MythTV master
|
We use digest authentication because it protects the password over unprotected networks. More...
#include <libmythbase/mythsession.h>
Public Member Functions | |
MythSessionManager () | |
bool | IsValidSession (const QString &sessionToken) |
Check if the session token is valid. More... | |
MythUserSession | GetSession (const QString &sessionToken) |
Load the session details and return. More... | |
MythUserSession | LoginUser (const QString &username, const QByteArray &digest, const QString &client="") |
Login user by digest. More... | |
MythUserSession | LoginUser (const QString &username, const QString &password, const QString &client="") |
Login user by password - convenient alternative to using the digest. More... | |
bool | ManageDigestUser (DigestUserActions action, const QString &username, const QString &password, const QString &newPassword) |
Manage digest user entries. More... | |
Static Public Member Functions | |
static bool | IsValidUser (const QString &username) |
Check if the given user exists but not whether there is a valid session open for them! More... | |
static QString | GetPasswordDigest (const QString &username) |
Load the password digest for comparison in the HTTP Auth code. More... | |
static QByteArray | CreateDigest (const QString &username, const QString &password) |
Generate a digest string. More... | |
static void | LockSessions () |
static void | UnlockSessions () |
Private Member Functions | |
void | LoadSessions (void) |
Load the values from the sessions table on startup. More... | |
void | UpdateSession (const QString &sessionToken) |
Update the session timestamps. More... | |
MythUserSession | GetSession (const QString &username, const QString &client) |
Checks if an existing session for this user and client exists. More... | |
MythUserSession | CreateUserSession (uint userId, const QString &username, const QString &client) |
Add new user session to the database and cache. More... | |
void | DestroyUserSession (const QString &sessionToken) |
Removes user session from the database and cache. More... | |
void | DestroyUserAllSessions (const QString &username) |
bool | RemoveDigestUser (const QString &username) |
bool | ChangeDigestUserPassword (const QString &username, const QString &oldPassword, const QString &newPassword) |
Static Private Member Functions | |
static bool | AddDigestUser (const QString &username, const QString &password) |
Private Attributes | |
QMap< QString, MythUserSession > | m_sessionList |
Static Private Attributes | |
static QMutex | mutex |
We use digest authentication because it protects the password over unprotected networks.
Even if traffic between the client and server is captured, the digest and password cannot be determined and the attacker cannot gain system access in that way. It cannot protect against a full man-in-the-middle but if that really is a concern, users should setup TLS.
The digest isn't very strong if it leaked, but for that to happen the database would need to be breached, at which point the MythTV system is already heavily compromised.
Definition at line 105 of file mythsession.h.
MythSessionManager::MythSessionManager | ( | ) |
Definition at line 126 of file mythsession.cpp.
|
staticprivate |
Definition at line 417 of file mythsession.cpp.
Referenced by ManageDigestUser().
|
private |
Definition at line 477 of file mythsession.cpp.
Referenced by ManageDigestUser().
|
static |
Generate a digest string.
username | |
password |
Definition at line 528 of file mythsession.cpp.
Referenced by AddDigestUser(), ChangeDigestUserPassword(), LoginUser(), and V2Myth::ManageUrlProtection().
|
private |
Add new user session to the database and cache.
Definition at line 336 of file mythsession.cpp.
Referenced by LoginUser().
|
private |
Definition at line 392 of file mythsession.cpp.
Referenced by ChangeDigestUserPassword(), and RemoveDigestUser().
|
private |
Removes user session from the database and cache.
Definition at line 373 of file mythsession.cpp.
Referenced by DestroyUserAllSessions(), GetSession(), and IsValidSession().
|
static |
Load the password digest for comparison in the HTTP Auth code.
username |
The username should be checked for validity first
Definition at line 221 of file mythsession.cpp.
Referenced by ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), and V2Myth::ManageUrlProtection().
MythUserSession MythSessionManager::GetSession | ( | const QString & | sessionToken | ) |
Load the session details and return.
sessionToken |
If no matching session exists an empty MythUserSession object is returned
Definition at line 184 of file mythsession.cpp.
Referenced by LoginUser(), V2Myth::ManageDigestUser(), HTTPRequest::ParseRequest(), and V2Myth::PutSetting().
|
private |
Checks if an existing session for this user and client exists.
username | |
client |
We may want to reuse this session or destroy this session
Definition at line 195 of file mythsession.cpp.
bool MythSessionManager::IsValidSession | ( | const QString & | sessionToken | ) |
Check if the session token is valid.
sessionToken |
Definition at line 239 of file mythsession.cpp.
Referenced by GetSession(), and MythHTTPService::HTTPRequest().
|
static |
Check if the given user exists but not whether there is a valid session open for them!
username |
Definition at line 166 of file mythsession.cpp.
Referenced by AddDigestUser(), HTTPRequest::BasicAuthentication(), ChangeDigestUserPassword(), HTTPRequest::DigestAuthentication(), V2Myth::ManageUrlProtection(), and RemoveDigestUser().
|
private |
Load the values from the sessions table on startup.
Definition at line 134 of file mythsession.cpp.
Referenced by MythSessionManager().
|
static |
Definition at line 561 of file mythsession.cpp.
Referenced by MythCoreContext::GetSessionManager().
MythUserSession MythSessionManager::LoginUser | ( | const QString & | username, |
const QByteArray & | digest, | ||
const QString & | client = "" |
||
) |
Login user by digest.
username | |
digest | Password Digest (RFC 2617) |
client | Optional string identifying this client uniquely, will be created automatically if absent |
Definition at line 273 of file mythsession.cpp.
Referenced by HTTPRequest::BasicAuthentication(), HTTPRequest::DigestAuthentication(), V2Myth::LoginUser(), and LoginUser().
MythUserSession MythSessionManager::LoginUser | ( | const QString & | username, |
const QString & | password, | ||
const QString & | client = "" |
||
) |
Login user by password - convenient alternative to using the digest.
username | |
password | Clear text password string |
client | Optional string identifying this client uniquely, will be created automatically if absent |
Definition at line 324 of file mythsession.cpp.
bool MythSessionManager::ManageDigestUser | ( | DigestUserActions | action, |
const QString & | username, | ||
const QString & | password, | ||
const QString & | newPassword | ||
) |
Manage digest user entries.
action | requires one from: DigestUserActions |
username | always required |
password | always required |
newPassword | if action=DIGEST_USER_CHANGE_PW |
adminPassword | if action=DIGEST_USER_ADD |
Definition at line 542 of file mythsession.cpp.
Referenced by V2Myth::ManageDigestUser().
|
private |
Definition at line 444 of file mythsession.cpp.
Referenced by ManageDigestUser().
|
static |
Definition at line 565 of file mythsession.cpp.
Referenced by MythCoreContext::GetSessionManager().
|
private |
Update the session timestamps.
Definition at line 260 of file mythsession.cpp.
Referenced by IsValidSession().
|
private |
Definition at line 228 of file mythsession.h.
Referenced by CreateUserSession(), DestroyUserAllSessions(), DestroyUserSession(), GetSession(), IsValidSession(), LoadSessions(), and UpdateSession().
|
staticprivate |
Definition at line 230 of file mythsession.h.
Referenced by LockSessions(), and UnlockSessions().