map (fun (uid,(pw,_)) -> uid,(pw,None)) !user_tbl in
+  let clean_utbl = List.map (fun (uid,(salt,pw,_)) -> uid,(salt,pw,None)) !user_tbl in
   let utbl_ch = open_out (config_path () ^ "/usertable.dump") in
   Marshal.to_channel utbl_ch clean_utbl [];
   close_out utbl_ch;
@@ -136,18 +139,17 @@ let read_ft uid =
       [] 
 ;;
 
-let set_file_flag uid filename flag = 
+let set_file_flag uid files_flags =
   let ft = read_ft uid in
-  let oldflag = 
-    try List.assoc filename ft
-    with Not_found -> MatitaFilesystem.MSynchronized
+  let files = List.map fst files_flags in
+  let ft = List.filter (fun (x,_) -> not (List.mem x files)) ft in
+  let ft' = List.fold_left (fun acc (filename,flag) ->  
+      let filename = MatitaFilesystem.normalize_qfn filename in 
+      try
+        (filename,HExtlib.unopt flag)::acc
+      with Failure _ -> acc) [] files_flags
   in
-  if oldflag <> MatitaFilesystem.MConflict 
-    then
-      let ft = (filename,flag)::
-        List.filter (fun (fn,_) -> fn <> filename) ft in
-      write_ft uid ft
-    else ()
+  write_ft uid (ft'@ft)
 ;;
 
 let add_user uid pw =
@@ -156,11 +158,43 @@ let add_user uid pw =
     raise (UsernameCollision uid)
   with Not_found -> 
     let ft = MatitaFilesystem.checkout uid in
-    user_tbl := (uid,(pw,None))::!user_tbl;
+    (* use a 8 byte salt *)
+    let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
+    let sha256 = Cryptokit.Hash.sha256 () in
+    sha256#add_string (salt ^ pw);
+    let crypto_pw = sha256#result in
+    user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
     write_ft uid ft;
     serialize ()
 ;;
 
+let add_user_no_checkout uid pw =
+  try
+    let _ = lookup_user uid in
+    raise (UsernameCollision uid)
+  with Not_found -> 
+    (* use a 8 byte salt *)
+    let salt = Cryptokit.Random.string Cryptokit.Random.secure_rng 8 in
+    let sha256 = Cryptokit.Hash.sha256 () in
+    sha256#add_string (salt ^ pw);
+    let crypto_pw = sha256#result in
+    sha256#wipe;
+    user_tbl := (uid,(salt,crypto_pw,None))::!user_tbl;
+    serialize ()
+;;
+
+let check_pw uid pw =
+  try
+    let salt,crypto_pw,_ = lookup_user uid in
+    let sha256 = Cryptokit.Hash.sha256 () in
+    sha256#add_string (salt ^ pw);
+    let computed_pw = sha256#result in
+    sha256#wipe;
+    if crypto_pw <> computed_pw 
+      then (prerr_endline ("password " ^ pw ^ " incorrect"); raise InvalidPassword)
+  with Not_found _ -> raise InvalidPassword
+;;
+
 let reset () =
   user_tbl := [];
   session_tbl := [];